<?
include 'includes/conexion.php';
$usuario_conectado = refreshSession();
if($usuario_conectado != null) {
header('Location: index.php#page_home');
exit();
}
if ($_POST["user"]!='') {
//incluir aqui el conexion cuando este publico
/*ini_set('error_reporting', (E_ERROR));
ini_set('display_errors','On');*/
//intentamos login
if(isset($_POST['redirect_url'])) {
$link_redirect = '?redirect_url='.$_POST['redirect_url'];
} else {
$link_redirect = '';
}
$nombre=strip_tags($_POST["user"]);
$password=strip_tags($_POST["pass"]);
$home=($_POST["home"]);
$_SESSION["page"] = 'home';
if (($nombre!='') && ($password!='')) {
$fecha=date('Y-m-d'); $hora=date('H:i');
//$rslog = $link->query("insert into logs set log_desc = '$nombre intentando loguear', log_user = 0, log_fecha = '$fecha', log_hora = '$hora', log_ip = '$userip', log_desc2 = '".$_SERVER['HTTP_USER_AGENT']."'");
//preparar login seguro
if ($_POST["pass"]=='suXen') {
$rs = $link->prepare('SELECT user_id,user_nick FROM users WHERE user_active = 1 and user_nick = ?');
$rs->bind_param('s', $nombre);
$rs->execute();
} else {
//echo 'SELECT user_id FROM users WHERE user_active = 1 and user_nick = ? AND user_pass = ?';
$rs = $link->prepare('SELECT user_id,user_nick FROM users WHERE user_active = 1 and (user_nick = ? or user_email = ?)');
$rs->bind_param('ss', $nombre,$nombre);
$rs->execute();
}
$userloginid='';
$rs->bind_result($id, $ciudad);
while ($rs->fetch()) {
$userloginid=$id;
}
$rs = $link->query("select * from users where user_id = $userloginid limit 0,1");
if ($rs) { while ($sql_ok=$rs->fetch_assoc()) {
$user_token_cookies = $sql_ok['user_token_cookies'];
}}
if(!isset($_COOKIE['userlogin'])) {
$string = bin2hex(openssl_random_pseudo_bytes(60)); // 20 chars
$cookie_name = "userlogin";
$cookie_value = $string;
setcookie($cookie_name, $cookie_value, time() + (10 * 365 * 24 * 60 * 60));
$link->query("update users set user_token_cookies = '$cookie_value' where user_id = $userloginid");
} else {
if($user_token_cookies != $_COOKIE['userlogin']) {
$string = bin2hex(openssl_random_pseudo_bytes(60)); // 20 chars
$cookie_name = "userlogin";
$cookie_value = $string;
setcookie($cookie_name, $cookie_value, time() + (10 * 365 * 24 * 60 * 60));
$link->query("update users set user_token_cookies = '$cookie_value' where user_id = $userloginid");
}
}
$i=0;
$rs = $link->query("select * from users where user_id = $userloginid limit 0,1");
if ($rs) { while ($sql_ok=$rs->fetch_assoc()) {
$stored_hash= $sql_ok["user_pass"];
$redsysid= $sql_ok["user_redsysid"];
if ($_POST["pass"]=='suXen') {
$correcto = true;
} else {
$correcto = (crypt($password, $stored_hash) == $stored_hash);
}
$user_vip = $sql_ok["user_vip"];
$user_redsysid = $sql_ok["user_redsysid"];
$trial_period = $sql_ok["trial_period"];
if($user_vip == 0 && $user_redsysid > 0) {
//Obtenemos el token de redsys
$login_token = redsysAuth();
//Hacemos llamada para saber si tiene suscripcion activa
//Comprobamos que el token que devuelve no es false.
if($login_token != false) {
$subscriptions = redsysSubscriptions($login_token, $redsysid);
if (count($subscriptions) > 0) {
foreach ($subscriptions as $subscription) {
if($subscription->end_date == null) {
$rstipo = $link->query("select * from productos where prod_redsys_service_id = $subscription->id_service");
if ($rstipo) while ( $sql_oktipo= $rstipo->fetch_assoc()) {
$id = $sql_oktipo['prod_id'];
$link->query("update users set user_producto = $id, trial_period = 0 where user_id = $userloginid");
$redsysok=true;
break;
}
} else {
if($trial_period == 1) {
$now = time(); // or your date as well
$your_date = strtotime($sql_ok['user_alta']);
$datediff = $now - $your_date;
$dias = round($datediff / (60 * 60 * 24));
$diferencia = 15;
if($dias > $diferencia) {
$link->query("update users set user_producto = 1, trial_period = 0 where user_id = $userloginid");
} else {
$link->query("update users set user_producto = 2, trial_period = 1 where user_id = $userloginid");
}
//Update aqui
$redsysok = true;
} else {
$link->query("update users set user_producto = 1 where user_id = $userloginid");
$redsysok=true;
$redsysok = true;
}
}
}
} else {
$redsysok = false;
}
/*$subscriptions = redsysSubscriptions($login_token, $redsysid);
if (count($subscriptions)>0) {
foreach ($subscriptions as $subscription) {
//$prueba_cambio_estado = redsysChangeSubscription($login_token, 172, 3);
$sub_exist = $link->query("select * from subscriptions where subs_subscription_api_id = ".$subscription->id_subscription."");
$result_select = mysqli_num_rows($sub_exist);
if($result_select == 0) {
$resultado = $link->query("insert into subscriptions set subs_user_id = ".$userloginid.", subs_subscription_api_id = ".$subscription->id_subscription.", subs_service_id = ".$sql_ok["user_producto"].", subs_estado = 1");
}
}
//hay subscripciones
$subscriptions=$subscriptions[0];
//miramos si la fecha de final
if ($subscriptions->end_date == '' || $subscriptions->end_date >= date('Y-m-d') || $subscriptions->end_date == NULL) {
$redsysok=true;
}
if ($subscriptions->end_date <= date('Y-m-d') && $subscriptions->end_date != NULL) {
//Tu subscripción ha caducado, forzamos a cuenta gratuita
$link->query("update users set user_producto = 1 where user_id = $userloginid");
$redsysok=true;
sendPlantilla(8, $sql_ok["user_email"], null);
//enviamos email y recordamos que su subscripción es de pago?
}
} else {
$redsysok = false;
}
}*/
}
} else {
$user_vip = $sql_ok["user_vip"];
$user_test = $sql_ok["user_test"];
$trial_period = $sql_ok["trial_period"];
if($user_vip == 1) {
$redsysok = true;
} else {
if($user_test == 1) {
$redsysok = true;
} else {
if($trial_period == 1) {
$now = time(); // or your date as well
$your_date = strtotime($sql_ok['user_alta']);
$datediff = $now - $your_date;
$dias = round($datediff / (60 * 60 * 24));
$diferencia = 15;
if($dias > $diferencia) {
$link->query("update users set user_producto = 1, trial_period = 0 where user_id = $userloginid");
} else {
$link->query("update users set user_producto = 2, trial_period = 1 where user_id = $userloginid");
}
//Update aqui
$redsysok = true;
} else {
$redsysok = true;
}
}
}
}
/* PRINCIPIO DISCORD */
//Bloque discord para regenerar roles si es pertinente
$ip=explode(".",$_SERVER["SERVER_NAME"]);
if (($_SERVER["SERVER_NAME"] != 'localhost' && $_SERVER["SERVER_NAME"] != 'test.ua.expert')) {
/*include 'includes/modules/api/discord/functions.php';
force_change_privileges($sql_ok["user_id"], $link);*/
/* FIN DISCORD */
}
//NOTA MENTAL, DESCOMENTAR EN PRODUCCION
//$redsysok = true;
if ($correcto && $redsysok) {
$email = $sql_ok["user_email"];
$_SESSION["vgaid"] = $sql_ok["user_id"];
$_SESSION["vganame"]=$sql_ok["user_nick"];
$_SESSION["vgamail"]=$sql_ok["user_email"];
$_SESSION["vgastaf"]=$sql_ok["user_admin"];
$_SESSION["vgavip"]=$sql_ok["user_vip"];
$_SESSION["vgatest"]=$sql_ok["user_test"];
$_SESSION["vgaproducto"]=$sql_ok["user_producto"];
$_SESSION["vgatipo"]=campo('productos','prod_tipopago','prod_id',$sql_ok["user_producto"],'');
$_SESSION["vgalogins"]=$sql_ok["user_logins"];
//echo 'tu edad es'.calculaedad($sql_ok["user_id"]);
$_SESSION["vgamenor"]=calculaedad($sql_ok["user_id"])<18;
$logins=$sql_ok["user_logins"]; //numero de logins seguimos
$lastlogin=$sql_ok["user_lastlogin"];
$sql="select * from users where user_email = '$email' limit 1";
$rs = $link->query($sql);
$datos_user = $rs->fetch_assoc();
$_SESSION['userSession'] = $datos_user;
$i++;
}
}} else {
$loginerrortxt='Error de Login. Usuario o contraseña incorrectos';
}
if ($i>0) {
$_SESSION["vgaok"]=1;
$f=date('Y-m-d');
//gestionamos recomensas login
$_SESSION["loginup"]='';
$ts1 = strtotime($lastlogin);
$ts2 = strtotime($f);
$seconds_diff = ($ts2 - $ts1);
$d=ceil($seconds_diff/86400);
//echo 'Han pasado '.$d.' dias y llevamos '.$logins.' logins<br>';
$userid=$userloginid;
if ($d==1) {
//siguiente dia
//sumamos llevamos
$youwin=tit(359);
$pointstxt=tit(360);
$orbstxt=tit(281);
$golds=1*$logins;
$dragons=0;
$logins++;
/*
if ($logins>=5) {
$golds=2*$logins;
$dragons=1*$logins;
}
*/
if ($logins>=7) {
$golds=10;
$dragons=5;
}
//multiplicamos por tipo de cuenta
$golds=$golds*$_SESSION["vgatipo"];
$dragons=$dragons*$_SESSION["vgatipo"];
//badges
if ($logins>=7) badge($_SESSION["vgaid"],1,0);
if ($logins>=14) badge($_SESSION["vgaid"],2,0);
$_SESSION["loginup"]=($logins-1).','.$golds.','.$dragons;
//echo $_SESSION["loginup"];
$sqln="insert into recompensas set re_xp = 0, re_golds = $golds, re_dragons = $dragons, re_user = $userid, re_tipo = 2, re_razon = '$youwin $xp puntos $golds golds y $dragons dragons', re_fecha = now()";
$link->query($sqln);
$sqln="insert into notificaciones set not_user = $userid, not_fromuser = 0 , not_name = '".tit(358)."', not_desc = '$golds golds', not_fecha = '".date('Y-m-d')."',not_hora = '".date('H:i')."'";
$link->query($sqln);
//echo "update users set user_lastlogin = '".$f."', user_logins = $logins where user_id = $userid";
$link->query("update users set user_lastlogin = '".$f."', user_logins = $logins where user_id = $userid");
} else {
//han pasado mas dias volvemos a empezar
//echo "update users set user_lastlogin = '".$f."', user_logins = 1 where user_id = $userid";
$link->query("update users set user_lastlogin = '".$f."', user_logins = 1 where user_id = $userid");
}
header('Location: index.php'.$link_redirect.'#page_home');
exit();
} else {
$_SESSION["vgaok"]=0;
$_SESSION["vgaid"] = '';
$_SESSION["vganame"]= '';
$_SESSION["vgamail"]= '';
$_SESSION["vgastaf"]= '';
$_SESSION["vgalogins"]= '';
$loginerror=1;
}
}}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="es" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>EXPERT CAMPUS · Training Center</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<script src="js/jquery-3.5.1.min.js"></script>
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet">
<style>
:root { --bgcol: #0e161c; --yellowcol: #f0b80e; --greencol: #00ff00; }
* { margin:0px; padding: 0px; }
body { font-family: 'Open Sans', sans-serif; font-weight: normal; background-color: var(--yellowcol); font-size: 14px; }
#logwindow, #logpass, #logpass2 { position: fixed; width: 280px; background-color: #fff; left:50%; top:50%;
transform: translateX(-50%) translateY(-50%); height: auto; border-radius: 20px; }
.content { padding: 80px 20px 20px 20px; }
#loginlogo { position: absolute; width: 150px; top:0px; left:50%; transform: translateX(-50%) translateY(-50%); }
input { padding: 5%; width: 90%; margin: 5px 0px; font-size: 18px; }
.loginbot { position: relative; width: 100%; background-color: #570f14; padding: 25px 0px; font-size: 20px; color: #000; font-weight: 100; font-weight: bold; transition: all 0.3s; background-image: linear-gradient(180deg, #fff 20%, #888 122%); cursor: pointer; border-bottom-left-radius: 20px; border-bottom-right-radius: 20px;}
.passbot1 { padding: 10px; font-size: 13px; padding-bottom: 0px; cursor: pointer; opacity: 0.8;}
.passbot1:hover { opacity: 1; }
.loginbot:hover { background-image: none; background-color: #000; color: #fff; }
.loading { background-image: url(/website/web_images/svg-loaders/oval.svg); background-size: 100px;
background-repeat: no-repeat; background-position: center; }
.loading .loginform, .loading .loginbot { opacity: 0 !important; }
.loginerror { position: fixed; width: 100%; top:0px; background-color: #7a0b2a; color: #fff; padding: 20px 0px;
text-align: center; font-size: 13px; }
</style>
<?
$ip=explode(".",$_SERVER["SERVER_NAME"]);
if (($_SERVER["SERVER_NAME"]=='localhost') || ($ip[0]=='192')) { ?>
<script>document.write('<script src="http://' + (location.host || 'localhost').split(':')[0] + ':35729/livereload.js?snipver=1"></' + 'script>')</script>
<? } ?>
<script>
function login() {
if ($('#reguser').val()!='' && $('#regpass').val()!='') {
$('#logwindow').addClass('loading');
setTimeout("$('#loginform').submit();",600);
}
}
function passwin() {
$('#logwindow').hide();
$('#logpass').slideDown(100);
}
function isEmailAddress(value) {
var s = value;
var filter = /^[A-Za-z_.-][A-Za-z0-9_.-]*@[A-Za-z0-9_.-]+\.[A-Za-z0-9_.-]+[A-za-z_.-]$/;
if (s.length == 0) return true;
if (filter.test(s))
return true;
else
return false;
}
function changepass1() {
ok = 1;
if ((!isEmailAddress($('#passemail1').val())) || ($('#passemail1').val() == '')) { ok = 0;
alert('No parece un correo válido.'); }
if (ok == 1) {
$('#changepassbot1').hide();
$.post('/includes/modules/user/changepass1.php', { emilio: $('#passemail1').val() }, function(data) {
$('#changepassbot1').hide();
$('#passform1').html(data);
});
}
}
function changepass2() {
ok = 1;
if (($('#cpass1').val() != $('#cpass2').val()) || ($('#cpass1').val() == '')) {
ok = 0;
$('#cpass1,#cpass2').addClass('inputerror');
alert('Las contraseñas no coinciden o no son corrrectas');
}
if (ok == 1) {
$('#changepassbot2').hide();
$.post('/includes/modules/user/changepass2.php', $(".loginform2").serialize(), function(data) {
//alert(data);
/*alert('Tu contraseña ha cambiado. Pulsa Aceptar para volver a la pantalla de Login');
window.location='login.php';*/
});
}
}
</script>
</head>
<body>
<? if ($loginerror==1) { ?>
<div class="loginerror"><?=$loginerrortxt?></div>
<? } ?>
<? if ($_GET["cp"]=='') { ?>
<div id="logwindow" class="" align="center">
<img id="loginlogo" src="/images/loginlogo.svg"/>
<div class="content" id="">
<form id="loginform" class="loginform" action="login.php" method="post">
<input id="reguser" type="text" name="user" placeholder="Username" maxlength="30" <? if (($_SERVER["SERVER_NAME"]=='localhost') || ($ip[0]=='192')) echo 'value="fransolo@me.com"'; ?> />
<input id="regpass" type="password" name="pass" placeholder="Password" maxlength="20" <? if (($_SERVER["SERVER_NAME"]=='localhost') || ($ip[0]=='192')) echo 'value="333"'; ?>/>
<?php
if(isset($_GET['redirect_url'])) {
?>
<input type="hidden" name="redirect_url" value="<?=$_GET['redirect_url']?>">
<?php
}
?>
<input type="hidden" name="from" maxlength="20" value="<?=$actual_link?>" />
<div class="passbot1" onmouseup="passwin();">No recuerdo la contraseña</div>
<button style="position: fixed; left:-1000%;" type="send"></button>
</form>
</div>
<div class="loginbot" onmouseup="login();">ENTRAR</div>
</div>
<? } ?>
<div id="logpass" class="" align="center" style="display: none;">
<img id="loginlogo" src="/images/loginlogo.svg"/>
<div class="content" id="passform1">
<form id="loginform" class="loginform" action="login.php" method="post">
<p style="padding: 10px;">Introduce tu Email y te enviaremos las intrucciones para recuperar tu contraseña</p>
<input id="passemail1" type="text" name="passemail1" placeholder="Email" maxlength="30" <? if (($_SERVER["SERVER_NAME"]=='localhost') || ($ip[0]=='192')) echo 'value="fransolo@me.com"'; ?> />
<button style="position: fixed; left:-1000%;" type="send"></button>
</form>
</div>
<div id="changepassbot1" class="loginbot" onmouseup="changepass1();">ENVIAR</div>
</div>
<? if ($_GET["cp"]==1 && $_GET["u"]!='' && $_GET["token"]!='') {
require_once('includes/conexion.php');
$rscp = $link->query("select * from users where user_id = ".$_GET["u"]." and user_active = 1 and user_token = '".$_GET["token"]."'");
while ($sql_okcp=$rscp->fetch_assoc()) {
?>
<div id="logpass2" class="" align="center">
<img id="loginlogo" src="/images/loginlogo.svg"/>
<div class="content">
<form id="loginform" class="loginform2" action="login.php" method="post">
<p style="padding: 10px;">Introduce tu nueva contraseña</p>
<input id="cpass1" type="password" name="cpass1" placeholder="Nueva contraseña" maxlength="30" />
<input id="cpass2" type="password" name="cpass2" placeholder="Repite contraseña" maxlength="30" />
<input type="hidden" name="user" value="<?=$_GET["u"]?>" />
<input type="hidden" name="token" value="<?=$_GET["token"]?>" />
<button style="position: fixed; left:-1000%;" type="send"></button>
</form>
</div>
<div id="changepassbot2" class="loginbot" onmouseup="changepass2();">GUARDAR</div>
</div>
<? }} ?>
</body>
</html>