Skip to content
This repository has been archived by the owner on Apr 2, 2021. It is now read-only.

Commit

Permalink
V 1.1.0
Browse files Browse the repository at this point in the history 
Major update
Added posibility to login
Added email notification
  • Loading branch information
@fmohican
fmohican committed Jan 7, 2017
1 parent 5e6ef77 commit e288205
Show file tree
Hide file tree
Showing 5 changed files with 442 additions and 48 deletions.
175 changes: 175 additions & 0 deletions account.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
<?php
require_once('config.php');
$status = cleanthis(@$_REQUEST['status']);
?>
<html>
<head>
<title><?=$title?></title>
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge'>
<meta name='viewport' content='width=device-width, initial-scale=1'>
<meta http-equiv='Cache-control' content='private'>
<script src='./js/jquery.min.js'></script>
<script src='./js/bootstrap.min.js'></script>
<link rel='stylesheet' type='text/css' href='./css/bootstrap.min.css'>
<link rel='stylesheet' type='text/css' href='./css/style.min.css'>
<link rel='stylesheet' type='text/css' href='./css/font-awesome.min.css'>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
<div id='cont'>
<?php
switch($status) {
case "login":
$resp = $recaptcha->verify(@$_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if($resp->isSuccess() or $usecaptcha == false)
{
$user = cleanthis(@$_POST['luser']);
$pass = cleanthis(@$_POST['lpass']);
$pass = hash("SHA512", $pass);
$params = array($user, $pass);
$sql = "SELECT * FROM Account WHERE Name = ? AND Password = ?";
$opts = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$restul = sqlsrv_query($mssql, $sql, $params, $opts);
$result = sqlsrv_num_rows($restul);
if($result == 1)
{
$ip = $_SERVER['REMOTE_ADDR'];
$params = array($user, $pass);
$sql = "SELECT * FROM Account WHERE Name = ? AND Password = ?";
$opts = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$result = sqlsrv_query($mssql, $sql, $params, $opts);
$obj = sqlsrv_fetch_object($result);
$email = $obj->Email;
$token = md5(md5(rand(0,9).rand(0,9).rand(0,9).rand(0,9).rand(0,9).$pass.date("Y-M-S-i").$user.rand(0,9).rand(0,9).rand(0,9).rand(0,9)));
setcookie("passtoken", $token, time()+3600);
setcookie("passuser", $user, time()+3600);
$sql = "UPDATE Account SET VerificationToken = ? WHERE Name = ? AND Password = ?";
$params = array($token, $user, $pass);
sqlsrv_query($mssql, $sql, $params);
if($notifymail == true)
notifymail($email, $ip, $token);
exit(header("Location: account.php?status=menu"));
}
else
exit(header("Location: account.php?status=authfail"));
}
else
exit(header("Location: account.php?status=gfail"));
break;
case "menu":
$user = cleanthis(@$_COOKIE['passuser']);
$token = cleanthis(@$_COOKIE['passtoken']);
$params = array($user, $token);
$sql = "SELECT * FROM Account WHERE Name = ? AND VerificationToken = ?";
$opts = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$restul = sqlsrv_query($mssql, $sql, $params, $opts);
$result = sqlsrv_num_rows($restul);
if($result == 1)
{
echo "<h1 style='color:whitesmoke;'>Welcome, $user</h1><hr/>";
if($lcpw == true)
echo "<button type='button' class='btn btn-primary btn-lg btn-block' data-toggle='modal' data-target='#changepw'>Change Password</button><br/>";
if($lce == true)
echo"<button type='button' class='btn btn-primary btn-lg btn-block' data-toggle='modal' data-target='#changemail'>Change Email</button><br/>";
echo "<button type='button' class='btn btn-success btn-lg btn-block'>Support</button><br/>
<button type='button' class='btn btn-danger btn-lg btn-block' onclick='location.href = \"account.php?status=logout\";'>Log Out</button>";
}
else {
setcookie("passtoken", "", time()-93600);
setcookie("passuser", "", time()-93600);
exit(header("Location: account.php?status=cofail"));
}
break;
case "logout":
setcookie("passtoken", "", time()-93600);
setcookie("passuser", "", time()-93600);
exit(header("Location: index.php"));
break;
default:
$data = $_COOKIE['passtoken'];
if(strlen($data) == 32)
exit(header("Location: account.php?status=menu"));
else
exit(header("Location: index.php?status=noa"));
break;
}
?>
</div>
<?php
if($lcpw == true && strlen($_COOKIE['passtoken']) == 32)
echo "<div class='modal fade' id='changepw' tabindex='-1' role='dialog' aria-labelledby='myModalLabel'>
<div class='modal-dialog' role='document'>
<div class='modal-content'>
<div class='modal-header'>
<button type='button' class='close' data-dismiss='modal' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
<h4 class='modal-title' id='myModalLabel'>Change Password</h4>
</div>
<div class='modal-body'>
<form class='form-horizontal' action='account.php' method='POST'>
<div class='form-group'>
<label for='inputEmail3' class='col-sm-2 control-label'>Current Password</label>
<div class='col-sm-10'>
<input type='password' class='form-control' placeholder='Current Password' name='cpass'>
<p class='help-block'>You'r current password</p>
</div>
</div>
<div class='form-group'>
<label for='inputPassword3' class='col-sm-2 control-label'>New Password</label>
<div class='col-sm-10'>
<input type='password' class='form-control' placeholder='New Password' name='npass'>
<p class='help-block'>You'r new password</p>
</div>
</div>
<div class='form-group'>
<label for='inputPassword3' class='col-sm-2 control-label'>Confirm New Password</label>
<div class='col-sm-10'>
<input type='password' class='form-control' placeholder='Confirm New Password' name='cnpass'>
<p class='help-block'>Just to be ensure you enter correct password.</p>
</div>
</div>
</div>
<div class='modal-footer'>
<button type='button' class='btn btn-default' data-dismiss='modal'>Close</button>
<button type='submit' class='btn btn-primary' name='status' value='changepw'>Change my password</button>
</div>
</form>
</div>
</div>
</div>";
if($lce == true && strlen($_COOKIE['passtoken']) == 32)
echo " <div class='modal fade' id='changemail' tabindex='-1' role='dialog' aria-labelledby='myModalLabel'>
<div class='modal-dialog' role='document'>
<div class='modal-content'>
<div class='modal-header'>
<button type='button' class='close' data-dismiss='modal' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
<h4 class='modal-title' id='myModalLabel'>Change Password</h4>
</div>
<div class='modal-body'>
<form class='form-horizontal' action='account.php' method='POST'>
<div class='form-group'>
<label for='inputEmail3' class='col-sm-2 control-label'>New Email Address</label>
<div class='col-sm-10'>
<input type='email' class='form-control' placeholder='New mail' name='nmail'>
<p class='help-block'>! You may need to confirm this mail again !</p>
</div>
</div>
<div class='form-group'>
<label for='inputPassword3' class='col-sm-2 control-label'>Password</label>
<div class='col-sm-10'>
<input type='password' class='form-control' placeholder='Password' name='cpass'>
<p class='help-block'>You'r current password</p>
</div>
</div>
</div>
<div class='modal-footer'>
<button type='button' class='btn btn-default' data-dismiss='modal'>Close</button>
<button type='submit' class='btn btn-primary' name='status' value='changemail'>Change my email</button>
</div>
</form>
</div>
</div>
</div>";
?>
</body>
</html>
172 changes: 168 additions & 4 deletions config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@
$title = ""; //site title ----- MUST BE SETTED!
$norplaymail = ""; // noreplay mail eg "noreplay@yourdomain.com"
///////////////////////////////////////////
////Do you want to display footer ? ////
////True = yes | False = no ////
///////////////////////////////////////////
$footer = true;
///////////////////////////////////////////
////Do you want to display ToS ? ////
////True = yes | False = no ////
///////////////////////////////////////////
Expand All @@ -19,7 +24,7 @@
////Do you want to enable forgot ? ///
////true = yes | false = no ///
///////////////////////////////////////////
$forgot = false; //for a moment leave it false, isn't work.
$forgot = false;
///////////////////////////////////////////////
////Do you want to send verification mail ? ///
////true = yes | false = no ///
Expand All @@ -35,8 +40,19 @@
///////////////////////////////////////////
$dl['name1'] = ""; //Set Download Name for 1st Link
$dl['1'] = ""; //Download link 1 OPTIONAL
$dl['name2'] = ""; //et Download Name for 2nd Link
$dl['name2'] = ""; //Download Name for 2nd Link
$dl['2'] = ""; //Download link 2 OPTIONAL
///////////////////////////////////////////
////Do you want to enable login ? ///
////true = yes | false = no ///
///////////////////////////////////////////
//That mean to allow users to login in ther account and they can change his password, or email, ofc you my config this...
$login = true; //Allow login to site
$notifymail = true; //Send notification to mail for each login, if account are accesed a mail will be send to his address with some information.
////Below setting are under development ///
////Please DO NOT TURN ON! ///
$lcpw = false; //Allow change password
$lce = false; //Allow change email
///////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////DONT TUCH BELOW LINE///////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////
Expand All @@ -50,9 +66,9 @@
if(empty($hosturl))
die("<center><h1 style='color:tomato'>Configuration incomplete. check config.php <br/> Check host url </h1></center>");
if($usecaptcha == true && empty($captchapublickey) && empty($captchasecret))
die("<center><h1 style='color:tomato'>Configuration incomplete. check config.php <br/> Check Google Captcha </h1></center>");
die("<center><h1 style='color:tomato'>Configuration incomplete. check config.php <br/> Check Google Captcha </h1></center>");
if($displaytos == true && empty($toslink) && empty($pplink))
die("<center><h1 style='color:tomato'>Configuration incomplete. check config.php <br/> Check ToS or Privacy Policy</h1></center>");
die("<center><h1 style='color:tomato'>Configuration incomplete. check config.php <br/> Check ToS or Privacy Policy</h1></center>");
else {
require_once('recaptcha/autoload.php');
$recaptcha = new \ReCaptcha\ReCaptcha($captchasecret);
Expand Down Expand Up @@ -214,6 +230,154 @@ function registermail($email, $mailtoken, $user)
$headers .= "From: $title <$norplaymail>" . "\r\n";
mail($to, $subject, $message, $headers);
}

function notifymail($email, $ip, $token)
{
global $norplaymail, $title, $hosturl;
$to = $email;
$data = date("Y-M-d H:i");
$subject = "Your account has been accessed ".$title;
$message = '
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<link href="http://fonts.googleapis.com/css?family=Raleway:400,600" rel="stylesheet" type="text/css">
<style type="text/css">
html{
width: 100%;
}
body{
width: 100%;
margin:0;
padding:0;
-webkit-font-smoothing: antialiased;
mso-padding-alt: 0px 0px 0px 0px;
background: #ffffff;
}
p,h1,h2,h3,h4{
margin-top:0;
margin-bottom:0;
padding-top:0;
padding-bottom:0;
}
table{
font-size: 14px;
border: 0;
}
img{
border: none!important;
}
</style>
</head>
<body style="margin: 0; padding: 0;">
<table border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#424242" style="height:450px;">
<tr>
<td>
<table width="600" cellpadding="0" cellspacing="0" align="center" style="border-collapse:collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;">
<tbody>
<tr>
<td height="169"></td>
</tr>
<tr>
<td style="text-align:center; color: #fff; font-family: \'Raleway\', arial; font-weight:600; font-size: 36px; text-transform:uppercase; letter-spacing:3px;">Your account has been accessed!</td>
</tr>
<tr>
<td height="133"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0" border="0" bgcolor="#212121" style="border-collapse:collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;">
<tbody>
<tr>
<td>
<table width="600" align="center" border="0" cellpadding="0" cellspacing="0" style="border-collapse:collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;">
<tbody>
<tr>
<td width="100%" height="100"></td>
</tr>
<tr>
<td width="100%" height="20"></td>
</tr>
<tr>
<td style="color: whitesmoke; font-family: \'Raleway\', arial; font-size: 18px; line-height:28px;">';
$message .= "Hello dear user,<br/>
Your security is very important to us. We noticed that your account was recently accessed,<br/>
IP -> $ip <br/>
Data -> $data <br/>
Token -> $token <br/>
If this was you, you can ignore this alert. If you suspect any suspicious activity on your account, please change your password.<br/>
If you have any questions or concerns, don't hesitate to get in touch.<br/>
Best,<br/>
$title Team";
$message .= ' </td>
</tr>
<tr>
<td width="100%" height="100"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table width="100%" bgcolor="#f9823a" cellpadding="0" border="0" cellspacing="0" style="border-collapse:collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;">
<tbody>
<tr>
<td>
<table width="600" align="center" cellpadding="0" border="0" cellspacing="0" style="border-collapse:collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;">
<tbody>
<tr>
<td width="100%" height="40px"></td>
</tr>
<tr>
<td>
<table align="left" cellpadding="0" border="0" cellspacing="0" style="border-collapse:collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;">
<tbody>
<tr>
<td>
<table cellpadding="0" border="0" cellspacing="0" style="border-collapse:collapse; mso-table-lspace:0pt; mso-table-rspace:0pt;">
<tr>
<td width="100%" height="16"></td>
</tr>
<tr>
<td style="color: #fff; font-family: \'Raleway\'; font-size: 12px;">© All rights reserved '.$title.'</td>
</tr>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td width="100%" height="40px"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>';
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= "To: $email" . "\r\n";
$headers .= "From: $title <$norplaymail>" . "\r\n";
mail($to, $subject, $message, $headers);
}

function forgotmail($email, $mailtoken)
{
global $norplaymail, $title, $hosturl;
Expand Down
2 changes: 1 addition & 1 deletion css/style.min.css
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit e288205

Please sign in to comment.