system: Linux mars.sprixweb.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
<?php
class Model_MLogin
{
function loginchk()
{
$username=$_POST['txtusername'];
$password=$_POST['txtpassword'];
$passenc=md5(md5($password));
//$passenc=base64_encode($password);
$obj= new Bin_Query();
$sql="select * from members_table where members_username='$username' and members_password='$passenc'";
$obj->executeQuery($sql);
if(count($obj->records)==1)
{
if($obj->records[0]['members_status']!='1' && $obj->records[0]['members_verified']!='1')
{
$userid=$obj->records[0]['members_id'];
$getAdminSettings = new Bin_Query();
$sql = "select * from membersettings_table where membersettings_id =10";
$getAdminSettings->executeQuery($sql);
$adminsettings = $getAdminSettings->records[0]['membersettings_value'];
if($adminsettings == 0)
{
$_SESSION['errmsg1']='Your Account will be activatied after admin approval within 24 to 48 hours.';
}
else
{
$_SESSION['errmsg1']='Your Account Has Not Yet Verified <br>
<font color=red>Please<a href="?do=register&action=verify&userid='.$userid.'">Click Here.</a></font> to Confirm Your Account ';
}
header('Location:?do=login');
}
elseif($obj->records[0]['members_status']!='1')
{
$_SESSION['errmsg1'] = 'Your Account was suspended by the Administrator.Please <a href="?do=contactus">contact</a> the administrator to activate your account';
header('Location:?do=login');
}
else
{
$_SESSION['userid']=$obj->records[0]['members_id'];
$_SESSION['members_account_status']=$obj->records[0]['members_account_status'];
$_SESSION['username']=$obj->records[0]['members_username'];
$ip=$_SERVER['REMOTE_ADDR'];
$memid=$obj->records[0]['members_id'];
$logtime=date('Y-m-d h:i:s');
$log="insert into members_log_table(members_log_members_id,members_log_ip_used ,members_log_time) values ('$memid','$ip','$logtime')";
$obj6=new Bin_Query();
$obj6->updateQuery($log);
header('Location:?do=maccountdetail');
}
}
else
{
if($_SESSION['lcnt'])
{
$lcnt=$_SESSION['lcnt']+1;
}
else
{
$lcnt=1;
}
$_SESSION['lcnt']=$lcnt;
$obj= new Bin_Query();
$lsql="select * from membersettings_table where membersettings_id=1";
$obj->executeQuery($lsql);
if($lcnt>$obj->records[0]['membersettings_value'])
{
$lsql="update members_table set members_status='0' where members_username='".$username."'";
$obj->updateQuery($lsql);
$_SESSION['errmsg1'] = 'Your Account was suspended by the Administrator.Please <a href="?do=contactus">contact</a> the administrator to activate your account';
unset($_SESSION['lcnt']);
header('Location:?do=login');
}
else
{
$_SESSION['errmsg1']="Invalid User Name Or Password";
header('Location:?do=login');
}
}
}
function forgotpassword()
{
srand();
$output['code']=substr(md5(rand(0,100000)),0,5);
return Display_DLogin::forgotpassword($output['code']);
}
function forgotpass()
{
$emailid=trim($_POST['txtemail']);
$code=trim($_POST['code']);
$queryNew1 = new Bin_Query();
$sqlNew1 = "SELECT * FROM members_table WHERE members_email='$emailid' and members_verified='1' and members_status='1'";
if($queryNew1->executeQuery($sqlNew1))
{
$strname ="select * from sitesettings_table where sitesettings_id=2";
$obj9=new Bin_Query();
$obj9->executeQuery($strname);
$strsite=$obj9->records[0]['sitesettings_value'];
$time=date('Y-m-d h:i:s');
$id=$queryNew1->records[0]['members_id'];
$username=$queryNew1->records[0]['members_username'];
$updat1="update members_table set members_verification_code='$code',members_verify_time='$time' where members_id='$id'";
if($queryNew1->updateQuery($updat1))
{
$mail="select * from mailtemplates_table where mailtemplates_id='9'";
$obj=new Bin_Query();
$obj->executeQuery($mail);
$mailfrom=$obj->records[0]['mailtemplates_from'];
$mailsubject=$obj->records[0]['mailtemplates_subjects'];
$message=$obj->records[0]['mailtemplates_message'];
$verifyurl ='<a href="'.$strsite.'?do=passverify&userid='.$id.'">Click Here to Get Your Password</a>';
$message=ereg_replace('<username>',$username,$message);
//$message=ereg_replace('<password>',$pwd,$message);
//$message=ereg_replace('<siteurl>',$strsite,$message);
$message=ereg_replace('<verificationcode>',$code,$message);
$message=ereg_replace('<verifycodeurl>',$verifyurl,$message);
//$message="Registration";
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: ". $mailfrom."\n";
$mail=mail($emailid,$mailsubject,$message,$headers);
if($mail)
header('Location:?do=passsucess');
else
header('Location:?do=passfailure');
exit();
}
}
}
function passverify()
{
$id=$_GET['userid'];
return $id;
}
function passverifycheck()
{
$userid=$_GET['userid'];
$vericode1=trim($_POST['txtverify']);
$obj2 = new Bin_Query();
$sql1="Select * from members_table where members_id='$userid' ";
//echo $sql1;
$obj2->executeQuery($sql1);
$verifycode=$obj2->records[0]['members_verification_code'];
$logtime=$obj2->records[0]['members_verify_time'];
$email=$obj2->records[0]['members_email'];
$username=$obj2->records[0]['members_username'];
$_SESSION['userid1']=$userid;
$dat1=explode(" ",$logtime);
$start=$dat1[1];
$dat=date('Y-m-d h:i:s');
$d1=explode(" ",$dat);
$end=$d1[1];
$date1=$dat1[0];
$date2=$d1[0];
//$d1=$res['invest_date'];
//$d2=date("Y-m-d");
$dex=explode('-',$date1);
$dex1=explode('-',$date2);
$date1=mktime(0,0,0,$dex[1],$dex[2],$dex[0]);
$date2=mktime(0,0,0,$dex1[1],$dex1[2],$dex1[0]);
$diff=$date2-$date1;
$days=floor($diff/(60*60*24));
function get_time_difference( $start, $end )
{
$uts['start'] = strtotime( $start );
$uts['end'] = strtotime( $end );
if( $uts['start']!==-1 && $uts['end']!==-1 )
{
if( $uts['end'] >= $uts['start'] )
{
$diff = $uts['end'] - $uts['start'];
if( $days=intval((floor($diff/86400))) )
$diff = $diff % 86400;
if( $hours=intval((floor($diff/3600))) )
$diff = $diff % 3600;
if( $minutes=intval((floor($diff/60))) )
$diff = $diff % 60;
$diff = intval( $diff );
return( array('days'=>$days, 'hours'=>$hours, 'minutes'=>$minutes, 'seconds'=>$diff) );
}
else
{
trigger_error( "Ending date/time is earlier than the start date/time", E_USER_WARNING );
}
}
else
{
trigger_error( "Invalid date/time data detected", E_USER_WARNING );
}
return( false );
}
if( $diff=@get_time_difference($start, $end) )
{
// echo "Hours: " .
// sprintf( '%02d:%02d:%02d', $diff['hours'], $diff['minutes'],$diff['seconds'] );
$min=$diff['minutes'];
$hours=$diff['hours'];
}
if($verifycode==$vericode1)
{
if($min<=15 && $days==0 && $hours==0)
{
//$verifycode==$vericode;
srand();
$pass=substr(md5(rand(0,100000)),0,6);
$passen=md5(md5($pass));
//exit();
$upd="update members_table set members_password='$passen' where members_id='$userid'";
$obj2->updateQuery($upd);
if($obj2->updateQuery($upd))
{
$mail="select * from mailtemplates_table where mailtemplates_id='3'";
$obj=new Bin_Query();
$obj->executeQuery($mail);
$mailfrom=$obj->records[0]['mailtemplates_from'];
$mailsubject=$obj->records[0]['mailtemplates_subjects'];
$message=$obj->records[0]['mailtemplates_message'];
$message=ereg_replace('<username>',$username,$message);
$message=ereg_replace('<password>',$pass,$message);
//$message=ereg_replace('<siteurl>',$strsite,$message);
//$message=ereg_replace('<verificationcode>',$verifycode,$message);
//$message.="Please Follow the Link below to Confirm your Registration<br>";
//$message.='<a href="'.$strsite.'/?do=register&action=verify&userid='.$userid.'">Click Here to Confirm your Registration</a>';
// $message;
//$message="Registration";
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: ". $mailfrom."\n";
$mail=mail($email,$mailsubject,$message,$headers);
if($mail)
{
header('Location:?do=passverifysucess');
}
else
{
header('Location:?do=passverifyfailure');
}
}
}
else
{
header('Location:?do=passverifyfailure');
}
}
else
{
$_SESSION['err1']="Invalid Verification Code";
header('Location:?do=passverify&userid='.$userid);
exit();
}
}
function _recaptcha_qsencode ($data) {
$req = "";
foreach ( $data as $key => $value )
$req .= $key . '=' . urlencode( stripslashes($value) ) . '&';
// Cut the last '&'
$req=substr($req,0,strlen($req)-1);
return $req;
}
function _recaptcha_http_post($host, $path, $data, $port = 80)
{
$req = Model_MLogin::_recaptcha_qsencode ($data);
$http_request = "POST $path HTTP/1.0\r\n";
$http_request .= "Host: $host\r\n";
$http_request .= "Content-Type: application/x-www-form-urlencoded;\r\n";
$http_request .= "Content-Length: " . strlen($req) . "\r\n";
$http_request .= "User-Agent: reCAPTCHA/PHP\r\n";
$http_request .= "\r\n";
$http_request .= $req;
$response = '';
if( false == ( $fs = @fsockopen($host, $port, $errno, $errstr, 10) ) ) {
die ('Could not open socket');
}
fwrite($fs, $http_request);
while ( !feof($fs) )
$response .= fgets($fs, 1160); // One TCP-IP packet
fclose($fs);
$response = explode("\r\n\r\n", $response, 2);
return $response;
}
function recaptcha_get_html ($pubkey, $error = null, $use_ssl = false)
{
if ($pubkey == null || $pubkey == '') {
die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>");
}
if ($use_ssl) {
$server = 'https://api-secure.recaptcha.net';
} else {
$server = 'http://api.recaptcha.net';
}
$errorpart = "";
if ($error) {
$errorpart = "&error=" . $error;
}
return $result = '
<script type="text/javascript" src="'.$server.'/challenge?k=' . $pubkey . $errorpart . '"></script>
<noscript>
<iframe src="'.$server.'/noscript?k=' . $pubkey . $errorpart . '" height="300" width="500" frameborder="0"></iframe><br/>
<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
<input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
</noscript>';
}
function recaptcha_check_answer ($privkey, $remoteip, $challenge, $response, $extra_params = array())
{
if ($privkey == null || $privkey == '') {
die ("To use reCAPTCHA you must get an API key from <a href='http://recaptcha.net/api/getkey'>http://recaptcha.net/api/getkey</a>");
}
if ($remoteip == null || $remoteip == '') {
die ("For security reasons, you must pass the remote ip to reCAPTCHA");
}
//discard spam submissions
if ($challenge == null || strlen($challenge) == 0 || $response == null || strlen($response) == 0) {
$recaptcha_response = new ReCaptchaResponse();
$recaptcha_response->is_valid = false;
$recaptcha_response->error = 'incorrect-captcha-sol';
return $recaptcha_response;
}
$response =Model_MLogin::_recaptcha_http_post ('api-verify.recaptcha.net', "/verify",
array (
'privatekey' => $privkey,
'remoteip' => $remoteip,
'challenge' => $challenge,
'response' => $response
) + $extra_params
);
$answers = explode ("\n", $response [1]);
$recaptcha_response = new ReCaptchaResponse();
if (trim ($answers [0]) == 'true') {
$recaptcha_response->is_valid = true;
}
else {
$recaptcha_response->is_valid = false;
$recaptcha_response->error = $answers [1];
}
return $recaptcha_response;
}
function recaptcha_get_signup_url ($domain = null, $appname = null) {
return "http://recaptcha.net/api/getkey?" . Model_MLogin::_recaptcha_qsencode (array ('domain' => $domain, 'app' => $appname));
}
function _recaptcha_aes_pad($val) {
$block_size = 16;
$numpad = $block_size - (strlen ($val) % $block_size);
return str_pad($val, strlen ($val) + $numpad, chr($numpad));
}
/* Mailhide related code */
function _recaptcha_aes_encrypt($val,$ky) {
if (! function_exists ("mcrypt_encrypt")) {
die ("To use reCAPTCHA Mailhide, you need to have the mcrypt php module installed.");
}
$mode=MCRYPT_MODE_CBC;
$enc=MCRYPT_RIJNDAEL_128;
$val=Model_MLogin::_recaptcha_aes_pad($val);
return mcrypt_encrypt($enc, $ky, $val, $mode, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
}
function _recaptcha_mailhide_urlbase64 ($x) {
return strtr(base64_encode ($x), '+/', '-_');
}
/* gets the reCAPTCHA Mailhide url for a given email, public key and private key */
function recaptcha_mailhide_url($pubkey, $privkey, $email) {
if ($pubkey == '' || $pubkey == null || $privkey == "" || $privkey == null) {
die ("To use reCAPTCHA Mailhide, you have to sign up for a public and private key, " .
"you can do so at <a href='http://mailhide.recaptcha.net/apikey'>http://mailhide.recaptcha.net/apikey</a>");
}
$ky = pack('H*', $privkey);
$cryptmail =Model_MLogin::_recaptcha_aes_encrypt ($email, $ky);
return "http://mailhide.recaptcha.net/d?k=" . $pubkey . "&c=" . Model_MLogin::_recaptcha_mailhide_urlbase64 ($cryptmail);
}
function _recaptcha_mailhide_email_parts ($email) {
$arr = preg_split("/@/", $email );
if (strlen ($arr[0]) <= 4) {
$arr[0] = substr ($arr[0], 0, 1);
} else if (strlen ($arr[0]) <= 6) {
$arr[0] = substr ($arr[0], 0, 3);
} else {
$arr[0] = substr ($arr[0], 0, 4);
}
return $arr;
}
function recaptcha_mailhide_html($pubkey, $privkey, $email) {
$emailparts = Model_MLogin::_recaptcha_mailhide_email_parts ($email);
$url = Model_MLogin::recaptcha_mailhide_url ($pubkey, $privkey, $email);
return htmlentities($emailparts[0]) . "<a href='" . htmlentities ($url) .
"' onclick=\"window.open('" . htmlentities ($url) . "', '', 'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0,resizable=0,width=500,height=300'); return false;\" title=\"Reveal this e-mail address\">...</a>@" . htmlentities ($emailparts [1]);
}
function getGeneralSettings()
{
$obj= new Bin_Query();
$sql="select * from generalsettings_table";
$obj->executeQuery($sql);
return $obj->records;
}
}
class ReCaptchaResponse {
var $is_valid;
var $error;
}
?>