CSE-Invent
/
CMS-CSE
mirror of https://git.cse-invent.com/product/cms.events.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
							<?php
// Appliquer les headers de sécurité pour la page de login
securityHeaders::applyForLogin();
?>
<!DOCTYPE html>
<html lang="fr">

<head>
    <meta charset="UTF-8">
    <title>CSE Invent : Identification</title>

    <?php pwa::printManifeste(); ?>

    <meta name="mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="application-name" content="CSE Invent : CMS">
    <meta name="apple-mobile-web-app-title" content="CSE Invent : CMS">
    <meta name="msapplication-starturl" content="/">
    <meta name="msapplication-TileColor" content="#da532c">
    <meta name="theme-color" content="#ffffff">

    <link rel="icon" type="image/x-icon" href="<?php cache::printFileWithTime("favicon.ico") ?>">

    <!-- Token CSRF pour les requêtes AJAX -->
    <?php echo csrf::metaTag('login-ajax'); ?>

    <script src="<?php cache::printFileWithTime("libs/js/jquery.min.js") ?>"></script>
    <script src="<?php cache::printFileWithTime("libs/bootstrap/js/bootstrap.min.js") ?>"></script>

    <link rel="stylesheet" href="<?php cache::printFileWithTime("libs/bootstrap/assets/dist/css/bootstrap.min.css") ?>">
    <link rel="stylesheet" href="<?php cache::printFileWithTime("css/login.css") ?>">
</head>

<body>

    <div class="wrapper fadeInDown">

        <div id="formContent">

            <div class="fadeIn first">
                <img src="img/logo.png" id="icon" alt="CSE Invent" />
            </div>

            <form method="post" action="/submit.php" id="form-authent">
                <?php echo csrf::inputField('login-form'); ?>
                <input type="hidden" name="from" value="login">

                <!-- Honeypot anti-bot (champ invisible) -->
                <div style="position:absolute;left:-9999px;" aria-hidden="true">
                    <input type="text" name="website" tabindex="-1" autocomplete="off">
                </div>

                <input type="text" class="fadeIn second" name="email" id="email" placeholder="email" required autocomplete="username">
                <input type="password" class="fadeIn third" name="password" placeholder="mot de passe" required autocomplete="current-password">
                <input type="text" class="third" style="display:none;" name="authenticator" id="authenticator" maxlength="6" placeholder="Code Google Authenticator">
                <input type="button" class="fadeIn fourth" id="submit-authent" value="Se connecter">

                <!-- Message de rate limiting -->
                <div id="rate-limit-warning" class="alert alert-warning" style="display:none;margin:10px;"></div>
            </form>

            <div id="formFooter" <?php if (!alert::ifError()) {
                                        echo ' style="display:none"';
                                    } ?>>
                <div class="alert alert-danger" role="alert"><?php if (alert::ifError()) {
                                                                    echo alert::printAlert(alert::getError());
                                                                } ?></div>
            </div>

            <script nonce="<?php echo securityHeaders::getNonce(); ?>">
                $(document).ready(function() {
                    // Configuration CSRF pour les requêtes AJAX
                    $(document).ajaxSend(function(event, jqxhr, settings) {
                        if (settings.type === 'POST') {
                            const csrfToken = $('meta[name="csrf-token"]').attr('content');
                            if (csrfToken) {
                                jqxhr.setRequestHeader('X-CSRF-Token', csrfToken);
                            }
                        }
                    });

                    $("#submit-authent").on("click", function() {
                        var $btn = $(this);
                        var $warning = $("#rate-limit-warning");

                        // Désactiver le bouton pendant la requête
                        $btn.prop('disabled', true).val('Vérification...');
                        $warning.hide();

                        var formData = {
                            email: $("#email").val(),
                            from: "authenticator",
                            csrf_token: $("input[name='csrf_token']").val() // Inclure le token CSRF du formulaire
                        };

                        $.ajax({
                            type: "POST",
                            url: "submit.php",
                            data: formData,
                            dataType: "json",
                            encode: true,
                        }).done(function(data) {
                            if (data && data.blocked) {
                                // Compte bloqué - afficher le message
                                $warning.html('<strong>⚠️ ' + data.message + '</strong>').show();
                                $btn.prop('disabled', true).val('Bloqué');
                                // Réactiver après le délai
                                if (data.remaining_time) {
                                    setTimeout(function() {
                                        $btn.prop('disabled', false).val('Se connecter');
                                        $warning.hide();
                                    }, data.remaining_time * 1000);
                                }
                            } else if (data == 1 || data.authenticator == 1) {
                                $("#authenticator").show();
                                $("#authenticator").prop("required", true);
                                $('#submit-authent').attr('type', 'submit').val('Se connecter');
                                $btn.prop('disabled', false);
                            } else {
                                $("#form-authent").submit();
                            }
                        }).fail(function(jqXHR, textStatus, errorThrown) {
                            console.error("Erreur AJAX:", textStatus, errorThrown);
                            $btn.prop('disabled', false).val('Se connecter');

                            // Gérer les erreurs spécifiques
                            if (jqXHR.status === 429) {
                                var response = jqXHR.responseJSON || {};
                                $warning.html('<strong>⚠️ ' + (response.message || 'Trop de tentatives. Veuillez patienter.') + '</strong>').show();
                            } else if (jqXHR.status === 403) {
                                $warning.html('<strong>⚠️ Session expirée. Rechargez la page.</strong>').show();
                            }
                        });
                    });
                });
            </script>
        </div>
    </div>
    <?php pwa::printServiceWorker(); ?>
</body>

</html>

<?php
alert::destroyAlert();
?>