<?php require_once('./pieces/inc.php'); if(isset($_SESSION['auth'])) {

1. <?php
2. require_once('./pieces/inc.php');
3.  
4. if(isset($_SESSION['auth'])) {
5. header('Location: index.php');
6. exit();
7. }
8. ?>
9. <!DOCTYPE html>
10. <html lang="en">
11. <head>
12. <meta charset="utf-8">
13. <meta http-equiv="X-UA-Compatible" content="IE=edge">
14. <meta name="viewport" content="width=device-width, initial-scale=1">
15. <title><?php echo(ucfirst(settings::website('WebsiteName'))); ?></title>
16. <link rel="shortcut icon" href="assets/images/icons/icon.png" />
17. <link rel="stylesheet" href="assets/css/bootstrap/bootstrap.css" />
18. <link href='http://fonts.googleapis.com/css?family=Raleway:400,500,600,700,300' rel='stylesheet' type='text/css'>
19. <link rel="stylesheet" href="assets/css/app/app.v1.css" />
20. <!--[if lt IE 9]>
21. <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
22. <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
23. <![endif]-->
24. </head>
25. <body>
26. <div class="container">
27. <div class="row">
28. <div class="col-lg-4 col-lg-offset-4">
29. <h3 class="text-center"><?php echo(settings::website('WebsiteName')); ?></h3>
30. <p class="text-center">Sign in to continue.</p>
31. <hr class="clean">
32. <form role="form" method="POST">
33. <div class="form-group input-group">
34. <span class="input-group-addon"><i class="fa fa-user"></i></span>
35. <input type="text" name="username" class="form-control" placeholder="User Name" maxlength="16" value="" autocomplete="off" />
36. </div>
37. <div class="form-group input-group">
38. <span class="input-group-addon"><i class="fa fa-key"></i></span>
39. <input type="password" name="password" class="form-control" placeholder="Password" maxlength="32" value="" autocomplete="off" />
40. </div>
41. <div class="form-group">
42. <label class="cr-styled">
43. <input type="checkbox" name="rememberme" ng-model="todo.done">
44. <i class="fa"></i>
45. </label>
46. Remember me
47.  
48.  
49. <div class="pull-right"><a href="recover.php">Lost account password?</a></div>
50. </div>
51. <input type="submit" name="signin" class="btn btn-purple btn-block" value="Sign in" />
52. </form>
53. <hr>
54. <?php
55. if(isset($_POST['signin'])) {
56. if(isset($_POST['username']) && isset($_POST['password']) && is_string($_POST['username']) && is_string($_POST['password'])) {
57. if(!empty($_POST['username']) && !empty($_POST['password'])) {
58. $username = stripslashes(strip_tags($_POST['username']));
59. $password = stripslashes(strip_tags(md5($_POST['password'])));
60.  
61. $stmt = $pdo->prepare('SELECT * FROM `users` WHERE `UserName` = :UserName');
62. $stmt->bindParam(':UserName', $username);
63. $stmt->execute();
64.  
65. $UserRow = $stmt->fetch();
66.  
67. if(($username == $UserRow['UserName']) && ($password == $UserRow['UserPassword'])) {
68.  
69. if($UserRow['UserBanned'] == 1) {
70. $display->ReturnError('Your account is banned.');
71. return false;
72. }
73.  
74. $stmt = $pdo->prepare('SELECT AccountIPLock FROM merchant LIMIT 1');
75. $stmt->execute();
76.  
77. $row = $stmt->fetch();
78.  
79. if($row['AccountIPLock'] == 'enabled') {
80. if($_SERVER['REMOTE_ADDR'] == $UserRow['UserIP']) {
81.  
82. if($UserRow['UserExpire'] < time()) {
83. if($UserRow['UserExpire'] != '-3600') {
84. $stmt = $pdo->prepare('UPDATE users SET UserExpire = 0, UserMembership = 0 WHERE UserName = :UserName');
85. $stmt->bindParam(':UserName', $username);
86. $stmt->execute();
87. }
88. }
89.  
90. $_SESSION['auth'] = $UserRow['UserID'];
91.  
92. $stmt = $pdo->prepare('INSERT INTO logs (LogUserID, LogAddress) VALUES (:LogUserID, :LogAddress)');
93. $stmt->execute(array(':LogUserID' => $_SESSION['auth'], ':LogAddress' => $_SERVER['REMOTE_ADDR']));
94.  
95. $display->ReturnSuccess('You was successfully logged in.');
96. header('refresh:3; url=index.php');
97.  
98. } else {
99. $display->ReturnError('You are registered from other IP address.');
100. }
101. } else {
102. if($UserRow['UserExpire'] != '-3600') {
103. if($UserRow['UserExpire'] < time()) {
104. $stmt = $pdo->prepare('UPDATE users SET UserExpire = :UserExpire, UserMembership = :UserMembership WHERE UserName = :UserName');
105. $stmt->execute(array(':UserExpire' => 0, ':UserMembership' => 0, ':UserName' => $username));
106. }
107. }
108.  
109. $_SESSION['auth'] = $UserRow['UserID'];
110.  
111. $stmt = $pdo->prepare('INSERT INTO logs (LogUserID, LogAddress) VALUES (:LogUserID, :LogAddress)');
112. $stmt->execute(array(':LogUserID' => $_SESSION['auth'], ':LogAddress' => $_SERVER['REMOTE_ADDR']));
113.  
114. $display->ReturnSuccess('You was successfully logged in.');
115. header('refresh:3; url=index.php');
116. }
117. } else {
118. $display->ReturnError('Invalid authentication credentials.');
119. }
120. } else {
121. $display->ReturnError('Fill all fields correctly!');
122. }
123. } else {
124. exit();
125. }
126. ?>
127. <hr>
128. <?php
129. }
130. ?>
131. <p class="text-center"><a href="signup.php">Don't have account?</a></p>
132. </div>
133. </div>
134. </div>
135. <script src="assets/js/jquery/jquery-1.9.1.min.js" type="text/javascript"></script>
136. <script src="assets/js/plugins/underscore/underscore-min.js"></script>
137. <script src="assets/js/bootstrap/bootstrap.min.js"></script>
138. <script src="assets/js/globalize/globalize.min.js"></script>
139. <script src="assets/js/plugins/nicescroll/jquery.nicescroll.min.js"></script>
140. <script src="assets/js/app/custom.js" type="text/javascript"></script>
141. <script>
142. (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
143. (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
144. m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
145. })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
146.  
147. ga('create', 'UA-56821827-1', 'auto');
148. ga('send', 'pageview');
149. </script>
150. </body>
151. </html>