<?phpob_start();header('X-Frame-Options: SAMEORIGIN');/*UserSpice 4An

1. <?php
2. ob_start();
3. header('X-Frame-Options: SAMEORIGIN');
4. /*
5. UserSpice 4
6. An Open Source PHP User Management System
7. by the UserSpice Team at http://UserSpice.com
8.  
9. This program is free software: you can redistribute it and/or modify
10. it under the terms of the GNU General Public License as published by
11. the Free Software Foundation, either version 3 of the License, or
12. (at your option) any later version.
13.  
14. This program is distributed in the hope that it will be useful,
15. but WITHOUT ANY WARRANTY; without even the implied warranty of
16. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17. GNU General Public License for more details.
18.  
19. You should have received a copy of the GNU General Public License
20. along with this program. If not, see <http://www.gnu.org/licenses/>.
21. */
22. ?>
23. <?php require_once $abs_us_root.$us_url_root.'users/helpers/helpers.php'; ?>
24. <?php require_once $abs_us_root.$us_url_root.'users/includes/user_spice_ver.php'; ?>
25.  
26. <?php
27. //check for a custom page
28. $currentPage = currentPage();
29. if(isset($_GET['err'])){
30. $err = Input::get('err');
31. }
32.  
33. if(isset($_GET['msg'])){
34. $msg = Input::get('msg');
35. }
36.  
37. if(file_exists($abs_us_root.$us_url_root.'usersc/'.$currentPage)){
38. if(currentFolder()!= 'usersc'){
39. $url = $us_url_root.'usersc/'.$currentPage;
40. if(isset($_GET)){
41. $url .= '?'; //add initial ?
42. foreach ($_GET as $key=>$value){
43. $url .= '&'.$key.'='.$value;
44. }
45. }
46. Redirect::to($url);
47. }
48. }
49.  
50. $db = DB::getInstance();
51. $settingsQ = $db->query("Select * FROM settings");
52. $settings = $settingsQ->first();
53.  
54. //dealing with logged in users
55. if($user->isLoggedIn() && !checkMenu(2,$user->data()->id)){
56. if (($settings->site_offline==1) && (!in_array($user->data()->id, $master_account)) && ($currentPage != 'login.php') && ($currentPage != 'maintenance.php')){
57. //:: force logout then redirect to maint.page
58. logger($user->data()->id,"Offline","Landed on Maintenance Page."); //Lggger
59. $user->logout();
60. Redirect::to($us_url_root.'users/maintenance.php');
61. }
62. }
63.  
64. //deal with guests
65. if(!$user->isLoggedIn()){
66. if (($settings->site_offline==1) && ($currentPage != 'login.php') && ($currentPage != 'maintenance.php')){
67. //:: redirect to maint.page
68. logger(1,"Offline","Guest Landed on Maintenance Page."); //Logger
69. Redirect::to($us_url_root.'users/maintenance.php');
70. }
71. }
72.  
73. //notifiy master_account that the site is offline
74. if($user->isLoggedIn()){
75. if (($settings->site_offline==1) && (in_array($user->data()->id, $master_account)) && ($currentPage != 'login.php') && ($currentPage != 'maintenance.php')){
76. err("<br>Maintenance Mode Active");
77. }
78. }
79.  
80. if($settings->glogin==1 && !$user->isLoggedIn()){
81. require_once $abs_us_root.$us_url_root.'users/includes/google_oauth.php';
82. }
83.  
84. if ($settings->force_ssl==1){
85.  
86. if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) {
87. // if request is not secure, redirect to secure url
88. $url = 'https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
89. Redirect::to($url);
90. exit;
91. }
92. }
93. require_once $abs_us_root.$us_url_root.'usersc/includes/security_headers.php';
94.  
95. //if track_guest enabled AND there is a user logged in
96. if($settings->track_guest == 1 && $user->isLoggedIn()){
97. if ($user->isLoggedIn()){
98. $user_id=$user->data()->id;
99. }else{
100. $user_id=0;
101. }
102. new_user_online($user_id);
103.  
104. }
105.  
106. if($user->isLoggedIn() && $currentPage != 'user_settings.php' && $user->data()->force_pr == 1) Redirect::to($us_url_root.'users/user_settings.php?err=You+must+change+your+password!');
107.  
108. if(substr($us_url_root,1).$currentPage == currentFolder().'/'.$currentPage){
109. $find = $currentPage;
110. }else{
111. $find = currentFolder().'/'.$currentPage;
112. }
113. $titleQ = $db->query('SELECT title FROM pages WHERE page = ?', array($find));
114. if ($titleQ->count() > 0) {
115. $pageTitle = $titleQ->first()->title;
116. }
117. else $pageTitle = '';
118. ?>
119. <!DOCTYPE html>
120. <html lang="en">
121. <head>
122. <meta charset="utf-8">
123. <meta http-equiv="X-UA-Compatible" content="IE=edge">
124. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
125. <meta name="description" content="">
126. <meta name="author" content="">
127.  
128. <?php
129. if(file_exists($abs_us_root.$us_url_root.'usersc/includes/head_tags.php')){
130. require_once $abs_us_root.$us_url_root.'usersc/includes/head_tags.php';
131. }
132.  
133. if(($settings->messaging == 1) && ($user->isLoggedIn())){
134. $msgQ = $db->query("SELECT id FROM messages WHERE msg_to = ? AND msg_read = 0 AND deleted = 0",array($user->data()->id));
135. $msgC = $msgQ->count();
136. if($msgC == 1){
137. $grammar = 'Message';
138. }else{
139. $grammar = 'Messages';
140. }
141. }
142. ?>
143.  
144. <title><?= (($pageTitle != '') ? $pageTitle : ''); ?> <?=$settings->site_name?></title>
145.  
146. <!-- Bootstrap Core CSS -->
147. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
148.  
149. <!-- AKA Primary CSS -->
150. <link href="<?=$us_url_root?><?=str_replace('../','',$settings->us_css1);?>" rel="stylesheet">
151.  
152. <!-- Template CSS -->
153. <!-- AKA Secondary CSS -->
154. <link href="<?=$us_url_root?><?=str_replace('../','',$settings->us_css2);?>" rel="stylesheet">
155.  
156. <!-- Table Sorting and Such -->
157. <link href="<?=$us_url_root?>users/css/datatables.css" rel="stylesheet">
158.  
159. <!-- Your Custom CSS Goes Here and will override everything above this!-->
160. <link href="<?=$us_url_root?><?=str_replace('../','',$settings->us_css3);?>" rel="stylesheet">
161.  
162. <!-- Custom Fonts/Animation/Styling-->
163. <link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous">
164.  
165. <script src="https://code.jquery.com/jquery-3.1.1.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
166. <!-- jQuery Fallback -->
167. <script type="text/javascript">
168. if (typeof jQuery == 'undefined') {
169. document.write(unescape("%3Cscript src='<?=$us_url_root?>users/js/jquery.js' type='text/javascript'%3E%3C/script%3E"));
170. }
171. </script>
172.  
173. <?php require_once $abs_us_root.$us_url_root.'usersc/includes/bootstrap_corrections.php'; ?>
174.  
175.  
176. </head>
177.  
178. <body class="nav-md">
179. <?php
180. if(isset($_GET['err'])){
181. err("<br>".$err);
182. }
183.  
184. if(isset($_GET['msg'])){
185. bold("<br>".$msg);
186. }
187.  
188. if ($user->isLoggedIn()) { (!reAuth($_SERVER['PHP_SELF'],$user->data()->id,$us_url_root)); }
189. if ($user->isLoggedIn() && isset($_SESSION['twofa']) && $_SESSION['twofa']==1 && $currentPage !== 'twofa.php') Redirect::to('twofa.php');
190. require_once $abs_us_root.$us_url_root.'usersc/includes/timepicker.php';
191. ?>