From 8ee34d931d4c82d6397ca71f5a9932b65ff7aa2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 10 Dec 2025 09:58:53 +0100
Subject: [PATCH] poprawka w logowaniu

---
 app.py | 53 ++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 40 insertions(+), 13 deletions(-)

diff --git a/app.py b/app.py
index 6055cd1..e76da97 100644
--- a/app.py
+++ b/app.py
@@ -203,30 +203,41 @@ def get_real_ip():
     return request.remote_addr
 
 
-def is_allowed_ip(remote_ip, allowed_hosts_str):
-    if remote_ip in ("127.0.0.1", "::1"):
-        return True
+import os
+import socket
+import re
 
+def is_allowed_ip(remote_ip, allowed_hosts_str):
+    # awaryjny dostęp
     if os.path.exists("emergency_access.txt"):
         return True
 
+    if not allowed_hosts_str or not allowed_hosts_str.strip():
+        return False
+
     allowed_hosts = re.split(r"[\n,]+", allowed_hosts_str.strip())
     allowed_ips = set()
+
     for host in allowed_hosts:
         host = host.strip()
         if not host:
             continue
+
+        if re.match(r"^\d{1,3}(\.\d{1,3}){3}$", host):
+            allowed_ips.add(host)
+            continue
+
         try:
             resolved_ip = socket.gethostbyname(host)
             allowed_ips.add(resolved_ip)
         except Exception:
-            continue
+            pass
 
     try:
         hostname = socket.gethostbyaddr(remote_ip)[0]
         app.logger.info(f"Odwiedzający IP: {remote_ip}, host: {hostname}")
-    except Exception as e:
-        app.logger.warning(f"Reverse DNS nieudane dla {remote_ip}: {e}")
+    except Exception:
+        pass
 
     return remote_ip in allowed_ips
 
@@ -340,23 +351,39 @@ def zbiorka(zbiorka_id):
 @app.route("/zaloguj", methods=["GET", "POST"])
 def zaloguj():
     settings = UstawieniaGlobalne.query.first()
-    allowed_hosts_str = settings.dozwolone_hosty_logowania or "" if settings else ""
+    allowed_hosts_str = (
+        settings.dozwolone_hosty_logowania
+        if settings and settings.dozwolone_hosty_logowania
+        else ""
+    )
+
     client_ip = get_real_ip()
+
     if not is_allowed_ip(client_ip, allowed_hosts_str):
-        flash("Dostęp do tego systemu jest zablokowany dla Twojego adresu IP", "danger")
+        flash(
+            f"Dostęp do panelu logowania z adresu IP {client_ip} "
+            f"jest zablokowany – Twój adres nie znajduje się na liście dozwolonych.",
+            "danger",
+        )
         return redirect(url_for("index"))
 
+    if current_user.is_authenticated:
+        return redirect(url_for("admin_dashboard"))
+
     if request.method == "POST":
-        login = request.form["uzytkownik"]
-        password = request.form["haslo"]
+        login = request.form.get("uzytkownik", "").strip()
+        password = request.form.get("haslo", "")
+
         user = Uzytkownik.query.filter_by(uzytkownik=login).first()
         if user and user.check_password(password):
             login_user(user)
             flash("Zalogowano pomyślnie", "success")
-            next_page = request.args.get("next")
+
+            next_page = request.form.get("next") or request.args.get("next")
             return redirect(next_page) if next_page else redirect(url_for("admin_dashboard"))
-        else:
-            flash("Nieprawidłowe dane logowania", "danger")
+
+        flash("Nieprawidłowe dane logowania", "danger")
+
     return render_template("login.html")