102 lines
2.9 KiB
PHP
102 lines
2.9 KiB
PHP
<?php
|
|
include "pass_hash.php";
|
|
const PW_FILE = "pass_hash.php";
|
|
|
|
session_start();
|
|
|
|
$user = $_POST["user"] ?? null;
|
|
$pass = $_POST["password"] ?? null;
|
|
|
|
if ( isset( $_SESSION["user"] ) ) {
|
|
header("Location: /admin.php");
|
|
die();
|
|
}
|
|
|
|
if ( $pass && $user ) {
|
|
$secret = hash( "sha256", $user . $pass );
|
|
if ( $secret ) {
|
|
if ( BLOG_HASH ) {
|
|
error_log( $secret );
|
|
error_log( BLOG_HASH );
|
|
if ( $secret == BLOG_HASH ) {
|
|
$_SESSION["user"] = $user;
|
|
header("Location: /admin.php");
|
|
die();
|
|
} else {
|
|
$invalid = true;
|
|
}
|
|
} else {
|
|
$template = <<<'PHP'
|
|
<?php
|
|
if ( __FILE__ == $_SERVER['SCRIPT_FILENAME'] ) {
|
|
header("Location: 404.php");
|
|
die();
|
|
}
|
|
const BLOG_HASH = '%s';
|
|
|
|
PHP;
|
|
if (!file_exists('./posts')) {
|
|
mkdir('posts', 0775, true);
|
|
}
|
|
if (!file_exists('./media')) {
|
|
mkdir('posts', 0775, true);
|
|
}
|
|
$success = file_put_contents( PW_FILE, sprintf( $template, $secret ) );
|
|
if ( !$success ) die( "Internal server error" );
|
|
$_SESSION["user"] = $user;
|
|
header("Location: /admin.php");
|
|
die();
|
|
}
|
|
}
|
|
}
|
|
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<title>A secret opens the door</title>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<style>
|
|
form{width:400px;max-width:80%;margin:2em auto}
|
|
.slant{width:500px;max-width:90%;margin:2em auto;border-top:1em solid #333;transform:rotateZ(-2deg)}
|
|
input{width:calc(100% - 8px);border:2px solid #999;border-radius:2px;background:white;color:#333;font-size:1.2em}
|
|
input[type=submit]{width:100%;background:#333;color:white;font-weight:bold;padding:5px 0;border-color:#333}
|
|
input:focus{border-color:#333}
|
|
.logo{width:300px;max-width:60%;margin:3em auto 0em}
|
|
img{width:100%}
|
|
h1{text-align:center;font-size:1.5rem}
|
|
#error-message{font-weight:bold;color:red;text-align:center}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<header>
|
|
<a href="/">Home</a>
|
|
</header>
|
|
<div class="logo">
|
|
<img src="chickadee.svg">
|
|
</div>
|
|
<div>
|
|
<?php if ( $invalid ): ?>
|
|
<p id="error-message">
|
|
An invalid username or password was given.
|
|
</p>
|
|
<?php endif; ?>
|
|
<div class="slant"></div>
|
|
<form action="blog_log.php" method="post">
|
|
<h1>Log In</h1>
|
|
<p>
|
|
<label>Username<br><input type="text" required name="user" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
|
|
</p>
|
|
<p>
|
|
<label>Password<br><input type="password" required name="password" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
|
|
</p>
|
|
<p>
|
|
<input type="submit" value="Submit">
|
|
</p>
|
|
</form>
|
|
<div class="slant"></div>
|
|
</div>
|
|
</body>
|
|
</html>
|