Beispiel #1
0
<?php

//Controller for log out
require_once 'functions/session.php';
// Controller Enter point
if (!empty($_GET['lo'])) {
    if ($_GET['lo'] === 'yes') {
        $a = log_out();
        // $a in succes is true
    }
}
header('Location: index.php');
Beispiel #2
0
} else {
    $ccar_to_treat = "go_home";
}
// Appel de la fonction associée à la demande
switch ($ccar_to_treat) {
    case "go_home":
        about_ppr();
        break;
    case "display_nouvelingenieur":
        about_nouvelingenieur();
        break;
    case "login":
        log_in();
        break;
    case "logout":
        log_out();
        break;
    case "create_account":
        create_account();
        break;
    case "confirm_subscribe":
        validate_account();
        break;
    case "change_pass":
        change_password(false);
        break;
    case "lost_ids":
        change_password(true);
        break;
    case "delete_account":
        if (isset($_SESSION["delete_account_state"]) && $_SESSION["delete_account_state"] == "display") {
Beispiel #3
0
function logged_in()
{
    if (!session_id()) {
        session_start();
    }
    $guest = \ui\config('auth_guest');
    $timestamp = 0;
    if (isset($_SESSION[IID . '_login_key']) && isset($_SESSION[IID . '_login_time']) && isset($_SESSION[IID . '_login_email'])) {
        $timestamp = $_SESSION[IID . '_login_time'];
        $email = $_SESSION[IID . '_login_email'];
        $key = $_SESSION[IID . '_login_key'];
    } elseif (isset($_COOKIE[IID . '_login_key']) && isset($_COOKIE[IID . '_login_time']) && isset($_COOKIE[IID . '_login_email'])) {
        $timestamp = $_COOKIE[IID . '_login_time'];
        $email = $_COOKIE[IID . '_login_email'];
        $key = $_COOKIE[IID . '_login_key'];
    } else {
        log_out();
        return $guest;
    }
    \ui\db\select(\ui\config('auth_table'), array('*'), "WHERE email='" . \ui\db\escape($email) . "' LIMIT 1");
    $user = \ui\db\assoc();
    if (!$user) {
        //The user doesent exist. See if it is the hardcoded admin
        $admin = \ui\config('auth_admin');
        if ($email === $admin['email']) {
            $user = $admin;
            $user['password'] = pass($admin['password'], substr(\ui\config('salt'), 0, 8));
        }
    }
    if ($user) {
        $key1 = make_key($user['email'], $user['password'], $timestamp);
        if ($key === $key1) {
            return $user;
        }
    }
    log_out();
    return $guest;
}
Beispiel #4
0
function log_in($name, $pass, $remember = true)
{
    $users = \ui\config('auth2_users');
    if (!isset($users[$name])) {
        log_out();
        return false;
    }
    $actual_pass = $users[$name]['password'];
    if ($pass !== $actual_pass) {
        \ui\log('FAILED LOGIN ATTEMPT FROM ' . $_SERVER['REMOTE_ADDR']);
        log_out();
        return false;
    }
    if (!session_id()) {
        session_start();
    }
    session_regenerate_id();
    $timestamp = time();
    $_SESSION[IID . '_login2_time'] = $timestamp;
    $_SESSION[IID . '_login2_user'] = $name;
    $_SESSION[IID . '_login2_key'] = make_key($name, $actual_pass, $timestamp);
    if ($remember) {
        setcookie(IID . '_login2_key', $_SESSION[IID . '_login2_key'], $timestamp + 3600 * 24 * 30, '/');
        setcookie(IID . '_login2_user', $_SESSION[IID . '_login2_user'], $timestamp + 3600 * 24 * 30, '/');
        setcookie(IID . '_login2_time', $timestamp, time() + 3600 * 24 * 30, '/');
    }
    return true;
}
Beispiel #5
0
             }
         } else {
             if ($settings['temp_block_ip_after_repeated_failed_logins'] == 1) {
                 count_failed_logins();
             }
             setcookie($settings['session_prefix'] . 'auto_login', '', 0);
         }
     } else {
         if ($settings['temp_block_ip_after_repeated_failed_logins'] == 1) {
             count_failed_logins();
         }
         setcookie($settings['session_prefix'] . 'auto_login', '', 0);
     }
     break;
 case "logout":
     log_out($_SESSION[$settings['session_prefix'] . 'user_id']);
     header("location: index.php");
     exit;
     break;
 case "pw_forgotten_submitted":
     if (trim($_POST['pwf_email']) == '') {
         $error = true;
     }
     if (empty($error)) {
         $pwf_result = @mysql_query("SELECT user_id, user_name, user_email FROM " . $db_settings['userdata_table'] . " WHERE user_email = '" . mysql_real_escape_string($_POST['pwf_email']) . "' LIMIT 1", $connid) or raise_error('database_error', mysql_error());
         if (mysql_num_rows($pwf_result) != 1) {
             $error = true;
         } else {
             $field = mysql_fetch_array($pwf_result);
         }
         mysql_free_result($pwf_result);
Beispiel #6
0
 /**
  * log out method
  */
 public function logout()
 {
     log_out();
     redirect(base_url());
 }
Beispiel #7
0
include_once "script_php/pages_secondlevel/accounts.php";
include_once "script_php/pages_secondlevel/posts.php";
include_once "script_php/pages_secondlevel/comments.php";
include_once "script_php/pages_secondlevel/tool.php";
/********************************************************************************************************************************/
// Sont appelées ici toutes les fonctions qui ne sont exécutées que de manière "transitoire" avant un retour sur une autre page //
/********************************************************************************************************************************/
$treat_post = true;
if (isset($_GET["action"]) && is_string($_GET["action"])) {
    $ccar_to_treat = htmlentities($_GET["action"]);
    switch ($ccar_to_treat) {
        case "logout":
            $treat_post = false;
            if (is_logged()) {
                header('Location:index.php?action=logout');
                log_out(1);
            }
            break;
        case "moderation":
            $treat_post = false;
            moderate_post();
            header('Location:index.php?action=display_post');
            break;
        case "anonymization":
            $treat_post = false;
            change_post_confidentiality_status();
            header('Location:index.php?action=display_post');
            break;
        case "vote_post":
            $treat_post = false;
            vote_post();
Beispiel #8
0
<?php

include "../config.php";
include "../core.php";
$postdata = json_decode(file_get_contents('php://input'));
$action = $postdata->action;
switch ($action) {
    case "logIn":
        log_in($postdata);
        break;
    case "logOut":
        log_out($postdata);
        break;
    case "changePassword":
        change_password($postdata);
        break;
    case "remindPassword":
        remind_password($postdata);
        break;
}
function log_in($postdata)
{
    global $db_host;
    global $db_name;
    global $db_user;
    global $db_password;
    $username = $postdata->data->username;
    $password = $postdata->data->password;
    $user_permissions = array();
    $result = new stdClass();
    /* Подключение к БД */
Beispiel #9
0
}
if (isset($user_agents) && trim($user_agents) != '') {
    $banned_user_agents_array = explode(',', trim($user_agents));
    foreach ($banned_user_agents_array as $banned_user_agent) {
        if ($banned_user_agent != '' && preg_match("/" . $banned_user_agent . "/i", $_SERVER['HTTP_USER_AGENT'])) {
            raise_error('403');
        }
    }
}
// look if user blocked:
if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
    $block_result = mysql_query("SELECT user_lock FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($_SESSION[$settings['session_prefix'] . 'user_id']) . " LIMIT 1", $connid) or raise_error('database_error', mysql_error());
    $data = mysql_fetch_array($block_result);
    mysql_free_result($block_result);
    if ($data['user_lock'] == 1) {
        log_out($_SESSION[$settings['session_prefix'] . 'user_id'], 'account_locked');
    }
}
// user settings:
if (isset($_COOKIE[$settings['session_prefix'] . 'usersettings'])) {
    $usersettings_cookie = explode('.', $_COOKIE[$settings['session_prefix'] . 'usersettings']);
}
// visited postings:
if (isset($_COOKIE[$settings['session_prefix'] . 'visited'])) {
    $visited = explode('.', $_COOKIE[$settings['session_prefix'] . 'visited']);
}
if (empty($_SESSION[$settings['session_prefix'] . 'usersettings'])) {
    #$usersettings['view'] = $settings['default_view'];
    if (isset($usersettings_cookie[0])) {
        $usersettings['user_view'] = intval($usersettings_cookie[0]);
    } else {