Home Esplora Aiuto
Accedi
rajven
/
Eye
mirror da https://github.com/rajven/Eye
1
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): 26dfd193c3
Rami (Branch) Tag
Eye
/
html
/
login.php

login.php 2.4 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. <?php
    2. 

  2. 

  3. require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.utils.php");
    4. 

  4. require_once ($_SERVER['DOCUMENT_ROOT']."/inc/languages/" . HTML_LANG . ".php");
    5. 

  5. 

  6. $error = '';
    7. 

  7. 

  8. function getSafeRedirectUrl(string $default = '/'): string {
    9. 

  9.     $url = filter_input(INPUT_GET, 'redirect_url', FILTER_SANITIZE_URL) 
    10. 

  10.         ?? filter_input(INPUT_POST, 'redirect_url', FILTER_SANITIZE_URL) 
    11. 

  11.         ?? $default;
    12. 

  12. 

  13.     $decodedUrl = urldecode($url);
    14. 

  14.     // Проверяем:
    15. 

  15.     // 1. URL начинается с `/` (но не `//` или `http://`)
    16. 

  16.     // 2. Содержит только разрешённые символы (a-z, 0-9, -, _, /, ?, =, &, ., ~)
    17. 

  17.     if (!preg_match('/^\/(?!\/)[a-z0-9\-_\/?=&.~]*$/i', $decodedUrl)) {
    18. 

  18.         return $default;
    19. 

  19.     }
    20. 

  20. 

  21.     return $url;
    22. 

  22. }
    23. 

  23. 

  24. // Использование
    25. 

  25. $redirect_url = getSafeRedirectUrl(DEFAULT_PAGE);
    26. 

  26. 

  27. if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['submit'])) {
    28. 

  28. 

  29.     $login = trim($_POST['login']);
    30. 

  30.     $password = trim($_POST['password']);
    31. 

  31. 

  32.     // validate if login is empty
    33. 

  33.     if (empty($login)) {
    34. 

  34.         $error .= '<p class="error">'.WEB_msg_login_hint.'.</p>';
    35. 

  35. 	}
    36. 

  36. 

  37.     // validate if password is empty
    38. 

  38.     if (empty($password)) {
    39. 

  39.         $error .= '<p class="error">'.WEB_msg_password_hint.'.</p>';
    40. 

  40. 	}
    41. 

  41. 

  42.     if (empty($error)) {
    43. 

  43. 	if (login($db_link)) { 
    44. 

  44.             $redirect_url = urldecode($redirect_url);
    45. 

  45.             header("Location: $redirect_url");
    46. 

  46.             }
    47. 

  47. 	}
    48. 

  48. 

  49.     }
    50. 

  50. ?>
    51. 

  51. 

  52. <!DOCTYPE html>
    53. 

  53. <html>
    54. 

  54.     <head>
    55. 

  55.     <title><?php echo WEB_site_title; ?> login</title>
    56. 

  56.     <link rel="stylesheet" type="text/css" href="/css/<?php echo HTML_STYLE.'.css'; ?>">
    57. 

  57.     <link rel="stylesheet" type="text/css" href="/login.css" >
    58. 

  58.     <meta http-equiv="content-type" content="application/xhtml+xml" />
    59. 

  59.     <meta charset="UTF-8" />
    60. 

  60.     </head>
    61. 

  61.     <body>
    62. 

  62. 	<div class="login">
    63. 

  63. 	    <h1><?php echo WEB_msg_login; ?></h1>
    64. 

  64. 	    <form action="" method="post">
    65. 

  65. 		<label for="username">
    66. 

  66. 		    <i class="fas fa-user"></i>
    67. 

  67. 		</label>
    68. 

  68. 		<input type="text" name="login" placeholder="<?php echo WEB_msg_username; ?>" id="login" required>
    69. 

  69. 		<label for="password">
    70. 

  70. 		    <i class="fas fa-lock"></i>
    71. 

  71. 		</label>
    72. 

  72. 		<input type="password" name="password" placeholder="<?php echo WEB_msg_password; ?>" id="password" required>
    73. 

  73.                 <input type="hidden" name="redirect_url" value="<?php print htmlspecialchars($redirect_url); ?>">
    74. 

  74. 		<input type="submit" name="submit" value="<?php echo WEB_btn_login; ?>">
    75. 

  75. 	    </form>
    76. 

  76. 	</div>
    77. 

  77.     </body>
    78. 

  78. </html>
    79.