コード例 #1
0
ファイル: functions.php プロジェクト: pikepa/fitfasnfab
function socialLogin($sid, $type)
{
    global $con;
    global $m;
    // Check if the user is already logged in
    if (!is_logged_in()) {
        $sid = mysqli_real_escape_string($con, $sid);
        $type = mysqli_real_escape_string($con, $type);
        $ip = $_SERVER['REMOTE_ADDR'];
        // Check if login isn't disabled or if the user is admin
        if (getSetting("disable_login", "text") == "false" || isAdminBySid($sid)) {
            // Check if everything required is filled in
            if ($type != "google" && $type != "facebook" && $type != "twitter") {
                // Check if the social login type exists
                return "0|||<div class='alert alert-danger' role='alert'>" . $m['unknown_social_login'] . "</div>";
            } else {
                // Check if there is a failed login attempts limit and if failed logins are logged
                if (getSetting("max_failed_attempts", "text") > 0 && getSetting("log_failed_logins", "text") == "true") {
                    $logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC");
                    $failed = 0;
                    while ($l = mysqli_fetch_array($logs)) {
                        if ($l['success'] == "1") {
                            break;
                            // Stop while loop because a successful login is found
                        } elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) {
                            break;
                            // Stop while loop because the log is not from today, so it is irrelevant
                        } else {
                            $failed++;
                            // Count 1 to failed to get how many failed login the IP has
                        }
                    }
                }
                $checkblock = mysqli_query($con, "SELECT * FROM blocks WHERE ip='{$ip}'");
                $cb = mysqli_fetch_array($checkblock);
                $timenow = time();
                $unblocked = 0;
                // Check if an IP is blocked, but the block has expired
                if (mysqli_num_rows($checkblock) > 0 && $cb['until'] < $timenow && !empty($cb['until']) && $cb['until'] != "0") {
                    $logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC");
                    while ($l = mysqli_fetch_array($logs)) {
                        $lid = $l['id'];
                        if ($l['success'] == "1") {
                            break;
                            // Stop while loop because the last successful log is found
                        } elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) {
                            break;
                            // Stop while loop because the log is not from today so it is irrelevant
                        } else {
                            mysqli_query($con, "DELETE FROM log WHERE id='{$lid}'");
                            // Delete failed log
                        }
                    }
                    $bid = $cb['id'];
                    mysqli_query($con, "DELETE FROM blocks WHERE id='{$bid}'");
                    // Delete IP block
                    $unblocked = 1;
                    // Set unblocked to 1 to let the script know the block is irrelevant
                }
                // Check if an IP is blocked
                if (mysqli_num_rows($checkblock) > 0 && ($cb['until'] > $timenow || empty($cb['until']) || $cb['until'] == "0") && $unblocked == 0) {
                    // Check if the block is forever
                    if (empty($cb['until']) || $cb['until'] == "0") {
                        return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . $m['never'] . "</div>";
                    } else {
                        return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . date("d M Y", $cb['until']) . " " . $m['at'] . " " . date("G:i", $cb['until']) . "</div>";
                    }
                } elseif (getSetting("max_failed_attempts", "text") > 0 && $failed >= getSetting("max_failed_attempts", "text") && $unblocked == 0) {
                    // Check if the user has exceeded the maximum login attempts
                    // Check if the IP isn't already blocked
                    if (mysqli_num_rows($checkblock) == 0) {
                        $time = time();
                        $reason = $m['blocked'];
                        $blocked_time = formatToSeconds(getSetting("blocked_amount", "text"), getSetting("blocked_format", "text"));
                        // Calculate the blocked time and format to seconds
                        if ($blocked_time == "0") {
                            $until = 0;
                            // Forever
                        } else {
                            $until = $time + $blocked_time;
                            // Current time with the blocked time added
                        }
                        mysqli_query($con, "INSERT INTO blocks(time, ip, logs, reason, until)\r\n\t\t\t\t\t\tVALUES ('{$time}','{$ip}','{$failed}','{$reason}','{$until}')");
                    }
                    return "0|||<div class='alert alert-danger' role='alert'>" . $m['blocked'] . "</div>";
                } else {
                    $check = mysqli_query($con, "SELECT * FROM users WHERE sid='{$sid}' AND type='{$type}'");
                    // Check if the login is correct
                    if (mysqli_num_rows($check) == 0) {
                        return "0|||<div class='alert alert-danger' role='alert'>" . $m['account_not_found'] . "</div>";
                    } else {
                        $c = mysqli_fetch_array($check);
                        $uid = $c['id'];
                        $bancheck = mysqli_query($con, "SELECT * FROM bans WHERE uid='{$uid}'");
                        // Check if the user is banned or if the user isn't active
                        if (mysqli_num_rows($bancheck) > 0) {
                            return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "</div>";
                        } elseif ($c['active'] != "1") {
                            if (getSetting("enable_paypal", "text") == "true" && getSetting("enable_stripe", "text") == "true") {
                                if (!empty($c['paypal'])) {
                                    return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
                                } else {
                                    return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
                                }
                            } elseif (getSetting("enable_paypal", "text") == "true") {
                                return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
                            } elseif (getSetting("enable_stripe", "text") == "true") {
                                return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
                            } elseif (getSetting("activation", "text") == "0") {
                                mysqli_query($con, "UPDATE users SET active='1' WHERE id='{$uid}'");
                                return "0|||<h5 class='text-center green'>" . $m['activation_success'] . "</div>";
                            } elseif (getSetting("activation", "text") == "1") {
                                return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_email_activation'] . "<a href='login.php?resend&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
                            } else {
                                return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_activation'] . "</div>";
                            }
                        } else {
                            $last_login = time();
                            mysqli_query($con, "UPDATE users SET last_login='******' WHERE id='{$uid}'");
                            // Update last login
                            // Add needed session data
                            $_SESSION['uid'] = $uid;
                            $_SESSION['ip'] = $ip;
                            if (empty($c['ip']) || empty($c['registered_on'])) {
                                $registered_on = time();
                                mysqli_query($con, "UPDATE users SET registered_on='{$registered_on}', ip='{$ip}' WHERE id='{$uid}'");
                            }
                            // Check if log successful logins is enabled, if so, log this login try
                            if (getSetting("log_successful_logins", "text") == "true") {
                                addLog("1", $_SERVER['REMOTE_ADDR'], $uid, $c['username'], $type);
                            }
                            return getTypeUrl("on_login");
                        }
                    }
                }
            }
        } else {
            if (getSetting("page_disabled_message", "text") == "") {
                return "0|||<div class='alert alert-danger' role='alert'>" . $m['page_disabled_default'] . "</div>";
            } else {
                return "0|||<div class='alert alert-danger' role='alert'>" . nl2br(getSetting("page_disabled_message", "text")) . "</div>";
            }
        }
    } else {
        return "<div class='alert alert-danger' role='alert'>" . $m['already_logged_in'] . "</div>";
    }
}
コード例 #2
0
ファイル: posthandler.php プロジェクト: pikepa/fitfasnfab
 }
 // Check if an IP is blocked
 if (mysqli_num_rows($checkblock) > 0 && ($cb['until'] > $timenow || empty($cb['until']) || $cb['until'] == "0") && $unblocked == 0) {
     // Check if the block is forever
     if (empty($cb['until']) || $cb['until'] == "0") {
         echo "<h5 class='text-center red'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . $m['never'] . "</h5>";
     } else {
         echo "<h5 class='text-center red'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . date("d M Y", $cb['until']) . " " . $m['at'] . " " . date("G:i", $cb['until']) . "</h5>";
     }
 } elseif (getSetting("max_failed_attempts", "text") > 0 && $failed >= getSetting("max_failed_attempts", "text") && $unblocked == 0) {
     // Check if the user has exceeded the maximum login attempts
     // Check if the IP isn't already blocked
     if (mysqli_num_rows($checkblock) == 0) {
         $time = time();
         $reason = $m['blocked'];
         $blocked_time = formatToSeconds(getSetting("blocked_amount", "text"), getSetting("blocked_format", "text"));
         // Calculate the blocked time and format to seconds
         if ($blocked_time == "0") {
             $until = 0;
             // Forever
         } else {
             $until = $time + $blocked_time;
             // Current time with the blocked time added
         }
         mysqli_query($con, "INSERT INTO blocks(time, ip, logs, reason, until)\r\n\t\t\t\t\t\t\t\tVALUES ('{$time}','{$ip}','{$failed}','{$reason}','{$until}')");
     }
     echo "<h5 class='text-center red'>" . $m['blocked'] . "</h5>";
 } else {
     require_once 'pbkdf2.php';
     // Requires password encryption script
     $salt = md5($password);