hacker_marc/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Finish login

Browse Source
This commit is contained in:
marc-go
2026-02-17 10:01:52 +01:00
parent e2a525964d
commit c82f80fe74
6 changed files with 78 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
api/login/getcookies.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
require "../../main.php";
$mcServ = new mcServ();
$db = $mcServ->getDB();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (!isset($_POST["username"]) || !isset($_POST["passwd"])) {
die("Username or Password are missing");
}
$user = $_POST["username"];
$passwd = hash("sha256", $_POST["passwd"]);
$sql = "SELECT username, passwd FROM users WHERE username = :username AND passwd = :passwd";
$stmt = $db->prepare($sql);
$stmt->execute([
':username' => $user,
':passwd' => $passwd
]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$config = $mcServ->getConf();
$session["session_id"] = $mcServ->generateSessionID();
$device_id = rand(1, 999);
$json[$device_id] = json_encode($session);
file_put_contents($config["PATH"] . "/tmp/user_sessions/" . $admin_user . ".json", json_encode($json));
setcookie("session_id", $session["session_id"], time() + 3600, "/");
setcookie("device_id", $device_id, time() + 3600, "/");
setcookie("username", $user, time() + 3600, "/");
header("Location: /admin");
exit;
}else{
header("Location: /login.php?passwdIsFalse=true");
exit;
}
}
?>

4
api/setup/setup.php
View File

@@ -1,10 +1,6 @@
<?php <?php
require "../../main.php"; require "../../main.php";
ini_set("display_errors", 1);
ini_set("display_startup_errors", 1);
error_reporting(E_ALL);
$admin_user = $_POST["admin_user"]; $admin_user = $_POST["admin_user"];
$admin_mail = $_POST["admin_mail"]; $admin_mail = $_POST["admin_mail"];
$admin_passwd_1 = $_POST["admin_passwd_1"]; $admin_passwd_1 = $_POST["admin_passwd_1"];

4
front/css/login.css
View File

@@ -51,6 +51,10 @@ a {
color: #000000; color: #000000;
} }
.message_red {
color: red;
}
input { input {
border: 1px solid #e0e0e0; border: 1px solid #e0e0e0;
width: 200px; width: 200px;

4
front/index.php
View File

@@ -20,8 +20,8 @@ if (!$mcServ->checkConf()) {
} }
if (!$mcServ->checkLogin()) { if (!$mcServ->checkLogin()) {
/*header("Location: /login.php"); header("Location: /login.php");
exit;*/ exit;
}else{ }else{
echo "angemeldet"; echo "angemeldet";
} }

22
front/login.php
View File

@@ -1,7 +1,13 @@
<?php <?php
if ($_SERVER["REQUEST_METHOD"] == "POST") { require "../main.php";
if (!isset($_POST["username"]) || !isset($_GET["passwd"])) {
die("Username or Password are missing"); $mcServ = new mcServ();
if (isset($_GET["action"])) {
if ($_GET["action"] == "logout") {
setcookie("username", "", time() - 3600, "/");
setcookie("session_id", "", time() - 3600, "/");
setcookie("device_id", "", time() - 3600, "/");
} }
} }
?> ?>
@@ -20,10 +26,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
<h2>Login</h2> <h2>Login</h2>
</div> </div>
<div class="content"> <div class="content">
<form action="/api/setup/setup.php" method="post"> <form action="/api/login/getcookies.php" method="post">
<div id="admin_user" class="page"> <div class="page">
<a href="/resetpasswd.php">Forget Passwort?</a> <a href="/resetpasswd.php">Forget Passwort?</a>
<?php
if (isset($_GET["passwdIsFalse"])) {
echo '<p class="message_red">Invalid username or password</p>';
}
?>
<input type="text" name="username" placeholder="Username" id="user" required><br><br> <input type="text" name="username" placeholder="Username" id="user" required><br><br>
<input type="password" name="passwd" placeholder="Password" id="passwd" required><br><br> <input type="password" name="passwd" placeholder="Password" id="passwd" required><br><br>

12
main.php
View File

@@ -29,7 +29,6 @@ class mcServ {
public function checkLogin() { public function checkLogin() {
if (!isset($_COOKIE["session_id"]) || !isset($_COOKIE["device_id"])) { if (!isset($_COOKIE["session_id"]) || !isset($_COOKIE["device_id"])) {
echo "Keine Cookies gesetzt";
return false; return false;
} }
@@ -38,20 +37,27 @@ class mcServ {
$json = json_decode(file_get_contents($config["PATH"] . "/tmp/user_sessions/" . $_COOKIE["username"] . ".json"), true); $json = json_decode(file_get_contents($config["PATH"] . "/tmp/user_sessions/" . $_COOKIE["username"] . ".json"), true);
if (!isset($json[$_COOKIE["device_id"]])) { if (!isset($json[$_COOKIE["device_id"]])) {
echo "Device ID gibt es nicht im JSON";
return false; return false;
} }
$device = json_decode($json[$_COOKIE["device_id"]], true); $device = json_decode($json[$_COOKIE["device_id"]], true);
if ($device["session_id"] !== $_COOKIE["session_id"]) { if ($device["session_id"] !== $_COOKIE["session_id"]) {
echo "Session IDs stimmen nicht überein";
return false; return false;
} }
return true; return true;
} }
public function getDB() {
$config = $this->getConf();
$db = new PDO("sqlite:" . $config["DB_PATH"]);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $db;
}
public function generateSessionID() { public function generateSessionID() {
$num = rand(1, 999999); $num = rand(1, 999999);
$hash = hash("sha256", $num); $hash = hash("sha256", $num);