function socialLogin($sid, $type) { global $con; global $m; // Check if the user is already logged in if (!is_logged_in()) { $sid = mysqli_real_escape_string($con, $sid); $type = mysqli_real_escape_string($con, $type); $ip = $_SERVER['REMOTE_ADDR']; // Check if login isn't disabled or if the user is admin if (getSetting("disable_login", "text") == "false" || isAdminBySid($sid)) { // Check if everything required is filled in if ($type != "google" && $type != "facebook" && $type != "twitter") { // Check if the social login type exists return "0|||<div class='alert alert-danger' role='alert'>" . $m['unknown_social_login'] . "</div>"; } else { // Check if there is a failed login attempts limit and if failed logins are logged if (getSetting("max_failed_attempts", "text") > 0 && getSetting("log_failed_logins", "text") == "true") { $logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC"); $failed = 0; while ($l = mysqli_fetch_array($logs)) { if ($l['success'] == "1") { break; // Stop while loop because a successful login is found } elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) { break; // Stop while loop because the log is not from today, so it is irrelevant } else { $failed++; // Count 1 to failed to get how many failed login the IP has } } } $checkblock = mysqli_query($con, "SELECT * FROM blocks WHERE ip='{$ip}'"); $cb = mysqli_fetch_array($checkblock); $timenow = time(); $unblocked = 0; // Check if an IP is blocked, but the block has expired if (mysqli_num_rows($checkblock) > 0 && $cb['until'] < $timenow && !empty($cb['until']) && $cb['until'] != "0") { $logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC"); while ($l = mysqli_fetch_array($logs)) { $lid = $l['id']; if ($l['success'] == "1") { break; // Stop while loop because the last successful log is found } elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) { break; // Stop while loop because the log is not from today so it is irrelevant } else { mysqli_query($con, "DELETE FROM log WHERE id='{$lid}'"); // Delete failed log } } $bid = $cb['id']; mysqli_query($con, "DELETE FROM blocks WHERE id='{$bid}'"); // Delete IP block $unblocked = 1; // Set unblocked to 1 to let the script know the block is irrelevant } // Check if an IP is blocked if (mysqli_num_rows($checkblock) > 0 && ($cb['until'] > $timenow || empty($cb['until']) || $cb['until'] == "0") && $unblocked == 0) { // Check if the block is forever if (empty($cb['until']) || $cb['until'] == "0") { return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . $m['never'] . "</div>"; } else { return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . date("d M Y", $cb['until']) . " " . $m['at'] . " " . date("G:i", $cb['until']) . "</div>"; } } elseif (getSetting("max_failed_attempts", "text") > 0 && $failed >= getSetting("max_failed_attempts", "text") && $unblocked == 0) { // Check if the user has exceeded the maximum login attempts // Check if the IP isn't already blocked if (mysqli_num_rows($checkblock) == 0) { $time = time(); $reason = $m['blocked']; $blocked_time = formatToSeconds(getSetting("blocked_amount", "text"), getSetting("blocked_format", "text")); // Calculate the blocked time and format to seconds if ($blocked_time == "0") { $until = 0; // Forever } else { $until = $time + $blocked_time; // Current time with the blocked time added } mysqli_query($con, "INSERT INTO blocks(time, ip, logs, reason, until)\r\n\t\t\t\t\t\tVALUES ('{$time}','{$ip}','{$failed}','{$reason}','{$until}')"); } return "0|||<div class='alert alert-danger' role='alert'>" . $m['blocked'] . "</div>"; } else { $check = mysqli_query($con, "SELECT * FROM users WHERE sid='{$sid}' AND type='{$type}'"); // Check if the login is correct if (mysqli_num_rows($check) == 0) { return "0|||<div class='alert alert-danger' role='alert'>" . $m['account_not_found'] . "</div>"; } else { $c = mysqli_fetch_array($check); $uid = $c['id']; $bancheck = mysqli_query($con, "SELECT * FROM bans WHERE uid='{$uid}'"); // Check if the user is banned or if the user isn't active if (mysqli_num_rows($bancheck) > 0) { return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "</div>"; } elseif ($c['active'] != "1") { if (getSetting("enable_paypal", "text") == "true" && getSetting("enable_stripe", "text") == "true") { if (!empty($c['paypal'])) { return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>"; } else { return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>"; } } elseif (getSetting("enable_paypal", "text") == "true") { return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>"; } elseif (getSetting("enable_stripe", "text") == "true") { return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>"; } elseif (getSetting("activation", "text") == "0") { mysqli_query($con, "UPDATE users SET active='1' WHERE id='{$uid}'"); return "0|||<h5 class='text-center green'>" . $m['activation_success'] . "</div>"; } elseif (getSetting("activation", "text") == "1") { return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_email_activation'] . "<a href='login.php?resend&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>"; } else { return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_activation'] . "</div>"; } } else { $last_login = time(); mysqli_query($con, "UPDATE users SET last_login='******' WHERE id='{$uid}'"); // Update last login // Add needed session data $_SESSION['uid'] = $uid; $_SESSION['ip'] = $ip; if (empty($c['ip']) || empty($c['registered_on'])) { $registered_on = time(); mysqli_query($con, "UPDATE users SET registered_on='{$registered_on}', ip='{$ip}' WHERE id='{$uid}'"); } // Check if log successful logins is enabled, if so, log this login try if (getSetting("log_successful_logins", "text") == "true") { addLog("1", $_SERVER['REMOTE_ADDR'], $uid, $c['username'], $type); } return getTypeUrl("on_login"); } } } } } else { if (getSetting("page_disabled_message", "text") == "") { return "0|||<div class='alert alert-danger' role='alert'>" . $m['page_disabled_default'] . "</div>"; } else { return "0|||<div class='alert alert-danger' role='alert'>" . nl2br(getSetting("page_disabled_message", "text")) . "</div>"; } } } else { return "<div class='alert alert-danger' role='alert'>" . $m['already_logged_in'] . "</div>"; } }
} // Check if an IP is blocked if (mysqli_num_rows($checkblock) > 0 && ($cb['until'] > $timenow || empty($cb['until']) || $cb['until'] == "0") && $unblocked == 0) { // Check if the block is forever if (empty($cb['until']) || $cb['until'] == "0") { echo "<h5 class='text-center red'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . $m['never'] . "</h5>"; } else { echo "<h5 class='text-center red'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . date("d M Y", $cb['until']) . " " . $m['at'] . " " . date("G:i", $cb['until']) . "</h5>"; } } elseif (getSetting("max_failed_attempts", "text") > 0 && $failed >= getSetting("max_failed_attempts", "text") && $unblocked == 0) { // Check if the user has exceeded the maximum login attempts // Check if the IP isn't already blocked if (mysqli_num_rows($checkblock) == 0) { $time = time(); $reason = $m['blocked']; $blocked_time = formatToSeconds(getSetting("blocked_amount", "text"), getSetting("blocked_format", "text")); // Calculate the blocked time and format to seconds if ($blocked_time == "0") { $until = 0; // Forever } else { $until = $time + $blocked_time; // Current time with the blocked time added } mysqli_query($con, "INSERT INTO blocks(time, ip, logs, reason, until)\r\n\t\t\t\t\t\t\t\tVALUES ('{$time}','{$ip}','{$failed}','{$reason}','{$until}')"); } echo "<h5 class='text-center red'>" . $m['blocked'] . "</h5>"; } else { require_once 'pbkdf2.php'; // Requires password encryption script $salt = md5($password);