diff options
Diffstat (limited to 'Neutron-trunk/api/admin/login.php')
-rw-r--r-- | Neutron-trunk/api/admin/login.php | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/Neutron-trunk/api/admin/login.php b/Neutron-trunk/api/admin/login.php new file mode 100644 index 0000000..4a88f30 --- /dev/null +++ b/Neutron-trunk/api/admin/login.php @@ -0,0 +1,52 @@ +<?php require_once "../../resources/private/relative.php"; getRelativeDetails("api"); ?>
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
+
+if (isset($_POST['password'])) {
+ if (isset($_POST['authkey'])) { // Use authentication key
+ if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/authkey")) {
+ if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/authkey")) == $_POST['password']) {
+ $token = str_ireplace("/", "-", password_hash(password_hash(rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999), PASSWORD_BCRYPT, ['cost' => 12,]), PASSWORD_BCRYPT, ['cost' => 12,]));
+ if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens")) {
+ mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+ }
+ $tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+ foreach ($tokens as $deltoken) {
+ if ($deltoken == "." || $deltoken == "..") {} else {
+ unlink($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $deltoken);
+ }
+ }
+ file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $token, "");
+ header("Set-Cookie: _NEUTRON_ADMIN_TOKEN={$token}; Path=/; Http-Only; SameSite=Strict");
+ require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("ok");
+ return;
+ } else {
+ require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["keyinvalid"]);
+ }
+ } else {
+ require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["keynone"]);
+ }
+ } else { // Use regular password
+ if (password_verify($_POST['password'], file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/password"))) {
+ $token = str_ireplace("/", "-", password_hash(password_hash(rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999), PASSWORD_BCRYPT, ['cost' => 12,]), PASSWORD_BCRYPT, ['cost' => 12,]));
+ if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens")) {
+ mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+ }
+ $tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+ foreach ($tokens as $atoken) {
+ if ($atoken == "." || $atoken == "..") {} else {
+ unlink($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $atoken);
+ }
+ }
+ file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $token, "");
+ header("Set-Cookie: _NEUTRON_ADMIN_TOKEN={$token}; Path=/; Http-Only; SameSite=Strict");
+ require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("ok");
+ return;
+ } else {
+ require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["lgpassinvalid"]);
+ }
+ }
+} else {
+ require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["lgpassnone"]);
+}
\ No newline at end of file |