function login()
{
if (isset($_POST['username'])) {
$db = new mysqli('localhost', 'root', 'root', 'gurucodertutorial_login');
$username = $db->real_escape_string($_POST['username']);
$password = $db->real_escape_string($_POST['password']);
if (userExists($username)) {
if (verifyPassword($username, $password)) {
header('Location: /GuruCoder-Tutorials/login.php?message=Successfully logged in');
} else {
header('Location: /GuruCoder-Tutorials/login.php?message=Incorrect password');
}
} else {
header('Location: /GuruCoder-Tutorials/login.php?message=No user exists');
}
}
}
static function login($username, $password)
{
if (!is_string($username) || !is_string($password)) {
return false;
}
$sql = "SELECT * FROM users WHERE name = :username;";
$db = static::getDb();
$s = $db->prepare($sql);
$s->execute([":username" => $username]);
$user = $s->fetch(PDO::FETCH_ASSOC);
if ($user != null && $user !== false && verifyPassword($password, $user["password"])) {
static::setCookie(static::LOGIN_COOKIE, $user["auth_key"]);
static::updateAuthKey($user["id"]);
return true;
} else {
return false;
}
}
function administratorLogIn($db, $email, $password)
{
$check = $db->prepare('SELECT * FROM person WHERE email = :email');
$check->execute(array(':email' => $email));
if (($emailExist = $check->fetch()) && verifyPassword($emailExist['hash'], $password)) {
$update = $db->prepare('UPDATE person SET hash = :hash, last_connection = :lastConnection WHERE id = :id');
$update->execute(array(':hash' => generatePassword($password), ':lastConnection' => date('Y-m-d H:i:s'), ':id' => $emailExist['id']));
$_SESSION['id'] = $emailExist['id'];
$_SESSION['first_name'] = $emailExist['first_name'];
$_SESSION['last_name'] = $emailExist['last_name'];
$_SESSION['gender'] = $emailExist['gender'];
$_SESSION['email'] = $emailExist['email'];
$_SESSION['is_administrator'] = $emailExist['is_administrator'];
$_SESSION['last_connection'] = $emailExist['last_connection'];
} else {
header('Location: index.php?msg=errorConnection');
}
}
function execChangePW($password, $newpassword, $confirmpw)
{
if ($password == "" || $newpassword == "" || $confirmpw == "") {
return "Please fill all the necessary information!";
}
if (!isValidPassword($password) || !isValidPassword($newpassword)) {
return "Please enter a valid password!";
}
if ($newpassword !== $confirmpw) {
return "The new password and the confirmed new password must be the same!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
if (!verifyPassword($password, $user->getPassword())) {
return "The old password you entered is not correct!";
}
$encryptPW = encryptPassword($newpassword);
$user->setPassword($encryptPW);
$userDAO->updateUser($user);
return true;
}
function execLogin($username, $password)
{
$username = (string) $username;
$password = (string) $password;
if ($username == "" || $password == "") {
return "Username or password can not be empty!";
}
if (!isValidUsername($username) || !isValidPassword($password)) {
return "Username or password is invalid!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByUsername($username);
if ($user === null || !verifyPassword($password, $user->getPassword())) {
return "There is no user account matching the Username and Password provided.";
}
if ($user->getRole()->getRoleID() == "4") {
return "This user was forbidden to login!";
}
login($user->getUserID());
return true;
}
/**
* Überprüft, ob das angegebene Passwort korrekt ist. Wenn dem so ist,
* wird je nachdem, welche Daten vorhanden sind, das Passwort und/oder
* die E-Mail-Adresse modifiziert.
*/
function executeModification()
{
// Passwort überpruefen
if (!isset($_POST['currentPassword'])) {
throw new Exception('Bitte geben Sie Ihr Passwort an.');
}
$verified = verifyPassword();
if (!$verified) {
throw new Exception('Bitte geben Sie ihr korrektes Passwort an.');
}
$success = true;
$userid = $_SESSION['userid'];
// überpruefen, was geändert werden soll
$changePassword = isset($_POST['newPassword']) && $_POST['newPassword'] != '' && (isset($_POST['newPasswordRepeat']) && $_POST['newPasswordRepeat'] != '');
$changeEmail = isset($_POST['newEmail']) && $_POST['newEmail'] != '' && (isset($_POST['newEmailRepeat']) && $_POST['newEmailRepeat'] != '');
if ($changePassword) {
$success &= changePassword();
}
if ($changeEmail) {
$success &= changeEmail();
}
if ($success) {
if ($changeEmail && $changePassword) {
echo "Ihre E-Mail-Adresse und Ihr Passwort wurden erfolgreich geändert.";
} else {
if ($changeEmail && !$changePassword) {
echo "Ihre E-Mail-Adresse wurde erfolgreich geändert.";
} else {
if (!$changeEmail && $changePassword) {
echo "Ihr Passwort wurde erfolgreich geändert.";
}
}
}
} else {
throw new Exception();
}
}
}
} else {
displayAccountForm("fail", $us_state_abbrevs, $relationships);
displayPasswordForm("");
}
} elseif (!empty($_POST["fname"]) && !empty($_POST["lname"]) && !empty($_POST["duedate"]) && !empty($_POST["status"]) && !empty($_POST["address"]) && !empty($_POST["city"]) && !empty($_POST["state"]) && !empty($_POST["zip"]) && !empty($_POST["phone"]) && !empty($_POST["email"]) && !empty($_POST["emergency_fname"]) && !empty($_POST["emergency_lname"]) && !empty($_POST["emergency_phone"]) && !empty($_POST["emergency_relationship"]) && (empty($_POST["automatedPasswordReset"]) && (!empty($_POST["newPassword1"]) || !empty($_POST["newPassword2"])))) {
if (verifyEmail(trim($_POST["email"]))) {
if (submitAccountInformation($_POST["fname"], $_POST["lname"], $_POST["duedate"], $_POST["status"], $_POST["address"], $_POST["city"], $_POST["state"], $_POST["zip"], preg_replace("/[^0-9]/", "", $_POST["phone"]), $_POST["email"], $_POST["notes"], $_POST["adminnotes"], $_POST["buttonMemberID"]) && submitEmergencyContactInformation($_POST["emergency_fname"], $_POST["emergency_lname"], preg_replace("/[^0-9]/", "", $_POST["emergency_phone"]), $_POST["emergency_relationship"], $_POST["buttonMemberID"])) {
displayAccountForm("success", $us_state_abbrevs, $relationships);
} else {
displayAccountForm("tech_diff", $us_state_abbrevs, $relationships);
}
} else {
displayAccountForm("fail", $us_state_abbrevs, $relationships);
}
if (verifyPassword($_POST["newPassword1"], $_POST["newPassword2"])) {
if (submitPassword($_POST["newPassword1"])) {
displayPasswordForm("manual");
} else {
displayPasswordForm("tech_diff");
}
} else {
displayPasswordForm("fail");
}
} elseif (!empty($_POST["fname"]) && !empty($_POST["lname"]) && !empty($_POST["duedate"]) && !empty($_POST["status"]) && !empty($_POST["address"]) && !empty($_POST["city"]) && !empty($_POST["state"]) && !empty($_POST["zip"]) && !empty($_POST["phone"]) && !empty($_POST["email"]) && !empty($_POST["emergency_fname"]) && !empty($_POST["emergency_lname"]) && !empty($_POST["emergency_phone"]) && !empty($_POST["emergency_relationship"]) && $_POST["automatedPasswordReset"] == TRUE) {
$accountInfoStatus = FALSE;
if (verifyEmail(trim($_POST["email"]))) {
if (submitAccountInformation($_POST["fname"], $_POST["lname"], $_POST["duedate"], $_POST["status"], $_POST["address"], $_POST["city"], $_POST["state"], $_POST["zip"], preg_replace("/[^0-9]/", "", $_POST["phone"]), $_POST["email"], $_POST["notes"], $_POST["adminnotes"], $_POST["buttonMemberID"]) && submitEmergencyContactInformation($_POST["emergency_fname"], $_POST["emergency_lname"], preg_replace("/[^0-9]/", "", $_POST["emergency_phone"]), $_POST["emergency_relationship"], $_POST["buttonMemberID"])) {
displayAccountForm("success", $us_state_abbrevs, $relationships);
$accountInfoStatus = TRUE;
} else {
function loginUser()
{
global $dbConnection;
if (!connectionExists()) {
getConnection();
}
$errorObject = array();
$userEmail = $_POST['userEmail'];
$stmt = $dbConnection->prepare("SELECT * FROM users WHERE email = '{$userEmail}'");
$stmt->execute();
if ($stmt->rowCount() > 0) {
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (verifyPassword($_POST['userPassword'], $result['passwordHash'])) {
$userData = array();
$userData['message'] = "Success";
$userData['id'] = $result['id'];
$userData['userName'] = $result['userName'];
$userData['userEmail'] = $result['email'];
$userData['dateJoined'] = $result['dateJoined'];
echo json_encode($userData);
} else {
$errorObject['message'] = 'Incorrect password';
echo json_encode($errorObject);
}
} else {
$errorObject['message'] = 'Email does not exist';
echo json_encode($errorObject);
}
}
$app->get('/{url}/edit/', function ($url) use($app) {
return $app->redirect($url . '/edit');
});
// la méthode POST sur la view de chaque note
// il y'aura plusieurs POST possibles vers cette page cest pour cela qu'on fait un switch
$app->post('/{url}/edit', function ($url) use($app) {
$pdo = $app['pdo'];
require './src/model_note_edit.php';
$type = $app['request']->get('type');
// 'type' sera un champ caché dans tous les formulaires
// on fera varier sa valeur selon le cas
// login | protectView | protectEdit | changeUrl
switch ($type) {
case "login":
$password = $app['request']->get('password');
if (verifyPassword($url, $password, $pdo)) {
if (isset($app['session']) and $app['session']->get('id') == $url) {
$app['session']->set('edit', True);
} else {
// set and get session attributes
$app['session']->set('id', $url);
$app['session']->set('view', False);
$app['session']->set('edit', True);
}
return true;
} else {
$app->abort(401, "password incorrect");
}
case "protectView":
$password = $app['request']->get('password');
protectView($url, $password, $pdo);
function restRequestSecurity($action, $email, $password, $confirm, $inviteCode)
{
$securityMsgs = array("bad-invite-code" => "Invite code is missing, expired, or invalid.", "bad-credentials" => "The email address or password you entered is incorrect.", "invalid-email" => "Please enter a valid email address.", "mismatch" => "Passwords do not match.", "user-exists" => "That email address is already in use.", "create-fail" => "Cannot create user.");
$email = strtolower(trim($email));
$accountsDb = readAccountsDb();
$user = array_key_exists($email, $accountsDb->users) ? $accountsDb->users->{$email} : null;
if ($action === "login") {
$msg = verifyPassword($user, $password) ? loginUser($email) : $securityMsgs["bad-credentials"];
} elseif ($action === "create") {
$msg = validateCreateUser($accountsDb, $email, $password, $confirm, $inviteCode, $securityMsgs);
} else {
$msg = "Invalid request.";
}
$success = is_null($msg);
logEvent("security-request", $action, $success, $email, $msg);
return array("authenticated" => $success, "email" => $email, "message" => $success ? "Success." : $msg);
}
