From 7e211c7a8bb17776dac924433886d0c12eff76b9 Mon Sep 17 00:00:00 2001
From: Lain Iwakura <lain@iwakurahome.ru>
Date: Mon, 16 Jun 2025 02:25:29 +0300
Subject: [PATCH] clean debug

---
 main/login.php    | 173 ++++++++++++++++++----------------------------
 main/register.php | 151 ++++++++++++++++++----------------------
 2 files changed, 136 insertions(+), 188 deletions(-)

diff --git a/main/login.php b/main/login.php
index f74ec5a..d89386d 100644
--- a/main/login.php
+++ b/main/login.php
@@ -1,124 +1,89 @@
 <?php
-ob_start();
-ini_set('session.cookie_httponly', 1);
-ini_set('session.cookie_secure', 1);
-header('X-Content-Type-Options: nosniff');
-header('X-Frame-Options: DENY');
-header('X-XSS-Protection: 1; mode=block');
-header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
-header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
+require_once 'config.php';
+require_once 'functions.php';
+
 session_start();
 
-$debug = [];
-try {
-    $config = require 'config.php';
-    $debug[] = "Config loaded";
-    
-    $db = new PDO(
-        "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", 
-        $config['db']['user'], 
-        $config['db']['pass']
-    );
-    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-    $debug[] = "Database connected";
-} catch (PDOException $e) {
-    $debug[] = "Database error: " . $e->getMessage();
-    die("Database connection error: " . $e->getMessage());
-}
-
-$error = '';
-$success = '';
-
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
-    $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
+    $username = $_POST['username'] ?? '';
+    $password = $_POST['password'] ?? '';
     
-    $debug[] = "Login attempt for: " . $username;
-
-    if ($username && $password) {
-        try {
-            $stmt = $db->prepare('SELECT id, password, is_blocked, login_attempts, last_attempt FROM users WHERE username = ?');
-            $stmt->execute([$username]);
-            $user = $stmt->fetch(PDO::FETCH_ASSOC);
-            
-            $debug[] = "User found: " . ($user ? 'yes' : 'no');
-
+    try {
+        $pdo = new PDO(
+            "mysql:host={$config['db_host']};dbname={$config['db_name']};charset=utf8mb4",
+            $config['db_user'],
+            $config['db_pass'],
+            [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
+        );
+        
+        $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
+        $stmt->execute([$username]);
+        $user = $stmt->fetch();
+        
+        if ($user && password_verify($password, $user['password'])) {
+            if ($user['is_blocked']) {
+                $error = "Аккаунт заблокирован: " . htmlspecialchars($user['block_reason']);
+            } else {
+                $_SESSION['user_id'] = $user['id'];
+                $_SESSION['username'] = $user['username'];
+                $_SESSION['is_moderator'] = $user['is_moderator'];
+                
+                $stmt = $pdo->prepare("UPDATE users SET login_attempts = 0, last_attempt = NULL WHERE id = ?");
+                $stmt->execute([$user['id']]);
+                
+                header("Location: index.php");
+                exit;
+            }
+        } else {
             if ($user) {
-                if ($user['is_blocked']) {
-                    $error = 'Account is blocked';
-                    $debug[] = "Account blocked";
-                } else if ($user['login_attempts'] >= 5 && strtotime($user['last_attempt']) > strtotime('-15 minutes')) {
-                    $error = 'Too many login attempts';
-                    $debug[] = "Too many attempts";
-                } else if (password_verify($password, $user['password'])) {
-                    $stmt = $db->prepare('UPDATE users SET login_attempts = 0, last_attempt = NOW() WHERE id = ?');
+                $stmt = $pdo->prepare("UPDATE users SET login_attempts = login_attempts + 1, last_attempt = CURRENT_TIMESTAMP WHERE id = ?");
+                $stmt->execute([$user['id']]);
+                
+                if ($user['login_attempts'] >= 4) {
+                    $stmt = $pdo->prepare("UPDATE users SET is_blocked = 1, block_reason = 'Превышено количество попыток входа' WHERE id = ?");
                     $stmt->execute([$user['id']]);
-                    $_SESSION['user_id'] = $user['id'];
-                    $_SESSION['username'] = $username;
-                    $debug[] = "Login successful";
-                    header('Location: index.php');
-                    exit;
+                    $error = "Аккаунт заблокирован из-за превышения количества попыток входа";
                 } else {
-                    $stmt = $db->prepare('UPDATE users SET login_attempts = login_attempts + 1, last_attempt = NOW() WHERE id = ?');
-                    $stmt->execute([$user['id']]);
-                    $error = 'Invalid password';
-                    $debug[] = "Invalid password";
+                    $error = "Неверный пароль";
                 }
             } else {
-                $error = 'User not found';
-                $debug[] = "User not found";
+                $error = "Пользователь не найден";
             }
-        } catch (PDOException $e) {
-            $error = 'Server error';
-            $debug[] = "SQL Error: " . $e->getMessage();
-            $debug[] = "SQL State: " . $e->getCode();
         }
+    } catch (PDOException $e) {
+        $error = "Ошибка сервера";
     }
 }
 ?>
 <!DOCTYPE html>
-<html>
+<html lang="ru">
 <head>
-    <meta charset="utf-8">
-    <title>Text0Nly - Login</title>
-    <style>
-        body { font-family: Arial, sans-serif; max-width: 400px; margin: 20px auto; padding: 20px; }
-        .form-group { margin: 10px 0; }
-        input { width: 100%; padding: 8px; margin: 5px 0; }
-        button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
-        .error { color: red; }
-        .success { color: green; }
-        .debug { background: #f5f5f5; padding: 10px; margin: 10px 0; font-family: monospace; }
-    </style>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Вход</title>
+    <link rel="stylesheet" href="style.css">
 </head>
 <body>
-    <h2>Login</h2>
-    <?php if ($error): ?>
-        <div class="error"><?= htmlspecialchars($error) ?></div>
-    <?php endif; ?>
-    <?php if ($success): ?>
-        <div class="success"><?= htmlspecialchars($success) ?></div>
-    <?php endif; ?>
-    
-    <form method="post">
-        <div class="form-group">
-            <input type="text" name="username" placeholder="Username" required>
-        </div>
-        <div class="form-group">
-            <input type="password" name="password" placeholder="Password" required>
-        </div>
-        <button type="submit">Login</button>
-    </form>
-    <p><a href="register.php">Register</a> | <a href="index.php">Back to chat</a></p>
-    
-    <?php if (!empty($debug)): ?>
-        <div class="debug">
-            <strong>Debug info:</strong><br>
-            <?php foreach ($debug as $line): ?>
-                <?= htmlspecialchars($line) ?><br>
-            <?php endforeach; ?>
-        </div>
-    <?php endif; ?>
+    <div class="container">
+        <h1>Вход</h1>
+        <?php if (isset($error)): ?>
+            <div class="error"><?php echo $error; ?></div>
+        <?php endif; ?>
+        <?php if (isset($success)): ?>
+            <div class="success"><?php echo $success; ?></div>
+        <?php endif; ?>
+        <form method="POST" action="">
+            <div class="form-group">
+                <label for="username">Имя пользователя:</label>
+                <input type="text" id="username" name="username" required>
+            </div>
+            <div class="form-group">
+                <label for="password">Пароль:</label>
+                <input type="password" id="password" name="password" required>
+            </div>
+            <button type="submit">Войти</button>
+        </form>
+        <p>Нет аккаунта? <a href="register.php">Зарегистрироваться</a></p>
+    </div>
 </body>
-</html>
-<?php ob_end_flush(); ?> 
\ No newline at end of file
+</html> 
\ No newline at end of file
diff --git a/main/register.php b/main/register.php
index a8e79d2..8b22af6 100644
--- a/main/register.php
+++ b/main/register.php
@@ -1,100 +1,83 @@
 <?php
-ob_start();
-ini_set('session.cookie_httponly', 1);
-ini_set('session.cookie_secure', 1);
-header('X-Content-Type-Options: nosniff');
-header('X-Frame-Options: DENY');
-header('X-XSS-Protection: 1; mode=block');
-header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\';');
-header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
+require_once 'config.php';
+require_once 'functions.php';
+
 session_start();
 
-$config = require 'config.php';
-$db = new PDO(
-    "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", 
-    $config['db']['user'], 
-    $config['db']['pass']
-);
-$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-
-$error = '';
-$success = '';
-
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
-    $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
-    $pgp_key = filter_input(INPUT_POST, 'pgp_key', FILTER_SANITIZE_STRING);
-
-    if ($username && $password) {
-        if (strlen($username) > 50 || strlen($password) < 8 || !preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
-            $error = 'Invalid data';
-        } else if (strlen($pgp_key) > 4096) {
-            $error = 'PGP key is too long';
+    $username = $_POST['username'] ?? '';
+    $password = $_POST['password'] ?? '';
+    $pgp_key = $_POST['pgp_key'] ?? '';
+    
+    try {
+        $pdo = new PDO(
+            "mysql:host={$config['db_host']};dbname={$config['db_name']};charset=utf8mb4",
+            $config['db_user'],
+            $config['db_pass'],
+            [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
+        );
+        
+        $stmt = $pdo->prepare("SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)");
+        $stmt->execute();
+        $recent_registrations = $stmt->fetchColumn();
+        
+        if ($recent_registrations >= 3) {
+            $error = "Слишком много регистраций за последний час. Попробуйте позже.";
         } else {
-            $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)');
-            $stmt->execute();
-            $count = $stmt->fetchColumn();
-
-            if ($count >= 20) {
-                $error = 'Registration limit exceeded';
+            $stmt = $pdo->prepare("SELECT COUNT(*) FROM users WHERE username = ?");
+            $stmt->execute([$username]);
+            if ($stmt->fetchColumn() > 0) {
+                $error = "Пользователь с таким именем уже существует";
             } else {
-                try {
-                    $stmt = $db->prepare('INSERT INTO users (username, password, pgp_key, login_attempts, last_attempt) VALUES (?, ?, ?, 0, NOW())');
-                    $stmt->execute([
-                        $username, 
-                        password_hash($password, PASSWORD_DEFAULT, ['cost' => 12]), 
-                        $pgp_key
-                    ]);
-                    
-                    $stmt = $db->prepare('INSERT INTO registrations () VALUES ()');
-                    $stmt->execute();
-                    
-                    $success = 'Registration successful';
-                } catch (PDOException $e) {
-                    $error = 'Username already exists';
-                }
+                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
+                
+                $stmt = $pdo->prepare("INSERT INTO users (username, password, pgp_key) VALUES (?, ?, ?)");
+                $stmt->execute([$username, $hashed_password, $pgp_key]);
+                
+                $stmt = $pdo->prepare("INSERT INTO registrations (created_at) VALUES (NOW())");
+                $stmt->execute();
+                
+                $success = "Регистрация успешна! Теперь вы можете войти.";
             }
         }
+    } catch (PDOException $e) {
+        $error = "Ошибка сервера";
     }
 }
 ?>
 <!DOCTYPE html>
-<html>
+<html lang="ru">
 <head>
-    <meta charset="utf-8">
-    <title>Text0Nly - Registration</title>
-    <style>
-        body { font-family: Arial, sans-serif; max-width: 400px; margin: 20px auto; padding: 20px; }
-        .form-group { margin: 10px 0; }
-        input, textarea { width: 100%; padding: 8px; margin: 5px 0; }
-        textarea { height: 100px; }
-        button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
-        .error { color: red; }
-        .success { color: green; }
-    </style>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Регистрация</title>
+    <link rel="stylesheet" href="style.css">
 </head>
 <body>
-    <h2>Registration</h2>
-    <?php if ($error): ?>
-        <div class="error"><?= htmlspecialchars($error) ?></div>
-    <?php endif; ?>
-    <?php if ($success): ?>
-        <div class="success"><?= htmlspecialchars($success) ?></div>
-    <?php endif; ?>
-    
-    <form method="post">
-        <div class="form-group">
-            <input type="text" name="username" placeholder="Username" required maxlength="50">
-        </div>
-        <div class="form-group">
-            <input type="password" name="password" placeholder="Password (min 8 characters)" required minlength="8">
-        </div>
-        <div class="form-group">
-            <textarea name="pgp_key" placeholder="PGP key (optional)"></textarea>
-        </div>
-        <button type="submit">Register</button>
-    </form>
-    <p><a href="index.php">Back to chat</a></p>
+    <div class="container">
+        <h1>Регистрация</h1>
+        <?php if (isset($error)): ?>
+            <div class="error"><?php echo $error; ?></div>
+        <?php endif; ?>
+        <?php if (isset($success)): ?>
+            <div class="success"><?php echo $success; ?></div>
+        <?php endif; ?>
+        <form method="POST" action="">
+            <div class="form-group">
+                <label for="username">Имя пользователя:</label>
+                <input type="text" id="username" name="username" required>
+            </div>
+            <div class="form-group">
+                <label for="password">Пароль:</label>
+                <input type="password" id="password" name="password" required>
+            </div>
+            <div class="form-group">
+                <label for="pgp_key">PGP ключ (опционально):</label>
+                <textarea id="pgp_key" name="pgp_key" rows="5"></textarea>
+            </div>
+            <button type="submit">Зарегистрироваться</button>
+        </form>
+        <p>Уже есть аккаунт? <a href="login.php">Войти</a></p>
+    </div>
 </body>
-</html>
-<?php ob_end_flush(); ?> 
\ No newline at end of file
+</html> 
\ No newline at end of file