<?php ob_start(); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=8"></meta>
<title>Ajax Chat (Registration/Login Bridge) by -SyN- (STANDALONE ONLY!)</title>
<link rel="stylesheet" type="text/css" href="./css/extras.css">
</head>
<body>
<div id="REG_WRAPPER">
<?php
session_start();
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
$ip = get_client_ip();
require('./lib/config.php');
$verify = new mysqli($config['dbConnection']['localhost'],$config['dbConnection']['grumpykitty'],$config['dbConnection']['spargel042165'],$config['dbConnection']['chat02']);
//=====================================================================
//=====================================================================
//
//SyN's Registration Mod Login Bridge for AJAX CHAT (STANDALONE ONLY!)
//
// (VERSION 1.1)
//
//This will allow users to register with your chat without the constant
//updating of the users.php to add members. This script will handle it!
//
//=====================================================================
//=====================================================================
$bans = $verify->query("SELECT * FROM ajax_chat_ip_bans WHERE IP='$ip'");
$check_bans = mysqli_fetch_assoc($bans);
if($check_bans[IP] === $ip){
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">YOU ARE BANNED FROM THIS CHATROOM!!!<br/>Your Records has been logged!!!</font>
</div>';
}else{
//---------------------------------------------------------------------
//
// First we verify if this user is a registered member or guest.
//
//---------------------------------------------------------------------
$verify_user = $verify->query("SELECT * FROM ajax_chat_registered_members WHERE NAME='$_POST[userName]'");
$user_verify = mysqli_fetch_assoc($verify_user);
if($_POST['userName'] !== $user_verify['NAME']){
$_SESSION['rank'] = 'AJAX_CHAT_GUEST';
}else{
$_SESSION['rank'] = $user_verify['ROLE'];
$_SESSION['id'] = $user_verify['ID'];
}
//---------------------------------------------------------------------
//
// OWNER ENTRY!!! Allow Admins to join in offline mode?
//
//---------------------------------------------------------------------
$guest = $verify->query("SELECT count(*) FROM ajax_chat_online WHERE userRole='0'");
$limit = mysqli_fetch_assoc($guest);
$guest_access = $verify->query("SELECT * FROM ajax_chat_admin_settings");
$getlimit = mysqli_fetch_assoc($guest_access);
if(($getlimit['chat_online'] === "no") && ($getlimit['admin_access'] === "no") && ($_SESSION['rank'] === "AJAX_CHAT_ADMIN") && ($_SESSION['id'] !== "1")){
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">This chatroom is currently closed.<br/>Please try back later!</font>
</div>';
}else if(($getlimit['chat_online'] === "no") && ($getlimit['admin_access'] === "no") && ($_SESSION['3'] !== "AJAX_CHAT_ADMIN")){
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">This chatroom is currently closed.<br/>Please try back later!</font>
</div>';
}else if(($getlimit['chat_online'] !== "no") && ($_SESSION['rank'] !== "AJAX_CHAT_ADMIN")){
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">This chatroom is currently closed.<br/>Please try back later!</font>
</div>';
//---------------------------------------------------------------------
//
// Force Guest users to register or LEAVE!
//
//---------------------------------------------------------------------
}else if(($getlimit['guest_access'] === "no") && ($_SESSION['rank'] === "AJAX_CHAT_GUEST")){
header("refresh:5;url=./");
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">The owner of this chatroom has disabled Guest entry.<br/><a href="./register.php">Registration</a> is required to join this chatroom.</font>
</div>';
//---------------------------------------------------------------------
//
// If Guest entry is enabled, Let us check to see how many
// Guest are allowed in your chatroom.
//
//---------------------------------------------------------------------
}else if(($limit[1] > $getlimit['guest_limit']) && ($_SESSION['rank'] === "AJAX_CHAT_GUEST")){
header("refresh:5;url=./");
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">Maximum Guest Capacity has been reached!<br/>Please try back later!</font>
</div>';
}else if(!isset($_GET['recover'])){
//---------------------------------------------------------------------
//
// Guest login with random names.
//
// This only works if they join your chat without submitting a username
//
//---------------------------------------------------------------------
if(empty($_POST['userName']) && empty($_POST['password']) && !isset($_GET['info1']) && !isset($_GET['info2'])){
$ChooseRandomName = array(
//---------------------------------------------------------------------
//
//Add or edit as many names as you like following the current format.
//Make sure the last name you add or edit does not have a , at the end
//
//---------------------------------------------------------------------
'CutiePie',
'SugarDumpling',
'SweetieKins',
'CookieCruncher',
'PumpkinPie',
'SweetieKins',
'SnuggleBear'
);
$RandomSelect = array_rand($ChooseRandomName);
$_SESSION['user'] = $ChooseRandomName[$RandomSelect];
header("refresh:1;url=./?userName=$ChooseRandomName[$RandomSelect]");
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">One moment please.....</font>
</div>';
}
//---------------------------------------------------------------------
//
//If a name is submitted on the login screen but no password, they're
//still a guest but ill retain their login name
//
//---------------------------------------------------------------------
if(!empty($_POST['userName']) && empty($_POST['password'])){
echo '
<body onload=document.createElement(\'form\').submit.call(document.getElementById(\'autologin\'))>
<form id="autologin" name="autologin" action="./" method="post" >
<input type="hidden" name="userName" id="userNameField" value="'.$_POST['userName'].'">
<input type="hidden" name="password" id="passwordField" value="">
<input type="hidden" id="submit" value="Continue" />';
}
//---------------------------------------------------------------------
//
//Below is for the registered users. When logining in, this bridge
//performs a series of checks. I will lable each section starting with
//the conditions below. it makes sure that both the username and
//password fields are not empty.
//
//---------------------------------------------------------------------
if(!empty($_POST['userName']) && !empty($_POST['password'])){
$check_name = $_POST['userName'];
$check_pass = sha1($_POST['password']);
//---------------------------------------------------------------------
//
//Now we connect to the chats database and try to match the info
//submitted to our stored records.
//
//---------------------------------------------------------------------
$checkusername = $verify->query("SELECT * FROM ajax_chat_registered_members WHERE NAME='$check_name'");
$verify_name = mysqli_fetch_assoc($checkusername);
//---------------------------------------------------------------------
//
//We couldn't find your account.....
//
//---------------------------------------------------------------------
if($verify_name['NAME'] !== $check_name){
header("refresh:5;url=./?logout=true");
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">We have no records of the user '.$check_name.' in our system.<br/>Make sure you entered your user name correctly or register for an account!</font>
</div>';
//---------------------------------------------------------------------
//
//Your password is incorrect...
//
//---------------------------------------------------------------------
}else if (($verify_name['NAME'] === $check_name) && ($verify_name['PASS'] !== $check_pass)){
header("refresh:5;url=./?logout=true");
echo'
<div id="HEADER" align="center">
<hr>
Ajax Chat Registration/Login Verfication Bridge
<hr>
<br/><br/>
<font size="5">The password for '.$check_name.' is incorrect!<br/>Please go back and try again!</font>
</div>';
//---------------------------------------------------------------------
//
//SUCCESS!!! All submitted info is accurate, We will now log you in!
//Also a new session was started for future mods that will be coming
//from me that will take advantage of this bridge!
//
//---------------------------------------------------------------------
}else{
$_SESSION['user'] = $check_name;
$_SESSION['id'] = $verify_name['ID'];
$_SESSION['rank'] = $verify_name['ROLE'];
echo '
<div id="HEADER" align="center">
<hr>
Welcome '.$check_name.'!
<hr>
<br/><br/>
<font size="5">Logging you in...</font>
</div>
<body onload=document.createElement(\'form\').submit.call(document.getElementById(\'autologin\'))>
<form id="autologin" name="autologin" action="./" method="post" >
<input type="hidden" name="userName" id="userNameField" value="'.$check_name.'">
<input type="hidden" name="password" id="passwordField" value="'.$check_pass.'">
<input type="hidden" id="submit" value="Continue" />';
}
}
//---------------------------------------------------------------------
//
//Automatic Login from a successful registration below
//
//---------------------------------------------------------------------
if(isset($_GET['info1']) && isset($_GET['info2'])){
$check_name = $_GET['info1'];
$check_pass = $_GET['info2'];
$checkusername = $verify->query("SELECT * FROM ajax_chat_registered_members WHERE NAME='$check_name'");
$verify_name = mysqli_fetch_assoc($checkusername);
$_SESSION['user'] = $check_name;
$_SESSION['id'] = $verify_name['ID'];
$_SESSION['rank'] = $verify_name['ROLE'];
echo '
<div id="HEADER" align="center">
<hr>
Welcome '.$check_name.'!
<hr>
<br/><br/>
<font size="5">Logging you in...</font>
</div>
<body onload=document.createElement(\'form\').submit.call(document.getElementById(\'autologin\'))>
<form id="autologin" name="autologin" action="./" method="post" >
<input type="hidden" name="userName" id="userNameField" value="'.$check_name.'">
<input type="hidden" name="password" id="passwordField" value="'.$check_pass.'">
<input type="hidden" id="submit" value="Continue" />';
}
//---------------------------------------------------------------------
//
//Account Recovery System (Email Search)
//
//---------------------------------------------------------------------
}else if($_GET['recover'] === "info"){
echo '
<div id="HEADER" align="center">
<hr>
Account Recovery System
<hr>
<br/>
<font size="4">Enter your email address you registered with below:</font><br/><br/>
<form action="./verify.php?recover=process" method="post">
<table>
<tr><td><font size="3">Email Address:</font></td><td><input type="text" name="email"></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Start Recovery Process"></td></tr>
</table>
</form>
<br/><font size="3">Still having trouble? <a href="./register.php"><br>Register</b></a> for a new account.</font>
</div>';
}else if($_GET['recover'] === "process"){
$email = $_POST['email'];
$verify_email = $verify->query("SELECT * FROM ajax_chat_registered_members WHERE EMAIL='$email'");
$get_email = mysqli_fetch_assoc($verify_email);
//---------------------------------------------------------------------
//
//Email address was found, Now answer your secret question
//
//---------------------------------------------------------------------
if($get_email['EMAIL'] === $email){
$message = '<font size="4">Secret Question:</font><br/><br/><font size="3">'.$get_email['S_QUESTION'].'</font><br/><br/>
<form action="./verify.php?recover=process2" method="post">
<table>
<tr><td><font size="3">Answer:</font></td><td><input type="text" name="s_ansr"></td></tr>
<tr><td></td><td><input type="hidden" name="email2" value="'.$email.'"></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Recovery Process step 2"></td></tr>
</table>
</form>';
//---------------------------------------------------------------------
//
//Email address Field was left blank...
//
//---------------------------------------------------------------------
}else if(empty($email)){
header("refresh:5;url=./verify.php?recover=info");
$message = 'Blank submissions cannot be processed! Go back and try again!';
//---------------------------------------------------------------------
//
//Email address was not found in our records....
//
//---------------------------------------------------------------------
}else{
header("refresh:5;url=./verify.php?recover=info");
$message = 'Sorry, this email is not registered in our system!';
}
echo '
<div id="HEADER" align="center">
<hr>
Account Recovery System
<hr>
<br/><br/>
<font size="4">'.$message.'</font>
</div>';
//---------------------------------------------------------------------
//
//Lets Check for the answer to the Secret Question!
//
//---------------------------------------------------------------------
}else if($_GET['recover'] === "process2"){
$answer = $_POST['s_ansr'];
$email2 = $_POST['email2'];
$verify_answer = $verify->query("SELECT * FROM ajax_chat_registered_members WHERE EMAIL='$email2'");
$get_answer = mysqli_fetch_assoc($verify_answer);
$id = $get_answer['ID'];
//---------------------------------------------------------------------
//
//Your Answer was correct! Now you can update your password!
//
//---------------------------------------------------------------------
if($get_answer['S_ANSWER'] === $answer){
$message = '<font size="4">Your login name is '.$get_answer['NAME'].'.<br/> Setup your new password below:</font><br/><br/>
<form action="./verify.php?recover=process3&id='.$id.'" method="post">
<table>
<tr><td><font size="3">Password:</font></td><td><input type="password" name="pass1"></td></tr>
<tr><td><font size="3">Confirm Password:</font></td><td><input type="password" name="pass2"></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Recovery Process step 3"></td></tr>
</table>
</form>';
//---------------------------------------------------------------------
//
//Answer field was left blank...
//
//---------------------------------------------------------------------
}else if(empty($answer)){
header("refresh:5;url=./verify.php?recover=info");
$message = 'Blank submissions cannot be processed! Go back and try again!';
//---------------------------------------------------------------------
//
//Your answer was incorrect...
//
//---------------------------------------------------------------------
}else{
header("refresh:5;url=./verify.php?recover=info");
$message = 'Sorry....the answer you entered is incorrect!';
}
echo '
<div id="HEADER" align="center">
<hr>
Account Recovery System
<hr>
<br/><br/>
<font size="4">'.$message.'</font>
</div>';
//---------------------------------------------------------------------
//
//One last final check before we store your password in our system...
//
//---------------------------------------------------------------------
}else if($_GET['recover'] === "process3"){
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$id = $_GET['id'];
//---------------------------------------------------------------------
//
//NO ILLEGAL CHARACTERS PLEASE!!!!
//
//---------------------------------------------------------------------
if((preg_match('/[\'^£$%&*()}{@#~?><>,|=+¬]/',$pass1)) OR (preg_match('/[\'^£$%&*()}{@#~?><>,|=+¬]/' ,$pass2))){
header("refresh:5;url=./verify.php?recover=info");
$message = 'Special Characters ARE NOT ALLLOWED!!!!<br/><br/>Characters allowed are: A-Z a-z 0-9.
Characters _ and - may also be used.<br/><br/>Please go back and try again!';
//---------------------------------------------------------------------
//
//If the passwords matched, Lets add some salt to it and update!
//
//---------------------------------------------------------------------
}else if($pass1 === $pass2){
$salted_pass = sha1($pass1);
$verify->query("UPDATE ajax_chat_registered_members SET PASS='$salted_pass' WHERE ID='$id'");
include('./lib/data/rebuild_users.php');
header("refresh:5;url=./");
$message = '<font size="4">SUCCESS!!!<br/><br/>Your new password has been updated in our system!<br/>
Make sure you keep a personal record of your information.<br/><br/>Now redirecting you to the login page...';
//---------------------------------------------------------------------
//
//One or Both password fields were left blank
//
//---------------------------------------------------------------------
}else if(($pass1 === "") OR ($pass2 === "")){
header("refresh:5;url=./verify.php?recover=info");
$message = 'Blank submissions cannot be processed! Go back and try again!';
//---------------------------------------------------------------------
//
//Your passwords do not match!
//
//---------------------------------------------------------------------
}else{
header("refresh:5;url=./verify.php?recover=info");
$message = 'The passwords you entered don\'t match. Please go back and try again!';
}
echo '
<div id="HEADER" align="center">
<hr>
Account Recovery System
<hr>
<br/><br/>
<font size="4">'.$message.'</font>
</div>';
}
}
mysqli_close($verify);
//---------------------------------------------------------------------
//
// The End
//
//---------------------------------------------------------------------
?>
<div id="REG_FOOTER" align="center"></div>
</div>
</body>
<?php ob_flush(); ?>
</html>