servnest/public/auth/login.php

<?php require "../../common/html.php"; ?>

<form method="post">
	<label for="username">Identifiant</label><br>
	<input required="" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" id="username" name="username" type="text" placeholder="lain">
	<br>

	<label for="password">Clé de passe</label><br>
	<input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="password" name="password" type="password" placeholder="************************">
	<br>

	<input type="submit">
</form>

Pas de compte ? <a class="authButton" href="register">En créer un</a>

<?php

if (isset($_POST['username']) AND isset($_POST['password'])) {

	antiCSRF();

	checkPasswordFormat($_POST['password']);

	checkUsernameFormat($_POST['username']);

	if (userExist($_POST['username']) !== true)
		userError("Connexion impossible : ce compte n'existe pas.");

	if (checkPassword($_POST['username'], $_POST['password']) !== true)
		userError("Connexion impossible : clé de passe invalide.");

	$_SESSION['username'] = $_POST['username'];

	if (outdatedPasswordHash($_SESSION['username']))
		changePassword($_SESSION['username'], $_POST['password']);

	if (isset($_GET['redir'])) {
		if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir']) !== 1)
			userError("Wrong character in <code>redir</code>.");
		header("Location: " . CONF['common']['prefix'] . "/" . $_GET['redir']);
	} else {
		header("Location: " . CONF['common']['prefix'] . "/");
	}
}

?>

<?php closeHTML(); ?>
Close HTML using function, better error handling 2022-05-22 14:59:45 +02:00			`<?php require "../../common/html.php"; ?>`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`<form method="post">`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`<label for="username">Identifiant</label><br>`
			`<input required="" minlength="4" maxlength="32" pattern="<?= USERNAME_REGEX ?>" id="username" name="username" type="text" placeholder="lain">`
			`<br>`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`<label for="password">Clé de passe</label><br>`
			`<input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="password" name="password" type="password" placeholder="************************">`
			`<br>`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`<input type="submit">`
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`</form>`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`Pas de compte ? <a class="authButton" href="register">En créer un</a>`
3 2021-01-25 13:39:31 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`<?php`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`if (isset($_POST['username']) AND isset($_POST['password'])) {`
Initial commit 2021-01-22 21:58:46 +01:00
2 spaces > tab 2022-04-18 16:05:00 +02:00			`antiCSRF();`
Add antiCSRF() in every form 2021-08-05 14:04:33 +02:00
Use HTTP error codes, better error handling 2022-05-20 02:19:45 +02:00			`checkPasswordFormat($_POST['password']);`
Initial commit 2021-01-22 21:58:46 +01:00
Use HTTP error codes, better error handling 2022-05-20 02:19:45 +02:00			`checkUsernameFormat($_POST['username']);`
Initial commit 2021-01-22 21:58:46 +01:00
Close HTML using function, better error handling 2022-05-22 14:59:45 +02:00			`if (userExist($_POST['username']) !== true)`
			`userError("Connexion impossible : ce compte n'existe pas.");`
Use Argon2id instead of Bcrypt for password storage (and other things about passwords) 2021-08-05 02:51:21 +02:00
Close HTML using function, better error handling 2022-05-22 14:59:45 +02:00			`if (checkPassword($_POST['username'], $_POST['password']) !== true)`
			`userError("Connexion impossible : clé de passe invalide.");`
Use Argon2id instead of Bcrypt for password storage (and other things about passwords) 2021-08-05 02:51:21 +02:00
Close HTML using function, better error handling 2022-05-22 14:59:45 +02:00			`$_SESSION['username'] = $_POST['username'];`
Use Argon2id instead of Bcrypt for password storage (and other things about passwords) 2021-08-05 02:51:21 +02:00
Close HTML using function, better error handling 2022-05-22 14:59:45 +02:00			`if (outdatedPasswordHash($_SESSION['username']))`
			`changePassword($_SESSION['username'], $_POST['password']);`

			`if (isset($_GET['redir'])) {`
			`if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir']) !== 1)`
			`userError("Wrong character in <code>redir</code>.");`
			`header("Location: " . CONF['common']['prefix'] . "/" . $_GET['redir']);`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`} else {`
Close HTML using function, better error handling 2022-05-22 14:59:45 +02:00			`header("Location: " . CONF['common']['prefix'] . "/");`
2 spaces > tab 2022-04-18 16:05:00 +02:00			`}`
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`}`
Initial commit 2021-01-22 21:58:46 +01:00
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`?>`
Initial commit 2021-01-22 21:58:46 +01:00
Close HTML using function, better error handling 2022-05-22 14:59:45 +02:00			`<?php closeHTML(); ?>`