gitea-admin
/
DevWEB
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Actualiser login.php

This commit is contained in:
gitea-admin 2026-01-05 20:23:58 +00:00
parent 3a958c31a4
commit 1d9c33c851
1 changed files with 12 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
login.php
View File

@ -2,34 +2,18 @@
session_start(); session_start();
require 'db.php'; require 'db.php';
$ip = $_SERVER['REMOTE_ADDR']; if ($_POST) {
$stmt = $pdo->query("SELECT * FROM admin LIMIT 1");
/* Rate limit: 1 post / minute */ $admin = $stmt->fetch();
$stmt = $pdo->prepare("SELECT created_at FROM posts WHERE ip=? ORDER BY created_at DESC LIMIT 1");
$stmt->execute([$ip]);
$last = $stmt->fetch();
if ($last && strtotime($last['created_at']) > time() - 60) {
die("Rate limit exceeded (1 post/minute)");
}
$imageName = null;
if (!empty($_FILES['image']['name'])) {
if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
die("Image too large");
}
$ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
if (!in_array($ext, ['png', 'jpeg', 'jpg'])) {
die("Invalid file type");
}
$imageName = uniqid() . '.' . $ext;
move_uploaded_file($_FILES['image']['tmp_name'], "uploads/$imageName");
}
$stmt = $pdo->prepare("INSERT INTO posts (message, image, ip) VALUES (?, ?, ?)");
$stmt->execute([$_POST['message'], $imageName, $ip]);
if ($admin && password_verify($_POST['password'], $admin['password_hash'])) {
$_SESSION['admin'] = true;
header("Location: index.php"); header("Location: index.php");
exit;
}
}
?>
<form method="POST">
<input type="password" name="password">
<button>Login</button>
</form>