PHP WebShell

Текущая директория: /var/www/bitcardoApp/auth
.. (вверх)
[DIR] ..
[FILE] challenge.php
[FILE] footer.php
[FILE] forgot.php
[FILE] header.php
[FILE] login.php
[FILE] register.php
[FILE] reset.php
Просмотр файла: login.php

<?php
if (session_status() === PHP_SESSION_NONE) session_start();
require_once __DIR__ . '/../config/bootstrap.php'; // gives csrf_token() if you added lib/csrf.php
if (!empty($_SESSION['loggedIn'])) {
  header("Location: ../user/dashboard/index.php"); exit;
}
$error     = $_SESSION['error'] ?? '';
$form_data = $_SESSION['form_data'] ?? [];
unset($_SESSION['error'], $_SESSION['form_data']);
include __DIR__ . '/header.php';
?>
<style>
  /* Make sure the primary button is visible and readable */
  .btn-primary {
    background:#076289 !important;
    border-color:#076289 !important;
    color:#fff !important;
    font-weight:600;
  }
  .btn-primary:hover, .btn-primary:focus {
    background:#fff !important;
    color:#076289 !important;
    border-color:#076289 !important;
    box-shadow:0 0 0 3px rgba(7,98,137,.15);
  }
  /* Ensure content cannot hide behind the fixed-bottom footer on mobile */
  .auth-spacer {
    height: 100px; /* just above your footer height */
  }
  /* Optional: prevent any parent from accidentally hiding the button */
  .auth-actions { position: relative; z-index: 2; }


  .stay-signed-wrapper {
    /* keeps spacing tight like other fields */
    margin-bottom: 12px;
}

.stay-signed-wrapper .form-label {
    font-size: 0.95rem;
}

.stay-select {
    width: 180px;       /* make it visually light */
    max-width: 100%;    /* don’t overflow on small screens */
}

/* On very small screens, let it expand for usability */
@media (max-width: 576px) {
    .stay-select {
        width: 100%;
    }
}

</style>

<div class="container">
  <div class="offset-md-4 col-md-4">
    <div class="form-signin text-center mt-1 pt-3 px-3">
      <h2 class="mb-1 fw-semibold mt-4">Welcome Back.</h2>
      <p class="text-muted mb-4">
        New to Bitcardo?
        <!-- <a href="register.php" class="text-decoration-none fw-semibold text-primary">Sign up</a> -->
      </p>

      <form method="POST" action="../models/auth/login_process.php" class="text-start">
        <!-- CSRF (required by login_process.php) -->
        <input type="hidden" name="csrf" value="<?= htmlspecialchars($_SESSION['csrf'] ?? '') ?>">

        <?php if ($error): ?>
          <div class="alert alert-danger"><?= htmlspecialchars($error) ?></div>
        <?php endif; ?>

        <div class="mb-3">
          <label for="email" class="form-label ms-1">Email or Phone</label>
          <input
            type="text"
            name="login"
            class="form-control"
            id="email"
            placeholder="you@example.com"
            value="<?= htmlspecialchars($form_data['login'] ?? '') ?>"
            required
            autocomplete="username"
          />
        </div>

        <div class="mb-3 position-relative">
          <label for="password" class="form-label ms-1">Password</label>
          <input
            type="password"
            name="password"
            class="form-control"
            id="password"
            placeholder="Enter your password"
            required
            autocomplete="current-password"
          />
          <span class="position-toggle" onclick="togglePassword()" style="position:absolute; right:12px; top:38px; cursor:pointer;">
            <i class="bi bi-eye" id="eyeIcon"></i>
          </span>
        </div>

        <div class="mb-3 stay-signed-wrapper">
          <label for="remember_duration" class="form-label ms-1 mb-1">
            Stay signed in for
          </label>

          <select name="remember_duration" id="remember_duration"
                  class="form-select stay-select w-100">
            <option value="0">This session only</option>
            <option value="3600">1 hour</option>
            <option value="86400" selected>1 day</option>
            <option value="604800">7 days</option>
            <option value="2592000">30 days (private device)</option>
          </select>
        </div>





        <div class="captcha-wrapper mb-3">
          <!-- reCAPTCHA widget -->
          <div
            class="g-recaptcha"
            data-sitekey="<?= htmlspecialchars(defined('RECAPTCHA_SITE_KEY') ? RECAPTCHA_SITE_KEY : '') ?>">
          </div>
        </div>

        <div class="auth-actions">
          <button class="w-100 btn btn-primary rounded-5 btn-lg mb-2" type="submit">Log in</button>
          <div class="text-center">
            <a href="forgot.php" class="text-decoration-none btn btn-white">Forgot password?</a>
          </div>
        </div>
      </form>

      <div class="auth-spacer"></div>
    </div>
  </div>
</div>

<!-- reCAPTCHA script (required for the widget to render) -->
<script src="https://www.google.com/recaptcha/api.js" async defer></script>

<script>
  function togglePassword() {
    const input = document.getElementById("password");
    const eye   = document.getElementById("eyeIcon");
    const isPw  = input.type === "password";
    input.type = isPw ? "text" : "password";
    eye.classList.toggle("bi-eye");
    eye.classList.toggle("bi-eye-slash");
  }
</script>

<?php include __DIR__ . '/footer.php'; ?>
Выполнить команду

Для локальной разработки. Не используйте в интернете!