index.php
<?php
// Wczytuje potrzebne pliki
require_once 'class/db_login.php';
require_once 'class/Sql.class.php';
require_once 'class/Users.class.php';
// Zmienna sesyjna adresu strony
$_SESSION[ 'home_page' ] = "http://topcio.pl";
// Tworzę połączenie z Bazą Danych
$sql = new Sql( $db_host, $db_user, $db_passwd, $db_name );
// Zapisujemy zmienną sesyjną ses_id
// Jeśli nie ma utworzonej zmiennej sesyjnej user_id to ustawiamy ją na NULL
if ( !isset( $_SESSION[ 'user_id' ] ) ) { $_SESSION[ 'user_id' ] = null;
}
// Jeśli zmienna sesyjna wygasła przekierowujemy do strony logowania
if ( $_SESSION[ 'user_id' ] == "null" ) {
header( "Location: index.php?action=log_in" ); }
// Filtrujemy wszystkie zmienne $_POST
if ( !empty( $_POST ) ) { foreach ( $_POST as $post_value ) {
$post_value = $sql->clear( $post_value );
}
}
# RAPORTOWANIE BŁĘDÓW
$users = new Users( $sql, $_SESSION[ 'user_id' ] );
# WYŚWIETLAMY NAGŁÓWEK STRONY
include 'head.html';
echo "<div id=\"wall\"></div>";
# PRZEŁĄCZNIK STRON
switch ( isset( $_GET[ 'action' ] ) ?
$_GET[ 'action' ] : 'user_logged_in' ) {
case 'user_logged_in':
$users = new Users( $sql, $_SESSION[ 'user_id' ] );
if ( $users->is_logged() ) {
$data = $users->get_user_data();
$first_login = $users->if_first_login( $data );
if ( $first_login === true ) {
header( "Location: ../index.php?action=first_login" ); } else {
if ( $users->is_there_temp_pass( $data[ 'user_id' ] ) === true ) {
header( "Location: ../index.php?action=login_with_temp_pass" ); } else {
if ( $data[ 'user_range' ] == 1 ) {
header( "Location: ../index.php?action=user_login" ); }
if ( $data[ 'user_range' ] == 2 ) {
header( "Location: ../index.php?action=admin_login" ); }
if ( $data[ 'user_range' ] == 3 ) {
header( "Location: ../index.php?action=devel_login" ); }
}
}
} else {
header( "Location: ../index.php?action=log_in" ); }
break;
case 'log_in':
$users->cookie_form();
echo "<div id=\"wrapper\">"; echo "<div class=\"login\">"; echo "<div class=\"test\">"; echo "SYSTEM ZARZĄDZANIA MONITORINGIEM"; echo "<div class=\"test\">"; echo "<form id=\"form_login\" action=\"../php_function/user_check.php\" enctype=\"multipart/form-data\" method=\"post\">"; echo "<script type=\"text/javascript\"><!--document.write('<input type=\"hidden\" name=\"js\" value=\"1\">');//--></script>"; echo "<noscript><input type=\"hidden\" name=\"js\" value=\"0\"></noscript>"; echo "<span id=\"span_login\">LOGOWANIE</span>"; echo "<div class=\"text_login\">"; echo "<span class=\"login\">Login: </span>"; echo "<input class=\"login\" id=\"input_login\" type=\"text\" placeholder=\"Login\" name=\"user_login\" value=\"" . ( ( isset( $_COOKIE[ 'user_login' ] ) ) ?
$_COOKIE[ 'user_login' ] : '' . ( ( isset( $_POST[ 'user_login' ] ) ) ?
( $_POST[ 'user_login' ] ) : '' ) . '' ) . "\">"; echo "<div class=\"text_login\">"; echo "<span class=\"login\">Hasło: </span>"; echo "<input class=\"login\" id=\"input_pass\" type=\"password\" placeholder=\"Hasło\" onkeypress=\"capLock(event)\" name=\"user_pass\" value=\"\">"; echo "<div class=\"test\" id=\"test_001\">"; echo "<span id=\"info\" style=\"visibility:hidden\">INFORMACJA</span>"; echo "<span id=\"login_message_one\"></span>"; echo "<div class=\"test\">"; echo "<button id=\"submit\" class=\"submit_button\" type=\"button\" ><span class=\"submit\">LOGIN</span></button>"; echo "<div class=\"test\" id=\"CapLock\">"; break;
case 'login_with_temp_pass':
$users->change_temp_pass_form();
} else {
$users->change_temp_pass_form();
printf( "<a href=\"index.php?action=log_out\">Zaloguj się ponownie.</a>" ); }
break;
case 'forgetten_confirm':
$forgetten_message = $users->sendForgettenPassword();
echo "<a href=\"index.php?action=log_in\">Powrót do strony logowania</a><br />"; break;
case 'forgetten':
$users->cookie_form();
if ( !empty( $_POST ) ) { if ( ( $forgetten_message = $users->forgetten( $_POST ) ) === true ) {
$_SESSION[ 'tablica_post' ] = array(); foreach ( $_POST as $key => $value ) {
$_SESSION[ 'tablica_post' ][ $key ] = $value;
}
$users->forgetten_form_confirm();
} else {
$users->forgetten_form( $forgetten_message );
}
} else {
$forgetten_message = null;
$users->forgetten_form( $forgetten_message );
}
}
break;
case 'user_login':
if ( $users->is_logged() ) {
$data = $users->get_user_data();
if ( $users->is_there_temp_pass( $data[ 'user_id' ] ) === true ) {
header( "Location: index.php?action=login_with_temp_pass" ); }
if ( $data[ 'user_range' ] != 1 ) {
header( "Location: index.php?action=user_logged_in" ); } else {
$data = $users->get_user_data();
foreach ( $data as $sesja => $wartosc ) {
echo "<p>" . $sesja . " = " . $wartosc . "</p>"; }
echo "<a href=\"index.php?action=log_out\">Wyloguj . . .</a>"; }
} else {
header( "Location: index.php?action=user_logged_in" ); }
break;
case 'admin_login':
if ( $users->is_logged() ) {
$data = $users->get_user_data();
if ( $users->is_there_temp_pass( $data[ 'user_id' ] ) === true ) {
header( "Location: index.php?action=login_with_temp_pass" ); }
if ( $data[ 'user_range' ] != 2 ) {
header( "Location: index.php?action=user_logged_in" ); } else {
echo "<div id=\"wrapper\"><header>"; $data = $users->get_user_data();
foreach ( $data as $sesja => $wartosc ) {
echo "<p>" . $sesja . " = " . $wartosc . "</p>"; }
echo "<a href=\"index.php?action=log_out\">Wyloguj . . .</a>"; }
} else {
header( "Location: index.php?action=user_logged_in" ); }
break;
case 'devel_login':
if ( $users->is_logged() ) {
$data = $users->get_user_data();
if ( $users->is_there_temp_pass( $data[ 'user_id' ] ) === true ) {
header( "Location: index.php?action=login_with_temp_pass" ); }
if ( $data[ 'user_range' ] != 3 ) {
header( "Location: index.php?action=user_logged_in" ); } else {
$data = $users->get_user_data();
foreach ( $data as $sesja => $wartosc ) {
echo "<p>" . $sesja . " = " . $wartosc . "</p>"; }
echo "<a href=\"index.php?action=log_out\">Wyloguj . . .</a>"; }
} else {
header( "Location: index.php?action=user_logged_in" ); }
break;
case 'test':
echo $_SESSION[ 'user_id' ]; break;
case 'log_out':
if ( $users->is_logged() ) {
$_SESSION[ 'user_id' ] = null;
header( "Location: " . $_SESSION[ 'home_page' ] ); } else {
header( "Location: " . $_SESSION[ 'home_page' ] ); }
break;
case 'first_login':
$users->cookie_form();
if ( $users->is_logged() ) {
$result = null;
$users->first_login_form( $result );
echo "<a href=\"index.php?action=log_out\">Wyloguj . . .</a>"; } else {
$user_id = $users->user_id;
$result = $users->first_login_update( $user_id, $_POST );
$users->first_login_form( $result );
if ( isset( $_SESSION[ 'Update_OK' ] ) ) { unset( $_SESSION[ 'Update_OK' ] ); header( "Location: index.php?action=log_in" ); } else {
echo "<a href=\"index.php?action=log_out\">Wyloguj . . .</a>"; }
}
} else {
header( "Location: " . $_SESSION[ 'home_page' ] ); }
break;
}
include 'footer.php';
# ZAMYKAMY POŁĄCZENIE SQL
$sql->close();
?>
scripts.js
// Funkcja Caps Lock
function capLock(data) {
KeyCode = data.keyCode ? data.keyCode : data.which;
ShiftKey = data.shiftKey ? data.shiftKey : ((KeyCode == 16) ? true : false);
if (((KeyCode >= 65 && KeyCode <= 90) && !ShiftKey) || ((KeyCode >= 97 && KeyCode <= 122) && ShiftKey)) {
var elem = ((document.getElementById('CapLock')) ? true : false);
if (elem)
document.getElementById('CapLock').setAttribute('id', "CapLock_ON");
else
var elem1 = ((document.getElementById('CapLock_OFF')) ? true : false);
if (elem1)
document.getElementById('CapLock_OFF').setAttribute('id', "CapLock_ON");
} else
var elem2 = ((document.getElementById('CapLock_ON')) ? true : false);
if (elem2)
document.getElementById('CapLock_ON').setAttribute('id', "CapLock_OFF");
}
/*/ Test Logowania
$("#form_login").keypress(function(e) {
var keycode = (e.keyCode ? e.keyCode : e.which);
if (keycode == '13') {
LoginTest();
}
});
*/
window.onload = function () {
document.getElementById("submit").onclick = function () {
LoginTest();
}
}
function LoginTest() {
request = "";
request = new XMLHttpRequest();
var InputLogin = document.getElementById("input_login").value;
var InputPass = document.getElementById("input_pass").value;
var post = "user_login=" + InputLogin + "&user_pass=" + InputPass;
var url = "../php_function/user_check.php";
request.onreadystatechange = LoginTestRequest;
request.open("POST", url, true);
request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
request.send(post);
}
// Odliczanie czasu do odblokowania loginu
id = document.getElementById('user_blocked_time')
function odliczaj(id, time_to_unlock) {
seconds = Math.floor(time_to_unlock) % 60;
minutes = Math.floor(time_to_unlock / 60) % 60;
if (time_to_unlock == 0) {
id.innerHTML = "Konto zostało odblokowane";
} else {
var text = "Zbyt wiele nieudanych prób, login został zablokowany
<br>" + "Czas do odblokowania:";
id.innerHTML = text + ((minutes < 10) ? '0' + minutes : minutes) + ':' + ((seconds < 10) ? '0' + seconds : seconds);
if (time_to_unlock >= 0) setTimeout(function () {
odliczaj(id, --time_to_unlock)
}, 1000);
}
}
function LoginTestRequest() {
if (request.readyState == 4 && request.status == 200) {
var elem = document.getElementById('login_message_one');
if (request.responseText == "User Logged IN") {
window.location = "http://topcio.pl";
}
if (!isNaN(request.responseText)) {
$("#login_message_one").empty();
$("#info").show("slide", { direction: "left" }, 1000);
var time_to_unlock = request.responseText;
var newdiv = document.createElement('div');
newdiv.setAttribute("class", "div_testowy");
var script = document.createElement('script');
script.setAttribute("language", "javascript");
script.innerHTML = "odliczaj(user_blocked_time, " + time_to_unlock + ");";
newdiv.appendChild(script);
var newspan = document.createElement('span');
newspan.setAttribute("id", "user_blocked_time");
newdiv.appendChild(newspan);
elem.appendChild(newdiv);
} else {
elem.innerHTML = request.responseText;
}
} else {
elem.innerHTML = request.status + " " + request.statusText;
}
}
user_check_php
<?php
require_once '../class/db_login.php';
require_once '../class/Sql.class.php';
require_once '../class/Users.class.php';
// Tworzę połączenie z Bazą Danych
$sql = new Sql( $db_host, $db_user, $db_passwd, $db_name );
// Zapisujemy zmienną sesyjną ses_id
// Jeśli nie ma utworzonej zmiennej sesyjnej user_id to ustawiamy ją na NULL
if ( !isset( $_SESSION[ 'user_id' ] ) ) { $_SESSION[ 'user_id' ] = null;
}
// Filtrujemy wszystkie zmienne $_POST
if ( !empty( $_POST ) ) { foreach ( $_POST as $post_value ) {
$post_value = $sql->clear( $post_value );
}
}
# RAPORTOWANIE BŁĘDÓW
$users = new Users( $sql, $_SESSION[ 'user_id' ] );
if ( !empty( $_POST ) ) { loop_0001: $check_user_login = $users->check_user_login( $_POST );
#JEŻELI ISTNIEJE LOGIN W BAZIE
if ( $check_user_login === true ) {
$get_user_id = $users->get_user_id( $_POST );
$info = $users->get_blocked_info( $get_user_id );
# JEŻELI LOGIN ZABLOKOWANY
if ( $info == 1 ) {
if ( $users->login_unlock( $get_user_id ) === true ) {
goto loop_0001;
} else {
if ( is_numeric( $users->get_blocked_time( $get_user_id ) ) ) { echo $users->get_blocked_time( $get_user_id ); }
}
}
# JEŻELI LOGIN ODBLOKOWANY
if ( $info == 0 ) {
# JEŻELI ISTNIEJE HASŁO TYMCZASOWE
if ( $users->is_there_temp_pass( $get_user_id ) === true ) {
$users->login_form();
# JEŻELI LOGIN/HASŁO NIE SĄ ZGODNE
if ( $users->check_compatibility( $_POST ) === NULL ) {
$users->login_lock( $_POST );
$login_message[] = 'Upewnij się, że wprowadzone dane są poprawne<br />' .
'<a href="../index.php?action=forgetten">Wygeneruj ponownie hasło.</a>';
}
# JEŻELI LOGIN/HASŁO SĄ ZGODNE
if ( is_numeric( $users->check_compatibility( $_POST ) ) ) { $_SESSION[ 'user_id' ] = $users->check_compatibility( $_POST );
$users->loged_in( $_SESSION[ 'user_id' ] );
header( "Location: ../index.php?action=login_with_temp_pass" ); }
}
# JEŻELI NIE ISTNIEJE HASŁO TYMCZASOWE
if ( $users->is_there_temp_pass( $get_user_id ) === false ) {
# JEŻELI LOGIN/HASŁO NIE SĄ ZGODNE
if ( $users->check_compatibility( $_POST ) === NULL ) {
$users->login_lock( $_POST );
$login_message[] = "Podany login i/lub hasło są niepoprawne. Spróbuj Ponownie.";
$login_message[] = "<a href=\"../index.php?action=forgetten\">Zapomniałem Hasła.</a>";
}
# JEŻELI LOGIN/HASŁO SĄ ZGODNE
if ( is_numeric( $users->check_compatibility( $_POST ) ) ) { $_SESSION[ 'user_id' ] = $users->check_compatibility( $_POST );
$users->loged_in( $_SESSION[ 'user_id' ] );
}
}
}
}
#JEŻELI NIE ISTNIEJE LOGIN W BAZIE
if ( $check_user_login === false ) {
$get_user_id = null;
$login_message[] = "Podany login i/lub hasło są niepoprawne. Spróbuj Ponownie.";
$login_message[] = "<a href=\"../index.php?action=forgetten\">Zapomniałem Hasła.</a>";
}
}
else if ( empty( $_POST ) ) { $get_user_id = null;
}
?>