function socialLogin($sid, $type)
{
global $con;
global $m;
// Check if the user is already logged in
if (!is_logged_in()) {
$sid = mysqli_real_escape_string($con, $sid);
$type = mysqli_real_escape_string($con, $type);
$ip = $_SERVER['REMOTE_ADDR'];
// Check if login isn't disabled or if the user is admin
if (getSetting("disable_login", "text") == "false" || isAdminBySid($sid)) {
// Check if everything required is filled in
if ($type != "google" && $type != "facebook" && $type != "twitter") {
// Check if the social login type exists
return "0|||<div class='alert alert-danger' role='alert'>" . $m['unknown_social_login'] . "</div>";
} else {
// Check if there is a failed login attempts limit and if failed logins are logged
if (getSetting("max_failed_attempts", "text") > 0 && getSetting("log_failed_logins", "text") == "true") {
$logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC");
$failed = 0;
while ($l = mysqli_fetch_array($logs)) {
if ($l['success'] == "1") {
break;
// Stop while loop because a successful login is found
} elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) {
break;
// Stop while loop because the log is not from today, so it is irrelevant
} else {
$failed++;
// Count 1 to failed to get how many failed login the IP has
}
}
}
$checkblock = mysqli_query($con, "SELECT * FROM blocks WHERE ip='{$ip}'");
$cb = mysqli_fetch_array($checkblock);
$timenow = time();
$unblocked = 0;
// Check if an IP is blocked, but the block has expired
if (mysqli_num_rows($checkblock) > 0 && $cb['until'] < $timenow && !empty($cb['until']) && $cb['until'] != "0") {
$logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC");
while ($l = mysqli_fetch_array($logs)) {
$lid = $l['id'];
if ($l['success'] == "1") {
break;
// Stop while loop because the last successful log is found
} elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) {
break;
// Stop while loop because the log is not from today so it is irrelevant
} else {
mysqli_query($con, "DELETE FROM log WHERE id='{$lid}'");
// Delete failed log
}
}
$bid = $cb['id'];
mysqli_query($con, "DELETE FROM blocks WHERE id='{$bid}'");
// Delete IP block
$unblocked = 1;
// Set unblocked to 1 to let the script know the block is irrelevant
}
// Check if an IP is blocked
if (mysqli_num_rows($checkblock) > 0 && ($cb['until'] > $timenow || empty($cb['until']) || $cb['until'] == "0") && $unblocked == 0) {
// Check if the block is forever
if (empty($cb['until']) || $cb['until'] == "0") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . $m['never'] . "</div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . date("d M Y", $cb['until']) . " " . $m['at'] . " " . date("G:i", $cb['until']) . "</div>";
}
} elseif (getSetting("max_failed_attempts", "text") > 0 && $failed >= getSetting("max_failed_attempts", "text") && $unblocked == 0) {
// Check if the user has exceeded the maximum login attempts
// Check if the IP isn't already blocked
if (mysqli_num_rows($checkblock) == 0) {
$time = time();
$reason = $m['blocked'];
$blocked_time = formatToSeconds(getSetting("blocked_amount", "text"), getSetting("blocked_format", "text"));
// Calculate the blocked time and format to seconds
if ($blocked_time == "0") {
$until = 0;
// Forever
} else {
$until = $time + $blocked_time;
// Current time with the blocked time added
}
mysqli_query($con, "INSERT INTO blocks(time, ip, logs, reason, until)\r\n\t\t\t\t\t\tVALUES ('{$time}','{$ip}','{$failed}','{$reason}','{$until}')");
}
return "0|||<div class='alert alert-danger' role='alert'>" . $m['blocked'] . "</div>";
} else {
$check = mysqli_query($con, "SELECT * FROM users WHERE sid='{$sid}' AND type='{$type}'");
// Check if the login is correct
if (mysqli_num_rows($check) == 0) {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['account_not_found'] . "</div>";
} else {
$c = mysqli_fetch_array($check);
$uid = $c['id'];
$bancheck = mysqli_query($con, "SELECT * FROM bans WHERE uid='{$uid}'");
// Check if the user is banned or if the user isn't active
if (mysqli_num_rows($bancheck) > 0) {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "</div>";
} elseif ($c['active'] != "1") {
if (getSetting("enable_paypal", "text") == "true" && getSetting("enable_stripe", "text") == "true") {
if (!empty($c['paypal'])) {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
}
} elseif (getSetting("enable_paypal", "text") == "true") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} elseif (getSetting("enable_stripe", "text") == "true") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} elseif (getSetting("activation", "text") == "0") {
mysqli_query($con, "UPDATE users SET active='1' WHERE id='{$uid}'");
return "0|||<h5 class='text-center green'>" . $m['activation_success'] . "</div>";
} elseif (getSetting("activation", "text") == "1") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_email_activation'] . "<a href='login.php?resend&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_activation'] . "</div>";
}
} else {
$last_login = time();
mysqli_query($con, "UPDATE users SET last_login='******' WHERE id='{$uid}'");
// Update last login
// Add needed session data
$_SESSION['uid'] = $uid;
$_SESSION['ip'] = $ip;
if (empty($c['ip']) || empty($c['registered_on'])) {
$registered_on = time();
mysqli_query($con, "UPDATE users SET registered_on='{$registered_on}', ip='{$ip}' WHERE id='{$uid}'");
}
// Check if log successful logins is enabled, if so, log this login try
if (getSetting("log_successful_logins", "text") == "true") {
addLog("1", $_SERVER['REMOTE_ADDR'], $uid, $c['username'], $type);
}
return getTypeUrl("on_login");
}
}
}
}
} else {
if (getSetting("page_disabled_message", "text") == "") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['page_disabled_default'] . "</div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . nl2br(getSetting("page_disabled_message", "text")) . "</div>";
}
}
} else {
return "<div class='alert alert-danger' role='alert'>" . $m['already_logged_in'] . "</div>";
}
}
}
// Check if an IP is blocked
if (mysqli_num_rows($checkblock) > 0 && ($cb['until'] > $timenow || empty($cb['until']) || $cb['until'] == "0") && $unblocked == 0) {
// Check if the block is forever
if (empty($cb['until']) || $cb['until'] == "0") {
echo "<h5 class='text-center red'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . $m['never'] . "</h5>";
} else {
echo "<h5 class='text-center red'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . date("d M Y", $cb['until']) . " " . $m['at'] . " " . date("G:i", $cb['until']) . "</h5>";
}
} elseif (getSetting("max_failed_attempts", "text") > 0 && $failed >= getSetting("max_failed_attempts", "text") && $unblocked == 0) {
// Check if the user has exceeded the maximum login attempts
// Check if the IP isn't already blocked
if (mysqli_num_rows($checkblock) == 0) {
$time = time();
$reason = $m['blocked'];
$blocked_time = formatToSeconds(getSetting("blocked_amount", "text"), getSetting("blocked_format", "text"));
// Calculate the blocked time and format to seconds
if ($blocked_time == "0") {
$until = 0;
// Forever
} else {
$until = $time + $blocked_time;
// Current time with the blocked time added
}
mysqli_query($con, "INSERT INTO blocks(time, ip, logs, reason, until)\r\n\t\t\t\t\t\t\t\tVALUES ('{$time}','{$ip}','{$failed}','{$reason}','{$until}')");
}
echo "<h5 class='text-center red'>" . $m['blocked'] . "</h5>";
} else {
require_once 'pbkdf2.php';
// Requires password encryption script
$salt = md5($password);
