1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,174 @@ |
1 |
+<!doctype html> |
|
2 |
+<!-- |
|
3 |
+ Copyright (C) 2021 Double Bastion LLC |
|
4 |
+ |
|
5 |
+ This file is part of Roundpin, which is licensed under the |
|
6 |
+ GNU Affero General Public License Version 3.0. The license terms |
|
7 |
+ are detailed in the "LICENSE.txt" file located in the root directory. |
|
8 |
+ |
|
9 |
+ This is a modified version of the original file "index.html", |
|
10 |
+ first modified in 2020. The copyright notice for the original |
|
11 |
+ content follows: |
|
12 |
+ |
|
13 |
+ Copyright (c) 2019 by Daniel Zawadzki (https://codepen.io/danzawadzki/pen/EgqKRr) |
|
14 |
+ License: The MIT License |
|
15 |
+--> |
|
16 |
+ |
|
17 |
+<head> |
|
18 |
+ <meta charset="utf-8"> |
|
19 |
+ <title>Roundpin</title> |
|
20 |
+ <link rel="stylesheet" href="css/login.min.css"/> |
|
21 |
+ <link rel="stylesheet" href="css/inter.min.css"/> |
|
22 |
+ <script type="text/javascript" src="js/jquery-3.3.1.min.js"></script> |
|
23 |
+ <script type="text/javascript" src="js/roundpin-login.min.js"></script> |
|
24 |
+ <link rel="shortcut icon" type="image/svg" href="images/favicon.svg" /> |
|
25 |
+</head> |
|
26 |
+<body> |
|
27 |
+ |
|
28 |
+<div class="wrapper"> |
|
29 |
+ <div id="formContent"> |
|
30 |
+ |
|
31 |
+ <!-- Tabs Titles --> |
|
32 |
+ <a href="roundpin-login.php"><h2 id="signintab" class="active underlineHover">Log In</h2></a> |
|
33 |
+ <a id="signupsec" href="roundpin-signup.php"><h2 id="signuptab" class="underlineHover">Sign Up</h2></a> |
|
34 |
+ |
|
35 |
+ <!-- Icon --> |
|
36 |
+ <div id="logosection"> |
|
37 |
+ <img src="images/login-logo.svg" id="login-logo" alt="Roundpin logo" /> |
|
38 |
+ </div> |
|
39 |
+ |
|
40 |
+ <div id="submitmessage"></div> |
|
41 |
+ |
|
42 |
+ <!-- Login Form --> |
|
43 |
+ <form id="loginform" method="POST"> |
|
44 |
+ <span id="usernameLabel" class="fadeInSpec">Username</span> |
|
45 |
+ <input type="text" id="loginname" name="loginname" placeholder="Username" /> |
|
46 |
+ <span id="passwordLabel" class="fadeInSpec">Password</span> |
|
47 |
+ <input type="password" id="password" name="password" placeholder="Password"/> |
|
48 |
+ <input type="submit" id="signinbutton" name="signinbutton" value="Log In"/> |
|
49 |
+ </form> |
|
50 |
+ |
|
51 |
+ <!-- Remind Passowrd --> |
|
52 |
+ <div id="formFooter"> |
|
53 |
+ <a id="forgotpass" class="underlineHover" href="forgot-password.php">Forgot Password?</a> |
|
54 |
+ </div> |
|
55 |
+ |
|
56 |
+ </div> |
|
57 |
+</div> |
|
58 |
+ |
|
59 |
+<?php |
|
60 |
+ |
|
61 |
+define('ACCESSCONST', TRUE); |
|
62 |
+ |
|
63 |
+define('RESTRICTED', TRUE); |
|
64 |
+ |
|
65 |
+require 'db-connect.php'; |
|
66 |
+ |
|
67 |
+// Extract the sign up parameter from 'install-signup-check.php' to activate or deactivate the 'Sign Up' tab |
|
68 |
+if (is_file(dirname(__FILE__) . '/install-signup-check.php')) { |
|
69 |
+ |
|
70 |
+ $setupfile = file(dirname(__FILE__) . '/install-signup-check.php'); |
|
71 |
+ $signup_check = 'false'; |
|
72 |
+ |
|
73 |
+ foreach ($setupfile as $keyfile => $valuefile) { |
|
74 |
+ if ((strpos($valuefile, "\$signupcheck") !== false) && (strpos($valuefile, "//") === false)) { |
|
75 |
+ $signup_init = explode("=", $valuefile); |
|
76 |
+ $firsttwo_init = str_replace(" ","", $signup_init[0]); |
|
77 |
+ $signup_sec = explode(";", $signup_init[1]); |
|
78 |
+ $signup_check = str_replace(" ","", $signup_sec[0]); |
|
79 |
+ break; |
|
80 |
+ } |
|
81 |
+ } |
|
82 |
+ |
|
83 |
+ ?> |
|
84 |
+ <script type="text/javascript"> |
|
85 |
+ var signupCheck = "<?php print_r($signup_check); ?>"; |
|
86 |
+ </script> |
|
87 |
+ <?php |
|
88 |
+ |
|
89 |
+ |
|
90 |
+ if(isset($_POST['signinbutton'])) { |
|
91 |
+ |
|
92 |
+ $signinusername = $_POST['loginname']; |
|
93 |
+ $signinpassword = $_POST['password']; |
|
94 |
+ |
|
95 |
+ if ($_POST['loginname'] != '' && $_POST['password'] != '') { |
|
96 |
+ |
|
97 |
+ // Get the password for the current user from the database |
|
98 |
+ $enabled = 1; |
|
99 |
+ $sqlquery = $mysqli->prepare("SELECT username, password, registered, enabled FROM app_users WHERE BINARY username=? and enabled=?"); |
|
100 |
+ $sqlquery->bind_param("si", $signinusername, $enabled); |
|
101 |
+ $sqlquery->execute(); |
|
102 |
+ $fetchdata = $sqlquery->get_result(); |
|
103 |
+ $fetchresult = $fetchdata->fetch_row(); |
|
104 |
+ |
|
105 |
+ if ($fetchresult != '') { |
|
106 |
+ |
|
107 |
+ $signinpassfromdb = $fetchresult[1]; |
|
108 |
+ $registered = $fetchresult[2]; |
|
109 |
+ $sqlquery->close(); |
|
110 |
+ |
|
111 |
+ // Verify the given password |
|
112 |
+ $signinpswdverify = password_verify($signinpassword, $signinpassfromdb); |
|
113 |
+ |
|
114 |
+ if ($registered == '0') { |
|
115 |
+ ?> |
|
116 |
+ <script type="text/javascript"> |
|
117 |
+ $("#submitmessage").append("<span>Your account hasn't been activated yet. Please check your email account used at registration and click on the activation link to activate your account !</span>"); |
|
118 |
+ $("#submitmessage").css("color", "#AC1F23"); |
|
119 |
+ </script> |
|
120 |
+ <?php |
|
121 |
+ } elseif ($signinpswdverify && $registered == '1') { |
|
122 |
+ |
|
123 |
+ session_start(); |
|
124 |
+ $_SESSION['loginname'] = $signinusername; |
|
125 |
+ $_SESSION['loggedtoroundpin'] = true; |
|
126 |
+ header("Location: index.php"); |
|
127 |
+ |
|
128 |
+ } else { |
|
129 |
+ ?> |
|
130 |
+ <script type="text/javascript"> |
|
131 |
+ $("#submitmessage").append("<span>Incorrect username and/or password !</span>"); |
|
132 |
+ $("#submitmessage").css("color", "#AC1F23"); |
|
133 |
+ </script> |
|
134 |
+ <?php |
|
135 |
+ } |
|
136 |
+ } else { |
|
137 |
+ ?> |
|
138 |
+ <script type="text/javascript"> |
|
139 |
+ $("#submitmessage").append("<span>Incorrect username and/or password !</span>"); |
|
140 |
+ $("#submitmessage").css("color", "#AC1F23"); |
|
141 |
+ </script> |
|
142 |
+ <?php |
|
143 |
+ } |
|
144 |
+ |
|
145 |
+ } else { |
|
146 |
+ ?> |
|
147 |
+ <script type="text/javascript"> |
|
148 |
+ $("#submitmessage").append("<span>Please enter both your username and password !</span>"); |
|
149 |
+ $("#submitmessage").css("color", "#AC1F23"); |
|
150 |
+ </script> |
|
151 |
+ <?php |
|
152 |
+ } |
|
153 |
+ } |
|
154 |
+ |
|
155 |
+ // Generate a random string to prevent direct access to different PHP files |
|
156 |
+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ') { |
|
157 |
+ $pieces = []; |
|
158 |
+ $max = mb_strlen($keyspace, '8bit') - 1; |
|
159 |
+ |
|
160 |
+ for ($i = 0; $i < $length; ++$i) { |
|
161 |
+ $pieces []= $keyspace[random_int(0, $max)]; |
|
162 |
+ } |
|
163 |
+ return implode('', $pieces); |
|
164 |
+ } |
|
165 |
+ |
|
166 |
+ $_SESSION['validate_s_access'] = random_str(40); |
|
167 |
+ |
|
168 |
+} |
|
169 |
+ |
|
170 |
+?> |
|
171 |
+ |
|
172 |
+</body> |
|
173 |
+</html> |
|
174 |
+ |