A lot of code cleanup and code sanitation done.

This commit is contained in:
2026-06-20 00:31:32 +02:00
parent be392b8149
commit d781078c0d
100 changed files with 733 additions and 2097 deletions

File diff suppressed because it is too large Load Diff

7
pub/login/css/style.full.min.css vendored Normal file

File diff suppressed because one or more lines are too long

View File

@@ -5,7 +5,7 @@ if (isset($_SESSION['user']['user_uuid'])) {
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
$loginAttempts = checkLoginAttempts();
?>
@@ -90,6 +90,7 @@ $loginAttempts = checkLoginAttempts();
<form method="post" action="/login/php/forgotPasswordRequest.php">
<div class="mb-3 text-reset">
<label for="email"></label>
<input type="email" class="form-control" name="user_email" id="email" placeholder="somebody@somewhere.what" required>
</div>
@@ -104,7 +105,7 @@ $loginAttempts = checkLoginAttempts();
<div class="card col-md-5 text-white bg-transparent py-0 border-0">
<div class="card-body text-center pt-5">
<div>
<img class="pt-3 w-100 portal-image" alt="portal-image" src="/src/images/logo-login-dark.webp" width="500" height="265" style="height: auto;">
<img class="pt-3 w-100 portal-image" alt="portal-image" src="" width="500" height="265" style="height: auto;">
</div>
</div>
</div>

View File

@@ -1,6 +1,6 @@
<?php
session_start();
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
if (isset($_SESSION['user'])) {
header('location: /');
@@ -32,7 +32,7 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
<link rel="apple-touch-icon" sizes="180x180" href="/src/images/favicon/apple-touch-icon.png">
<link rel="manifest" href="/src/images/favicon/site.webmanifest">
<link rel="stylesheet" href="css/style.full.css" as="style">
<link rel="stylesheet" href="css/style.full.min.css" as="style">
</head>
<body>
<div class="bg-body-tertiary min-vh-100 d-flex flex-row align-items-center">
@@ -74,11 +74,17 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
<p class="text-body-secondary">Login with your account</p>
<div class="input-group mb-3">
<span class="input-group-text"><i class="fa-solid fa-user"></i></span>
<input name="username" class="form-control" type="text" placeholder="name@example.com">
<label class="flex-grow-1 m-0">
<input name="username" class="form-control w-100" type="text" placeholder="name@example.com">
</label>
</div>
<div class="input-group mb-4">
<span class="input-group-text"><i class="fa-solid fa-lock"></i></span>
<input name="password" class="form-control" type="password" placeholder="Password">
<label class="flex-grow-1 m-0">
<input name="password" class="form-control" type="password" placeholder="Password">
</label>
</div>
<div class="row pb-1">
<div class="col-auto">
@@ -98,12 +104,24 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
<h5>Enter code from your app:</h5>
<div class="mb-3">
<div id="code-container">
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
<label>
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
</label>
<label>
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
</div>
</div>
<button class="btn btn-primary px-4" type="submit">
@@ -121,7 +139,7 @@ if ($loginAttemptCount = checkLoginAttempts() > 3) {
<div class="card col-md-5 text-white bg-transparent py-5 border-0">
<div class="card-body text-center pt-3">
<div>
<img class="pt-3 w-100 portal-image" alt="portal-image" width="500" height="265" style="height: auto;">
<img class="pt-3 w-100 portal-image" alt="portal-image" width="500" height="265" style="height: auto;" src="">
</div>
</div>
</div>

View File

@@ -19,10 +19,9 @@ if (isset($_POST['logout'])) {
// Set "logged out" indicator cookie
setcookie('loggedout', '1', time() + 3600, '/');
// Redirect to login
// Redirect to log in
header('Location: /login/');
exit;
} else {
header('Location: /');
exit;
}
exit;

View File

@@ -1,8 +1,8 @@
<?php
session_start();
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/../vendor/autoload.php";
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
use RobThree\Auth\TwoFactorAuth;
@@ -82,12 +82,24 @@ $_SESSION['mfasetup']['secret'] = $secret;
<small>Enter the code from your authentication app:</small><br>
<div class="input-group mb-3">
<div id="code-container">
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
<label>
<input name="verification-1" type="text" maxlength="1" class="code-input" autocomplete="off" autofocus>
</label>
<label>
<input name="verification-2" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-3" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-4" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-5" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
<label>
<input name="verification-6" type="text" maxlength="1" class="code-input" autocomplete="off">
</label>
</div>
</div>
<button class="btn btn-primary px-4" type="submit">

View File

@@ -1,7 +1,7 @@
<?php
session_start();
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
if (checkLoginAttempts() > 3) {
header('Location: /login/');
@@ -70,15 +70,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
session_regenerate_id(true); # create session to store some data
$_SESSION['mfa'] = ['user_uuid' => $user['user_uuid'], 'user_secret' => $user['user_two_factor_secret']];
header('Location: /login/');
exit;
} else {
# No mfa2 is setup
# No mfa2 is set up
loginUser($user['user_uuid']);
header('Location: /');
exit;
}
exit;
}

View File

@@ -1,6 +1,6 @@
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/db_connect.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/db_connect.php";
function checkLoginAttempts()
{
$stmt = $GLOBALS['conn']->prepare("SELECT address
@@ -91,7 +91,7 @@ function loginUser($user_uuid)
setSessionParams();
}
# link the verification code input and check if its an valid code.
# link the verification code input and check if it's a valid code.
function linkVerificationPosts()
{
$codeParts = [];

View File

@@ -7,9 +7,8 @@ if (!isset($_POST['user_email'])) {
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
require_once "{$_SERVER['DOCUMENT_ROOT']}/bin/php/Classes/mailBuilder.php";
$loginAttempts = checkLoginAttempts();

View File

@@ -2,8 +2,8 @@
session_start();
# includes
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/../vendor/autoload.php";
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
use RobThree\Auth\TwoFactorAuth;

View File

@@ -4,7 +4,7 @@ if ($_POST['password-1'] != $_POST['password-2']) {
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
$user_password = password_hash($_POST['password-1'], PASSWORD_BCRYPT, ["cost" => 12]);
if (isset($_POST['user_uuid'])) {
@@ -38,6 +38,7 @@ if (isset($_POST['user_uuid'])) {
function checkUserExists($whereValue, $conn, $sql)
{
$stmt = $conn->prepare($sql);
$count = 0;
$stmt->bind_param("s", $whereValue);
$stmt->execute();
$stmt->bind_result($count);
@@ -62,8 +63,7 @@ $stmt->bind_param("ss",
if ($stmt->execute()) {
header('location: /login/resetPassword.php?result=success');
exit;
} else {
header('location: /login/resetPassword.php?result=failed');
exit;
}
}
exit;

View File

@@ -5,7 +5,7 @@ if (!isset($_GET['token']) && !isset($_GET['result']) && !isset($_SESSION['user'
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
$tokenfound = false;

View File

@@ -5,7 +5,7 @@ if (!isset($_GET['token'])) {
exit;
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
require_once "{$_SERVER['DOCUMENT_ROOT']}/login/php/authFunctions.php";
$token = htmlspecialchars($_GET['token'], ENT_QUOTES, 'UTF-8');
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM system_users WHERE user_password_reset_token = ? AND user_password_reset_expires > UNIX_TIMESTAMP()");
@@ -13,6 +13,7 @@ $stmt->bind_param("s", $token);
$stmt->execute();
$result = $stmt->get_result();
$tokenfound = false;
$user_data = array();
if ($result->num_rows == 1) {
$tokenfound = true;
@@ -60,20 +61,6 @@ if (checkLoginAttempts() > 20) {
display: block;
min-height: 200px; /* Prevent layout shift during image load */
}
#code-container {
display: flex;
justify-content: center;
gap: 10px;
}
.code-input {
width: 40px;
height: 40px;
font-size: 24px;
text-align: center;
margin: 5px;
}
</style>
<link rel="stylesheet" href="css/style.full.css" as="style">
@@ -111,7 +98,7 @@ if (checkLoginAttempts() > 20) {
<div class="card col-md-5 text-white bg-transparent py-5">
<div class="card-body text-center pt-5">
<div>
<img class="pt-3 w-100 portal-image" alt="portal-image" src="/src/images/logo-login-dark.webp" width="500" height="265" style="height: auto;">
<img class="pt-3 w-100 portal-image" alt="portal-image" src="" width="500" height="265" style="height: auto;">
</div>
</div>
</div>