An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 6.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. <?php
  2. require_once __DIR__ . "/required.php";
  3. require_once __DIR__ . "/lib/login.php";
  4. // if we're logged in, we don't need to be here.
  5. if ($_SESSION['loggedin']) {
  6. header('Location: app.php');
  7. }
  8. /* Authenticate user */
  9. $userpass_ok = false;
  10. $multiauth = false;
  11. if (checkLoginServer()) {
  12. if ($VARS['progress'] == "1") {
  13. if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
  14. if (authenticate_user($VARS['username'], $VARS['password'])) {
  15. switch (get_account_status($VARS['username'])) {
  16. case "LOCKED_OR_DISABLED":
  17. $alert = lang("account locked", false);
  18. break;
  19. case "TERMINATED":
  20. $alert = lang("account terminated", false);
  21. break;
  22. case "CHANGE_PASSWORD":
  23. $alert = lang("password expired", false);
  24. case "NORMAL":
  25. $userpass_ok = true;
  26. break;
  27. case "ALERT_ON_ACCESS":
  28. sendLoginAlertEmail($VARS['username']);
  29. $userpass_ok = true;
  30. break;
  31. }
  32. if ($userpass_ok) {
  33. $_SESSION['passok'] = true; // stop logins using only username and authcode
  34. if (userHasTOTP($VARS['username'])) {
  35. $multiauth = true;
  36. } else {
  37. doLoginUser($VARS['username'], $VARS['password']);
  38. header('Location: app.php');
  39. die("Logged in, go to app.php");
  40. }
  41. }
  42. } else {
  43. $alert = lang("login incorrect", false);
  44. }
  45. } else {
  46. $alert = lang("captcha error", false);
  47. }
  48. } else if ($VARS['progress'] == "2") {
  49. if ($_SESSION['passok'] !== true) {
  50. // stop logins using only username and authcode
  51. sendError("Password integrity check failed!");
  52. }
  53. if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
  54. if (doLoginUser($VARS['username'])) {
  55. header('Location: app.php');
  56. die("Logged in, go to app.php");
  57. } else {
  58. $alert = lang("login server user data error", false);
  59. }
  60. } else {
  61. $alert = lang("2fa incorrect", false);
  62. }
  63. }
  64. } else {
  65. $alert = lang("login server unavailable", false);
  66. }
  67. ?>
  68. <!DOCTYPE html>
  69. <html>
  70. <head>
  71. <meta charset="UTF-8">
  72. <meta http-equiv="X-UA-Compatible" content="IE=edge">
  73. <meta name="viewport" content="width=device-width, initial-scale=1">
  74. <title><?php echo SITE_TITLE; ?></title>
  75. <link href="static/css/bootstrap.min.css" rel="stylesheet">
  76. <link href="static/css/font-awesome.min.css" rel="stylesheet">
  77. <link href="static/css/app.css" rel="stylesheet">
  78. <?php if (RECAPTCHA_ENABLED) { ?>
  79. <script src='https://www.google.com/recaptcha/api.js'></script>
  80. <?php } ?>
  81. </head>
  82. <body>
  83. <div class="container">
  84. <div class="row">
  85. <div class="col-xs-12 col-sm-6 col-md-4 col-lg-4 col-sm-offset-3 col-md-offset-4 col-lg-offset-4">
  86. <div>
  87. <?php
  88. if (SHOW_ICON == "both" || SHOW_ICON == "index") {
  89. ?>
  90. <img class="img-responsive banner-image" src="static/img/logo.png" />
  91. <?php } ?>
  92. </div>
  93. <div class="panel panel-primary">
  94. <div class="panel-heading">
  95. <h3 class="panel-title"><?php lang("sign in"); ?></h3>
  96. </div>
  97. <div class="panel-body">
  98. <form action="" method="POST">
  99. <?php
  100. if (!is_empty($alert)) {
  101. ?>
  102. <div class="alert alert-danger">
  103. <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
  104. </div>
  105. <?php
  106. }
  107. if ($multiauth != true) {
  108. ?>
  109. <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autofocus /><br />
  110. <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" /><br />
  111. <?php if (RECAPTCHA_ENABLED) { ?>
  112. <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
  113. <br />
  114. <?php } ?>
  115. <input type="hidden" name="progress" value="1" />
  116. <?php
  117. } else if ($multiauth) {
  118. ?>
  119. <div class="alert alert-info">
  120. <?php lang("2fa prompt"); ?>
  121. </div>
  122. <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autofocus /><br />
  123. <input type="hidden" name="progress" value="2" />
  124. <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
  125. <?php
  126. }
  127. ?>
  128. <button type="submit" class="btn btn-primary">
  129. <?php lang("continue"); ?>
  130. </button>
  131. </form>
  132. </div>
  133. </div>
  134. </div>
  135. </div>
  136. <div class="footer">
  137. <?php echo LICENSE_TEXT; ?><br />
  138. Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
  139. </div>
  140. </div>
  141. <script src="static/js/jquery-3.2.1.min.js"></script>
  142. <script src="static/js/bootstrap.min.js"></script>
  143. </body>
  144. </html>