API tools faq
paste
Guest User

dss

a guest
Jun 24th, 2012
120
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.99 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * Member Login
  4. */
  5. chdir(constant("PHP_DIR")) or die("Fatal Runtime Error.");
  6. $errors = Globals::add("errors",new Errors());
  7.  
  8. if(isset($_SESSION['login_details']))
  9. {
  10.  
  11. $username = $_SESSION['login_details']['username'];
  12. $password = $_SESSION['login_details']['password'];
  13.  
  14.  
  15. if(!isset($_SESSION['login_details']['valid_key']) OR $_SESSION['login_details']['valid_key'] == false)
  16. {
  17. if(isset($_SESSION['login_details']['multiple']) AND $_SESSION['login_details']['multiple'])
  18. {
  19. if(Vars::$conf->security->multiple_account_auto_suspend)
  20. {
  21. $row = Bux::getDbInstance()->fetchOne("SELECT * FROM suspension WHERE user = '".$username."'");
  22. if(!$row)
  23. {
  24. Bux::getDbInstance()->query("INSERT INTO suspension (user, days, reason, time) VALUES ('".$username."', '5000', '', '".time()."');");
  25. }
  26. }
  27. $errors->add('Multiple account detected, you have been suspended. Contact support if you believe this is a mistake');
  28. }
  29. else
  30. {
  31. $errors->add('The authentication validation was unable to complete, please try again and do not refresh the page before validation has been completed');
  32. }
  33.  
  34. unset($_SESSION['login_details']);
  35. }
  36. else
  37. {
  38. unset($_SESSION['login_details']);
  39.  
  40.  
  41. User::login($username,$password);
  42. if($errors->isEmpty())
  43. {
  44. $Db = Bux::getDbInstance();
  45.  
  46. // Hook : START
  47. Plugins::runMethod('login'); // Method Hook
  48. $hook = 'after_login'; // Include Hook
  49. include RUN_HOOK;
  50. // Hook : END
  51.  
  52. $Db->query("UPDATE tb_users SET lastlogdate = ".time().", lastiplog = '".User::getRealIP()."' WHERE username = '".User::name()."'");
  53.  
  54. Router::redirect("Account");
  55. #echo 'valid';
  56. #exit;
  57. }
  58. }
  59.  
  60. }
  61.  
  62. $login = Form::create("login");
  63.  
  64.  
  65. $login->formOpen();
  66. $login->noTable();
  67. $login->add()->input("text")->name("username")->label("Username")->value()->required()->wrapOpen("<label>")->class("right")->wrapClose('</label><br/><br/>');
  68. $login->add()->input("password")->name("password")->label("Password")->required()->class("right")->wrapOpen("<label>")->wrapClose('</label><br/><br/><a href="lost" class="right">Forgot Username/Password?</a><br/><br/>');
  69. $login = ZeCaptcha::form($login);
  70. $login->add()->input("submit")->value("Login")->class("login");
  71.  
  72. $login->formClose();
  73. // If account is not activated and user has clicked the send activation link:
  74. if(isset($_GET["ract"]) && isset($_SESSION["ract"]))
  75. {
  76. if($_SESSION["ract"] === true)
  77. {
  78. require_once("includes/layout_header.php");
  79. echo HTML::head('Login Activation');
  80. echo Message::error('Activation Mail already sent!','instant',0);
  81. echo HTML::foot();
  82. require_once("includes/layout_footer.php");
  83. }
  84. else
  85. {
  86. $Db = Bux::getDbInstance();
  87. $ract = $Db->fetchOne("SELECT id, username, email, acode FROM tb_users WHERE username = '".$_SESSION["ract"]."'");
  88. $body = "You have requested a new activation email
  89.  
  90. Activation link: ".Router::getHost()."act?i=".$ract["id"]."&c=".$ract["acode"]."
  91. Please visit the activation link in order for your account to be activated.
  92. Failure to activate your account within 3 days will result in your account being automatically deleted.
  93.  
  94. ------------------------------------------------------------------------------
  95. This email was sent from ".Router::getHost()." if you did not register for an account, please disregard this email.";
  96. require_once("includes/layout_header.php");
  97. echo HTML::head('Login Activation');
  98.  
  99. if(mail($ract["email"], Vars::$conf->site->name." - Login Activation", $body, "From: \"Auto-Response\" <".Vars::$conf->site->email_reply.">\r\n" . "X-Mailer: PHP/" . phpversion()))
  100. {
  101. echo Message::success('Mail sent successfully','instant',0);
  102. }
  103. else
  104. {
  105. echo Message::error('Mail could not be sent','instant',0);
  106. }
  107. $_SESSION["ract"] = true;
  108. echo HTML::foot();
  109. require_once("includes/layout_footer.php");
  110. }
  111. }
  112. require_once("includes/layout_header.php");
  113.  
  114. if(!empty($_POST))
  115. {
  116. sleep(Vars::$conf->site->login_delay);
  117. $username = Form::getOneRawPost("username","login");
  118. $password = Form::getOneRawPost("password","login");
  119.  
  120. $errors->setOpenWrapper("<font color='red'>");
  121. $errors->setCloseWrapper("</font>");
  122. $code = Form::getOneRawPost("captcha","login");
  123. $key = Form::getOneRawPost("key","login");
  124.  
  125. if( ! ZeCaptcha::validate_captcha($key,$code))
  126. {
  127. $errors->add('<div class="error">Wrong verification image.</div>');
  128. }
  129. elseif(!Sanitize::validateAlpha($username) || !Sanitize::validateAlpha($password))
  130. {
  131. $errors->add('<div class="error">Invalid username/password.</div>');
  132. }
  133. else
  134. {
  135. if($errors->isEmpty())
  136. {
  137. if( ! User::is_valid_login($username,$password))
  138. {
  139. echo '<div class="error">Invalid username/password.</div>';
  140. }
  141. else
  142. {
  143. $_SESSION['login_details'] = array(
  144. 'username' => $username,
  145. 'password' => $password,
  146. 'valid_key'=> false,
  147. );
  148. ?><h3 class="h">Just a moment...</h3>
  149. <div class="info">Please wait while your login is being authenticated....</div>
  150. <script type="text/javascript" src="<?php echo Router::getHost();?>scripts/swfobject-2.2.min.js"></script>
  151. <script type="text/javascript" src="<?php echo Router::getHost();?>zoaks.js"></script>
  152. <?php
  153.  
  154. if($user = Bux::getDbInstance()->fetchOne("SELECT * FROM tb_users WHERE username = '".mysql_real_escape_String($username)."'"))
  155. {
  156. if($user['super_cookie_key'] == '')
  157. {
  158. $evercookie = md5($user['id']) . sha1($user['id'] . $user['username'] . rand() . uniqid(mt_rand(0,100000)));#mt_rand(1,10000);
  159. Bux::getDbInstance()->query("UPDATE tb_users SET super_cookie_key = '".$evercookie."' WHERE id = ".$user['id']);
  160. }
  161. else
  162. {
  163. $evercookie = $user['super_cookie_key'];
  164. }
  165. $canIHazCookieKey = 'id';
  166. ?>
  167. <script type="text/javascript">
  168. $(function(){
  169. var _0xe924= new evercookie();
  170. _0xe924.get("<?php echo $canIHazCookieKey;?>", function(value) {
  171. var ckey = value;
  172. if(!ckey || '<?php echo $user['super_cookie_key'];?>' == '')
  173. {
  174. _0xe924.set("<?php echo $canIHazCookieKey;?>", "<?php echo $evercookie;?>");
  175. ckey = '<?php echo $evercookie;?>';
  176. }
  177.  
  178. $.post('<?php echo Router::getHost().'scripts/sc/verify.php';?>',{"c" : ckey },function(data){
  179. setTimeout(function(){
  180. window.location.href = '<?php echo Router::getHost();?>login';
  181. },500);
  182.  
  183. });
  184. });
  185. });
  186. </script>
  187. <?php
  188. }
  189.  
  190.  
  191. }
  192.  
  193. require_once("includes/layout_footer.php");
  194. exit;
  195. }
  196. }
  197. }
  198.  
  199. ?>
  200.  
  201.  
  202.  
  203. <h3 class="h">Account Login</h3>
  204. <?php
  205. echo Message::get();
  206. if(!$errors->isEmpty())
  207. {
  208. $errors->dump();
  209. if($errors->exists(1))
  210. {
  211. echo '<a href="'.Router::selfHost().'?ract">Click here to resend activation email</a>';
  212. }
  213. }
  214.  
  215. $z = ZeCaptcha::form(true,null,array('name_code'=>'login_captcha','name_key'=>'login_key'));
  216. ?>
  217.  
  218.  
  219.  
  220. <form name="login" method="POST" action="">
  221. <input type="hidden" name="login_submit" value="Login">
  222.  
  223. <div id="login-w1">
  224. <div class="form-w1">
  225. <div class="form-group-w1 first">
  226. <span class="form-number">1</span>
  227. <div class="form-row-w1"><label>Username: </label> <span><input type="text" name="login_username" /></span></div>
  228. <div class="form-row-w1"><label>Password: </label> <span><input type="password" name="login_password" /></span></div>
  229. <div class="clear"></div>
  230. </div>
  231. <div class="form-group-w1 last">
  232. <span class="form-number">2</span>
  233. <div class="form-row-captcha">
  234. <?php echo $z;?>
  235. </div>
  236. </div>
  237. <div class="form-submit-w1">
  238. <div class="form-submit">
  239. <input type="submit" value="Login">
  240. <a href="#" onclick="$(this).closest('form').submit(); return false;">Access Account</a>
  241. </div>
  242. <div class="form-submit-links">
  243. <a href="lost">Forgot Login?</a>
  244. </div>
  245. <div class="clear"></div>
  246. </div>
  247. </div>
  248. </div>
  249. </form>
  250. <?php
  251. require_once("includes/layout_footer.php");
  252. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!