This commit is contained in:
@@ -1,11 +1,12 @@
|
||||
<?php
|
||||
session_start();
|
||||
include "../utils/security.php";
|
||||
secure_session_start();
|
||||
header('Content-Type: application/json');
|
||||
|
||||
include "../utils/get_location.php";
|
||||
|
||||
$send_to=$_SESSION["end_url"];
|
||||
$send_to = htmlspecialchars(str_replace([';', 'script', 'java','(',')'],'',$send_to));
|
||||
$send_to=normalize_redirect_target($_SESSION["end_url"] ?? "/account/");
|
||||
$_SESSION["end_url"] = $send_to;
|
||||
include "../../config/config.php";
|
||||
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
|
||||
|
||||
@@ -56,7 +57,7 @@ else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 &&
|
||||
if(!empty($send_to)){
|
||||
$data=[
|
||||
'message' => 'done',
|
||||
'redirect' => $send_to."?auth=$auth_token"
|
||||
'redirect' => append_auth_token_to_redirect($send_to, $auth_token)
|
||||
];
|
||||
}else{
|
||||
$data=[
|
||||
@@ -65,7 +66,8 @@ else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 &&
|
||||
];
|
||||
}
|
||||
//update last login
|
||||
$ip=trim(explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"])[0]);
|
||||
$forwarded_for = $_SERVER["HTTP_X_FORWARDED_FOR"] ?? $_SERVER["REMOTE_ADDR"] ?? "";
|
||||
$ip=trim(explode(",",$forwarded_for)[0]);
|
||||
$date=date('Y-m-d H:i:s');
|
||||
$last_login_msg=$date." from ".$ip;
|
||||
$sql="UPDATE users SET last_login = ? WHERE id = ?";
|
||||
@@ -75,7 +77,7 @@ else if ($_SESSION["needs_auth"]===false && $_SESSION["mfa_authenticated"]==1 &&
|
||||
mysqli_stmt_close($stmt);
|
||||
//send login message
|
||||
if($_SESSION["login_message"] && $_SESSION["logged_in"]!==true){
|
||||
$device = $_SERVER['HTTP_USER_AGENT'];
|
||||
$device = $_SERVER['HTTP_USER_AGENT'] ?? "";
|
||||
$location=get_location_from_ip($ip);
|
||||
$message = "⚠️ *Login Warning*\n\n"
|
||||
. "We noticed a login attempt with your account.\n\n"
|
||||
|
||||
Reference in New Issue
Block a user