Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- UserSpice 4
- An Open Source PHP User Management System
- by the UserSpice Team at http://UserSpice.com
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
- // error_reporting(E_ALL);
- // ini_set('display_errors', 1);
- ini_set("allow_url_fopen", 1);
- if(isset($_SESSION)){session_destroy();}
- ?>
- <?php require_once $_SERVER['DOCUMENT_ROOT'].'/users/init.php'; ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
- <!-- LOGIN PHP -->
- <?php
- $settingsQ = $db->query("SELECT * FROM settings");
- $settings = $settingsQ->first();
- $error_message = '';
- if (@$_REQUEST['err']) $error_message = $_REQUEST['err']; // allow redirects to display a message
- $reCaptchaValid=FALSE;
- if (Input::exists()) {
- $token = Input::get('csrf');
- if(!Token::check($token)){
- //die('Token doesn\'t match! login.php');
- }
- //Check to see if recaptcha is enabled
- if($settings->recaptcha == 1){
- require_once $abs_us_root.$us_url_root.'/includes/recaptcha.config.php';
- //reCAPTCHA 2.0 check
- $response = null;
- // check secret key
- $reCaptcha = new ReCaptcha($privatekey);
- // if submitted check response
- if ($_POST["g-recaptcha-response"]) {
- $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"],$_POST["g-recaptcha-response"]);
- }
- if ($response != null && $response->success) {
- $reCaptchaValid=TRUE;
- }else{
- $reCaptchaValid=FALSE;
- $error_message .= 'Please check the reCaptcha.';
- }
- }else{
- $reCaptchaValid=TRUE;
- }
- if($reCaptchaValid || $settings->recaptcha == 0){ //if recaptcha valid or recaptcha disabled
- $validate = new Validate();
- $validation = $validate->check($_POST, array(
- 'username' => array('display' => 'Username','required' => true),
- 'password' => array('display' => 'Password', 'required' => true)));
- if ($validation->passed()) {
- //Log user in
- $remember = (Input::get('remember') === 'on') ? true : false;
- $user = new User();
- $login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);
- if ($login) {
- # if user was attempting to get to a page before login, go there
- if ($dest = sanitizedDest('dest')) {
- Redirect::to($dest);
- } elseif (file_exists($abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php')) {
- # if site has custom login script, use it
- # Note that the custom_login_script.php normally contains a Redirect::to() call
- require_once $abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php';
- } else {
- if (($dest = Config::get('homepage')) ||
- ($dest = 'account.php')) {
- #echo "DEBUG: dest=$dest<br />\n";
- #die;
- Redirect::to($dest);
- }
- }
- } else {
- $error_message .= 'Log in failed. Please check your username and password and try again.';
- }
- } else{
- $error_message .= '<ul>';
- foreach ($validation->errors() as $error) {
- $error_message .= '<li>' . $error . '</li>';
- }
- $error_message .= '</ul>';
- }
- }
- }
- if (!$dest = sanitizedDest('dest')) {
- $dest = '';
- }
- ?>
- <!-- REGISTER PHP -->
- <?php
- $settingsQ = $db->query("SELECT * FROM settings");
- $settings = $settingsQ->first();
- if($settings->recaptcha == 1 || $settings->recaptcha == 2){
- require_once $abs_us_root.$us_url_root.'users/includes/recaptcha.config.php';
- }
- //There is a lot of commented out code for a future release of sign ups with payments
- $form_method = 'POST';
- $form_action = 'login.php';
- $vericode = rand(100000,999999);
- $form_valid=FALSE;
- //Decide whether or not to use email activation
- $query = $db->query("SELECT * FROM email");
- $results = $query->first();
- $act = $results->email_act;
- //Opposite Day for Pre-Activation - Basically if you say in email
- //settings that you do NOT want email activation, this lists new
- //users as active in the database, otherwise they will become
- //active after verifying their email.
- if($act==1){
- $pre = 0;
- } else {
- $pre = 1;
- }
- $token = Input::get('csrf');
- if(Input::exists()){
- if(!Token::check($token)){
- die('Token doesn\'t match! register.php');
- }
- }
- $reCaptchaValid=FALSE;
- if(Input::exists()){
- $username = Input::get('username');
- $fname = Input::get('fname');
- $lname = Input::get('lname');
- $email = Input::get('email');
- $agreement_checkbox = Input::get('agreement_checkbox');
- if ($agreement_checkbox=='on'){
- $agreement_checkbox=TRUE;
- }else{
- $agreement_checkbox=FALSE;
- }
- $db = DB::getInstance();
- $settingsQ = $db->query("SELECT * FROM settings");
- $settings = $settingsQ->first();
- $validation = new Validate();
- $validation->check($_POST,array(
- 'username' => array(
- 'display' => 'Username',
- 'required' => true,
- 'min' => $settings->min_un,
- 'max' => $settings->max_un,
- 'unique' => 'users',
- ),
- 'fname' => array(
- 'display' => 'First Name',
- 'required' => true,
- 'min' => 2,
- 'max' => 35,
- ),
- 'lname' => array(
- 'display' => 'Last Name',
- 'required' => true,
- 'min' => 2,
- 'max' => 35,
- ),
- 'email' => array(
- 'display' => 'Email',
- 'required' => true,
- 'valid_email' => true,
- 'unique' => 'users',
- ),
- 'password' => array(
- 'display' => 'Password',
- 'required' => true,
- 'min' => $settings->min_pw,
- 'max' => $settings->max_pw,
- ),
- 'confirm' => array(
- 'display' => 'Confirm Password',
- 'required' => true,
- 'matches' => 'password',
- ),
- ));
- //if the agreement_checkbox is not checked, add error
- if (!$agreement_checkbox){
- $validation->addError(["Please read and accept terms and conditions"]);
- }
- if($validation->passed() && $agreement_checkbox){
- //Logic if ReCAPTCHA is turned ON
- if($settings->recaptcha == 1 || $settings->recaptcha == 2){
- require_once $abs_us_root.$us_url_root.'users/includes/recaptcha.config.php';
- //reCAPTCHA 2.0 check
- $response = null;
- // check secret key
- $reCaptcha = new ReCaptcha($privatekey);
- // if submitted check response
- if ($_POST["g-recaptcha-response"]) {
- $response = $reCaptcha->verifyResponse(
- $_SERVER["REMOTE_ADDR"],
- $_POST["g-recaptcha-response"]);
- }
- if ($response != null && $response->success) {
- // account creation code goes here
- $reCaptchaValid=TRUE;
- $form_valid=TRUE;
- }else{
- $reCaptchaValid=FALSE;
- $form_valid=FALSE;
- $validation->addError(["Please check the reCaptcha box."]);
- }
- } //else for recaptcha
- if($reCaptchaValid || $settings->recaptcha == 0){
- //add user to the database
- $user = new User();
- $join_date = date("Y-m-d H:i:s");
- $params = array(
- 'fname' => Input::get('fname'),
- 'email' => $email,
- 'vericode' => $vericode,
- );
- if($act == 1) {
- //Verify email address settings
- $to = rawurlencode($email);
- $subject = 'Welcome to '.$settings->site_name;
- $body = email_body('_email_template_verify.php',$params);
- email($to,$subject,$body);
- }
- try {
- // echo "Trying to create user";
- $user->create(array(
- 'username' => Input::get('username'),
- 'fname' => Input::get('fname'),
- 'lname' => Input::get('lname'),
- 'email' => Input::get('email'),
- 'password' =>
- password_hash(Input::get('password'), PASSWORD_BCRYPT, array('cost' => 12)),
- 'permissions' => 1,
- 'account_owner' => 1,
- 'stripe_cust_id' => '',
- 'join_date' => $join_date,
- 'company' => Input::get('company'),
- 'email_verified' => $pre,
- 'active' => 1,
- 'vericode' => $vericode,
- ));
- } catch (Exception $e) {
- die($e->getMessage());
- }
- Redirect::to($us_url_root.'users/joinThankYou.php');
- }
- } //Validation and agreement checbox
- } //Input exists
- ?>
- <div id="page-wrapper">
- <div class="container">
- <div class="row">
- <div class="col-md-6">
- <div class="col-xs-12">
- <div class="bg-danger"><?=$error_message;?></div>
- <?php
- if($settings->glogin==1 && !$user->isLoggedIn()){
- require_once $abs_us_root.$us_url_root.'users/includes/google_oauth_login.php';
- }
- if($settings->fblogin==1 && !$user->isLoggedIn()){
- require_once $abs_us_root.$us_url_root.'users/includes/facebook_oauth.php';
- }
- ?>
- <form name="login" class="form-signin" action="login.php" method="post">
- <h3 class="form-signin-heading">OBSTOJEČ UPORABNIK</h3>
- <br>
- <input type="hidden" name="dest" value="<?= $dest ?>" />
- <div class="form-group">
- <input class="form-control" type="text" name="username" id="username" placeholder="Username/Email" required autofocus>
- </div>
- <div class="form-group">
- <input type="password" class="form-control" name="password" id="password" placeholder="Password" required autocomplete="off">
- </div>
- <?php
- if($settings->recaptcha == 1){
- ?>
- <div class="form-group">
- <label>Please check the box below to continue</label>
- <div class="g-recaptcha" data-sitekey="<?=$publickey; ?>"></div>
- </div>
- <?php } ?>
- <div class="form-group">
- <label for="remember">
- <input type="checkbox" name="remember" id="remember" > Remember Me</label>
- </div>
- <input type="hidden" name="csrf" value="<?=Token::generate(); ?>">
- <button class="submit btn btn-success full-width" type="submit">VPIŠI SE</button>
- </form>
- <br>
- <button class="submit btn btn-default full-width" href='forgot_password.php'>Pozabil sem geslo</button>
- <hr>
- </div>
- </div>
- <div class="col-md-6 vertical-line">
- <div class="col-xs-12">
- <?php
- if($settings->glogin==1 && !$user->isLoggedIn()){
- $abs_us_root.$us_url_root.'users/includes/google_oauth_login.php';
- }
- if($settings->fblogin==1 && !$user->isLoggedIn()){
- require_once $abs_us_root.$us_url_root.'users/includes/facebook_oauth.php';
- }
- require $abs_us_root.$us_url_root.'usersc/views/_join.php';
- ?>
- </div>
- </div>
- </div>
- </div>
- </div>
- <!-- footers -->
- <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
- <!-- Place any per-page javascript here -->
- <?php if($settings->recaptcha == 1 || $settings->recaptcha == 2){ ?>
- <script src="https://www.google.com/recaptcha/api.js" async defer></script>
- <?php } ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement