janis/ma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

u

Browse Source
This commit is contained in:
jakani24
2024-04-27 14:10:01 +02:00
parent 0410e59b8d
commit fdff4736ff
2 changed files with 107 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
src/server/cyberhex-code/system/insecure_zone/php/login.php
View File

@@ -10,7 +10,15 @@ if(isset($_SESSION["login"])){
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
<title>Cyberhex login page</title> <title>Cyberhex login page</title>
<style>
.bg-image {
background-image: url('/logo.png');
background-size: cover;
background-position: center;
height: 100vh; /* Set height to viewport height */
}
</style>
</head> </head>
<body> <body>
<script> <script>
@@ -218,111 +226,113 @@ async function checkRegistration() {
} }
</script> </script>
<div class="container mt-5"> <div class="container-fluid bg-image">
<div class="row justify-content-center"> <div class="container mt-5">
<div class="col-md-6"> <div class="row justify-content-center">
<div class="card"> <div class="col-md-6">
<div class="card-header"> <div class="card">
<h4>Login to Cyberhex</h4> <div class="card-header">
</div> <h4>Login to Cyberhex</h4>
<div class="card-body">
<form action="login.php" method="post">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" class="form-control" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<br>
<div class="row">
<div class="col">
<button style="align:left" type="submit" class="btn btn-primary btn-block">Login with password</button>
</div>
<div class="col">
<center>Or</center>
</div>
<div class="col">
<button style="align:right" type="button" class="btn btn-primary btn-block" onclick="checkRegistration()">Login with a passkey</button>
</div>
</div>
</form>
<br><br>
<div class="alert alert-danger" role="alert" style="display:none" id="no_passkey">
You do not have a passkey associatet with your account.
</div> </div>
<!-- php code to verify password--> <div class="card-body">
<?php <form action="login.php" method="post">
// Check if the form is submitted <div class="form-group">
if ($_SERVER["REQUEST_METHOD"] == "POST") { <label for="username">Username:</label>
//include db pw <input type="text" class="form-control" id="username" name="username" required>
include "../../../config.php"; </div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<br>
<div class="row">
<div class="col">
<button style="align:left" type="submit" class="btn btn-primary btn-block">Login with password</button>
</div>
<div class="col">
<center>Or</center>
</div>
<div class="col">
<button style="align:right" type="button" class="btn btn-primary btn-block" onclick="checkRegistration()">Login with a passkey</button>
</div>
</div>
</form>
<br><br>
<div class="alert alert-danger" role="alert" style="display:none" id="no_passkey">
You do not have a passkey associatet with your account.
</div>
<!-- php code to verify password-->
<?php
// Check if the form is submitted
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//include db pw
include "../../../config.php";
// Retrieve user input // Retrieve user input
$username = htmlspecialchars($_POST["username"]); $username = htmlspecialchars($_POST["username"]);
$password = $_POST["password"]; $password = $_POST["password"];
// Create a connection // Create a connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE); $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check the connection // Check the connection
if ($conn->connect_error) { if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error); die("Connection failed: " . $conn->connect_error);
} }
$sql = "SELECT * FROM users WHERE username = ?"; $sql = "SELECT * FROM users WHERE username = ?";
$stmt = $conn->prepare($sql); $stmt = $conn->prepare($sql);
$stmt->bind_param("s", $username); $stmt->bind_param("s", $username);
// Execute the statement // Execute the statement
$stmt->execute(); $stmt->execute();
// Get the result // Get the result
$result = $stmt->get_result(); $result = $stmt->get_result();
// Check if the user exists and verify the password // Check if the user exists and verify the password
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
$row = $result->fetch_assoc(); $row = $result->fetch_assoc();
if($row["allow_pw_login"]==1){ if($row["allow_pw_login"]==1){
if (password_verify($password, $row['password'])) { if (password_verify($password, $row['password'])) {
$_SESSION["username"]=$username; $_SESSION["username"]=$username;
$_SESSION["login"]=true; $_SESSION["login"]=true;
$_SESSION["perms"]=$row["perms"]; $_SESSION["perms"]=$row["perms"];
$_SESSION["email"]=$row["email"]; $_SESSION["email"]=$row["email"];
$_SESSION["telegram_id"]=$row["telegram_id"]; $_SESSION["telegram_id"]=$row["telegram_id"];
$_SESSION["allow_pw_login"]=$row["allow_pw_login"]; $_SESSION["allow_pw_login"]=$row["allow_pw_login"];
echo '<script>window.location.href = "/system/secure_zone/php/index.php";</script>'; echo '<script>window.location.href = "/system/secure_zone/php/index.php";</script>';
exit(); exit();
} else { } else {
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
Incorrect username or password. Incorrect username or password.
</div>'; </div>';
}
} }
} else{
else{ echo '<div class="alert alert-danger" role="alert">
Password login is disabled on your account. Please use your passkey
</div>';
}
} else {
echo '<div class="alert alert-danger" role="alert"> echo '<div class="alert alert-danger" role="alert">
Password login is disabled on your account. Please use your passkey Incorrect username or password.
</div>'; </div>';
} }
} else {
echo '<div class="alert alert-danger" role="alert">
Incorrect username or password. // Close the connection
</div>'; $stmt->close();
$conn->close();
} }
?>
</div>
// Close the connection </div>
$stmt->close(); </div>
$conn->close(); </div>
} </div>
?>
</div>
</div>
</div>
</div>
</div> </div>
</body> </body>
</html> </html>

BIN
src/server/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 95 KiB