Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <style>
- body {
- background-repeat:no-repeat;
- background-size:cover;
- }
- </style>
- <?php
- require "config.php";
- if (isset($_GET['returnpage'])) {
- $_SESSION['returnpage'] = $_GET['returnpage'];
- Header("Location: login");
- }
- if ($_SERVER['REQUEST_METHOD'] == "POST" AND $_POST['form'] == "login") {
- if (trim($_POST['username']) == NULL) {
- Header("Location:login?error");
- }
- if (trim($_POST['password']) == NULL) {
- Header("Location:login?error");
- }
- $query = $con->query("SELECT id,password,role,name,role,rang,2fa FROM users WHERE username = '".$con->real_escape_string($_POST['username'])."' AND status = 'active'");
- if ($query->num_rows == 1) {
- $row = $query->fetch_assoc();
- if (password_verify($_POST['password'],$row['password'])) {
- $_SESSION['loggedin'] = true;
- $_SESSION['username'] = $_POST['username'];
- $_SESSION['role'] = $row['role'];
- $_SESSION['name'] = $row['name'];
- $_SESSION['rang'] = $row['rang'];
- $_SESSION['id'] = $row['id'];
- if ($row['2fa'] != NULL) {
- $_SESSION['id'] = $row['id'];
- $_SESSION['username'] = $row['username'];
- Header("Location:login.php?2fa");
- exit;
- }
- $con->query("UPDATE users SET last_login = '".date('d-m-Y')."' WHERE id = '".$row['id']."'");
- if ($_SERVER['HTTP_REFFER'] != "") {
- header('Location: ' . $_SERVER['HTTP_REFERER']);
- } else {
- if (isset($_SESSION['returnpage'])) {
- Header("Location: ".$_SESSION['returnpage']);
- } else {
- Header("Location: index");
- }
- }
- } else {
- //Wachtwoord klopt niet
- Header("Location: login?error");
- }
- } else {
- Header("Location: login?error");
- }
- }
- if ($_SERVER['REQUEST_METHOD'] == "POST" AND $_POST['form'] == "2fa") {
- $get = $con->query("SELECT 2fa FROM users WHERE id = '".$_SESSION['id']."'");
- $row = $get->fetch_assoc();
- $oneCode = $_POST['2fa'];
- echo "Checking Code '$oneCode' and Secret '$secret':\n";
- $checkResult = $ga->verifyCode($row['2fa'], $oneCode, 2); // 2 = 2*30sec clock tolerance
- if ($checkResult) {
- $query = $con->query("SELECT id,password,role,name,role,rang,2fa FROM users WHERE id = '".$con->real_escape_string($_SESSION['id'])."' AND status = 'active'");
- $row2 = $query->fetch_assoc();
- $_SESSION['2fa'] = TRUE;
- $_SESSION['loggedin'] = true;
- $_SESSION['username'] = $_POST['username'];
- $_SESSION['role'] = $row2['role'];
- $_SESSION['name'] = $row2['name'];
- $_SESSION['rang'] = $row2['rang'];
- $_SESSION['id'] = $row2['id'];
- if (isset($_SESSION['returnpage'])) {
- Header("Location: ".$_SESSION['returnpage']);
- } else {
- Header("Location: index");
- }
- } else {
- Header("Location: ?result=2fafail");
- }
- exit;
- }
- ?>
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="utf-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
- <meta name="description" content="">
- <meta name="author" content="">
- <title>dsadsadsa - Inloggen</title>
- <!-- Bootstrap core CSS-->
- <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">
- <!-- Custom fonts for this template-->
- <link href="vendor/font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">
- <!-- Custom styles for this template-->
- <link href="css/sb-admin.css" rel="stylesheet">
- <meta name="theme-color" content="<?php echo $browser_color; ?>">
- </head>
- "<body style='background-image: url("afbeelding/afbeelding.jpg");'>";
- <div class="container">
- <div class="card card-login mx-auto mt-5">
- <div class="card-header">dsada sad - Inloggen<div class="pull-right"><!--<a href="#" data-toggle="modal" data-target="#exampleModal">Disclaimer</a>--></div></div>
- <div class="card-body">
- <!--<img height="110" src="img/politiedd.svg"><br><br>-->
- <form method="POST">
- <input type="hidden" name="form" value="<?php if (isset($_GET['2fa'])) { echo '2fa'; } else { echo 'login'; } ?>">
- <div class="form-group">
- <label for="exampleInputEmail1">Gebruikersnaam: </label>
- <input class="form-control" id="exampleInputEmail1" type="text" name="username" aria-describedby="emailHelp" placeholder="Gebruikersnaam" <?php if (isset($_GET['2fa'])) { echo "disabled"; } ?>>
- </div>
- <div class="form-group">
- <label for="exampleInputPassword1">Wachtwoord: </label>
- <input class="form-control" id="exampleInputPassword1" type="password" name="password" placeholder="Wachtwoord" <?php if (isset($_GET['2fa'])) { echo "disabled"; } ?>>
- </div>
- <div class="form-group">
- <div class="">Disclaimer: Bij het gebruik maken van dit progamma, ga je akkoord met de algemene voorwaardes die je <a href="informatie.php">hier</a> kan vinden. <div class=><!--<a href="#" data-toggle="modal" data-target="#exampleModal">Disclaimer</a>--></div></div>
- </div>
- <input type="submit" value="Inloggen" class="btn btn-primary btn-block">
- <?php if (isset($_GET['2fa'])) { ?>
- <div class="form-group">
- <label for="exampleInputPassword1">2FA toegangscode: </label>
- <input class="form-control" id="exampleInputPassword1" type="text" name="2fa" pattern="[^' ']+" placeholder="252987" autofocus>
- </div>
- <?php } ?>
- </form>
- </div>
- </div>
- </div>
- <!-- Bootstrap core JavaScript-->
- <script src="vendor/jquery/jquery.min.js"></script>
- <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
- <!-- Core plugin JavaScript-->
- <script src="vendor/jquery-easing/jquery.easing.min.js"></script>
- </body>
- <div class="modal fade" id="exampleModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
- <div class="modal-dialog" role="document">
- <div class="modal-content">
- <div class="modal-header">
- <h5 class="modal-title">Disclaimer</h5>
- <button type="button" class="close" data-dismiss="modal" aria-label="Close">
- <span aria-hidden="true">×</span>
- </button>
- </div>
- <div class="modal-body">
- <p>Pd</p>
- </div>
- <div class="modal-footer">
- <button type="button" class="btn btn-secondary" data-dismiss="modal">Sluiten</button>
- </div>
- </div>
- </div>
- </div>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement