Browse code

Created repository.

DoubleBastionAdmin authored on26/01/2022 20:32:42
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,174 @@
1
+<!doctype html>
2
+<!--
3
+  Copyright (C) 2021  Double Bastion LLC
4
+
5
+  This file is part of Roundpin, which is licensed under the
6
+  GNU Affero General Public License Version 3.0. The license terms
7
+  are detailed in the "LICENSE.txt" file located in the root directory.
8
+
9
+  This is a modified version of the original file "index.html",
10
+  first modified in 2020. The copyright notice for the original
11
+  content follows:
12
+
13
+  Copyright (c) 2019 by Daniel Zawadzki (https://codepen.io/danzawadzki/pen/EgqKRr)
14
+  License: The MIT License
15
+-->
16
+
17
+<head>
18
+   <meta charset="utf-8">
19
+   <title>Roundpin</title>
20
+   <link rel="stylesheet" href="css/login.min.css"/>
21
+   <link rel="stylesheet" href="css/inter.min.css"/>
22
+   <script type="text/javascript" src="js/jquery-3.3.1.min.js"></script>
23
+   <script type="text/javascript" src="js/roundpin-login.min.js"></script>
24
+   <link rel="shortcut icon" type="image/svg" href="images/favicon.svg" />
25
+</head>
26
+<body>
27
+
28
+<div class="wrapper">
29
+  <div id="formContent">
30
+
31
+    <!-- Tabs Titles -->
32
+    <a href="roundpin-login.php"><h2 id="signintab" class="active underlineHover">Log In</h2></a>
33
+    <a id="signupsec" href="roundpin-signup.php"><h2 id="signuptab" class="underlineHover">Sign Up</h2></a>
34
+
35
+    <!-- Icon -->
36
+    <div id="logosection">
37
+      <img src="images/login-logo.svg" id="login-logo" alt="Roundpin logo" />
38
+    </div>
39
+
40
+    <div id="submitmessage"></div>
41
+
42
+    <!-- Login Form -->
43
+    <form id="loginform" method="POST">
44
+      <span id="usernameLabel" class="fadeInSpec">Username</span>
45
+      <input type="text" id="loginname" name="loginname" placeholder="Username" />
46
+      <span id="passwordLabel" class="fadeInSpec">Password</span>
47
+      <input type="password" id="password" name="password" placeholder="Password"/>
48
+      <input type="submit" id="signinbutton" name="signinbutton" value="Log In"/>
49
+    </form>
50
+
51
+    <!-- Remind Passowrd -->
52
+    <div id="formFooter">
53
+      <a id="forgotpass" class="underlineHover" href="forgot-password.php">Forgot Password?</a>
54
+    </div>
55
+
56
+  </div>
57
+</div>
58
+
59
+<?php
60
+
61
+define('ACCESSCONST', TRUE);
62
+
63
+define('RESTRICTED', TRUE);
64
+
65
+require 'db-connect.php';
66
+
67
+// Extract the sign up parameter from 'install-signup-check.php' to activate or deactivate the 'Sign Up' tab
68
+if (is_file(dirname(__FILE__) . '/install-signup-check.php')) {
69
+
70
+    $setupfile = file(dirname(__FILE__) . '/install-signup-check.php');
71
+    $signup_check = 'false';
72
+
73
+    foreach ($setupfile as $keyfile => $valuefile) {
74
+         if ((strpos($valuefile, "\$signupcheck") !== false) && (strpos($valuefile, "//") === false)) {
75
+              $signup_init = explode("=", $valuefile);
76
+              $firsttwo_init = str_replace(" ","", $signup_init[0]);
77
+              $signup_sec = explode(";", $signup_init[1]);
78
+              $signup_check = str_replace(" ","", $signup_sec[0]);
79
+              break;
80
+         }
81
+    }
82
+
83
+    ?>
84
+    <script type="text/javascript">
85
+          var signupCheck = "<?php print_r($signup_check); ?>";
86
+    </script>
87
+    <?php
88
+
89
+
90
+ if(isset($_POST['signinbutton'])) {
91
+
92
+    $signinusername = $_POST['loginname'];
93
+    $signinpassword = $_POST['password'];
94
+
95
+    if ($_POST['loginname'] != '' && $_POST['password'] != '') {
96
+
97
+      // Get the password for the current user from the database
98
+      $enabled = 1;
99
+      $sqlquery = $mysqli->prepare("SELECT username, password, registered, enabled FROM app_users WHERE BINARY username=? and enabled=?");
100
+      $sqlquery->bind_param("si", $signinusername, $enabled);
101
+      $sqlquery->execute();
102
+      $fetchdata = $sqlquery->get_result();
103
+      $fetchresult = $fetchdata->fetch_row();
104
+
105
+      if ($fetchresult != '') {
106
+
107
+	      $signinpassfromdb = $fetchresult[1];
108
+	      $registered = $fetchresult[2];
109
+	      $sqlquery->close();
110
+
111
+	      // Verify the given password
112
+	      $signinpswdverify = password_verify($signinpassword, $signinpassfromdb);
113
+
114
+		if ($registered == '0') {
115
+		   ?>
116
+		   <script type="text/javascript">
117
+		       $("#submitmessage").append("<span>Your account hasn't been activated yet. Please check your email account used at registration and click on the activation link to activate your account !</span>");
118
+		       $("#submitmessage").css("color", "#AC1F23");
119
+		   </script>
120
+		   <?php
121
+		} elseif ($signinpswdverify && $registered == '1') {
122
+
123
+		    session_start();
124
+		    $_SESSION['loginname'] = $signinusername;
125
+		    $_SESSION['loggedtoroundpin'] = true;
126
+		    header("Location: index.php");
127
+
128
+		} else {
129
+		   ?>
130
+		   <script type="text/javascript">
131
+		       $("#submitmessage").append("<span>Incorrect username and/or password !</span>");
132
+		       $("#submitmessage").css("color", "#AC1F23");
133
+		   </script>
134
+		   <?php
135
+		  }
136
+      } else {
137
+		   ?>
138
+		   <script type="text/javascript">
139
+		       $("#submitmessage").append("<span>Incorrect username and/or password !</span>");
140
+		       $("#submitmessage").css("color", "#AC1F23");
141
+		   </script>
142
+		   <?php
143
+        }
144
+
145
+    } else {
146
+           ?>
147
+           <script type="text/javascript">
148
+               $("#submitmessage").append("<span>Please enter both your username and password !</span>");
149
+               $("#submitmessage").css("color", "#AC1F23");
150
+           </script>
151
+           <?php
152
+    }
153
+ }
154
+
155
+ // Generate a random string to prevent direct access to different PHP files
156
+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {
157
+    $pieces = [];
158
+    $max = mb_strlen($keyspace, '8bit') - 1;
159
+
160
+    for ($i = 0; $i < $length; ++$i) {
161
+        $pieces []= $keyspace[random_int(0, $max)];
162
+    }
163
+    return implode('', $pieces);
164
+ }
165
+
166
+ $_SESSION['validate_s_access'] = random_str(40);
167
+
168
+}
169
+
170
+?>
171
+
172
+</body>
173
+</html>
174
+