danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix captcha on login page

Browse Source
This commit is contained in:
Daniel Winzen
2017-06-17 14:37:01 +02:00
parent daecda2500
commit 94f0ae9cc6
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -95,7 +95,7 @@ ln -s /etc/systemd/system/hosting.timer /etc/systemd/system/multi-user.target.wa
Add empty directories that should be copied when creating a new user and set permissions correctly: Add empty directories that should be copied when creating a new user and set permissions correctly:
``` ```
mkdir /var/www/skel/data /var/www/skel/Maildir /var/www/skel/tmp mkdir /var/www/skel/data /var/www/skel/Maildir /var/www/skel/tmp
chmod 700 /var/www/skel/data /var/www/skel/Maildir /var/www/skel/tmp /var/www/skel/www chmod 750 /var/www/skel/data /var/www/skel/Maildir /var/www/skel/tmp /var/www/skel/www
``` ```
Live demo: Live demo:

16
var/www/html/login.php
View File

@ -12,6 +12,7 @@ if(!empty($_SESSION['hosting_username'])){
exit; exit;
} }
$msg=''; $msg='';
$username='';
if($_SERVER['REQUEST_METHOD']==='POST'){ if($_SERVER['REQUEST_METHOD']==='POST'){
$ok=true; $ok=true;
if(CAPTCHA){ if(CAPTCHA){
@ -49,20 +50,25 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$stmt=$db->prepare('SELECT username, password FROM users WHERE onion=?;'); $stmt=$db->prepare('SELECT username, password FROM users WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
$tmp=$stmt->fetch(PDO::FETCH_NUM); $tmp=$stmt->fetch(PDO::FETCH_NUM);
} }
if($tmp){ if($tmp){
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $tmp[1])){ if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $tmp[1])){
$msg.='<p style="color:red;">Error, wrong password.</p>'; $msg.='<p style="color:red;">Error, wrong password.</p>';
$ok=false;
}else{ }else{
$_SESSION['hosting_username']=$tmp[0]; $username=$tmp[0];
session_write_close();
header('Location: home.php');
exit;
} }
}else{ }else{
$msg.='<p style="color:red;">Error, username was not found. If you forgot it, you can enter youraccount.onion instead.</p>'; $msg.='<p style="color:red;">Error, username was not found. If you forgot it, you can enter youraccount.onion instead.</p>';
$ok=false;
} }
} }
if($ok){
$_SESSION['hosting_username']=$username;
session_write_close();
header('Location: home.php');
exit;
}
} }
echo '<!DOCTYPE html><html><head>'; echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Login</title>'; echo '<title>Daniel\'s Hosting - Login</title>';