';
include 'header_top_test.php';
echo "ok1"; exit;
if(!defined('ENV')){
define('ENV',getenv('SERVER_NAME'));
}
$message = '';
$loc = "fullsearch.php?searchview=2";
$number_machines = 1;
$bypass = 0;
$successMessage = 0;
$_SESSION['sess_access_token'] = '';
$new_msg='If you have not logged in or reset your credentials since June 7, 2025, you will need to
reset your password. Select the Forgot Password link to receive a reset code via email.
Still having issues logging in?
Reach us at contactus@competiscan.com.';
if (isset($_GET['product']) && $_GET['product']!='') {
$direct_request_type = 'product';
$direct_request_id = (float)$_GET['product'];
} elseif(isset($_GET['trend_id']) && $_GET['trend_id']!='') {
$direct_request_type = 'trend_id';
$direct_request_id = (int)$_GET['trend_id'];
//############### ADD ENCODE TREND ID############
} elseif(isset($_GET['document']) && $_GET['document']!='') {
$direct_request_type = 'document';
$direct_request_id = (float)$_GET['document'];
} elseif(isset($_GET['download']) && $_GET['download']!='') {
$direct_request_type = 'download';
$direct_request_id = preg_replace('/\\W+/','',$_GET['download']);
}
if(isset($_COOKIE['competiscaner'])){
$cookieArray = explode(':',$_COOKIE['competiscaner']);
$cookieArray = array_map('urldecode',$cookieArray);
$oldusername = $cookieArray[0];
$oldpassword = $cookieArray[1];
$oldIPAddress = $cookieArray[2];
$olduserID = $cookieArray[3];
$secretcode = $cookieArray[4];
$uctimestamp = $cookieArray[5];
}
else{
$oldusername = '';
$oldpassword = '';
$oldIPAddress = '';
$olduserID = '';
$secretcode = 0;
$uctimestamp = 0;
}
function callAPI($method, $url, $data){
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'User-Agent: Mozilla/5.0',
'Authorization:'.$_SESSION['sess_access_token'],
'Content-Length: ' . strlen($data)
]);
$result = curl_exec($curl);
curl_close($curl);
return $result;
}
//'Authorization: Bearer '.isset($_GET['sess_access_token']),
$postuserdata=array();
$otp_input_field=0;
$otp_input_pwdfield=1;
$session_email_otp_v='';
// ===============================
// HANDLE LOGIN or OTP VERIFY
// ===============================
if (isset($_POST['login']) || isset($_POST['verify_opt_seession']) || (isset($_GET['resend_otp']) && $_GET['resend_otp']==1) || (isset($_GET['is_admin']) and $_GET['is_admin']==true)) {
$postuserdata = [];
$otp_input_field = 0;
$otp_input_pwdfield = 1;
// VERIFY OTP REQUEST
if (!empty($_POST['verify_opt_seession']) && !empty($_POST['v_otp'])) {
$postuserdata['email'] = $_POST['userName'];
$postuserdata['session'] = $_POST['verify_opt_seession'];
$postuserdata['otp'] = $_POST['v_otp'];
} elseif(!empty($_GET['auth_id']) && !empty($_GET['key'])){
$postuserdata['email'] = base64_decode($_GET['auth_id']);
$postuserdata['password'] = base64_decode($_GET['key']);
$otp_input_field = 1;
$otp_input_pwdfield = 0;
}elseif(!empty($_GET['is_admin']) and $_GET['is_admin']==true){
$postuserdata['email'] = base64_decode($_GET['id']);
$_SESSION['sess_access_token'] = trim($_GET['token']);
$postuserdata['is_admin'] = True;
}
else {
$postuserdata['email'] =$_SESSION['userName'] = $_POST['userName'];
$postuserdata['password']=$_SESSION['password']= $_POST['password'];
}
$postdata = json_encode($postuserdata);
$apiuserurl = USER_LOGIN_API_URL_PROD . 'sign-in-aws';
$getuserdata = callAPI('POST', $apiuserurl, $postdata);
$resuserdata = json_decode($getuserdata, true);
// ===============================
// RESPONSE HANDLING
// ===============================
if (isset($resuserdata['code'])) {
switch ($resuserdata['code']) {
case 200:
if (isset($resuserdata['data']['challenge']) && $resuserdata['data']['challenge'] == 'EMAIL_OTP') {
// OTP CHALLENGE
$otp_input_field = 1;
$otp_input_pwdfield = 0;
$_SESSION['session'] = $resuserdata['data']['session'];
$message = "";
} else {
// LOGIN SUCCESS - SET SESSION DATA
$_SESSION['sess_access_token']=$resuserdata['data']['access_token'];
$_SESSION['sess_refresh_token']=$resuserdata['data']['refresh_token'];
$apiusergetpermission=USER_PERMISSION_API_URL_PROD.'rolepermissionclientdata?userID='.$resuserdata['data']['user_id'];
$getuserpermissiondata= callAPI('GET', $apiusergetpermission,null);
$resuserpermissiondata = json_decode($getuserpermissiondata, true);
// echo "";
// print_r($resuserpermissiondata);
// echo "";
//die;
$_SESSION['sess_username']=$resuserpermissiondata['sess_username'];
$_SESSION['sess_userID'] = $resuserpermissiondata['sess_userID'];
$_SESSION['sess_userType'] = $resuserpermissiondata['sess_userType'];
$_SESSION['sess_userType'] = 'a';
$_SESSION['sess_companyName'] = $resuserpermissiondata['sess_companyName'];
$_SESSION['sess_plevel'] = $resuserpermissiondata['sess_plevel'];
$_SESSION['sess_mchannel'] = $resuserpermissiondata['sess_mchannel'];
$_SESSION['sess_mpanel'] = $resuserpermissiondata['sess_mpanel'];
$_SESSION['sess_sector'] = $resuserpermissiondata['sess_sector'];
$_SESSION['sess_category'] = $resuserpermissiondata['sess_category'];
$_SESSION['sess_subcategory'] = $resuserpermissiondata['sess_subcategory'];
$_SESSION['sess_subtosubcategory'] = $resuserpermissiondata['sess_subtosubcategory'];
$_SESSION['sess_search_exclude'] = $resuserpermissiondata['sess_search_exclude'];
$_SESSION['sess_search_additional_field'] = $resuserpermissiondata['sess_search_additional_field'];
$_SESSION['sess_anotation_tool_link'] = $resuserpermissiondata['sess_search_annotation_tool'];
$_SESSION['sess_ai_analysis_link'] = $resuserpermissiondata['sess_ai_analysis_link'];
$_SESSION['sess_sender_domain'] = $resuserpermissiondata['sess_sender_domain'];
$_SESSION['sess_search_page_permission'] = $resuserpermissiondata['sess_search_page_permission'];
$_SESSION['sess_dashboard'] = false;
if(!empty($resuserpermissiondata['sess_search_edc'])){
$_SESSION['sess_dashboard'] = true;
}
if(!empty($_SESSION['sess_search_page_permission'])){
$show_header_top=true;
}
// redirect after login
if(isset($_SESSION['sess_userID'])){
$time = time();
if($bypass!=1){
if(preg_match('/^(\\d[^\\.]+\\.\\d[^\\.]+\\.)/',$IPAddress,$matches)){
$check_ip = $matches[1];
}
else{
$check_ip = substr($IPAddress,0,strrpos($IPAddress,'.'));
}
$count_save_sql = "SELECT COUNT(*) FROM cscan_user_code where userID={$_SESSION['sess_userID']} AND (code='".$DRW->real_escape_string($secretcode)."' OR initial_IP LIKE '".$check_ip."%')";
$rs = $DRW->query($count_save_sql,$DRW_read);
$data = $DRW->fetch_row($rs);
$secretcodecount = (int) $data[0];
if($secretcodecount==0){
$count_save_sql = "SELECT COUNT(*) FROM cscan_user_code where userID={$_SESSION['sess_userID']}";
$rs = $DRW->query($count_save_sql,$DRW_read);
$data = $DRW->fetch_row($rs);
$codecount = (int) $data[0];
if($codecount>=$number_machines){
ob_end_clean();
header("Location: logout.php?auth=1");
exit;
}
elseif($codecount<$number_machines){
$secretcode = $time;//mt_rand(100,1000000);
$sql = "REPLACE INTO cscan_user_code (userID,code,initial_IP) VALUES ({$_SESSION['sess_userID']},$secretcode,'{$IPAddress}')";
$DRW->query($sql,$DRW_main);
}
}
}
if($secretcode==0){
$secretcode = $time;
}
if(!isset($_POST['rememberMe'])) {
$username = '';
$password = '';
}
$cookieArray = array($username,$password,$IPAddress,$_SESSION['sess_userID'],$secretcode,$time);
$cookieArray = array_map('urlencode',$cookieArray);
$COOKIEDOMAIN='.competiscan.com';
setcookie('competiscaner',implode(":",$cookieArray),$time+(3600*1),$COOKIEPATH,$COOKIEDOMAIN);
//setcookie('competiscaner',implode(":",$cookieArray),$time+(86400*364),$COOKIEPATH,$COOKIEDOMAIN,true, true,'SameSite=None');
if($_SESSION['sess_userType']=='a'){
$sql = "INSERT INTO cscan_user_tracker SET userID = '".$DRW->real_escape_string($_SESSION['sess_userID'])."', loginTime = curtime(), logoutTime=curtime(), IPAddress = '".$DRW->real_escape_string($IPAddress)."' , date = curdate(),cookie_code='".$DRW->real_escape_string($secretcode)."'";
}
else{
$sql = "INSERT INTO cscan_user_tracker SET userID = '".$DRW->real_escape_string($parentID)."', subUserID = '".$DRW->real_escape_string($_SESSION['sess_userID'])."', loginTime = curtime(), logoutTime=curtime(), IPAddress = '".$DRW->real_escape_string($IPAddress)."' , date = curdate(),cookie_code='".$DRW->real_escape_string($secretcode)."'";
}
$rs = $DRW->query($sql,$DRW_main);
$_SESSION['trackerID'] = $DRW->insert_id($DRW_main);
}
}
break;
case 400:
if ($resuserdata['message'] == "New password is required to complete authentication.") {
header("Location: temp_password.php?user=" . base64_encode($_POST['userName']));
exit;
}
$message = "
- " . $resuserdata['message'] . "
";
break;
case 401:
$message="- ".$resuserdata['message']."
";
break;
case 403:
if ($resuserdata['message'] == "SSO login required.") {
header("Location: login_sso.php");
exit;
}
$message="- ".$resuserdata['message']."
";
break;
case 404:
$message="- ".$resuserdata['message']."
";
break;
case 500:
$otp_input_field = 1;
$otp_input_pwdfield = 0;
$session_email_otp_v = $resuserdata['data']['session'];
$validmsg='Please enter a valid OTP';
$message = "";
if ($resuserdata['code'] == 500) {
$otp_input_pwdfield = 0;
$otp_input_field = 1;
}
break;
default:
$message = "- Unexpected error occurred.
";
break;
}
}
}
//if(isset($_POST['login']) or ((isset($_GET['is_admin']) and $_GET['is_admin']==1))){
if(isset($_SESSION['sess_userID'])){
if(isset($_REQUEST['product']) && $_REQUEST['product']!=''){
############## Start: Email Tracking ################
if(!empty($tracking_id)){
$loc = "productDetail.php?id=".(float)$_REQUEST['product'].'&trmsg='.$tracking_id;
}else{
$loc = "productDetail.php?id=".(float)$_REQUEST['product'];
}
// if (isset($_COOKIE['lastURL'])) {
// $loc = $_COOKIE['lastURL'];
// }
################ End: Email Tracking ###############
}
elseif(isset($_REQUEST['trend_id']) && $_REQUEST['trend_id']!=''){
$loc = "trend_reports.php?trend_id=".(int)$_REQUEST['trend_id'];
//############### ADD ENCODE TREND ID############
}
elseif(isset($_REQUEST['document']) && $_REQUEST['document']!=''){
$loc = "productDocuments.php?id=".(float)$_REQUEST['document'];
}
elseif(isset($_REQUEST['download']) && $_REQUEST['download']!=''){
$loc = "downloads.php?id=".preg_replace('/\\W+/','',$_REQUEST['download']);
}
if (isset($_COOKIE['lastURL']) AND $_COOKIE['lastURL']!='null') {
$loc = $_COOKIE['lastURL'];
}
ob_end_clean();
header("Location: $loc");
exit;
}
if($oldusername!='') {
$checked = 'checked="checked"';
}
else {
$checked = '';
}
?>
real_escape_string( $value ) . "'";
}
return $value;
}
?>