This repository has been archived by the owner on Feb 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.php
65 lines (61 loc) · 2.27 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
<?php
define('SQLITE', './users.sqlite');
define('MAX_TRIES', 10);
define('ROOT_DIR', '');
session_start();
if (file_exists('./.lockdown')) {
unset($_SESSION['auth']);
} elseif (!file_exists(SQLITE)) {
// In case this is the setup call
$sql = new SQLite3(SQLITE);
// Insert log table
$sql->exec('CREATE TABLE IF NOT EXISTS "main"."log" ("ID" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL , "user" INTEGER NOT NULL , "time" DATETIME NOT NULL )');
// Insert users table
$sql->exec('CREATE TABLE IF NOT EXISTS "main"."users" ("ID" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL , "name" VARCHAR NOT NULL UNIQUE , "password" VARCHAR NOT NULL )');
}
if (isset($_POST['login_field']) && !empty($_POST['login_field']) && isset($_POST['password_field']) && !empty($_POST['password_field'])) {
$sql = new SQLite3(SQLITE);
$count = (file_exists('./.login_count'))? file_get_contents('./.login_count'): 0;
if (file_exists('./.lockdown')) {
echo 'locked';
} else {
$users = $sql->query('SELECT ID, password FROM users WHERE name = "'.$sql->escapeString(strtolower($_POST['login_field'])).'"');
if($users) {
$user = $users->fetchArray(SQLITE3_NUM);
if ($_POST['password_field'] == $user[1]) {
$_SESSION['auth'] = 1;
echo 'success';
$sql->exec('INSERT INTO log (user, time) VALUES ("'.$user[0].'", "'.$sql->escapeString(date('d-m-Y H:i')).'")');
exit();
}
}
echo 'failed';
$count++;
if ($count <= MAX_TRIES) {
file_put_contents('./.login_count', $count);
} else {
file_put_contents('./.lockdown', "\n");
}
}
} elseif (isset($_SESSION['auth']) && $_SESSION['auth'] === 1) { // authorized
$start = strlen(ROOT_DIR);
$end = strpos($_SERVER['REQUEST_URI'], '?');
$end = ($end !== false)? $end: strlen($_SERVER['REQUEST_URI']);
$uri = substr($_SERVER['REQUEST_URI'], $start, $end);
$file = './'.$uri;
if ($uri === '/index.php') {
unset($_SESSION['auth']);
header('Location: '.ROOT_DIR.'/');
exit;
}
if (pathinfo($file, PATHINFO_EXTENSION) !== 'html' && is_dir($file)) {
$file .= (substr($file, -1, 1) === '/')? 'index.html':'/index.html';
}
if (!file_exists($file)) {
$file = './404.html';
}
echo file_get_contents($file);
} else { // log in
echo file_get_contents('./login.html');
}
?>