<?php
include("mysql.php");
//include_once("proxydet.php");$proxy = new proxy_detector();if($proxy->detect()) die();
session_start();

if(!isset($_SERVER['HTTP_CF_CONNECTING_IP'])) $ip = $_SERVER['REMOTE_ADDR']; else $ip = $_SERVER['HTTP_CF_CONNECTING_IP'];
if(isset($_POST["register"]))  $res = register($mysql->escape($_POST["user"]), $_POST["pass"], $mysql->escape($_POST["email"]));
elseif(isset($_POST["login"])) $res = login($mysql->escape($_POST["user"]), $_POST["pass"]);
elseif(isset($_GET["authkey"])&&isset($_GET["user"])) $res = verify($mysql->escape($_GET["authkey"]),$mysql->escape($_GET["user"]));

function verify($key="",$user="") {
global $mysql;
if(!isset($key)||$key==""||$key==1||!ctype_alnum($key)) return "[RED]Invalid key[CLOSE]";
if(!isset($user)||$user==""||!ctype_alnum($user))       return "[RED]Invalid user[CLOSE]";
if(!$user = $mysql->fetch_array("select `enabled`, `username` from `users` where `enabled` = '{$key}' and `username` = '{$user}';")) return "[RED]Invalid key[CLOSE]";
$transferblock = strtotime("+ 2 days");
if(!$mysql->query("update `users` set `enabled` = '1', `transferblock` = '{$transferblock}' where `enabled` = '{$user["enabled"]}' and `username` = '{$user["username"]}';")) return "[RED]Invalid key[CLOSE]";;
return "[GREEN]Su email ha sido verificado satifactoriamente[CLOSE]";
}

function login($user=null, $pass=null) {
global $mysql,$ip;
if(!$user || !$pass)return "[RED]Todos los campos son obligatorios[CLOSE]";
if(!ctype_alnum($user)) return "[RED]Nombre de usuario debe ser alfanumérico[CLOSE]";
if(strtolower($mysql->read("username","users","username",$user))!=strtolower($user)) return "[RED]Detalles incorrectos:[[CLOSE]";
if(mysql_num_rows($mysql->query("select * from `users` where `connectedlast` = '{$ip}';"))>=2) return "[RED]Usted sólo está permitido tener una cuenta ...[CLOSE]";
$password = $mysql->read("password", "users", "username", strtolower($user));
if(md5(md5($pass))!=$password) return "[RED]Detalles incorrectos:[[CLOSE]";
$data = $mysql->fetch_array("select * from `users` where `username` = '{$user}';");
if($data["enabled"]=="0") return "[RED]Verifique por favor su dirección de correo electrónico[CLOSE]";
$_SESSION["user"]   = $data["username"];
$_SESSION["pass"]   = $pass;
$_SESSION["avatar"] = $data["avatar"];
$_SESSION["id"]     = $data["id"];
$_SESSION["nick"]   = $data["nickname"];
$_SESSION["xats"]   = $data["xats"];
$_SESSION["rank"]   = rank($data["rank"]);
$_SESSION["days"]   = floor(((($data["days"] - strtotime("now")) / 60) / 60) / 24);
$_SESSION["login"]  = true;
if(isset($_GET["res"])) switch($_GET["res"]) {case "trade": header("Location: /trade"); break;}
return "[GREEN]Ahora va a ser redirigido...[CLOSE]";
}

function register($user=null, $pass=null, $email=null) {
global $mysql, $ip;
if(!$user || !$pass || !$email) return "[RED]Todos los campos son obligatorios ...[CLOSE]";
if(strlen($user)<6 || strlen($user)>12) return "[RED]Nombre de usuario debe tener entre 6 y 12 caracteres ...[CLOSE]";
if(strlen($pass)<6) return "[RED]La contraseña debe tener mas de 6 caracteres...[CLOSE]";
if(!ctype_alnum($user)) return "Nombre de usuario sólo puede ser alfanumérico";
if($mysql->read("username","users","username",strtolower($user))!==null) return "[RED]Nombre de usuario ya existe...[CLOSE]";
if($mysql->read("username","users","email",strtolower($email))!==null)   return "[RED]Dirección de correo electronico ya registrado...[CLOSE]";
if(mysql_num_rows($mysql->query("select * from `users` where `connectedlast` = '{$ip}';"))>=1) return "[RED]Solo esta permitida una cuenta...[CLOSE]";
$prepass = $pass;
$pass    = md5(md5($pass));
$user    = strtolower($user);
$email   = strtolower($email);
$k1      = rand(-1000000, 1000000);
$k2      = rand(-1000000, 1000000);
$k3      = rand(-1000000, 1000000);
$xats    = 1000000;
$days    = strtotime("+ 150 days");
$authkey = md5(rand(1,1000).time().rand(1,1000));
$transferblock = strtotime("+ 2 days");
$reg     = $mysql->query("insert into `users` (`id`, `username`, `nickname`, `password`, `avatar`, `url`, `k`, `k2`, `k3`, `xats`, `days`, `email`, `powers`, `enabled`, `transferblock`, `connectedlast`) values('NULL', '{$user}', '{$user}', '{$pass}', '', '', '{$k1}', '{$k2}', '{$k3}', '{$xats}', '{$days}', '{$email}', '', '{$authkey}', '{$transferblock}', '{$ip}');");
return "[GREEN]Registrado correctamente, ya puede hacer login.[CLOSE]";
}

function rank($var) {switch($var) {case 1:return "member";case 9:return "admin";}}

?>
<!DOCTYPE html>
<html>
<head>
<title>IxatCool - Registrar/Logear</title>
<script type="text/javascript" src="/js/jquery-1.7.2.min.js"></script>
<script type="text/javascript" src="/js/twitter.js"></script>
<link href="/css/bootstrap.css" rel="stylesheet">
<style>
.span8 {width: 698px;}
</style>
</head>

<body>

<div class="container">

<div class="navbar">
<div class="navbar-inner">
<div class="container">
<a class="brand" href="/">IxatCool</a>
<div class="nav-collapse">
<ul class="nav">
<li><a href="http://ixatcool.com/register.php">Registrar</a></li>
<li><a href="http://ixatcool.com/login.php">Login</a></li>
<li><a href="http://ixatcool.com/group.php">Crear Grupo</a></li>
<li><a href="http://ixatcool.com/tienda/powers/index.php">Powers</a></li>
<li><a href="http://ixatcool.com/tienda/trade/index.php">Trade</a></li>
</ul>
</div>
<form class="form-inline pull-right" style="padding: 0; margin: 0;" action="http://ixatcool.com/register.php" method="post">
<input type="hidden" name="login" />
<input type="text" name="user" class="span2" placeholder="Username">
<input type="password" name="pass" class="span2" placeholder="Password">
<button type="submit" class="btn" name="Login">Login</button>
</form>


</div>
</div>
</div>
<div class="well">
<h2 class="title"><a href="">Login - Register</a></h2>
<div class="meta">
<p> <a href=""></a><a href=""></a></p>
</div>
<div class="story">
<p><div id="content">


<?php if(!isset($_SESSION["user"])) {?>
<td>
<center><table class="tbRegister" style="position:relative; center:216px;">
<form method="post">
<input type="hidden" name="register" />
<tr> <th colspan=2>Registrese a continuacion</th> </tr>
<tr> <th>Nombre</th> <th><input type="text" name="user" class="text" /></th> </tr>
<tr> <th>Pass</th> <th><input type="password" name="pass" class="text" /></th> </tr>
<tr> <th>Email (Verdadero)</th> <th><input type="text" name="email" class="text" /></th> </tr>
<tr> <th colspan=2><input type="submit" class="text" style="width: 100%;" value="Register" /></th> </tr>
</form>
</table>
</td></center>
<br>
<br>
<?php }?>
<center><td valign=top>
<table class="tbRegister" style="position:relative; center:216px;">
<form method="post">
<input type="hidden" name="login" />
<center><tr> <th colspan=2>Inicie sesion a continuacion </th> </tr>
<center><tr> <th>Nompre</th> <th><input type="text" name="user" class="text" /></th> </tr>
<center><tr> <th>Pass</th> <th><input type="password" name="pass" class="text" /></th> </tr>
<center><tr> <th colspan=2><input type="submit" class="text" style="width: 100%;" value="Login" /></th> </tr></center>
</form>
</table>
</td></tr>
</table></center>
<?php 
if(isset($res)) {
$replace = array("[GREEN]"=>'<font color="#00ff00">', "[CLOSE]"=>'</font>', "[RED]"=>'<font color="#ff0000">');
foreach($replace as $u=>$U) $res = str_replace($u, $U, $res);
echo '<center>'.$res.'</center>';
}
?>
<br>
<br>
<?php
if(isset($_SESSION["user"])) echo "<center>Estas conectado como ".$_SESSION["user"]."</center><br />";
if(isset($_SESSION["login"])) {
$vars = "uname=".@$_POST["user"]."&upass=".@$_POST["pass"];
echo "<center><embed height=\"1\" width=\"1\" pluginspage=\"http://xat.com/update_flash.shtml\" type=\"application/x-shockwave-flash\" allowscriptaccess=\"always\" flashvars=\"$vars\" quality=\"high\" src=\"http://ixatcool.com/flash/login.swf\" bgcolor=\"#111666\"></center>";
unset($_SESSION["login"]);
}
?>
<table>
<tr>
<br>
<br>



</div>
<br /> <img src="" border="0" alt="" title="" class="" /></p>
</div>
</div>
</div>





</div>
</div>
</body>
</html>