chickadee/blog_log.php

<?php
  include "pass_hash.php";
  const PW_FILE = "pass_hash.php";

  session_start();

  $user = $_POST["user"] ?? null;
  $pass = $_POST["password"] ?? null;

  if ( isset( $_SESSION["user"] ) ) {
    header("Location: /admin.php");
    die();
  }

  if ( $pass && $user ) {
    $secret = hash( "sha256", $user . $pass );
    if ( $secret ) {
      if ( BLOG_HASH ) {
        error_log( $secret );
        error_log( BLOG_HASH );
        if ( $secret == BLOG_HASH ) {
          $_SESSION["user"] = $user;
          header("Location: /admin.php");
          die();
        } else {
          $invalid = true;
        }
      } else {
        $template = <<<'PHP'
<?php
  if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
    header("Location: 404.php");
    die();
  }
  const BLOG_HASH = '%s';
  
PHP;
        if (!file_exists('./posts')) {
          mkdir('posts', 0775, true);
        }
        if (!file_exists('./media')) {
          mkdir('posts', 0775, true);
        }
        $success = file_put_contents( PW_FILE, sprintf( $template, $secret ) );
        if ( !$success ) die( "Internal server error" );
        $_SESSION["user"] = $user;
        header("Location: /admin.php");
        die();
      }
    }
  }

?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <title>A secret opens the door</title>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <style>
      form{width:400px;max-width:80%;margin:2em auto}
      .slant{width:500px;max-width:90%;margin:2em auto;border-top:1em solid #333;transform:rotateZ(-2deg)}
      input{width:calc(100% - 8px);border:2px solid #999;border-radius:2px;background:white;color:#333;font-size:1.2em}
      input[type=submit]{width:100%;background:#333;color:white;font-weight:bold;padding:5px 0;border-color:#333}
      input:focus{border-color:#333}
      .logo{width:300px;max-width:60%;margin:3em auto 0em}
      img{width:100%}
      h1{text-align:center;font-size:1.5rem}
      #error-message{font-weight:bold;color:red;text-align:center}
    </style>
  </head>
  <body>
    <header>
    <a href="/">Home</a>
    </header>
    <div class="logo">
      <img src="chickadee.svg">
    </div>
    <div>
      <?php if ( $invalid ): ?>
        <p id="error-message">
          An invalid username or password was given.
        </p>
      <?php endif; ?>
      <div class="slant"></div>
      <form action="blog_log.php" method="post">
        <h1>Log In</h1>
        <p>
          <label>Username<br><input type="text" required name="user" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
        </p>
        <p>
          <label>Password<br><input type="password" required name="password" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
        </p>
        <p>
          <input type="submit" value="Submit">
        </p>
      </form>
      <div class="slant"></div>
    </div>
  </body>
</html>
Initial commit 2023-12-19 23:55:46 +00:00			`<?php`
Changes login mechanism to protect the hash from view by storing it in a php file and gatekeeping that file 2023-12-21 17:22:36 +00:00			`include "pass_hash.php";`
			`const PW_FILE = "pass_hash.php";`
Switches to using php sessions 2024-01-18 22:09:17 +00:00
			`session_start();`

Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`$user = $_POST["user"] ?? null;`
			`$pass = $_POST["password"] ?? null;`
Switches to using php sessions 2024-01-18 22:09:17 +00:00
			`if ( isset( $_SESSION["user"] ) ) {`
			`header("Location: /admin.php");`
			`die();`
			`}`

Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`if ( $pass && $user ) {`
Fixes login var issue 2024-01-06 04:22:45 +00:00			`$secret = hash( "sha256", $user . $pass );`
Initial commit 2023-12-19 23:55:46 +00:00			`if ( $secret ) {`
Changes login mechanism to protect the hash from view by storing it in a php file and gatekeeping that file 2023-12-21 17:22:36 +00:00			`if ( BLOG_HASH ) {`
			`error_log( $secret );`
			`error_log( BLOG_HASH );`
			`if ( $secret == BLOG_HASH ) {`
Switches to using php sessions 2024-01-18 22:09:17 +00:00			`$_SESSION["user"] = $user;`
			`header("Location: /admin.php");`
Initial commit 2023-12-19 23:55:46 +00:00			`die();`
			`} else {`
			`$invalid = true;`
			`}`
			`} else {`
Changes login mechanism to protect the hash from view by storing it in a php file and gatekeeping that file 2023-12-21 17:22:36 +00:00			`$template = <<<'PHP'`
			`<?php`
			`if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {`
			`header("Location: 404.php");`
			`die();`
			`}`
			`const BLOG_HASH = '%s';`

			`PHP;`
Makes sure dirs exist 2024-01-06 04:46:25 +00:00			`if (!file_exists('./posts')) {`
			`mkdir('posts', 0775, true);`
			`}`
			`if (!file_exists('./media')) {`
			`mkdir('posts', 0775, true);`
			`}`
Changes login mechanism to protect the hash from view by storing it in a php file and gatekeeping that file 2023-12-21 17:22:36 +00:00			`$success = file_put_contents( PW_FILE, sprintf( $template, $secret ) );`
Initial commit 2023-12-19 23:55:46 +00:00			`if ( !$success ) die( "Internal server error" );`
Switches to using php sessions 2024-01-18 22:09:17 +00:00			`$_SESSION["user"] = $user;`
			`header("Location: /admin.php");`
Initial commit 2023-12-19 23:55:46 +00:00			`die();`
			`}`
			`}`
			`}`

			`?>`
			`<!DOCTYPE html>`
			`<html lang="en">`
			`<head>`
			`<title>A secret opens the door</title>`
Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`<meta charset="utf-8">`
			`<meta name="viewport" content="width=device-width, initial-scale=1">`
			`<style>`
			`form{width:400px;max-width:80%;margin:2em auto}`
			`.slant{width:500px;max-width:90%;margin:2em auto;border-top:1em solid #333;transform:rotateZ(-2deg)}`
			`input{width:calc(100% - 8px);border:2px solid #999;border-radius:2px;background:white;color:#333;font-size:1.2em}`
			`input[type=submit]{width:100%;background:#333;color:white;font-weight:bold;padding:5px 0;border-color:#333}`
			`input:focus{border-color:#333}`
			`.logo{width:300px;max-width:60%;margin:3em auto 0em}`
			`img{width:100%}`
			`h1{text-align:center;font-size:1.5rem}`
Changes login mechanism to protect the hash from view by storing it in a php file and gatekeeping that file 2023-12-21 17:22:36 +00:00			`#error-message{font-weight:bold;color:red;text-align:center}`
Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`</style>`
Initial commit 2023-12-19 23:55:46 +00:00			`</head>`
			`<body>`
Switches to using php sessions 2024-01-18 22:09:17 +00:00			`<header>`
			`<a href="/">Home</a>`
			`</header>`
Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`<div class="logo">`
			`<img src="chickadee.svg">`
			`</div>`
Initial commit 2023-12-19 23:55:46 +00:00			`<div>`
			`<?php if ( $invalid ): ?>`
			`<p id="error-message">`
Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`An invalid username or password was given.`
Initial commit 2023-12-19 23:55:46 +00:00			`</p>`
			`<?php endif; ?>`
Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`<div class="slant"></div>`
Fixes more root references 2023-12-21 22:55:05 +00:00			`<form action="blog_log.php" method="post">`
Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`<h1>Log In</h1>`
			`<p>`
			`<label>Username<br><input type="text" required name="user" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>`
			`</p>`
			`<p>`
			`<label>Password<br><input type="password" required name="password" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>`
			`</p>`
			`<p>`
			`<input type="submit" value="Submit">`
			`</p>`
Initial commit 2023-12-19 23:55:46 +00:00			`</form>`
Wide ranging updates to most areas of the system 2023-12-20 23:54:57 +00:00			`<div class="slant"></div>`
Initial commit 2023-12-19 23:55:46 +00:00			`</div>`
			`</body>`
			`</html>`