An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/

index.php 7.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. require_once __DIR__ . "/required.php";
  6. // if we're logged in, we don't need to be here.
  7. if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) {
  8. header('Location: app.php');
  9. }
  10. if (isset($_GET['permissionerror'])) {
  11. $alert = $Strings->get("no access permission", false);
  12. }
  13. /* Authenticate user */
  14. $userpass_ok = false;
  15. $multiauth = false;
  16. if (Login::checkLoginServer()) {
  17. if (empty($VARS['progress'])) {
  18. // Easy way to remove "undefined" warnings.
  19. } else if ($VARS['progress'] == "1") {
  20. if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && Login::verifyCaptcha($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) {
  21. $autherror = "";
  22. $user = User::byUsername($VARS['username']);
  23. if ($user->exists()) {
  24. $status = $user->getStatus()->getString();
  25. switch ($status) {
  26. case "LOCKED_OR_DISABLED":
  27. $alert = $Strings->get("account locked", false);
  28. break;
  29. case "TERMINATED":
  30. $alert = $Strings->get("account terminated", false);
  31. break;
  32. case "CHANGE_PASSWORD":
  33. $alert = $Strings->get("password expired", false);
  34. break;
  35. case "NORMAL":
  36. $username_ok = true;
  37. break;
  38. case "ALERT_ON_ACCESS":
  39. $mail_resp = $user->sendAlertEmail();
  40. if (DEBUG) {
  41. var_dump($mail_resp);
  42. }
  43. $username_ok = true;
  44. break;
  45. default:
  46. if (!is_empty($error)) {
  47. $alert = $error;
  48. } else {
  49. $alert = $Strings->get("login error", false);
  50. }
  51. break;
  52. }
  53. if ($username_ok) {
  54. if ($user->checkPassword($VARS['password'])) {
  55. $_SESSION['passok'] = true; // stop logins using only username and authcode
  56. if ($user->has2fa()) {
  57. $multiauth = true;
  58. } else {
  59. Session::start($user);
  60. header('Location: app.php');
  61. die("Logged in, go to app.php");
  62. }
  63. } else {
  64. $alert = $Strings->get("login incorrect", false);
  65. }
  66. }
  67. } else { // User does not exist anywhere
  68. $alert = $Strings->get("login incorrect", false);
  69. }
  70. } else {
  71. $alert = $Strings->get("captcha error", false);
  72. }
  73. } else if ($VARS['progress'] == "2") {
  74. $user = User::byUsername($VARS['username']);
  75. if ($_SESSION['passok'] !== true) {
  76. // stop logins using only username and authcode
  77. sendError("Password integrity check failed!");
  78. }
  79. if ($user->check2fa($VARS['authcode'])) {
  80. Session::start($user);
  81. header('Location: app.php');
  82. die("Logged in, go to app.php");
  83. } else {
  84. $alert = $Strings->get("2fa incorrect", false);
  85. }
  86. }
  87. } else {
  88. $alert = $Strings->get("login server unavailable", false);
  89. }
  90. header("Link: <static/fonts/Roboto.css>; rel=preload; as=style", false);
  91. header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
  92. header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
  93. header("Link: <static/css/index.css>; rel=preload; as=style", false);
  94. header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
  95. header("Link: <static/js/bootstrap.bundle.min.js>; rel=preload; as=script", false);
  96. ?>
  97. <!DOCTYPE html>
  98. <html>
  99. <head>
  100. <meta charset="UTF-8">
  101. <meta http-equiv="X-UA-Compatible" content="IE=edge">
  102. <meta name="viewport" content="width=device-width, initial-scale=1">
  103. <title><?php echo SITE_TITLE; ?></title>
  104. <link rel="icon" href="static/img/logo.svg">
  105. <link href="static/css/bootstrap.min.css" rel="stylesheet">
  106. <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
  107. <link href="static/css/index.css" rel="stylesheet">
  108. <?php if (CAPTCHA_ENABLED) { ?>
  109. <script src="<?php echo CAPTCHA_SERVER ?>/captcheck.dist.js"></script>
  110. <?php } ?>
  111. </head>
  112. <body>
  113. <div class="row justify-content-center">
  114. <div class="col-auto">
  115. <img class="banner-image" src="static/img/logo.svg" />
  116. </div>
  117. </div>
  118. <div class="row justify-content-center">
  119. <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
  120. <div class="card-body">
  121. <h5 class="card-title"><?php $Strings->get("sign in"); ?></h5>
  122. <form action="" method="POST">
  123. <?php
  124. if (!empty($alert)) {
  125. ?>
  126. <div class="alert alert-danger">
  127. <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
  128. </div>
  129. <?php
  130. }
  131. if ($multiauth != true) {
  132. ?>
  133. <input type="text" class="form-control" name="username" placeholder="<?php $Strings->get("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  134. <input type="password" class="form-control" name="password" placeholder="<?php $Strings->get("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
  135. <?php if (CAPTCHA_ENABLED) { ?>
  136. <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
  137. <br />
  138. <?php } ?>
  139. <input type="hidden" name="progress" value="1" />
  140. <?php
  141. } else if ($multiauth) {
  142. ?>
  143. <div class="alert alert-info">
  144. <?php $Strings->get("2fa prompt"); ?>
  145. </div>
  146. <input type="text" class="form-control" name="authcode" placeholder="<?php $Strings->get("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  147. <input type="hidden" name="progress" value="2" />
  148. <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
  149. <?php
  150. }
  151. ?>
  152. <button type="submit" class="btn btn-primary">
  153. <?php $Strings->get("continue"); ?>
  154. </button>
  155. </form>
  156. </div>
  157. </div>
  158. </div>
  159. <div class="footer">
  160. <?php echo FOOTER_TEXT; ?><br />
  161. Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
  162. </div>
  163. </div>
  164. <script src="static/js/jquery-3.3.1.min.js"></script>
  165. <script src="static/js/bootstrap.bundle.min.js"></script>
  166. </body>
  167. </html>