Sindbad~EG File Manager
<?php
require_once '../config/config.php';
// Redirect if already logged in
if (isLoggedIn()) {
redirect('dashboard.php');
}
$error_message = '';
$login_attempts = $_SESSION['login_attempts'] ?? 0;
$last_attempt = $_SESSION['last_attempt'] ?? 0;
// Rate limiting: 5 attempts per 15 minutes
if ($login_attempts >= 5 && (time() - $last_attempt) < 900) {
$error_message = 'Too many login attempts. Please try again in 15 minutes.';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($error_message)) {
if (!validateCSRFToken($_POST['csrf_token'] ?? '')) {
$error_message = 'Invalid security token. Please try again.';
} else {
$username = sanitizeInput($_POST['username'] ?? '');
$password = $_POST['password'] ?? '';
if (empty($username) || empty($password)) {
$error_message = 'Please enter both username and password.';
} else {
$db = new Database();
$conn = $db->getConnection();
$query = "SELECT id, username, email, password, full_name, role, is_active, location_id
FROM users WHERE (username = ? OR email = ?) AND is_active = 1";
$stmt = $conn->prepare($query);
$stmt->execute([$username, $username]);
$user = $stmt->fetch();
if ($user && password_verify($password, $user['password'])) {
// Successful login
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['email'] = $user['email'];
$_SESSION['full_name'] = $user['full_name'];
$_SESSION['user_role'] = $user['role'];
$_SESSION['location_id'] = $user['location_id'];
// Reset login attempts
unset($_SESSION['login_attempts']);
unset($_SESSION['last_attempt']);
// Update last login
$update_query = "UPDATE users SET last_login = NOW() WHERE id = ?";
$update_stmt = $conn->prepare($update_query);
$update_stmt->execute([$user['id']]);
// Log activity
logActivity($user['id'], 'login', 'User logged in successfully');
redirect('dashboard.php');
} else {
// Failed login
$_SESSION['login_attempts'] = $login_attempts + 1;
$_SESSION['last_attempt'] = time();
// Log failed attempt
if ($user) {
logActivity($user['id'], 'login_failed', 'Invalid password attempt');
} else {
logActivity(null, 'login_failed', 'Invalid username: ' . $username);
}
$error_message = 'Invalid username or password.';
}
}
}
}
// Get site settings
$db = new Database();
$conn = $db->getConnection();
$query = "SELECT setting_key, setting_value FROM settings WHERE setting_key IN ('site_title', 'site_logo')";
$stmt = $conn->prepare($query);
$stmt->execute();
$settings = [];
while ($row = $stmt->fetch()) {
$settings[$row['setting_key']] = $row['setting_value'];
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin Login - <?php echo $settings['site_title'] ?? SITE_TITLE; ?></title>
<script src="https://cdn.tailwindcss.com"></script>
<script>
tailwind.config = {
theme: {
extend: {
colors: {
primary: '#3B82F6',
secondary: '#F59E0B',
accent: '#6B7280'
}
}
}
}
</script>
<link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet">
<style>
.gradient-bg {
background: linear-gradient(135deg, #3B82F6 0%, #F59E0B 50%, #6B7280 100%);
}
.login-container {
background: rgba(255, 255, 255, 0.95);
backdrop-filter: blur(10px);
}
</style>
</head>
<body class="min-h-screen gradient-bg flex items-center justify-center py-12 px-4 sm:px-6 lg:px-8">
<div class="max-w-md w-full space-y-8">
<!-- Header -->
<div class="text-center">
<img src="../<?php echo $settings['site_logo'] ?? SITE_LOGO; ?>" alt="Logo" class="mx-auto h-16 w-16 mb-4">
<h2 class="text-3xl font-bold text-white mb-2">Admin Login</h2>
<p class="text-white/80">Sign in to access the administration panel</p>
</div>
<!-- Login Form -->
<div class="login-container rounded-lg shadow-xl p-8">
<?php if ($error_message): ?>
<div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded mb-6">
<div class="flex items-center">
<i class="fas fa-exclamation-circle mr-2"></i>
<span><?php echo $error_message; ?></span>
</div>
</div>
<?php endif; ?>
<form method="POST" class="space-y-6" id="loginForm">
<input type="hidden" name="csrf_token" value="<?php echo generateCSRFToken(); ?>">
<!-- Username/Email -->
<div>
<label for="username" class="block text-sm font-medium text-gray-700 mb-2">
<i class="fas fa-user mr-2"></i>Username or Email
</label>
<input type="text" id="username" name="username" required
value="<?php echo htmlspecialchars($_POST['username'] ?? ''); ?>"
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-primary focus:border-transparent"
placeholder="Enter your username or email">
</div>
<!-- Password -->
<div>
<label for="password" class="block text-sm font-medium text-gray-700 mb-2">
<i class="fas fa-lock mr-2"></i>Password
</label>
<div class="relative">
<input type="password" id="password" name="password" required
class="w-full px-3 py-2 border border-gray-300 rounded-md focus:outline-none focus:ring-2 focus:ring-primary focus:border-transparent pr-10"
placeholder="Enter your password">
<button type="button" id="togglePassword"
class="absolute inset-y-0 right-0 pr-3 flex items-center text-gray-400 hover:text-gray-600">
<i class="fas fa-eye" id="eyeIcon"></i>
</button>
</div>
</div>
<!-- Remember Me -->
<div class="flex items-center justify-between">
<div class="flex items-center">
<input type="checkbox" id="remember" name="remember"
class="h-4 w-4 text-primary focus:ring-primary border-gray-300 rounded">
<label for="remember" class="ml-2 block text-sm text-gray-700">
Remember me
</label>
</div>
<a href="forgot-password.php" class="text-sm text-primary hover:text-blue-700">
Forgot password?
</a>
</div>
<!-- Submit Button -->
<div>
<button type="submit"
class="w-full gradient-bg text-white font-bold py-3 px-4 rounded-lg hover:opacity-90 transition duration-300 disabled:opacity-50"
<?php echo ($login_attempts >= 5 && (time() - $last_attempt) < 900) ? 'disabled' : ''; ?>>
<i class="fas fa-sign-in-alt mr-2"></i>
Sign In
</button>
</div>
</form>
<!-- Back to Home -->
<div class="text-center mt-6">
<a href="../index.php" class="text-primary hover:text-blue-700 text-sm">
<i class="fas fa-arrow-left mr-2"></i>
Back to Homepage
</a>
</div>
</div>
<!-- Security Notice -->
<div class="text-center text-white/70 text-sm">
<i class="fas fa-shield-alt mr-2"></i>
This is a secure area. All activities are logged.
</div>
</div>
<script>
// Toggle password visibility
document.getElementById('togglePassword').addEventListener('click', function() {
const password = document.getElementById('password');
const eyeIcon = document.getElementById('eyeIcon');
if (password.type === 'password') {
password.type = 'text';
eyeIcon.classList.remove('fa-eye');
eyeIcon.classList.add('fa-eye-slash');
} else {
password.type = 'password';
eyeIcon.classList.remove('fa-eye-slash');
eyeIcon.classList.add('fa-eye');
}
});
// Form submission
document.getElementById('loginForm').addEventListener('submit', function(e) {
const submitBtn = this.querySelector('button[type="submit"]');
submitBtn.innerHTML = '<i class="fas fa-spinner fa-spin mr-2"></i>Signing In...';
submitBtn.disabled = true;
});
// Auto-focus username field
document.getElementById('username').focus();
// Caps lock detection
document.getElementById('password').addEventListener('keyup', function(e) {
const capsLock = e.getModifierState && e.getModifierState('CapsLock');
const warning = document.getElementById('capsWarning');
if (capsLock) {
if (!warning) {
const warningDiv = document.createElement('div');
warningDiv.id = 'capsWarning';
warningDiv.className = 'text-yellow-600 text-sm mt-1';
warningDiv.innerHTML = '<i class="fas fa-exclamation-triangle mr-1"></i>Caps Lock is on';
this.parentNode.appendChild(warningDiv);
}
} else {
if (warning) {
warning.remove();
}
}
});
</script>
</body>
</html>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists