duffyduck/dyndns-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
91993eb487815d187e792cc4e3d76ce925fa714f
dyndns-server/app/templates/login.html
T
Stefan Hacker 91993eb487 F-10/F-11 + Verwaltungsskript 
- F-10 Open Redirect: is_safe_url()-Pruefung des next-Parameters beim Login;
  login_required gibt next weiter, Login-Formular traegt es als Hidden-Feld.
  Externe/protokoll-relative Ziele werden ignoriert -> Dashboard.
- F-11 Info-Leak: eigene Fehlerseiten (400/403/404/405/500) ohne Framework-
  Hinweis oder Stacktrace (templates/error.html).
- manage.sh: 'unlock' (Brute-Force-Sperren aufheben) und 'reset-password'
  (Admin-Passwort setzen/zufaellig erzeugen) via docker-compose run.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-06 15:49:04 +02:00

42 lines
1.7 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login — DynDNS Manager</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
<link rel="stylesheet" href="{{ url_for('static', filename='css/login.css') }}">
</head>
<body class="justify-content-center">
<div class="login-card">
<div class="text-center mb-4">
<span class="text-info fs-2"><i class="bi bi-globe2"></i></span>
<h4 class="text-white mt-2 mb-0">DynDNS Manager</h4>
</div>
<div class="card shadow">
<div class="card-body p-4">
{% with msgs = get_flashed_messages(with_categories=true) %}
{% for cat, msg in msgs %}
<div class="alert alert-{{ cat }} py-2">{{ msg }}</div>
{% endfor %}
{% endwith %}
<form method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<input type="hidden" name="next" value="{{ request.args.get('next', '') }}">
<div class="mb-3">
<label class="form-label fw-semibold">Benutzername</label>
<input name="username" type="text" class="form-control" autofocus required>
</div>
<div class="mb-4">
<label class="form-label fw-semibold">Passwort</label>
<input name="password" type="password" class="form-control" required>
</div>
<button type="submit" class="btn btn-primary w-100">Anmelden</button>
</form>
</div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink