Füge Unterstützung für IP-Sperre und verbessere die Anmeldefunktionalität hinzu; aktualisiere .gitignore, Dockerfile und Datenbankschema

2026-02-01 23:06:49 +01:00
parent b2a74c2a17
commit 43ab962ca5
5 changed files with 30 additions and 32 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 www/secret.php
 www/_user.php
--- a/apache/Dockerfile
+++ b/apache/Dockerfile
@@ -4,7 +4,7 @@ FROM php:8.2-apache
 RUN a2enmod rewrite
 # PHP-Extensions für MariaDB
-RUN docker-php-ext-install pdo pdo_mysql
+RUN docker-php-ext-install mysqli pdo pdo_mysql
 # VHost kopieren
 COPY vhost.conf /etc/apache2/sites-available/000-default.conf
--- a/db/init/001_schema.sql
+++ b/db/init/001_schema.sql
@@ -22,6 +22,7 @@ CREATE TABLE access_tokens (
    uuid CHAR(36) NOT NULL UNIQUE,
    expires_at DATETIME NULL,
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    notes TEXT NULL,
    FOREIGN KEY (identity_id)
        REFERENCES identities(id)
        ON DELETE CASCADE
@@ -53,3 +54,13 @@ CREATE TABLE files (
        REFERENCES access_tokens(id)
        ON DELETE SET NULL
 ) ENGINE=InnoDB;
 CREATE TABLE admin_login_attempts (
    id INT AUTO_INCREMENT PRIMARY KEY,
    ip_address VARCHAR(45) NOT NULL,
    attempts INT NOT NULL DEFAULT 1,
    locked_until DATETIME NULL,
    last_attempt TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    UNIQUE KEY (ip_address)
 );
--- a/www/_user.php.example
+++ b/www/_user.php.example
@@ -0,0 +1,3 @@
 <?php
 $admin_user = 'admin';
 $admin_password = 'password';
--- a/www/admin.php
+++ b/www/admin.php
@@ -1,36 +1,34 @@
 <?php
 require '_sql.php';
 require '_func.php';
 require '_user.php';
-session_start([
+session_start();
    'use_strict_mode' => true,
    'cookie_httponly' => true
 ]);
 $ip = $_SERVER['REMOTE_ADDR'];
 /**
 * 🔒 IP-Sperre prüfen
 */
 if (isIpLocked($ip, $sql)) {
    http_response_code(403);
    exit('Zu viele Fehlversuche. IP für 1 Stunde gesperrt.');
 }
 /**
 * 🔐 LOGIN (wenn nicht eingeloggt)
 */
 if (!($_SESSION['is_admin'] ?? false)) {
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $user = $_POST['username'] ?? '';
        $pass = $_POST['password'] ?? '';
-        $admin = $sql->single(
+        if (
-            "SELECT * FROM admin_users WHERE username = ?",
+            $user !== $admin_user ||
-            "s",
+            $pass !== $admin_password
-            [$user]
+        ) {
-        );
+            registerFailedLogin($ip, $sql);
            $error = 'Ungültige Zugangsdaten';
        } else {
            clearLoginAttempts($ip, $sql);
            $_SESSION['is_admin'] = true;
            header('Location: admin.php');
            exit;
        }
        if (!$admin || !password_verify($pass, $admin['password_hash'])) {
            registerFailedLogin($ip, $sql);
@@ -75,27 +73,15 @@ if (!($_SESSION['is_admin'] ?? false)) {
    exit;
 }
 /**
 * ✅ AB HIER: ADMIN EINGELOGGT
 */
 $uuid = $_GET['uuid'] ?? null;
 /**
 * 🧩 UUID-Editor
 */
 if ($uuid) {
    // Token laden
    $token = $sql->single(
        "SELECT * FROM access_tokens WHERE uuid = ?",
        "s",
        [$uuid]
    );
    /**
     * 🆕 UUID existiert noch nicht → an feste Identität hängen
     */
    if (!$token) {
        $sql->set(
            "INSERT INTO access_tokens (identity_id, uuid)
@@ -111,9 +97,6 @@ if ($uuid) {
        );
    }
    /**
     * 🔄 Speichern
     */
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $issuedTo = $_POST['issued_to'] ?? '';
        $fields   = $_POST['fields'] ?? [];
`@@ -1 +1,2 @@`
	`www/secret.php`	`www/secret.php`
		`www/_user.php`