From 5ed67947e501c5b4f5c5bfd01808a802cedf02d6 Mon Sep 17 00:00:00 2001
From: Lain Iwakura <lain@iwakurahome.ru>
Date: Mon, 16 Jun 2025 02:10:18 +0300
Subject: [PATCH] fixingfixin

---
 main/login.php    | 91 ++++++++++++++++++++++++++++-------------------
 main/register.php |  6 ++--
 2 files changed, 59 insertions(+), 38 deletions(-)

diff --git a/main/login.php b/main/login.php
index bb95d8b..ac05bfb 100644
--- a/main/login.php
+++ b/main/login.php
@@ -1,5 +1,5 @@
 <?php
-session_start();
+ob_start();
 ini_set('session.cookie_httponly', 1);
 ini_set('session.cookie_secure', 1);
 header('X-Content-Type-Options: nosniff');
@@ -7,6 +7,7 @@ header('X-Frame-Options: DENY');
 header('X-XSS-Protection: 1; mode=block');
 header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
 header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
+session_start();
 
 $config = require 'config.php';
 $db = new PDO(
@@ -17,36 +18,40 @@ $db = new PDO(
 $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 
 $error = '';
+$success = '';
+
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
     $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
-    
+
     if ($username && $password) {
-        $stmt = $db->prepare('SELECT id, password, is_moderator, login_attempts, last_attempt FROM users WHERE username = ?');
-        $stmt->execute([$username]);
-        $user = $stmt->fetch(PDO::FETCH_ASSOC);
-        
-        if ($user) {
-            if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
-                $error = 'Too many login attempts. Please try again later.';
-            } else if (password_verify($password, $user['password'])) {
-                session_regenerate_id(true);
-                $_SESSION['user_id'] = $user['id'];
-                $_SESSION['username'] = $username;
-                $_SESSION['is_moderator'] = $user['is_moderator'];
-                
-                $stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
-                $stmt->execute([$user['id']]);
-                
-                header('Location: index.php');
-                exit;
+        try {
+            $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
+            $stmt->execute([$username]);
+            $user = $stmt->fetch(PDO::FETCH_ASSOC);
+
+            if ($user) {
+                if ($user['is_blocked']) {
+                    $error = 'Account is blocked';
+                } else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
+                    $error = 'Too many login attempts';
+                } else if (password_verify($password, $user['password'])) {
+                    $stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
+                    $stmt->execute([$user['id']]);
+                    $_SESSION['user_id'] = $user['id'];
+                    $_SESSION['username'] = $username;
+                    header('Location: index.php');
+                    exit;
+                } else {
+                    $stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
+                    $stmt->execute([$user['id']]);
+                    $error = 'Invalid password';
+                }
             } else {
-                $stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
-                $stmt->execute([$user['id']]);
-                $error = 'Invalid username or password';
+                $error = 'User not found';
             }
-        } else {
-            $error = 'Invalid username or password';
+        } catch (PDOException $e) {
+            $error = 'Server error';
         }
     }
 }
@@ -55,21 +60,35 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 <html>
 <head>
     <meta charset="utf-8">
-    <title>Login</title>
-    <link rel="stylesheet" href="styles.css">
+    <title>Text0Nly - Login</title>
+    <style>
+        body { font-family: Arial, sans-serif; max-width: 400px; margin: 20px auto; padding: 20px; }
+        .form-group { margin: 10px 0; }
+        input { width: 100%; padding: 8px; margin: 5px 0; }
+        button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
+        .error { color: red; }
+        .success { color: green; }
+    </style>
 </head>
 <body>
-<div class="container">
-    <div class="header"><h1>Login</h1></div>
+    <h2>Login</h2>
     <?php if ($error): ?>
-        <div class="error" style="color:red; margin-bottom:10px;"><?= htmlspecialchars($error) ?></div>
+        <div class="error"><?= htmlspecialchars($error) ?></div>
     <?php endif; ?>
-    <form method="post" class="form-container">
-        <input type="text" name="username" placeholder="Username" required maxlength="50">
-        <input type="password" name="password" placeholder="Password" required>
+    <?php if ($success): ?>
+        <div class="success"><?= htmlspecialchars($success) ?></div>
+    <?php endif; ?>
+    
+    <form method="post">
+        <div class="form-group">
+            <input type="text" name="username" placeholder="Username" required>
+        </div>
+        <div class="form-group">
+            <input type="password" name="password" placeholder="Password" required>
+        </div>
         <button type="submit">Login</button>
     </form>
-    <div style="margin-top:10px;"><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></div>
-</div>
+    <p><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></p>
 </body>
-</html> 
\ No newline at end of file
+</html>
+<?php ob_end_flush(); ?> 
\ No newline at end of file
diff --git a/main/register.php b/main/register.php
index a533b51..a8e79d2 100644
--- a/main/register.php
+++ b/main/register.php
@@ -1,5 +1,5 @@
 <?php
-session_start();
+ob_start();
 ini_set('session.cookie_httponly', 1);
 ini_set('session.cookie_secure', 1);
 header('X-Content-Type-Options: nosniff');
@@ -7,6 +7,7 @@ header('X-Frame-Options: DENY');
 header('X-XSS-Protection: 1; mode=block');
 header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
 header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
+session_start();
 
 $config = require 'config.php';
 $db = new PDO(
@@ -95,4 +96,5 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     </form>
     <p><a href="index.php">Back to chat</a></p>
 </body>
-</html> 
\ No newline at end of file
+</html>
+<?php ob_end_flush(); ?> 
\ No newline at end of file