Example #1
0
 public function testUser()
 {
     $this->startCodeCoverage();
     $user = new User();
     $user->Id = 'non_numeric';
     if (!($user->SetPassword('blah') === false)) {
         $this->fail("User::SetPassword didn't return false for non-numeric user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::IsAdmin didn't return false for non-numeric user id");
         return 1;
     }
     $user->Id = '';
     $user->Email = '';
     if (!($user->GetName() === false)) {
         $this->fail("User::GetName didn't return false when given no user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::Exists didn't return false for no user id and no email");
         return 1;
     }
     $user->Email = 'simpletest@localhost';
     if ($user->Exists() === false) {
         $this->fail('User::Exists returned false even though user exists');
         return 1;
     }
     $id = $user->GetIdFromEmail('simpletest@localhost');
     if ($id === false) {
         $this->fail('User::GetIdFromEmail returned false for a valid user');
         return 1;
     }
     $user->Id = $id;
     $user->Admin = '1';
     $user->FirstName = 'administrator';
     $user->Institution = 'Kitware Inc.';
     if ($user->Exists() != true) {
         $this->fail('User::Exists failed given a valid user id');
         return 1;
     }
     $user->Password = md5('simpletest');
     // Coverage for update save
     $user->Save();
     // Coverage for SetPassword
     $user->SetPassword(md5('simpletest'));
     $this->stopCodeCoverage();
     return 0;
 }
Example #2
0
 function testUser()
 {
     $this->startCodeCoverage();
     $user = new User();
     $user->Id = "non_numeric";
     if (!($user->SetPassword("blah") === false)) {
         $this->fail("User::SetPassword didn't return false for non-numeric user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::IsAdmin didn't return false for non-numeric user id");
         return 1;
     }
     $user->Id = "";
     $user->Email = "";
     if (!($user->GetName() === false)) {
         $this->fail("User::GetName didn't return false when given no user id");
         return 1;
     }
     if (!($user->IsAdmin() === false)) {
         $this->fail("User::Exists didn't return false for no user id and no email");
         return 1;
     }
     $user->Email = "simpletest@localhost";
     if ($user->Exists() === false) {
         $this->fail("User::Exists returned false even though user exists");
         return 1;
     }
     $id = $user->GetIdFromEmail("simpletest@localhost");
     if ($id === false) {
         $this->fail("User::GetIdFromEmail returned false for a valid user");
         return 1;
     }
     $user->Id = $id;
     $user->Admin = "1";
     $user->FirstName = "administrator";
     $user->Institution = "Kitware Inc.";
     if ($user->Exists() != true) {
         $this->fail("User::Exists failed given a valid user id");
         return 1;
     }
     $user->Password = md5("simpletest");
     // Coverage for update save
     $user->Save();
     // Coverage for SetPassword
     $user->SetPassword(md5("simpletest"));
     $this->stopCodeCoverage();
     return 0;
 }
Example #3
0
 function Login($id, $username, $password)
 {
     $active = false;
     $user = new User();
     $user->SetDatabase($this->database);
     $user->SetUsername($username);
     $user->SetPassword($password);
     if ($id == "") {
         $user->Encrypt($password);
     } else {
         $user->SetEncryptedPassword($password);
     }
     $this->logged_in = false;
     if ($user->UserExists()) {
         if ($user->CheckPassword()) {
             $this->logged_in = true;
             $user->SelectByName();
         }
     }
     if ($this->logged_in) {
         if ($user->GetUsername() == "guest") {
             $this->logged_in = false;
         }
         if ($id != "") {
             $this->SetId($id);
             $this->SelectById();
             $this->SetUser($user->GetId());
             if ($this->Update()) {
                 $this->UnsetCookie();
                 $this->SetCookie($user->GetUsername());
             }
             if ($this->GetActive()) {
                 $active = true;
             }
         }
         if (!$active) {
             $this->SetDateStart(date('Y-m-d H:i:s'));
             $this->SetDateLast(date('Y-m-d H:i:s'));
             $this->SetActive(1);
             $this->SetIp($_SERVER['REMOTE_ADDR']);
             $this->SetUser($user->GetId());
             if ($this->Insert()) {
                 $this->UnsetCookie();
                 $this->SetCookie($user->GetUsername());
                 return $this->id;
             }
         } else {
             $this->SetDateLast(date('Y-m-d H:i:s', time()));
             $this->Update();
             return $this->id;
         }
     }
     $this->logged_in = false;
     return false;
 }
 /**
  * @return void
  * @desc Re-build from data posted by this control the data object this control is editing
  */
 function BuildPostedDataObject()
 {
     $o_person = new User();
     if (isset($_POST['known_as'])) {
         $o_person->SetName($_POST['known_as']);
     }
     if (isset($_POST['email'])) {
         $o_person->SetEmail($_POST['email']);
     }
     if (isset($_POST['password1'])) {
         $o_person->SetPassword($_POST['password1']);
     }
     if (isset($_POST['password2'])) {
         $o_person->SetPasswordConfirmation($_POST['password2']);
     }
     $this->SetDataObject($o_person);
 }
Example #5
0
/** LDAP authentication */
function ldapAuthenticate($email, $password, $SessionCachePolicy, $rememberme)
{
    global $loginerror;
    $loginerror = '';
    include dirname(__DIR__) . '/config/config.php';
    include_once 'models/user.php';
    $ldap = ldap_connect($CDASH_LDAP_HOSTNAME);
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $CDASH_LDAP_PROTOCOL_VERSION);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS, $CDASH_LDAP_OPT_REFERRALS);
    // Bind as the LDAP user if authenticated ldap is enabled
    if ($CDASH_LDAP_AUTHENTICATED) {
        ldap_bind($ldap, $CDASH_LDAP_BIND_DN, $CDASH_LDAP_BIND_PASSWORD);
    }
    if (isset($ldap) && $ldap != '') {
        /* search for pid dn */
        $result = ldap_search($ldap, $CDASH_LDAP_BASEDN, '(&(mail=' . $email . ')' . $CDASH_LDAP_FILTER . ')', array('dn', 'cn'));
        if ($result != 0) {
            $entries = ldap_get_entries($ldap, $result);
            @($principal = $entries[0]['dn']);
            if (isset($principal)) {
                // bind as this user
                if (@ldap_bind($ldap, $principal, $password) and strlen(trim($password)) != 0) {
                    $sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'";
                    $result = pdo_query("{$sql}");
                    // If the user doesn't exist we add it
                    if (pdo_num_rows($result) == 0) {
                        @($givenname = $entries[0]['cn'][0]);
                        if (!isset($givenname)) {
                            $loginerror = 'No givenname (cn) set in LDAP, cannot register user into CDash';
                            return false;
                        }
                        $names = explode(' ', $givenname);
                        $User = new User();
                        if (count($names) > 1) {
                            $User->FirstName = $names[0];
                            $User->LastName = $names[1];
                            for ($i = 2; $i < count($names); $i++) {
                                $User->LastName .= ' ' . $names[$i];
                            }
                        } else {
                            $User->LastName = $names[0];
                        }
                        // Add the user in the database
                        $storedPassword = md5($password);
                        $User->Email = $email;
                        $User->Password = $storedPassword;
                        $User->Save();
                        $userid = $User->Id;
                    } else {
                        $user_array = pdo_fetch_array($result);
                        $storedPassword = $user_array['password'];
                        $userid = $user_array['id'];
                        // If the password has changed we update
                        if ($storedPassword != md5($password)) {
                            $User = new User();
                            $User->Id = $userid;
                            $User->SetPassword(md5($password));
                        }
                    }
                    if ($rememberme) {
                        $cookiename = 'CDash-' . $_SERVER['SERVER_NAME'];
                        $time = time() + 60 * 60 * 24 * 30;
                        // 30 days;
                        // Create a new password
                        $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
                        $length = 32;
                        $key = '';
                        $max = strlen($keychars) - 1;
                        for ($i = 0; $i <= $length; $i++) {
                            // random_int is available in PHP 7 and the random_compat PHP 5.x
                            // polyfill included in the Composer package.json dependencies.
                            $key .= substr($keychars, random_int(0, $max), 1);
                        }
                        $value = $userid . $key;
                        setcookie($cookiename, $value, $time);
                        // Update the user key
                        pdo_query('UPDATE ' . qid('user') . " SET cookiekey='" . $key . "' WHERE id=" . qnum($userid));
                    }
                    session_name('CDash');
                    session_cache_limiter($SessionCachePolicy);
                    session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME);
                    @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600);
                    session_start();
                    // create the session array
                    if (isset($_SESSION['cdash']['password'])) {
                        $password = $_SESSION['cdash']['password'];
                    }
                    $sessionArray = array('login' => $email, 'passwd' => $storedPassword, 'ID' => session_id(), 'valid' => 1, 'loginid' => $userid);
                    $_SESSION['cdash'] = $sessionArray;
                    return true;
                } else {
                    $loginerror = 'Wrong email or password.';
                    return false;
                }
            } else {
                $loginerror = 'User not found in LDAP';
            }
            ldap_free_result($result);
        } else {
            $loginerror = 'Error occured searching the LDAP';
        }
        ldap_close($ldap);
    } else {
        $loginerror = 'Could not connect to LDAP at ' . $CDASH_LDAP_HOSTNAME;
    }
    return false;
}
 } else {
     if ($usif_email == "") {
         $message_position = 4;
         $message = "O e-mail do usuário não pode ser nulo.";
     } else {
         if ($usif_first_name == "") {
             $message_position = 1;
             $message = "O primeiro nome do usuário não pode ser nulo.";
         } else {
             if ($usif_nick == "") {
                 $usif_nick = $usif_first_name;
             }
             $user = new User();
             $user->SetDatabase($database);
             $user->SetUsername($user_username);
             $user->SetPassword($user_password1);
             $user->SetActive(0);
             $user->Insert();
             $user->SelectByName();
             $user_info = new UserInfo();
             $user_info->SetDatabase($database);
             $user_info->SetFirstName($usif_first_name);
             $user_info->SetLastName($usif_last_name);
             $user_info->SetNick($usif_nick);
             $user_info->SetEmail($usif_email);
             $user_info->SetUser($user->GetId());
             if ($user_info->Insert()) {
                 $message_position = 8;
                 $message = $screen_module_name . " incluídas com sucesso. Aguarde a ativação do usuário pelo administrador.";
                 $usif_id = "";
                 $usif_first_name = "";
 function GetUserId()
 {
     $user = new User();
     $user->SetDatabase($this->database);
     $user->SetUsername($this->username);
     $user->SetPassword($this->password);
     $user->Encrypt();
     if ($user->SelectByName()) {
         return $user->GetId();
     } else {
         return 0;
     }
 }
Example #8
0
<?php

/* Page setup
	------------------------------*/
$PHPZevelop->OverrideObjectData("CFG", array("PageTitle" => "Edit"));
?>

<h2>Generate a password for the user system</h2>
<p>This will produce a hashed password and salt based on the origional visible password.<br /><br /></p>

<?php 
$FormGen = new FormGen();
$FormGen->AddElement(array("type" => "text", "name" => "password", "placeholder" => "Password"), array("title" => "Password"));
$FormGen->AddElement(array("type" => "submit", "value" => "Submit"));
echo $FormGen->Build(array("ColNum" => 3, "data" => $_POST));
?>

<?php 
if (count($_POST) > 0) {
    $TempUser = new User();
    $TempUser->SetPassword($_POST["password"]);
    echo "<p>Origional password: <b>" . $_POST["password"] . "</b></p>";
    echo "<p>Hashed password: <b>" . $TempUser->Data["password"] . "</b></p>";
    echo "<p>Generated salt: <b>" . $TempUser->Data["salt"] . "</b></p>";
    unset($TempUser);
}
Example #9
0
<?php

/*
 * doLogin.php
 *
 * The login action.
 *
 * Written by: Bruno Schifer Bernardi
 * Last Updated: August 01, 2007
 */
require '../../schifers/constants/cdConstants.php';
require '../../' . $WEB_SITE . 'src/cdDatabase.php';
require '../../' . $WEB_SITE . 'src/cdUser.php';
require '../../' . $WEB_SITE . 'src/cdSession.php';
$username = $_POST["p_username"];
$password = $_POST["p_password"];
$id = $_POST["p_session_id"];
$user = new User();
$user->SetDatabase($database);
$user->SetUsername($username);
$user->SetPassword($password);
$user->Encrypt();
$session = new Session();
$session->SetDatabase($database);
$session->SetUser($user);
$session->Login($id, $username, $user->GetEncryptedPassword());
if ($session->IsLoggedIn()) {
    echo "<script language='Javascript'> window.location = \"/" . $WEB_SITE . "pages/pgRestricted.php\" </script>";
} else {
    echo "<script language='Javascript'> window.location = \"/index.php?error_message=Login Inválido!\" </script>";
}
Example #10
0
         #We don't want to see this if no password was given
         $validinfo = false;
         $error .= "<li>" . lang('nopasswordmatch') . "</li>";
     }
 }
 if (!empty($email) && !is_email($email)) {
     $validinfo = false;
     $error .= '<li>' . lang('invalidemail') . '</li>';
 }
 if ($validinfo) {
     #$new_user_id = $db->GenID(cms_db_prefix()."users_seq");
     #$query = "INSERT INTO ".cms_db_prefix()."users (user_id, username, password, active, create_date, modified_date) VALUES ($new_user_id, ".$db->qstr($user).", ".$db->qstr(md5($password)).", $active, '".$db->DBTimeStamp(time())."', '".$db->DBTimeStamp(time())."')";
     #$result = $db->Execute($query);
     $newuser = new User();
     $newuser->username = $user;
     $newuser->SetPassword($password);
     $newuser->active = $active;
     $newuser->firstname = $firstname;
     $newuser->lastname = $lastname;
     $newuser->email = $email;
     $newuser->adminaccess = $adminaccess;
     $newuser->SetPassword($password);
     #Perform the adduser_pre callback
     foreach ($gCms->modules as $key => $value) {
         if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) {
             $gCms->modules[$key]['object']->AddUserPre($newuser);
         }
     }
     Events::SendEvent('Core', 'AddUserPre', array('user' => &$newuser));
     $result = $newuser->save();
     if ($result) {
Example #11
0
    if (!$application == NULL) {
        if ($application->IsConfigured()) {
            redirect("login.php", 301);
            exit;
        } else {
            if (isset($_POST['USERNAME']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) {
                //TODO Clear Input
                if ($_POST['USERNAME'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") {
                    throw new Exception("Fields cannot be empty");
                }
                if ($_POST['PWD'] != $_POST['PWDR']) {
                    throw new Exception("Two passwords are different");
                }
                $new = new User();
                $new->SetID($_POST['USERNAME']);
                $new->SetPassword($_POST['PWD']);
                $new->SetAdmin(TRUE);
                $new->SetValid(TRUE);
                $new->Save();
                $msg = "User added successfully";
            }
        }
    }
} catch (Exception $e) {
    $error = $e->getMessage();
}
?>

<html>
<head>
    <title>RaspiControl</title>
<?php

/*
 * doCloseSession.php
 *
 * The close session action.
 *
 * Written by: Bruno Schifer Bernardi
 * Last Updated: September 18, 2007
 */
require '../constants/cdConstants.php';
require '../src/cdDatabase.php';
require '../src/cdUser.php';
require '../src/cdSession.php';
if (isset($_POST["p_close_session"])) {
    $action = $_POST["p_close_session"];
    $id = $_COOKIE["cookie_userid"];
    if ($action == 1) {
        $user = new User();
        $user->SetDatabase($database);
        $user->SetUsername("guest");
        $user->SetPassword("guest");
        $user->Encrypt();
        $session = new Session();
        $session->SetDatabase($database);
        $session->TerminateSession($id);
        echo "<script language='Javascript'>window.location = \"../pages/pgExit.php\";</script>";
    }
}