1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
<?php
include "{$_SERVER['DOCUMENT_ROOT']}/lib/accounts.php";
if (authorize_user()) {
header("Location: /account");
exit;
}
include "{$_SERVER['DOCUMENT_ROOT']}/lib/partials.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/config.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/alert.php";
include_once "{$_SERVER['DOCUMENT_ROOT']}/lib/utils.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_POST["username"], $_POST["password"])) {
generate_alert("/account/login", "Not enough POST fields");
exit;
}
$username = $_POST["username"];
$password = $_POST["password"];
$remember = intval($_POST["remember"] ?? "0") != 0;
$db = new PDO(DB_URL, DB_USER, DB_PASS);
$stmt = $db->prepare("SELECT secret_key, password FROM users WHERE username = ? AND password IS NOT NULL");
$stmt->execute([$username]);
if ($row = $stmt->fetch()) {
if (password_verify($password, $row["password"])) {
setcookie("secret_key", $row["secret_key"], $remember ? (time() + ACCOUNT_COOKIE_MAX_LIFETIME) : 0, "/");
header("Location: /account");
exit;
} else {
generate_alert("/account/login", "Passwords do not match!", 403);
exit;
}
} else {
generate_alert("/account/login", "User not found or is not accessable", 404);
exit;
}
}
?>
<html>
<head>
<title>Login - <?php echo INSTANCE_NAME ?></title>
<link rel="stylesheet" href="/static/style.css">
<link rel="shortcut icon" href="/static/favicon.ico" type="image/x-icon">
</head>
<body>
<div class="container">
<div class="wrapper">
<?php html_navigation_bar(); ?>
<section class="content" style="width: 400px;">
<?php display_alert() ?>
<section class="box">
<div class="box navtab">
<p>Log in to <?php echo INSTANCE_NAME ?></p>
</div>
<div class="box content">
<form action="/account/login/" method="post">
<div>
<label for="username">Username</label>
<input type="text" name="username" id="form-username" required>
</div>
<div>
<label for="password">Password</label>
<input type="password" name="password" id="form-password" required>
</div>
<div>
<input type="checkbox" name="remember" value="1" id="form-remember">
<label for="remember" class="inline">Remember me</label>
</div>
<div>
<button type="submit">Log in</button>
<?php if (ACCOUNT_REGISTRATION_ENABLE): ?>
<a href="/account/register.php">Register</a>
<?php endif; ?>
</div>
</form>
</div>
</section>
<?php if (TWITCH_REGISTRATION_ENABLE): ?>
<section class="box column">
<a href="/account/login/twitch.php" class="button purple big">Login with Twitch</a>
<p style="font-size: 12px;">Logging in via Twitch gives you the ability to use
<?php echo INSTANCE_NAME ?> emotes in your Twitch chat.
</p>
</section>
<?php endif; ?>
</section>
</div>
</div>
</body>
</html>
|
