</div>
</div>
</div>
<div class='row'>
<div class='form-group'>
<label class='col-sm-4 control-label'><a id='twitter_callback' title='<?php
echo $m['twitter_callback_title'];
?>
'><?php
echo $m['twitter_callback'];
?>
</a></label>
<div class='col-sm-8'>
<code><?php
echo getTypeUrl("twitter_callback");
?>
</code>
</div>
</div>
</div>
</div>
<div class='row'>
<div class='form-group'>
<input type='hidden' name='token' value='<?php
echo session_id();
?>
'>
<input type='submit' name='save' value='<?php
echo $m['save'];
$custom_valid = true;
} else {
$custom_valid = false;
}
// Check if both checks are true
if ($txn_id_valid == true && $custom_valid == true) {
$u = mysqli_fetch_array($custom_check);
$uid = $u['id'];
$time = time();
// Insert payment in MySQL
mysqli_query($con, "INSERT INTO payments(uid, time, amount, currency, payer, receiver, txn_id)\r\n\t\tVALUES ('{$uid}','{$time}','{$amount}','{$currency}','{$payer}','{$receiver}','{$txn_id}')");
if (getSetting("require_email", "text") == "true") {
// Send activation mail if email validation is enabled
$getuid = mysqli_query($con, "SELECT * FROM users WHERE activate_code='{$custom}'");
$gu = mysqli_fetch_array($getuid);
$val_url = getTypeUrl("activation") . $activate_code;
$subject = getSetting("validation_mail_subject", "text");
$subject = str_replace("{val_url}", $val_url, $subject);
$subject = str_replace("{name}", $gu['username'], $subject);
$subject = str_replace("{email}", $gu['email'], $subject);
$subject = str_replace("{date}", date("j-n-Y", $gu['registered_on']), $subject);
$message = getSetting("validation_mail", "text");
$message = str_replace("{val_url}", $val_url, $message);
$message = str_replace("{name}", $gu['username'], $message);
$message = str_replace("{email}", $gu['email'], $message);
$message = str_replace("{date}", date("j-n-Y", $gu['registered_on']), $message);
$message = nl2br($message);
$message = html_entity_decode($message);
// Send mail through PHPMailer
sendMail($gu['email'], $subject, $message, $gu['id']);
// Update user to remove paypal link
<?php
include 'includes/api.php';
include 'head.php';
if (getSetting("disable_login", "text") != "true" && getSetting("disable_register", "text") != "true") {
if (is_logged_in()) {
$on_login = explode("|||", getTypeUrl("on_login"));
if ($on_login[0]) {
header('Location: ' . $on_login[1]);
exit;
} else {
echo $on_login[1];
}
} else {
?>
<div class='container'>
<noscript>
<div class='alert alert-danger' role='alert'><?php
echo $m['enable_javascript'];
?>
</div>
</noscript>
</div>
<div class='container-small'>
<div class='row row-1 light-dark-top'>
<h2 class='text-center'><?php
echo $m['social_register_title'];
?>
</h2>
function socialLogin($sid, $type)
{
global $con;
global $m;
// Check if the user is already logged in
if (!is_logged_in()) {
$sid = mysqli_real_escape_string($con, $sid);
$type = mysqli_real_escape_string($con, $type);
$ip = $_SERVER['REMOTE_ADDR'];
// Check if login isn't disabled or if the user is admin
if (getSetting("disable_login", "text") == "false" || isAdminBySid($sid)) {
// Check if everything required is filled in
if ($type != "google" && $type != "facebook" && $type != "twitter") {
// Check if the social login type exists
return "0|||<div class='alert alert-danger' role='alert'>" . $m['unknown_social_login'] . "</div>";
} else {
// Check if there is a failed login attempts limit and if failed logins are logged
if (getSetting("max_failed_attempts", "text") > 0 && getSetting("log_failed_logins", "text") == "true") {
$logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC");
$failed = 0;
while ($l = mysqli_fetch_array($logs)) {
if ($l['success'] == "1") {
break;
// Stop while loop because a successful login is found
} elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) {
break;
// Stop while loop because the log is not from today, so it is irrelevant
} else {
$failed++;
// Count 1 to failed to get how many failed login the IP has
}
}
}
$checkblock = mysqli_query($con, "SELECT * FROM blocks WHERE ip='{$ip}'");
$cb = mysqli_fetch_array($checkblock);
$timenow = time();
$unblocked = 0;
// Check if an IP is blocked, but the block has expired
if (mysqli_num_rows($checkblock) > 0 && $cb['until'] < $timenow && !empty($cb['until']) && $cb['until'] != "0") {
$logs = mysqli_query($con, "SELECT * FROM log WHERE ip='{$ip}' ORDER BY id DESC");
while ($l = mysqli_fetch_array($logs)) {
$lid = $l['id'];
if ($l['success'] == "1") {
break;
// Stop while loop because the last successful log is found
} elseif (date("j-n-Y", $l['time']) != date("j-n-Y")) {
break;
// Stop while loop because the log is not from today so it is irrelevant
} else {
mysqli_query($con, "DELETE FROM log WHERE id='{$lid}'");
// Delete failed log
}
}
$bid = $cb['id'];
mysqli_query($con, "DELETE FROM blocks WHERE id='{$bid}'");
// Delete IP block
$unblocked = 1;
// Set unblocked to 1 to let the script know the block is irrelevant
}
// Check if an IP is blocked
if (mysqli_num_rows($checkblock) > 0 && ($cb['until'] > $timenow || empty($cb['until']) || $cb['until'] == "0") && $unblocked == 0) {
// Check if the block is forever
if (empty($cb['until']) || $cb['until'] == "0") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . $m['never'] . "</div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "<br>" . $cb['reason'] . "<br><br>" . $m['block_expires'] . "<br>" . date("d M Y", $cb['until']) . " " . $m['at'] . " " . date("G:i", $cb['until']) . "</div>";
}
} elseif (getSetting("max_failed_attempts", "text") > 0 && $failed >= getSetting("max_failed_attempts", "text") && $unblocked == 0) {
// Check if the user has exceeded the maximum login attempts
// Check if the IP isn't already blocked
if (mysqli_num_rows($checkblock) == 0) {
$time = time();
$reason = $m['blocked'];
$blocked_time = formatToSeconds(getSetting("blocked_amount", "text"), getSetting("blocked_format", "text"));
// Calculate the blocked time and format to seconds
if ($blocked_time == "0") {
$until = 0;
// Forever
} else {
$until = $time + $blocked_time;
// Current time with the blocked time added
}
mysqli_query($con, "INSERT INTO blocks(time, ip, logs, reason, until)\r\n\t\t\t\t\t\tVALUES ('{$time}','{$ip}','{$failed}','{$reason}','{$until}')");
}
return "0|||<div class='alert alert-danger' role='alert'>" . $m['blocked'] . "</div>";
} else {
$check = mysqli_query($con, "SELECT * FROM users WHERE sid='{$sid}' AND type='{$type}'");
// Check if the login is correct
if (mysqli_num_rows($check) == 0) {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['account_not_found'] . "</div>";
} else {
$c = mysqli_fetch_array($check);
$uid = $c['id'];
$bancheck = mysqli_query($con, "SELECT * FROM bans WHERE uid='{$uid}'");
// Check if the user is banned or if the user isn't active
if (mysqli_num_rows($bancheck) > 0) {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['you_are_banned'] . "</div>";
} elseif ($c['active'] != "1") {
if (getSetting("enable_paypal", "text") == "true" && getSetting("enable_stripe", "text") == "true") {
if (!empty($c['paypal'])) {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
}
} elseif (getSetting("enable_paypal", "text") == "true") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_paypal_activation'] . "<a href='login.php?retry&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} elseif (getSetting("enable_stripe", "text") == "true") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_stripe_activation'] . "<a href='login.php?stripe&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} elseif (getSetting("activation", "text") == "0") {
mysqli_query($con, "UPDATE users SET active='1' WHERE id='{$uid}'");
return "0|||<h5 class='text-center green'>" . $m['activation_success'] . "</div>";
} elseif (getSetting("activation", "text") == "1") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_email_activation'] . "<a href='login.php?resend&uid=" . $c['id'] . "'>" . $m['clicking_here'] . "</a></div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['need_activation'] . "</div>";
}
} else {
$last_login = time();
mysqli_query($con, "UPDATE users SET last_login='******' WHERE id='{$uid}'");
// Update last login
// Add needed session data
$_SESSION['uid'] = $uid;
$_SESSION['ip'] = $ip;
if (empty($c['ip']) || empty($c['registered_on'])) {
$registered_on = time();
mysqli_query($con, "UPDATE users SET registered_on='{$registered_on}', ip='{$ip}' WHERE id='{$uid}'");
}
// Check if log successful logins is enabled, if so, log this login try
if (getSetting("log_successful_logins", "text") == "true") {
addLog("1", $_SERVER['REMOTE_ADDR'], $uid, $c['username'], $type);
}
return getTypeUrl("on_login");
}
}
}
}
} else {
if (getSetting("page_disabled_message", "text") == "") {
return "0|||<div class='alert alert-danger' role='alert'>" . $m['page_disabled_default'] . "</div>";
} else {
return "0|||<div class='alert alert-danger' role='alert'>" . nl2br(getSetting("page_disabled_message", "text")) . "</div>";
}
}
} else {
return "<div class='alert alert-danger' role='alert'>" . $m['already_logged_in'] . "</div>";
}
}
if (isset($_GET['retry']) && !empty($_GET['uid']) && getSetting("enable_paypal", "text") == "true") {
$userid = mysqli_real_escape_string($con, $_GET['uid']);
$get_paypal = mysqli_query($con, "SELECT paypal FROM users WHERE id='{$userid}' AND active='0' AND paypal IS NOT NULL");
if (mysqli_num_rows($get_paypal) > 0) {
$gp = mysqli_fetch_array($get_paypal);
header('Location: https://www.sandbox.paypal.com/cgi-bin/webscr' . $gp['paypal']);
}
}
// Resend activation mail, only possible if activation method is by validating email, and PayPal AND Stripe are not enabled
if (isset($_GET['resend']) && !empty($_GET['uid']) && getSetting("activation", "text") == "1" && (getSetting("enable_paypal", "text") == "false" || getSetting("enable_stripe", "text") == "false")) {
$userid = mysqli_real_escape_string($con, $_GET['uid']);
$get_user = mysqli_query($con, "SELECT * FROM users WHERE id='{$userid}' AND active='0'");
if (mysqli_num_rows($get_user) > 0) {
$gu = mysqli_fetch_array($get_user);
// Resend activation mail if the user is found and he is inactive
$val_url = getTypeUrl("activation") . $gu['activate_code'];
$subject = getSetting("validation_mail_subject", "text");
$subject = str_replace("{val_url}", $val_url, $subject);
$subject = str_replace("{name}", $gu['username'], $subject);
$subject = str_replace("{email}", $gu['email'], $subject);
$subject = str_replace("{date}", date("j-n-Y", $gu['registered_on']), $subject);
$message = getSetting("validation_mail", "text");
$message = str_replace("{val_url}", $val_url, $message);
$message = str_replace("{name}", $gu['username'], $message);
$message = str_replace("{email}", $gu['email'], $message);
$message = str_replace("{date}", date("j-n-Y", $gu['registered_on']), $message);
$message = nl2br($message);
$message = html_entity_decode($message);
sendMail($gu['email'], $subject, $message, $gu['id']);
// Resend activation mail
header('Location: login.php?m=6');