A lot of code cleanup and code sanitation done.
This commit is contained in:
File diff suppressed because it is too large
Load Diff
7
pub/login/css/style.full.min.css
vendored
Normal file
7
pub/login/css/style.full.min.css
vendored
Normal file
File diff suppressed because one or more lines are too long
@@ -5,7 +5,7 @@ if (isset($_SESSION['user']['user_uuid'])) {
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
$loginAttempts = checkLoginAttempts();
|
||||
|
||||
?>
|
||||
@@ -90,6 +90,7 @@ $loginAttempts = checkLoginAttempts();
|
||||
|
||||
<form method="post" action="/login/php/forgotPasswordRequest.php">
|
||||
<div class="mb-3 text-reset">
|
||||
<label for="email"></label>
|
||||
<input type="email" class="form-control" name="user_email" id="email" placeholder="somebody@somewhere.what" required>
|
||||
</div>
|
||||
|
||||
@@ -104,7 +105,7 @@ $loginAttempts = checkLoginAttempts();
|
||||
<div class="card col-md-5 text-white bg-transparent py-0 border-0">
|
||||
<div class="card-body text-center pt-5">
|
||||
<div>
|
||||
<img class="pt-3 w-100 portal-image" alt="portal-image" src="/src/images/logo-login-dark.webp" width="500" height="265" style="height: auto;">
|
||||
<img class="pt-3 w-100 portal-image" alt="portal-image" src="" width="500" height="265" style="height: auto;">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
session_start();
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
if (isset($_SESSION['user'])) {
|
||||
header('location: /');
|
||||
@@ -32,7 +32,7 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
|
||||
<link rel="apple-touch-icon" sizes="180x180" href="/src/images/favicon/apple-touch-icon.png">
|
||||
<link rel="manifest" href="/src/images/favicon/site.webmanifest">
|
||||
|
||||
<link rel="stylesheet" href="css/style.full.css" as="style">
|
||||
<link rel="stylesheet" href="css/style.full.min.css" as="style">
|
||||
</head>
|
||||
<body>
|
||||
<div class="bg-body-tertiary min-vh-100 d-flex flex-row align-items-center">
|
||||
@@ -74,11 +74,17 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
|
||||
<p class="text-body-secondary">Login with your account</p>
|
||||
<div class="input-group mb-3">
|
||||
<span class="input-group-text"><i class="fa-solid fa-user"></i></span>
|
||||
<input name="username" class="form-control" type="text" placeholder="name@example.com">
|
||||
|
||||
<label class="flex-grow-1 m-0">
|
||||
<input name="username" class="form-control w-100" type="text" placeholder="name@example.com">
|
||||
</label>
|
||||
</div>
|
||||
<div class="input-group mb-4">
|
||||
<span class="input-group-text"><i class="fa-solid fa-lock"></i></span>
|
||||
<input name="password" class="form-control" type="password" placeholder="Password">
|
||||
|
||||
<label class="flex-grow-1 m-0">
|
||||
<input name="password" class="form-control" type="password" placeholder="Password">
|
||||
</label>
|
||||
</div>
|
||||
<div class="row pb-1">
|
||||
<div class="col-auto">
|
||||
@@ -98,12 +104,24 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
|
||||
<h5>Enter code from your app:</h5>
|
||||
<div class="mb-3">
|
||||
<div id="code-container">
|
||||
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
|
||||
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<label>
|
||||
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<button class="btn btn-primary px-4" type="submit">
|
||||
@@ -121,7 +139,7 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
|
||||
<div class="card col-md-5 text-white bg-transparent py-5 border-0">
|
||||
<div class="card-body text-center pt-3">
|
||||
<div>
|
||||
<img class="pt-3 w-100 portal-image" alt="portal-image" width="500" height="265" style="height: auto;">
|
||||
<img class="pt-3 w-100 portal-image" alt="portal-image" width="500" height="265" style="height: auto;" src="">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -19,10 +19,9 @@ if (isset($_POST['logout'])) {
|
||||
// Set "logged out" indicator cookie
|
||||
setcookie('loggedout', '1', time() + 3600, '/');
|
||||
|
||||
// Redirect to login
|
||||
// Redirect to log in
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
} else {
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
exit;
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/../vendor/autoload.php";
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
|
||||
use RobThree\Auth\TwoFactorAuth;
|
||||
@@ -82,12 +82,24 @@ $_SESSION['mfasetup']['secret'] = $secret;
|
||||
<small>Enter the code from your authentication app:</small><br>
|
||||
<div class="input-group mb-3">
|
||||
<div id="code-container">
|
||||
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
|
||||
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
<label>
|
||||
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
<label>
|
||||
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
<button class="btn btn-primary px-4" type="submit">
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
if (checkLoginAttempts() > 3) {
|
||||
header('Location: /login/');
|
||||
@@ -70,15 +70,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
session_regenerate_id(true); # create session to store some data
|
||||
$_SESSION['mfa'] = ['user_uuid' => $user['user_uuid'], 'user_secret' => $user['user_two_factor_secret']];
|
||||
header('Location: /login/');
|
||||
exit;
|
||||
} else {
|
||||
# No mfa2 is setup
|
||||
# No mfa2 is set up
|
||||
|
||||
loginUser($user['user_uuid']);
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
exit;
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/db_connect.php";
|
||||
function checkLoginAttempts()
|
||||
{
|
||||
$stmt = $GLOBALS['conn']->prepare("SELECT address
|
||||
@@ -91,7 +91,7 @@ function loginUser($user_uuid)
|
||||
setSessionParams();
|
||||
}
|
||||
|
||||
# link the verification code input and check if its an valid code.
|
||||
# link the verification code input and check if it's a valid code.
|
||||
function linkVerificationPosts()
|
||||
{
|
||||
$codeParts = [];
|
||||
|
||||
@@ -7,9 +7,8 @@ if (!isset($_POST['user_email'])) {
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
|
||||
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/Classes/mailBuilder.php";
|
||||
|
||||
$loginAttempts = checkLoginAttempts();
|
||||
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
session_start();
|
||||
|
||||
# includes
|
||||
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/../vendor/autoload.php";
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
|
||||
use RobThree\Auth\TwoFactorAuth;
|
||||
|
||||
@@ -4,7 +4,7 @@ if ($_POST['password-1'] != $_POST['password-2']) {
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
$user_password = password_hash($_POST['password-1'], PASSWORD_BCRYPT, ["cost" => 12]);
|
||||
|
||||
if (isset($_POST['user_uuid'])) {
|
||||
@@ -38,6 +38,7 @@ if (isset($_POST['user_uuid'])) {
|
||||
function checkUserExists($whereValue, $conn, $sql)
|
||||
{
|
||||
$stmt = $conn->prepare($sql);
|
||||
$count = 0;
|
||||
$stmt->bind_param("s", $whereValue);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($count);
|
||||
@@ -62,8 +63,7 @@ $stmt->bind_param("ss",
|
||||
|
||||
if ($stmt->execute()) {
|
||||
header('location: /login/resetPassword.php?result=success');
|
||||
exit;
|
||||
} else {
|
||||
header('location: /login/resetPassword.php?result=failed');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
exit;
|
||||
@@ -5,7 +5,7 @@ if (!isset($_GET['token']) && !isset($_GET['result']) && !isset($_SESSION['user'
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
|
||||
$tokenfound = false;
|
||||
|
||||
@@ -5,7 +5,7 @@ if (!isset($_GET['token'])) {
|
||||
exit;
|
||||
}
|
||||
|
||||
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
||||
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
|
||||
|
||||
$token = htmlspecialchars($_GET['token'], ENT_QUOTES, 'UTF-8');
|
||||
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM system_users WHERE user_password_reset_token = ? AND user_password_reset_expires > UNIX_TIMESTAMP()");
|
||||
@@ -13,6 +13,7 @@ $stmt->bind_param("s", $token);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
$tokenfound = false;
|
||||
$user_data = array();
|
||||
|
||||
if ($result->num_rows == 1) {
|
||||
$tokenfound = true;
|
||||
@@ -60,20 +61,6 @@ if (checkLoginAttempts() > 20) {
|
||||
display: block;
|
||||
min-height: 200px; /* Prevent layout shift during image load */
|
||||
}
|
||||
|
||||
#code-container {
|
||||
display: flex;
|
||||
justify-content: center;
|
||||
gap: 10px;
|
||||
}
|
||||
|
||||
.code-input {
|
||||
width: 40px;
|
||||
height: 40px;
|
||||
font-size: 24px;
|
||||
text-align: center;
|
||||
margin: 5px;
|
||||
}
|
||||
</style>
|
||||
|
||||
<link rel="stylesheet" href="css/style.full.css" as="style">
|
||||
@@ -111,7 +98,7 @@ if (checkLoginAttempts() > 20) {
|
||||
<div class="card col-md-5 text-white bg-transparent py-5">
|
||||
<div class="card-body text-center pt-5">
|
||||
<div>
|
||||
<img class="pt-3 w-100 portal-image" alt="portal-image" src="/src/images/logo-login-dark.webp" width="500" height="265" style="height: auto;">
|
||||
<img class="pt-3 w-100 portal-image" alt="portal-image" src="" width="500" height="265" style="height: auto;">
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user