joshuacoles/wallos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
092be22183
wallos/login.php
Miguel Ribeiro 092be22183
feat: add hability to disable login (#378)
2024-06-08 00:04:50 +02:00

293 lines
12 KiB
PHP
Raw Blame History

<?php
require_once 'includes/connect.php';
require_once 'includes/checkuser.php';
require_once 'includes/i18n/languages.php';
require_once 'includes/i18n/getlang.php';
require_once 'includes/i18n/' . $lang . '.php';
require_once 'includes/version.php';
if ($userCount == 0) {
header("Location: registration.php");
exit();
}
session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
$db->close();
header("Location: .");
exit();
}
// Check if login is disabled
$adminQuery = "SELECT login_disabled FROM admin";
$adminResult = $db->query($adminQuery);
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
if ($adminRow['login_disabled'] == 1) {
$query = "SELECT id, username, main_currency, language FROM user WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindValue(':id', 1, SQLITE3_INTEGER);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row === false) {
// Something is wrong with admin user. Reenable login
$updateQuery = "UPDATE admin SET login_disabled = 0";
$updateStmt = $db->prepare($updateQuery);
$updateStmt->execute();
$db->close();
header("Location: login.php");
} else {
$userId = $row['id'];
$main_currency = $row['main_currency'];
$username = $row['username'];
$language = $row['language'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $main_currency;
$_SESSION['userId'] = $userId;
$cookieExpire = time() + (30 * 24 * 60 * 60);
setcookie('language', $language, $cookieExpire);
$query = "SELECT color_theme FROM settings";
$stmt = $db->prepare($query);
$result = $stmt->execute();
$settings = $result->fetchArray(SQLITE3_ASSOC);
setcookie('colorTheme', $settings['color_theme'], $cookieExpire);
$cookieValue = $username . "|" . "abc123ABC" . "|" . $main_currency;
setcookie('wallos_login', $cookieValue, $cookieExpire);
$db->close();
header("Location: .");
}
}
$theme = "light";
if (isset($_COOKIE['theme'])) {
$theme = $_COOKIE['theme'];
}
$colorTheme = "blue";
if (isset($_COOKIE['colorTheme'])) {
$colorTheme = $_COOKIE['colorTheme'];
}
$loginFailed = false;
$hasSuccessMessage = (isset($_GET['validated']) && $_GET['validated'] == "true") || (isset($_GET['registered']) && $_GET['registered'] == true) ? true : false;
$userEmailWaitingVerification = false;
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$rememberMe = isset($_POST['remember']) ? true : false;
$query = "SELECT id, password, main_currency, language FROM user WHERE username = :username";
$stmt = $db->prepare($query);
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row) {
$hashedPasswordFromDb = $row['password'];
$userId = $row['id'];
$main_currency = $row['main_currency'];
$language = $row['language'];
if (password_verify($password, $hashedPasswordFromDb)) {
// Check if the user is in the email_verification table
$query = "SELECT 1 FROM email_verification WHERE user_id = :userId";
$stmt = $db->prepare($query);
$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER);
$result = $stmt->execute();
$verificationRow = $result->fetchArray(SQLITE3_ASSOC);
if ($verificationRow) {
$userEmailWaitingVerification = true;
$loginFailed = true;
} else {
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $main_currency;
$_SESSION['userId'] = $userId;
$cookieExpire = time() + (30 * 24 * 60 * 60);
setcookie('language', $language, $cookieExpire);
if ($rememberMe) {
$query = "SELECT color_theme FROM settings";
$stmt = $db->prepare($query);
$result = $stmt->execute();
$settings = $result->fetchArray(SQLITE3_ASSOC);
setcookie('colorTheme', $settings['color_theme'], $cookieExpire);
$token = bin2hex(random_bytes(32));
$addLoginTokens = "INSERT INTO login_tokens (user_id, token) VALUES (:userId, :token)";
$addLoginTokensStmt = $db->prepare($addLoginTokens);
$addLoginTokensStmt->bindParam(':userId', $userId, SQLITE3_INTEGER);
$addLoginTokensStmt->bindParam(':token', $token, SQLITE3_TEXT);
$addLoginTokensStmt->execute();
$_SESSION['token'] = $token;
$cookieValue = $username . "|" . $token . "|" . $main_currency;
setcookie('wallos_login', $cookieValue, $cookieExpire);
}
$db->close();
header("Location: .");
exit();
}
} else {
$loginFailed = true;
}
} else {
$loginFailed = true;
}
}
//Check if registration is open
$registrations = false;
$adminQuery = "SELECT registrations_open, max_users, server_url, smtp_address FROM admin";
$adminResult = $db->query($adminQuery);
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
$registrationsOpen = $adminRow['registrations_open'];
$maxUsers = $adminRow['max_users'];
if ($registrationsOpen == 1 && $maxUsers == 0) {
$registrations = true;
} else if ($registrationsOpen == 1 && $maxUsers > 0) {
$userCountQuery = "SELECT COUNT(id) as userCount FROM user";
$userCountResult = $db->query($userCountQuery);
$userCountRow = $userCountResult->fetchArray(SQLITE3_ASSOC);
$userCount = $userCountRow['userCount'];
if ($userCount < $maxUsers) {
$registrations = true;
}
}
$resetPasswordEnabled = false;
if ($adminRow['smtp_address'] != "" && $adminRow['server_url'] != "") {
$resetPasswordEnabled = true;
}
?>
<!DOCTYPE html>
<html dir="<?= $languages[$lang]['dir'] ?>">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<meta name="theme-color" content="<?= $theme == "light" ? "#FFFFFF" : "#222222" ?>"/>
<title>Wallos - Subscription Tracker</title>
<link rel="icon" type="image/png" href="images/icon/favicon.ico" sizes="16x16">
<link rel="apple-touch-icon" sizes="180x180" href="images/icon/apple-touch-icon.png">
<link rel="manifest" href="manifest.json">
<link rel="stylesheet" href="styles/theme.css?<?= $version ?>">
<link rel="stylesheet" href="styles/login.css?<?= $version ?>">
<link rel="stylesheet" href="styles/themes/red.css?<?= $version ?>" id="red-theme" <?= $colorTheme != "red" ? "disabled" : "" ?>>
<link rel="stylesheet" href="styles/themes/green.css?<?= $version ?>" id="green-theme" <?= $colorTheme != "green" ? "disabled" : "" ?>>
<link rel="stylesheet" href="styles/themes/yellow.css?<?= $version ?>" id="yellow-theme" <?= $colorTheme != "yellow" ? "disabled" : "" ?>>
<link rel="stylesheet" href="styles/font-awesome.min.css">
<link rel="stylesheet" href="styles/barlow.css">
<link rel="stylesheet" href="styles/login-dark-theme.css?<?= $version ?>" id="dark-theme" <?= $theme == "light" ? "disabled" : "" ?>>
</head>
<body class="<?= $languages[$lang]['dir'] ?>">
<div class="content">
<section class="container">
<header>
<?php
if ($theme == "light") {
?> <img src="images/siteicons/<?= $colorTheme ?>/wallos.png" alt="Wallos Logo" title="Wallos - Subscription Tracker" width="215" /> <?php
} else {
?> <img src="images/siteicons/<?= $colorTheme ?>/walloswhite.png" alt="Wallos Logo" title="Wallos - Subscription Tracker" width="215" /> <?php
}
?>
<p>
<?= translate('please_login', $i18n) ?>
</p>
</header>
<form action="login.php" method="post">
<div class="form-group">
<label for="username"><?= translate('username', $i18n) ?>:</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password"><?= translate('password', $i18n) ?>:</label>
<input type="password" id="password" name="password" required>
</div>
<div class="form-group-inline">
<input type="checkbox" id="remember" name="remember">
<label for="remember"><?= translate('stay_logged_in', $i18n) ?></label>
</div>
<div class="form-group">
<input type="submit" value="<?= translate('login', $i18n) ?>">
</div>
<?php
if ($loginFailed) {
?>
<ul class="error-box">
<?php
if ($userEmailWaitingVerification) {
?>
<li><i class="fa-solid fa-triangle-exclamation"></i><?= translate('user_email_waiting_verification', $i18n) ?></li>
<?php
} else {
?>
<li><i class="fa-solid fa-triangle-exclamation"></i><?= translate('login_failed', $i18n) ?></li>
<?php
}
?>
</ul>
<?php
}
if ($hasSuccessMessage) {
?>
<ul class="success-box">
<?php
if (isset($_GET['validated']) && $_GET['validated'] == "true") {
?>
<li><i class="fa-solid fa-check"></i><?= translate('email_verified', $i18n) ?></li>
<?php
} else if (isset($_GET['registered']) && $_GET['registered']) {
?>
<li><i class="fa-solid fa-check"></i><?= translate('registration_successful', $i18n) ?></li>
<?php
if (isset($_GET['requireValidation']) && $_GET['requireValidation'] == true) {
?>
<li><?= translate('user_email_waiting_verification', $i18n) ?></li>
<?php
}
}
?>
</ul>
<?php
}
if ($resetPasswordEnabled) {
?>
<div class="login-form-link">
<a href="passwordreset.php"><?= translate('forgot_password', $i18n) ?></a>
</div>
<?php
}
?>
<?php
if ($registrations) {
?>
<div class="separator">
<input type="button" class="secondary-button" onclick="openRegitrationPage()" value="<?= translate('register', $i18n) ?>"></input>
</div>
<?php
}
?>
</form>
</section>
</div>
<script type="text/javascript">
function openRegitrationPage() {
window.location.href = "registration.php";
}
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink