chickadee/blog_log.php

<?php
  const PW_FILE = "./blog_pass_hash.txt";
  $invalid = false;
  $logged_in = $_COOKIE["checkin"] ?? null;
  if ( $logged_in && $logged_in == "waiting for expiry" ) {
    header("Location: /admin.php");
    die();
  }
  $user = $_POST["user"] ?? null;
  $pass = $_POST["password"] ?? null;
  if ( $pass && $user ) {
    $secret = hash( "sha256", $user . $secret );
    if ( $secret ) {
      $current = file_get_contents( PW_FILE );
      if ( $current) {
        if ( $secret == $current ) {
          setcookie("checkin", "waiting for expiry", time()+60*60*24*30, "/", "", false, true);
          header("Location: /admin.php");
          die();
        } else {
          $invalid = true;
        }
      } else {
        $success = file_put_contents( PW_FILE, $secret );
        if ( !$success ) die( "Internal server error" );
        setcookie("checkin", "waiting for expiry", time()+60*60*24*30, "/", "", false, true);
        header("Location: /admin.php");
        die();
      }
    }
  }

?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <title>A secret opens the door</title>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <style>
      form{width:400px;max-width:80%;margin:2em auto}
      .slant{width:500px;max-width:90%;margin:2em auto;border-top:1em solid #333;transform:rotateZ(-2deg)}
      input{width:calc(100% - 8px);border:2px solid #999;border-radius:2px;background:white;color:#333;font-size:1.2em}
      input[type=submit]{width:100%;background:#333;color:white;font-weight:bold;padding:5px 0;border-color:#333}
      input:focus{border-color:#333}
      .logo{width:300px;max-width:60%;margin:3em auto 0em}
      img{width:100%}
      h1{text-align:center;font-size:1.5rem}
    </style>
  </head>
  <body>
    <div class="logo">
      <img src="chickadee.svg">
    </div>
    <div>
      <?php if ( $invalid ): ?>
        <p id="error-message">
          An invalid username or password was given.
        </p>
      <?php endif; ?>
      <div class="slant"></div>
      <form action="/blog_log.php" method="post">
        <h1>Log In</h1>
        <p>
          <label>Username<br><input type="text" required name="user" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
        </p>
        <p>
          <label>Password<br><input type="password" required name="password" <?php echo $invalid ? 'aria-describedby="error-message"' : ''; ?>></label>
        </p>
        <p>
          <input type="submit" value="Submit">
        </p>
      </form>
      <div class="slant"></div>
    </div>
  </body>
</html>