Started working on a login system

zigazajc007 · Apr 17, 2023 · 30d62aa · 30d62aa
1 parent ada55d4
commit 30d62aa
Show file tree

Hide file tree

Showing 4 changed files with 136 additions and 44 deletions.
diff --git a/website/Settings.php b/website/Settings.php
@@ -13,12 +13,15 @@ class Settings{
 	public static $mysql_password = "";
 
 	// Login data for Admin Bans panel (Please don't use default password)
-	public static $login_username = "admin";
-	public static $login_password = "d45HKmyHkQkNPGNoZxz7Dwz7i";
-	// Do you want to use hCaptcha for login?
-	public static $login_hcaptcha = false;
-	public static $login_hcaptcha_sitekey = "Site Key Here";
-	public static $login_hcaptcha_privatekey = "Private Key Here";
+	public static $admin_accounts = [
+		"admin" => "d45HKmyHkQkNPGNoZxz7Dwz7i",
+		"admin2" => "d45HKmyHkQkNPGNoZxz7Dwz7i",
+	];
+
+	// Do you want to use Turnstile (Captcha) for admin logins (Mitigate brute force attacks)?
+	public static $turnstile = false;
+	public static $turnstile_sitekey = "Site Key Here";
+	public static $turnstile_privatekey = "Private Key Here";
 
 	//Choose default theme
 	public static $default_theme = "dark";

diff --git a/website/check_login.php b/website/check_login.php
@@ -1,47 +1,31 @@
 <?php
-require "settings.php";
+require "Settings.php";
 
 session_start();
 
-if (isset($_POST['username']) && isset($_POST["password"])) {
-
-	$_SESSION["msg"] = "";
-
-if($login_hcaptcha){
-	$responseKey = $_POST['h-captcha-response'];
-
-	$url = 'https://hcaptcha.com/siteverify?secret='.$login_hcaptcha.'&response='.$responseKey;
-	$response = file_get_contents($url);
-	$response = json_decode($response);
-
-	if($response->success){
+if(!isset($_POST['username']) || !isset($_POST["password"])){
+	$_SESSION["msg"] = "Missing login creditions!";
+	header("Location: login.php");
+	return;
+}
 
+if(Settings::$turnstile){
 
+}
 
-	}else{
-		$_SESSION["msg"] = "Please complete the captcha!";
-		$_SESSION["color"] = "alert-danger";
-		header("Location: panel.php");
-	}
-}else{
-	if($_POST['username'] == $login_username){
-		if($_POST["password"] == $login_password){
-			$_SESSION["username"] = $_POST['username'];
-			header("Location: panel.php");
-		}else{
-			$_SESSION["msg"] = "Password is incorrect!";
-			$_SESSION["color"] = "alert-danger";
-			header("Location: panel.php");
-		}
-	}else{
-		$_SESSION["msg"] = "Username is incorrect!";
-		$_SESSION["color"] = "alert-danger";
-		header("Location: panel.php");
-	}
+if(!array_key_exists($_POST['username'], Settings::$admin_accounts)){
+	$_SESSION["msg"] = "Username is incorrect!";
+	header("Location: login.php");
+	return;
 }
-}else{
-	$_SESSION["msg"] = "Missing login creditions!";
-	$_SESSION["color"] = "alert-danger";
-	header("Location: panel.php");
+
+if(Settings::$admin_accounts[$_POST['username']] !== $_POST["password"]){
+	$_SESSION["msg"] = "Password is incorrect!";
+	header("Location: login.php");
+	return;
 }
+
+$_SESSION["msg"] = "";
+$_SESSION["username"] = $_POST['username'];
+header("Location: panel.php");
 ?>