Code admin.php
code pour créer admin.php
Deux possibilités pour créer le fichier.
Vous créez le fichier admin.php sur votre PC et transférez le via FTP
Ou depuis votre terminal, connectez-vous à votre Raspberry Pi et créez admin.php :
sudo nano /var/www/html/admin.php Copier le code suivant et coller le dans le fichier qui vient de s'ouvrir.
Ce fichier permet de gérer la liste noire des adresses IP bloquées et de les débloquer manuellement.
<?php
// admin.php - Gestion de la sécurité et déblocage IP
date_default_timezone_set('Europe/Paris');
session_start();
$config_path = '/var/www/html/data/.env.php';
$config = file_exists($config_path) ? include($config_path) : [];
define('PIN_HASH_STORAGE', $config['PIN_HASH'] ?? '');
define('BLACKLIST_FILE', ($config['DATA_DIR'] ?? '/var/www/html/data/') . 'ip_blacklist.json');
define('LOG_FILE', $config['LOG_PATH'] ?? '/var/log/camera_status.log');
const MAX_ATTEMPTS = 3;
$client_ip = $_SERVER['REMOTE_ADDR'];
$login_error = "";
function get_blacklist() {
return file_exists(BLACKLIST_FILE) ? json_decode(file_get_contents(BLACKLIST_FILE), true) ?: [] : [];
}
function save_blacklist($blacklist) {
file_put_contents(BLACKLIST_FILE, json_encode($blacklist, JSON_PRETTY_PRINT));
}
$current_blacklist = get_blacklist();
// Vérification si l'IP actuelle est bannie
if (isset($current_blacklist[$client_ip])) {
exit("<body style='font-family:-apple-system,sans-serif;text-align:center;padding-top:100px;background:#f2f2f7;'><div style='background:white;display:inline-block;padding:40px;border-radius:20px;box-shadow:0 10px 30px rgba(0,0,0,0.1);'><h1 style='color:#ff3b30;'>❌ ACCÈS ADMIN BLOQUÉ</h1><p>Votre adresse IP ($client_ip) est bannie.</p><a href='index.php' style='color:#007aff;text-decoration:none;font-weight:bold;'>Retour au Dashboard</a></div></body>");
}
// Logique de connexion
if (isset($_POST['admin_pin'])) {
if (hash('sha256', $_POST['admin_pin']) === PIN_HASH_STORAGE) {
$_SESSION['admin_logged_in'] = true;
$_SESSION['pin_attempts_admin'] = 0;
header("Location: admin.php"); exit;
} else {
$_SESSION['pin_attempts_admin'] = ($_SESSION['pin_attempts_admin'] ?? 0) + 1;
$remaining = MAX_ATTEMPTS - $_SESSION['pin_attempts_admin'];
if ($_SESSION['pin_attempts_admin'] >= MAX_ATTEMPTS) {
$current_blacklist[$client_ip] = ['blocked_time' => date('Y-m-d H:i:s'), 'reason' => 'Échecs PIN Admin'];
save_blacklist($current_blacklist);
// Log de sécurité
$line = "[" . date('Y-m-d H:i:s') . "] [SECURITY] IP $client_ip bannie (Trop d'échecs Admin)\n";
file_put_contents(LOG_FILE, $line, FILE_APPEND | LOCK_EX);
if (isset($config['MAIL_ENABLED']) && $config['MAIL_ENABLED'] === true) {
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http";
$server_url = $protocol . "://" . $_SERVER['HTTP_HOST'];
$sujet = "🚫 Sécurité Admin : IP Bannie ($client_ip)";
$msg = "L'IP $client_ip a été bannie après 3 tentatives sur la page Admin.\n\n🔗 Gérer : $server_url/admin.php\n";
$headers = "From: ".$config['MAIL_FROM']."\r\nContent-Type: text/plain; charset=utf-8";
@mail($config['MAIL_DEST'], $sujet, $msg, $headers);
}
session_destroy(); header("Location: admin.php"); exit;
} else {
$login_error = "Code incorrect. Tentatives restantes : <strong>$remaining</strong>";
}
}
}
// Déconnexion
if (isset($_GET['logout'])) { session_destroy(); header("Location: admin.php"); exit; }
// Déblocage d'une IP
if (isset($_SESSION['admin_logged_in']) && isset($_POST['unblock_ip'])) {
$ip_to_unblock = $_POST['unblock_ip'];
if (isset($current_blacklist[$ip_to_unblock])) {
unset($current_blacklist[$ip_to_unblock]);
save_blacklist($current_blacklist);
$line = "[" . date('Y-m-d H:i:s') . "] [SECURITY] IP $ip_to_unblock débloquée par Admin\n";
file_put_contents(LOG_FILE, $line, FILE_APPEND | LOCK_EX);
$success_msg = "L'IP $ip_to_unblock a été débloquée avec succès.";
$current_blacklist = get_blacklist();
}
}
$is_logged = isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true;
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin - Gestion Sécurité</title>
<style>
body { font-family: -apple-system, system-ui, sans-serif; background: #f2f2f7; padding: 20px; color: #1c1c1e; }
.card { max-width: 500px; margin: 40px auto; background: white; padding: 30px; border-radius: 25px; box-shadow: 0 10px 30px rgba(0,0,0,0.08); text-align: center; }
h1 { font-weight: 800; font-size: 1.5rem; margin-bottom: 20px; }
.pin-input { width: 140px; padding: 15px; font-size: 32px; text-align: center; border-radius: 16px; border: 3px solid #ff9500; outline: none; margin-bottom: 10px; }
.error-box { color: #d70015; background: #fff2f2; padding: 12px; border-radius: 12px; border: 1px solid #ff3b30; margin-bottom: 20px; font-size: 0.9em; }
.success-box { background: #e5f9e7; color: #248a3d; padding: 12px; border-radius: 12px; margin-bottom: 20px; font-weight: 600; border: 1px solid #34c759; }
.ip-item { display: flex; justify-content: space-between; align-items: center; padding: 15px; border-bottom: 1px solid #f2f2f7; text-align: left; }
.ip-item:last-child { border-bottom: none; }
.btn-unblock { background: #34c759; color: white; border: none; padding: 10px 15px; border-radius: 10px; font-weight: bold; cursor: pointer; transition: opacity 0.2s; }
.btn-unblock:hover { opacity: 0.8; }
.btn-back { display: inline-block; margin-top: 20px; color: #007aff; text-decoration: none; font-weight: 600; font-size: 15px; }
.footer-link { margin-top: 30px; display: block; font-size: 0.85em; color: #8e8e93; text-decoration: none; font-weight: 600; }
</style>
</head>
<body>
<div class="card">
<?php if (!$is_logged): ?>
<h1 style="color: #ff9500;">Admin Sécurisé</h1>
<?php if ($login_error): ?>
<div class="error-box"><?php echo $login_error; ?></div>
<?php endif; ?>
<form method="POST" autocomplete="off">
<input type="password" name="admin_pin" class="pin-input" maxlength="4" inputmode="numeric" autofocus oninput="if(this.value.length===4)this.form.submit();">
</form>
<p style="font-size: 0.85em; color: #8e8e93; margin-top: 15px;">Veuillez saisir le code PIN administrateur pour gérer la liste noire.</p>
<a href="index.php" class="btn-back">← Dashboard Alarme</a>
<?php else: ?>
<h1 style="color: #1c1c1e;">Gestion Liste Noire</h1>
<?php if (isset($success_msg)): ?>
<div class="success-box"><?php echo $success_msg; ?></div>
<?php endif; ?>
<div style="margin-top: 20px;">
<?php if (empty($current_blacklist)): ?>
<p style="color:#8e8e93; padding: 20px;">✅ Aucune IP n'est actuellement bannie.</p>
<?php else: ?>
<?php foreach ($current_blacklist as $ip => $info): ?>
<div class="ip-item">
<div>
<strong style="font-size: 1.1em;"><?php echo $ip; ?></strong><br>
<small style="color:#8e8e93;">Bannie le : <?php echo $info['blocked_time'] ?? 'Date inconnue'; ?></small>
</div>
<form method="POST">
<input type="hidden" name="unblock_ip" value="<?php echo $ip; ?>">
<button type="submit" class="btn-unblock">Débloquer</button>
</form>
</div>
<?php endforeach; ?>
<?php endif; ?>
</div>
<hr style="border:0; border-top:1px solid #f2f2f7; margin:30px 0;">
<div style="display: flex; flex-direction: column; gap: 10px;">
<a href="?logout=1" style="color:#ff3b30; text-decoration:none; font-weight:bold; font-size: 0.9em;">DÉCONNEXION ADMIN</a>
<a href="index.php" class="btn-back">← Retour au Dashboard</a>
</div>
<?php endif; ?>
</div>
</body>
</html>
// admin.php - Gestion de la sécurité et déblocage IP
date_default_timezone_set('Europe/Paris');
session_start();
$config_path = '/var/www/html/data/.env.php';
$config = file_exists($config_path) ? include($config_path) : [];
define('PIN_HASH_STORAGE', $config['PIN_HASH'] ?? '');
define('BLACKLIST_FILE', ($config['DATA_DIR'] ?? '/var/www/html/data/') . 'ip_blacklist.json');
define('LOG_FILE', $config['LOG_PATH'] ?? '/var/log/camera_status.log');
const MAX_ATTEMPTS = 3;
$client_ip = $_SERVER['REMOTE_ADDR'];
$login_error = "";
function get_blacklist() {
return file_exists(BLACKLIST_FILE) ? json_decode(file_get_contents(BLACKLIST_FILE), true) ?: [] : [];
}
function save_blacklist($blacklist) {
file_put_contents(BLACKLIST_FILE, json_encode($blacklist, JSON_PRETTY_PRINT));
}
$current_blacklist = get_blacklist();
// Vérification si l'IP actuelle est bannie
if (isset($current_blacklist[$client_ip])) {
exit("<body style='font-family:-apple-system,sans-serif;text-align:center;padding-top:100px;background:#f2f2f7;'><div style='background:white;display:inline-block;padding:40px;border-radius:20px;box-shadow:0 10px 30px rgba(0,0,0,0.1);'><h1 style='color:#ff3b30;'>❌ ACCÈS ADMIN BLOQUÉ</h1><p>Votre adresse IP ($client_ip) est bannie.</p><a href='index.php' style='color:#007aff;text-decoration:none;font-weight:bold;'>Retour au Dashboard</a></div></body>");
}
// Logique de connexion
if (isset($_POST['admin_pin'])) {
if (hash('sha256', $_POST['admin_pin']) === PIN_HASH_STORAGE) {
$_SESSION['admin_logged_in'] = true;
$_SESSION['pin_attempts_admin'] = 0;
header("Location: admin.php"); exit;
} else {
$_SESSION['pin_attempts_admin'] = ($_SESSION['pin_attempts_admin'] ?? 0) + 1;
$remaining = MAX_ATTEMPTS - $_SESSION['pin_attempts_admin'];
if ($_SESSION['pin_attempts_admin'] >= MAX_ATTEMPTS) {
$current_blacklist[$client_ip] = ['blocked_time' => date('Y-m-d H:i:s'), 'reason' => 'Échecs PIN Admin'];
save_blacklist($current_blacklist);
// Log de sécurité
$line = "[" . date('Y-m-d H:i:s') . "] [SECURITY] IP $client_ip bannie (Trop d'échecs Admin)\n";
file_put_contents(LOG_FILE, $line, FILE_APPEND | LOCK_EX);
if (isset($config['MAIL_ENABLED']) && $config['MAIL_ENABLED'] === true) {
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http";
$server_url = $protocol . "://" . $_SERVER['HTTP_HOST'];
$sujet = "🚫 Sécurité Admin : IP Bannie ($client_ip)";
$msg = "L'IP $client_ip a été bannie après 3 tentatives sur la page Admin.\n\n🔗 Gérer : $server_url/admin.php\n";
$headers = "From: ".$config['MAIL_FROM']."\r\nContent-Type: text/plain; charset=utf-8";
@mail($config['MAIL_DEST'], $sujet, $msg, $headers);
}
session_destroy(); header("Location: admin.php"); exit;
} else {
$login_error = "Code incorrect. Tentatives restantes : <strong>$remaining</strong>";
}
}
}
// Déconnexion
if (isset($_GET['logout'])) { session_destroy(); header("Location: admin.php"); exit; }
// Déblocage d'une IP
if (isset($_SESSION['admin_logged_in']) && isset($_POST['unblock_ip'])) {
$ip_to_unblock = $_POST['unblock_ip'];
if (isset($current_blacklist[$ip_to_unblock])) {
unset($current_blacklist[$ip_to_unblock]);
save_blacklist($current_blacklist);
$line = "[" . date('Y-m-d H:i:s') . "] [SECURITY] IP $ip_to_unblock débloquée par Admin\n";
file_put_contents(LOG_FILE, $line, FILE_APPEND | LOCK_EX);
$success_msg = "L'IP $ip_to_unblock a été débloquée avec succès.";
$current_blacklist = get_blacklist();
}
}
$is_logged = isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true;
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Admin - Gestion Sécurité</title>
<style>
body { font-family: -apple-system, system-ui, sans-serif; background: #f2f2f7; padding: 20px; color: #1c1c1e; }
.card { max-width: 500px; margin: 40px auto; background: white; padding: 30px; border-radius: 25px; box-shadow: 0 10px 30px rgba(0,0,0,0.08); text-align: center; }
h1 { font-weight: 800; font-size: 1.5rem; margin-bottom: 20px; }
.pin-input { width: 140px; padding: 15px; font-size: 32px; text-align: center; border-radius: 16px; border: 3px solid #ff9500; outline: none; margin-bottom: 10px; }
.error-box { color: #d70015; background: #fff2f2; padding: 12px; border-radius: 12px; border: 1px solid #ff3b30; margin-bottom: 20px; font-size: 0.9em; }
.success-box { background: #e5f9e7; color: #248a3d; padding: 12px; border-radius: 12px; margin-bottom: 20px; font-weight: 600; border: 1px solid #34c759; }
.ip-item { display: flex; justify-content: space-between; align-items: center; padding: 15px; border-bottom: 1px solid #f2f2f7; text-align: left; }
.ip-item:last-child { border-bottom: none; }
.btn-unblock { background: #34c759; color: white; border: none; padding: 10px 15px; border-radius: 10px; font-weight: bold; cursor: pointer; transition: opacity 0.2s; }
.btn-unblock:hover { opacity: 0.8; }
.btn-back { display: inline-block; margin-top: 20px; color: #007aff; text-decoration: none; font-weight: 600; font-size: 15px; }
.footer-link { margin-top: 30px; display: block; font-size: 0.85em; color: #8e8e93; text-decoration: none; font-weight: 600; }
</style>
</head>
<body>
<div class="card">
<?php if (!$is_logged): ?>
<h1 style="color: #ff9500;">Admin Sécurisé</h1>
<?php if ($login_error): ?>
<div class="error-box"><?php echo $login_error; ?></div>
<?php endif; ?>
<form method="POST" autocomplete="off">
<input type="password" name="admin_pin" class="pin-input" maxlength="4" inputmode="numeric" autofocus oninput="if(this.value.length===4)this.form.submit();">
</form>
<p style="font-size: 0.85em; color: #8e8e93; margin-top: 15px;">Veuillez saisir le code PIN administrateur pour gérer la liste noire.</p>
<a href="index.php" class="btn-back">← Dashboard Alarme</a>
<?php else: ?>
<h1 style="color: #1c1c1e;">Gestion Liste Noire</h1>
<?php if (isset($success_msg)): ?>
<div class="success-box"><?php echo $success_msg; ?></div>
<?php endif; ?>
<div style="margin-top: 20px;">
<?php if (empty($current_blacklist)): ?>
<p style="color:#8e8e93; padding: 20px;">✅ Aucune IP n'est actuellement bannie.</p>
<?php else: ?>
<?php foreach ($current_blacklist as $ip => $info): ?>
<div class="ip-item">
<div>
<strong style="font-size: 1.1em;"><?php echo $ip; ?></strong><br>
<small style="color:#8e8e93;">Bannie le : <?php echo $info['blocked_time'] ?? 'Date inconnue'; ?></small>
</div>
<form method="POST">
<input type="hidden" name="unblock_ip" value="<?php echo $ip; ?>">
<button type="submit" class="btn-unblock">Débloquer</button>
</form>
</div>
<?php endforeach; ?>
<?php endif; ?>
</div>
<hr style="border:0; border-top:1px solid #f2f2f7; margin:30px 0;">
<div style="display: flex; flex-direction: column; gap: 10px;">
<a href="?logout=1" style="color:#ff3b30; text-decoration:none; font-weight:bold; font-size: 0.9em;">DÉCONNEXION ADMIN</a>
<a href="index.php" class="btn-back">← Retour au Dashboard</a>
</div>
<?php endif; ?>
</div>
</body>
</html>
Générer votre Hash de sécurité :
Pour connaître la valeur du hash de votre PIN, utilisez cette commande dans votre terminal (remplacez 1234 par votre code) :
echo -n "1234" | sha256sum Exemple pour "1234" : 03ac674216f3e15c...