File "auth.php"
Full Path: /home/cananyalcin/public_html/core/module/client/auth.php
File size: 3.97 KB
MIME-type: text/x-php
Charset: utf-8
<?php
$title = $settings["site_title"];
if( !route(1) ){
$route[1] = "login";
}
if( $settings['resetpass_page'] == 1 ){
$resetPage = false;
}elseif( $settings['resetpass_page'] == 2 ){
$resetPage = true;
}
if( $_SESSION["neira_userlogin"] ){
Header("Location:".site_url());
}
if(route(1) !== 'login') {
header("Location:".site_url());
exit();
}
if( $route[1] == "login" && $_POST ){
$username = htmlentities($_POST["username"]);
$pass = htmlentities($_POST["password"]);
$captcha = $_POST['g-recaptcha-response'];
$remember = htmlentities($_POST["remember"]);
$googlesecret = $settings["recaptcha_secret"];
$captcha_control= robot("https://www.google.com/recaptcha/api/siteverify?secret=$googlesecret&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR']);
$captcha_control= json_decode($captcha_control);
if( $settings["recaptcha"] == 2 && $captcha_control->success == false && $_SESSION["recaptcha"] ){
$error = 1;
$errorText = $languageArray["error.signin.recaptcha"];
if( $settings["recaptcha"] == 2 ){ $_SESSION["recaptcha"] = true; }
}elseif( empty($username) ){
$error = 1;
$errorText = $languageArray["error.signin.username"];
if( $settings["recaptcha"] == 2 ){ $_SESSION["recaptcha"] = true; }
}elseif( !userdata_check("username",$username) ){
$error = 1;
$errorText = $languageArray["error.signin.username"];
if( $settings["recaptcha"] == 2 ){ $_SESSION["recaptcha"] = true; }
}elseif( !userlogin_check($username,$pass) ){
$error = 1;
$errorText = $languageArray["error.signin.notmatch"];
if( $settings["recaptcha"] == 2 ){ $_SESSION["recaptcha"] = true; }
}elseif( countRow(["table"=>"clients","where"=>["username"=>$username,"client_type"=>1]]) ){
$error = 1;
$errorText = $languageArray["error.signin.deactive"];
if( $settings["recaptcha"] == 2 ){ $_SESSION["recaptcha"] = true; }
}else{
$row = $conn->prepare("SELECT * FROM clients WHERE username=:username && password=:password ");
$row -> execute(array("username"=>$username,"password"=>md5(sha1(md5($pass))) ));
$row = $row->fetch(PDO::FETCH_ASSOC);
$access = json_decode($row["access"],true);
unset($_SESSION["recaptcha"]);
$_SESSION["neira_userlogin"] = 1;
$_SESSION["neira_userid"] = $row["client_id"];
$_SESSION["neira_userpass"] = md5(sha1(md5($pass)));
$_SESSION["recaptcha"] = false;
if( $access["admin_access"] ):
$_SESSION["neira_adminlogin"] = 1;
endif;
if( $remember ){
if($access["admin_access"]):
setcookie("a_login", 'ok', strtotime('+7 days'), '/', null, null, true);
endif;
setcookie("u_id", $row["client_id"], strtotime('+7 days'), '/', null, null, true);
setcookie("u_password", $row["password"], strtotime('+7 days'), '/', null, null, true);
setcookie("u_login", 'ok', strtotime('+7 days'), '/', null, null, true);
}else{
setcookie("u_id", $row["client_id"], strtotime('+7 days'), '/', null, null, true);
setcookie("u_password", $row["password"], strtotime('+7 days'), '/', null, null, true);
setcookie("u_login", 'ok', strtotime('+7 days'), '/', null, null, true );
}
header('Location:'.site_url(''));
$insert = $conn->prepare("INSERT INTO client_report SET client_id=:c_id, action=:action, report_ip=:ip, report_date=:date ");
$insert->execute(array("c_id"=>$row["client_id"],"action"=>"Member logged in.","ip"=>GetIP(),"date"=>date("Y-m-d H:i:s") ));
$update = $conn->prepare("UPDATE clients SET login_date=:date, login_ip=:ip WHERE client_id=:c_id ");
$update->execute(array("c_id"=>$row["client_id"],"date"=>date("Y.m.d H:i:s"),"ip"=>GetIP() ));
}
}