function login_check_is_captcha_valid() { require 'recaptcha.php'; $resp = recaptcha_check_answer(RECAPTCHA_PRIVATE, $_SERVER["REMOTE_ADDR"], $_REQUEST["recaptcha_challenge_field"], $_REQUEST["recaptcha_response_field"]); if (!$resp->is_valid) { login_redirect($GLOBALS['url'], 'invalidcaptcha'); } }
function signup() { // Logged In or Disabled if ($this->social_auth->logged_in()) { redirect(login_redirect()); } if (config_item('users_signup') == 'FALSE') { redirect(base_url()); } // Display The Create User Form $this->data['name'] = ""; $this->data['email'] = ""; $this->data['password'] = ""; $this->data['password_confirm'] = ""; $this->data['page_title'] = "Signup"; $this->render('wide'); }
function index() { if ($this->session->userdata('user_level_id') > config_item('home_view_permission')) { redirect(login_redirect()); } // Load Things $this->load->library('activity_igniter'); $this->data['page_title'] = 'Home'; $this->data['apps'] = ''; foreach ($this->modules_scan as $app) { $app_path = APPPATH . 'modules/' . $app . '/app.json'; if (file_exists($app_path)) { $this->data['apps'][] = json_decode(file_get_contents($app_path)); } } $this->data['activity'] = $this->social_igniter->get_activity_view('site_id', 1, 100); $this->render('dashboard_wide'); }
<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/cms.incs/basics.php'; //require_once SCRIPTBASE.'cms.incs/common.php'; require_once SCRIPTBASE . 'cms.incs/recaptcha.php'; require_once SCRIPTBASE . 'cms.incs/login-libs.php'; $captcha = recaptcha_get_html(RECAPTCHA_PUBLIC); if (isset($_SESSION['userdata'])) { login_redirect("/cms.user/index.php"); } ?> <html> <head> <title>Login</title> <link rel="stylesheet" type="text/css" href="/cms.admin/login/login.css"/> <link rel="stylesheet" type="text/css" href="/common/css/jqueryui/1.8.0/jquery-ui.css"/> <script type="text/javascript" src="/common/js/1.4.2/jquery.min.js"></script> <script type="text/javascript" src="/common/js/jqueryui/1.8.0/jquery-ui.min.js"></script> <script type="text/javascript" src="/cms.admin/login/login.js"></script> <!-- <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script> <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js"></script> <link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/themes/south-street/jquery-ui.css" /> <script src="/cms.admin/login/login.js"></script> <link rel="stylesheet" type="text/css" href="/cms.admin/login/login.css" />--> <style> body{ background-image: url('/common/images/background.jpg'); } </style>
if (!isset($_REQUEST['password']) || $_REQUEST['password'] == '') { login_redirect($GLOBALS['url'], 'nopassword'); } login_check_is_captcha_provided(); login_check_is_captcha_valid(); // check that the email and password provided exists in the database.. $password = md5($_REQUEST['email'] . '|' . $_REQUEST['password']); //var_dump($_REQUEST['email']); //die(); //echo $_REQUEST['email'].'<br/>'; //echo $_REQUEST['password'].'<br/>'; //echo $password; //die(); //$password = md5('jaishankarh@gmail.com|123456789'); //$check_query = 'SELECT * FROM user_accounts WHERE email="'.$_REQUEST['email'].'" AND password="******" AND active=1'; $check_query = 'SELECT * FROM ' . $tp . 'login WHERE email="' . $_REQUEST['email'] . '" AND password="******" AND active=1'; $r = dbRow($check_query); if ($r == false) { login_redirect($GLOBALS['url'], 'loginfailed'); } //success set the session variable, then redirect $_SESSION['userdata'] = $r; $groups = json_decode($r['groups']); $_SESSION['userdata']['groups'] = array(); foreach ($groups as $g) { $_SESSION['userdata']['groups'][$g] = true; } $query = 'UPDATE ' . $tp . 'login SET logged_in=1 WHERE uid=' . $r['uid']; dbQuery($query); login_redirect($GLOBALS['url']);
/** * Start session (restore existent session or create new) * * @param array $cfg * * @return array|bool */ function session_start($cfg = array()) { global $ft_cfg; $update_sessions_table = false; $this->cfg = array_merge($this->cfg, $cfg); $session_id = $this->sessiondata['sid']; // Does a session exist? if ($session_id || !$this->sessiondata['uk']) { $SQL = DB()->get_empty_sql_array(); $SQL['SELECT'][] = "u.*, s.*"; $SQL['FROM'][] = SESSIONS_TABLE . " s"; $SQL['INNER JOIN'][] = USERS_TABLE . " u ON(u.user_id = s.session_user_id)"; if ($session_id) { $SQL['WHERE'][] = "s.session_id = '{$session_id}'"; $userdata_cache_id = $session_id; } else { $SQL['WHERE'][] = "s.session_ip = '" . USER_IP . "'"; $SQL['WHERE'][] = "s.session_user_id = " . GUEST_UID; $userdata_cache_id = USER_IP; } if (!($this->data = cache_get_userdata($userdata_cache_id))) { $this->data = DB()->fetch_row($SQL); if ($this->data && TIMENOW - $this->data['session_time'] > $ft_cfg['session_update_intrv']) { $this->data['session_time'] = TIMENOW; $update_sessions_table = true; } cache_set_userdata($this->data); } } // Did the session exist in the DB? if ($this->data) { // Do not check IP assuming equivalence, if IPv4 we'll check only first 24 // bits ... I've been told (by vHiker) this should alleviate problems with // load balanced et al proxies while retaining some reliance on IP security. $ip_check_s = substr($this->data['session_ip'], 0, 6); $ip_check_u = substr(USER_IP, 0, 6); if ($ip_check_s == $ip_check_u) { if ($this->data['user_id'] != GUEST_UID && defined('IN_ADMIN')) { define('SID_GET', "sid={$this->data['session_id']}"); } $session_id = $this->sessiondata['sid'] = $this->data['session_id']; // Only update session a minute or so after last update if ($update_sessions_table) { DB()->query("\n\t\t\t\t\t\tUPDATE " . SESSIONS_TABLE . " SET\n\t\t\t\t\t\t\tsession_time = " . TIMENOW . "\n\t\t\t\t\t\tWHERE session_id = '{$session_id}'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t"); } $this->set_session_cookies($this->data['user_id']); } else { $this->data = array(); } } // If we reach here then no (valid) session exists. So we'll create a new one, // using the cookie user_id if available to pull basic user prefs. if (!$this->data) { $login = false; $user_id = $ft_cfg['allow_autologin'] && $this->sessiondata['uk'] && $this->sessiondata['uid'] ? $this->sessiondata['uid'] : GUEST_UID; if ($userdata = get_userdata(intval($user_id), false, true)) { if ($userdata['user_id'] != GUEST_UID && $userdata['user_active']) { if (verify_id($this->sessiondata['uk'], LOGIN_KEY_LENGTH) && $this->verify_autologin_id($userdata, true, false)) { $login = $userdata['autologin_id'] && $this->sessiondata['uk'] === $userdata['autologin_id']; } } } if (!$userdata || $userdata['user_id'] != GUEST_UID && !$login) { $userdata = get_userdata(GUEST_UID, false, true); } $this->session_create($userdata, true); } define('IS_GUEST', !$this->data['session_logged_in']); define('IS_ADMIN', !IS_GUEST && $this->data['user_level'] == ADMIN); define('IS_MOD', !IS_GUEST && $this->data['user_level'] == MOD); define('IS_USER', !IS_GUEST && $this->data['user_level'] == USER); define('IS_SUPER_ADMIN', IS_ADMIN && isset($ft_cfg['super_admins'][$this->data['user_id']])); define('IS_AM', IS_ADMIN || IS_MOD); $this->set_shortcuts(); // Redirect guests to login page if (IS_GUEST && $this->cfg['req_login']) { login_redirect(); } $this->init_userprefs(); return $this->data; }
} } } // field => can_edit $profile_fields = array('username' => true, 'user_password' => true, 'user_email' => true, 'user_timezone' => true, 'user_lang' => true, 'user_opt' => true); $pr_data = array('user_id' => GUEST_UID, 'username' => '', 'user_password' => '', 'user_email' => '', 'user_timezone' => $bb_cfg['board_timezone'], 'user_lang' => $bb_cfg['default_lang'], 'user_opt' => 0, 'avatar_ext_id' => 0); break; /** * Редактирование профиля */ /** * Редактирование профиля */ case 'editprofile': if (IS_GUEST) { login_redirect(); } // field => can_edit $profile_fields = array('user_active' => IS_ADMIN, 'username' => IS_ADMIN || $bb_cfg['allow_namechange'], 'user_password' => true, 'user_email' => true, 'user_lang' => true, 'user_gender' => true, 'user_birthday' => true, 'user_timezone' => true, 'user_opt' => true, 'avatar_ext_id' => true, 'user_icq' => true, 'user_skype' => true, 'user_twitter' => true, 'user_website' => true, 'user_from' => true, 'user_sig' => true, 'user_occ' => true, 'user_interests' => true, 'tpl_name' => true); // Выбор профиля: для юзера свой, для админа любой if (IS_ADMIN && !empty($_REQUEST['u'])) { $pr_user_id = (int) $_REQUEST['u']; $adm_edit = $pr_user_id != $userdata['user_id']; } else { $pr_user_id = $userdata['user_id']; } $profile_fields_sql = join(', ', array_keys($profile_fields)); $sql = "\n\t\t\tSELECT\n\t\t\t\tuser_id,\n\t\t\t\tuser_rank,\n\t\t\t\tuser_level,\n\t\t\t\t{$profile_fields_sql}\n\t\t\tFROM " . BB_USERS . "\n\t\t\tWHERE user_id = {$pr_user_id}\n\t\t\tLIMIT 1\n\t\t"; if (!($pr_data = DB()->fetch_row($sql))) { bb_die($lang['PROFILE_NOT_FOUND']); }
<?php require 'login-libs.php'; login_check_is_email_provided(); login_check_is_captcha_provided(); login_check_is_captcha_valid(); // check that the email matches a row in the user table $r = dbRow('select email from user_accounts where email="' . addslashes($_REQUEST['email']) . '"'); if ($r == false) { login_redirect($url, 'nosuchemail'); } // success! generate a validation email, then redirect $validation_code = md5(time() . '|' . $r['email']); $email_domain = preg_replace('/^www\\./', '', $_SERVER['HTTP_HOST']); dbQuery('update user_accounts set activation_key="' . $validation_code . '" where email="' . addslashes($r['email']) . '"'); $validation_url = 'http://' . $_SERVER['HTTP_HOST'] . '/ww.incs/forgotten-password-verification.php?verification_code=' . $validation_code . '&email=' . $r['email'] . '&redirect_url=' . $url; mail($r['email'], "[{$email_domain}] forgotten password", "Hello!\n\nThe forgotten password form at http://" . $_SERVER['HTTP_HOST'] . "/ was submitted. If you did not do this, you can safely discard this email.\n\nTo log into your account, please use the link below, and then reset your password.\n\n{$validation_url}", "From: no-reply@{$email_domain}\nReply-to: no-reply@{$email_domain}"); login_redirect($url, 'validationsent');
function index() { if ($this->session->userdata('user_level_id') > config_item('home_view_permission')) { redirect(login_redirect()); } $timeline = NULL; $timeline_view = NULL; // Load $this->data['home_greeting'] = random_element($this->lang->line('home_greeting')); $this->data['social_post'] = $this->social_igniter->get_social_post($this->session->userdata('user_id'), 'social_post_horizontal'); $this->data['groups'] = $this->social_tools->make_group_dropdown($this->session->userdata('user_id'), $this->session->userdata('user_level_id'), '+ Add Group'); $this->data['group_id'] = ''; // Pick Type of Feed if ($this->uri->total_segments() == 1) { $this->data['page_title'] = 'Home'; $timeline = $this->social_igniter->get_timeline(NULL, 10); } elseif ($this->uri->segment(2) == 'friends') { $this->data['page_title'] = 'Friends'; if ($friends = $this->social_tools->get_relationships_owner($this->session->userdata('user_id'), 'user', 'follow')) { $timeline = $this->social_igniter->get_timeline_friends($friends, 10); } } elseif ($this->uri->segment(2) == 'likes') { $this->data['page_title'] = 'Likes'; $likes = $this->social_tools->get_ratings_likes_user($this->session->userdata('user_id')); $timeline = $this->social_igniter->get_timeline_likes($likes, 10); } elseif ($this->uri->segment(2) == 'group') { $group = $this->social_tools->get_category($this->uri->segment(3)); $this->data['page_title'] = $group->category; $this->data['group_id'] = $this->uri->segment(3); $timeline = $this->social_igniter->get_timeline_group($group->category_id, 10); } else { $this->data['page_title'] = display_nice_file_name($this->uri->segment(2)); $this->data['sub_title'] = 'Recent'; $timeline = $this->social_igniter->get_timeline($this->uri->segment(2), 10); } // Build Feed if (!empty($timeline)) { foreach ($timeline as $activity) { // Item $this->data['item_id'] = $activity->activity_id; $this->data['item_type'] = item_type_class($activity->type); // Contributor $this->data['item_user_id'] = $activity->user_id; $this->data['item_avatar'] = $this->social_igniter->profile_image($activity->user_id, $activity->image, $activity->gravatar); $this->data['item_contributor'] = $activity->name; $this->data['item_profile'] = base_url() . 'profile/' . $activity->username; // Activity $this->data['item_content'] = $this->social_igniter->render_item($activity); $this->data['item_content_id'] = $activity->content_id; $this->data['item_date'] = format_datetime(config_item('home_date_style'), $activity->created_at); $this->data['item_source'] = ''; if ($activity->site_id != config_item('site_id')) { $this->data['item_source'] = ' via <a href="' . prep_url(property_exists($activity, 'canonical') && $activity->canonical ? $activity->canonical : $activity->url) . '" target="_blank">' . $activity->title . '</a>'; } // Actions $this->data['item_comment'] = base_url() . 'comment/item/' . $activity->activity_id; $this->data['item_comment_avatar'] = $this->data['logged_image']; $this->data['item_can_modify'] = $this->social_auth->has_access_to_modify('activity', $activity, $this->session->userdata('user_id'), $this->session->userdata('user_level_id')); $this->data['item_edit'] = base_url() . 'home/' . $activity->module . '/manage/' . $activity->content_id; $this->data['item_delete'] = base_url() . 'api/activity/destroy/id/' . $activity->activity_id; // View $timeline_view .= $this->load->view(config_item('dashboard_theme') . '/partials/item_timeline.php', $this->data, true); } } else { $timeline_view = '<li><p>Nothing to show from anyone!</p></li>'; } // Final Output $this->data['timeline_view'] = $timeline_view; $this->render(); }
<?php require_once 'login-libs.php'; $tp = $DBVARS['tp']; login_check_is_captcha_provided(); login_check_is_captcha_valid(); if (!isset($_POST['username'])) { login_redirect($GLOBALS['url'], 'nousername'); } login_check_is_email_provided(); if (!isset($_POST['password']) || $_POST['password'] == '') { login_redirect($GLOBALS['url'], 'nopassword'); } if ($_POST['password'] != $_POST['password2']) { login_redirect($GLOBALS['url'], 'passwordmismatch'); } else { $password = md5($_POST['email'] . '|' . $_POST['password']); $sql = 'set uname="' . $_POST['username'] . '", email="' . $_POST['email'] . '", password="******", active=1, groups=\'["_users"]\''; dbQuery('insert into ' . $tp . 'login ' . $sql); login_redirect($GLOBALS['url'], 'regisersuccess'); }
<?php require_once 'login-libs.php'; $tp = $DBVARS['tp']; login_check_is_email_provided(); if (!isset($_REQUEST['verification_code']) || $_REQUEST['verification_code'] == '') { login_redirect($url, 'validationfailed'); } $r = dbRow('SELECT email FROM ' . $tp . 'login WHERE email="' . $_REQUEST['email'] . '" AND activation_key="' . $_REQUEST['verification_code'] . '" AND active;'); if ($r == FALSE) { login_redirect($url, 'validationfailed'); } dbQuery('UPDATE ' . $tp . 'login SET activation_key="" WHERE email="' . $_REQUEST['email'] . '"'); login_redirect($url, 'verified');
function myredirect() { login_redirect('index.php'); }
<?php require_once 'login-libs.php'; $tp = $DBVARS['tp']; login_check_is_email_provided(); login_check_is_captcha_provided(); login_check_is_captcha_valid(); $r = dbRow('SELECT email FROM ' . $tp . 'login WHERE email="' . $_REQUEST['email'] . '" AND active;'); if ($r == FALSE) { login_redirect($url, 'nosuchemail'); } $validation_code = md5(time() . '|' . $r['email']); $email_domain = preg_replace('/^www\\./', '', $_SERVER['HTTP_HOST']); dbQuery('UPDATE ' . $tp . 'login SET activation_key="' . $validation_code . '" WHERE email="' . $r['email'] . '"'); $validation_url = 'http://' . $_SERVER['HTTP_HOST'] . '/cms.incs/forgotten-password-validate.php?' . htmlspecialchars(http_build_query(array("verification_code" => $validation_code, 'email' => $r['email'], 'redirect' => $url))); $mailsent = mail($r['email'], $email_domain . 'Forgotten Password', "Hello!\n\nThe forgotten password form at http://" . $_SERVER['HTTP_HOST'] . "/ was submitted. If you did not do this, you can safely discard this email.\n\n\n To log into your account, please use the link below, and then reset your password.\n\n{$validation_url}", "From: jaishankar@{$email_domain}\nReply-to: jaishankarh@gmail.com"); if ($mailsent) { login_redirect($url, "validationsent"); } login_redirect($url, "novalidation");
<?php require 'login-libs.php'; login_check_is_email_provided(); // check that the password is provided if (!isset($_REQUEST['password']) || $_REQUEST['password'] == '') { login_redirect($url, 'nopassword'); } login_check_is_captcha_provided(); login_check_is_captcha_valid(); // check that the email/password combination matches a row in the user table $password = md5($_REQUEST['email'] . '|' . $_REQUEST['password']); $r = dbRow('select * from user_accounts where email="' . addslashes($_REQUEST['email']) . '" and password="******" and active'); if ($r == false) { login_redirect($url, 'loginfailed'); } // success! set the session variable, then redirect $_SESSION['userdata'] = $r; $groups = json_decode($r['groups']); $_SESSION['userdata']['groups'] = array(); foreach ($groups as $g) { $_SESSION['userdata']['groups'][$g] = true; } if ($r['extras'] == '') { $r['extras'] = '[]'; } $_SESSION['userdata']['extras'] = json_decode($r['extras']); login_redirect($url);