/login.php Secret

## login.php
<?php
$page = 'Login';
include('page-header.php');

if (isset($_GET['challenge']))
	$_SESSION['chilli'] = $_GET;

if (isset($_GET['login']))
{
/*
	if ($_POST['password'] == 'remember-me' && isset($_SESSION['remember-me']))
		$_POST['password'] = $_SESSION['remember-me']['password'];
*/
  	if (!$db_radius->user_exists($_POST['username']))
		$errors[] = 'Name does not exist.';
	if ($_POST['password'] != $db_radius->get_user_password($_POST['username']))
		$errors[] = 'Password incorrect.';
	if (empty($errors))
	{
/*
		if (isset($_POST['remember-me']))
			$_SESSION['remember-me'] = array(
				'username' => $_POST['username'],
				'password' => $_POST['password']
			);
*/
		chilli_login();
	}
}

if (!empty($_GET['res']))
{
	switch ($_GET['res'])
	{
		case 'success':
			$_SESSION = array(
/*
				'authed' => (!empty($_POST['username']) && !empty($_POST['password'])
					&& (($user_password = $db_radius->get_user_password($_POST['username'])) !== NULL
					&& $_POST['password'] === $user_password) && in_array(strtolower($_POST['username']) , $allowed_users_lower)),
*/
				'username' => strpos($_GET['uid'], '@') === false ? ucwords($_GET['uid']) : $_GET['uid'],
//				'remember-me' => $_SESSION['remember-me']
			);
			file_put_contents('logs/logins/' . date('Y-m-d') . '.log', "SUCCESS\t" . date('h:i:s a') . "\t'{$_GET['uid']}'\n" . print_r($_GET, true), FILE_APPEND);
			//header('Location: http://google.ca');
			header('Location: bandwidth.php');
			die();
		case 'already':
			//header('Location: http://google.ca');
			header('Location: bandwidth.php');
			die();
		case 'logoff':
			$_SESSION = array(
//				'remember-me' => $_SESSION['remember-me']
			);
	}
}

if (!empty($_GET['res']))
{
	switch ($_GET['res'])
	{
		case 'failed':
			$errors = array();
			if (isset($_GET['reply']))
				if ($_GET['reply'] == 'Your maximum daily usage time has been reached' ||
					$_GET['reply'] == 'Your maximum weekly usage time has been reached' ||
					$_GET['reply'] == 'Your maximum monthly usage time has been reached')
				{
					$bandwidth = $db_radius->get_user_bandwidth($_SESSION['login']['username']);
					$bandwidth_types = array('all-time', 'daily', 'weekly', 'monthly');
					$errors[] = "You have used your " . format_bytes($bandwidth['limit']['bytes'], 2) . " of {$bandwidth_types[$bandwidth['limit']['type']]} bandwidth!";
					$remaining_time = ($bandwidth['remaining']['time'] > 0 ? duration($bandwidth['remaining']['time']) : '&infin;');
					$errors[] = "Your bandwidth resets in: {$remaining_time}.";
				}
				elseif ($_GET['reply'] == 'Your maximum never usage time has been reached')
				{
					$errors[] = "You have used all your bandwidth.";
					$errors[] = "You need to buy more to use the Internet.";
				}
				else
					$errors[] = $_GET['reply'];
			else
				$errors[] = "Username and/or password rejected.";
	}
}
include('page-footer.php');

include('html/page-header.php');
include('html/login.php');
include('html/page-footer.php');

//include('html/bootstrap3/page-header.php');
//include('html/bootstrap3/login.php');
//include('html/bootstrap3/page-footer.php');
?>

## random-db-functions
<?php
  public function get_user_bandwidth_used($username, $time_start)
	{
		$stmt = $this->mysqli->prepare("SELECT IFNULL(SUM(acctinputoctets+acctoutputoctets), 0) FROM radacct WHERE username = ? AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > ?");
		$stmt->bind_param('sd', $username, $time_start);
		$stmt->execute();
		$stmt->store_result();
		$stmt->bind_result($used);
		$stmt->fetch();
		$return = $used;
		$stmt->free_result();
		$stmt->close();
		return $return;
	}
	public function get_user_bandwidth($username, $ignore_group = false)
	{
		if (!$ignore_group)
		{
			foreach ($this->get_user_groups($username) as $group)
			{
				if ($return = $this->get_group_bandwidth($group))
				{
					$return['used'] = $this->get_user_bandwidth_used($username, $this->times[$return['limit']['type']]['time_start']);
					$return['remaining']['bytes'] = $return['limit']['bytes'] - $return['used'];
				}
			}
			if (!empty($return))
				return $return;
		}
		$stmt = $this->mysqli->prepare("SELECT attribute, value FROM radcheck WHERE username = ? AND attribute LIKE 'CS-Total-Octets%'");
		$stmt->bind_param('s', $username);
		$stmt->execute();
		$stmt->store_result();
		if ($stmt->num_rows() < 1)
			$return = NULL;
		else
		{
			$stmt->bind_result($type, $limit);
			$stmt->fetch();
			$type = array_search($type, $this->bandwidth_types);
			$used = $this->get_user_bandwidth_used($username, $this->times[$type]['time_start']);
			$return = array('limit' => array('type' => $type, 'bytes' => $limit), 'used' => $used, 'remaining' => array('bytes' => $limit - $used, 'time'  => $this->times[$type]['time_end'] - time()));
		}
		$stmt->free_result();
		$stmt->close();
		return $return;
	}
	<?php
	$page = 'Login';
	include('page-header.php');

	if (isset($_GET['challenge']))
	$_SESSION['chilli'] = $_GET;

	if (isset($_GET['login']))
	{
	/*
	if ($_POST['password'] == 'remember-me' && isset($_SESSION['remember-me']))
	$_POST['password'] = $_SESSION['remember-me']['password'];
	*/
	if (!$db_radius->user_exists($_POST['username']))
	$errors[] = 'Name does not exist.';
	if ($_POST['password'] != $db_radius->get_user_password($_POST['username']))
	$errors[] = 'Password incorrect.';
	if (empty($errors))
	{
	/*
	if (isset($_POST['remember-me']))
	$_SESSION['remember-me'] = array(
	'username' => $_POST['username'],
	'password' => $_POST['password']
	);
	*/
	chilli_login();
	}
	}

	if (!empty($_GET['res']))
	{
	switch ($_GET['res'])
	{
	case 'success':
	$_SESSION = array(
	/*
	'authed' => (!empty($_POST['username']) && !empty($_POST['password'])
	&& (($user_password = $db_radius->get_user_password($_POST['username'])) !== NULL
	&& $_POST['password'] === $user_password) && in_array(strtolower($_POST['username']) , $allowed_users_lower)),
	*/
	'username' => strpos($_GET['uid'], '@') === false ? ucwords($_GET['uid']) : $_GET['uid'],
	// 'remember-me' => $_SESSION['remember-me']
	);
	file_put_contents('logs/logins/' . date('Y-m-d') . '.log', "SUCCESS\t" . date('h:i:s a') . "\t'{$_GET['uid']}'\n" . print_r($_GET, true), FILE_APPEND);
	//header('Location: http://google.ca');
	header('Location: bandwidth.php');
	die();
	case 'already':
	//header('Location: http://google.ca');
	header('Location: bandwidth.php');
	die();
	case 'logoff':
	$_SESSION = array(
	// 'remember-me' => $_SESSION['remember-me']
	);
	}
	}

	if (!empty($_GET['res']))
	{
	switch ($_GET['res'])
	{
	case 'failed':
	$errors = array();
	if (isset($_GET['reply']))
	if ($_GET['reply'] == 'Your maximum daily usage time has been reached' \|\|
	$_GET['reply'] == 'Your maximum weekly usage time has been reached' \|\|
	$_GET['reply'] == 'Your maximum monthly usage time has been reached')
	{
	$bandwidth = $db_radius->get_user_bandwidth($_SESSION['login']['username']);
	$bandwidth_types = array('all-time', 'daily', 'weekly', 'monthly');
	$errors[] = "You have used your " . format_bytes($bandwidth['limit']['bytes'], 2) . " of {$bandwidth_types[$bandwidth['limit']['type']]} bandwidth!";
	$remaining_time = ($bandwidth['remaining']['time'] > 0 ? duration($bandwidth['remaining']['time']) : '∞');
	$errors[] = "Your bandwidth resets in: {$remaining_time}.";
	}
	elseif ($_GET['reply'] == 'Your maximum never usage time has been reached')
	{
	$errors[] = "You have used all your bandwidth.";
	$errors[] = "You need to buy more to use the Internet.";
	}
	else
	$errors[] = $_GET['reply'];
	else
	$errors[] = "Username and/or password rejected.";
	}
	}
	include('page-footer.php');

	include('html/page-header.php');
	include('html/login.php');
	include('html/page-footer.php');

	//include('html/bootstrap3/page-header.php');
	//include('html/bootstrap3/login.php');
	//include('html/bootstrap3/page-footer.php');
	?>
	<?php
	public function get_user_bandwidth_used($username, $time_start)
	{
	$stmt = $this->mysqli->prepare("SELECT IFNULL(SUM(acctinputoctets+acctoutputoctets), 0) FROM radacct WHERE username = ? AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > ?");
	$stmt->bind_param('sd', $username, $time_start);
	$stmt->execute();
	$stmt->store_result();
	$stmt->bind_result($used);
	$stmt->fetch();
	$return = $used;
	$stmt->free_result();
	$stmt->close();
	return $return;
	}
	public function get_user_bandwidth($username, $ignore_group = false)
	{
	if (!$ignore_group)
	{
	foreach ($this->get_user_groups($username) as $group)
	{
	if ($return = $this->get_group_bandwidth($group))
	{
	$return['used'] = $this->get_user_bandwidth_used($username, $this->times[$return['limit']['type']]['time_start']);
	$return['remaining']['bytes'] = $return['limit']['bytes'] - $return['used'];
	}
	}
	if (!empty($return))
	return $return;
	}
	$stmt = $this->mysqli->prepare("SELECT attribute, value FROM radcheck WHERE username = ? AND attribute LIKE 'CS-Total-Octets%'");
	$stmt->bind_param('s', $username);
	$stmt->execute();
	$stmt->store_result();
	if ($stmt->num_rows() < 1)
	$return = NULL;
	else
	{
	$stmt->bind_result($type, $limit);
	$stmt->fetch();
	$type = array_search($type, $this->bandwidth_types);
	$used = $this->get_user_bandwidth_used($username, $this->times[$type]['time_start']);
	$return = array('limit' => array('type' => $type, 'bytes' => $limit), 'used' => $used, 'remaining' => array('bytes' => $limit - $used, 'time' => $this->times[$type]['time_end'] - time()));
	}
	$stmt->free_result();
	$stmt->close();
	return $return;
	}