From f0ace5712019b227a80fe97057b5029230d2c3d8 Mon Sep 17 00:00:00 2001 From: Martin Falk Date: Wed, 4 Apr 2018 19:57:32 +0200 Subject: [PATCH 01/38] [add]from PR 108 --- checklogin.php | 19 ++ config/default.php | 8 + config/example.config.php | 8 + login.php | 401 ++++++++++++++++++++++++++++++ logout.php | 7 + pre-index.php | 59 +++++ static/css/login.css | 24 ++ static/js/map.js | 15 ++ static/sass/components/_form.scss | 4 +- utils.php | 87 +++++++ wh.php | 89 +++++++ 11 files changed, 720 insertions(+), 1 deletion(-) create mode 100644 checklogin.php create mode 100644 login.php create mode 100644 logout.php create mode 100644 static/css/login.css create mode 100644 wh.php diff --git a/checklogin.php b/checklogin.php new file mode 100644 index 000000000..e1ec551a9 --- /dev/null +++ b/checklogin.php @@ -0,0 +1,19 @@ +Do whatever you like with it."; +//----------------------------------------------------- +// Login +//----------------------------------------------------- + +$enableLogin = false; // true/false +$adminEmail = array('admin@example.com'); // You can add multiple admins by adding them to the array. +$logfile = '../members.log'; // Path to log file. Make sure this works as it will be your life saver if your db crashes. + //----------------------------------------------------- // FRONTEND SETTINGS //----------------------------------------------------- diff --git a/login.php b/login.php new file mode 100644 index 000000000..51bb39876 --- /dev/null +++ b/login.php @@ -0,0 +1,401 @@ +Warning

Your backup logging doesn't work. In case of database corruption all data may be lost.

"); + } +} +?> + + + + + <?= $title ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+email, $_POST['password'], 2); + unset($_SESSION['user']->updatePwd); + + header("Location: ."); + die(); + } + } + + if (isset($_POST['submit_login'])) { + $info = $db->query( + "SELECT email, password, expire_timestamp, temp_password FROM users WHERE email = :email", [ + ":email" => $_POST['email'] + ] + )->fetch(); + + if (password_verify($_POST['password'], $info['password']) == 1 || password_verify($_POST['password'], $info['temp_password']) == 1) { + + $_SESSION['user']->email = $info['email']; + $_SESSION['user']->expire_timestamp = $info['expire_timestamp']; + + if (password_verify($_POST['password'], $info['password']) == 1) { + + if (!empty($info['temp_password'])) { + $db->update("users", [ + "temp_password" => null + ], [ + "email" => $_POST['email'] + ]); + } + + if (in_array($info['email'], $adminEmail)){ + header("Location: /login.php"); + } else { + header("Location: ."); + } + die(); + + } else { + + $_SESSION['user']->updatePwd = 1; + + header("Location: /login.php"); + die(); + + } + } + } + + if (isset($_POST['submit_forgotPwd'])) { + + $count = $db->count("users",[ + "email" => $_POST['email'] + ]); + + if ($count == 1 || (in_array($_POST['email'], $adminEmail))) { + + $randomPwd = generateRandomString(); + + if ($count == 1) { + resetUserPassword($_POST['email'], $randomPwd, 0); + } else { + $expire_timestamp = time() + 60 * 60 * 24 * 365 * 10; + createUserAccount($_POST['email'], $randomPwd, $expire_timestamp); + } + + $message = ""; + $message .= i8ln('Dear') . " {$_POST['email']},

"; + $message .= i8ln('Your password has been reset') . "
"; + $message .= i8ln('If you haven\'t requested a new password you can ignore this email.') . "
"; + $message .= i8ln('Your old password is still working.') . "

"; + $message .= i8ln('New password:') . " {$randomPwd}

"; + + if ($discordUrl) { + $message .= i8ln('For support, ask your questions in the ') . "discord guild!

"; + } + $message .= i8ln('Best Regards') . "
Admin"; + if ($title) { + $message .= " @ {$title}"; + } + + $subject = "[{$title}] - Password Reset"; + $headers = "From: no-reply@{$_SERVER['SERVER_NAME']}" . "\r\n" . + "Reply-To: no-reply@{$_SERVER['SERVER_NAME']}" . "\r\n" . + 'Content-Type: text/html; charset=ISO-8859-1' . "\r\n" . + 'X-Mailer: PHP/' . phpversion(); + + mail($_POST['email'], $subject, $message, $headers); + + } + + header("Location: ?sentPwd"); + die(); + } + + if (isset($_POST['submit_updateUser'])) { + $Err = ''; + if ($_POST['email'] != i8ln('Select a user...') || !empty($_POST['createUserEmail'])) { + if (($_POST['ResetPwd'] == "on" || $_POST['checkboxDate'] != 0) && $_POST['email'] != i8ln('Select a user...')) { + $info = $db->query( + "SELECT email, expire_timestamp FROM users WHERE email = :email", [ + ":email" => $_POST['email'] + ] + )->fetch(); + + if ($_POST['ResetPwd'] == "on") { + $resetUserPwd = generateRandomString(); + resetUserPassword($_POST['email'], $resetUserPwd, 1); + } + + if ($_POST['checkboxDate'] != 0) { + + if ($_POST['checkboxDate'] >= 0 && $_POST['checkboxDate'] <= 13) { + if ($info['expire_timestamp'] > time()) { + $new_expire_timestamp = $info['expire_timestamp'] + 60 * 60 * 24 * 31 * $_POST['checkboxDate']; + } else { + $new_expire_timestamp = time() + 60 * 60 * 24 * 31; + } + } else { + $new_expire_timestamp = strtotime($_POST['customDate']); + } + + updateExpireTimestamp($info['email'], $new_expire_timestamp); + + } + + } + + if (!empty($_POST['createUserEmail'])) { + $createUserPwd = generateRandomString(); + if (createUserAccount($_POST['createUserEmail'], $createUserPwd, 0) == false) { + $Err = i8ln('Email already in use.'); + } + } + + if (($_POST['ResetPwd'] == "off" && $_POST['checkboxDate'] == 0 && $_POST['email'] == i8ln('Select a user...')) || empty($_POST['createUserEmail'])) { + $Err = i8ln('No changes made.'); + } + } else { + $Err = i8ln('No changes made.'); + } + } + + if (isset($_GET['resetPwd'])) { + ?> +

{$title}] - "; echo i8ln('Forgot password'); ?>

+
+ + + + + + + +
+
+ updatePwd)) { + ?> +

{$title}] - "; echo i8ln('Change your password.'); ?>

+
+ + + + + + + + + + + + + + + + +
+
+ email && in_array($_SESSION['user']->email, $adminEmail))) { + ?> +

{$title}] - "; echo i8ln('Admin page'); ?>

+
+ + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + +
+
+ + +

CHANGES

+ + + + + + + + + + + + + + + + + + + + + + +
+ +

{$title}] - "; echo i8ln('Login'); ?>

+
+ + + + + + + + + + + + + + + + + + + + + +
placeholder="E-mail">
+
+ +
+ + diff --git a/logout.php b/logout.php new file mode 100644 index 000000000..d46ac229a --- /dev/null +++ b/logout.php @@ -0,0 +1,7 @@ + + + email) { + $info = $db->query( + "SELECT expire_timestamp FROM users WHERE email = :email", [ + ":email" => $_SESSION['user']->email, + ] + )->fetch(); + + $_SESSION['user']->expire_timestamp = $info['expire_timestamp']; + + if ($_SESSION['user']->updatePwd == 1) { + header("Location: /login.php"); + die(); + } + + if ($info['expire_timestamp'] > time()) { + $color = "green"; + } else { + $color = "red"; + } + + echo "" . substr($_SESSION['user']->email,0, 3) . "..."; + + } else { + echo "Login"; + } + } + ?> @@ -848,6 +878,35 @@ class="onoffswitch-checkbox"/> + email) { + ?> +
+
+ +
+

+
+
+

+ expire_timestamp); + + echo $_SESSION['user']->email . "
"; + if ($_SESSION['user']->expire_timestamp > time()) { + echo "" . i8ln('Membership expires on') . " {$time}"; + } else { + echo "" . i8ln('Membership expired on') . " {$time}"; + } ?> +

+
+
+