cavern/login.php
2019-05-30 14:18:07 +08:00

118 lines
4.6 KiB
PHP

<?php
require_once('include/security.php');
require_once('connection/SQL.php');
require_once('config.php');
if (isset($_SESSION['cavern_username'])) {
if (isset($_GET['logout'])) {
if (validate_csrf()) {
cavern_logout();
header('axios-location: index.php?ok=logout');
} else {
http_response_code(403);
echo json_encode(array("status" => 'csrf'));
}
} else if (isset($_GET['next']) && $_GET['next'] == "admin") {
header("Location: ./admin/");
} else {
header('Location: index.php');
}
exit;
}
if ((isset($_POST['username'])) && (isset($_POST['password'])) && ($_POST['username']!='') && ($_POST['password']!='')) {
if (cavern_login($_POST['username'], $_POST['password']) == 1) {
if (isset($_POST['next']) && trim($_POST['next']) == "admin") {
header('Location: ./admin/');
} else if ((isset($_POST['next']) && filter_var($_POST['next'], FILTER_VALIDATE_URL)) || isset($_SERVER['HTTP_REFERER'])) {
// redirect to previous page before login
$next = (isset($_POST['next']) ? $_POST['next'] : $_SERVER['HTTP_REFERER']); // users login directly from navbar
$url_data = parse_url($next);
$len = strlen("index.php");
if (mb_substr($url_data['path'], -$len) === "index.php") {
// the user was viewing the index page, so we just redirect him to index page
header('Location: index.php?ok=login');
} else {
if (!isset($url_data['query'])) {
$url_data['query'] = "ok=login";
} else if (!strpos($url_data['query'], "ok=login")) {
// for those already have url queries, such as 'post.php?pid=1'
$url_data['query'] .= "&ok=login";
}
$url = "{$url_data['path']}?{$url_data['query']}";
header("Location: $url");
}
} else {
// previous page doesn't exist, so we just redirect to default page
header('Location: index.php?ok=login');
}
} else {
header('Location: index.php?err=login');
}
exit;
} else {
$admin = (isset($_GET['next']) && trim($_GET['next']) == "admin");
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="https://cdnjs.cloudflare.com/ajax/libs/tocas-ui/2.3.3/tocas.css" rel='stylesheet'>
<title>登入 | <?php echo $blog['name']; ?></title>
<style type="text/css">
html,body {
min-height: 100%;
margin: 0;
}
body {
background: linear-gradient(180deg, deepskyblue 5%, aqua);
}
.ts.narrow.container {
padding: 4em 0;
}
.segment {
max-width: 300px;
}
/* admin style */
body.admin {
background: linear-gradient(0deg, #1CB5E0, #000046);
}
body.admin .ts.header, body.admin .ts.header .sub.header{
color: white;
}
.inverted .ts.form .field > label {
color: #EFEFEF;
}
</style>
</head>
<body <?= ($admin ? 'class="admin"' : "") ?>>
<div class="ts narrow container">
<h1 class="ts center aligned header">
<?= $blog['name'] ?>
<div class="sub header"><?= ($admin ? "安全門" : "傳送門") ?></div>
</h1>
<div class="ts centered <?= ($admin ? "inverted" : "secondary") ?> segment">
<form class="ts form" method="POST" action="login.php">
<div class="field">
<label>帳號</label>
<input type="text" name="username">
</div>
<div class="field">
<label>密碼</label>
<input type="password" name="password">
</div>
<input type="hidden" name="next" value="<?= ($admin ? "admin" : @$_SERVER['HTTP_REFERER']); ?>">
<div class="ts separated vertical fluid buttons">
<input type="submit" class="ts positive button" value="登入">
<a href="account.php?new" class="ts button">註冊</a>
</div>
</form>
</div>
</div>
</body>
</html>
<?php }
?>