<?
require_once("mainfile.php");

// Get a key from https://www.google.com/recaptcha/admin/create
$publickey = "6Ldvgv4SAAAAAKjaZsBe4SV2wWSqDtsCZ1_PdbI_";
$privatekey = "6Ldvgv4SAAAAAB_pZyQ12YHYy7tspn1_oI05pLTg";


if (isset($_POST['act'])) {
		if ($_POST['act']=="login" && isset($_POST['login-email']) && isset($_POST['login-password'])) {
				$user_sql=sql_query("select m.*, mc.lang, mc.rated from (member m, member_configuration mc) left join member_social ms on ms.memberID=m.ID where mc.memberID=m.ID and m.email='".trim($_POST['login-email'])."'");
				if (sql_num_rows($user_sql)) {
					$user_info=sql_fetch_array($user_sql);
					if (validate_password(trim($_POST['login-password']), $user_info['passwd'])) {

						// set cookie for autoLogin
						if (isset($_POST['autoLogin']) && $_POST['autoLogin']=="yes") setcookie("MFI[autoLogin]", $_POST['login-email'], mktime()+(3600 * 24 * 30)); // calid for 30 days
								$_SESSION['login_member']=$user_info['login'];
								$_SESSION['login_memberID']=$user_info['ID'];
								$_SESSION['login_member_name']=stripslashes($user_info['name']);
								$_SESSION['login_member_type']=$user_info['type'];
								$_SESSION['login_member_state']=$user_info['state'];
								$_SESSION['login_member_rated']=$user_info['rated'];
								$_SESSION['login_member_verified']=$user_info['verified'];
								$_SESSION['lang']=$user_info['lang'];
								if (empty($user_info['icon'])) {
										$_SESSION['login_member_icon']="member.png";
										$_SESSION['login_member_iconThumb']="member_thm.png";
										$_SESSION['login_member_iconBig']="member_bigbox.png";
								} else {
										$_SESSION['login_member_icon']=$user_info['icon'];
										$_SESSION['login_member_iconThumb']=str_replace(".jpg","_thm.jpg", $user_info['icon']);
										$_SESSION['login_member_iconBig']=str_replace(".jpg","_bigbox.jpg", $user_info['icon']);
								}

								if ($_SESSION['login_member']) {
									sql_query("insert into login_history values(NULL, 'm', '".$_SESSION['login_memberID']."', 'login', '".mktime()."')");

									if (isset($_POST['ref']) && $_POST['ref']!='') {
										$reflink=base64_decode($_POST['ref']);
										Header('Location: '.$reflink);
									} else if (isset($_SERVER['HTTP_REFERER']) && !filter_var($_SERVER['HTTP_REFERER'], FILTER_VALIDATE_URL) === false) {
										Header('Location: '.$_SERVER['HTTP_REFERER']);
									} else {
										// You can redirect them to a members-only page.
										Header('Location: '.URL_PATH.'me/'.$_SESSION['login_member']);die();
									}
									die();
								}
						} else {
							$_SESSION = array();
							session_destroy();
							$reflink='';
							if (isset($_POST['ref']) && $_POST['ref']!='') {
								$reflink=base64_decode($_POST['ref']);
							} else if (isset($_SERVER['HTTP_REFERER']) && !filter_var($_SERVER['HTTP_REFERER'], FILTER_VALIDATE_URL) === false) {
								$reflink=$_SERVER['HTTP_REFERER'];
							}
							Header('Location: '.URL_PATH.'login/?msg=2&ref='.$reflink);
							die();
						}

				} else {
					$_SESSION = array();
					session_destroy();
					$reflink='';
					if (isset($_POST['ref']) && $_POST['ref']!='') {
						$reflink=base64_decode($_POST['ref']);
					} else if (isset($_SERVER['HTTP_REFERER']) && !filter_var($_SERVER['HTTP_REFERER'], FILTER_VALIDATE_URL) === false) {
						$reflink=$_SERVER['HTTP_REFERER'];
					}
					Header('Location: '.URL_PATH.'login/?msg=1&ref='.$reflink);
					die();
				}
		} else if ($_POST['act']=="signup" && isset($_POST['signup-name']) && filter_var(trim($_POST['signup-email']), FILTER_VALIDATE_EMAIL)) {
			// signup without facebook login
				$member_passwd=random_password(6);
				$member_email=trim($_POST['signup-email']);
				$member_user=explode("@", $member_email);
				($_POST['signup-gender']=="f")? $member_gender="f":$member_gender="m";
				$usermail=sql_fetch_assoc(sql_query("select * from member where email='".$member_email."'"));
				if ($usermail['ID']>0){
					$_SESSION['email_error']=$member_email;
					Header('Location: '.URL_PATH.'?err=email');die();
				} else {
					$username=sql_fetch_assoc(sql_query("select * from member where login='".$member_user[0]."'"));
					if ($username['ID']) {
							sql_query("insert into member values(NULL, UNIX_TIMESTAMP(), '".$member_passwd."', '0', '".addslashes($_POST['signup-name'])."', '".$member_gender."', '0000-00-00', '".$member_email."', '', '', '1', '', '', '', UNIX_TIMESTAMP(), '0', 'a', '', '0', '0', '0', '0', '', '0', '0')");
					} else {
							sql_query("insert into member values(NULL, '".$member_user[0]."', '".$member_passwd."', '0', '".addslashes($_POST['signup-name'])."', '".$member_gender."', '0000-00-00', '".$member_email."', '', '', '1', '', '', '', UNIX_TIMESTAMP(), '0', 'a', '', '0', '0', '0', '0', '', '0', '0')");
					}

					$memberID=sql_insert_id();
					sql_query("insert into member_configuration values(NULL, '".$memberID."', '0', '0', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '1', '".$_SESSION['lang']."', '1', '1', '1', '1', '1', '1', '')");
					// generate unique code to verify signup
					$code_array=array("email"=>$member_email, "code"=>$member_passwd);
					$code=serialize($code_array);
					$codebase64=base64_encode($code);
					$newsignup_url=URL_PATH.'newsignup/verify/'.$codebase64;
					// send email to confirm signup
					$email_message=sprintf(_MESSAGE_NEW_SIGNUP, $_POST['signup-name'], $member_passwd, $newsignup_url)._EMAIL_FOOTER;
					mail($member_email, _SUBJECT_NEW_SIGNUP, $email_message, MAIL_HEADER, "-fwebmaster@mfi.or.id");
					// You can redirect them to a members-only page.
					Header('Location: '.URL_PATH.'newsignup/verify/');die();
				}
		} else if ($_POST['act']=="forgotpasswd" && filter_var(trim($_POST['signup-email']), FILTER_VALIDATE_EMAIL)) {
			// signup without facebook login
				$member_passwd=random_password(6);
				$member_email=trim($_POST['signup-email']);
				$userinfo=sql_fetch_assoc(sql_query("select * from member where email='".$member_email."'"));
				if ($userinfo['ID']>0){
					$username=stripslashes(trim($userinfo['login']));
					$membername=stripslashes(trim($userinfo['name']));
					sql_query("update member set passwd='".crypt_password($member_passwd)."' where ID='".$userinfo['ID']."'");

					// generate unique code to verify signup
					$code_array=array("email"=>$member_email, "code"=>$member_passwd);
					$code=serialize($code_array);
					$codebase64=base64_encode($code);
					$newsignup_url=URL_PATH.'resetpasswd/verify/'.$codebase64;
					// send email to confirm signup
					$email_message=sprintf(_MESSAGE_RESET_PASSWORD, $membername, $member_passwd, $newsignup_url)._EMAIL_FOOTER;
					mail($member_email, _SUBJECT_RESET_PASSWORD, $email_message, MAIL_HEADER, "-fwebmaster@mfi.or.id");
					// You can redirect them to a members-only page.
					Header('Location: '.URL_PATH.'me/'.$username);die();
				} else {
					$_SESSION['email_error']=$member_email;
					Header('Location: '.URL_PATH.'?err=email');die();
				}
		} else {
		    if (preg_match("/login.php/",$_SERVER['PHP_SELF'])) {
			Header('Location: '.URL_PATH.'?ref='.$_POST['ref']);
			die();
		    }
		}
}

if (isset($_GET['act'])) {
		if ($_GET['act']=="verifysignup" && isset($_GET['code'])) {
		$user_info=sql_fetch_assoc(sql_query("select m.*, mc.rated, mc.lang from member m, member_configuration mc where m.passwd='".$_GET['code']."' and mc.memberID=m.ID and (m.state='a' or m.state='nv')"));
				if ($user_info['ID']) {
						$_SESSION['login_member']=$user_info['login'];
						$_SESSION['login_memberID']=$user_info['ID'];
						$_SESSION['login_member_name']=stripslashes($user_info['name']);
						$_SESSION['login_member_type']=$user_info['type'];
						$_SESSION['login_member_state']=$user_info['state'];
						$_SESSION['login_member_rated']=$user_info['rated'];
						$_SESSION['login_member_verified']=$user_info['verified'];
						$_SESSION['lang']=$user_info['lang'];
						if (empty($user_info['icon'])) {
								$_SESSION['login_member_icon']="member.png";
								$_SESSION['login_member_iconThumb']="member_thm.png";
								$_SESSION['login_member_iconBig']="member_bigbox.png";
						} else {
								$_SESSION['login_member_icon']=$user_info['icon'];
								$_SESSION['login_member_iconThumb']=str_replace(".jpg","_thm.jpg", $user_info['icon']);
								$_SESSION['login_member_iconBig']=str_replace(".jpg","_bigbox.jpg", $user_info['icon']);
						}
						// You can redirect them to a members-only page.
						Header('Location: '.URL_PATH.'me/'.$_SESSION['login_member']);die();
				} else {
						Header('Location: '.URL_PATH.'newsignup/verify/');die();
				}
		} else if ($_GET['act']=="signup") {
				// Redirect user to homepage..
				Header('Location: '.URL_PATH);die();
		} else if ($_GET['act']=="auto-login" && $_COOKIE['MFI']['autoLogin'] && empty($_SESSION['login_memberID'])) {
				$user_sql=sql_query("select m.* from (member m, member_configuration mc) where mc.memberID=m.ID and m.email='".$_COOKIE['MFI']['autoLogin']."'");
				if (sql_num_rows($user_sql)) {
						$user_info=sql_fetch_array($user_sql);

						$_SESSION['login_member']=$user_info['login'];
						$_SESSION['login_memberID']=$user_info['ID'];
						$_SESSION['login_member_name']=stripslashes($user_info['name']);
						$_SESSION['login_member_type']=$user_info['type'];
						$_SESSION['login_member_state']=$user_info['state'];
						$_SESSION['login_member_rated']=$user_info['rated'];
						$_SESSION['login_member_verified']=$user_info['verified'];
						$_SESSION['lang']=$user_info['lang'];
						if (empty($user_info['icon'])) {
								$_SESSION['login_member_icon']="member.png";
								$_SESSION['login_member_iconThumb']="member_thm.png";
								$_SESSION['login_member_iconBig']="member_bigbox.png";
						} else {
								$_SESSION['login_member_icon']=$user_info['icon'];
								$_SESSION['login_member_iconThumb']=str_replace(".jpg","_thm.jpg", $user_info['icon']);
								$_SESSION['login_member_iconBig']=str_replace(".jpg","_bigbox.jpg", $user_info['icon']);
						}

						if ($_SESSION['login_member']) {
							sql_query("insert into login_history values(NULL, 'm', '".$_SESSION['login_memberID']."', 'login', '".mktime()."')");

							if (isset($_GET['ref']) && $_GET['ref']) {
								$reflink=base64_decode($_GET['ref']);
								Header("Location: ".URL_PATH."?".$reflink);
							} else {
								// You can redirect them to http referrer or member's page
								if (preg_match("/https:\/\/mfi.or.id\//i", $_SERVER['HTTP_REFERER'])) {
										Header('Location: '.$_SERVER['HTTP_REFERER']);die();
								} else {
										Header('Location: '.URL_PATH.'me/'.$_SESSION['login_member']);die();
								}
							}
							die();
						}

				} else {
					$_SESSION = array();
					session_destroy();
					Header('Location: '.URL_PATH);
					die();
				}

		} else if ($_GET['act']=="logoff") {
		sql_query("delete from online where login='".$_SESSION['login_member']."'");
		sql_query("insert into login_history values(NULL, 'm', '".$_SESSION['login_memberID']."', 'logoff', '".mktime()."')");
		$_SESSION = array();
		@session_destroy();
		setcookie("MFI[autoLogin]", "", time()-3600);
		Header('Location: '.URL_PATH);die();
		}
}
Header("Location: /");die();
?>