Файловый менеджер

Файловый менеджер - Редактировать - /home/d46091/invoice.ecogenix.in/verify_otp.php

Назад
<?php session_start(); require_once('includes/connection.php'); // Database connection // Initialize variables $error_message = ''; $success_message = ''; // Check if user has valid OTP session if (!isset($_SESSION['otp_user_id']) \|\| !isset($_SESSION['temp_username']) \|\| !isset($_SESSION['temp_email'])) { header("Location: login.php?error=session_expired"); exit; } // Check session timeout (10 minutes) if (isset($_SESSION['otp_timestamp']) && (time() - $_SESSION['otp_timestamp']) > 600) { // Clear OTP session data unset($_SESSION['otp_user_id'], $_SESSION['temp_username'], $_SESSION['temp_email'], $_SESSION['otp_timestamp']); header("Location: login.php?error=otp_expired"); exit; } $user_id = $_SESSION['otp_user_id']; $username = $_SESSION['temp_username']; $email = $_SESSION['temp_email']; // Check if OTP has expired try { $stmt = $conn->prepare("SELECT otp_expiry FROM users WHERE id = ?"); $stmt->bind_param("i", $user_id); $stmt->execute(); $result = $stmt->get_result(); $user_data = $result->fetch_assoc(); $stmt->close(); if ($user_data) { // Check if OTP has expired if (strtotime($user_data['otp_expiry']) < time()) { $error_message = "OTP has expired. Please request a new one."; } } } catch (Exception $e) { error_log("Error retrieving OTP expiry: " . $e->getMessage()); $error_message = "System error (fetch expiry): " . $e->getMessage(); } if ($_SERVER["REQUEST_METHOD"] == "POST") { // Sanitize and validate OTP input $input_otp = filter_var(trim($_POST['otp']), FILTER_SANITIZE_NUMBER_INT); // Validate OTP format if (!$input_otp \|\| !preg_match('/^\d{6}$/', $input_otp)) { $error_message = "Please enter a valid 6-digit OTP."; } else { try { // Check OTP with prepared statement $stmt = $conn->prepare("SELECT id FROM users WHERE id = ? AND otp = ? AND otp_expiry > NOW()"); $stmt->bind_param("is", $user_id, $input_otp); $stmt->execute(); $result = $stmt->get_result(); if ($user = $result->fetch_assoc()) { // OTP is valid - Complete login process // Clear OTP data $clearStmt = $conn->prepare("UPDATE users SET otp = NULL, otp_expiry = NULL WHERE id = ?"); $clearStmt->bind_param("i", $user_id); $clearStmt->execute(); $clearStmt->close(); // Set proper session variables session_regenerate_id(true); // Prevent session fixation $_SESSION['loggedin'] = true; $_SESSION['user_id'] = $user_id; $_SESSION['username'] = $username; $_SESSION['email'] = $email; $_SESSION['login_time'] = time(); // Clear temporary OTP session data unset($_SESSION['otp_user_id'], $_SESSION['temp_username'], $_SESSION['temp_email'], $_SESSION['otp_timestamp']); $success_message = "OTP verified successfully! Redirecting..."; // Add JavaScript redirect with delay echo "<script> setTimeout(function() { window.location.href = 'dashboard.php'; }, 2000); </script>"; } else { $error_message = "Invalid OTP. Please try again."; } $stmt->close(); } catch (Exception $e) { error_log("Error validating OTP: " . $e->getMessage()); $error_message = "System error (validate OTP): " . $e->getMessage(); } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>Verify OTP - ECOGENIX</title> <link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;600&display=swap" rel="stylesheet"> <style> * { margin: 0; padding: 0; box-sizing: border-box; } body { height: 100vh; font-family: 'Montserrat', sans-serif; background: url('https://img.freepik.com/free-vector/abstract-big-data-digital-technology-background-design_1017-22920.jpg') no-repeat center center fixed; background-size: cover; display: flex; align-items: center; justify-content: center; } .container { background: rgba(255, 255, 255, 0.15); backdrop-filter: blur(10px); border-radius: 15px; padding: 35px 30px; max-width: 450px; width: 100%; box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3); text-align: center; color: white; } .container h2 { font-size: 28px; font-weight: 600; margin-bottom: 10px; color: #ffffff; } .subtitle { font-size: 14px; margin-bottom: 25px; color: rgba(255, 255, 255, 0.8); } .user-info { background: rgba(255, 255, 255, 0.1); padding: 10px; border-radius: 8px; margin-bottom: 20px; font-size: 14px; } .alert { padding: 12px; margin-bottom: 20px; border-radius: 8px; font-size: 14px; text-align: left; } .alert-error { background-color: rgba(231, 76, 60, 0.9); color: white; border: 1px solid rgba(231, 76, 60, 0.3); } .alert-success { background-color: rgba(46, 204, 113, 0.9); color: white; border: 1px solid rgba(46, 204, 113, 0.3); } .otp-input { width: 100%; padding: 15px; font-size: 24px; border-radius: 8px; border: 2px solid rgba(255, 255, 255, 0.3); outline: none; margin-bottom: 20px; text-align: center; transition: all 0.3s ease; background-color: rgba(255, 255, 255, 0.9); color: #333; font-weight: 600; letter-spacing: 4px; } .otp-input:focus { border-color: #e74c3c; box-shadow: 0 0 0 3px rgba(231, 76, 60, 0.3); background-color: white; } .otp-input::placeholder { letter-spacing: normal; color: #888; } .submit-btn { width: 100%; padding: 15px; font-size: 18px; background: linear-gradient(135deg, #e74c3c, #c0392b); color: white; font-weight: 600; border: none; border-radius: 8px; cursor: pointer; transition: all 0.3s ease; text-transform: uppercase; letter-spacing: 1px; } .submit-btn:hover { background: linear-gradient(135deg, #c0392b, #a93226); transform: translateY(-2px); box-shadow: 0 4px 12px rgba(0, 0, 0, 0.3); } .submit-btn:active { transform: translateY(0); } .info-section { margin-top: 20px; padding-top: 20px; border-top: 1px solid rgba(255, 255, 255, 0.3); } .back-link { display: inline-block; margin-top: 15px; font-size: 14px; color: rgba(255, 255, 255, 0.8); text-decoration: none; transition: color 0.3s ease; } .back-link:hover { color: white; text-decoration: underline; } .security-tips { margin-top: 20px; font-size: 12px; color: rgba(255, 255, 255, 0.7); text-align: left; } .security-tips ul { list-style: none; padding-left: 0; } .security-tips li { margin-bottom: 5px; } .security-tips li:before { content: "🔒 "; margin-right: 5px; } @media (max-width: 480px) { .container { margin: 20px; padding: 25px 20px; } .container h2 { font-size: 24px; } .otp-input { font-size: 20px; letter-spacing: 2px; } } </style> </head> <body> <div class="container"> <h2>Verify OTP</h2> <div class="subtitle">Enter the 6-digit code sent to your email</div> <div class="user-info"> <strong><?php echo htmlspecialchars($username); ?></strong><br> <?php echo htmlspecialchars($email); ?> </div> <?php if ($error_message): ?> <div class="alert alert-error"> <?php echo htmlspecialchars($error_message); ?> </div> <?php endif; ?> <?php if ($success_message): ?> <div class="alert alert-success"> <?php echo htmlspecialchars($success_message); ?> </div> <?php endif; ?> <form action="" method="POST"> <input type="text" name="otp" class="otp-input" placeholder="000000" required maxlength="6" pattern="[0-9]{6}" inputmode="numeric" autocomplete="one-time-code" autofocus /> <button type="submit" class="submit-btn"> Verify OTP </button> </form> <div class="info-section"> <a href="login.php" class="back-link">← Back to Login</a> </div> </div> <script> // Format OTP input to only allow numbers document.querySelector('.otp-input').addEventListener('input', function(e) { this.value = this.value.replace(/[^0-9]/g, ''); }); // Prevent non-numeric input document.querySelector('.otp-input').addEventListener('keypress', function(e) { if (!/[0-9]/.test(e.key) && !['Backspace', 'Delete', 'Tab', 'Enter'].includes(e.key)) { e.preventDefault(); } }); </script> </body> </html>

| ver. 1.4 | Github | . | PHP 8.1.32 | Генерация страницы: 0 | proxy | phpinfo | Настройка