From 529ffcbfa97ab51a64a97f6dff08aeb2bc0cc105 Mon Sep 17 00:00:00 2001
From: Minteck <nekostarfan@gmail.com>
Date: Tue, 24 Aug 2021 15:38:16 +0200
Subject: Update

---
 Neutron-trunk/api/admin/login.php | 52 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 Neutron-trunk/api/admin/login.php

(limited to 'Neutron-trunk/api/admin/login.php')

diff --git a/Neutron-trunk/api/admin/login.php b/Neutron-trunk/api/admin/login.php
new file mode 100644
index 0000000..4a88f30
--- /dev/null
+++ b/Neutron-trunk/api/admin/login.php
@@ -0,0 +1,52 @@
+<?php require_once "../../resources/private/relative.php"; getRelativeDetails("api"); ?>
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/api/lang/processor.php";
+
+if (isset($_POST['password'])) {
+    if (isset($_POST['authkey'])) { // Use authentication key
+        if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/authkey")) {
+            if (trim(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/authkey")) == $_POST['password']) {
+                $token = str_ireplace("/", "-", password_hash(password_hash(rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999), PASSWORD_BCRYPT, ['cost' => 12,]), PASSWORD_BCRYPT, ['cost' => 12,]));
+                if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens")) {
+                    mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+                }
+                $tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+                foreach ($tokens as $deltoken) {
+                    if ($deltoken == "." || $deltoken == "..") {} else {
+                        unlink($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $deltoken);
+                    }
+                }
+                file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $token, "");
+                header("Set-Cookie: _NEUTRON_ADMIN_TOKEN={$token}; Path=/; Http-Only; SameSite=Strict");
+                require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("ok");
+                return;
+            } else {
+                require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["keyinvalid"]);
+            }
+        } else {
+            require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["keynone"]);
+        }
+    } else { // Use regular password
+        if (password_verify($_POST['password'], file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/password"))) {
+            $token = str_ireplace("/", "-", password_hash(password_hash(rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999), PASSWORD_BCRYPT, ['cost' => 12,]), PASSWORD_BCRYPT, ['cost' => 12,]));
+            if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens")) {
+                mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+            }
+            $tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
+            foreach ($tokens as $atoken) {
+                if ($atoken == "." || $atoken == "..") {} else {
+                    unlink($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $atoken);
+                }
+            }
+            file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $token, "");
+            header("Set-Cookie: _NEUTRON_ADMIN_TOKEN={$token}; Path=/; Http-Only; SameSite=Strict");
+            require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("ok");
+            return;
+        } else {
+            require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["lgpassinvalid"]);
+        }
+    }
+} else {
+    require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit($lang["api"]["lgpassnone"]);
+}
\ No newline at end of file
-- 
cgit