Fork: 0
johnpearcey / backup-commander
Transfer to URL with SHA Find file
Newer
Older
backup-commander / html / inc / secure.php
@John Pearcey DLat John Pearcey DLat on 19 Dec 2 KB Bug fixes for patch process and logout
Raw Blame History 
  1. <?php 
  2.  
  3. /*if( isset($_POST['action']) ) {
  4. 	error_log("Login action:".$_POST['action'] . "," . $_POST['username'] . "," . $_POST['password'] );
  5. }*/
  6.  
  7. session_start();
  8.  
  9. if( isset($_GET['action']) && $_GET['action']=='logout' ) {
  10. 	unset( $_SESSION['username'] );
  11. 	header("Location: index.php");
  12. 	exit;
  13. }
  14.  
  15. if( isset($_SESSION['username']) && strlen($_SESSION['username'])>=4 ){
  16. 	//the user is logged in so nothing further to do in this script
  17. 	return;
  18. }
  19.  
  20. //is there a login attempt
  21. if( isset($_POST['username']) && isset($_POST['password']) ){
  22. 	
  23. 	//any request must have the 'action' set to btn_login
  24. 	if( !isset($_POST['action']) || $_POST['action']!='btn_login' ) {
  25. 		error_log("Login Error: Missing or incorrect value for 'action'");
  26. 		exit;
  27. 	}
  28. 	
  29. 	if( !isset($_POST['svr_nonce']) || $_POST['svr_nonce']=='' ) {
  30. 		error_log("Login Error: Missing or blank value for 'svr_nonce'");
  31. 		exit;
  32. 	}	
  33.  
  34. 	//has the correct nonce been returned?
  35. 	if( $_POST['svr_nonce']!=$_SESSION['svr_nonce'] ){
  36. 		$_SESSION['svr_nonce'] = '';	// invalidate nonce
  37. 		error_log("Login Error: Incorrect value for 'svr_nonce'");
  38. 		exit;
  39. 	}	
  40.  
  41. 	include_once __DIR__."/../shd/common.php";
  42. 	include_once "login.php";
  43. 	if(authenticate( $_POST['username'], $_POST['password'], $_SESSION['svr_nonce'] ) ){
  44. 		
  45. 		error_log("Login Success: ".$_POST['username']);
  46. 		$_SESSION['username'] = $_POST['username'];
  47. 				
  48. 		//return the backup list page
  49. 		include_once __DIR__ . "/bu_list_content.php";		
  50. 		sendHtmlOk_WithData( [ 'authenticated', getbu_list_content() ] );
  51.  
  52. 	}else{
  53. 		error_log("Login Failure: ".$_POST['username']);
  54. 		// failed authentication
  55. 		// --- Send back the login page ---
  56. 		$_SESSION['svr_nonce'] = generateNonce();
  57. 		sendHtmlOk_WithData( [ 'login', getLogin_content(), $_SESSION['svr_nonce'] ] );
  58. 	}
  59. 	
  60. 	exit;
  61. }
  62.  
  63. // no session is set
  64. // no attempt to login was made
  65. // likely that the page was just refreshed
  66. // --- Send back the login page ---
  67.  
  68. include_once __DIR__."/../shd/common.php";
  69. $_SESSION['svr_nonce'] = generateNonce();
  70.  
  71. include_once "login.php";
  72. sendHtmlOk_WithData( [ 'login', getLogin_content(), $_SESSION['svr_nonce'] ] );
  73. exit;	//end the script to stop further processing by calling files
  74.  
  75. //$svr_username = $_SESSION['username'];
  76.  
  77. ?>