-
Notifications
You must be signed in to change notification settings - Fork 2
/
login.php
77 lines (67 loc) · 1.99 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/***
* author @ [email protected]
***/
<?
define('INMT', true);
define('CURRENT_PAGE', 'login');
include 'lib.php';
if ( isset($_REQUEST['logout']) ) {
unset($_SESSION['login_session']);
unset($_SESSION['failed_login']);
$loginMsg = 'You have been logged out safely.';
$loginError = false;
}
//check whether the user has submitted a login form
if ( isset($_REQUEST['submit']) && $_REQUEST['action'] == 'login' ) {
//user submitted login
if ( $_REQUEST['ui'] == $userId && $_REQUEST['pw'] == $passWord ) {
//user authorised
$_SESSION['login_session'] = true;
timedRedir('index.php?validate' . (isset($_POST['novalidate']) ? '&novalidate' : ''), 3);
showHead();
?>
<h1>You have been Logged in</h1>
<h2>Please wait for a couple of second while we validate your setup...</h2>
<?
showTail();
Die();
} else {
$loginError = true;
$_SESSION['failed_login']++;
$loginMsg = "Incorrect username or password. Please try again. You have had " . $_SESSION['failed_login'] . ' failed attempts!';
writeLog('[LOGIN ERROR] Incorrect login from IP ' . getIP() . ' id:' . $_REQUEST['ui'] . ' passwd:' . $_REQUEST['pw']);
}
}
if ( $_SESSION['failed_login'] >= 3 ) {
showMessage(false, 'Too many failed login attempts. App is locked!');
showHead();
showTail();
Die();
}
if ( isset($_REQUEST['logout']) && !$loginError ) {
showMessage(true, 'You have been logged out.');
}
if ( $loginError ) {
showMessage(false, $loginMsg);
}
showHead();
?>
<div id="loginform">
<h1>Please login</h1>
<p>Failed attempts will be logged. After 3 failed attempts this application
will be locked!</p>
<form method="post" action="login.php">
<label>Username:</label>
<input type="text" name="ui"><br/><br/>
<label>Password:</label>
<input type="password" name="pw"><br/><br/>
<input type="hidden" name="action" value="login">
<input type="submit" name="submit">
<? if ( isset($_GET['novalidate']) ): ?>
<input type="hidden" name="novalidate" value="1">
<? endif ?>
</form>
</div>
<?
showTail();
?>