public function postAuthenticate()
 {
     $login = $_REQUEST['user_email'];
     $pass = $_REQUEST['user_password'];
     $Validate = new Validate();
     $rules = array('user_email' => array('reqd' => 'Please provide a user name'), 'user_password' => array('reqd' => 'Please provide a password'));
     $validation = $Validate->run($_REQUEST, $rules);
     if (is_array($validation)) {
         return Redirect::route('login')->with('validation', $validation);
     }
     $md5pass = md5($pass);
     $authed = User::authenticateUser($login, $md5pass);
     if (is_object($authed)) {
         if (isset($_REQUEST['remember'])) {
             Cookie::queue('_user_remember', Crypt::encrypt($login . ':' . $md5pass), 9999999);
         }
         Session::put('user', $authed);
         return Redirect::action('PortalController@getIndex');
     } else {
         logr(array('data' => $_REQUEST, 'time' => date('Y-m-d H:i:s')), 'failed-logins');
         return Redirect::route('login')->with('validation', array('authentication' => 'There seems to be a problem with your email or password'));
     }
 }
Example #2
0
 /**
  *  @brief Delete a Mozilla Sync user.
  *
  *  DELETE https://server/pathname/version/username
  *
  *  Deletes the user account.
  *  NOTE: Requires simple authentication with the username and password associated with the account.
  *
  *  Return value:
  *  0 on success
  *
  *  Possible errors:
  *    503: there was an error removing the user
  *    404: the user does not exist in the database
  *    401: authentication failed
  *
  *  @param string $syncHash Mozilla Sync user hash of the user to be deleted.
  */
 private function deleteUser($syncHash)
 {
     if (User::isAutoCreateUser()) {
         //auto create accounts only
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         Utils::writeLog("Failed to delete user " . $syncHash . ". Delete disabled");
     }
     if (User::syncUserExists($syncHash) === false) {
         Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
         Utils::writeLog("Failed to delete user " . $syncHash . ". User does not exist.");
     }
     if (User::authenticateUser($syncHash) === false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         Utils::writeLog("Authentication for deleting user " . $syncHash . " failed.");
     }
     $syncId = User::syncHashToSyncId($syncHash);
     if ($syncId === false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         Utils::writeLog("Failed to convert user " . $syncHash . " to Sync ID.");
     }
     if (Storage::deleteStorage($syncId) === false) {
         Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
         Utils::writeLog("Failed to delete storage for user " . $syncId . ".");
     }
     if (User::deleteUser($syncId) === false) {
         Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
         Utils::writeLog("Failed to delete user " . $syncId . ".");
     }
     OutputData::write('0');
 }
Example #3
0
// process the posted form
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    // did we get valid values
    if (empty($_POST['password']) || empty($_POST['username'])) {
        echo "<div class='err'>You must enter a user name and password.</div>";
    } else {
        // include the user stuff
        include_once 'User.php';
        // create a new user object
        $user = new User();
        // save the username
        $username = $_POST['username'];
        // save the password
        $password = $_POST['password'];
        // validate the user
        $retVal = $user->authenticateUser($username, $password);
        // did the user authenticate
        if (!$retVal) {
            $msg = "<div class='err'>Invalid username or password.</div>";
        } else {
            // save the user object
            $_SESSION['UserObj'] = $user;
            // save the user info for display
            $_SESSION['loginInfo'] = '<div class="userInfo">Good day, ' . displayUserNameByID($user->getID()) . '</div>';
            // redirect to the dashboard page
            header('Location: ../DashBoard/DashBoard.php');
            // terminate page processing
            die;
        }
    }
}
 /**
  * @brief Run service
  */
 public function run()
 {
     //
     // Check if given url is valid
     //
     if (!$this->urlParser->isValid()) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_DATA);
         return false;
     }
     $syncUserHash = $this->urlParser->getUserName();
     if (User::authenticateUser($syncUserHash) == false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         return false;
     }
     $userId = User::userHashToId($syncUserHash);
     if ($userId == false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         return false;
     }
     Storage::deleteOldWbo();
     //
     // Map request to functions
     //
     // Info case: https://server/pathname/version/username/info/
     if ($this->urlParser->commandCount() == 2 && $this->urlParser->getCommand(0) == 'info') {
         if (Utils::getRequestMethod() != 'GET') {
             Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
             return false;
         }
         switch ($this->urlParser->getCommand(1)) {
             case 'collections':
                 $this->getInfoCollections($userId);
                 break;
             default:
                 Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
         }
     } else {
         if ($this->urlParser->commandCount() == 1 && $this->urlParser->getCommand(0) == 'storage') {
             switch (Utils::getRequestMethod()) {
                 case 'DELETE':
                     $this->deleteStorage($userId);
                     break;
                 default:
                     Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
             }
         } else {
             if ($this->urlParser->commandCount() == 2 && $this->urlParser->getCommand(0) == 'storage') {
                 $collectionName = $this->urlParser->getCommand(1);
                 $modifiers = $this->urlParser->getCommandModifiers(1);
                 $collectionId = Storage::collectionNameToIndex($userId, $collectionName);
                 switch (Utils::getRequestMethod()) {
                     case 'GET':
                         $this->getCollection($userId, $collectionId, $modifiers);
                         break;
                     case 'POST':
                         $this->postCollection($userId, $collectionId);
                         break;
                     case 'DELETE':
                         $this->deleteCollection($userId, $collectionId, $modifiers);
                         break;
                     default:
                         Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                 }
             } else {
                 if ($this->urlParser->commandCount() == 3 && $this->urlParser->getCommand(0) == 'storage') {
                     $collectionName = $this->urlParser->getCommand(1);
                     $wboId = $this->urlParser->getCommand(2);
                     $collectionId = Storage::collectionNameToIndex($userId, $collectionName);
                     switch (Utils::getRequestMethod()) {
                         case 'GET':
                             $this->getWBO($userId, $collectionId, $wboId);
                             break;
                         case 'PUT':
                             $this->putWBO($userId, $collectionId, $wboId);
                             break;
                         case 'DELETE':
                             $this->deleteWBO($userId, $collectionId, $wboId);
                             break;
                         default:
                             Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                     }
                 } else {
                     Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                 }
             }
         }
     }
     return true;
 }
Example #5
0
 /**
  *  @brief Detete user
  *
  *  DELETE https://server/pathname/version/username
  *
  *  Deletes the user account.
  *  NOTE: Requires simple authentication with the username and password associated with the account.
  *
  *  Return value:
  *  0 on success
  *
  *  Possible errors:
  *    503: there was an error removing the user
  *    404: the user does not exist in the database
  *    401: authentication failed
  *
  *  @param string $userName
  */
 private function deleteUser($syncUserHash)
 {
     if (User::syncUserExists($syncUserHash) == false) {
         Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
         return true;
     }
     if (User::authenticateUser($syncUserHash) == false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         return true;
     }
     $userId = User::userHashToId($syncUserHash);
     if ($userId == false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         return true;
     }
     if (Storage::deleteStorage($userId) == false) {
         Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
         return true;
     }
     if (User::deleteUser($userId) == false) {
         Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE);
         return true;
     }
     OutputData::write('0');
     return true;
 }
Example #6
0
 * Created by PhpStorm.
 * User: Dushyant
 * Date: 2015-04-29
 * Time: 4:00 PM
 */
session_destroy();
include_once '../Local/Classes/class.User.inc';
include_once '../Local/Classes/class.SessionManager.inc';
session_start();
extract($_POST);
if (isset($btnSubmit)) {
    //user object
    $user = new User();
    //session object
    $session = new SessionManager();
    $loginUser = $user->authenticateUser(trim($txtEmail), trim($txtPassword));
    //redirecting user to dashboard logic
    if ($loginUser['user_role'] == 'Doctor') {
        //Set login user session
        if ($session->createUserSession($loginUser['user_id'], $loginUser['first_name'], $loginUser['user_role'])) {
            //todo redirect doctors to Doctor's dashboard
            header('Location: Doctor/dashboard.php');
        }
    } elseif ($loginUser['user_role'] == 'Admin') {
        //Set login user session
        if ($session->createUserSession($loginUser['user_id'], $loginUser['first_name'], $loginUser['user_role'])) {
            //todo redirect doctors to Doctor's dashboard
            header('Location: Admin/locationList.php');
        }
    } else {
        $errors['authentication'] = $loginUser;
Example #7
0
 /**
  * @brief Run storage service.
  *
  * @return True on successful command parsing, false otherwise.
  */
 public function run()
 {
     // Check if given url is valid
     if (!$this->urlParser->isValid()) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_DATA);
         Utils::writeLog("URL: Invalid URL.");
         return false;
     }
     // Get Mozilla Sync user hash and authenticate user
     $syncHash = $this->urlParser->getSyncHash();
     if (User::isAutoCreateUser() && !User::hasSyncAccount($syncHash)) {
         if (User::authenticateUser($syncHash, false) === false) {
             Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
             Utils::writeLog("Couldn't autocreate account for user " . $syncHash . " authentication failed.");
             return false;
         }
         //auto create account
         User::autoCreateUser($syncHash);
     }
     if (User::authenticateUser($syncHash) === false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         Utils::writeLog("Could not authenticate user " . $syncHash . ".");
         return false;
     }
     // Convert Sync hash to Sync ID
     $syncId = User::syncHashToSyncId($syncHash);
     if ($syncId === false) {
         Utils::changeHttpStatus(Utils::STATUS_INVALID_USER);
         Utils::writeLog("Could not convert user " . $syncHash . " to Sync ID.");
         return false;
     }
     // Delete old WBO on every run of storage service
     Storage::deleteOldWbo();
     // Map request to functions
     // Info case: https://server/pathname/version/username/info/
     if ($this->urlParser->commandCount() === 2 && $this->urlParser->getCommand(0) === 'info') {
         if (Utils::getRequestMethod() != 'GET') {
             Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
             Utils::writeLog("URL: Invalid HTTP method " . Utils::getRequestMethod() . " for info.");
             return false;
         }
         switch ($this->urlParser->getCommand(1)) {
             case 'collections':
                 $this->getInfoCollections($syncId);
                 break;
             case 'collection_usage':
                 $this->getInfoCollectionUsage($syncId);
                 break;
             case 'collection_counts':
                 $this->getInfoCollectionCounts($syncId);
                 break;
             case 'quota':
                 $this->getInfoQuota($syncId);
                 break;
             default:
                 Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                 Utils::writeLog("URL: Invalid command " . $this->urlParser->getCommand(1) . " for info.");
                 return false;
         }
     } else {
         if ($this->urlParser->commandCount() === 1 && $this->urlParser->getCommand(0) === 'storage') {
             switch (Utils::getRequestMethod()) {
                 case 'DELETE':
                     $this->deleteStorage($syncId);
                     break;
                 default:
                     Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                     Utils::writeLog("URL: Invalid request method " . Utils::getRequestMethod() . " for storage.");
                     return false;
             }
         } else {
             if ($this->urlParser->commandCount() === 2 && $this->urlParser->getCommand(0) === 'storage') {
                 $collectionName = $this->urlParser->getCommand(1);
                 $modifiers = $this->urlParser->getCommandModifiers();
                 $collectionId = Storage::collectionNameToIndex($syncId, $collectionName);
                 switch (Utils::getRequestMethod()) {
                     case 'GET':
                         $this->getCollection($syncId, $collectionId, $modifiers);
                         break;
                     case 'POST':
                         $this->postCollection($syncId, $collectionId);
                         break;
                     case 'DELETE':
                         $this->deleteCollection($syncId, $collectionId, $modifiers);
                         break;
                     default:
                         Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                         Utils::writeLog("URL: Invalid request method" . Utils::getRequestMethod() . " for collection.");
                         return false;
                 }
             } else {
                 if ($this->urlParser->commandCount() === 3 && $this->urlParser->getCommand(0) === 'storage') {
                     $collectionName = $this->urlParser->getCommand(1);
                     $wboId = $this->urlParser->getCommand(2);
                     $collectionId = Storage::collectionNameToIndex($syncId, $collectionName);
                     switch (Utils::getRequestMethod()) {
                         case 'GET':
                             $this->getWBO($syncId, $collectionId, $wboId);
                             break;
                         case 'PUT':
                             $this->putWBO($syncId, $collectionId, $wboId);
                             break;
                         case 'DELETE':
                             $this->deleteWBO($syncId, $collectionId, $wboId);
                             break;
                         default:
                             Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                             Utils::writeLog("URL: Invalid request method" . Utils::getRequestMethod() . " for WBO.");
                             return false;
                     }
                 } else {
                     Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND);
                     Utils::writeLog("URL: Invalid storage service request. Sent " . (string) $this->urlParser->commandCount() . " commands in URL\t" . Utils::getSyncUrl() . ": " . var_export($this->urlParser->getCommands(), true));
                     return false;
                 }
             }
         }
     }
     return true;
 }