first non-install template (login); mostly testing
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
37
index.php
37
index.php
@@ -22,6 +22,7 @@ require './lib/init.php';
|
||||
use Froxlor\Database\Database;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\FroxlorLogger;
|
||||
use Froxlor\UI\Panel\UI;
|
||||
|
||||
if ($action == '') {
|
||||
$action = 'login';
|
||||
@@ -32,14 +33,14 @@ if (session_status() == PHP_SESSION_NONE) {
|
||||
ini_set("url_rewriter.tags", "");
|
||||
ini_set("session.use_cookies", false);
|
||||
ini_set("session.cookie_httponly", true);
|
||||
ini_set("session.cookie_secure", $is_ssl);
|
||||
ini_set("session.cookie_secure", UI::$SSL_REQ);
|
||||
session_id('login');
|
||||
session_start();
|
||||
}
|
||||
|
||||
if ($action == '2fa_entercode') {
|
||||
// page for entering the 2FA code after successful login
|
||||
if (! isset($_SESSION) || ! isset($_SESSION['secret_2fa'])) {
|
||||
if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
|
||||
// no session - redirect to index
|
||||
\Froxlor\UI\Response::redirectTo('index.php');
|
||||
exit();
|
||||
@@ -48,7 +49,7 @@ if ($action == '2fa_entercode') {
|
||||
eval("echo \"" . \Froxlor\UI\Template::getTemplate('2fa/entercode', true) . "\";");
|
||||
} elseif ($action == '2fa_verify') {
|
||||
// verify code from 2fa code-enter form
|
||||
if (! isset($_SESSION) || ! isset($_SESSION['secret_2fa'])) {
|
||||
if (!isset($_SESSION) || !isset($_SESSION['secret_2fa'])) {
|
||||
// no session - redirect to index
|
||||
\Froxlor\UI\Response::redirectTo('index.php');
|
||||
exit();
|
||||
@@ -89,7 +90,7 @@ if ($action == '2fa_entercode') {
|
||||
$userinfo['userid'] = $uid;
|
||||
|
||||
// if not successful somehow - start again
|
||||
if (! finishLogin($userinfo)) {
|
||||
if (!finishLogin($userinfo)) {
|
||||
\Froxlor\UI\Response::redirectTo('index.php', array(
|
||||
'showmessage' => '2'
|
||||
));
|
||||
@@ -173,7 +174,7 @@ if ($action == '2fa_entercode') {
|
||||
"loginname" => $loginname
|
||||
));
|
||||
$row = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
if (! isset($row['admin'])) {
|
||||
if (!isset($row['admin'])) {
|
||||
// not an admin who can see updates
|
||||
\Froxlor\UI\Response::redirectTo('index.php');
|
||||
exit();
|
||||
@@ -230,8 +231,8 @@ if ($action == '2fa_entercode') {
|
||||
// login correct
|
||||
// reset loginfail_counter, set lastlogin_succ
|
||||
$stmt = Database::prepare("UPDATE $table
|
||||
SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
|
||||
WHERE `$uid`= :uid");
|
||||
SET `lastlogin_succ`= :lastlogin_succ, `loginfail_count`='0'
|
||||
WHERE `$uid`= :uid");
|
||||
Database::pexecute($stmt, array(
|
||||
"lastlogin_succ" => time(),
|
||||
"uid" => $userinfo[$uid]
|
||||
@@ -323,7 +324,7 @@ if ($action == '2fa_entercode') {
|
||||
exit();
|
||||
}
|
||||
|
||||
if (! finishLogin($userinfo)) {
|
||||
if (!finishLogin($userinfo)) {
|
||||
\Froxlor\UI\Response::redirectTo('index.php', array(
|
||||
'showmessage' => '2'
|
||||
));
|
||||
@@ -369,9 +370,9 @@ if ($action == '2fa_entercode') {
|
||||
break;
|
||||
}
|
||||
|
||||
$update_in_progress = '';
|
||||
$update_in_progress = false;
|
||||
if (\Froxlor\Froxlor::hasUpdates() || \Froxlor\Froxlor::hasDbUpdates()) {
|
||||
$update_in_progress = $lng['update']['updateinprogress_onlyadmincanlogin'];
|
||||
$update_in_progress = true;
|
||||
}
|
||||
|
||||
// Pass the last used page if needed
|
||||
@@ -381,7 +382,7 @@ if ($action == '2fa_entercode') {
|
||||
$lastscript = str_replace("..", "", $lastscript);
|
||||
$lastscript = htmlspecialchars($lastscript, ENT_QUOTES);
|
||||
|
||||
if (! file_exists(__DIR__ . "/" . $lastscript)) {
|
||||
if (!file_exists(__DIR__ . "/" . $lastscript)) {
|
||||
$lastscript = "";
|
||||
}
|
||||
}
|
||||
@@ -390,7 +391,15 @@ if ($action == '2fa_entercode') {
|
||||
$lastqrystr = htmlspecialchars($_REQUEST['qrystr'], ENT_QUOTES);
|
||||
}
|
||||
|
||||
eval("echo \"" . \Froxlor\UI\Template::getTemplate('login') . "\";");
|
||||
UI::TwigBuffer('login/login.html.twig', [
|
||||
'pagetitle' => 'Login',
|
||||
'lastscript' => $lastscript,
|
||||
'lastqrystr' => $lastqrystr,
|
||||
'upd_in_progress' => $update_in_progress,
|
||||
'message' => $message,
|
||||
'successmsg' => $successmessage
|
||||
]);
|
||||
UI::TwigOutputBuffer();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -441,7 +450,7 @@ if ($action == 'forgotpwd') {
|
||||
// build a activation code
|
||||
$timestamp = time();
|
||||
$first = substr(md5($user['loginname'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), 0, 15);
|
||||
$third = substr(md5($user['email'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), - 15);
|
||||
$third = substr(md5($user['email'] . $timestamp . \Froxlor\PhpHelper::randomStr(16)), -15);
|
||||
$activationcode = $first . $timestamp . $third . substr(md5($third . $timestamp), 0, 10);
|
||||
|
||||
// Drop all existing activation codes for this user
|
||||
@@ -683,7 +692,7 @@ function finishLogin($userinfo)
|
||||
$language = \Froxlor\Validate\Validate::validate($_POST['language'], 'language');
|
||||
if ($language == 'profile') {
|
||||
$language = $userinfo['def_language'];
|
||||
} elseif (! isset($languages[$language])) {
|
||||
} elseif (!isset($languages[$language])) {
|
||||
$language = Settings::Get('panel.standardlanguage');
|
||||
}
|
||||
} else {
|
||||
|
||||
@@ -37,6 +37,8 @@ class UI
|
||||
|
||||
private static $install_mode = false;
|
||||
|
||||
public static $SSL_REQ = false;
|
||||
|
||||
/**
|
||||
* send various security related headers
|
||||
*/
|
||||
@@ -80,6 +82,7 @@ class UI
|
||||
* If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
|
||||
*/
|
||||
if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
|
||||
self::$SSL_REQ = true;
|
||||
$maxage = \Froxlor\Settings::Get('system.hsts_maxage');
|
||||
if (empty($maxage)) {
|
||||
$maxage = 0;
|
||||
|
||||
17
lib/init.php
17
lib/init.php
@@ -294,6 +294,8 @@ if ($language != 'English') {
|
||||
// last but not least include language references file
|
||||
include_once \Froxlor\FileDir::makeSecurePath('lng/lng_references.php');
|
||||
|
||||
UI::setLng($lng);
|
||||
|
||||
// Initialize our new link - class
|
||||
$linker = new \Froxlor\UI\Linker('index.php', $s);
|
||||
|
||||
@@ -317,15 +319,14 @@ if (preg_match("/([a-z0-9\.\-]+)_([a-z0-9\.\-]+)/i", $theme, $matches)) {
|
||||
}
|
||||
|
||||
// check for existence of the theme
|
||||
if (!file_exists('templates/' . $theme . '/config.json')) {
|
||||
// Fallback
|
||||
$theme = $_deftheme;
|
||||
if (@file_exists('templates/' . $theme . '/config.json')) {
|
||||
$_themeoptions = json_decode(file_get_contents('templates/' . $theme . '/config.json'), true);
|
||||
} else {
|
||||
$_themeoptions = null;
|
||||
}
|
||||
|
||||
$_themeoptions = json_decode(file_get_contents('templates/' . $theme . '/config.json'), true);
|
||||
|
||||
// check for existence of variant in theme
|
||||
if (!array_key_exists('variants', $_themeoptions) || !array_key_exists($themevariant, $_themeoptions['variants'])) {
|
||||
if (is_array($_themeoptions) && (!array_key_exists('variants', $_themeoptions) || !array_key_exists($themevariant, $_themeoptions['variants']))) {
|
||||
$themevariant = "default";
|
||||
}
|
||||
|
||||
@@ -425,7 +426,7 @@ if (AREA == 'admin' || AREA == 'customer') {
|
||||
}
|
||||
|
||||
$js = "";
|
||||
if (array_key_exists('js', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['js'])) {
|
||||
if (is_array($_themeoptions) && array_key_exists('js', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['js'])) {
|
||||
foreach ($_themeoptions['variants'][$themevariant]['js'] as $jsfile) {
|
||||
if (file_exists('templates/' . $theme . '/assets/js/' . $jsfile)) {
|
||||
$js .= '<script type="text/javascript" src="templates/' . $theme . '/assets/js/' . $jsfile . '"></script>' . "\n";
|
||||
@@ -434,7 +435,7 @@ if (array_key_exists('js', $_themeoptions['variants'][$themevariant]) && is_arra
|
||||
}
|
||||
|
||||
$css = "";
|
||||
if (array_key_exists('css', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['css'])) {
|
||||
if (is_array($_themeoptions) && array_key_exists('css', $_themeoptions['variants'][$themevariant]) && is_array($_themeoptions['variants'][$themevariant]['css'])) {
|
||||
foreach ($_themeoptions['variants'][$themevariant]['css'] as $cssfile) {
|
||||
if (file_exists('templates/' . $theme . '/assets/css/' . $cssfile)) {
|
||||
$css .= '<link href="templates/' . $theme . '/assets/css/' . $cssfile . '" rel="stylesheet" type="text/css" />' . "\n";
|
||||
|
||||
28
templates/Froxlor/config.json
Normal file
28
templates/Froxlor/config.json
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
"variants": {
|
||||
"default": {
|
||||
"css": [
|
||||
"main.css",
|
||||
"custom.css"
|
||||
],
|
||||
"js": [
|
||||
"main.js",
|
||||
"apikey.js"
|
||||
],
|
||||
"description": "Default"
|
||||
},
|
||||
"dark": {
|
||||
"css": [
|
||||
"main.css",
|
||||
"dark.css",
|
||||
"custom.css"
|
||||
],
|
||||
"js": [
|
||||
"main.js",
|
||||
"apikey.js"
|
||||
],
|
||||
"description": "Darkmode"
|
||||
}
|
||||
},
|
||||
"author": "Froxlor"
|
||||
}
|
||||
47
templates/Froxlor/login/login.html.twig
Normal file
47
templates/Froxlor/login/login.html.twig
Normal file
@@ -0,0 +1,47 @@
|
||||
{% extends "Froxlor/base.html.twig" %}
|
||||
|
||||
{% block body %}
|
||||
<div class="container p-3 bg-light border border-top-0">
|
||||
<img src="{{ basehref|default('') }}templates/Froxlor/assets/img/logo.png" alt="Froxlor Server Management Panel"/>
|
||||
<section class="mt-4">
|
||||
<h3 class="text-center mb-3">{{ pagetitle }}</h3>
|
||||
{% if upd_in_progress %}
|
||||
<div class="alert alert-warning" role="alert">
|
||||
{{ lng('update.updateinprogress_onlyadmincanlogin')|raw }}
|
||||
</div>
|
||||
{% elseif successmsg is not empty %}
|
||||
<div class="alert alert-success" role="alert">
|
||||
<h4 class="alert-heading">{{ lng('success.success') }}</h4>
|
||||
<p>{{ successmsg|raw }}</p>
|
||||
</div>
|
||||
{% elseif message is not empty %}
|
||||
<div class="alert alert-danger" role="alert">
|
||||
<h4 class="alert-heading">{{ lng('error.error') }}</h4>
|
||||
<p>{{ message|raw }}</p>
|
||||
</div>
|
||||
{% endif %}
|
||||
<form action="index.php" method="post" enctype="application/x-www-form-urlencoded">
|
||||
<div class="row mb-3">
|
||||
<label for="loginname" class="col-sm-4 col-form-label">{{ lng('login.username') }}</label>
|
||||
<div class="col-sm-8">
|
||||
<input class="form-control" type="text" name="loginname" id="loginname" value="" required/>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row mb-3">
|
||||
<label for="password" class="col-sm-4 col-form-label">{{ lng('login.password') }}</label>
|
||||
<div class="col-sm-8">
|
||||
<input class="form-control" type="password" name="password" id="password" value="" required/>
|
||||
</div>
|
||||
</div>
|
||||
<strong>language stuff noch</strong>
|
||||
<aside class="text-end">
|
||||
<input type="hidden" name="script" value="{{ lastscript }}" />
|
||||
<input type="hidden" name="qrystr" value="{{ lastqrystr }}" />
|
||||
<input type="hidden" name="send" value="send" />
|
||||
<button class="btn btn-sm btn-primary" type="submit" name="dologin">{{ lng('login.login') }}</button>
|
||||
</aside>
|
||||
</form>
|
||||
<strong>passwort vergessen stuff noch</strong>
|
||||
</section>
|
||||
</div>
|
||||
{% endblock %}
|
||||
Reference in New Issue
Block a user