1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
<?php require_once "../../../resources/private/relative.php"; getRelativeDetails("cms-special"); ?>
<?php
$invalid = false;
if (isset($_POST['authkey'])) {
require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("UNSUPPORTED");
} else {
if (isset($_POST['password'])) {
if (isset($_GET['pr'])) {
if (isset($_GET['pa'])) {
$callback = $_GET['pr'] . $_GET['pa'];
} else {
$callback = $_GET['pr'];
}
} else {
$callback = "{$GLOBALS["SYSTEM_ROOT"]}/cms-special/admin-v2";
}
if (password_verify($_POST['password'], file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/password"))) {
$token = str_ireplace("/", "-", password_hash(password_hash(rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999) + rand(0, 999999), PASSWORD_BCRYPT, ['cost' => 12,]), PASSWORD_BCRYPT, ['cost' => 12,]));
if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens")) {
mkdir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
}
$tokens = scandir($_SERVER['DOCUMENT_ROOT'] . "/data/tokens");
foreach ($tokens as $atoken) {
if ($atoken == "." || $atoken == "..") {} else {
unlink($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $atoken);
}
}
file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $token, "");
header("Set-Cookie: _NEUTRON_ADMIN_TOKEN={$token}; Path=/; Http-Only; SameSite=Strict");
header("Location: " . $callback);
return;
} else {
$invalid = true;
}
}
}
if (isset($_COOKIE['_NEUTRON_ADMIN_TOKEN']) && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != ".." && $_COOKIE['_NEUTRON_ADMIN_TOKEN'] != "/" && strpos($_COOKIE['_NEUTRON_ADMIN_TOKEN'], "/") === false) {
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/tokens/" . $_COOKIE['_NEUTRON_ADMIN_TOKEN'])) {
if (isset($_GET['pr'])) {
if (isset($_GET['pa'])) {
$callback = $_GET['pr'] . $_GET['pa'];
} else {
$callback = $_GET['pr'];
}
} else {
$callback = "{$GLOBALS["SYSTEM_ROOT"]}/cms-special/admin-v2";
}
header("Location: " . $callback);
}
}
?>
<?php ob_start();echo("<!--\n\n" . str_replace('%year%', date('Y'), file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/resources/private/license")) . "\n\n-->") ?>
<?php
if (file_exists($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent")) {
$ready = true;
} else {
$ready = false;
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<link rel="stylesheet" href="<?= $GLOBALS["SYSTEM_ROOT"] ?>/resources/css/admin.css">
<link rel="stylesheet" href="<?= $GLOBALS["SYSTEM_ROOT"] ?>/resources/css/fonts-import.css">
<link rel="stylesheet" href="<?= $GLOBALS["SYSTEM_ROOT"] ?>/resources/css/ui.css">
<?php require_once $_SERVER['DOCUMENT_ROOT'] . "/resources/private/header.php"; ?>
<title><?php
if ($ready) {
echo($lang["login"]["login"] . " - " . $lang["login"]["title"] . " - " . file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/data/webcontent/sitename"));
} else {
echo("Neutron");
}
?></title>
<?php
if (!$ready) {
require $_SERVER['DOCUMENT_ROOT'] . "/api/electrode/quit.php";quit("<script>location.href = '{$GLOBALS["SYSTEM_ROOT"]}/cms-special/setup';</script></head>");
}
?>
</head>
<body id="login">
<div class="centered">
<img src="<?= $GLOBALS["SYSTEM_ROOT"] ?>/resources/upload/siteicon.png" style="border-radius:100%;" class="intro-element">
<h2 style="margin-bottom:0;"><?= $lang["login"]["title"] ?></h2>
<p><small><?= str_replace("}", "</a>", str_replace("{", "<a class=\"clink\" href=\"{$GLOBALS["SYSTEM_ROOT"]}/cms-special/admin-v2/login\">", $lang["login"]["redirect"])); ?></small></p>
<p><?php
if (isset($_GET['authkey'])) {
echo('<small>' . $lang["login"]["uauth"] . '<br><a href="." class="clink">' . $lang['login']['pass'] . '</a></small>');
} else {
echo('<small>' . $lang["login"]["upass"] . '<br><a href="./?authkey" class="clink">' . $lang['login']['auth'] . '</a></small>');
}
?></p>
<?php if ($invalid) {echo('<div id="error">' . $lang["login"]["invalid"] . '</div>');} ?>
<?php if (!isset($_GET['authkey'])): ?>
<form action="./<?php if (isset($_GET['pr'])) {echo("?pr=" . $_GET['pr']);if (isset($_GET['pa'])) {echo("&pa=" . urlencode($_GET['pa']));}} ?>" method="post">
<input name="password" type="password" placeholder="<?= isset($_GET['authkey']) ? $lang["login"]["authph"] : $lang["login"]["password"] ?>"><br><br>
<input type="submit" class="button" value="<?= $lang["login"]["login"] ?>">
</form><br>
<?php else: ?>
<form action="#" method="post">
<input name="authkey" type="password" placeholder="<?= isset($_GET['authkey']) ? $lang["login"]["authph"] : $lang["login"]["password"] ?>" disabled><br><br>
<small><?= $lang["login"]["nokey"][0] . " <a class=\"clink\" href=\"{$GLOBALS["SYSTEM_ROOT"]}/cms-special/admin-v2/login\">" . $lang["login"]["nokey"][1] . "</a> " . $lang["login"]["nokey"][2] ?></small>
</form><br>
<?php endif ?>
</div>
</body>
</html>
|
