admin/37325-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37325-vm/auth.php
Flatlogic Bot c7e40bdd09 1.1
2026-01-08 17:14:09 +00:00

146 lines
4.3 KiB
PHP
Raw Blame History

<?php
session_start();
require_once 'db/config.php';
$action = $_GET['action'] ?? '';
switch ($action) {
case 'register':
register();
break;
case 'login':
login();
break;
case 'logout':
logout();
break;
default:
header('Location: login.php');
exit;
}
function register() {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: register.php');
exit;
}
$name = $_POST['name'] ?? '';
$email = $_POST['email'] ?? '';
$password = $_POST['password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';
if (empty($name) || empty($email) || empty($password) || empty($confirm_password)) {
header('Location: register.php?error=All fields are required.');
exit;
}
if ($password !== $confirm_password) {
header('Location: register.php?error=Passwords do not match.');
exit;
}
$pdo = db();
$stmt = $pdo->prepare('SELECT id FROM users WHERE email = ?');
$stmt->execute([$email]);
if ($stmt->fetch()) {
header('Location: register.php?error=Email already exists.');
exit;
}
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare('INSERT INTO users (name, email, password) VALUES (?, ?, ?)');
if ($stmt->execute([$name, $email, $hashed_password])) {
// Assign default 'User' group
$user_id = $pdo->lastInsertId();
$stmt = $pdo->prepare('INSERT INTO user_groups (user_id, group_id) VALUES (?, ?)');
$stmt->execute([$user_id, 3]);
header('Location: login.php');
exit;
} else {
header('Location: register.php?error=An error occurred.');
exit;
}
}
function login() {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: login.php');
exit;
}
$email = $_POST['email'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($email) || empty($password)) {
header('Location: login.php?error=Email and password are required.');
exit;
}
$pdo = db();
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = ?');
$stmt->execute([$email]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
if ($user['is_suspended']) {
log_login_attempt($user['id'], 'failed');
header('Location: login.php?error=Your account is suspended.');
exit;
}
// Prevent multiple logins from different IPs
$session_id = session_id();
$ip_address = $_SERVER['REMOTE_ADDR'];
$stmt = $pdo->prepare('SELECT * FROM active_sessions WHERE user_id = ?');
$stmt->execute([$user['id']]);
$active_session = $stmt->fetch();
if ($active_session && $active_session['ip_address'] !== $ip_address) {
log_login_attempt($user['id'], 'failed');
header('Location: login.php?error=User is already logged in from another IP address.');
exit;
}
// Store session
$stmt = $pdo->prepare('REPLACE INTO active_sessions (session_id, user_id, ip_address) VALUES (?, ?, ?)');
$stmt->execute([$session_id, $user['id'], $ip_address]);
$_SESSION['user_id'] = $user['id'];
$_SESSION['user_name'] = $user['name'];
// Update last login info
$stmt = $pdo->prepare('UPDATE users SET last_login = NOW(), last_login_ip = ? WHERE id = ?');
$stmt->execute([$ip_address, $user['id']]);
log_login_attempt($user['id'], 'success');
header('Location: admin/index.php');
exit;
} else {
$user_id = $user ? $user['id'] : null;
log_login_attempt($user_id, 'failed');
header('Location: login.php?error=Invalid email or password.');
exit;
}
}
function logout() {
$pdo = db();
$stmt = $pdo->prepare('DELETE FROM active_sessions WHERE user_id = ?');
$stmt->execute([$_SESSION['user_id']]);
session_unset();
session_destroy();
header('Location: login.php');
exit;
}
function log_login_attempt($user_id, $status) {
$pdo = db();
$stmt = $pdo->prepare('INSERT INTO login_logs (user_id, ip_address, status) VALUES (?, ?, ?)');
$stmt->execute([$user_id, $_SERVER['REMOTE_ADDR'], $status]);
}
Reference in New Issue View Git Blame Copy Permalink