Fork: 0
johnpearcey / backup-commander
Transfer to URL with SHA Find file
Newer
Older
backup-commander / html / inc / secure.php
@JP as www-data JP as www-data on 21 Jan 2 KB Started the conversion to a composer project and using Amara framework
Raw Blame History 
<?php 

/*if( isset($_POST['action']) ) {
	error_log("Login action:".$_POST['action'] . "," . $_POST['username'] . "," . $_POST['password'] );
}*/

session_start();

if( isset($_GET['action']) && $_GET['action']=='logout' ) {
	unset( $_SESSION['username'] );
	header("Location: index.php");
	exit;
}

if( isset($_SESSION['username']) && strlen($_SESSION['username'])>=4 ){
	//the user is logged in so nothing further to do in this script
	return;
}

//is there a login attempt
if( isset($_POST['username']) && isset($_POST['password']) ){
	
	//any request must have the 'action' set to btn_login
	if( !isset($_POST['action']) || $_POST['action']!='btn_login' ) {
		error_log("Login Error: Missing or incorrect value for 'action'");
		exit;
	}
	
	if( !isset($_POST['svr_nonce']) || $_POST['svr_nonce']=='' ) {
		error_log("Login Error: Missing or blank value for 'svr_nonce'");
		exit;
	}	

	//has the correct nonce been returned?
	if( $_POST['svr_nonce']!=$_SESSION['svr_nonce'] ){
		$_SESSION['svr_nonce'] = '';	// invalidate nonce
		error_log("Login Error: Incorrect value for 'svr_nonce'");
		exit;
	}	

	include_once __DIR__."/../shd/common.php";
	include_once "login.php";
	if(authenticate( $_POST['username'], $_POST['password'], $_SESSION['svr_nonce'] ) ){
		
		error_log("Login Success: ".$_POST['username']);
		$_SESSION['username'] = $_POST['username'];
				
		//return the backup list page
		include_once __DIR__ . "/bu_list_content.php";		
		sendHtmlOk_WithData( [ 'authenticated', getbu_list_content() ] );

	}else{
		error_log("Login Failure: ".$_POST['username']);
		// failed authentication
		// --- Send back the login page ---
		$_SESSION['svr_nonce'] = generateNonce();
		sendHtmlOk_WithData( [ 'login', getLogin_content(), $_SESSION['svr_nonce'] ] );
	}
	
	exit;
}

// no session is set
// no attempt to login was made
// likely that the page was just refreshed
// --- Send back the login page ---

include_once __DIR__."/../shd/common.php";
$_SESSION['svr_nonce'] = generateNonce();

include_once "login.php";
sendHtmlOk_WithData( [ 'login', getLogin_content(), $_SESSION['svr_nonce'] ] );
exit;	//end the script to stop further processing by calling files

//$svr_username = $_SESSION['username'];

?>