-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
57 lines (56 loc) · 1.78 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php
session_start();
include 'assets/hidden.php';
# Create a hash for a password with hashgenerator.php; in this case, I used "test1234"
if (isset($_SESSION["verified"]) && $_SESSION["verified"]) {
header("Location: /index.php");
# Check if a user has been previously verified first, in order to redirect them as quickly as possible.
}
if (isset($_POST["key"])) {
$key = trim($_POST["key"]);
$verifiedpassword = password_verify(
base64_encode(
hash("sha256", $key, true)
),
$hashedkey
);
# Sanitized input to make it easier the enter in the password; it is very easy to strengthen these restrictions, or lessen them.
if ($verifiedpassword) {
$_SESSION["verified"] = true;
$whitelist = ["/index.php"];
$whitelist = ["/search.php"];
# Add any other pages you wish to be accessible through the continue param.
$nextpage = $_GET["continue"];
if (isset($nextpage) && in_array($nextpage, $whitelist)) {
header("Location: $nextpage");
} else {
header("Location: /index.php");
}
} else {
$error = "That key is invalid!";
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Verify to Continue</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="stylesheet" href="/assets/login.css">
</head>
<body>
<div>
<h1>Verify to Continue</h1>
<p>Please enter the verification key to continue.</p>
<form action="login.php<?php if (isset($_GET["continue"])) echo "?continue=" . htmlentities($_GET["continue"]); ?>" method="post" autocomplete="off">
<input type="password" name="key" id="key" placeholder="Key">
<?php if (isset($error)) {
echo "<p id='errorMsg'>$error</p>\n";
}
?>
<input type="submit" value="Verify">
</form>
</div>
</body>
</html>