Shut up some errors

[irc/unrealircd/unrealircd-webpanel.git] / login / index.php

diff --git a/login/index.php b/login/index.php
index 97cc98ad5f271e51096c3663fd95a68d0da68f14..e218844c85ec44d60df060d8121a59e8dd4f49ff 100644 (file)
--- a/login/index.php
+++ b/login/index.php
@@ -1,6 +1,5 @@
-
 <?php
-require_once "../common.php";
+require_once "../inc/common.php";
 
 $logout = false;
 
@@ -35,20 +34,33 @@ if (!empty($_POST))
        {
                $user = new PanelUser($_POST['username']);
                /* not being too informative with the login error in case of attackers */
-               if (isset($user->id) && $user->password_verify($_POST['password']))
+               $hash_needs_updating = false;
+               if (isset($user->id) && $user->password_verify($_POST['password'], $hash_needs_updating))
                {
+                       /* SUCCESSFUL LOGIN */
+                       if ($hash_needs_updating)
+                       {
+                               /* Set password again so it is freshly hashed */
+                               $hash = PanelUser::password_hash($_POST['password']);
+                               $ar = ["update_pass_conf"=>$hash];
+                               $user->update_core_info($ar);
+                               unset($ar);
+                               unset($hash);
+                       }
+                       panel_start_session($user);
                        $_SESSION['id'] = $user->id;
                        $user->add_meta("last_login", date("Y-m-d H:i:s"));
                        Hook::run(HOOKTYPE_USER_LOGIN, $user);
-                       
+
                        /* Middle of install? Override redirect: */
-                       if (!isset($config['unrealircd']) || empty($config['unrealircd']['host']))
-                               $redirect = get_config("base_url")."settings/install2.php";
+                       if (!isset($config['unrealircd']))
+                               $redirect = get_config("base_url")."settings/rpc-servers.php";
                        header('Location: ' . $redirect);
                        die();
                }
                else
                {
+                       /* LOGIN FAILED */
                        $fail = [
                                "login" => htmlspecialchars($_POST['username']),
                                "IP" => $_SERVER['REMOTE_ADDR']
@@ -86,7 +98,7 @@ if (!empty($_POST))
 </head>
 <section class="vh-100">
   <div class="container py-5 h-10">
-       <div class="row d-flex justify-content-center align-items-center h-100">
+       <div class="row d-flex justify-content-center align-items-center">
          <div class="col-12 col-md-8 col-lg-6 col-xl-5">
                <div class="card shadow-2-strong" style="border-radius: 1rem;">
                  <div class="card-body p-5 text-center">
@@ -126,7 +138,13 @@ if (!empty($_POST))
        </div>
 </div>
 </div></section>
+<style>
 
+body {
+               background-image: url('https://cdn.wallpapersafari.com/34/98/yznZmQ.jpg');
+               background-size: cover;
+       }
+</style>
 <script>
        var form = document.getElementById('login');
        var pinp = document.getElementById('passinp');
@@ -152,5 +170,3 @@ if (!empty($_POST))
                        form.submit();
        });
 </script>
-
-<?php require_once "../footer.php";
\ No newline at end of file