SIGN IN PAGE

1. <?php
2. // Check if install.php is present
3. if(is_dir('install')) {
4. header("Location: install/install.php");
5. } else {
6. if(!isset($_SESSION)) session_start();
7.  
8. // Access DB Info
9. include('config.php');
10.  
11. // Get Settings Data
12. include ('includes/settings.php');
13. $set = mysqli_fetch_assoc($setRes);
14.  
15. // Include Functions
16. include('includes/functions.php');
17.  
18. // Include Sessions & Localizations
19. include('includes/sessions.php');
20.  
21. // Check if the User is all ready signed in
22. if ((isset($_SESSION['tz']['userId'])) && ($_SESSION['tz']['userId'] != '')) {
23. header('Location: index.php');
24. }
25.  
26. $msgBox = '';
27. $installUrl = $set['installUrl'];
28. $siteName = $set['siteName'];
29. $siteEmail = $set['siteEmail'];
30.  
31. // Account Log In
32. if (isset($_POST['submit']) && $_POST['submit'] == 'signIn') {
33. if($_POST['emailAddy'] == '') {
34. $msgBox = alertBox($accEmailReq, "<i class='fa fa-times-circle'></i>", "danger");
35. } else if($_POST['password'] == '') {
36. $msgBox = alertBox($accPassReq, "<i class='fa fa-times-circle'></i>", "danger");
37. } else {
38. $usrEmail = htmlspecialchars($_POST['emailAddy']);
39.  
40. $check = "SELECT userId, userFirst, userLast, isActive FROM users WHERE userEmail = '".$usrEmail."'";
41. $res = mysqli_query($mysqli, $check) or die('-1' . mysqli_error());
42. $row = mysqli_fetch_assoc($res);
43. $count = mysqli_num_rows($res);
44.  
45. if ($count > 0) {
46. // If the account is Active - Allow the login
47. if ($row['isActive'] == '1') {
48. $userEmail = htmlspecialchars($_POST['emailAddy']);
49. $password = encodeIt($_POST['password']);
50.  
51. if($stmt = $mysqli -> prepare("
52. SELECT
53. userId,
54. userEmail,
55. userFirst,
56. userLast,
57. location,
58. superUser,
59. isAdmin
60. FROM
61. users
62. WHERE
63. userEmail = ?
64. AND password = ?
65. ")) {
66. $stmt -> bind_param("ss",
67. $userEmail,
68. $password
69. );
70. $stmt -> execute();
71. $stmt -> bind_result(
72. $userId,
73. $userEmail,
74. $userFirst,
75. $userLast,
76. $location,
77. $superUser,
78. $isAdmin
79. );
80. $stmt -> fetch();
81. $stmt -> close();
82.  
83. if (!empty($userId)) {
84. if(!isset($_SESSION))session_start();
85. $_SESSION['tz']['userId'] = $userId;
86. $_SESSION['tz']['userEmail'] = $userEmail;
87. $_SESSION['tz']['userFirst'] = $userFirst;
88. $_SESSION['tz']['userLast'] = $userLast;
89. $_SESSION['tz']['location'] = $location;
90. $_SESSION['tz']['superUser'] = $superUser;
91. $_SESSION['tz']['isAdmin'] = $isAdmin;
92.  
93. // Add Recent Activity
94. $activityType = '1';
95. $tz_uid = $userId;
96. $activityTitle = $userFirst.' '.$userLast.' '.$accSignInAct;
97. updateActivity($tz_uid,$activityType,$activityTitle);
98.  
99. // Update the Last Login Date for User
100. $sqlStmt = $mysqli->prepare("UPDATE users SET lastVisited = NOW() WHERE userId = ?");
101. $sqlStmt->bind_param('s', $userId);
102. $sqlStmt->execute();
103. $sqlStmt->close();
104.  
105. header('Location: index.php');
106. } else {
107. // Add Recent Activity
108. $activityType = '0';
109. $tz_uid = '0';
110. $activityTitle = $accSignInErrAct;
111. updateActivity($tz_uid,$activityType,$activityTitle);
112.  
113. $msgBox = alertBox($accSignInErrMsg, "<i class='fa fa-warning'></i>", "warning");
114. }
115. }
116. } else {
117. // Add Recent Activity
118. $activityType = '0';
119. $tz_uid = $row['userId'];
120. $activityTitle = $row['userFirst'].' '.$row['userLast'].' '.$signInUsrErrAct;
121. updateActivity($tz_uid,$activityType,$activityTitle);
122.  
123. // If the account is not active, show a message
124. $msgBox = alertBox($inactAccMsg, "<i class='fa fa-warning'></i>", "warning");
125. }
126. } else {
127. // Add Recent Activity
128. $activityType = '0';
129. $tz_uid = '0';
130. $activityTitle = $noAccSignInErrAct;
131. updateActivity($tz_uid,$activityType,$activityTitle);
132.  
133. // No account found
134. $msgBox = alertBox($noAccSignInErrMsg, "<i class='fa fa-times-circle'></i>", "danger");
135. }
136. }
137. }
138.  
139. // Reset Account Password
140. if (isset($_POST['submit']) && $_POST['submit'] == 'resetPass') {
141. // Validation
142. if ($_POST['accountEmail'] == "") {
143. $msgBox = alertBox($accEmailReq, "<i class='fa fa-times-circle'></i>", "danger");
144. } else {
145. $usrEmail = htmlspecialchars($_POST['accountEmail']);
146.  
147. $query = "SELECT userEmail FROM users WHERE userEmail = ?";
148. $stmt = $mysqli->prepare($query);
149. $stmt->bind_param("s",$usrEmail);
150. $stmt->execute();
151. $stmt->bind_result($emailUser);
152. $stmt->store_result();
153. $numrows = $stmt->num_rows();
154.  
155. if ($numrows == 1) {
156. // Generate a RANDOM Hash for a password
157. $randomPassword = uniqid(rand());
158.  
159. // Take the first 8 digits and use them as the password we intend to email the Employee
160. $emailPassword = substr($randomPassword, 0, 8);
161.  
162. // Encrypt $emailPassword for the database
163. $newpassword = encodeIt($emailPassword);
164.  
165. //update password in db
166. $updatesql = "UPDATE users SET password = ? WHERE userEmail = ?";
167. $update = $mysqli->prepare($updatesql);
168. $update->bind_param("ss",
169. $newpassword,
170. $usrEmail
171. );
172. $update->execute();
173.  
174. $qry = "SELECT userId, userFirst, userLast, isAdmin FROM users WHERE userEmail = '".$usrEmail."'";
175. $results = mysqli_query($mysqli, $qry) or die('-2' . mysqli_error());
176. $row = mysqli_fetch_assoc($results);
177. $theUser = $row['userId'];
178. $isAdmin = $row['isAdmin'];
179. $userName = $row['userFirst'].' '.$row['userLast'];
180.  
181. if ($isAdmin == '1') {
182. // Add Recent Activity
183. $activityType = '3';
184. $activityTitle = $userName.' '.$admPassResetAct;
185. updateActivity($theUser,$activityType,$activityTitle);
186. } else {
187. // Add Recent Activity
188. $activityType = '3';
189. $activityTitle = $userName.' '.$usrPassResetAct;
190. updateActivity($theUser,$activityType,$activityTitle);
191. }
192.  
193. $subject = $siteName.' '.$resetPassEmailSub;
194.  
195. $message = '<html><body>';
196. $message .= '<h3>'.$subject.'</h3>';
197. $message .= '<p>'.$resetPassEmail1.'</p>';
198. $message .= '<hr>';
199. $message .= '<p>'.$emailPassword.'</p>';
200. $message .= '<hr>';
201. $message .= '<p>'.$resetPassEmail2.'</p>';
202. $message .= '<p>'.$resetPassEmail3.' '.$installUrl.'sign-in.php</p>';
203. $message .= '<p>'.$emailTankYouTxt.'<br>'.$siteName.'</p>';
204. $message .= '</body></html>';
205.  
206. $headers = "From: ".$siteName." <".$siteEmail.">\r\n";
207. $headers .= "Reply-To: ".$siteEmail."\r\n";
208. $headers .= "MIME-Version: 1.0\r\n";
209. $headers .= "Content-Type: text/html; charset=UTF-8\r\n";
210.  
211. mail($usrEmail, $subject, $message, $headers);
212.  
213. $msgBox = alertBox($resetPassMsg1, "<i class='fa fa-check-square'></i>", "success");
214. $stmt->close();
215. } else {
216. // Add Recent Activity
217. $activityType = '1';
218. $tz_uid = '0';
219. $activityTitle = $resetPassMsgAct;
220. updateActivity($tz_uid,$activityType,$activityTitle);
221.  
222. // No account found
223. $msgBox = alertBox($resetPassMsg2, "<i class='fa fa-times-circle'></i>", "danger");
224. }
225. }
226. }
227.  
228. ?>
229. <!DOCTYPE html>
230. <html lang="en">
231. <head>
232. <meta charset="utf-8">
233. <meta http-equiv="X-UA-Compatible" content="IE=edge">
234. <meta name="viewport" content="width=device-width, initial-scale=1">
235. <meta name="description" content="<?php echo $metaDesc; ?>">
236. <meta name="author" content="<?php echo $metaAuthor; ?>">
237.  
238. <title><?php echo $set['siteName']; ?> &middot; <?php echo $signInPageTitle; ?></title>
239.  
240. <link href="css/font-awesome.css" rel="stylesheet" type="text/css" />
241. <link href="css/bootstrap.css" rel="stylesheet">
242. <link href="css/custom.css" rel="stylesheet">
243. <link href="css/styles.css" rel="stylesheet">
244.  
245. <!--[if lt IE 9]>
246. <script src="js/html5shiv.min.js"></script>
247. <script src="js/respond.min.js"></script>
248. <![endif]-->
249. </head>
250.  
251. <body>
252. <div class="container signin">
253. <div class="row">
254. <div class="col-md-8 col-md-offset-2">
255. <p class="text-center mt-0"><a href="sign-in.php"><img src="images/signin.png" alt="<?php echo $set['siteName'].' '.$signInPageTitle; ?>" /></a></p>
256. <?php if ($msgBox) { echo $msgBox; } ?>
257. </div>
258. </div>
259.  
260. <div class="row">
261. <div class="col-md-4 col-md-offset-4">
262. <form action="" method="post" class="signin-form">
263. <div class="form-group" data-toggle="tooltip" data-placement="top" title="<?php echo $accEmailField; ?>">
264. <input type="email" class="form-control" name="emailAddy" required="required" placeholder="<?php echo $accEmailField; ?>">
265. </div>
266. <div class="form-group" data-toggle="tooltip" data-placement="top" title="<?php echo $accPassField; ?>">
267. <input type="password" class="form-control" name="password" required="required" placeholder="<?php echo $accPassField; ?>">
268. </div>
269. <button type="submit" name="submit" value="signIn" class="btn btn-danger btn-lg btn-block btn-icon-alt mt-20"><?php echo $signInBtnText; ?> <i class="fa fa-long-arrow-right"></i></button>
270. </form>
271. <p class="text-center"><small><a data-toggle="modal" href="#resetPassword"><?php echo $lostPassText; ?></a></small></p>
272.  
273. <div class="modal fade" id="resetPassword" tabindex="-1" role="dialog" aria-hidden="true">
274. <div class="modal-dialog">
275. <div class="modal-content">
276. <div class="modal-header">
277. <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true"><i class="fa fa-times"></i></span></button>
278. <h4 class="modal-title"><?php echo $resetPassH4; ?></h3>
279. </div>
280. <form action="" method="post">
281. <div class="modal-body">
282. <div class="form-group">
283. <label for="accountEmail"><?php echo $accEmailField; ?></label>
284. <input type="email" class="form-control" required="required" name="accountEmail" value="" />
285. <span class="help-block"><?php echo $resetPassHelp; ?></span>
286. </div>
287. </div>
288. <div class="modal-footer">
289. <button type="button" class="btn btn-default btn-sm btn-icon" data-dismiss="modal"><i class="fa fa-times"></i> <?php echo $closeBtn; ?></button>
290. <button type="input" name="submit" value="resetPass" class="btn btn-success btn-sm btn-icon"><i class="fa fa-check-square-o"></i> <?php echo $resetPassBtnText; ?></button>
291. </div>
292. </form>
293. </div>
294. </div>
295. </div>
296. </div>
297. </div>
298. </div>
299.  
300. <script type="text/javascript" src="js/jquery.min.js"></script>
301. <script type="text/javascript" src="js/bootstrap.min.js"></script>
302. <script type="text/javascript">
303. jQuery(document).ready(function($) {
304. $("[data-toggle='tooltip']").tooltip();
305.  
306. $('.msgClose').click(function(e){
307. e.preventDefault();
308. $(this).closest('.alertMsg').fadeOut("slow", function() {
309. $(this).addClass('hidden');
310. });
311. });
312.  
313. var placehold = {
314. init: function(){
315. $('input[type="text"], input[type="email"], input[type="password"], textarea').each(placehold.replace);
316. },
317. replace: function(){
318. var txt = $(this).data('placeholder');
319. if (txt) {
320. if ($(this).val()=='') {
321. $(this).val(txt);
322. }
323. $(this).focus(function(){
324. if ($(this).val() == txt){
325. $(this).val('');
326. }
327. }).blur(function(){
328. if ($(this).val() == ''){
329. $(this).val(txt);
330. }
331. });
332. }
333. }
334. }
335. placehold.init();
336.  
337. $("form :input[required='required']").blur(function() {
338. if (!$(this).val()) {
339. $(this).addClass('hasError');
340. } else {
341. if ($(this).hasClass('hasError')) {
342. $(this).removeClass('hasError');
343. }
344. }
345. });
346. $("form :input[required='required']").change(function() {
347. if ($(this).hasClass('hasError')) {
348. $(this).removeClass('hasError');
349. }
350. });
351. });
352. </script>
353. </body>
354. </html>
355. <?php } ?>