API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 25th, 2017
203
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.69 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. UserSpice 4
  4. An Open Source PHP User Management System
  5. by the UserSpice Team at http://UserSpice.com
  6.  
  7. This program is free software: you can redistribute it and/or modify
  8. it under the terms of the GNU General Public License as published by
  9. the Free Software Foundation, either version 3 of the License, or
  10. (at your option) any later version.
  11.  
  12. This program is distributed in the hope that it will be useful,
  13. but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. GNU General Public License for more details.
  16.  
  17. You should have received a copy of the GNU General Public License
  18. along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. */
  20. // error_reporting(E_ALL);
  21. // ini_set('display_errors', 1);
  22. ini_set("allow_url_fopen", 1);
  23. ?>
  24. <?php require_once 'init.php'; ?>
  25. <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
  26. <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
  27. <?php
  28. $settingsQ = $db->query("SELECT * FROM settings");
  29. $settings = $settingsQ->first();
  30. $error_message = '';
  31. if (@$_REQUEST['err']) $error_message = $_REQUEST['err']; // allow redirects to display a message
  32. $reCaptchaValid=FALSE;
  33.  
  34. if (Input::exists()) {
  35. $token = Input::get('csrf');
  36. if(!Token::check($token)){
  37. die('Token doesn\'t match!');
  38. }
  39. //Check to see if recaptcha is enabled
  40. if($settings->recaptcha == 1){
  41. require_once 'includes/recaptcha.config.php';
  42.  
  43. //reCAPTCHA 2.0 check
  44. $response = null;
  45.  
  46. // check secret key
  47. $reCaptcha = new ReCaptcha($privatekey);
  48.  
  49. // if submitted check response
  50. if ($_POST["g-recaptcha-response"]) {
  51. $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"],$_POST["g-recaptcha-response"]);
  52. }
  53. if ($response != null && $response->success) {
  54. $reCaptchaValid=TRUE;
  55.  
  56. }else{
  57. $reCaptchaValid=FALSE;
  58. $error_message .= 'Please check the reCaptcha.';
  59. }
  60. }else{
  61. $reCaptchaValid=TRUE;
  62. }
  63.  
  64. if($reCaptchaValid || $settings->recaptcha == 0){ //if recaptcha valid or recaptcha disabled
  65.  
  66. $validate = new Validate();
  67. $validation = $validate->check($_POST, array(
  68. 'username' => array('display' => 'Username','required' => true),
  69. 'password' => array('display' => 'Password', 'required' => true)));
  70.  
  71. if ($validation->passed()) {
  72. //Log user in
  73.  
  74. $remember = (Input::get('remember') === 'on') ? true : false;
  75. $user = new User();
  76. $login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);
  77. if ($login) {
  78. # if user was attempting to get to a page before login, go there
  79. if ($dest = sanitizedDest('dest')) {
  80. Redirect::to($dest);
  81. } elseif (file_exists($abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php')) {
  82. # if site has custom login script, use it
  83. # Note that the custom_login_script.php normally contains a Redirect::to() call
  84. require_once $abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php';
  85. } else {
  86. if (($dest = Config::get('homepage')) ||
  87. ($dest = 'account.php')) {
  88. #echo "DEBUG: dest=$dest<br />\n";
  89. #die;
  90. Redirect::to($dest);
  91. }
  92. }
  93. } else {
  94. $error_message .= 'Log in failed. Please check your username and password and try again.';
  95. }
  96. } else{
  97. $error_message .= '<ul>';
  98. foreach ($validation->errors() as $error) {
  99. $error_message .= '<li>' . $error . '</li>';
  100. }
  101. $error_message .= '</ul>';
  102. }
  103. }
  104. }
  105. if (!$dest = sanitizedDest('dest')) {
  106. $dest = '';
  107. }
  108. if(isset($_SESSION['user'])){
  109. session_destroy();
  110. Redirect::to('login.php');
  111. }
  112. ?>
  113.  
  114. <div id="page-wrapper">
  115. <div class="container">
  116. <div class="row">
  117. <div class="col-xs-12">
  118. <div class="bg-danger"><?=$error_message;?></div>
  119. <?php
  120. if($settings->glogin==1 && !$user->isLoggedIn()){
  121. require_once $abs_us_root.$us_url_root.'users/includes/google_oauth_login.php';
  122. }
  123. if($settings->fblogin==1 && !$user->isLoggedIn()){
  124. require_once $abs_us_root.$us_url_root.'users/includes/facebook_oauth.php';
  125. }
  126. ?>
  127. <form name="login" class="form-signin" action="login.php" method="post">
  128. <h2 class="form-signin-heading"></i> <?=lang("SIGNIN_TITLE","");?></h2>
  129. <input type="hidden" name="dest" value="<?= $dest ?>" />
  130.  
  131. <div class="form-group">
  132. <label for="username" >Username OR Email</label>
  133. <input class="form-control" type="text" name="username" id="username" placeholder="Username/Email" required autofocus>
  134. </div>
  135.  
  136. <div class="form-group">
  137. <label for="password">Password</label>
  138. <input type="password" class="form-control" name="password" id="password" placeholder="Password" required autocomplete="off">
  139. </div>
  140.  
  141. <?php
  142. if($settings->recaptcha == 1){
  143. ?>
  144. <div class="form-group">
  145. <label>Please check the box below to continue</label>
  146. <div class="g-recaptcha" data-sitekey="<?=$publickey; ?>"></div>
  147. </div>
  148. <?php } ?>
  149.  
  150. <div class="form-group">
  151. <label for="remember">
  152. <input type="checkbox" name="remember" id="remember" > Remember Me</label>
  153. </div>
  154.  
  155. <input type="hidden" name="csrf" value="<?=Token::generate(); ?>">
  156. <button class="submit btn btn-primary" type="submit"><i class="fa fa-sign-in"></i> <?=lang("SIGNIN_BUTTONTEXT","");?></button>
  157.  
  158. </form>
  159. </div>
  160. </div>
  161. <div class="row">
  162. <div class="col-xs-6"><br>
  163. <a class="pull-left" href='forgot_password.php'><i class="fa fa-wrench"></i> Forgot Password</a><br><br>
  164. </div>
  165. <div class="col-xs-6"><br>
  166. <a class="pull-right" href='join.php'><i class="fa fa-plus-square"></i> <?=lang("SIGNUP_TEXT","");?></a><br><br>
  167. </div>
  168. </div>
  169. </div>
  170. </div>
  171.  
  172. <!-- footers -->
  173. <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
  174.  
  175. <!-- Place any per-page javascript here -->
  176.  
  177. <?php if($settings->recaptcha == 1){ ?>
  178. <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  179. <?php } ?>
  180. <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!