-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
47 lines (39 loc) · 1.03 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?php
session_start();
error_reporting(0);
require_once 'config.php';
require_once 'totp.php';
// Register correct TOTP's entering time and reload the script.
if (isset($_GET['otp']) && getOTP($otp_secret) == $_GET['otp'])
{
$_SESSION['totp-main'] = time();
// TODO: $_SESSION['trials-left'] = 2;
header('Location: .');
die;
}
// Destroy session on request.
if (isset($_GET['destroy']) && $_GET['destroy'] == 'yes')
{
$_SESSION['totp-main'] = '';
unset($_SESSION['totp-main']);
header('Location: .');
die;
}
// Check whether user's IP address is trusted.
try
{
$pdo = new PDO($db_host, $db_user, $db_pass);
$pdo -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo -> prepare("SELECT `ip` FROM `trusted_ips` WHERE `ip` = :ip");
$stmt -> bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
$stmt -> execute();
if ($user = $stmt -> fetch())
{
$_SESSION['totp-main'] = -1;
}
}
catch(PDOException $e)
{
// Silent fail. Guess we'll live without trusted IP database then...
}
require 'invisibility.php';