<?php ob_start(); require_once 'includes/app/config.php'; require_once

1. <?php
2.  
3. ob_start();
4. require_once 'includes/app/config.php';
5. require_once 'includes/app/init.php';
6. require_once 'includes/mail/class.phpmailer.php';
7. require_once 'includes/mail/class.smtp.php';
8.  
9. $mail = new PHPMailer;
10.  
11. if (!(empty($maintaince))) {
12. header('Location: maintenace.php');
13. exit;
14. }
15.  
16. //Set IP (are you using cloudflare?)
17. if ($cloudflare == 1){
18. $ip = $_SERVER["HTTP_CF_CONNECTING_IP"];
19. }
20. else{
21. $ip = $user -> realIP();
22. }
23.  
24. //Are you already logged in?
25. if ($user -> LoggedIn()){
26. header('Location: home.php');
27. exit;
28. }
29.  
30.  
31. if(isset($_POST['doLogin'])){
32. $username = $_POST['login-username'];
33. $password = $_POST['login-password'];
34.  
35.  
36. $date = strtotime('-1 hour', time());
37. $attempts = $odb->query("SELECT COUNT(*) FROM `loginlogs` WHERE `ip` = '$ip' AND `username` LIKE '%failed' AND `date` BETWEEN '$date' AND UNIX_TIMESTAMP()")->fetchColumn(0);
38. if ($attempts > 2) {
39. $date = strtotime('+1 hour', $waittime = $odb->query("SELECT `date` FROM `loginlogs` WHERE `ip` = '$ip' ORDER BY `date` DESC LIMIT 1")->fetchColumn(0) - time());
40. //$error = 'Too many failed attempts. Please wait '.$date.' seconds and try again.';
41. }
42.  
43. if(empty($username) || empty($password)){
44. $error = error("Please enter all fields");
45. }
46.  
47. /// Main Checks Against the Inputs
48.  
49. $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username");
50. $SQLCheckLogin -> execute(array(':username' => $username));
51. $countLogin = $SQLCheckLogin -> fetchColumn(0);
52. if (!($countLogin == 1)){
53. $SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')");
54. $SQL -> execute(array(':username' => $username." - failed",':ip' => $ip));
55. $error = error("The username does not exist in our system.");
56. }
57.  
58. $SQLCheckLogin = $odb -> prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :username AND `password` = :password");
59. $SQLCheckLogin -> execute(array(':username' => $username, ':password' => SHA1(md5($password))));
60. $countLogin = $SQLCheckLogin -> fetchColumn(0);
61. if (!($countLogin == 1)){
62. $SQL = $odb -> prepare("INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), 'XX')");
63. $SQL -> execute(array(':username' => $username." - failed login",':ip' => $ip));
64. $error = error('The password you entered is invalid.');
65. }
66.  
67. $SQL = $odb -> prepare("SELECT `status` FROM `users` WHERE `username` = :username");
68. $SQL -> execute(array(':username' => $username));
69. $status = $SQL -> fetchColumn(0);
70. if ($status == 1){
71. $ban = $odb -> query("SELECT `reason` FROM `bans` WHERE `username` = '$username'") -> fetchColumn(0);
72. if(empty($ban)){ $ban = "No reason given."; }
73. $error = error('You are banned. Reason: '.htmlspecialchars($ban));
74. }
75. // Check if 2auth enabled
76. if(empty($error)){
77.  
78. $SQL = $odb -> prepare("SELECT * FROM `users` WHERE `username` = :username"); $SQL -> execute(array(':username' => $username));
79. $userInfo = $SQL -> fetch();
80. $ipcountry = json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip)) -> {'geoplugin_countryName'};
81. if (empty($ipcountry)) {$ipcountry = 'XX';}
82. $SQL = $odb -> prepare('INSERT INTO `loginlogs` VALUES(:username, :ip, UNIX_TIMESTAMP(), :ipcountry)');
83. $SQL -> execute(array(':ip' => $ip, ':username' => $username, ':ipcountry' => $ipcountry));
84. $_SESSION['username'] = $userInfo['username'];
85. $_SESSION['ID'] = $userInfo['ID'];
86. setcookie("username", $userInfo['username'], time() + 720000);
87. header('Location: home.php');
88. exit;
89.  
90. }
91. }
92.  
93. if(isset($_POST['forgotPw']))
94.  
95. {
96. $value = $_POST['input'];
97.  
98.  
99. if(empty($value))
100. {
101. $error = error('The email was empty please try again.');
102. }
103.  
104. $SQL = $odb -> prepare("SELECT COUNT(`email`) FROM `users` WHERE `email` = :email");
105. $SQL -> execute(array(':email' => $value));
106. $status = $SQL -> fetchColumn(0);
107. if ($status == 0){
108. $error = error('Email does not exist!');
109. }
110.  
111. /// Change Password Here
112. if(empty($error))
113. {
114. function generateRandomString($length = 10) {
115. $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
116. $charactersLength = strlen($characters);
117. $randomString = '';
118. for ($i = 0; $i < $length; $i++) {
119. $randomString .= $characters[rand(0, $charactersLength - 1)];
120. }
121. return $randomString;
122. }
123. $newpass = generateRandomString();
124.  
125. //$SQL = $odb -> query("UPDATE `users` SET `password` = {$newpass} WHERE `ID` = {$userID}");
126.  
127. $SQLUpdate = $odb -> prepare("UPDATE `users` SET `password` = :password WHERE `email` = :id");
128. $SQLUpdate -> execute(array(':password' => SHA1(md5($newpass)), ':id' => $value));
129.  
130.  
131. /// Email Send Here
132. $mail->isSMTP(); // Set mailer to use SMTP
133. $mail->Host = $Shost; // Specify main and backup SMTP servers
134. $mail->SMTPAuth = $SAuth; // Enable SMTP authentication
135. $mail->Username = $Susername; // SMTP username
136. $mail->Password = $Spassword; // SMTP password
137. $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
138. $mail->Port = $Sport; // TCP port to connect to
139. $mail->setFrom($Susername, $sitename);
140. $mail->addAddress($value, $sitename); // Add a recipient // Name is optional
141. $mail->addReplyTo('no-reply@dead.com', 'Sorry Guys!');
142. $mail->isHTML(true); // Set email format to HTML
143. $mail->Subject = ''.$sitename.' - Password Rest';
144. $mail->Body = '<h3> You requested your password to be reset </h3> <br> Your new password is: <b>'.$newpass.'</b> <br/> Please change this as soon as you can to make sure your safe. <br/> If you worry about your account being hacked enable 2auth using any authenticator app and setup 2auth for your account so guranteed safety!';
145.  
146. if(!$mail->send()) {
147. $error = success('Message could not be sent.');
148. $error = success('Mailer Error: ' . $mail->ErrorInfo);
149. } else {
150. $error = success('Email has been sent with new passsword!');
151. }
152. }
153. }
154.  
155. ?>
156.  
157. <!DOCTYPE html>
158. <html lang="en">
159. <head>
160. <meta charset="utf-8">
161. <meta http-equiv="X-UA-Compatible" content="IE=edge">
162. <meta name="viewport" content="width=device-width, initial-scale=1">
163. <meta name="description" content="">
164. <meta name="author" content="">
165. <link rel="icon" type="image/png" sizes="16x16" href="../plugins/images/favicon.png">
166. <title><?php echo $sitename;?> - Login</title>
167. <!-- Bootstrap Core CSS -->
168. <link href="includes/theme/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
169. <!-- animation CSS -->
170. <link href="includes/theme/css/animate.css" rel="stylesheet">
171. <!-- Custom CSS -->
172. <link href="includes/theme/css/style.css" rel="stylesheet">
173. <!-- color CSS -->
174. <link href="includes/theme/css/colors/default-dark.css" id="theme" rel="stylesheet">
175. <script src='https://www.google.com/recaptcha/api.js'></script>
176. <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
177. <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
178. <!--[if lt IE 9]>
179. <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
180. <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
181. <![endif]-->
182. </head>
183.  
184. <body>
185. <!-- Preloader -->
186. <div class="preloader">
187. <div class="cssload-speeding-wheel"></div>
188. </div>
189. <section id="wrapper" class="login-register">
190. <div class="login-box">
191. <?php
192. if(!empty($error)){
193. echo ($error);
194. }
195. ?>
196. <div class="white-box">
197. <form class="form-horizontal form-material" id="loginform" method="post">
198. <h3 class="box-title m-b-20">Sign In</h3>
199. <div class="form-group ">
200. <div class="col-xs-12">
201. <input class="form-control" type="text" required="" name="login-username" placeholder="Username">
202. </div>
203. </div>
204. <div class="form-group">
205. <div class="col-xs-12">
206. <input class="form-control" type="password" required="" name="login-password" placeholder="Password">
207. </div>
208. </div>
209. <div class="form-group">
210. <div class="col-xs-12">
211. <center> <div class="g-recaptcha" data-sitekey=<?php echo $google_site; ?>></div> </center>
212. </div>
213. </div>
214. <div class="form-group">
215. <div class="col-md-12">
216. <a href="javascript:void(0)" id="to-recover" class="text-dark pull-right"><i class="fa fa-lock m-r-5"></i> Forgot pwd?</a> </div>
217. </div>
218. <div class="form-group text-center m-t-20">
219. <div class="col-xs-12">
220. <button type="submit" name="doLogin" class="btn btn-info btn-lg btn-block text-uppercase waves-effect waves-light" type="submit">Log In</button>
221. </div>
222. </div>
223. <div class="form-group m-b-0">
224. <div class="col-sm-12 text-center">
225. <p>Don't have an account? <a href="register.php" class="text-primary m-l-5"><b>Sign Up</b></a></p>
226. </div>
227. </div>
228. </form>
229. <form class="form-horizontal" id="recoverform" method="post">
230. <div class="form-group ">
231. <div class="col-xs-12">
232. <h3>Recover Password</h3>
233. <p class="text-muted">Enter your Email and instructions will be sent to you! </p>
234. </div>
235. </div>
236. <div class="form-group ">
237. <div class="col-xs-12">
238. <input class="form-control" type="text" required="" name="input" placeholder="Email">
239. </div>
240. </div>
241. <div class="form-group text-center m-t-20">
242. <div class="col-xs-12">
243. <button name="forgotPw" class="btn btn-primary btn-lg btn-block text-uppercase waves-effect waves-light" type="submit">Reset</button>
244. </div>
245. </div>
246. </form>
247. </div>
248. </div>
249. </section>
250. <!-- jQuery -->
251. <script src="includes/theme/plugins/bower_components/jquery/dist/jquery.min.js"></script>
252. <!-- Bootstrap Core JavaScript -->
253. <script src="includes/theme/bootstrap/dist/js/bootstrap.min.js"></script>
254. <!-- Menu Plugin JavaScript -->
255. <script src="includes/theme/plugins/bower_components/sidebar-nav/dist/sidebar-nav.min.js"></script>
256.  
257. <!--slimscroll JavaScript -->
258. <script src="includes/theme/js/jquery.slimscroll.js"></script>
259. <!--Wave Effects -->
260. <script src="includes/theme/js/waves.js"></script>
261. <!-- Custom Theme JavaScript -->
262. <script src="includes/theme/js/custom.js"></script>
263. <!--Style Switcher -->
264. <script src="includes/theme/plugins/bower_components/styleswitcher/jQuery.style.switcher.js"></script>
265. </body>
266. </html>