196 lines
8.3 KiB
PHP
196 lines
8.3 KiB
PHP
<?php
|
|
session_start();
|
|
if (!isset($_GET['token']) && !isset($_GET['result']) && !isset($_SESSION['user']['user_uuid'])) {
|
|
http_response_code(404);
|
|
exit;
|
|
}
|
|
|
|
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
|
|
|
|
|
|
$tokenfound = false;
|
|
if (isset($_GET['token'])) {
|
|
$token = htmlspecialchars($_GET['token'], ENT_QUOTES, 'UTF-8');
|
|
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM vc_users WHERE user_password_reset_token = ? AND user_password_reset_expires > UNIX_TIMESTAMP()");
|
|
$stmt->bind_param("s", $token);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
} elseif (isset($_SESSION['user']['user_uuid'])) {
|
|
$user_uuid = $_SESSION['user']['user_uuid'];
|
|
$stmt = $GLOBALS['conn']->prepare("SELECT * FROM vc_users WHERE user_uuid = ?");
|
|
$stmt->bind_param("s", $user_uuid);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
}
|
|
|
|
|
|
if ($result->num_rows == 1) {
|
|
$tokenfound = true;
|
|
$user_data = $result->fetch_assoc();
|
|
} else {
|
|
addLoginAttempts();
|
|
}
|
|
|
|
if (checkLoginAttempts() > 20) {
|
|
header('Location: /login/');
|
|
exit;
|
|
}
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
<html data-coreui-theme="dark" lang="en">
|
|
<head>
|
|
<base href="./">
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
|
|
<meta name="description" content="Sentri - Configure phone configs">
|
|
<meta name="author" content="Marco Mooij">
|
|
<meta name="keyword" content="sentri">
|
|
<title>Sentri | Login</title>
|
|
|
|
<!-- favicon -->
|
|
<link rel="icon" type="image/png" href="/src/images/favicon/favicon-96x96.png" sizes="96x96">
|
|
<link rel="icon" type="image/svg+xml" href="/src/images/favicon/favicon-96x96.png">
|
|
<link rel="shortcut icon" href="/src/images/favicon/favicon.ico">
|
|
<link rel="apple-touch-icon" sizes="180x180" href="/src/images/favicon/apple-touch-icon.png">
|
|
<link rel="manifest" href="/src/images/favicon/site.webmanifest">
|
|
|
|
<style>
|
|
body {
|
|
font-family: Arial, sans-serif;
|
|
background-color: #1d222b;
|
|
}
|
|
|
|
.portal-image {
|
|
width: 100%;
|
|
height: auto;
|
|
aspect-ratio: 3 / 1;
|
|
object-fit: contain;
|
|
display: block;
|
|
min-height: 200px; /* Prevent layout shift during image load */
|
|
}
|
|
|
|
#code-container {
|
|
display: flex;
|
|
justify-content: center;
|
|
gap: 10px;
|
|
}
|
|
|
|
.code-input {
|
|
width: 40px;
|
|
height: 40px;
|
|
font-size: 24px;
|
|
text-align: center;
|
|
margin: 5px;
|
|
}
|
|
</style>
|
|
|
|
<link rel="stylesheet" href="css/style.full.css" as="style">
|
|
</head>
|
|
<body>
|
|
<div class="bg-body-tertiary min-vh-100 d-flex flex-row align-items-center">
|
|
<div class="container">
|
|
<div class="row justify-content-center">
|
|
<div class="col-lg-8 col-md-10 col-12 d-flex align-items-center justify-content-center">
|
|
<div class="card-group d-block d-md-flex row">
|
|
<div class="card col-md-7 mb-0">
|
|
<div class="card-body p-3">
|
|
<div class="card-body text-center justify-content-center align-items-center">
|
|
<?php if (isset($_GET['result'])) {
|
|
if ($_GET['result'] == "success") { ?>
|
|
<h1 class="text-center">Password set</h1>
|
|
<p class="text-center">Your password was set successfully. Use the button below to proceed to the login page.</p>
|
|
<hr>
|
|
<a href="/login/" class="btn btn-primary px-4">
|
|
<i class="fa-solid fa-check"></i> Go to login
|
|
</a>
|
|
<?php } elseif ($_GET['result'] == "failed") { ?>
|
|
<h1 class="text-center">Something went wrong</h1>
|
|
<p class="text-center">Something went wrong in changing your password. Please contact support!</p>
|
|
<?php } ?><?php } else { ?>
|
|
<h1 class="text-center">Set Password</h1>
|
|
<p class="text-center">Must be at least 12 characters.</p>
|
|
<hr>
|
|
<form method="post" action="/login/php/setPassword.php">
|
|
<?php if (isset($_GET['token'])) { ?>
|
|
<input type="hidden" name="user_password_reset_token" value="<?php echo $token ?>">
|
|
<?php } elseif (isset($_SESSION['user']['user_uuid'])) { ?>
|
|
<input type="hidden" name="user_uuid" value="<?php echo $user_data['user_uuid'] ?>">
|
|
<?php } ?>
|
|
<label for="password" class="form-label">New Password</label>
|
|
<input type="password" class="form-control" name="password-1" id="password" placeholder="Enter password" required autocomplete="new-password">
|
|
<div id="passwordPolicyError" class="form-text text-danger d-none">Password is too short.</div>
|
|
<br>
|
|
|
|
<div class="mb-3 text-reset">
|
|
<label for="confirmPassword" class="form-label">Confirm Password</label>
|
|
<input type="password" class="form-control" name="password-2" id="confirmPassword" placeholder="Repeat password" required>
|
|
<div id="passwordHelp" class="form-text text-danger d-none">Passwords do not match.</div>
|
|
</div>
|
|
|
|
|
|
<button type="submit" class="btn btn-primary w-100" id="submitBtn" disabled>
|
|
<i class="fa-solid fa-key"></i> Set Password
|
|
</button>
|
|
</form>
|
|
|
|
<?php } ?>
|
|
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="card col-md-5 text-white bg-transparent py-5">
|
|
<div class="card-body text-center pt-5">
|
|
<div>
|
|
<img class="pt-3 w-100 portal-image" alt="portal-image" src="/src/images/logo-login-dark.webp" width="500" height="265" style="height: auto;">
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css">
|
|
<script>
|
|
const password = document.getElementById("password");
|
|
const confirmPassword = document.getElementById("confirmPassword");
|
|
const submitBtn = document.getElementById("submitBtn");
|
|
const passwordHelp = document.getElementById("passwordHelp");
|
|
const passwordPolicyError = document.getElementById("passwordPolicyError");
|
|
|
|
function checkPasswords() {
|
|
const pwValue = password.value;
|
|
const confirmValue = confirmPassword.value;
|
|
|
|
// Check length
|
|
if (pwValue.length < 13) {
|
|
passwordPolicyError.classList.remove("d-none");
|
|
submitBtn.disabled = true;
|
|
return;
|
|
} else {
|
|
passwordPolicyError.classList.add("d-none");
|
|
}
|
|
|
|
// Check match
|
|
if (pwValue && confirmValue) {
|
|
if (pwValue === confirmValue) {
|
|
passwordHelp.classList.add("d-none");
|
|
submitBtn.disabled = false;
|
|
} else {
|
|
passwordHelp.classList.remove("d-none");
|
|
submitBtn.disabled = true;
|
|
}
|
|
} else {
|
|
passwordHelp.classList.add("d-none");
|
|
submitBtn.disabled = true;
|
|
}
|
|
}
|
|
|
|
password.addEventListener("input", checkPasswords);
|
|
confirmPassword.addEventListener("input", checkPasswords);
|
|
</script>
|
|
</body>
|
|
</html>
|