Business
/
NickelBox
2
0
Fork 0
Code Issues 7 Pull Requests 0 Releases 0 Wiki Activity
An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
2.8 MiB
 
 
 
Tree: 8b9407c274
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8b9407c274'
${ noResults }
NickelBox/index.php

150 lines
6.6 KiB
Raw Blame History 

  1. <?php

  2. require_once __DIR__ . "/required.php";

  3. 

  4. require_once __DIR__ . "/lib/login.php";

  5. 

  6. // if we're logged in, we don't need to be here.

  7. if ($_SESSION['loggedin']) {

  8.     header('Location: app.php');

  9. }

  10. 

  11. /* Authenticate user */

  12. $userpass_ok = false;

  13. $multiauth = false;

  14. if (checkLoginServer()) {

  15.     if ($VARS['progress'] == "1") {

  16.         if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {

  17.             if (authenticate_user($VARS['username'], $VARS['password'])) {

  18.                 switch (get_account_status($VARS['username'])) {

  19.                     case "LOCKED_OR_DISABLED":

  20.                         $alert = lang("account locked", false);

  21.                         break;

  22.                     case "TERMINATED":

  23.                         $alert = lang("account terminated", false);

  24.                         break;

  25.                     case "CHANGE_PASSWORD":

  26.                         $alert = lang("password expired", false);

  27.                     case "NORMAL":

  28.                         $userpass_ok = true;

  29.                         break;

  30.                     case "ALERT_ON_ACCESS":

  31.                         sendLoginAlertEmail($VARS['username']);

  32.                         $userpass_ok = true;

  33.                         break;

  34.                 }

  35.                 if ($userpass_ok) {

  36.                     $_SESSION['passok'] = true; // stop logins using only username and authcode

  37.                     if (userHasTOTP($VARS['username'])) {

  38.                         $multiauth = true;

  39.                     } else {

  40.                         doLoginUser($VARS['username'], $VARS['password']);

  41.                         header('Location: app.php');

  42.                         die("Logged in, go to app.php");

  43.                     }

  44.                 }

  45.             } else {

  46.                 $alert = lang("login incorrect", false);

  47.             }

  48.         } else {

  49.             $alert = lang("captcha error", false);

  50.         }

  51.     } else if ($VARS['progress'] == "2") {

  52.         if ($_SESSION['passok'] !== true) {

  53.             // stop logins using only username and authcode

  54.             sendError("Password integrity check failed!");

  55.         }

  56.         if (verifyTOTP($VARS['username'], $VARS['authcode'])) {

  57.             if (doLoginUser($VARS['username'])) {

  58.                 header('Location: app.php');

  59.                 die("Logged in, go to app.php");

  60.             } else {

  61.                 $alert = lang("login server user data error", false);

  62.             }

  63.         } else {

  64.             $alert = lang("2fa incorrect", false);

  65.         }

  66.     }

  67. } else {

  68.     $alert = lang("login server unavailable", false);

  69. }

  70. ?>

  71. <!DOCTYPE html>

  72. <html>

  73.     <head>

  74.         <meta charset="UTF-8">

  75.         <meta http-equiv="X-UA-Compatible" content="IE=edge">

  76.         <meta name="viewport" content="width=device-width, initial-scale=1">

  77. 

  78.         <title><?php echo SITE_TITLE; ?></title>

  79. 

  80.         <link href="static/css/bootstrap.min.css" rel="stylesheet">

  81.         <link href="static/css/font-awesome.min.css" rel="stylesheet">

  82.         <link href="static/css/app.css" rel="stylesheet">

  83.         <?php if (RECAPTCHA_ENABLED) { ?>

  84.             <script src='https://www.google.com/recaptcha/api.js'></script>

  85.         <?php } ?>

  86.     </head>

  87.     <body>

  88.         <div class="container">

  89.             <div class="row">

  90.                 <div class="col-xs-12 col-sm-6 col-md-4 col-lg-4 col-sm-offset-3 col-md-offset-4 col-lg-offset-4">

  91.                     <div>

  92.                         <?php

  93.                         if (SHOW_ICON == "both" || SHOW_ICON == "index") {

  94.                             ?>

  95.                             <img class="img-responsive banner-image" src="static/img/logo.png" />

  96.                         <?php } ?>

  97.                     </div>

  98.                     <div class="panel panel-primary">

  99.                         <div class="panel-heading">

  100.                             <h3 class="panel-title"><?php lang("sign in"); ?></h3>

  101.                         </div>

  102.                         <div class="panel-body">

  103.                             <form action="" method="POST">

  104.                                 <?php

  105.                                 if (!is_empty($alert)) {

  106.                                     ?>

  107.                                     <div class="alert alert-danger">

  108.                                         <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>

  109.                                     </div>

  110.                                     <?php

  111.                                 }

  112. 

  113.                                 if ($multiauth != true) {

  114.                                     ?>

  115.                                     <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autofocus /><br />

  116.                                     <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" /><br />

  117.                                     <?php if (RECAPTCHA_ENABLED) { ?>

  118.                                         <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>

  119.                                         <br />

  120.                                     <?php } ?>

  121.                                     <input type="hidden" name="progress" value="1" />

  122.                                     <?php

  123.                                 } else if ($multiauth) {

  124.                                     ?>

  125.                                     <div class="alert alert-info">

  126.                                         <?php lang("2fa prompt"); ?>

  127.                                     </div>

  128.                                     <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autofocus /><br />

  129.                                     <input type="hidden" name="progress" value="2" />

  130.                                     <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />

  131.                                     <?php

  132.                                 }

  133.                                 ?>

  134.                                 <button type="submit" class="btn btn-primary">

  135.                                     <?php lang("continue"); ?>

  136.                                 </button>

  137.                             </form>

  138.                         </div>

  139.                     </div>

  140.                 </div>

  141.             </div>

  142.             <div class="footer">

  143.                 <?php echo LICENSE_TEXT; ?><br />

  144.                 Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>

  145.             </div>

  146.         </div>

  147.         <script src="static/js/jquery-3.2.1.min.js"></script>

  148.         <script src="static/js/bootstrap.min.js"></script>

  149.     </body>

  150. </html>