Хороним $_COOKIE['pass'], отказываемся от md5('pass'). Это не регистрация, а чёрная дыра!

2023-01-06 16:57:25 +02:00
parent e9ec7eb2f2
commit 9e45f170c7
50 changed files with 1470 additions and 2242 deletions
@@ -64,7 +64,7 @@ if (isset($_POST['relogin'])) {
                        if ($mail === 1) {
                            Db::sql(
                                'update users set securetime = unix_timestamp(), allLock = unix_timestamp(), pass = ? where id = ?',
-                                [md5($newPassword), $usr['id']]
+                                [password_hash($newPassword, PASSWORD_DEFAULT), $usr['id']]
                            );
                            Db::sql(
                                'insert into repass (uid, time, ip, type) values (?,unix_timestamp(),?,1)',
@@ -88,7 +88,7 @@ if (isset($_POST['relogin'])) {
 <!DOCTYPE html>
 <html lang="ru-RU">
 <head>
-    <title>Âîññòàíîâëåíèå ïàðîëÿ îò ïåðñîíàæà Áîéöîâñêèé Êëóá</title>
+    <title><?= Config::get('name') ?>: Âîññòàíîâëåíèå ïàðîëÿ îò ïåðñîíàæà</title>
    <meta name="keywords" content="<?= Config::get('keys') ?>">
    <meta name="description" content="<?= Config::get('desc') ?>"/>
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"/>
@@ -97,11 +97,20 @@ if (isset($_POST['relogin'])) {
        input[type=text], input[type=date] {
            padding: 3px;
        }
+        div.content, div.after {
+            display: flex;
+            justify-content: center;
+        }
+        div.content {
+            align-items: center;
+            flex-direction: column;
+            height: 50%;
+        }
    </style>
 </head>
 <body>
 <form method="post" id="repass"></form>
-<div style="display: flex; justify-content: center; align-items: center; flex-direction: column; height: 50%">
+<div class="content">
    <h1>Âîññòàíîâëåíèå ïàðîëÿ</h1>
    <?= $error ? '<b style="color: red">' . $error . '</b>' : '' ?>
    <?php if ($step === 1): ?>
@@ -120,11 +129,11 @@ if (isset($_POST['relogin'])) {
        <input form="repass" type="submit" class="btn" value="Âûñëàòü ïàðîëü íà E-mail">
    <?php endif; ?>
 </div>
-<div style="display: flex; justify-content: center;">
-    <a href="https://<?= Config::get('host') ?>/">Âåðíóòñÿ íà ãëàâíóþ ñòðàíèöó</a>
+<div class="after">
+    <a href="<?= Config::get('https') ?>">Âåðíóòñÿ íà ãëàâíóþ ñòðàíèöó</a>
 </div>
-<div style="display: flex; justify-content: center;">
-    <span class="testro">&laquo;Ñòàðûé Áîéöîâñêèé Êëóá&raquo; &nbsp; &nbsp; 2018-<?= date('Y') ?> &copy; Áðàóçåðíàÿ îíëàéí èãðà</span>
+<div class="after">
+    <span class="testro"><?= Config::get('footer') ?></span>
 </div>
 </body>
 </html>