Example #1
1
 public function login($request, $response, $args)
 {
     $data = json_decode($request->getBody());
     $user = R::findOne('user', 'username = ?', [$data->username]);
     if ($user === null) {
         $this->logger->addError('Login Attempt', [$data]);
         $this->apiJson->addAlert('error', 'Invalid username or password.');
         return $this->jsonResponse($response, 401);
     }
     if (!password_verify($data->password, $user->password_hash)) {
         $this->logger->addError('Login Attempt ', [$data]);
         $this->apiJson->addAlert('error', 'Invalid username or password.');
         return $this->jsonResponse($response, 401);
     }
     if (!$user->is_active) {
         $this->logger->addError('Login Attempt Inactive User ', [$data]);
         $this->apiJson->addAlert('error', 'This username is not active.');
         return $this->jsonResponse($response, 403);
     }
     $jwt = self::createJwt($user->id, $data->remember ? 100 : 1);
     $user = R::load('user', $user->id);
     $user->active_token = $jwt;
     $user->last_login = time();
     $user->logins += 1;
     R::store($user);
     $this->apiJson->setSuccess();
     $this->apiJson->addData($this->sanitizeUser($user));
     return $this->jsonResponse($response);
 }
 function login()
 {
     $link = $this->db_connection();
     $pass = $_POST['user_password'];
     $user = $_POST['user_name'];
     $query = "SELECT password, user_type, name FROM user WHERE user_name='{$user}'";
     $result = mysqli_query($link, $query) or die(mysqli_error($link));
     if (mysqli_num_rows($result) == 1) {
         $result = mysqli_fetch_array($result);
         //$hash= password_hash($result[0], PASSWORD_DEFAULT);
         //$hash=$result[0];
         //echo $hash;
         //print_r($result);
         //           if($result[0]==$pass){
         if (password_verify($pass, $result[0])) {
             session_start();
             $_SESSION['type'] = $result[1];
             $_SESSION['name'] = $result[2];
             //echo $_SESSION['type'].'<br>'.$_SESSION['name']=$result[2];
             header("Location:card.php");
         } else {
             return $error = TRUE;
         }
     } else {
         return $error = TRUE;
     }
 }
function loginuser($username, $password)
{
    require '../vendor/autoload.php';
    $result = array();
    try {
        $uri = "mongodb://*****:*****@ds027483.mongolab.com:27483/heroku_v7w2qftd";
        $client = new MongoClient($uri);
        $db = $client->selectDB("heroku_v7w2qftd");
        $users = $db->users;
        $user = $users->findOne(array("username" => $username));
        $passhash = $user["password"];
        $firstname = $user["firstname"];
        $lastname = $user["lastname"];
        $middlename = $user["middlename"];
        $email = $user["email"];
    } catch (Exception $e) {
        $result['message'] = "Trouble connecting to database";
    }
    if ($user == null) {
        $result["message"] = "User doesn't exist";
    } else {
        if (password_verify($password, $passhash)) {
            $result["message"] = "SUCCESS";
            $result["username"] = $username;
            $result["firstname"] = $firstname;
            $result["lastname"] = $lastname;
            $result["middlename"] = $middlename;
            $result["email"] = $email;
        } else {
            $result["message"] = "Password doesn't match";
        }
    }
    return $result;
}
Example #4
0
 public function postLogin(Request $request)
 {
     $this->validate($request, ['username' => 'required', 'password' => 'required']);
     $credentials = $request->only('username', 'password', 'active');
     $employee = Employee::where('username', $credentials['username'])->where('active', true)->first();
     if ($employee != null && password_verify($credentials['password'], $employee->password)) {
         if (!$employee->isadmin) {
             if (getenv('HTTP_X_FORWARDED_FOR')) {
                 $ip = getenv('HTTP_X_FORWARDED_FOR');
             } else {
                 $ip = getenv('REMOTE_ADDR');
             }
             $host = gethostbyaddr($ip);
             $ipAddress = 'Address : ' . $ip . ' Host : ' . $host;
             $count = Ipaddress::where('ip', $ip)->count();
             $today = date("Y-m-d");
             if ($count == 0 || $employee->loginstartdate == null || $today < date('Y-m-d', strtotime($employee->loginstartdate)) || $employee->loginenddate != null && $today > date('Y-m-d', strtotime($employee->loginenddate))) {
                 return view('errors.permissiondenied', ['ipAddress' => $ipAddress]);
             }
             if ($employee->branchid == null) {
                 return redirect($this->loginPath())->withInput($request->only('username', 'remember'))->withErrors(['username' => 'บัญชีเข้าใช้งานของคุณยังไม่ได้ผูกกับสาขา โปรดติดต่อหัวหน้า หรือผู้ดูแล']);
             }
         }
         if ($this->auth->attempt($credentials, $request->has('remember'))) {
             return redirect()->intended($this->redirectPath());
         }
     } else {
         return redirect($this->loginPath())->withInput($request->only('username', 'remember'))->withErrors(['username' => $this->getFailedLoginMessage()]);
     }
 }
Example #5
0
 /**
  * Mengecek nilai plain yang diberi dengan hash.
  *
  * @param  string  $value
  * @param  string  $hashed_value
  * @return bool
  */
 public static function check($value, $hashed_value)
 {
     if (strlen($hashed_value === 0)) {
         return false;
     }
     return password_verify($value, $hashed_value);
 }
Example #6
0
 /**
  * Validate that the given username and password are valid
  *
  * @param string  $user     Username
  * @param string  $pass     Password
  * @param boolean $isMd5    Flag to indicate whether incoming password 
  *                          is plaintext or md5
  *
  * @return boolean
  */
 public function validate($user, $userPass, $isMd5 = false, CI_Input $input = null)
 {
     $ret = $this->getUserByUsername($user);
     // make sure we're using an md5 format, passwords are hashed md5s (yes, really)
     $pass = $isMd5 ? $userPass : md5($userPass);
     // did we get a row and do the passwords match?
     if (isset($ret[0])) {
         if (password_verify($pass, $ret[0]->password)) {
             return true;
         } else {
             // may be the password in the database was stored when CI's
             // global_xss_filtering was set to true. We can only test for
             // this if the password passed in was not md5'd.
             if (false === $isMd5) {
                 $pass = $input->xss_clean($userPass);
                 $pass = md5($pass);
                 if (password_verify($pass, $ret[0]->password)) {
                     // it was! Let's store the actually $userPass
                     $password = password_hash(md5($userPass), PASSWORD_DEFAULT);
                     $this->db->where('username', $user);
                     $this->db->update('user', array('password' => $password));
                     return true;
                 }
             }
         }
     }
     return false;
 }
Example #7
0
function login($username, $password)
{
    $pdo = pdo();
    $statement = $pdo->prepare("SELECT * FROM users WHERE username LIKE '{$username}'");
    $statement->execute();
    $rowcount = $statement->rowCount();
    if ($rowcount >= 1) {
        //echo 'username found!';
        $statement2 = $pdo->prepare("SELECT username FROM users WHERE username LIKE '{$username}'");
        $statement2->execute();
        $hash = $statement->fetch();
        $hash = $hash['password'];
        if (password_verify($password, $hash)) {
            //echo 'username and password match! - declaring session variables.';
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $password;
            return 1;
            //username and password is a match! Successful login!
        } else {
            //wrong username or password!
            return 2;
        }
    } else {
        //there is no account with that username
        return 3;
    }
}
Example #8
0
        function authenticate($username, $password) {
    
             $db = new PDO('mysql:dbname=dwa;host=localhost;charset=utf8', 'dbuser', '123');
                $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            try {
               
                $stmt = $db->prepare("SELECT zaporka FROM korisnik WHERE korIme = :username");
                $stmt->bindParam(':username', $username);
                $stmt->execute();

                $result = $stmt->fetch(PDO::FETCH_ASSOC);

                $hash = $result['zaporka'];

                if(!password_verify($password, $hash)) {    
            
                    return false;
                }

                $stmt = $db->prepare("SELECT id, korIme, ime FROM korisnik WHERE korIme = :username");
                $stmt->bindParam(':username', $username);
                $stmt->execute();

                $user = $stmt->fetch();

                $_SESSION['user'] = $user['korIme'];
                return true;

            } catch(PDOException $ex) {
                echo "Nes ne valja: ".$ex->getMessage();
                return false;
            }
    }
Example #9
0
 public function login()
 {
     //if (auth()->is_logged()) {
     //   return redirect(base_url('dashboard'));
     // }
     $this->form_validation->set_rules('emailid', 'Email ID', 'trim|required|valid_email');
     $this->form_validation->set_rules('password', 'Password', 'trim|required');
     if ($this->form_validation->run() == FALSE) {
         $this->showLogin();
     } else {
         $user = $this->User_model->getByEmail($this->input->post('emailid'));
         if (empty($user)) {
             $data = array('message' => 'Invalid Email ID.');
         } elseif (!password_verify($this->input->post('password'), $user->password)) {
             $data = array('message' => 'Wrong Password.');
         } elseif ($user->status != '1') {
             $data = array('message' => 'Your account needs activation.');
         } else {
             auth()->login($user->u_id);
             return redirect(base_url('dashboard'));
         }
         $data['page'] = 'auth/login';
         $this->load->view('auth', $data);
     }
 }
Example #10
0
function passwordExists($dbConn, $username, $password)
{
    $isValid = false;
    $dbQuery = "SELECT Password FROM USERS WHERE Username = '******' LIMIT 1";
    FB::info('passwordExists() query: ' . $dbQuery);
    $dbRows = mysqli_query($dbConn, $dbQuery);
    $dbValues = mysqli_fetch_assoc($dbRows);
    $dbPassword = $dbValues['Password'];
    if (password_verify($password, $dbPassword)) {
        $isValid = true;
        FB::log('Password is valid!');
        // Check if the password needs a rehash.
        if (password_needs_rehash($dbPassword, PASSWORD_DEFAULT)) {
            FB::log('Rehashing password!');
            $dbPassword = password_hash($password, PASSWORD_DEFAULT);
            $dbQuery = "UPDATE USERS SET Password = '******' WHERE Username = '******'";
            FB::info('Password rehash query: ' . $dbQuery);
            $dbRows = mysqli_query($dbConn, $dbQuery);
            if ($dbRows) {
                FB::log('Password rehash successful!');
            } else {
                FB::error('Password rehash failed: ' . mysqli_error($dbConn));
            }
        }
    }
    return $isValid;
}
Example #11
0
 public function loginUser()
 {
     $this->load->library(["form_validation"]);
     $this->load->helper("date");
     $this->form_validation->set_rules("username", "Username", "trim|required");
     $this->form_validation->set_rules("password", "Password", "required");
     $message = [];
     $template = "loginForm";
     if ($this->form_validation->run()) {
         $this->load->model("Users");
         $user_login_data = ["login" => $this->input->post("username", true), "password" => $this->input->post("password")];
         $login_data = $this->Users->getUserByLogin($user_login_data["login"]);
         if (!empty($login_data)) {
             if (password_verify($user_login_data["password"], $login_data->password)) {
                 $id_time = $this->Users->setLoginTime(["ip" => ip2long($this->input->server("REMOTE_ADDR")), "logged_at" => date("Y-m-d H:i:s"), "id_user" => $login_data->id]);
                 $this->session->set_userdata("logged_in", ["id_time" => $id_time, "login" => $login_data->login, "email" => $login_data->email, "id" => $login_data->id]);
             } else {
                 $message = ["error_text" => "Wrong password"];
             }
         } else {
             $message = ["error_text" => "User doesn't exist"];
         }
     } else {
         $this->form_validation->set_error_delimiters("<div class = 'text-danger'>", "</div>");
     }
     $this->getUserLoginTime($template, $message);
 }
Example #12
0
 function login()
 {
     $this->__is_logined();
     $this->form_validation->set_rules('email', '이메일', 'required|valid_email');
     $this->form_validation->set_rules('password', '비밀번호', 'required');
     $isValidate = $this->form_validation->run();
     if ($isValidate) {
         $input_data = array('email' => $this->input->post('email'));
         $user = $this->user_model->get_user_by_email($input_data);
         // db 정보와 확인
         if ($user != null && $user->email == $input_data['email'] && password_verify($this->input->post('password'), $user->password)) {
             if ($user->is_admin) {
                 $this->handle_login($user);
             } else {
                 $this->session->set_flashdata('message', '관리자만 접근할 수 있습니다.');
                 redirect('auth/login');
             }
         } else {
             $this->session->set_flashdata('message', '로그인에 실패하였습니다.');
             redirect('auth/login');
         }
     } else {
         if ($this->input->get('returnURL') === "") {
             $this->__get_views('_AUTH/login');
         }
         $this->__get_views('_AUTH/login', array('returnURL' => $this->input->get('returnURL')));
     }
 }
Example #13
0
 static function authenticateUser($email, $password)
 {
     if (empty($email)) {
         throw new InvalidArgumentException("email may not be empty", 400);
     }
     if (empty($password)) {
         throw new InvalidArgumentException("password may not be empty", 400);
     }
     require_once '../api/include/connect_db.php';
     $conn = connect_db();
     $email = $conn->real_escape_string($email);
     $password = $conn->real_escape_string($password);
     $sql_query = "SELECT `id`,`hash` FROM `users` WHERE ";
     $sql_query .= "`email`='{$email}' LIMIT 1";
     if (!($result = $conn->query($sql_query))) {
         throw new DatabaseException();
     }
     if ($result->num_rows === 0) {
         throw new UnexpectedValueException("No such user", 400);
     }
     $row = mysqli_fetch_assoc($result);
     $hash = $row['hash'];
     $res = password_verify($password, $hash);
     if (!$res) {
         throw new UnexpectedValueException("Invalid credentials", 400);
     }
     return $row['id'];
 }
Example #14
0
function attempt_login($user, $pass)
{
    global $dbHost, $dbUser, $dbPass, $dbName;
    $db = mysqli_connect($dbHost, $dbUser, $dbPass, $dbName);
    if ($db->connect_error) {
        echo "Failed to connect to Database";
        return false;
    }
    if (!($query = $db->prepare("SELECT password FROM users WHERE username = ?;"))) {
        echo "Failed to create query";
        return false;
    }
    if (!$query->bind_param("s", $user)) {
        echo "Failed to bind query params";
        return false;
    }
    if (!$query->execute()) {
        echo "Failed to execute query";
        return false;
    }
    $query->store_result();
    if ($query->num_rows === 0) {
        echo "Username does not exist!";
        return false;
    }
    $query->bind_result($passwordHash);
    $query->fetch();
    return password_verify($pass, $passwordHash);
}
 /**
  * Handle posted login data
  */
 public function postShowLoginPage()
 {
     if (!$this->signer->validateSignature($this->request->post['_token'])) {
         header('HTTP/1.0 400 Bad Request');
         exit;
     }
     $rules = ['email' => 'email|min:3', 'password' => 'min:3'];
     $validator = new Validator($this->request, $this->response, $this->session);
     $valid = $validator->validate($rules, '/login');
     if ($valid) {
         $okay = true;
         $email = $this->request->post['email'];
         $password = $this->request->post['password'];
         $user = User::where('email', '=', $email)->first();
         if ($user != null) {
             if (!password_verify($password, $user->password)) {
                 $okay = false;
             }
         } else {
             $okay = false;
         }
         if ($user && $user->active == 0) {
             $okay = false;
         }
         if ($okay) {
             $this->session->put('user', $user);
             $this->response->withMessage("Successfully logged in")->redirectTo("/");
         } else {
             $this->session->put('_error', 'Invalid login!!');
             $this->response->redirectTo('/login');
         }
     }
 }
Example #16
0
function passwordVerifyUF($password, $hash)
{
    if (getPasswordHashTypeUF($hash) == "sha1") {
        $salt = substr($hash, 0, 25);
        // Extract the salt from the hash
        $hash_input = $salt . sha1($salt . $password);
        if ($hash_input == $hash) {
            return true;
        } else {
            return false;
        }
    } else {
        if (getPasswordHashTypeUF($hash) == "homegrown") {
            /*used for manual implementation of bcrypt*/
            $cost = '12';
            if (substr($hash, 0, 60) == crypt($password, "\$2y\$" . $cost . "\$" . substr($hash, 60))) {
                return true;
            } else {
                return false;
            }
            // Modern implementation
        } else {
            return password_verify($password, $hash);
        }
    }
}
Example #17
0
 /**
  * 用户登陆
  * @method POST
  */
 public function login()
 {
     $post = $this->get_data();
     $mobile = trim($post['mobile']);
     $zone_code = $post['zone_code'] ? trim($post['zone_code']) : ($post['zonecode'] ? trim($post['zonecode']) : '86');
     $zone_code = str_replace('+', '', $zone_code);
     $password = trim($post['password']);
     if (empty($mobile)) {
         $this->send_response(400, NULL, '40001:手机号为空');
     }
     if (!international::check_is_valid($zone_code, $mobile)) {
         $this->send_response(400, NULL, '40002:手机号码格式不对');
     }
     if ($password == "") {
         $this->send_response(400, NULL, '40003:密码为空');
     }
     $user = $this->model->get_user_by_mobile($zone_code, $mobile);
     if (!$user) {
         $this->send_response(400, NULL, Kohana::lang('user.mobile_not_register'));
     }
     if (!password_verify($password, $user['password'])) {
         $this->send_response(400, NULL, Kohana::lang('user.username_password_not_match'));
     }
     $token = $this->model->create_token(3600, TRUE, array('zone_code' => $user['zone_code'], 'mobile' => $user['mobile'], 'id' => (int) $user['id']));
     $this->send_response(200, array('id' => (int) $user['uid'], 'name' => $user['username'], 'avatar' => sns::getavatar($user['uid']), 'access_token' => $token['access_token'], 'refresh_token' => $token['refresh_token'], 'expires_in' => $token['expires_in']));
 }
Example #18
0
 public static function Verify($pass, $hash)
 {
     if (password_verify($pass, $hash)) {
         return true;
     }
     return false;
 }
Example #19
0
 public function check_user($username, $password)
 {
     // $username = $this->input->post()
     // $this->db->where('user_name', $username);
     // $query = $this->db->get('users');
     // if($query->num_rows() > 0 ){
     // 	$row = $query->row('password');
     // 	$db_password = $row->password;
     // }
     // if(password_verify($password, $db_password))
     // {
     // 	return $result->row(0)->user_id;
     // } else {
     // 	$data['error'] = 'Did not match password';
     // 	return $data;
     // }
     // ----------------------------------------------------------------------------------------------------------------
     $this->db->where('user_name', $username);
     $result = $this->db->get('users');
     $db_password = $result->row(9)->password;
     if (password_verify($password, $db_password)) {
         return $result->row(0)->user_id;
     } else {
         $data['error'] = 'Did not match password';
         return $data;
     }
     // ----------------------------------------------------------------------------------------------------------------
 }
 public function Authenticate(\model\User $user)
 {
     if ($this->users->GetUserLoginsForHour($user) > self::$MAX_LOGINS_PER_HOUR) {
         throw new \Exception("Max login attempts for username '" . $user->GetUserName() . "' reached. Please try again in 30-60 minutes.");
     }
     // Assert that the password is in plain text.
     assert($user->IsPasswordHashed() == false);
     // Log this login attempt in DAL
     $this->users->AddLoginAttempt($user);
     // Get user from database, if user exists
     $userFromDB = $this->users->GetUserByUsername($user->GetUserName());
     if ($userFromDB) {
         // Verify password in user object against password in db table row.
         if (password_verify($user->GetPassword(), $userFromDB->GetPassword())) {
             // Hash password in user object. Does no need to be in clear text anymore.
             $user->HashPassword();
             // Add id from DBuser to user
             $user->SetUserId($userFromDB->GetUserId());
             // Regenerate session
             session_regenerate_id(true);
             // Return user from DB
             return $user;
         }
     }
     return false;
 }
Example #21
0
function session($user, $pass)
{
    $user_file = 'config/users/' . $user . '.ini';
    if (!file_exists($user_file)) {
        return $str = '<li>Username not found in our record.</li>';
    }
    $user_enc = user('encryption', $user);
    $user_pass = user('password', $user);
    $user_role = user('role', $user);
    if ($user_enc == "password_hash") {
        if (password_verify($pass, $user_pass)) {
            if (password_needs_rehash($user_pass, PASSWORD_DEFAULT)) {
                update_user($user, $pass, $user_role);
            }
            $_SESSION[config("site.url")]['user'] = $user;
            header('location: admin');
        } else {
            return $str = '<li>Your username and password mismatch.</li>';
        }
    } else {
        if (old_password_verify($pass, $user_enc, $user_pass)) {
            update_user($user, $pass, $user_role);
            $_SESSION[config("site.url")]['user'] = $user;
            header('location: admin');
        } else {
            return $str = '<li>Your username and password mismatch.</li>';
        }
    }
}
Example #22
0
function user_verif($emailLogin, $passwordLogin)
{
    global $pdo;
    $checkUser = "******";
    $pdoStatement = $pdo->prepare($checkUser);
    $pdoStatement->bindValue(':userEmail', $emailLogin, PDO::PARAM_STR);
    if ($pdoStatement->execute()) {
        if ($pdoStatement->rowCount() > 0) {
            //GET HASHED PWD
            $res = $pdoStatement->fetch();
            $passwordHashed = $res['usr_pwd'];
            //PWD CHECK
            if (password_verify($passwordLogin, $passwordHashed)) {
                $_SESSION['login'] = $emailLogin;
                $_SESSION['pwd'] = $passwordHashed;
                return true;
            } else {
                echo 'Wrong password.<br/>';
            }
        } else {
            echo 'Sign in failed<br/>';
        }
    } else {
        echo 'Query failed<br/>';
    }
}
Example #23
0
 function authByLoginPass($login, $password, $rememberme = false)
 {
     // IP CONTROL
     if (!$this->ipDefender()) {
         $this->error = 'ip-defender';
         return false;
     }
     $res = q("\n\t\t\tSELECT *\n\t\t\tFROM `fw_users`\n\t\t\tWHERE `login` = '" . es($login) . "'\n\t\t\tLIMIT 1\n\t\t");
     if (!$res->num_rows) {
         $this->error = 'wrong-login';
         return false;
     }
     $row = $res->fetch_assoc();
     if (!password_verify($password, $row['password'])) {
         $this->error = 'wrong-password';
         return false;
     }
     if ($row['access'] != 1) {
         if ($row['access'] == 0) {
             $this->error = 'wrong-access-confirm';
         } else {
             $this->error = 'wrong-access';
         }
         return false;
     }
     if ($rememberme) {
         $row['hash'] = $this->rememberMe($row['id']);
     }
     \User::$data = $row;
     $_SESSION['user']['id'] = $row['id'];
     return true;
 }
Example #24
0
 public function testPassword()
 {
     $password = '******';
     $hash = password_hash($password, PASSWORD_BCRYPT);
     $this->assertNotEmpty($hash);
     $this->assertTrue(password_verify($password, $hash));
 }
Example #25
0
 /**
  * User login
  *
  * @return void
  */
 public function loginAction()
 {
     $this->theme->setTitle("Logga in");
     $output = null;
     $isPosted = $this->request->getPost('login');
     $acronym = $this->request->getPost('acronym');
     $res = $this->login->query()->where("acronym = '" . $acronym . "'")->execute();
     // If form is not posted, do not show message
     if (!$isPosted) {
         $output .= null;
     } elseif ($isPosted && $res) {
         // Is the password correct?
         $match = password_verify($this->request->getPost('password'), $res[0]->password);
         // If not...
         if (!$match) {
             $output .= "Fel lösenord.";
         } else {
             $this->session->set('user', $acronym);
         }
     } else {
         $output .= "Det finns ingen användare med detta namn.";
     }
     // If logged in
     if ($this->session->has('user')) {
         $this->theme->setTitle("Du är inloggad");
         $user = $this->session->get('user');
         $content = "<a href=" . $this->url->create('login/logout') . ">Logga ut</a>";
         $this->views->add('default/page', ['title' => "Du är inloggad som " . $user, 'content' => $content]);
     } else {
         $this->views->add('login/login', ['title' => "Logga in", 'output' => $output], 'main');
     }
 }
 public function postShowLoginPage()
 {
     if (!$this->signer->validateSignature($_POST['_token'])) {
         header('HTTP/1.0 400 Bad Request');
         exit;
     }
     $okay = true;
     $email = $_REQUEST['email'];
     $password = $_REQUEST['password'];
     // look up the user
     $user = User::where('email', '=', $email)->first();
     if ($user != null) {
         // validate credentials
         if (!password_verify($password, $user->password)) {
             $okay = false;
         }
     } else {
         $okay = false;
     }
     if ($user->active == 0) {
         $okay = false;
     }
     // if valid, log them in
     if ($okay) {
         $_SESSION['user'] = $user;
         header("Location: /");
         exit;
     } else {
         // if not vaild, redirect to login page
         $_SESSION['msg'] = ["Invalid login!"];
         echo $this->blade->render("login", ['signer' => $this->signer]);
         unset($_SESSION['msg']);
         exit;
     }
 }
Example #27
0
 public function tryLogin($user)
 {
     //Set in/out parameters (in username, out password)
     $this->dbConnection->query("SET @username = "******"'" . $this->dbConnection->real_escape_string($user->getUsername()) . "'");
     $this->dbConnection->query("SET @password := FALSE");
     //call stored procedure
     if (!$this->dbConnection->query('CALL login(@username, @password)')) {
         throw new DatabaseErrorException($this->dbConnection->error);
     }
     // Fetch OUT parameters
     if (!($res = $this->dbConnection->query("SELECT @password AS password"))) {
         throw new DatabaseErrorException($this->dbConnection->error);
     }
     $row = $res->fetch_assoc();
     $this->dbConnection->close();
     //check hashed password from database against user input
     if ($row['password'] == null) {
         return null;
     } else {
         if (password_verify($user->getPassword(), $row['password'])) {
             $_SESSION[self::$isUserLoggedIn] = $user->getUsername();
             return true;
         } else {
             return false;
         }
     }
 }
Example #28
0
 protected function pwdVerify($pwd, $hashAndSalt)
 {
     if (password_verify($pwd, $hashAndSalt)) {
         return true;
     }
     return false;
 }
 function userLogin($email, $password)
 {
     $this->checkUserLogin($email, $password);
     $sql = "SELECT username, email, password, name, surname, gender FROM user WHERE email = '{$this->email}'";
     $result = $this->con->query($sql);
     while ($row = mysqli_fetch_array($result)) {
         $this->hash = $row['password'];
         $this->username = $row['username'];
         $this->name = $row['name'];
         $this->surname = $row['surname'];
         $this->gender = $row['gender'];
         $this->password = $password;
     }
     if (!password_verify($this->password, $this->hash)) {
         echo '<div class="alert alert-danger">Nepareizs lietotājvārds vai parole!</div>';
         echo $this->email;
         echo $this->password;
         echo $this->hash;
     } else {
         //header("location:sakums.php");
         session_start();
         $_SESSION['username'] = $this->username;
         $_SESSION['name'] = $this->name;
         $_SESSION['surname'] = $this->surname;
         $_SESSION['gender'] = $this->gender;
     }
 }
Example #30
0
function login($email, $password)
{
    $db = Database::getInstance();
    $mysqli = $db->getConnection();
    $mysqli->query("SET NAMES utf8");
    $sql_query = 'SELECT * FROM user WHERE email="' . $email . '"';
    $result = $mysqli->query($sql_query);
    $user = mysqli_fetch_assoc($result);
    global $password;
    //if password correct
    if (password_verify($password, $user['password'])) {
        session_start();
        $_SESSION['auth'] = true;
        $_SESSION['id'] = $user['id'];
        $_SESSION['user'] = $user['user'];
        //check keep login, set coockie
        if ($_POST['loginkeeping'] == "on") {
            $key = md5(generate(7, 15));
            setcookie('login', $user['user'], time() + 60 * 60 * 24 * 365);
            setcookie('key', $key, time() + 60 * 60 * 24 * 365);
            $sql_query = "UPDATE user SET cookie='" . $key . "' WHERE id='" . $user['id'] . "'";
            $mysqli->query($sql_query);
            //if no keep login, set cookie as NULL
        } else {
            $sql_query = "UPDATE user SET cookie=NULL WHERE id='" . $user['id'] . "'";
            $mysqli->query($sql_query);
        }
        header("Location: http://" . $_SERVER['SERVER_NAME']);
    } else {
        echo "Email or password is incorrect";
    }
}