function makeLoginPage($user = false)
{
// We need global Variables.
global $VERSION;
global $SITENAME;
global $IGB;
global $IS_DEMO;
global $IS_BETA;
global $DB;
global $IGB_VISUAL;
if ($IGB && $IGB_VISUAL) {
$login = new table(3, true);
} else {
$login = new table(3, true, "width=\"400\"", "align=\"center\"");
}
$peeps = $DB->getCol("SELECT COUNT(id) FROM users");
if ($peeps[0] == 0) {
header("Location: index.php?auth=requestaccount&admin=true");
}
$login->addHeader(">> Welcome to {$VERSION}.");
$login->addRow("#060622");
$login->addCol($SITENAME, array("colspan" => 3, "align" => "center", "bold" => true));
if ($user) {
if ($user == "__invalidchar") {
$login->addRow("redish");
$login->addCol("Only characters a-z, A-Z and 0-9 are allowed. " . array("bold" => "true", "colspan" => 3));
} else {
if (isset($_SESSION['testauth'])) {
$login->addRow();
$login->addCol("Please select the character you wish to login as.", array("colspan" => 3));
} else {
$login->addRow("redish");
$login->addCol("Your supplied credentials are invalid, please check and try again. " . "If you cannot remember your password use the Password Recovery link below.", array("bold" => "true", "colspan" => 3));
}
}
}
// Show login info for demo.
if ($IS_DEMO) {
$login->addRow("#006600");
$login->addCol("This installation of MiningBuddy runs in demo mode. Login with username demo, password demo. If you get kicked out, someone else logged in with the same account.", array("colspan" => 3, "align" => "center", "bold" => true));
}
global $BLESSED;
if ($BLESSED == true) {
$login->addRow("#330000");
$login->addCol("Using a superior hosted slot.", array("colspan" => 3, "align" => "center", "bold" => true));
}
// Beta Warning
if ($IS_BETA) {
$login->addRow("#904000");
$login->addCol("-beta version-", array("colspan" => 3, "align" => "center", "bold" => true));
}
// User has logged in, but we need a character name.
if (!isset($_SESSION[testauth])) {
$login->addRow();
$login->addCol("Username:"******"<input type=\"text\" name=\"username\" value=\"{$EVE_Charname}\" maxlength=\"30\">");
} else {
$login->addCol("<input type=\"text\" name=\"username\" value=\"" . stripcslashes($user) . "\" maxlength=\"30\">");
}
$login->addCol("<img src=\"./images/keys.png\">", array("rowspan" => "2"));
$login->addRow();
$login->addCol("Password:"******"<input type=\"password\" name=\"password\" maxlength=\"80\">", array("colspan" => "2"));
$login->addRow("#060622");
$login->addCol("Please login with your credentials. If you are in need of an account, request an account below and ask your CEO to activate it for you.", array("colspan" => "3", "align" => "center"));
} else {
$login->addRow();
$login->addCol("Character:");
global $TEST_AUTH;
$eveApiProxyUrl = "https://auth.pleaseignore.com/api/1.0/eveapi/?apikey={$TEST_AUTH}&userid=" . $_SESSION[testauth][id];
$return = file_get_contents($eveApiProxyUrl);
$obj = json_decode($return, TRUE);
$count = 0;
$select = "<select name=\"username\" >";
$array = array();
foreach ($obj[keys] as $key) {
$eveApiProxyUrl = "https://auth.pleaseignore.com/api/1.0/eveapi/account/Characters.xml.aspx?apikey={$TEST_AUTH}&userid=" . $key[api_user_id];
$return = file_get_contents($eveApiProxyUrl);
try {
$chars = new SimpleXMLElement($return);
} catch (Exception $ex) {
continue;
}
foreach ($chars->result[0]->rowset[0] as $row) {
$character = (string) $row[name];
if ($row['corporationName'] != "B0rthole" || in_array($character, $array)) {
continue;
}
if ($character == $user) {
$selected = "selected";
}
$select .= "<option {$selected} value='{$character}'>{$character}</option>";
$array[] = $character;
$count++;
}
}
//var_dump($array);
$select .= "</select>";
$login->addCol($select, array("colspan" => "2"));
if ($count == 0) {
session_destroy();
makenotice("You do not belong here. Leave at once!", "warning", "ACCESS DENIED");
die;
}
//file_put_contents($_SESSION[testauth][id].".xml",print_r($list,true));
}
if ($IGB && $IGB_VISUAL) {
$login->addHeaderCentered("<input type=\"submit\" name=\"login\" value=\"login\">");
} else {
$login->addHeaderCentered("<input type=\"image\" name=\"login\" value=\"login\" src=\"./images/login.png\">");
}
$login->addRow("#060622");
$login->addCol("<a href=\"index.php?auth=lostpass\">lost password</a>");
/*
$login->addCol("<a href=\"index.php?auth=requestaccount\">request account</a>", array (
"align" => "right",
"colspan" => "2"
));
*/
$login->addCol("", array("colspan" => "2"));
$page = "<br><br><br>";
if (strstr($_SERVER[QUERY_STRING], "switch")) {
$page .= "<form action=\"index.php?\" method=\"post\">";
} else {
$page .= "<form action=\"index.php?{$_SERVER['QUERY_STRING']}\" method=\"post\">";
}
// Add special hidden forms for stupid browsers.
$browserinfo = new BrowserInfo();
if (ereg("MSIE", $_SERVER[HTTP_USER_AGENT]) or $browserinfo->getBrowser() == BrowserInfo::BROWSER_FIREFOX && $browserinfo->getVersion() >= 4) {
$page .= "<input type=\"hidden\" name=\"login\" value=\"login\">";
}
$page .= $login->flush();
//$page .= "<input type='hidden' name='redirect' value='$_SERVER[QUERY_STRING]'";
$page .= "</form><br><br><br>";
$html = new html();
$html->addBody($page);
die($html->flush());
}
function authVerify($username, $password, $trust = false)
{
global $DB;
global $TIMEMARK;
// lower case it.
$username = strtolower($username);
if (!isset($_SESSION['testauth'])) {
$url = "https://auth.pleaseignore.com/api/1.0/login?user={$username}&pass={$password}";
$contents = file_get_contents($url);
$obj = json_decode($contents, TRUE);
} else {
$obj = $_SESSION['testauth'];
}
// and query it.
if (!$password && $trust) {
// Passwordless login (WAHHHHH!!!!)
$userDS = $DB->query("select * from users where username='******' AND deleted='0' limit 1");
$passwordless = true;
} else {
if ($obj['auth'] == "ok" && !isset($_SESSION['testauth'])) {
// TEST Authentication
$_SESSION['testauth'] = $obj;
makeLoginPage($SUPPLIED_USERNAME);
} else {
if ($obj['auth'] == "ok" && isset($_SESSION['testauth'])) {
$userDS = $DB->query("select * from users where username='******' AND deleted='0' limit 1");
$passwordless = false;
} else {
if (!$password) {
return false;
}
}
}
}
if ($passwordless) {
$user = $userDS->fetchRow();
} else {
if ($obj['auth'] != "ok") {
// No one found
$_SESSION['failedLogins']++;
// Log failed attempts.
$user_valid = $DB->getCol("SELECT COUNT(username) FROM users WHERE username = '******' LIMIT 1");
$user_valid = $user_valid[0];
$DB->query("INSERT INTO failed_logins (time, ip, username, username_valid, agent) VALUES (?,?,?,?,?)", array($TIMEMARK, "{$_SERVER['REMOTE_ADDR']}", stripslashes(sanitize($username)), $user_valid, sanitize($_SERVER['HTTP_USER_AGENT'])));
return false;
} else {
if ($userDS->numRows() == 0 && $obj['auth'] == "ok") {
// User is a TEST user but does not have an account
$DB->query("insert into users (username, password, email, " . "addedby, confirmed, emailvalid,canLogin,authID) " . "values (?, ?, ?, ?, ?,?, ?, ?)", array(stripcslashes($username), "", $obj['email'], 1, 1, 1, 1, $obj[id]));
// Were we successful?
if ($DB->affectedRows() == 0) {
// No!
makeNotice("Could not create user!", "error");
} else {
// Yes
$userDS = $DB->query("select * from users where username='******' AND deleted='0' limit 1");
$user = $userDS->fetchRow();
}
} else {
if ($userDS->numRows() > 0 && $obj['auth'] == "ok") {
// Try TEST Auth
$user = $userDS->fetchRow();
if ($user['authID'] == null) {
$DB->query("update users set authID='{$obj['id']}' where id='{$user['id']}'");
}
if ($user['authID'] == null) {
$DB->query("update users set authID='{$obj['id']}' where id='{$user['id']}'");
}
if ($user == null) {
return false;
makeNotice("Your account is not a member of the B0rthole user group." . "<br>Please join the group on TEST Auth.", "error", "Unable to login");
}
}
}
}
}
// Is the account activated yet?
if ("{$user['canLogin']}" != "1" || "{$user['confirmed']}" != "1") {
// Nyet!
makeNotice("Your account has not yet been activated or been blocked." . "<br>Please ask your CEO for assistance.", "error", "Unable to login");
} else {
/* HOLD IT RIGHT THERE!
* We have a login from IGB with valid trust setting. BUT HEY!
* Does the API key match?
*/
if ($passwordless) {
// Just return the account as we're using TEST 'leetsauce' auth.
$MyAccount = new user($user, $TIMEMARK);
return $MyAccount;
// Load the api!
$api = new api($user['id']);
if (!$api->valid()) {
// NO valid api key!!!!11
session_destroy();
makenotice("For fast login you need to supply your API key. Log in to MiningBuddy out of game and set your API key under preferences. Only then can you do fast logins. <a href=\"http://myeve.eve-online.com/api/default.asp?\">Visit the EVE api page here (right click, copy URL)</a>", "warning", "ACCESS DENIED");
die;
// return (false);
} else {
$MyAccount = new user($user, $TIMEMARK);
return $MyAccount;
}
} else {
// // Out of game logins.
$MyAccount = new user($user, $TIMEMARK);
return $MyAccount;
}
}
// We dont :(
return false;
}
