Changes login mechanism to protect the hash from view by storing it in a php file and gatekeeping that file
This commit is contained in:
sloum
parent
2fe906ca25
commit
ea32efbfba
22
blog_log.php
22
blog_log.php
|
|
@ -1,5 +1,6 @@
|
|||
<?php
|
||||
const PW_FILE = "./blog_pass_hash.txt";
|
||||
include "pass_hash.php";
|
||||
const PW_FILE = "pass_hash.php";
|
||||
$invalid = false;
|
||||
$logged_in = $_COOKIE["checkin"] ?? null;
|
||||
if ( $logged_in && $logged_in == "waiting for expiry" ) {
|
||||
|
|
@ -11,9 +12,10 @@
|
|||
if ( $pass && $user ) {
|
||||
$secret = hash( "sha256", $user . $secret );
|
||||
if ( $secret ) {
|
||||
$current = file_get_contents( PW_FILE );
|
||||
if ( $current) {
|
||||
if ( $secret == $current ) {
|
||||
if ( BLOG_HASH ) {
|
||||
error_log( $secret );
|
||||
error_log( BLOG_HASH );
|
||||
if ( $secret == BLOG_HASH ) {
|
||||
setcookie("checkin", "waiting for expiry", time()+60*60*24*30, "/", "", false, true);
|
||||
header("Location: /admin.php");
|
||||
die();
|
||||
|
|
@ -21,7 +23,16 @@
|
|||
$invalid = true;
|
||||
}
|
||||
} else {
|
||||
$success = file_put_contents( PW_FILE, $secret );
|
||||
$template = <<<'PHP'
|
||||
<?php
|
||||
if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
|
||||
header("Location: 404.php");
|
||||
die();
|
||||
}
|
||||
const BLOG_HASH = '%s';
|
||||
|
||||
PHP;
|
||||
$success = file_put_contents( PW_FILE, sprintf( $template, $secret ) );
|
||||
if ( !$success ) die( "Internal server error" );
|
||||
setcookie("checkin", "waiting for expiry", time()+60*60*24*30, "/", "", false, true);
|
||||
header("Location: /admin.php");
|
||||
|
|
@ -46,6 +57,7 @@
|
|||
.logo{width:300px;max-width:60%;margin:3em auto 0em}
|
||||
img{width:100%}
|
||||
h1{text-align:center;font-size:1.5rem}
|
||||
#error-message{font-weight:bold;color:red;text-align:center}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
<?php
|
||||
if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
|
||||
header("Location: 404.php");
|
||||
die();
|
||||
}
|
||||
const BLOG_HASH = null;
|
||||
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
<?php
|
||||
include_once "logcheck.php";
|
||||
|
||||
error_log("Upload");
|
||||
$f = $_FILES["mediaUpload"] ?? null;
|
||||
if ( !$f ) {
|
||||
header("Location: admin.php?success=0");
|
||||
|
|
|
|||
Loading…
Reference in New Issue