new g4o2 chat login page

Author: Maxhu787

new-g4o2-chat/css/style.css

@@ -1,3 +1,8 @@
 body {
     padding-top: 65px;
+    background-color: black !important;
+}
+
+main {
+    padding: 35px;
 }

new-g4o2-chat/index.php

@@ -81,79 +81,85 @@
                         <a class="nav-link disabled">Private Messaging (coming soon)</a>
                     </li>
                 </ul>
-                <a class="btn btn-outline-success" href="./login.php"><?= isset($_SESSION['user_id']) ? 'Logout' : 'Login' ?></a>
+               <?= isset($_SESSION['user_id']) ? '<a class="btn btn-outline-success" href="./logout.php">Logout</a>' : '<a class="btn btn-outline-success" href="./login.php">Login</a>' ?>
             </div>
         </div>
     </nav>
     <main>
-        <?php
-        echo '
-            <table class="table">
+        <div class="w-75 p-2" style="background-color: #eee;margin: auto;">
+            <?php
+            if (isset($_SESSION['user_id'])) {
+                echo '
+            <table class="table table-light table-hover">
             <thead class="thead-dark">
                 <tr>
-                    <th scope="col">#</th>
-                    <th scope="col">Name</th>
-                    <th scope="col">Email</th>
-                    <th scope="col">Last active</th>
+                    <th scope="col" style="background-color: #eee;">#</th>
+                    <th scope="col" style="background-color: #eee;">Name</th>
+                    <th scope="col" style="background-color: #eee;">Email</th>
+                    <th scope="col" style="background-color: #eee;">Last active</th>
                 </tr>
             </thead>
             <tbody>';
-        foreach ($accounts as $account) {
-            if ($account['pfp'] != null) {
-                $pfpsrc = $account['pfp'];
-            } else {
-                $pfpsrc = $pfpsrc_default;
-            }
+                foreach ($accounts as $account) {
+                    if ($account['pfp'] != null) {
+                        $pfpsrc = $account['pfp'];
+                    } else {
+                        $pfpsrc = $pfpsrc_default;
+                    }
 
-            $pfp = "<a class='pfp-link' href='./profile.php?user={$account['user_id']}'><img style='border-radius: 100px; margin-left: 10px; ' height='20px' width='20px' src='$pfpsrc'></a>";
+                    $pfp = "<a class='pfp-link' href='./profile.php?user={$account['user_id']}'><img style='border-radius: 100px; margin-left: 10px; ' height='20px' width='20px' src='$pfpsrc'></a>";
 
-            $statement = $pdo->prepare("SELECT * FROM user_status_log where user_Id = :usr");
-            $statement->execute(array(':usr' => $account['user_id']));
-            $user_status_log = $statement->fetch();
-            $userStatus = ($user_status_log != null) ? $user_status_log['last_active_date_time'] : "Undefined";;
+                    $statement = $pdo->prepare("SELECT * FROM user_status_log where user_Id = :usr");
+                    $statement->execute(array(':usr' => $account['user_id']));
+                    $user_status_log = $statement->fetch();
+                    $userStatus = ($user_status_log != null) ? $user_status_log['last_active_date_time'] : "Undefined";;
 
-            if ($userStatus === "Undefined") {
-                $diff = "<p class='text-danger'>Null</p>";
-            } else {
-                $last_online    = $userStatus;
-                $current_date_time = date(DATE_RFC2822);
-                $last_online     = new DateTime($last_online);
-                $current_date_time = new DateTime($current_date_time);
+                    if ($userStatus === "Undefined") {
+                        $diff = "<p class='text-danger'>Null</p>";
+                    } else {
+                        $last_online    = $userStatus;
+                        $current_date_time = date(DATE_RFC2822);
+                        $last_online     = new DateTime($last_online);
+                        $current_date_time = new DateTime($current_date_time);
 
-                $diff = $current_date_time->diff($last_online)->format("last online %a days %h hours and %i minutes ago");
-                $exploded = explode(" ", $diff);
+                        $diff = $current_date_time->diff($last_online)->format("last online %a days %h hours and %i minutes ago");
+                        $exploded = explode(" ", $diff);
 
-                if ($exploded[2] == "1") {
-                    $diff = "<p class='text-warning'>$exploded[2]&nbsp;day&nbsp;ago</p>";
-                } elseif ($exploded[4] == "1") {
-                    $diff = "<p class='text-warning''>$exploded[4]&nbsp;hour&nbsp;ago</p>";
-                } elseif ($exploded[7] == "1") {
-                    $diff = "<p class='text-warning''>$exploded[7]&nbsp;minute&nbsp;ago</p>";
-                } elseif ($exploded[2] !== "0") {
-                    $diff = "<p class='text-warning''>$exploded[2]&nbsp;days&nbsp;ago</p>";
-                } elseif ($exploded[4] !== "0") {
-                    $diff = "<p class='text-warning''>$exploded[4]&nbsp;hours&nbsp;ago</p>";
-                } elseif ($exploded[7] !== "0") {
-                    $diff = "<p class='text-warning''>$exploded[7]&nbsp;minutes&nbsp;ago</p>";
-                } else {
-                    $diff = "<p class='text-success'>Online</p>";
+                        if ($exploded[2] == "1") {
+                            $diff = "<p class='text-warning'>$exploded[2]&nbsp;day&nbsp;ago</p>";
+                        } elseif ($exploded[4] == "1") {
+                            $diff = "<p class='text-warning''>$exploded[4]&nbsp;hour&nbsp;ago</p>";
+                        } elseif ($exploded[7] == "1") {
+                            $diff = "<p class='text-warning''>$exploded[7]&nbsp;minute&nbsp;ago</p>";
+                        } elseif ($exploded[2] !== "0") {
+                            $diff = "<p class='text-warning''>$exploded[2]&nbsp;days&nbsp;ago</p>";
+                        } elseif ($exploded[4] !== "0") {
+                            $diff = "<p class='text-warning''>$exploded[4]&nbsp;hours&nbsp;ago</p>";
+                        } elseif ($exploded[7] !== "0") {
+                            $diff = "<p class='text-warning''>$exploded[7]&nbsp;minutes&nbsp;ago</p>";
+                        } else {
+                            $diff = "<p class='text-success'>Online</p>";
+                        }
+                    }
+                    echo "<tr><th scope='row'>";
+                    echo ($account['user_id']);
+                    echo $pfp;
+                    echo ("</th><td>");
+                    echo "<a href='./profile.php?user={$account['user_id']}' >" . $account['name'] . "</a>";
+                    echo "<td>";
+                    echo ($account['show_email'] === "True") ? "<p class=''>" . $account['email'] . "</p>" : "<p class='text-warning'>Hidden</p>";
+                    echo ("</td><td>");
+                    echo $diff;
+                    echo ("</td></tr>\n");
+                    echo ("</td></tr>\n");
                 }
+                echo "<tbody></table>";
+                echo $_SESSION['user_id'];
+            } else {
+                echo '<p>Please login</p>';
             }
-            echo "<tr><th scope='row'>";
-            echo ($account['user_id']);
-            echo $pfp;
-            echo ("</th><td>");
-            echo "<a href='./profile.php?user={$account['user_id']}' >" . $account['name'] . "</a>";
-            echo "<td>";
-            echo ($account['show_email'] === "True") ? "<p class='text-black'>" . $account['email'] . "</p>" : "<p class='text-warning'>Hidden</p>";
-            echo ("</td><td>");
-            echo $diff;
-            echo ("</td></tr>\n");
-            echo ("</td></tr>\n");
-        }
-        echo "<tbody></table>";
-
-        ?>
+            ?>
+        </div>
     </main>
     <footer class="text-center text-lg-start bg-light text-muted">
         <section class="d-flex justify-content-center justify-content-lg-between p-4 border-bottom">

new-g4o2-chat/login.php

@@ -0,0 +1,180 @@
+<?php
+require_once "pdo.php";
+require_once "head.php";
+
+date_default_timezone_set('Asia/Taipei');
+
+$host = $_SERVER['HTTP_HOST'];
+$ruta = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
+$url = "http://$host$ruta";
+
+if (isset($_POST["cancel"])) {
+    header("Location: $url/index.php");
+    die();
+}
+
+if (isset($_POST["email"]) && isset($_POST["pass"])) {
+    unset($SESSION["name"]);
+    unset($SESSION["user_id"]);
+    session_destroy();
+    session_start();
+    $salt = getenv('SALT');
+    $check = hash("md5", $salt . $_POST["pass"]);
+
+    $stmt = $pdo->prepare(
+        'SELECT user_id, name, email, disabled
+        FROM account
+        WHERE
+        email = :em AND
+        password = :pw'
+    );
+    $stmt->execute(array(':em' => $_POST['email'], ':pw' => $check));
+    $row = $stmt->fetch(PDO::FETCH_ASSOC);
+    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+
+    if ($row !== false) {
+        if ($row['disabled'] === "True") {
+            $_SESSION["error"] = "Account disabled";
+            error_log("Login fail disabled account " . $_POST['email'] . " " . $ip . " (" . date(DATE_RFC2822) . ")\n", 3, "./logs/logs.log");
+            header("Location: $url/login.php");
+            die();
+        }
+        if ($_POST["email"] == 'g4o2@protonmail.com' || $_POST["email"] == 'g4o3@protonmail.com' || $_POST["email"] == 'maxhu787@gmail.com') {
+            // error_log("Login success admin account (" . date(DATE_RFC2822) . ")\n", 3, "./logs/logs.log");
+        } else {
+            error_log("Login success " . $_POST['email'] . " " . $ip . " (" . date(DATE_RFC2822) . ")\n", 3, "./logs/logs.log");
+        }
+        $_SESSION["user_id"] = $row["user_id"];
+        $_SESSION["name"] = $row["name"];
+        $_SESSION['email'] = $row['email'];
+        $_SESSION["success"] = "Logged in.";
+        header("Location: $url/index.php");
+        die();
+    } else {
+        $_SESSION["error"] = "Incorrect email or password";
+        error_log("Login fail wrong password " . $_POST['email'] . " " . $check . " " . $ip . " (" . date(DATE_RFC2822) . ")\n", 3, "./logs/logs.log");
+        header("Location: $url/login.php");
+        die();
+    }
+}
+?>
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <title>Login</title>
+    <style>
+        html,
+        body {
+            height: 100%;
+            background-color: #fff !important;
+        }
+
+        body {
+            display: -ms-flexbox;
+            display: -webkit-box;
+            display: flex;
+            -ms-flex-align: center;
+            -ms-flex-pack: center;
+            -webkit-box-align: center;
+            align-items: center;
+            -webkit-box-pack: center;
+            justify-content: center;
+            padding-top: 40px;
+            padding-bottom: 40px;
+            background-color: #f5f5f5;
+        }
+
+        .form-signin {
+            width: 100%;
+            max-width: 330px;
+            padding: 15px;
+            margin: 0 auto;
+        }
+
+        .form-signin .checkbox {
+            font-weight: 400;
+        }
+
+        .form-signin .form-control {
+            position: relative;
+            box-sizing: border-box;
+            height: auto;
+            padding: 10px;
+            font-size: 16px;
+        }
+
+        .form-signin .form-control:focus {
+            z-index: 2;
+        }
+
+        .form-signin input[type="email"] {
+            margin-bottom: -1px;
+            border-bottom-right-radius: 0;
+            border-bottom-left-radius: 0;
+        }
+
+        .form-signin input[type="password"] {
+            margin-bottom: 10px;
+            border-top-left-radius: 0;
+            border-top-right-radius: 0;
+        }
+    </style>
+</head>
+
+<body class="text-center">
+    <form class="form-signin" method="post">
+        <img class="mb-4" src="./assets/images/g4o2.jpeg" alt="" width="72" height="72">
+        <h1 class="h3 mb-3 font-weight-normal">Please sign in</h1>
+        <p>
+            <?php
+            if (isset($_SESSION["error"])) {
+                echo ('<p style="color: red;">' . htmlentities($_SESSION["error"]) . "</p>");
+                unset($_SESSION["error"]);
+            }
+            if (isset($_SESSION["success"])) {
+                echo ('<p style="color: green">' . htmlentities($_SESSION["success"]) . "</p>");
+                unset($_SESSION["success"]);
+            }
+            ?>
+        </p>
+        <label for="inputEmail" class="sr-only">Email address</label>
+        <input type="email" id="id_email" class="form-control" name="email" placeholder="Email address" required="" autofocus="">
+        <label for="inputPassword" class="sr-only">Password</label>
+        <input type="password" id="id_pass" class="form-control" name="pass" placeholder="Password" required="">
+        <div class="checkbox mb-3">
+            <label>
+                <input type="checkbox" value="remember-me"> Remember me
+            </label>
+        </div>
+        <button class="btn btn-lg btn-primary btn-block" type="submit" onclick="return doValidate();">Sign in</button>
+        <p class="mt-5 mb-3 text-muted">© <?= date("Y") ?></p>
+        <p>Don't have an account yet? <a href='./signup.php'>register</a></p>
+    </form>
+    </form>
+    <script>
+        function doValidate() {
+            console.log("Validating...");
+            try {
+                email = document.getElementById("id_email").value;
+                pw = document.getElementById("id_pass").value;
+                console.log("Validating email=" + email);
+                console.log("Validating pw=" + pw);
+                if (pw == null || pw == "" || email == null || email == "") {
+                    alert("Both fields must be filled out");
+                    return false;
+                }
+                if (email.search("@") === -1) {
+                    alert("Email address must contain @");
+                    return false;
+                }
+                return true;
+            } catch (e) {
+                return false;
+            }
+            return false;
+        }
+    </script>
+</body>
+
+</html>

new-g4o2-chat/logout.php

@@ -0,0 +1,16 @@
+<?php
+session_start();
+date_default_timezone_set('Asia/Taipei');
+
+if ($_POST["email"] == 'g4o2@protonmail.com' || $_POST["email"] == 'g4o3@protonmail.com' || $_POST["email"] == 'maxhu787@gmail.com') {
+    // error_log("Logout success admin account " . $_SESSION['email'] . " (" . date(DATE_RFC2822) . ")\n", 3, "./logs/logs.log");
+} else {
+    error_log("Logout success " . $_SESSION['email'] . " (" . date(DATE_RFC2822) . ")\n", 3, "./logs/logs.log");
+}
+unset($_SESSION['name']);
+unset($_SESSION['user_id']);
+unset($_SESSION['email']);
+session_start();
+session_destroy();
+
+header('Location: index.php');

new-g4o2-chat/logs/logs.log

@@ -0,0 +1,3 @@
+Login fail wrong password g4o2@praweaweotonmail.com 45c4fd97cdd8eb4e85749cf13b518cea  (Thu, 02 Feb 2023 09:51:58 +0800)
+Login fail wrong password g4o2@protonmaawdawdil.com 45c4fd97cdd8eb4e85749cf13b518cea  (Thu, 02 Feb 2023 09:52:23 +0800)
+Logout success g4o2@protonmail.com (Thu, 02 Feb 2023 09:54:59 +0800)

new-g4o2-chat/pdo.php

@@ -1,4 +1,5 @@
 <?php
+session_start();
 ob_start();
 ini_set('display_errors', 0);