152 lines
4.7 KiB
PHP
152 lines
4.7 KiB
PHP
<?php
|
|
###############################################################
|
|
# Page Password Protect 1.2
|
|
###############################################################
|
|
# By Michael R. - swiss
|
|
###############################################################
|
|
defined('_VALID') or define('_VALID', true);
|
|
defined('_ADMIN') or define('_ADMIN', true);
|
|
require(__DIR__.'/config.php');
|
|
|
|
# LOGIN OVERRIDE FUNCTION FOR LOCAL ACCESS!
|
|
function getUserIP() {
|
|
$client = @$_SERVER['HTTP_CLIENT_IP'];
|
|
$forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
$remote = $_SERVER['REMOTE_ADDR'];
|
|
|
|
if(filter_var($client, FILTER_VALIDATE_IP)) {
|
|
$ip = $client;
|
|
}
|
|
elseif(filter_var($forward, FILTER_VALIDATE_IP)) {
|
|
$ip = $forward;
|
|
}
|
|
else {
|
|
$ip = $remote;
|
|
}
|
|
return $ip;
|
|
}
|
|
|
|
#$user_ip = getUserIP();
|
|
//print("Your IP is: ".$user_ip); #FOR DEBUGGING!
|
|
|
|
#if ($user_ip != "xx.xx.xx.xx") {
|
|
# IF IP-ADRESS IS NOT MY IP, CONSTRUCT LOGIN-PAGE:
|
|
|
|
//Set access password for using the webproxy
|
|
$adminPassword = $config['access-password'];
|
|
|
|
$LOGIN_INFORMATION = array( $adminPassword );
|
|
defined('USE_USERNAME') or define('USE_USERNAME', false);
|
|
// time out after NN minutes of inactivity. Set to 0 to not timeout
|
|
defined('TIMEOUT_MINUTES') or define('TIMEOUT_MINUTES', 0);
|
|
// This parameter is only useful when TIMEOUT_MINUTES is not zero
|
|
// true - timeout time from last activity, false - timeout time from login
|
|
defined('TIMEOUT_CHECK_ACTIVITY') or define('TIMEOUT_CHECK_ACTIVITY', true);
|
|
|
|
// timeout in seconds
|
|
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
|
|
// logout?
|
|
if(isset($_GET['logout'])) {
|
|
setcookie("verify", '', $timeout, '/'); // clear password;
|
|
header('Location: ' . "/wakeonlan/");
|
|
exit();
|
|
}
|
|
if(!function_exists('showLoginPasswordProtect')) {
|
|
// show login form
|
|
function showLoginPasswordProtect($error_msg) {
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html >
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<title>Please authenticate!</title>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
|
|
|
|
<link rel='stylesheet prefetch' href='//fonts.googleapis.com/css?family=Open+Sans'>
|
|
<link rel="stylesheet" href="css/font-awesome.min.css">
|
|
<link rel="stylesheet" href="css/login.css?random=<?php echo uniqid(); ?>">
|
|
|
|
</head>
|
|
|
|
<body onLoad="document.getElementsByTagName('input')[0].focus();"
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="login">
|
|
<!--<div class="login__check"></div>-->
|
|
<div class="login__lock"><i class="fa fa-lock" aria-hidden="true"></i></div>
|
|
<div class="login__form">
|
|
|
|
<form method="post">
|
|
<div class="login__row">
|
|
<svg class="login__icon pass svg-icon" viewBox="0 0 20 20">
|
|
<path d="M0,20 20,20 20,8 0,8z M10,13 10,16z M4,8 a6,8 0 0,1 12,0" />
|
|
</svg>
|
|
<input type="password" name="access_password" class="login__input pass" placeholder="Password"/>
|
|
</div>
|
|
<button type="submit" value="Submit" class="login__submit">Login</button>
|
|
</form>
|
|
|
|
<p class="login__signup">Don't have an password? <a>Ask M.Reber</a></p>
|
|
<font color="red" style="font-size: x-small";><?php echo $error_msg; ?></font>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
<script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
|
|
<script src="js/login.js"></script>
|
|
|
|
</body>
|
|
</html>
|
|
|
|
<?php
|
|
// stop at this point
|
|
die();
|
|
}
|
|
}
|
|
// user provided password
|
|
if (isset($_POST['access_password'])) {
|
|
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
|
|
$pass = $_POST['access_password'];
|
|
if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|
|
|| (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
|
|
) {
|
|
showLoginPasswordProtect("wrong password!");
|
|
}
|
|
else {
|
|
// set cookie if password was validated
|
|
setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
|
|
|
|
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
|
|
// So need to clear password protector variables
|
|
unset($_POST['access_login']);
|
|
unset($_POST['access_password']);
|
|
unset($_POST['Submit']);
|
|
header('Location: ' . $logoutURL . '/wakeonlan/');
|
|
}
|
|
}
|
|
else {
|
|
// check if password cookie is set
|
|
if (!isset($_COOKIE['verify'])) {
|
|
showLoginPasswordProtect("");
|
|
}
|
|
// check if cookie is good
|
|
$found = false;
|
|
foreach($LOGIN_INFORMATION as $key=>$val) {
|
|
$lp = (USE_USERNAME ? $key : '') .'%'.$val;
|
|
if ($_COOKIE['verify'] == md5($lp)) {
|
|
$found = true;
|
|
// prolong timeout
|
|
if (TIMEOUT_CHECK_ACTIVITY) {
|
|
setcookie("verify", md5($lp), $timeout, '/');
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
if (!$found) {
|
|
showLoginPasswordProtect("");
|
|
}
|
|
}
|
|
//}
|
|
?>
|