new file mode 100644

@@ -0,0 +1,174 @@

+<!doctype html>

+<!--

+  Copyright (C) 2021  Double Bastion LLC

+

+  This file is part of Roundpin, which is licensed under the

+  GNU Affero General Public License Version 3.0. The license terms

+  are detailed in the "LICENSE.txt" file located in the root directory.

+

+  This is a modified version of the original file "index.html",

+  first modified in 2020. The copyright notice for the original

+  content follows:

+

+  Copyright (c) 2019 by Daniel Zawadzki (https://codepen.io/danzawadzki/pen/EgqKRr)

+  License: The MIT License

+-->

+

+<head>

+   <meta charset="utf-8">

+   <title>Roundpin</title>

+   <link rel="stylesheet" href="css/login.min.css"/>

+   <link rel="stylesheet" href="css/inter.min.css"/>

+   <script type="text/javascript" src="js/jquery-3.3.1.min.js"></script>

+   <script type="text/javascript" src="js/roundpin-login.min.js"></script>

+   <link rel="shortcut icon" type="image/svg" href="images/favicon.svg" />

+</head>

+<body>

+

+<div class="wrapper">

+  <div id="formContent">

+

+    <!-- Tabs Titles -->

+    <a href="roundpin-login.php"><h2 id="signintab" class="active underlineHover">Log In</h2></a>

+    <a id="signupsec" href="roundpin-signup.php"><h2 id="signuptab" class="underlineHover">Sign Up</h2></a>

+

+    <!-- Icon -->

+    <div id="logosection">

+      <img src="images/login-logo.svg" id="login-logo" alt="Roundpin logo" />

+    </div>

+

+    <div id="submitmessage"></div>

+

+    <!-- Login Form -->

+    <form id="loginform" method="POST">

+      <span id="usernameLabel" class="fadeInSpec">Username</span>

+      <input type="text" id="loginname" name="loginname" placeholder="Username" />

+      <span id="passwordLabel" class="fadeInSpec">Password</span>

+      <input type="password" id="password" name="password" placeholder="Password"/>

+      <input type="submit" id="signinbutton" name="signinbutton" value="Log In"/>

+    </form>

+

+    <!-- Remind Passowrd -->

+    <div id="formFooter">

+      <a id="forgotpass" class="underlineHover" href="forgot-password.php">Forgot Password?</a>

+    </div>

+

+  </div>

+</div>

+

+<?php

+

+define('ACCESSCONST', TRUE);

+

+define('RESTRICTED', TRUE);

+

+require 'db-connect.php';

+

+// Extract the sign up parameter from 'install-signup-check.php' to activate or deactivate the 'Sign Up' tab

+if (is_file(dirname(__FILE__) . '/install-signup-check.php')) {

+

+    $setupfile = file(dirname(__FILE__) . '/install-signup-check.php');

+    $signup_check = 'false';

+

+    foreach ($setupfile as $keyfile => $valuefile) {

+         if ((strpos($valuefile, "\$signupcheck") !== false) && (strpos($valuefile, "//") === false)) {

+              $signup_init = explode("=", $valuefile);

+              $firsttwo_init = str_replace(" ","", $signup_init[0]);

+              $signup_sec = explode(";", $signup_init[1]);

+              $signup_check = str_replace(" ","", $signup_sec[0]);

+              break;

+         }

+    }

+

+    ?>

+    <script type="text/javascript">

+          var signupCheck = "<?php print_r($signup_check); ?>";

+    </script>

+    <?php

+

+

+ if(isset($_POST['signinbutton'])) {

+

+    $signinusername = $_POST['loginname'];

+    $signinpassword = $_POST['password'];

+

+    if ($_POST['loginname'] != '' && $_POST['password'] != '') {

+

+      // Get the password for the current user from the database

+      $enabled = 1;

+      $sqlquery = $mysqli->prepare("SELECT username, password, registered, enabled FROM app_users WHERE BINARY username=? and enabled=?");

+      $sqlquery->bind_param("si", $signinusername, $enabled);

+      $sqlquery->execute();

+      $fetchdata = $sqlquery->get_result();

+      $fetchresult = $fetchdata->fetch_row();

+

+      if ($fetchresult != '') {

+

+	      $signinpassfromdb = $fetchresult[1];

+	      $registered = $fetchresult[2];

+	      $sqlquery->close();

+

+	      // Verify the given password

+	      $signinpswdverify = password_verify($signinpassword, $signinpassfromdb);

+

+		if ($registered == '0') {

+		   ?>

+		   <script type="text/javascript">

+		       $("#submitmessage").append("<span>Your account hasn't been activated yet. Please check your email account used at registration and click on the activation link to activate your account !</span>");

+		       $("#submitmessage").css("color", "#AC1F23");

+		   </script>

+		   <?php

+		} elseif ($signinpswdverify && $registered == '1') {

+

+		    session_start();

+		    $_SESSION['loginname'] = $signinusername;

+		    $_SESSION['loggedtoroundpin'] = true;

+		    header("Location: index.php");

+

+		} else {

+		   ?>

+		   <script type="text/javascript">

+		       $("#submitmessage").append("<span>Incorrect username and/or password !</span>");

+		       $("#submitmessage").css("color", "#AC1F23");

+		   </script>

+		   <?php

+		  }

+      } else {

+		   ?>

+		   <script type="text/javascript">

+		       $("#submitmessage").append("<span>Incorrect username and/or password !</span>");

+		       $("#submitmessage").css("color", "#AC1F23");

+		   </script>

+		   <?php

+        }

+

+    } else {

+           ?>

+           <script type="text/javascript">

+               $("#submitmessage").append("<span>Please enter both your username and password !</span>");

+               $("#submitmessage").css("color", "#AC1F23");

+           </script>

+           <?php

+    }

+ }

+

+ // Generate a random string to prevent direct access to different PHP files

+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') {

+    $pieces = [];

+    $max = mb_strlen($keyspace, '8bit') - 1;

+

+    for ($i = 0; $i < $length; ++$i) {

+        $pieces []= $keyspace[random_int(0, $max)];

+    }

+    return implode('', $pieces);

+ }

+

+ $_SESSION['validate_s_access'] = random_str(40);

+

+}

+

+?>

+

+</body>

+</html>

+