mirror of
https://git.sr.ht/~iwakuralain/text0Nly
synced 2025-07-27 15:36:11 +00:00
fixingfixin
This commit is contained in:
Lain Iwakura
parent
c3bc225cdc
commit
5ed67947e5
@ -1,5 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
session_start();
|
ob_start();
|
||||||
ini_set('session.cookie_httponly', 1);
|
ini_set('session.cookie_httponly', 1);
|
||||||
ini_set('session.cookie_secure', 1);
|
ini_set('session.cookie_secure', 1);
|
||||||
header('X-Content-Type-Options: nosniff');
|
header('X-Content-Type-Options: nosniff');
|
||||||
@ -7,6 +7,7 @@ header('X-Frame-Options: DENY');
|
|||||||
header('X-XSS-Protection: 1; mode=block');
|
header('X-XSS-Protection: 1; mode=block');
|
||||||
header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
|
header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
|
||||||
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
|
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
|
||||||
|
session_start();
|
||||||
|
|
||||||
$config = require 'config.php';
|
$config = require 'config.php';
|
||||||
$db = new PDO(
|
$db = new PDO(
|
||||||
@ -17,36 +18,40 @@ $db = new PDO(
|
|||||||
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
||||||
|
|
||||||
$error = '';
|
$error = '';
|
||||||
|
$success = '';
|
||||||
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
|
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
|
||||||
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
|
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
if ($username && $password) {
|
if ($username && $password) {
|
||||||
$stmt = $db->prepare('SELECT id, password, is_moderator, login_attempts, last_attempt FROM users WHERE username = ?');
|
try {
|
||||||
$stmt->execute([$username]);
|
$stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
|
||||||
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
$stmt->execute([$username]);
|
||||||
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
|
|
||||||
if ($user) {
|
if ($user) {
|
||||||
if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
|
if ($user['is_blocked']) {
|
||||||
$error = 'Too many login attempts. Please try again later.';
|
$error = 'Account is blocked';
|
||||||
} else if (password_verify($password, $user['password'])) {
|
} else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
|
||||||
session_regenerate_id(true);
|
$error = 'Too many login attempts';
|
||||||
$_SESSION['user_id'] = $user['id'];
|
} else if (password_verify($password, $user['password'])) {
|
||||||
$_SESSION['username'] = $username;
|
$stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
|
||||||
$_SESSION['is_moderator'] = $user['is_moderator'];
|
$stmt->execute([$user['id']]);
|
||||||
|
$_SESSION['user_id'] = $user['id'];
|
||||||
$stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
|
$_SESSION['username'] = $username;
|
||||||
$stmt->execute([$user['id']]);
|
header('Location: index.php');
|
||||||
|
exit;
|
||||||
header('Location: index.php');
|
} else {
|
||||||
exit;
|
$stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
|
||||||
|
$stmt->execute([$user['id']]);
|
||||||
|
$error = 'Invalid password';
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
|
$error = 'User not found';
|
||||||
$stmt->execute([$user['id']]);
|
|
||||||
$error = 'Invalid username or password';
|
|
||||||
}
|
}
|
||||||
} else {
|
} catch (PDOException $e) {
|
||||||
$error = 'Invalid username or password';
|
$error = 'Server error';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -55,21 +60,35 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<title>Login</title>
|
<title>Text0Nly - Login</title>
|
||||||
<link rel="stylesheet" href="styles.css">
|
<style>
|
||||||
|
body { font-family: Arial, sans-serif; max-width: 400px; margin: 20px auto; padding: 20px; }
|
||||||
|
.form-group { margin: 10px 0; }
|
||||||
|
input { width: 100%; padding: 8px; margin: 5px 0; }
|
||||||
|
button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
|
||||||
|
.error { color: red; }
|
||||||
|
.success { color: green; }
|
||||||
|
</style>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<div class="container">
|
<h2>Login</h2>
|
||||||
<div class="header"><h1>Login</h1></div>
|
|
||||||
<?php if ($error): ?>
|
<?php if ($error): ?>
|
||||||
<div class="error" style="color:red; margin-bottom:10px;"><?= htmlspecialchars($error) ?></div>
|
<div class="error"><?= htmlspecialchars($error) ?></div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<form method="post" class="form-container">
|
<?php if ($success): ?>
|
||||||
<input type="text" name="username" placeholder="Username" required maxlength="50">
|
<div class="success"><?= htmlspecialchars($success) ?></div>
|
||||||
<input type="password" name="password" placeholder="Password" required>
|
<?php endif; ?>
|
||||||
|
|
||||||
|
<form method="post">
|
||||||
|
<div class="form-group">
|
||||||
|
<input type="text" name="username" placeholder="Username" required>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<input type="password" name="password" placeholder="Password" required>
|
||||||
|
</div>
|
||||||
<button type="submit">Login</button>
|
<button type="submit">Login</button>
|
||||||
</form>
|
</form>
|
||||||
<div style="margin-top:10px;"><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></div>
|
<p><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></p>
|
||||||
</div>
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
<?php ob_end_flush(); ?>
|
||||||
@ -1,5 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
session_start();
|
ob_start();
|
||||||
ini_set('session.cookie_httponly', 1);
|
ini_set('session.cookie_httponly', 1);
|
||||||
ini_set('session.cookie_secure', 1);
|
ini_set('session.cookie_secure', 1);
|
||||||
header('X-Content-Type-Options: nosniff');
|
header('X-Content-Type-Options: nosniff');
|
||||||
@ -7,6 +7,7 @@ header('X-Frame-Options: DENY');
|
|||||||
header('X-XSS-Protection: 1; mode=block');
|
header('X-XSS-Protection: 1; mode=block');
|
||||||
header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
|
header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
|
||||||
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
|
header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
|
||||||
|
session_start();
|
||||||
|
|
||||||
$config = require 'config.php';
|
$config = require 'config.php';
|
||||||
$db = new PDO(
|
$db = new PDO(
|
||||||
@ -96,3 +97,4 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||||||
<p><a href="index.php">Back to chat</a></p>
|
<p><a href="index.php">Back to chat</a></p>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
<?php ob_end_flush(); ?>
|
||||||
Loading…
x
Reference in New Issue
Block a user