Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- UserSpice 4
- An Open Source PHP User Management System
- by the UserSpice Team at http://UserSpice.com
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
- //error_reporting(E_ALL);
- //ini_set('display_errors', 1);
- ini_set("allow_url_fopen", 1);
- if(isset($_SESSION)){session_destroy();}
- ?>
- <?php require_once '../users/init.php'; ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
- <?php //require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
- <?php
- //html_alert('info', print_r($_SESSION), true);
- //msghdr(print_r($_SESSION),0);
- $settingsQ = $db->query("SELECT * FROM settings");
- $settings = $settingsQ->first();
- $error_message = '';
- if (@$_REQUEST['err']) $error_message = $_REQUEST['err']; // allow redirects to display a message
- $reCaptchaValid=FALSE;
- if (Input::exists()) {
- //$token = $_POST['csrf']; //d48fc34103bbecc2577ba5b921c612f9
- //bold($token);
- $token = Input::get('csrf');
- // if(!Token::check($token)){
- // die('Token doesn\'t match!('.$token.')');
- // }
- //Check to see if recaptcha is enabled
- if($settings->recaptcha == 1){
- require_once 'includes/recaptcha.config.php';
- //reCAPTCHA 2.0 check
- $response = null;
- // check secret key
- $reCaptcha = new ReCaptcha($privatekey);
- // if submitted check response
- if ($_POST["g-recaptcha-response"]) {
- $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"],$_POST["g-recaptcha-response"]);
- }
- if ($response != null && $response->success) {
- $reCaptchaValid=TRUE;
- }else{
- $reCaptchaValid=FALSE;
- $error_message .= 'Please check the reCaptcha.';
- }
- }else{
- $reCaptchaValid=TRUE;
- }
- if($reCaptchaValid || $settings->recaptcha == 0){ //if recaptcha valid or recaptcha disabled
- $validate = new Validate();
- $validation = $validate->check($_POST, array(
- 'username' => array('display' => 'Username','required' => true),
- 'password' => array('display' => 'Password', 'required' => true)));
- if ($validation->passed()) {
- //Log user in
- $remember = (Input::get('remember') === 'on') ? true : false;
- $user = new User();
- $login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);
- if ($login) {
- # if user was attempting to get to a page before login, go there
- if ($dest = sanitizedDest('dest')) {
- Redirect::to($dest);
- } elseif (file_exists($abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php')) {
- # if site has custom login script, use it
- # Note that the custom_login_script.php normally contains a Redirect::to() call
- require_once $abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php';
- } else {
- if (($dest = Config::get('homepage')) ||
- ($dest = 'account.php')) {
- #echo "DEBUG: dest=$dest<br />\n";
- #die;
- Redirect::to($dest);
- }
- }
- } else {
- $error_message .= 'Log in failed. Please check your username and password and try again.';
- }
- } else{
- $error_message .= '<ul>';
- foreach ($validation->errors() as $error) {
- $error_message .= '<li>' . $error . '</li>';
- }
- $error_message .= '</ul>';
- }
- }
- }
- if (!$dest = sanitizedDest('dest')) {
- $dest = '';
- }
- ?>
- <div id="page-wrapper">
- <div class="container">
- <div class="row">
- <div class="col-sm-6 col-md-4 col-md-offset-4">
- <?php
- if($settings->glogin==1 && !$user->isLoggedIn()){
- require_once $abs_us_root.$us_url_root.'users/includes/google_oauth_login.php';
- }
- if($settings->fblogin==1 && !$user->isLoggedIn()){
- require_once $abs_us_root.$us_url_root.'users/includes/facebook_oauth.php';
- }
- ?>
- <link rel="stylesheet" href="login.css" type="text/css">
- <h1 class="text-center loginlogin-title"><?php echo $settings->site_name; ?></h1>
- <div class="loginaccount-wall">
- <img class="loginprofile-img" src="https://lh5.googleusercontent.com/-b0-k99FZlyE/AAAAAAAAAAI/AAAAAAAAAAA/eu7opA4byxI/photo.jpg?sz=120" alt="">
- <form name="login" class="loginform-signin" action="login.php" method="post">
- <input type="hidden" name="dest" value="<?= $dest ?>" />
- <input type="text" class="loginform-control" name="username" id="username" placeholder="Username/Email" required autofocus>
- <input type="password" class="loginform-control" name="password" id="password" placeholder="Password" required autocomplete="off">
- <?php
- if($settings->recaptcha == 1){
- ?>
- <div class="loginform-group">
- <label>Please check the box below to continue</label>
- <div class="g-recaptcha" data-sitekey="<?=$publickey; ?>"></div>
- </div>
- <?php } ?>
- <input type="hidden" name="csrf" value="<?=Token::generate(); ?>">
- <button class="submit btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
- <label class="loginlogin-checkbox pull-left" >
- <input type="checkbox" name="remember" id="remember">Remember me</label>
- <a class="pull-right loginlogin-need-help" href='forgot_password.php'>Help?</a><span class="clearfix"></span>
- <div class="text-center bg-danger"><?=$error_message;?></div>
- </form>
- </div>
- </div>
- </div>
- </div>
- </div>
- </div><!-- /.row -->
- </div> <!-- /container -->
- </div> <!-- /#page-wrapper -->
- <!-- footers -->
- <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
- <!-- Place any per-page javascript here -->
- <?php if($settings->recaptcha == 1){ ?>
- <script src="https://www.google.com/recaptcha/api.js" async defer></script>
- <?php } ?>
- <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement