function login($username, $password)
{
$user = getUserByUsername($username);
if (!$user) {
throw new InvalidArgumentException("Username not registered.");
}
if (!password_verify($password, $user["hash"])) {
throw new InvalidArgumentException("Password incorrect.");
}
$_SESSION["userid"] = $user["id"];
}
$name = makeStringSafe($name);
$email = makeStringSafe($email);
$user_level = makeStringSafe($user_level);
$password = "";
if (!getConfigVar("use_ldap")) {
$password = makeStringSafe(generatePassword(9, 4));
}
doQuery("INSERT INTO " . getDBPrefix() . "_users SET username = '******', name = '" . $name . "', password = '******', email = '" . $email . "', user_level = '" . $user_level . "', warnings = '0'");
$user = mysql_fetch_assoc(doQuery("SELECT user_id FROM " . getDBPrefix() . "_users ORDER BY user_id DESC LIMIT 1"));
logAddUser(getSessionVariable('user_id'), $user['user_id']);
return $password;
}
function createUserFromLDAP($username, $password)
{
$auth_user = $username . "@" . getConfigVar('ldap_domain');
if ($connect = @ldap_connect(getConfigVar('ldap_server'))) {
if ($bind = @ldap_bind($connect, $auth_user, $password)) {
$ldap_dn = "ou=people, dc=radford, dc=EDU";
$filter = "(sAMAccountName={$username})";
$result = ldap_search($connect, $ldap_dn, $filter);
public function doRequest()
{
global $permission;
$this->data[0] = limitString(clean($this->data[0], true), 30);
$this->data[1] = limitString(clean($this->data[1], true), 300);
$this->data[2] = clean($this->data[2], true);
if (!empty($this->data[0]) && $this->user->hasPermission($permission["board_edit"], $this->element)) {
if ($this->element->editTitle($this->user, $this->data[0]) && $this->element->editDescription($this->user, $this->data[1])) {
foreach (explode(",", strtolower($this->data[2]) . ",") as $username) {
$user = getUserByUsername(trim($username));
if ($user != null) {
if ($user->id > 0) {
$user->moderate($this->element);
$user->save($this->con);
}
}
}
if (!empty($this->data[3])) {
$this->element->move($this->user, ForumElement::getElementFromCode($this->data[3]));
}
$this->element->save($this->con);
return "Successfully edited board.";
} else {
return "Failed to edited board.";
}
}
return "Invalid board name";
}
//validation
if ($_POST['username'] == '') {
$error['username'] = '******';
$form_valid = false;
}
if ($_POST['password'] == '') {
$error['password'] = '******';
$form_valid = false;
} elseif (strlen($_POST['password']) <= 7) {
$error['password'] = '******';
$form_valid = false;
}
// form filled in appropriately, run check against database...
if ($form_valid == true) {
// check username exists in the database...
$user_exists = getUserByUsername($_POST['username']);
if ($user_exists != true) {
// if doesnt exist, error...
$error['username'] = '******';
} else {
// if does exist...
// check password is correct for the username...
$user = getUserByLogin($_POST['username'], md5($_POST['password']));
if ($user != true) {
// if password not correct for the username, error...
$error['password'] = '******';
} elseif ($user == true) {
// if password correct for the username, set session and redirect...
$_SESSION['logged_in'] = true;
$_SESSION['userId'] = $user['id'];
$_SESSION['username'] = $user['username'];
<?php
require_once $_SERVER["DOCUMENT_ROOT"] . "/lib/dblayer.php";
require_once $_SERVER["DOCUMENT_ROOT"] . "/subs.php";
require_once $_SERVER["DOCUMENT_ROOT"] . "/conf.inc.php";
$db = new DBLayer($CNF["db_host"], $CNF["db_user"], $CNF["db_pass"], $CNF["db_name"]);
$db->query("SET NAMES utf8");
$action = checkRequest("action");
$domain = checkRequest("domain");
$username = checkRequest("username");
$user_id = getUserByUsername($username)['uid'];
if ($user_id < 1) {
$user_id = createUser($username);
}
$workstation = mb_strtolower(checkRequest("workstation"), "UTF-8");
$ip = trim(checkRequest("ip"));
$workstation_id = strlen($workstation) > 0 ? checkWorkstation($workstation, $ip) : null;
switch ($action) {
case "start":
logonWorkstation($workstation_id, $ip);
break;
case "shutdown":
echo "ws: {$workstation_id}, IP: {$ip}";
logoffWorkstation($workstation_id);
break;
case "logon":
echo $workstation_id;
logonWorkstation($workstation_id, $ip);
logonUser($user_id, $domain, $workstation_id);
break;
case "logoff":
unset($_SESSION['raw_verify']);
unset($_SESSION['raw_pseudo']);
unset($_SESSION['raw_email']);
unset($_SESSION['error_msg']);
unset($_SESSION['info']);
// Get new account information.
$_SESSION['raw_password'] = $_POST['password'];
$_SESSION['raw_verify'] = $_POST['verify'];
$_SESSION['raw_pseudo'] = $_POST['pseudo'];
$_SESSION['raw_email'] = $_POST['email'];
$password = filter_input(INPUT_POST, 'password', FILTER_VALIDATE_REGEXP, $password_pattern);
$verify = filter_input(INPUT_POST, 'verify', FILTER_VALIDATE_REGEXP, $password_pattern);
$pseudo = trim(filter_input(INPUT_POST, 'pseudo', FILTER_SANITIZE_STRING));
$email = trim(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL));
// Check if the user exists in the database.
$user_pseudo = getUserByUsername($pseudo);
if ($user_pseudo != NULL) {
$_SESSION['error_msg'] = "This username already exists.";
$_SESSION['wrong_pseudo'] = true;
header('location: /app/admin/login/?action=signup');
exit;
}
// Check if the email is valid.
if (!$email) {
$_SESSION['error_msg'] = "This email is invalid. Please type a valid email.";
$_SESSION['wrong_email'] = true;
header('location: /app/admin/login/?action=signup');
exit;
}
// Check if the email exists in the database.
$user_email = getUserByEmail($email);
function processLDAPLogin($username, $password)
{
if (authLDAPUser($username, $password)) {
$userresult = getUserByUsername($username);
if (mysql_num_rows($userresult) > 0) {
return $userresult;
} else {
if (getConfigVar("login_to_register")) {
return createUserFromLDAP($username, $password);
} else {
return false;
}
}
} else {
return false;
}
}
$password = mysql_real_escape_string($_POST["password"]);
$data_login = array('username' => $username, 'password' => md5($password), 'status' => 1);
$error = array();
$error_warning = NULL;
if (empty($username)) {
$error[] = $lang['error_username_empty'];
}
if (empty($password)) {
$error[] = $lang['error_password_empty'];
}
if (!verifyLoginAdmin($data_login)) {
$error[] = $lang['error_failed_login'];
}
if (empty($error)) {
$success = $lang['success_login'];
$user_data = getUserByUsername($data_login);
$_SESSION['coin_user_id'] = $user_data['user_id'];
header('Location:home.html');
} else {
foreach ($error as $key => $values) {
$error_warning = $values . '<br/>';
}
}
}
?>
<div id="content">
<div class="box" style="width: 400px; min-height: 300px; margin-top: 40px; margin-left: auto; margin-right: auto;">
<div class="heading">
<h1><img src="includes/images/lockscreen.png" alt="" /> <?php
echo $lang['text_login'];
?>
$erroroccured = true;
$error = 'ERROR - no lastname supplied';
}
if (!isset($msisdn) || $msisdn == "") {
$erroroccured = true;
$error = 'ERROR - no mobile number supplied';
}
if (!$erroroccured) {
// Going to add a user now have confirmed all the required values were supplied.
$result = createUser($username, $password, $firstname, $lastname, $username, $msisdn);
if ($result == "ERROR") {
$erroroccured = true;
$error = 'ERROR - not able to create user at this time please try again later.';
} else {
$users = array();
$users = getUserByUsername($username);
if (count($users) == 0) {
$erroroccured = true;
$error = 'ERROR - not able to locate user at this time please try again later.';
}
}
}
} else {
$erroroccured = true;
$error = 'ERROR - no valid action supplied';
}
echo '
<?xml version="1.0" encoding="UTF-8"?>';
if ($erroroccured) {
echo '
<response code="400">
function process_registration()
{
// used for testing
//sleep(1);
$username = strtolower(trim($_POST['username']));
$email = trim($_POST['email']);
$password = trim($_POST['password']);
include _DOCROOT . '/inc/sql-core.php';
include _DOCROOT . '/html/pre-header.php';
include _DOCROOT . '/inc/functions.class.php';
include _DOCROOT . '/modules/site/site-data.php';
$fn = new Functions();
$err = false;
// 1. check value fields.
$email_check = $fn->checkEmail($email);
if ($email_check === false) {
$err = true;
$htmls['#email_err'] = 'Invalid format. Use something similar to username@domain.com';
}
$un_check = $fn->checkUsername($username);
if ($un_check != "") {
$err = true;
$htmls['#username_err'] = $un_check;
}
$pw_check = $fn->checkUsername($password);
if ($pw_check != "") {
$err = true;
$htmls['#password_err'] = $pw_check;
}
$existingUser = getUserByUsername($username);
if (count($existingUser) > 0) {
$err = true;
$htmls['#username_err'] = "Username already exists. Try a different name.";
}
$existingUser = getUserByEmail($email);
if (count($existingUser) > 0) {
$err = true;
$htmls['#email_err'] = "This email is already registered. Try a different one.";
}
if ($err) {
echo json_encode(array('htmls' => $htmls));
} else {
// 2. create user folder.
$fn->makeUserFolder(strtolower($username));
// 3. create salt / tokens.
$salt = md5($username . time());
$token = md5($email . $salt);
// 4. insert into database.
$sql_u = "INSERT INTO signup (\n email,\n username,\n `password`,\n token,\n salt,\n fname,\n lname,\n bday,\n created,\n lastloggedin\n ) VALUES (\n ?,?,?,?,?,?,?,?,?,?\n )";
sqlRun($sql_u, 'ssssssssii', array($email, $username, md5($password), $token, $salt, "", "", "", time(), time()));
// 5. send out email.
$to = $email;
$subject = "Your Website Registration";
$message = "Click this link to validate your email. Or, copy / paste this code";
$headers = 'From: webmaster@mypersonalwebsite.com' . "\r\n" . 'Reply-To: webmaster@mypersonalwebsite.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
//mail($to, $subject, $message, $headers);
// 6. Set session variables.
$_SESSION['site_user_username'] = $username;
$_SESSION['site_user_salt'] = $salt;
$_SESSION['site_user_token'] = $token;
// 7. display success message (check email or check email and enter verification code).
echo json_encode(array('closevbox' => true, 'redirect' => $username));
/*
echo json_encode(array(
'closevbox' => true,
'redirect' => strtolower(trim($_POST['username']))
));
*/
}
}
function processLDAPLogin($username, $password){
if(authLDAPUser($username, $password)){
$userresult = getUserByUsername($username);
if(mysql_num_rows($userresult) >= 1){
return $userresult;
}else{
return createUserFromLDAP($username, $password);
}
}else{
return false;
}
}
<?php
