servnest/public/auth/login.php

<?php require "../../common/top.php"; ?>

<form method="post">
	<label for="username">Identifiant</label><br>
	<input required="" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" id="username" name="username" type="text" placeholder="lain">
	<br>

	<label for="password">Clé de passe</label><br>
	<input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="password" name="password" type="password" placeholder="************************">
	<br>

	<input type="submit">
</form>

Pas de compte ? <a class="authButton" href="register">En créer un</a>

<?php

if (isset($_POST['username']) AND isset($_POST['password'])) {

	antiCSRF();

	if (!checkPasswordFormat($_POST['password']))
		exit("Le format du mot de passe n'est pas valide !");

	if (!checkUsernameFormat($_POST['username']))
		exit("Le format du nom du compte n'est pas valide !");

	if (checkPassword($_POST['username'], $_POST['password'])) {

		$_SESSION['username'] = htmlspecialchars($_POST['username']);

		if (outdatedPasswordHash($_SESSION['username']))
			changePassword($_SESSION['username'], $_POST['password']);

		if (isset($_GET['redir'])) {
			if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir']))
				header("Location: " . PREFIX . "/" . $_GET['redir']);
			else
				exit("ERROR : Wrong character in redir argument");
		} else {
			header("Location: " . PREFIX . "/");
		}
		exit;
	} else {
		echo "<br>Connexion impossible : mot de passe invalide";
	}

}

?>

<?php require "../../common/bottom.php"; ?>
Better segmentation between services 2022-04-23 01:57:43 +02:00			`<?php require "../../common/top.php"; ?>`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`<form method="post">`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`<label for="username">Identifiant</label><br>`
			`<input required="" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" id="username" name="username" type="text" placeholder="lain">`
			`<br>`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`<label for="password">Clé de passe</label><br>`
			`<input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="password" name="password" type="password" placeholder="************************">`
			`<br>`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`<input type="submit">`
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`</form>`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`Pas de compte ? <a class="authButton" href="register">En créer un</a>`
3 2021-01-25 13:39:31 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`<?php`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`if (isset($_POST['username']) AND isset($_POST['password'])) {`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`antiCSRF();`
Add antiCSRF() in every form 2021-08-05 14:04:33 +02:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`if (!checkPasswordFormat($_POST['password']))`
			`exit("Le format du mot de passe n'est pas valide !");`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`if (!checkUsernameFormat($_POST['username']))`
			`exit("Le format du nom du compte n'est pas valide !");`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`if (checkPassword($_POST['username'], $_POST['password'])) {`
Use Argon2id instead of Bcrypt for password storage (and other things about passwords) 2021-08-05 02:51:21 +02:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`$_SESSION['username'] = htmlspecialchars($_POST['username']);`
Use Argon2id instead of Bcrypt for password storage (and other things about passwords) 2021-08-05 02:51:21 +02:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`if (outdatedPasswordHash($_SESSION['username']))`
			`changePassword($_SESSION['username'], $_POST['password']);`
Use Argon2id instead of Bcrypt for password storage (and other things about passwords) 2021-08-05 02:51:21 +02:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`if (isset($_GET['redir'])) {`
			`if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir']))`
Better segmentation between services 2022-04-23 01:57:43 +02:00			`header("Location: " . PREFIX . "/" . $_GET['redir']);`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`else`
			`exit("ERROR : Wrong character in redir argument");`
			`} else {`
Better segmentation between services 2022-04-23 01:57:43 +02:00			`header("Location: " . PREFIX . "/");`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`}`
			`exit;`
			`} else {`
			`echo "<br>Connexion impossible : mot de passe invalide";`
			`}`
?, remove too much indentation 2021-02-17 22:48:49 +01:00
			`}`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`?>`
Initial commit 2021-01-22 21:58:46 +01:00
Better segmentation between services 2022-04-23 01:57:43 +02:00			`<?php require "../../common/bottom.php"; ?>`