| Server IP : 162.214.74.102 / Your IP : 216.73.217.80 Web Server : Apache System : Linux dedi-4363141.lrsys.com.br 3.10.0-1160.119.1.el7.tuxcare.els25.x86_64 #1 SMP Wed Oct 1 17:37:27 UTC 2025 x86_64 User : lrsys ( 1015) PHP Version : 5.6.40 Disable Function : exec,passthru,shell_exec,system MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /home/lrsys/www/lrsys_apps/erp/application/controllers/ |
Upload File : |
<?php
// *************************************************************************
// * *
// * iBilling - Accounting, Billing Software *
// * Copyright (c) Sadia Sharmin. All Rights Reserved *
// * *
// *************************************************************************
// * *
// * Email: sadiasharmin3139@gmail.com *
// * Website: http://www.sadiasharmin.com *
// * *
// *************************************************************************
// * *
// * This software is furnished under a license and may be used and copied *
// * only in accordance with the terms of such license and with the *
// * inclusion of the above copyright notice. *
// * If you Purchased from Codecanyon, Please read the full License from *
// * here- http://codecanyon.net/licenses/standard *
// * *
// *************************************************************************
$do = route(1);
if($do == ''){
$do = 'login-display';
}
switch($do){
case 'post':
$username = _post('username');
$username = filter_var($username, FILTER_SANITIZE_STRING);
$username = addslashes($username);
$password = _post('password');
$password = addslashes($password);
$after = route(2);
$rd = U.$config['redirect_url'].'/';
if($after != ''){
$after = str_replace('*','/',$after);
$rd = U.$after.'/';
}
if($username != '' AND $password != ''){
$d = ORM::for_table('sys_users')->where('username',$username)->find_one();
if($d){
$d_pass = $d['password'];
if(Password::_verify($password,$d_pass) == true){
//Now check if OTP is enabled
if($d['otp'] == 'Yes'){
// Otp::make($d['id']);
// $_SESSION['tuid'] = $d['id'];
//
// r2(U.'otp');
}
else{
$_SESSION['uid'] = $d->id;
$d->last_login = date('Y-m-d H:i:s');
if(strlen($d->autologin) > 20){
$str = $d->autologin;
}
else{
$str = Ib_Str::random_string(20).$d->id;
}
$d->autologin = $str;
$d->save();
//login log
setcookie('ib_at', $str, time() + (86400 * 180), "/"); // 86400 = 1 day
_log($_L['Login Successful'].' '.$username,'Admin',$d['id']);
setcookie("tplsub", 'default', time()+15552000);
if(!isset($config['build']) OR ($config['build'] < $file_build)){
r2(U.'update/');
}
// if ((isset($routes['2'])) AND (($routes['2'] != ''))){
// $rd = $routes['2'];
// exit($rd);
// }
r2($rd);
}
}
else{
_msglog('e',$_L['Invalid Username or Password']);
_log($_L['Failed Login'].' '.$username,'Admin');
r2(U.'login');
}
}
else{
_msglog('e',$_L['Invalid Username or Password']);
r2(U.'login/');
}
}
else{
_msglog('e',$_L['Invalid Username or Password']);
r2(U.'login/');
}
break;
case 'login-display':
Event::trigger('admin/login/');
Admin::isLogged();
// added param after
$ui->display('login.tpl');
break;
case 'forgot-pw':
$ui->display('forgot-pw.tpl');
break;
case 'forgot-pw-post':
$username = _post('username');
$d = ORM::for_table('sys_users')->where('username', $username)->find_one();
if ($d) {
$xkey = _raid('10');
$d->pwresetkey = $xkey;
$d->keyexpire = time() + 3600;
$d->save();
$e = ORM::for_table('sys_email_templates')->where('tplname','Admin:Password Change Request')->find_one();
$subject = new Template($e['subject']);
$subject->set('business_name', $config['CompanyName']);
$subj = $subject->output();
$message = new Template($e['message']);
$message->set('name', $d['fullname']);
$message->set('business_name', $config['CompanyName']);
$message->set('password_reset_link', U.'login/pwreset-validate/'.$d['id'].'/token_'.$xkey);
$message->set('username', $d['username']);
$message->set('ip_address', $_SERVER["REMOTE_ADDR"]);
$message_o = $message->output();
Notify_Email::_send($d['fullname'],$d['username'],$subj,$message_o);
_msglog('s',$_L['Check your email to reset Password']);
r2(U.'login/');
} else {
_msglog('e',$_L['User Not Found'].'!');
r2(U.'login/forgot-pw/');
}
break;
case 'pwreset-validate':
$v_uid = $routes['2'];
$v_token = $routes['3'];
$v_token = str_replace('token_','',$v_token);
$d = ORM::for_table('sys_users')->find_one($v_uid);
if($d){
$d_token = $d['pwresetkey'];
if($v_token != $d_token){
r2(U.'login/','e',$_L['Invalid Password Reset Key'].'!');
}
$keyexpire = $d['keyexpire'];
$ctime = time();
if ($ctime > $keyexpire) {
r2(U.'login/','e',$_L['Password Reset Key Expired']);
}
$password = _raid('6');
$npassword = Password::_crypt($password);
$d->password = $npassword;
$d->pwresetkey = '';
$d->keyexpire = '0';
$d->save();
$e = ORM::for_table('sys_email_templates')->where('tplname','Admin:New Password')->find_one();
$subject = new Template($e['subject']);
$subject->set('business_name', $config['CompanyName']);
$subj = $subject->output();
$message = new Template($e['message']);
$message->set('name', $d['fullname']);
$message->set('business_name', $config['CompanyName']);
$message->set('login_url', U.'login/');
$message->set('username', $d['username']);
$message->set('password', $password);
$message_o = $message->output();
Notify_Email::_send($d['fullname'],$d['username'],$subj,$message_o);
_msglog('s',$_L['Check your email to reset Password'].'.');
r2(U.'login/');
}
break;
case 'where':
r2(U.'login');
break;
case 'after':
Admin::isLogged();
$after = route(2);
$ui->assign('after',$after);
$ui->display('login.tpl');
break;
default:
Admin::isLogged();
$ui->display('login.tpl');
break;
}