TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove: Delete duplicate validate_login.php from src/processors - keep only root endpoint

Browse Source
This commit is contained in:
twotalesanimation
2025-12-04 15:24:39 +02:00
parent ac460ef97f
commit 902291d8d1
12 changed files with 92 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
index.php
View File

@@ -1,6 +1,7 @@
<?php <?php
$rootPath = dirname(__FILE__);
$headerStyle = 'dark'; $headerStyle = 'dark';
include_once('header.php'); include_once($rootPath . '/header.php');
$indemnityPending = false; $indemnityPending = false;
if (isset($_SESSION['user_id']) && isset($conn) && $conn !== null) { if (isset($_SESSION['user_id']) && isset($conn) && $conn !== null) {

20
src/config/run_migration.php
View File

@@ -1,20 +0,0 @@
<?php
require 'env.php';
require 'connection.php';
$conn = openDatabaseConnection();
if (!$conn) {
die('Database connection failed');
}
$sql = file_get_contents('migrations/001_phase1_security_schema.sql');
if ($conn->multi_query($sql)) {
echo "✓ Migration executed successfully\n";
} else {
echo "✗ Migration error: " . $conn->error . "\n";
}
$conn->close();
?>

15
src/pages/other/about2.php Normal file
View File

@@ -0,0 +1,15 @@
<?php
$headerStyle = 'light';
$rootPath = dirname(dirname(dirname(__DIR__)));
include_once($rootPath . '/header.php');
?>
<!-- <?php
$pageTitle = 'About';
$breadcrumbs = [['Home' => 'index.php']];
require_once($rootPath . '/components/banner.php');
?> -->
<!-- Benefit Area start -->
<!-- <?php include_once(dirname(dirname(dirname(__DIR__))) . '/components/insta_footer.php'); ?> -->

48
src/pages/other/test_header.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
// DIAGNOSTIC TEST FILE - Shows path resolution in different contexts
echo "<!DOCTYPE html><html><head><title>Path Diagnostic</title></head><body>";
echo "<h1>Path Resolution Diagnostic</h1>";
echo "<hr>";
echo "<h2>Current Directory Information</h2>";
echo "<strong>__FILE__:</strong> " . __FILE__ . "<br>";
echo "<strong>__DIR__:</strong> " . __DIR__ . "<br>";
echo "<hr>";
echo "<h2>Directory Navigation Tests</h2>";
echo "<strong>dirname(__DIR__):</strong> " . dirname(__DIR__) . "<br>";
echo "<strong>dirname(dirname(__DIR__)):</strong> " . dirname(dirname(__DIR__)) . "<br>";
echo "<strong>dirname(dirname(dirname(__DIR__))):</strong> " . dirname(dirname(dirname(__DIR__))) . "<br>";
echo "<hr>";
echo "<h2>\$_SERVER Variables</h2>";
echo "<strong>DOCUMENT_ROOT:</strong> " . ($_SERVER['DOCUMENT_ROOT'] ?? 'NOT SET') . "<br>";
echo "<strong>SCRIPT_FILENAME:</strong> " . ($_SERVER['SCRIPT_FILENAME'] ?? 'NOT SET') . "<br>";
echo "<strong>REQUEST_URI:</strong> " . ($_SERVER['REQUEST_URI'] ?? 'NOT SET') . "<br>";
echo "<strong>SCRIPT_NAME:</strong> " . ($_SERVER['SCRIPT_NAME'] ?? 'NOT SET') . "<br>";
echo "<hr>";
echo "<h2>Path Construction Tests</h2>";
$rootPath = dirname(dirname(dirname(__DIR__)));
echo "<strong>\$rootPath (dirname × 3):</strong> " . $rootPath . "<br>";
echo "<strong>\$rootPath . '/header.php':</strong> " . $rootPath . '/header.php' . "<br>";
echo "<strong>File exists?</strong> " . (file_exists($rootPath . '/header.php') ? 'YES ✓' : 'NO ✗') . "<br>";
echo "<hr>";
echo "<h2>Alternative Path Tests</h2>";
if (isset($_SERVER['DOCUMENT_ROOT']) && is_string($_SERVER['DOCUMENT_ROOT'])) {
$altPath = $_SERVER['DOCUMENT_ROOT'];
echo "<strong>\$_SERVER['DOCUMENT_ROOT']:</strong> " . $altPath . "<br>";
echo "<strong>\$altPath . '/header.php':</strong> " . $altPath . '/header.php' . "<br>";
echo "<strong>File exists?</strong> " . (file_exists($altPath . '/header.php') ? 'YES ✓' : 'NO ✗') . "<br>";
} else {
echo "<strong>DOCUMENT_ROOT not available or not a string</strong><br>";
}
echo "<hr>";
echo "<h2>Component Path Tests</h2>";
echo "<strong>\$rootPath . '/components/insta_footer.php':</strong> " . $rootPath . '/components/insta_footer.php' . "<br>";
echo "<strong>File exists?</strong> " . (file_exists($rootPath . '/components/insta_footer.php') ? 'YES ✓' : 'NO ✗') . "<br>";
echo "</body></html>";
?>

21
src/pages/other/test_minimal.php Normal file
View File

@@ -0,0 +1,21 @@
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
echo "Step 1: Starting script<br>";
$rootPath = dirname(dirname(dirname(__DIR__)));
echo "Step 2: Root path = " . $rootPath . "<br>";
echo "Step 3: Header path = " . $rootPath . '/header.php' . "<br>";
echo "Step 4: File exists? " . (file_exists($rootPath . '/header.php') ? 'YES' : 'NO') . "<br>";
$headerStyle = 'light';
echo "Step 5: About to include header<br>";
include_once($rootPath . '/header.php');
echo "Step 6: Header included successfully<br>";
?>
<h1>Test Page Content</h1>
<?php
echo "Step 7: About to include footer<br>";
include_once($rootPath . '/components/insta_footer.php');
echo "Step 8: Footer included successfully<br>";
?>

BIN
src/processors/assets/images/pp/30f28b416b64c436a9bbc32dbe7bbe6b.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 291 KiB

BIN
src/processors/assets/images/pp/3fbcad3aa80dfa3bc0eb2043b8c40e2c.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 291 KiB

BIN
src/processors/assets/images/pp/890eae390ea339ca08307c847d5758a3.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.4 MiB

BIN
src/processors/uploads/pop/c97bc77d8901921ed82978c4ed68ec95.pdf
View File

Binary file not shown.

BIN
src/processors/uploads/signatures/signature_155.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 6.1 KiB

223
src/processors/validate_login.php
View File

@@ -1,223 +0,0 @@
<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . "/src/config/env.php");
require_once($rootPath . "/src/config/session.php");
require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . '/google-client/vendor/autoload.php'); // Add this line for Google Client
// Check if connection is established
if (!$conn) {
json_encode(['status' => 'error', 'message' => 'Database connection failed.']);
exit();
}
// Google Client Setup
$client = new Google_Client();
$client->setClientId($_ENV['GOOGLE_CLIENT_ID']);
$client->setClientSecret($_ENV['GOOGLE_CLIENT_SECRET']);
$client->setRedirectUri($_ENV['HOST'] . '/validate_login');
$client->addScope("email");
$client->addScope("profile");
// 👇 Add this to force the account picker
$client->setPrompt('select_account');
// Check if Google login code is set
if (isset($_GET['code'])) {
$token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
if (!isset($token["error"])) {
$client->setAccessToken($token['access_token']);
$google_oauth = new Google_Service_Oauth2($client);
$google_account_info = $google_oauth->userinfo->get();
// Get user info from Google
$email = $google_account_info->email;
$name = $google_account_info->name;
$first_name = $google_account_info->given_name;
$last_name = $google_account_info->family_name;
$picture = $google_account_info->picture;
// Check if the user exists in the database
$query = "SELECT * FROM users WHERE email = ?";
$stmt = $conn->prepare($query);
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows == 0) {
// User does not exist, so register them
$password = null; // No password for Google login
$query = "INSERT INTO users (email, first_name, last_name, profile_pic, password, is_verified) VALUES (?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($query);
$is_verified = 1; // Assuming Google users are considered verified
$stmt->bind_param("sssssi", $email, $first_name, $last_name, $picture, $password, $is_verified);
if ($stmt->execute()) {
// User successfully registered, set session and redirect
sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just created an account using Google Login.');
$_SESSION['user_id'] = $conn->insert_id;
$_SESSION['first_name'] = $first_name;
$_SESSION['profile_pic'] = $picture;
processLegacyMembership($_SESSION['user_id']);
// echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
header("Location: index");
exit();
} else {
// echo json_encode(['status' => 'error', 'message' => 'Failed to register user.']);
header("Location: index");
exit();
}
} else {
// User exists, set session and redirect
$row = $result->fetch_assoc();
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['profile_pic'] = $row['profile_pic'];
sendEmail('chrispintoza@gmail.com', '4WDCSA: New User Login', $name.' has just logged in using Google Login.');
// echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
header("Location: index");
exit();
}
$stmt->close();
} else {
echo "Login failed.";
exit();
}
}
// Check if email and password login is requested
if (isset($_POST['email']) && isset($_POST['password'])) {
// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
auditLog(null, 'CSRF_VALIDATION_FAILED', 'users', null, ['endpoint' => 'validate_login.php']);
echo json_encode(['status' => 'error', 'message' => 'Security token validation failed. Please try again.']);
exit();
}
// Retrieve and validate email input
$email = validateEmail($_POST['email']);
if ($email === false) {
auditLog(null, 'INVALID_EMAIL_FORMAT', 'users', null, ['email' => $_POST['email']]);
echo json_encode(['status' => 'error', 'message' => 'Invalid email format.']);
exit();
}
// Retrieve and sanitize password
$password = isset($_POST['password']) ? trim($_POST['password']) : '';
// Basic validation
if (empty($email) || empty($password)) {
echo json_encode(['status' => 'error', 'message' => 'Please enter both email and password.']);
exit();
}
// Check for account lockout
$lockoutStatus = checkAccountLockout($email);
if ($lockoutStatus['is_locked']) {
auditLog(null, 'LOGIN_ATTEMPT_LOCKED_ACCOUNT', 'users', null, [
'email' => $email,
'locked_until' => $lockoutStatus['locked_until']
]);
echo json_encode([
'status' => 'error',
'message' => 'Account is temporarily locked due to multiple failed login attempts. Please try again in ' . $lockoutStatus['minutes_remaining'] . ' minutes.'
]);
exit();
}
// Check recent failed attempts
$recentFailedAttempts = countRecentFailedAttempts($email);
if ($recentFailedAttempts >= 5) {
// Lock account for 15 minutes
lockAccount($email, 15);
auditLog(null, 'ACCOUNT_LOCKED_THRESHOLD', 'users', null, [
'email' => $email,
'failed_attempts' => $recentFailedAttempts
]);
echo json_encode([
'status' => 'error',
'message' => 'Account locked due to multiple failed login attempts. Please try again in 15 minutes.'
]);
exit();
}
// Prepare SQL statement to fetch user details
$query = "SELECT * FROM users WHERE email = ?";
$stmt = $conn->prepare($query);
if (!$stmt) {
echo json_encode(['status' => 'error', 'message' => 'Database query preparation failed.']);
exit();
}
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
// Check if user exists and verify password
if ($result->num_rows == 1) {
$row = $result->fetch_assoc();
// Check if the user is verified
if ($row['is_verified'] == 0) {
recordLoginAttempt($email, false);
auditLog(null, 'LOGIN_ATTEMPT_UNVERIFIED_ACCOUNT', 'users', $row['user_id']);
echo json_encode(['status' => 'error', 'message' => 'Your account is not verified. Please check your email for the verification link.']);
exit();
}
if (password_verify($password, $row['password'])) {
// Record successful attempt
recordLoginAttempt($email, true);
// Regenerate session ID to prevent session fixation attacks
session_regenerate_id(true);
// Password is correct, set up session
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['profile_pic'] = $row['profile_pic'];
// Set session timeout (30 minutes)
$_SESSION['login_time'] = time();
$_SESSION['session_timeout'] = 1800; // 30 minutes in seconds
auditLog($row['user_id'], 'LOGIN_SUCCESS', 'users', $row['user_id']);
echo json_encode(['status' => 'success', 'message' => 'Successful Login']);
} else {
// Password is incorrect - record failed attempt
recordLoginAttempt($email, false);
auditLog(null, 'LOGIN_FAILED_INVALID_PASSWORD', 'users', null, ['email' => $email]);
// Check if this was the threshold failure
$newFailureCount = countRecentFailedAttempts($email);
if ($newFailureCount >= 5) {
lockAccount($email, 15);
echo json_encode([
'status' => 'error',
'message' => 'Too many failed login attempts. Account locked for 15 minutes.'
]);
} else {
$attemptsRemaining = 5 - $newFailureCount;
echo json_encode([
'status' => 'error',
'message' => 'Invalid password. ' . $attemptsRemaining . ' attempts remaining before account lockout.'
]);
}
}
} else {
// User does not exist - still record attempt
recordLoginAttempt($email, false);
auditLog(null, 'LOGIN_FAILED_USER_NOT_FOUND', 'users', null, ['email' => $email]);
echo json_encode(['status' => 'error', 'message' => 'User with that email does not exist.']);
}
// Close the statement and connection
$stmt->close();
}
// Close connection
$conn->close();
exit();
?>

11
validate_login.php
View File

@@ -1,9 +1,10 @@
<?php <?php
require_once("env.php"); $rootPath = dirname(__FILE__);
require_once("session.php"); require_once($rootPath . "/src/config/env.php");
require_once("connection.php"); require_once($rootPath . "/src/config/session.php");
require_once("functions.php"); require_once($rootPath . "/src/config/connection.php");
require_once 'google-client/vendor/autoload.php'; // Add this line for Google Client require_once($rootPath . "/src/config/functions.php");
require_once($rootPath . '/google-client/vendor/autoload.php'); // Add this line for Google Client
// Check if connection is established // Check if connection is established
if (!$conn) { if (!$conn) {