login.php

1. <?php
2. /*
3. UserSpice 4
4. An Open Source PHP User Management System
5. by the UserSpice Team at http://UserSpice.com
6.  
7. This program is free software: you can redistribute it and/or modify
8. it under the terms of the GNU General Public License as published by
9. the Free Software Foundation, either version 3 of the License, or
10. (at your option) any later version.
11.  
12. This program is distributed in the hope that it will be useful,
13. but WITHOUT ANY WARRANTY; without even the implied warranty of
14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15. GNU General Public License for more details.
16.  
17. You should have received a copy of the GNU General Public License
18. along with this program.  If not, see <http://www.gnu.org/licenses/>.
19. */
20. error_reporting(E_ALL);
21. ini_set('display_errors', 1);
22. ini_set("allow_url_fopen", 1);
23. if(isset($_SESSION)){session_destroy();}
24. ?>
25. <?php require_once 'init.php'; ?>
26. <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
27. <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
28. <?php
29. $settingsQ = $db->query("SELECT * FROM settings");
30. $settings = $settingsQ->first();
31. $error_message = '';
32. if (@$_REQUEST['err']) $error_message = $_REQUEST['err']; // allow redirects to display a message
33. $reCaptchaValid=FALSE;
34.  
35. if (Input::exists()) {
36.     $token = Input::get('csrf');
37.     if(!Token::check($token)){
38.         die('Token doesn\'t match!');
39.     }
40.     //Check to see if recaptcha is enabled
41.     if($settings->recaptcha == 1){
42.         require_once 'includes/recaptcha.config.php';
43.  
44.         //reCAPTCHA 2.0 check
45.         $response = null;
46.  
47.         // check secret key
48.         $reCaptcha = new ReCaptcha($privatekey);
49.  
50.         // if submitted check response
51.         if ($_POST["g-recaptcha-response"]) {
52.             $response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"],$_POST["g-recaptcha-response"]);
53.         }
54.         if ($response != null && $response->success) {
55.             $reCaptchaValid=TRUE;
56.  
57.         }else{
58.             $reCaptchaValid=FALSE;
59.             $error_message .= 'Please check the reCaptcha.';
60.         }
61.     }else{
62.         $reCaptchaValid=TRUE;
63.     }
64.  
65.     if($reCaptchaValid || $settings->recaptcha == 0){ //if recaptcha valid or recaptcha disabled
66.  
67.         $validate = new Validate();
68.         $validation = $validate->check($_POST, array(
69.             'username' => array('display' => 'Username','required' => true),
70.             'password' => array('display' => 'Password', 'required' => true)));
71.  
72.         if ($validation->passed()) {
73.             //Log user in
74.  
75.             $remember = (Input::get('remember') === 'on') ? true : false;
76.             $user = new User();
77.             $login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);
78.             if ($login) {
79.                 # if user was attempting to get to a page before login, go there
80.                $dest = sanitizedDest('dest');
81.                 if (!empty($dest)) {
82.                     Redirect::to($dest);
83.                 } elseif (file_exists($abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php')) {
84.                    
85.                     # if site has custom login script, use it
86.                    # Note that the custom_login_script.php normally contains a Redirect::to() call
87.                    require_once $abs_us_root.$us_url_root.'usersc/scripts/custom_login_script.php';
88.                 } else {
89.                     if (($dest = Config::get('homepage')) ||
90.                             ($dest = 'account.php')) {
91.                         #echo "DEBUG: dest=$dest<br />\n";
92.                        #die;
93.                        Redirect::to($dest);
94.                     }
95.                 }
96.             } else {
97.                 $error_message .= 'Log in failed. Please check your username and password and try again.';
98.             }
99.         } else{
100.             $error_message .= '<ul>';
101.             foreach ($validation->errors() as $error) {
102.                 $error_message .= '<li>' . $error . '</li>';
103.             }
104.             $error_message .= '</ul>';
105.         }
106.     }
107. }
108. if (empty($dest = sanitizedDest('dest'))) {
109.   $dest = '';
110. }
111.  
112. ?>
113.  
114. <div id="page-wrapper">
115. <div class="container">
116. <div class="row">
117.     <div class="col-xs-12">
118.     <div class="bg-danger"><?=$error_message;?></div>
119.     <?php
120. if($settings->glogin==1 && !$user->isLoggedIn()){
121. require_once $abs_us_root.$us_url_root.'users/includes/google_oauth_login.php';
122. }
123. if($settings->fblogin==1 && !$user->isLoggedIn()){
124. require_once $abs_us_root.$us_url_root.'users/includes/facebook_oauth.php';
125. }
126. ?>
127.     <form name="login" class="form-signin" action="login.php" method="post">
128.     <h2 class="form-signin-heading"> <?=lang("SIGNIN_TITLE","");?></h2>
129.     <input type="hidden" name="dest" value="<?= $dest ?>" />
130.  
131.     <div class="form-group">
132.         <label for="username" >Username OR Email</label>
133.         <input  class="form-control" type="text" name="username" id="username" placeholder="Username/Email" required autofocus>
134.     </div>
135.  
136.     <div class="form-group">
137.         <label for="password">Password</label>
138.         <input type="password" class="form-control"  name="password" id="password"  placeholder="Password" required autocomplete="off">
139.     </div>
140.  
141.     <?php
142.     if($settings->recaptcha == 1){
143.     ?>
144.     <div class="form-group">
145.     <label>Please check the box below to continue</label>
146.     <div class="g-recaptcha" data-sitekey="<?=$publickey; ?>"></div>
147.     </div>
148.     <?php } ?>
149.  
150.     <div class="form-group">
151.     <label for="remember">
152.     <input type="checkbox" name="remember" id="remember" > Remember Me</label>
153.     </div>
154.  
155.     <input type="hidden" name="csrf" value="<?=Token::generate(); ?>">
156.     <button class="submit  btn  btn-primary" type="submit"><i class="fa fa-sign-in"></i> <?=lang("SIGNIN_BUTTONTEXT","");?></button>
157.  
158.     </form>
159.     </div>
160. </div>
161. <div class="row">
162.     <div class="col-xs-6"><br>
163.         <a class="pull-left" href='forgot_password.php'><i class="fa fa-wrench"></i> Forgot Password</a><br><br>
164.     </div>
165.     <div class="col-xs-6"><br>
166.         <a class="pull-right" href='join.php'><i class="fa fa-plus-square"></i> <?=lang("SIGNUP_TEXT","");?></a><br><br>
167.     </div>
168. </div>
169. </div>
170. </div>
171.  
172.     <!-- footers -->
173. <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
174.  
175.     <!-- Place any per-page javascript here -->
176.  
177. <?php   if($settings->recaptcha == 1){ ?>
178. <script src="https://www.google.com/recaptcha/api.js" async defer></script>
179. <?php } ?>
180. <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>