<?php/*UserSpice 4An Open Source PHP User Management Systemby the UserSp

1. <?php
2. /*
3. UserSpice 4
4. An Open Source PHP User Management System
5. by the UserSpice Team at http://UserSpice.com
6.  
7. This program is free software: you can redistribute it and/or modify
8. it under the terms of the GNU General Public License as published by
9. the Free Software Foundation, either version 3 of the License, or
10. (at your option) any later version.
11.  
12. This program is distributed in the hope that it will be useful,
13. but WITHOUT ANY WARRANTY; without even the implied warranty of
14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15. GNU General Public License for more details.
16.  
17. You should have received a copy of the GNU General Public License
18. along with this program.  If not, see <http://www.gnu.org/licenses/>.
19. */
20.  //error_reporting(E_ALL);
21.  //ini_set('display_errors', 1);
22.  
23.  
24. ini_set("allow_url_fopen", 1);
25. if(isset($_SESSION)){session_destroy();}
26. ?>
27. <?php require_once '../users/init.php'; ?>
28. <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
29. <?php //require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
30.  
31. <?php
32.  
33. //html_alert('info', print_r($_SESSION), true);
34. //msghdr(print_r($_SESSION),0);
35.  
36. $settingsQ = $db->query("SELECT * FROM settings");
37. $settings = $settingsQ->first();
38. $error_message = '';
39. if (@$_REQUEST['err']) $error_message = $_REQUEST['err']; // allow redirects to display a message
40. $reCaptchaValid=FALSE;
41.  
42. if (Input::exists()) {
43.     //$token = $_POST['csrf']; //d48fc34103bbecc2577ba5b921c612f9
44.     //bold($token);
45.     $token = Input::get('csrf');
46.    // if(!Token::check($token)){
47.     //    die('Token doesn\'t match!('.$token.')');
48.    // }
49.     //Check to see if recaptcha is enabled
50.     if($settings->recaptcha == 1){
51.         require_once 'includes/recaptcha.config.php';
52.  
53.         //reCAPTCHA 2.0 check
54.         $response = null;
55.  
56.         // check secret key
57.         $reCaptcha = new ReCaptcha($privatekey);
58.  
59.         // if submitted check response
60.         if ($_POST["g-recaptcha-response"]) {
61.             $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"],$_POST["g-recaptcha-response"]);
62.         }
63.         if ($response != null && $response->success) {
64.             $reCaptchaValid=TRUE;
65.  
66.         }else{
67.             $reCaptchaValid=FALSE;
68.             $error_message .= 'Please check the reCaptcha.';
69.         }
70.     }else{
71.         $reCaptchaValid=TRUE;
72.     }
73.  
74.     if($reCaptchaValid || $settings->recaptcha == 0){ //if recaptcha valid or recaptcha disabled
75.  
76.         $validate = new Validate();
77.         $validation = $validate->check($_POST, array(
78.             'username' => array('display' => 'Username','required' => true),
79.             'password' => array('display' => 'Password', 'required' => true)));
80.  
81.         if ($validation->passed()) {
82.             //Log user in
83.  
84.             $remember = (Input::get('remember') === 'on') ? true : false;
85.             $user = new User();
86.             $login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);
87.             if ($login) {
88.                 # if user was attempting to get to a page before login, go there
89.                if ($dest = sanitizedDest('dest')) {
90.                     Redirect::to($dest);
91.                 } elseif (file_exists($abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php')) {
92.                     # if site has custom login script, use it
93.                    # Note that the custom_login_script.php normally contains a Redirect::to() call
94.                    require_once $abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php';
95.                 } else {
96.                     if (($dest = Config::get('homepage')) ||
97.                             ($dest = 'account.php')) {
98.                         #echo "DEBUG: dest=$dest<br />\n";
99.                        #die;
100.                        Redirect::to($dest);
101.                     }
102.                 }
103.             } else {
104.                 $error_message .= 'Log in failed. Please check your username and password and try again.';
105.             }
106.         } else{
107.             $error_message .= '<ul>';
108.             foreach ($validation->errors() as $error) {
109.                 $error_message .= '<li>' . $error . '</li>';
110.             }
111.             $error_message .= '</ul>';
112.         }
113.     }
114. }
115. if (!$dest = sanitizedDest('dest')) {
116.   $dest = '';
117. }
118.  
119. ?>
120.  
121. <div id="page-wrapper">
122.     <div class="container">
123.         <div class="row">
124.             <div class="col-sm-6 col-md-4 col-md-offset-4">
125.         <?php
126. if($settings->glogin==1 && !$user->isLoggedIn()){
127. require_once $abs_us_root.$us_url_root.'users/includes/google_oauth_login.php';
128. }
129. if($settings->fblogin==1 && !$user->isLoggedIn()){
130. require_once $abs_us_root.$us_url_root.'users/includes/facebook_oauth.php';
131. }
132. ?>
133. <link rel="stylesheet" href="login.css" type="text/css">
134.     <h1 class="text-center loginlogin-title"><?php echo $settings->site_name; ?></h1>
135.         <div class="loginaccount-wall">
136.             <img class="loginprofile-img" src="https://lh5.googleusercontent.com/-b0-k99FZlyE/AAAAAAAAAAI/AAAAAAAAAAA/eu7opA4byxI/photo.jpg?sz=120" alt="">
137.             <form name="login" class="loginform-signin" action="login.php" method="post">
138.             <input type="hidden" name="dest" value="<?= $dest ?>" />
139.             <input type="text" class="loginform-control" name="username" id="username" placeholder="Username/Email" required autofocus>
140.             <input type="password" class="loginform-control" name="password" id="password"  placeholder="Password" required autocomplete="off">
141.     <?php
142.     if($settings->recaptcha == 1){
143.     ?>
144.     <div class="loginform-group">
145.     <label>Please check the box below to continue</label>
146.     <div class="g-recaptcha" data-sitekey="<?=$publickey; ?>"></div>
147.     </div>
148.     <?php } ?>
149.         <input type="hidden" name="csrf" value="<?=Token::generate(); ?>"> 
150.  
151.         <button class="submit btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
152.        
153.         <label class="loginlogin-checkbox pull-left" >
154.         <input type="checkbox" name="remember" id="remember">Remember me</label>
155.  
156.         <a class="pull-right loginlogin-need-help" href='forgot_password.php'>Help?</a><span class="clearfix"></span>
157.    
158.         <div class="text-center bg-danger"><?=$error_message;?></div>
159.         </form>
160.     </div>
161.  </div>    
162.  </div>
163.  </div>
164.  
165. </div>
166.  
167. </div><!-- /.row -->
168.  
169. </div> <!-- /container -->
170.  
171. </div> <!-- /#page-wrapper -->
172.  
173.  
174.  
175.  
176.     <!-- footers -->
177. <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
178.  
179.     <!-- Place any per-page javascript here -->
180.  
181. <?php   if($settings->recaptcha == 1){ ?>
182. <script src="https://www.google.com/recaptcha/api.js" async defer></script>
183. <?php } ?>
184. <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>