PK
<?php
ob_start();
//error_reporting(E_ALL ^ E_NOTICE);
@session_start();
ini_set('allow_url_include',1);
date_default_timezone_set("Asia/Kolkata");
set_time_limit(600);
ini_set('max_execution_time',600);
include 'includes/settings/constant.php';
require_once 'includes/settings/PDODB.php';
include 'includes/modules/functions.php';
$function = new FUNCTIONS();
if(!empty($_SESSION['adminId'])){
header("Location: dashboard/index.php");
exit();
}
// Initialize login attempt tracking if not set
if (!isset($_SESSION['login_attempts'])) {
$_SESSION['login_attempts'] = 0;
$_SESSION['last_login_attempt'] = 0;
$_SESSION['block_until'] = 0;
}
$blocked = false;
$remaining_time = 0;
// Check if user is blocked
if ($_SESSION['login_attempts'] >= 3) {
$current_time = time();
if ($current_time < $_SESSION['block_until']) {
$blocked = true;
$remaining_time = $_SESSION['block_until'] - $current_time;
} else {
// Reset attempts if block time has passed
$_SESSION['login_attempts'] = 0;
$_SESSION['block_until'] = 0;
}
}
if(isset($_POST['btnLogin']) && !$blocked){
$username = $_POST['username'];
$password = $_POST['password'];
if(!empty($username) && !empty($password)){
$password = md5($password);
$loginQuery = "SELECT * FROM `admin` WHERE (email='$username' OR username='$username') AND password='$password' AND isactive='1'";
$pdodb = PDODB::getInstance();
$result = $pdodb->query($loginQuery);
PDODB::closeInstance();
if(!empty(count($result))){
// Reset login attempts on successful login
$_SESSION['login_attempts'] = 0;
$_SESSION['block_until'] = 0;
$_SESSION['last_login_attempt'] = 0;
$_SESSION['adminId'] = $result[0]['id'];
$_SESSION['admin_role_id'] = $result[0]['admin_role_id'];
header("Location: dashboard/index.php");
exit();
} else {
// Increment failed login attempts
$_SESSION['login_attempts']++;
$_SESSION['last_login_attempt'] = time();
if ($_SESSION['login_attempts'] >= 3) {
$_SESSION['block_until'] = time() + 60; // Block for 60 seconds
$error_msg = "Too many failed attempts. Please try again in <span id='countdown'>60</span> seconds.";
// Force page reload to properly initialize the countdown
header("Refresh:0");
exit();
} else {
$remaining_attempts = 3 - $_SESSION['login_attempts'];
$error_msg = "Invalid credentials. You have $remaining_attempts attempts remaining.";
}
}
} else {
$error_msg = "Please enter both username and password.";
}
} elseif ($blocked) {
$error_msg = "Too many failed attempts. Please try again in <span id='countdown'>$remaining_time</span> seconds.";
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>INSPINIA | Login</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="font-awesome/css/font-awesome.css" rel="stylesheet">
<link href="css/animate.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
<!-- Add toastr CSS -->
<link href="//cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/css/toastr.min.css" rel="stylesheet">
</head>
<body class="gray-bg">
<div class="middle-box text-center loginscreen animated fadeInDown">
<div>
<div>
<h1 class="logo-name"><img src="img/rwa-logo-250.png" width="100px;"></h1>
</div>
<h3>Welcome to RWA sector-40</h3>
<p>Login in. To see it in action.</p>
<form class="m-t" role="form" action="" method="POST" id="loginForm">
<div class="form-group">
<input type="text" class="form-control" name="username" placeholder="Username & Email" required>
</div>
<div class="form-group">
<input type="password" class="form-control" name="password" placeholder="Password" required>
</div>
<button type="submit" name="btnLogin" class="btn btn-primary block full-width m-b" <?= $blocked ? 'disabled' : '' ?>>Login</button>
<p style="color:red; text-align: center;" id="errorMsg"><?=(!empty($error_msg))?$error_msg:'';?></p>
</form>
</div>
</div>
<!-- Mainly scripts -->
<script src="js/jquery-2.1.1.js"></script>
<script src="js/bootstrap.min.js"></script>
<!-- Add toastr JS -->
<script src="//cdnjs.cloudflare.com/ajax/libs/toastr.js/latest/js/toastr.min.js"></script>
<?php if ($blocked): ?>
<script>
// Real-time countdown that works reliably
$(document).ready(function() {
var initialTime = <?= $remaining_time ?>;
var countdownElement = $('#countdown');
var errorMsgElement = $('#errorMsg');
var loginButton = $('button[name="btnLogin"]');
function updateCountdown() {
var timeLeft = parseInt(countdownElement.text());
if(timeLeft <= 0) {
countdownElement.text('0');
errorMsgElement.text("You may now try to login again.");
loginButton.prop('disabled', false);
// Refresh the page to reset the session state
setTimeout(function() { location.reload(); }, 1000);
return;
}
timeLeft--;
countdownElement.text(timeLeft);
setTimeout(updateCountdown, 1000);
}
// Start the countdown
updateCountdown();
});
</script>
<?php endif; ?>
<script>
function tossterMsgAlert(msg='Welcome',title='') {
toastr.options = {
closeButton: true,
newestOnTop: false,
positionClass: 'toast-top-center',
preventDuplicates: true,
timeOut: 2000,
hideMethod: 'fadeOut'
};
toastr.warning(title,msg);
}
// Display error message if exists
<?php if (!empty($error_msg) && !$blocked): ?>
$(document).ready(function() {
tossterMsgAlert('<?= addslashes($error_msg) ?>', 'Error');
});
<?php endif; ?>
</script>
</body>
</html>
PK 99