WKVS_gitea/WKVS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First version, for githup; UNSTABLE, DO NOT USE!

Browse Source
This commit is contained in:
Fabio Herzig
2026-04-12 21:25:44 +02:00
commit a51fd9dbeb
423 changed files with 58560 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

270
scripts/login/login.php Normal file
View File

@@ -0,0 +1,270 @@
<?php
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
if (!isset($error)) {
$error = '';
}
// Initialize session variables if not set
if (!isset($_SESSION['login_attempts_'. $logintype])) {
$_SESSION['login_attempts_'. $logintype] = 0;
$_SESSION['lockout_time_'. $logintype] = 0;
}
$max_attempts = 5;
$lockout_period = 5 * 60;
// Check if user is locked out
if ($_SESSION['lockout_time_'. $logintype] > time()) {
$remaining = $_SESSION['lockout_time_'. $logintype] - time();
$minutes = ceil($remaining / 60);
$error = "Zu viele fehlgeschlagene Anmeldeversuche. Bitte warte $minutes Minute(n).";
} elseif (isset($_POST[$logintype.'_login_submit'])) {
$token = "QQa2UMbEYW8oOL7wz9DjtqECVCikSZsDuSdmzxiadEXFsKyujEUyQOW1AYMD2OqU8VXxClIRweRuWLzvBrZpPYL41e89Rs96tM7Lq1KpjA5E2mg2UfgvztheGRV";
require __DIR__ .'/../db/db-verbindung-script-guest.php';
require __DIR__ . "/../db/db-tables.php";
$username = htmlspecialchars(trim($_POST['access_username']), ENT_QUOTES);
$password = trim($_POST['access_passcode']);
// Prepare statement
$stmt = $guest->prepare("SELECT * FROM $tableInternUsers WHERE username = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();
if (!$user) {
$_SESSION['login_attempts_'. $logintype]++;
if ($_SESSION['login_attempts_'. $logintype] >= $max_attempts) {
$_SESSION['lockout_time_'. $logintype] = time() + $lockout_period;
$error = "Zu viele fehlgeschlagene Anmeldeversuche. Bitte versuche es in ".ceil($lockout_period / 60)." Minuten erneut.";
} else {
$remaining_attempts = $max_attempts - $_SESSION['login_attempts_'. $logintype];
$error = "Benutzer / Passwort unbekannt. Noch $remaining_attempts Versuch(e) möglich.";
}
} else {
$freigaben = json_decode($user['freigabe'], true) ?: [];
$freigabe_values = $freigaben['types'] ?? [];
// Verify password using PHP native function
if (password_verify($password, $user['password_hash']) && in_array($logintype, $freigabe_values)) {
foreach ($freigabe_values as $freigabe) {
$_SESSION['access_granted_'. $freigabe] = true;
$_SESSION['passcode'. $freigabe .'_id'] = $user['id'];
$_SESSION['lockout_time_'. $freigabe] = 0;
$_SESSION['login_attempts_'. $freigabe] = 0;
}
// Redirect using plain PHP
header("Location:" . $_SERVER['REQUEST_URI']);
exit;
} elseif ($password === ' ') {
$error = "Kein Passwort eingegeben.";
} else {
$_SESSION['login_attempts_'. $logintype]++;
if ($_SESSION['login_attempts_'. $logintype] >= $max_attempts) {
$_SESSION['lockout_time_'. $logintype] = time() + $lockout_period;
$error = "Zu viele fehlgeschlagene Anmeldeversuche. Bitte versuche es in ".ceil($lockout_period / 60)." Minuten erneut.";
} else {
$remaining_attempts = $max_attempts - $_SESSION['login_attempts_'. $logintype];
$error = "Benutzer / Passwort unbekannt. Noch $remaining_attempts Versuch(e) möglich.";
}
}
}
}
?>
<section class="page-secure-login">
<div class="bg-picture-secure-login">
<img src="/intern/img/login/bg<?= ucfirst($logintype) ?>.webp">
</div>
<div class="bg-secure-login">
<div class="bg-secure-login-form">
<?php
if (str_contains($logintype, '_')) {
$titlelogintype = str_replace('_', '-', $logintype);
} else {
$titlelogintype = $logintype . 'panel';
}
?>
<h1>Anmeldung<br><?= ucfirst($titlelogintype) ?></h1>
<p style="font-weight:400; line-height: 1.5; margin-bottom: 50px;">Bitte verwenden Sie hier Ihren
individuellen Zugang
</p>
<form method="post">
<label for="access_username">Benutzername eingeben</label><br>
<input type="text" id="access_username" name="access_username" required placeholder="Benutzername"><br>
<label for="password">Passwort eingeben</label><br>
<div id="div_showpw">
<input type="password" name="access_passcode" id="access_passcode" placeholder="Passwort" required>
<button type="button" id="togglePassword">
<svg id="eyeIcon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" fill="none" stroke="#000" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/>
<circle cx="12" cy="12" r="3"/>
</svg>
</button>
</div>
<input type="submit" name="<?= $logintype ?>_login_submit" value="Einloggen">
</form>
<?php if ($error !== ''): ?>
<p style="color:red;"><?php echo $error; ?></p>
<?php endif; ?>
</div>
</div>
</section>
<a class="seclog_home_link" href="/"><img src="/intern/img/logo-normal.png" width="64" height="64"></a>
<style>
body{
overflow: hidden;
}
.page-secure-login{
display: flex;
}
.bg-picture-secure-login{
width: calc(100vw - 450px);
height: 100vh;
position: absolute;
left: 0px;
top: 0px;
}
.bg-picture-secure-login img{
width: 100%;
height: 100vh;
object-fit: cover;
}
.bg-secure-login{
display: flex;
width: 100vw;
max-width: 450px;
height: 100vh;
background-color: #fff;
position: absolute;
right: 0px;
top: 0px;
align-items: center;
padding: 30px;
}
.bg-secure-login-form > h1{
color: #000 !important;
font-size: 32px;
}
.bg-secure-login-form input[type=password], .bg-secure-login-form input[type=text]{
padding: 5px;
width: 100%;
max-width: 300px;
border-top: none !important;
border-left: none !important;
border-right: none !important;
font-size: 16px;
border-bottom: 1px solid #000 !important;
border-radius: 0px !important;
}
#access_username {
margin-bottom: 20px;
}
.bg-secure-login-form input[type=password]:focus, .bg-secure-login-form input[type=text]:focus{
outline: none;
border-bottom: 1px solid #000 !important;
}
.bg-secure-login-form input[type=password]::placeholder, .bg-secure-login-form input[type=text]::placeholder {
color: #ccc !important;
}
.bg-secure-login-form input[type=submit]{
background-color: #fff !important;
padding: 10px 20px !important;
margin-top: 25px !important;
border: 1px solid #000 !important;
color: #000 !important;
transition: all 0.3s ease-out !important;
border-radius: 0px !important;
}
body{
color: #000 !important;
}
.bg-secure-login-form input[type=submit]:hover{
background-color: #000 !important;
color: #fff !important;
}
.bg-secure-login-form > p{
margin-bottom: 30px;
}
.seclog_home_link{
position: fixed;
z-index: 1000;
top: 30px;
right: 30px;
}
#div_showpw, #access_username {
margin-top: 10px;
}
#togglePassword {
position: absolute;
right: 10px;
top: 50%;
transform: translateY(-50%);
background: none;
border: none;
cursor: pointer;
transition: all 0.5s ease;
}
#togglePassword:hover {
transform: translateY(-50%) scale(1.15);
}
#div_showpw{
position: relative;
display: inline-block;
width: 100%;
max-width: 300px;
}
input:-webkit-autofill,
input:-webkit-autofill:hover,
input:-webkit-autofill:focus,
input:-webkit-autofill:active {
-webkit-box-shadow: 0 0 0 1000px #ffffff inset !important;
box-shadow: 0 0 0 1000px #ffffff inset !important;
-webkit-text-fill-color: #000000 !important;
transition: background-color 5000s ease-in-out 0s;
}
</style>
<script>
const passwordInput = document.getElementById('access_passcode');
const toggleButton = document.getElementById('togglePassword');
const eyeIcon = document.getElementById('eyeIcon');
toggleButton.addEventListener('click', () => {
const type = passwordInput.getAttribute('type') === 'password' ? 'text' : 'password';
passwordInput.setAttribute('type', type);
// Swap between eye and eye-with-line
if (type === 'password') {
// Eye (show)
eyeIcon.innerHTML = '<path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/>';
} else {
// Eye with slash (hide)
eyeIcon.innerHTML = '<path d="M17.94 17.94L6.06 6.06"/><path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"/><circle cx="12" cy="12" r="3"/>';
}
});
</script>