Füge Unterstützung für IP-Sperre und verbessere die Anmeldefunktionalität hinzu; aktualisiere .gitignore, Dockerfile und Datenbankschema
This commit is contained in:
Troy Grunt
@@ -1,36 +1,34 @@
|
||||
<?php
|
||||
require '_sql.php';
|
||||
require '_func.php';
|
||||
require '_user.php';
|
||||
|
||||
session_start([
|
||||
'use_strict_mode' => true,
|
||||
'cookie_httponly' => true
|
||||
]);
|
||||
session_start();
|
||||
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
/**
|
||||
* 🔒 IP-Sperre prüfen
|
||||
*/
|
||||
if (isIpLocked($ip, $sql)) {
|
||||
http_response_code(403);
|
||||
exit('Zu viele Fehlversuche. IP für 1 Stunde gesperrt.');
|
||||
}
|
||||
|
||||
/**
|
||||
* 🔐 LOGIN (wenn nicht eingeloggt)
|
||||
*/
|
||||
if (!($_SESSION['is_admin'] ?? false)) {
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$user = $_POST['username'] ?? '';
|
||||
$pass = $_POST['password'] ?? '';
|
||||
|
||||
$admin = $sql->single(
|
||||
"SELECT * FROM admin_users WHERE username = ?",
|
||||
"s",
|
||||
[$user]
|
||||
);
|
||||
if (
|
||||
$user !== $admin_user ||
|
||||
$pass !== $admin_password
|
||||
) {
|
||||
registerFailedLogin($ip, $sql);
|
||||
$error = 'Ungültige Zugangsdaten';
|
||||
} else {
|
||||
clearLoginAttempts($ip, $sql);
|
||||
$_SESSION['is_admin'] = true;
|
||||
header('Location: admin.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!$admin || !password_verify($pass, $admin['password_hash'])) {
|
||||
registerFailedLogin($ip, $sql);
|
||||
@@ -75,27 +73,15 @@ if (!($_SESSION['is_admin'] ?? false)) {
|
||||
exit;
|
||||
}
|
||||
|
||||
/**
|
||||
* ✅ AB HIER: ADMIN EINGELOGGT
|
||||
*/
|
||||
|
||||
$uuid = $_GET['uuid'] ?? null;
|
||||
|
||||
/**
|
||||
* 🧩 UUID-Editor
|
||||
*/
|
||||
if ($uuid) {
|
||||
|
||||
// Token laden
|
||||
$token = $sql->single(
|
||||
"SELECT * FROM access_tokens WHERE uuid = ?",
|
||||
"s",
|
||||
[$uuid]
|
||||
);
|
||||
|
||||
/**
|
||||
* 🆕 UUID existiert noch nicht → an feste Identität hängen
|
||||
*/
|
||||
if (!$token) {
|
||||
$sql->set(
|
||||
"INSERT INTO access_tokens (identity_id, uuid)
|
||||
@@ -111,9 +97,6 @@ if ($uuid) {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* 🔄 Speichern
|
||||
*/
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$issuedTo = $_POST['issued_to'] ?? '';
|
||||
$fields = $_POST['fields'] ?? [];
|
||||
|
||||
Reference in New Issue
Block a user