$secondsInMonth,
'httponly' => true,
'samesite' => 'Lax'
]);
session_start();
}
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
$db->close();
header("Location: .");
exit();
}
$demoMode = getenv('DEMO_MODE');
$cookieExpire = time() + (30 * 24 * 60 * 60);
// Check if login is disabled
$adminQuery = "SELECT login_disabled FROM admin";
$adminResult = $db->query($adminQuery);
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
if ($adminRow['login_disabled'] == 1) {
$query = "SELECT id, username, main_currency, language FROM user WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindValue(':id', 1, SQLITE3_INTEGER);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row === false) {
// Something is wrong with admin user. Reenable login
$updateQuery = "UPDATE admin SET login_disabled = 0";
$updateStmt = $db->prepare($updateQuery);
$updateStmt->execute();
$db->close();
header("Location: login.php");
} else {
$userId = $row['id'];
$main_currency = $row['main_currency'];
$username = $row['username'];
$language = $row['language'];
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $main_currency;
$_SESSION['userId'] = $userId;
setcookie('language', $language, [
'expires' => $cookieExpire,
'samesite' => 'Lax'
]);
if (!isset($_COOKIE['sortOrder'])) {
setcookie('sortOrder', 'next_payment', [
'expires' => $cookieExpire,
'samesite' => 'Lax'
]);
}
$query = "SELECT color_theme FROM settings";
$stmt = $db->prepare($query);
$result = $stmt->execute();
$settings = $result->fetchArray(SQLITE3_ASSOC);
setcookie('colorTheme', $settings['color_theme'], [
'expires' => $cookieExpire,
'samesite' => 'Lax',
]);
$cookieValue = $username . "|" . "abc123ABC" . "|" . $main_currency;
setcookie('wallos_login', $cookieValue, [
'expires' => $cookieExpire,
'samesite' => 'Lax',
'httponly' => true,
]);
$db->close();
header("Location: .");
}
}
if (isset($_SESSION['totp_user_id'])) {
unset($_SESSION['totp_user_id']);
}
if (isset($_SESSION['token'])) {
unset($_SESSION['token']);
}
$theme = "light";
$updateThemeSettings = false;
if (isset($_COOKIE['theme'])) {
$theme = $_COOKIE['theme'];
} else {
$updateThemeSettings = true;
}
$colorTheme = "blue";
if (isset($_COOKIE['colorTheme'])) {
$colorTheme = $_COOKIE['colorTheme'];
}
// Check if OIDC is Enabled
$password_login_disabled = false;
$oidcEnabled = false;
$oidcQuery = "SELECT oidc_oauth_enabled FROM admin";
$oidcResult = $db->query($oidcQuery);
$oidcRow = $oidcResult->fetchArray(SQLITE3_ASSOC);
if ($oidcRow) {
$oidcEnabled = $oidcRow['oidc_oauth_enabled'] == 1;
if ($oidcEnabled) {
// Fetch OIDC settings
$oidcSettingsQuery = "SELECT * FROM oauth_settings WHERE id = 1";
$oidcSettingsResult = $db->query($oidcSettingsQuery);
$oidcSettings = $oidcSettingsResult->fetchArray(SQLITE3_ASSOC);
if (!$oidcSettings) {
$oidcEnabled = false;
} else {
$oidc_name = $oidcSettings['name'] ?? '';
$password_login_disabled = $oidcSettings['password_login_disabled'] == 1;
// Generate a CSRF-protecting state string
$secondsInMonth = 30 * 24 * 60 * 60;
if (session_status() === PHP_SESSION_NONE) {
session_set_cookie_params([
'lifetime' => $secondsInMonth,
'httponly' => true,
'samesite' => 'Lax'
]);
session_start();
}
$state = bin2hex(random_bytes(16));
$_SESSION['oidc_state'] = $state;
// Build the OIDC authorization URL
$params = http_build_query([
'response_type' => 'code',
'client_id' => $oidcSettings['client_id'],
'redirect_uri' => $oidcSettings['redirect_url'],
'scope' => $oidcSettings['scopes'],
'state' => $state,
]);
$oidc_auth_url = rtrim($oidcSettings['authorization_url'], '?') . '?' . $params;
}
}
}
$loginFailed = false;
$hasSuccessMessage = (isset($_GET['validated']) && $_GET['validated'] == "true") || (isset($_GET['registered']) && $_GET['registered'] == true) ? true : false;
$userEmailWaitingVerification = false;
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$rememberMe = isset($_POST['remember']) ? true : false;
$query = "SELECT id, password, main_currency, language FROM user WHERE username = :username";
$stmt = $db->prepare($query);
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row) {
$hashedPasswordFromDb = $row['password'];
$userId = $row['id'];
$main_currency = $row['main_currency'];
$language = $row['language'];
if (password_verify($password, $hashedPasswordFromDb)) {
// Check if the user is in the email_verification table
$query = "SELECT 1 FROM email_verification WHERE user_id = :userId";
$stmt = $db->prepare($query);
$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER);
$result = $stmt->execute();
$verificationMissing = $result->fetchArray(SQLITE3_ASSOC);
// Check if the user has 2fa enabled
$query = "SELECT totp_enabled FROM user WHERE id = :userId";
$stmt = $db->prepare($query);
$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER);
$result = $stmt->execute();
$totpEnabled = $result->fetchArray(SQLITE3_ASSOC);
if ($verificationMissing) {
$userEmailWaitingVerification = true;
$loginFailed = true;
} else {
if ($totpEnabled['totp_enabled'] == 1) {
$_SESSION['totp_user_id'] = $userId;
if ($rememberMe) {
$_SESSION['pending_remember_me'] = true; // defer cookie until TOTP done
}
$db->close();
header("Location: totp.php");
exit();
}
// No TOTP — safe to create remember-me token now
if ($rememberMe) {
$token = bin2hex(random_bytes(32));
$addLoginTokens = "INSERT INTO login_tokens (user_id, token) VALUES (:userId, :token)";
$addLoginTokensStmt = $db->prepare($addLoginTokens);
$addLoginTokensStmt->bindParam(':userId', $userId, SQLITE3_INTEGER);
$addLoginTokensStmt->bindParam(':token', $token, SQLITE3_TEXT);
$addLoginTokensStmt->execute();
$_SESSION['token'] = $token;
$cookieValue = $username . "|" . $token . "|" . $main_currency;
setcookie('wallos_login', $cookieValue, [
'expires' => $cookieExpire,
'samesite' => 'Lax',
'httponly' => true,
]);
}
$_SESSION['username'] = $username;
$_SESSION['loggedin'] = true;
$_SESSION['main_currency'] = $main_currency;
$_SESSION['userId'] = $userId;
setcookie('language', $language, [
'expires' => $cookieExpire,
'samesite' => 'Lax'
]);
if (!isset($_COOKIE['sortOrder'])) {
setcookie('sortOrder', 'next_payment', [
'expires' => $cookieExpire,
'samesite' => 'Lax'
]);
}
$query = "SELECT color_theme FROM settings WHERE user_id = :userId";
$stmt = $db->prepare($query);
$stmt->bindValue(':userId', $userId, SQLITE3_INTEGER);
$result = $stmt->execute();
$settings = $result->fetchArray(SQLITE3_ASSOC);
setcookie('colorTheme', $settings['color_theme'], [
'expires' => $cookieExpire,
'samesite' => 'Lax'
]);
$db->close();
header("Location: .");
exit();
}
} else {
$loginFailed = true;
}
} else {
$loginFailed = true;
}
}
//Check if registration is open
$registrations = false;
$resetPasswordEnabled = false;
if (!$password_login_disabled) {
$adminQuery = "SELECT registrations_open, max_users, server_url, smtp_address FROM admin";
$adminResult = $db->query($adminQuery);
$adminRow = $adminResult->fetchArray(SQLITE3_ASSOC);
$registrationsOpen = $adminRow['registrations_open'];
$maxUsers = $adminRow['max_users'];
if ($registrationsOpen == 1 && $maxUsers == 0) {
$registrations = true;
} else if ($registrationsOpen == 1 && $maxUsers > 0) {
$userCountQuery = "SELECT COUNT(id) as userCount FROM user";
$userCountResult = $db->query($userCountQuery);
$userCountRow = $userCountResult->fetchArray(SQLITE3_ASSOC);
$userCount = $userCountRow['userCount'];
if ($userCount < $maxUsers) {
$registrations = true;
}
}
if ($adminRow['smtp_address'] != "" && $adminRow['server_url'] != "") {
$resetPasswordEnabled = true;
}
}
if (isset($_GET['error']) && $_GET['error'] == "oidc_user_not_found") {
$loginFailed = true;
}
?>
" id="theme-color" />
Wallos - Subscription Tracker
>
>
>
>
>