Actualiser login.php
This commit is contained in:
parent
3a958c31a4
commit
1d9c33c851
42
login.php
42
login.php
|
|
@ -2,34 +2,18 @@
|
|||
session_start();
|
||||
require 'db.php';
|
||||
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
/* Rate limit: 1 post / minute */
|
||||
$stmt = $pdo->prepare("SELECT created_at FROM posts WHERE ip=? ORDER BY created_at DESC LIMIT 1");
|
||||
$stmt->execute([$ip]);
|
||||
$last = $stmt->fetch();
|
||||
|
||||
if ($last && strtotime($last['created_at']) > time() - 60) {
|
||||
die("Rate limit exceeded (1 post/minute)");
|
||||
}
|
||||
|
||||
$imageName = null;
|
||||
|
||||
if (!empty($_FILES['image']['name'])) {
|
||||
if ($_FILES['image']['size'] > 2 * 1024 * 1024) {
|
||||
die("Image too large");
|
||||
}
|
||||
|
||||
$ext = strtolower(pathinfo($_FILES['image']['name'], PATHINFO_EXTENSION));
|
||||
if (!in_array($ext, ['png', 'jpeg', 'jpg'])) {
|
||||
die("Invalid file type");
|
||||
}
|
||||
|
||||
$imageName = uniqid() . '.' . $ext;
|
||||
move_uploaded_file($_FILES['image']['tmp_name'], "uploads/$imageName");
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare("INSERT INTO posts (message, image, ip) VALUES (?, ?, ?)");
|
||||
$stmt->execute([$_POST['message'], $imageName, $ip]);
|
||||
if ($_POST) {
|
||||
$stmt = $pdo->query("SELECT * FROM admin LIMIT 1");
|
||||
$admin = $stmt->fetch();
|
||||
|
||||
if ($admin && password_verify($_POST['password'], $admin['password_hash'])) {
|
||||
$_SESSION['admin'] = true;
|
||||
header("Location: index.php");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
?>
|
||||
<form method="POST">
|
||||
<input type="password" name="password">
|
||||
<button>Login</button>
|
||||
</form>
|
||||
|
|
|
|||
Loading…
Reference in New Issue