<?php
require_once "config/config.php";
//**********************************************Begin Page code**********************************************
require_once INCLUDE_DIR."/users_class.php";
require_once INCLUDE_DIR."/cannedemail_class.php";
require_once INCLUDE_DIR."/functions.php";
require_once INCLUDE_DIR."/phpmailer/Functions.php";
require_once INCLUDE_DIR."/autoresponder.php";
require_once CONFIG_DIR."/admin_messagelist.php";
require_once INCLUDE_DIR."/users_signup_class.php";
require_once INCLUDE_DIR."/product_class.php";
$users=new users_class();
$loCannedEmail = new cannedemail_class();
$users_signup_class=new users_signup_class();
$productobj= new product_class();
//echo decrypt("123456");die;
if(isset($_SESSION[SESSION_PREFIX.'UserID']) and $_SESSION[SESSION_PREFIX.'UserID'] != '')
{
Redirect(WEB_URL.'/member/user_default_page.php');
}
switch($_action)
{
case 'dologin':
/**added by nikunj for https request */
if( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
$server_request="https://";
else
$server_request="http://";
/********************************************/
/* Added By Asmita for Loain as*/
if(isset($_SESSION[SESSION_PREFIX.'IsAdmin']) and isset($_GET['username']) and isset($_GET['useremail']))
{
if($_SESSION[SESSION_PREFIX.'IsAdmin']==true)
{
$lsLoginUserName=$_GET['username'];
$lsLoginEmail=$_GET['useremail'];
$lbLoginvalidateusername=$users->ValidateUserName($lsLoginUserName);
if($lbLoginvalidateusername==true)
{
$laLoginUseringo=$users->getUserNamePassword($lsLoginEmail,$lsLoginUserName);
if(is_array($laLoginUseringo))
{
if(sizeof($laLoginUseringo)>0)
{
$lbvalidateuser=$users->ValidateUser($laLoginUseringo[0]['username'],$laLoginUseringo[0]['password'],'true');
if($lbvalidateuser==true)
{
$url=WEB_URL."/member/user_default_page.php";
//Redirect("member/user_rotete.php?url=$url",true);
if(IS_ROTATING_LOGIN_PAGES_ENABLED=='true')
Redirect("member/user_rotete.php?exturl=$url");
else
Redirect("member/user_rotete.php?url=$url");
}
else
{
$smarty->assign('msg',MESSAGE_USERNAME_PASSWORD_DOES_NOT_MATCH);
}
}
}
}
else
{
// $smarty->assign('msg',"User's Account is either Locked or not Apporeved");
$smarty->assign('msg',MESSAGE_USERNAME_PASSWORD_DOES_NOT_MATCH);
}
}
//require_once INCLUDE_DIR."/is_valid_captcha.php";
//phpajax::init();
$LOGINPAGE = $smarty->fetch('user_login.tpl');
break;
}
//die('SESSION:::'.$_SESSION['securimage_code_value'].'<br/>POST:::'.$_POST['txtSecretCode']);
if(isset($_POST))
{
if(CAPTCHA_ENABLE_ON_USER_LOGIN_PAGE == 'true')
{
require_once INCLUDE_DIR."/securimage/securimage.php";
$img = new Securimage();
$valid = $img->check($_POST['txtSecretCode']);
if($valid != true)
{
//require_once INCLUDE_DIR."/is_valid_captcha.php";
// phpajax::init();
$smarty->assign('msg',MESSAGE_INVALID_SECURITY_CODE);
if(isset($_GET['externalurl']))
$exturl=$_GET['externalurl'];
else
$exturl="";
if(isset($_POST['exturl']))
$exturl=$_POST['exturl'];
else
$exturl="";
if(isset($_POST['url']))
$modUrl=$_POST['url'];
else
$modUrl="";
$smarty->assign('modUrl',$modUrl);
$smarty->assign('extUrl',$exturl);
//unset($_SESSION['securimage_code_value']);
$LOGINPAGE = $smarty->fetch('user_login.tpl');
break;
}
}
$lausername=trim($_POST['txtusername']);
$password=trim($_POST['txtpassword']);
$wordpress_admin_login_redirect=false;
if($users_signup_class->wordpressStatuscheck()){
$wordpressReqquiredFile= wordpress_physical_path();
if(file_exists($wordpressReqquiredFile)){
require_once($wordpressReqquiredFile);
assign_sessions();
if(wordpress_admin_login_check($lausername,$password)){
wordpress_login_user($lausername,$password);
$lbvalidateuser=$users->ValidateUser($lausername,$password);
if($users_signup_class->phpbbStatuscheck())
{
if(phpBB_checkIfAdminUser($lausername,$password))
{
phpBB_Login($lausername,$password);
mysql_select_db(MEMBERSGEAR_DB_NAME);
//Redirect(WEB_URL."/forum/",true) ;
$phpBBLoginRedirect=true;
}
else
phpBB_Login($lausername,$password);
}
//echo $_POST['exturl'];die;
if(isset($_POST['exturl']) and $_POST['exturl']!=""){
//Redirect($_POST['exturl'],true);
$wordpressRedirectUrl = urldecode($_POST['exturl']);
$wordpressRedirectUrlParts = parse_url($_POST['exturl']);
//print_r( $wordpressRedirectUrlParts );
if(isset($wordpressRedirectUrlParts['query'])) {
$wordpressRedirectTo = urldecode($wordpressRedirectUrlParts['query']);
if(strpos($wordpressRedirectTo, 'redirect_to=') !== false) {
$wordpressRedirectTo = substr( $wordpressRedirectTo, strpos($wordpressRedirectTo, 'redirect_to') + 12 );
$wordpressRedirectTo = str_replace('/reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('/&reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('/?reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('&reauth=1','', $wordpressRedirectTo);
//echo $wordpressRedirectTo;die;
$wordpressRedirectTo = trim($wordpressRedirectTo, '&');
Redirect( $wordpressRedirectTo, true);
} else {
$wordpressRedirectTo = urldecode($wordpressRedirectUrlParts['query']);
if(strpos($wordpressRedirectTo, 'last_request=') !== false)
{
$pos= strpos($wordpressRedirectTo, 'last_request=')+13;
$wordpressRedirectTo = substr($wordpressRedirectTo,$pos);
Redirect( $wordpressRedirectTo, true);
}
else
Redirect( $_POST['exturl'], true);
}
} else {
$wordpressRedirectTo = urldecode($wordpressRedirectUrlParts['query']);
if(strpos($wordpressRedirectTo, 'last_request=') !== false)
{
$pos= strpos($wordpressRedirectTo, 'last_request=')+13;
$wordpressRedirectTo = substr($wordpressRedirectTo,$pos);
Redirect( $wordpressRedirectTo, true);
}
else
Redirect( $_POST['exturl'], true);
}
}
else
$wordpress_admin_login_redirect=true;
}
}
}
$phpBBLoginRedirect=false;
if($users_signup_class->phpbbStatuscheck())
{
if(phpBB_checkIfAdminUser($lausername,$password))
{
phpBB_Login($lausername,$password);
mysql_select_db(MEMBERSGEAR_DB_NAME);
//Redirect(WEB_URL."/forum/",true) ;
$phpBBLoginRedirect=true;
}
}
if($wordpress_admin_login_redirect==true and $phpBBLoginRedirect==true){
$wordpressUrl=wordpress_getWordpressUrl();
$phpBBUrl=WEB_URL."/forum/";
$smarty->assign('wordpressUrl',$wordpressUrl.'/wp-admin');
$smarty->assign('phpBBUrl',$phpBBUrl);
$redirectpageTpl = $smarty->fetch('admin_redirect_to_plugin.tpl');
$smarty->assign('USER_CONTENT', $redirectpageTpl);
$smarty->display('user_page_main.tpl');
exit();
}
else if($wordpress_admin_login_redirect==true){
$lbvalidateuser=$users->ValidateUser($lausername,$password);
if($lbvalidateuser==true and isset($_SESSION[SESSION_PREFIX.'UserID']))
{
//do nothig
}
else{
$wordpressUrl=wordpress_getWordpressUrl();
Redirect($wordpressUrl . '/wp-admin', true);
exit();
}
}
else if($phpBBLoginRedirect==true){
$phpBBUrl=WEB_URL."/forum/";
Redirect($phpBBUrl,true);
exit();
}
$larole=$users->GetRoleByUsername($lausername);
if(is_array($larole))
{
if(sizeof($larole)>0)
{
foreach($larole as $key=>$value)
{
if(strtolower($value)=='customer')
{
$lsIsuser=true;
break;
}
else
{
$lsIsadmin=false;
}
}
}
}
if($lsIsuser==true || $larole==null )
{
$lbvalidateuser=$users->ValidateUser($lausername,$password);
if($lbvalidateuser==true)
{
if($users_signup_class->phpbbStatuscheck())
{
$phpBBProduct=phpBB_get_product_id();
$userDat=$users_signup_class->getUserDataByUserName($lausername);
if($userDat!=false and $userDat!="" and $userDat!=null)
{
$proId=$productobj->checkForActiveSubscription($userDat[0]['id'],$phpBBProduct);
if($phpBBProduct==$proId)
{
phpBB_Login($lausername,$password);
mysql_select_db(MEMBERSGEAR_DB_NAME);
}
}
}
if($users_signup_class->wordpressStatuscheck()){
$wordpressReqquiredFile= wordpress_physical_path();
if(file_exists($wordpressReqquiredFile)){
require_once($wordpressReqquiredFile);
assign_sessions();
if(wordpress_user_login_check($lausername,$password)) {
wordpress_login_user($lausername,$password);
$wordpressUrl=wordpress_getWordpressUrl();
$extUrls=$_POST['exturl'];
$wordpressRedirectUrl = urldecode($_POST['exturl']);
$wordpressRedirectTo = urldecode($_POST['exturl']);
$wordpressRedirectUrlParts = parse_url($_POST['exturl']);
//print_r( $wordpressRedirectUrlParts );
if(isset($wordpressRedirectUrlParts['query'])) {
$wordpressRedirectTo = urldecode($wordpressRedirectUrlParts['query']);
if(strpos($wordpressRedirectTo, 'redirect_to=') !== false) {
$wordpressRedirectTo = substr( $wordpressRedirectTo, strpos($wordpressRedirectTo, 'redirect_to') + 12 );
$wordpressRedirectTo = str_replace('/reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('/&reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('/?reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('reauth=1','', $wordpressRedirectTo);
$wordpressRedirectTo = str_replace('&reauth=1','', $wordpressRedirectTo);
//echo $wordpressRedirectTo;die;
$wordpressRedirectTo = trim($wordpressRedirectTo, '&');
}
else {
if(isset($wordpressRedirectUrlParts['query'])){
$wordpressRedirectTo = urldecode($wordpressRedirectUrlParts['query']);
if(strpos($wordpressRedirectTo, 'last_request=') !== false)
{
$pos= strpos($wordpressRedirectTo, 'last_request=')+13;
$wordpressRedirectTo = substr($wordpressRedirectTo,$pos);
}
}
}
}
else {
if(isset($wordpressRedirectUrlParts['query'])){
$wordpressRedirectTo = urldecode($wordpressRedirectUrlParts['query']);
if(strpos($wordpressRedirectTo, 'last_request=') !== false)
{
$pos= strpos($wordpressRedirectTo, 'last_request=')+13;
$wordpressRedirectTo = substr($wordpressRedirectTo,$pos);
}
}
}
if(strpos($wordpressRedirectTo, $wordpressUrl) !== false){
Redirect($wordpressRedirectTo,true);
exit();
}
else if($wordpressUrl==$extUrls){
Redirect($wordpressUrl,true);
exit();
}
else if(strpos($wordpressRedirectUrl,$wordpressUrl) !== false) {
Redirect($wordpressRedirectUrl,true);
exit();
}
}
}
}
//Get or Set user's last login date
$users->GetLastLoginDate($lausername);
$users->ClearLoginAttemps();
if(isset($_POST['url']) && $_POST['url']!="" )
{
$url=$server_request.$_SERVER['HTTP_HOST'].$_POST['url'];
//$purl=trim($_POST['url']);
$purl=str_replace(WEB_URL,'',$url);
$url=urlencode($url);
if(IS_ROTATING_LOGIN_PAGES_ENABLED=='true')
{
$objUserSignup=new users_signup_class();
$puserid=trim($_SESSION[SESSION_PREFIX.'UserID']);
$produrlresult=$objUserSignup->getUserActiveSubscriptionProductUrl($puserid,$purl);
if($produrlresult==true)
{
Redirect("member/user_rotete.php?url=$url");
}
else
{
Redirect("member/user_rotete.php?exturl=$url");
}
}
else
{
Redirect("member/user_rotete.php?url=$url");
}
}
else if( isset($_POST['exturl']) && $_POST['exturl']!="")
{
$url=$server_request.$_SERVER['HTTP_HOST'].$_POST['exturl'];
$url=urlencode($url);
Redirect("member/user_rotete.php?exturl=$url");
}
else
{
$url=WEB_URL."/member/user_default_page.php";
$url=urlencode($url);
if(IS_ROTATING_LOGIN_PAGES_ENABLED=='true')
Redirect("member/user_rotete.php?exturl=$url");
else
Redirect("member/user_rotete.php?url=$url");
//$smarty->assign('msg','You are sucessfully login');
}
}
else
{
/*************************************************************************************
*********** Updated by Jayesh *************
here i put $password as parameter for checking either user name or password is invalid
or not
**************************************************************************************/
$llbvalidateusername=$users->ValidateUserName($lausername);
if($llbvalidateusername==true)
{
if($users->IsApproved($lausername)==false or $users->IsLockedout($lausername)==true)
{
$smarty->assign('msg',MESSAGE_ACCOUNT_NOT_VARIFIED_APPOVERED);
}
else
{
$users->IncreaseLoginAttemps($lausername);
$liloginattempt=$users->GetLoginAttemps();
if($liloginattempt>(int)USER_MAX_LOGIN_ATTAMPT)
{
if($users->UserLockout($lausername)==true)
{
/**********************************************************************/
/* Updated by jayesh */
/*********************************************************************/
if(EMAIL_ACCOUNT_LOCKED == 'true')
{
$templateQuery = 'SELECT id,status FROM '.TABLE_PREFIX.'email_templates WHERE name=\'Account Locked\' AND productid=0';
$laTemplateData = $loCannedEmail->View($templateQuery);
$userQuery = 'SELECT username,password,email,firstname,lastname,isunsubscribedfromemails FROM '.TABLE_PREFIX.'users WHERE username=?';
$lsUsersValues = array($lausername);
$laUserData = $users->View($userQuery,$lsUsersValues,null);
if($laTemplateData[0]['status'] == 1 and $laUserData[0]['isunsubscribedfromemails'] == 0)
{
SendCannedEmailsAutoresponse($laTemplateData[0]['id'],0,'Account Locked','','',$laUserData[0]['username'],$laUserData[0]['password'],$laUserData[0]['email'],$laUserData[0]['firstname'],$laUserData[0]['lastname']);
}
}
/**********************************************************************/
/**********************************************************************/
$smarty->assign('msg',MESSAGE_LOCKED_ACCOUNT);
}
else
{
$smarty->assign('msg',MESSAGE_USERNAME_PASSWORD_DOES_NOT_MATCH);
}
}
else
{
$smarty->assign('msg',MESSAGE_USERNAME_PASSWORD_DOES_NOT_MATCH);
//$smarty->assign('msg',"password in correct");
}
}
}
else
{
$smarty->assign('msg',MESSAGE_USERNAME_PASSWORD_DOES_NOT_MATCH);
}
}
}
else
{
$smarty->assign('msg',MESSAGE_USERNAME_PASSWORD_DOES_NOT_MATCH);
}
}
require_once INCLUDE_DIR."/is_valid_captcha.php";
phpajax::init();
if(isset($_POST['exturl']))
$exturl=$_POST['exturl'];
else
$exturl="";
if(isset($_POST['url']))
$modUrl=$_POST['url'];
else
$modUrl="";
$smarty->assign('modUrl',$modUrl);
$smarty->assign('extUrl',$exturl);
$LOGINPAGE = $smarty->fetch('user_login.tpl');
break;
case 'forgotPassword':
if(isset($_POST))
{
$email=$_POST['txtemail'];
$users = new users_class();
$forgotpassResult=$users->getUserNamePassword($_POST['txtForgotPasswordValue'],'');
if(is_array($forgotpassResult))
{
if(sizeof($forgotpassResult)>0)
{
$username=$forgotpassResult[0]['username'];
$userid=$users->getUserId($username);
$password=$forgotpassResult[0]['password'];
$key=$users->getSecretsalt($username);
$password=decrypt($password,$key);
$server=WEB_URL;
if(EMAIL_FORGOT_PASSWORD != 'true')
{
$LOGINPAGE="
<div id=\"login\">
<div id=\"login-top\"></div>
<div id=\"login-bg\">
<h2 align=\"center\" id=\"h2forgotpassword\">
User Forgot Password
</h2>
<br>
<table border=\"0\" width=\"95%\" align=\"center\" id=\"tableforgotpasswordform\">
<tbody>
<tr>
<td class=\"right-side-text forgotpassworderror\" width=\"100%\"><center>Sorry forgot password functionality is disable by Administrator</center></td>
</tr>
<tr><td> </td></tr>
<tr>
<td><center> <input type='button' id='btnLogin' name='btnLogin' value='Click here to continue...' class=\"btncss\" onclick=\"javascript:location.href='$server/user_login.php';\"> <center></div></center></td>
</tr>
</table>
</div>
<div id=\"login-bottom\">
</div>
</div>
";
}
else
{
/**********************************************************************/
/* Updated by jayesh */
/*********************************************************************/
$templateQuery = 'SELECT id,status FROM '.TABLE_PREFIX.'email_templates WHERE name=\''.EMAIL_FORGOT_PASSWORD_TEMPLATE_NAME.'\' AND productid=0';
$laTemplateData = $loCannedEmail->View($templateQuery);
$userQuery = 'SELECT username,password,email,firstname,lastname,isunsubscribedfromemails FROM '.TABLE_PREFIX.'users WHERE username=?';
$lsUsersValues = array($username);
$laUserData = $users->View($userQuery,$lsUsersValues,null);
if($laTemplateData[0]['status'] == 1 and $laUserData[0]['isunsubscribedfromemails'] == 0)
{
SendCannedEmailsAutoresponse(EMAIL_FORGOT_PASSWORD_TEMPLATE_ID,0,'','','',$laUserData[0]['username'],$laUserData[0]['password'],$laUserData[0]['email'],$laUserData[0]['firstname'],$laUserData[0]['lastname']);
}
}
/**********************************************************************/
/**********************************************************************/
$LOGINPAGE="
<div id=\"login\">
<div id=\"login-top\"></div>
<div id=\"login-bg\">
<h2 align=\"center\" id=\"h2forgotpassword\">
User Forgot Password
</h2>
<br>
<table border=\"0\" width=\"95%\" align=\"center\" id=\"tableforgotpasswordform\">
<tbody> ";
if($laTemplateData[0]['status'] == 1)
{
$LOGINPAGE .= "
<tr>
<td class=\"right-side-text\" width=\"100%\"><center>Your account password is successfully sent to Email address $email</center></td>
</tr>
<tr><td> </td></tr>
<tr>
<td class=\"right-side-text\" width=\"100%\"><center>Please login into your Email account and get your password</center></td>
</tr>";
}
else
{
$LOGINPAGE .= "
<tr>
<td class=\"right-side-text forgotpassworderror\" width=\"100%\"><center>Sorry forgot password functionality is disable by Administrator</center></td>
</tr>";
}
$LOGINPAGE .= "
<tr><td> </td></tr>
<tr>
<td><center> <input type='button' id='btnLogin' name='btnLogin' value='Continue...' class=\"normal-button\" onclick=\"javascript:location.href='$server/user_login.php';\"> <center></div></center></td>
</tr>
</table>
</div>
<div id=\"login-bottom\">
</div>
</div>
";
//echo "<br><br><br><div id='sub_container3'><span style=\"width:100%\" class=\"SuccessRegister\">Your account password is successfully sent to email address \"<span style=\"color: #880000;\">" .$emailID. "</span>\". Please login into your email account and get your password.</span><br><br>";
//echo "<center><input type='button' id='btnLogin' name='btnLogin' value='Click here to continue...' onclick=\"javascript:location.href='http://$server/sscMemberSite/admin/admin_login.php';\"> <center></div><br><br><br><br><br>";
// $EmailContent = "<span style=\"color : #000000;font-weight: normal;font-size: 12px;font-family: Arial,Verdana;\">
// Dear <span style=\"color : #000000;font-weight: bold;\"> " . $username ."</span>, <br>Your account password is:$password <br>
//
// <br><br>
// <br><br><br>Regards,<p>MemberSite Team</p></span>";
//
// sendMail($email,'nikunj','Your Account Password',$EmailContent,'',false);
//
}
}
else
{
$smarty->assign('msg',MESSAGE_NO_SUCH_USER);
$LOGINPAGE = $smarty->fetch('user_login.tpl');
}
}
break;
default:
if(isset($_GET['externalurl']))
$exturl=$_GET['externalurl'];
else
$exturl="";
if(isset($_GET['url']))
$modUrl=$_GET['url'];
else
$modUrl="";
if(isset($_GET['user']))
$user=$_GET['user'];
else
$user="";
//require_once INCLUDE_DIR."/is_valid_captcha.php";
// phpajax::init();
//
$smarty->assign('user',$user);
$smarty->assign('modUrl',$modUrl);
$smarty->assign('extUrl',$exturl);
$LOGINPAGE = $smarty->fetch('user_login.tpl');
}
//**********************************************End Page code**********************************************
//Common Line
if(isset($_POST['exturl']))
$exturl=$_POST['exturl'];
else
$exturl="";
if(isset($_POST['url']))
$modUrl=$_POST['url'];
else
$modUrl="";
$smarty->assign('modUrl',$modUrl);
$smarty->assign('extUrl',$exturl);
$smarty->assign('page','login-m7');
$smarty->assign('USER_CONTENT', $LOGINPAGE);
$smarty->display('user_page_main.tpl');
?>