<?php
/************************************************************
* InfiniteWP Admin panel *
* Copyright (c) 2012 Revmakx *
* www.revmakx.com *
* *
************************************************************/
include "includes/app.php";
onBrowserLoad();
initMenus();
if (function_exists('multiUserStatus')) {
multiUserStatus();
} else {
if (userStatus() != 'admin') {
userLogout();
}
}
$isAddonSuiteMiniLimitExceeded = panelRequestManager::checkIsAddonSuiteMiniLimitExceeded();
$isMiniExpired = panelRequestManager::checkIsMiniExpired();
$addonSuiteMiniActivity = panelRequestManager::getAddonSuiteMiniActivity();
$addonSuiteMiniLimit = panelRequestManager::getAddonSuiteMiniLimit();
$IDToBeUpgradedFromMini = panelRequestManager::getIDToBeUpgradedFromMini();
$IDForAddonSuite = panelRequestManager::getIDForAddonSuite();
$priceForSuiteUpgradedFromMini = panelRequestManager::getPriceForSuiteUpgradedFromMini();
$priceForAddonSuite = panelRequestManager::getPriceForAddonSuite();
$addonSuiteLimitExceededIllegally = json_encode(Reg::get('addonSuiteLimitExceededIllegally'));
$mainJson = json_encode(panelRequestManager::getSitesUpdates());
$toolTipData = json_encode(panelRequestManager::getUserHelp());
$favourites = json_encode(panelRequestManager::getFavourites());
$sitesData = json_encode(panelRequestManager::getSites());
function userLogin($params)
{
if (empty($params)) {
return false;
}
/*if($isUserExists){*/
if (function_exists('multiUserStatus')) {
if (multiUserStatus($params)) {
$isUserExists = true;
} else {
$isUserExists = false;
}
} else {
$userName = DB::getRow("?:users", "userID, accessLevel, email", "email = '" . trim($params["email"]) . "' AND password = '******' ORDER BY userID ASC LIMIT 1");
$isUserExists = !empty($userName["userID"]) ? true : false;
$userID = $userName["userID"];
if ($isUserExists) {
$GLOBALS['userID'] = $userID;
}
if ($userName['accessLevel'] != 'admin' && $isUserExists) {
$errorMsg = 'onlyAdmin';
header('Location: login.php?errorMsg=' . $errorMsg);
exit;
}
}
/*}*/
// If user enter wrong passcode 3times, We set authInfo+1hrs. So user not able to login the panel by next 1 hrs.
//We use the $authData to identify the authInfo have serialize data or not. If its not serialize data there means unserialize will return the false(boolion) value
//echo $GLOBALS['userID'];die;
$dbAuthInfo = DB::getField("?:users", "authInfo", "userID = '" . $GLOBALS['userID'] . "'");
$authData = @unserialize($dbAuthInfo);
if ($authData === false && $dbAuthInfo != "" && time() < $dbAuthInfo) {
$lockOut = base64_encode($dbAuthInfo);
$errorMsg = 'accountLock';
header('Location: login.php?errorMsg=' . $errorMsg . '&lockOut=' . $lockOut);
die;
} elseif ($authData === false && $dbAuthInfo != "" && time() >= $dbAuthInfo) {
DB::update("?:users", array("authInfo" => ""), "userID = '" . $GLOBALS['userID'] . "'");
}
$allowedLoginIPs = DB::getFields("?:allowed_login_ips", "IP", "1", "IP");
$allowedLoginIPsClear = 1;
if ($isUserExists && !empty($allowedLoginIPs)) {
$allowedLoginIPsClear = 0;
foreach ($allowedLoginIPs as $IP) {
if ($returnFlag = IPInRange($_SERVER['REMOTE_ADDR'], trim($IP))) {
$allowedLoginIPsClear = 1;
break;
}
}
}
if ($isUserExists && $allowedLoginIPsClear == 1) {
//After all login check done, we look the authendication method.
if (isExistOption('loginAuthType')) {
$loginAuthType = getOption('loginAuthType');
} else {
$loginAuthType = 'authNone';
}
if ($loginAuthType == "authBasic") {
$passcode = mt_rand(100000, 999999);
$mailPasscode = base64_encode($passcode);
$validity = time() + 60 * 60;
$authInfo = base64_encode(serialize(array('userId' => $GLOBALS['userID'], 'passcode' => $passcode, 'validity' => $validity)));
$authCookieInfo = serialize(array('userId' => $GLOBALS['userID'], 'validity' => $validity));
manageCookies::cookieSet('authCookieInfo', $authCookieInfo, array('expire' => 0));
DB::update("?:users", array("authInfo" => $authInfo), "userID = '" . $GLOBALS['userID'] . "'");
if (sendPasscodeMail($passcode, $GLOBALS['userID'])) {
header('Location: login.php?view=getPasscode&successMsg=passcodeMailSent');
exit;
} else {
$errorMsg = 'passcodeMailError';
header('Location: login.php?errorMsg=' . $errorMsg);
exit;
}
} elseif (function_exists('getDuoFrame') && $loginAuthType == "authDuo") {
if (!($GLOBALS['duoFrameStr'] = getDuoFrame($params["email"]))) {
$errorMsg = 'duoConnectionError';
header('Location: login.php?errorMsg=' . $errorMsg);
exit;
} else {
$_GET['view'] = "duoFrame";
}
} else {
loginByUserId($GLOBALS['userID']);
header('Location: ' . APP_URL);
//'Location: ' => index.php
exit;
}
} else {
manageCookies::cookieUnset('userCookie');
$errorMsg = 'invalid';
if ($allowedLoginIPsClear == 0) {
$errorMsg = 'access';
}
header('Location: login.php?errorMsg=' . $errorMsg);
exit;
}
}
