function verify_admin($userArray) { $is_admin = verifyUserIsAdmin($userArray['username']); if (!$is_admin) { throw new Exception('User is not admin!'); } $result = verify_user($userArray); return $result; }
function handle_verify_user_request() { if (isset($_POST['unverify_user'])) { echo "<div class='content_box'>\n"; echo " <h3>" . _("Results") . "</h3>\n"; $uid = post('uid'); try { $verified = get_verified_for_user($uid); if (!$verified) { echo "<p>User {$uid} was not already verified. Any more?</p>\n"; } else { if (unverify_user($uid) == 1) { echo "<p>Unverified user {$uid}. Any more?</p>\n"; } else { throw new Error("Unknown Error", "This shouldn't happen. Please report it."); } } } catch (Exception $e) { echo "<p>{$e->getMessage()}. Try again?</p>\n"; } } else { if (isset($_POST['verify_user'])) { echo "<div class='content_box'>\n"; echo " <h3>" . _("Results") . "</h3>\n"; $uid = post('uid'); try { $verified = get_verified_for_user($uid); if ($verified) { echo "<p>User {$uid} was already verified. Any more?</p>\n"; } else { if (verify_user($uid) == 1) { echo "<p>Verified user {$uid}. Any more?</p>\n"; } else { throw new Error("Unknown Error", "This shouldn't happen. Please report it."); } } } catch (Exception $e) { echo "<p>{$e->getMessage()}. Try again?</p>\n"; } } } }
// Just start syncsvn // Just start syncsvn case "syncsvn": if ($is_svn_node) { syncsvn($username); } break; // Same for all users // Same for all users case "verify-all-users": foreach ($users as $username => $options) { if ($options['status'] != "active") { continue; } print "verify {$username}\n"; verify_user($username); } break; // List currently logged-in users // List currently logged-in users case "list-active": foreach ($users as $username => $options) { if ($options['status'] != "active") { continue; } $nice_period = round((time() - last_access($username)) / 60, 2); print "{$username}\t{$nice_period}\n"; } break; // Logout all users and kill all processes that look related // Logout all users and kill all processes that look related
report_problem(WEAVE_ERROR_INVALID_COLLECTION, 400); } } else { if ($_SERVER['REQUEST_METHOD'] != 'DELETE') { report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 400); } } #quick check to make sure that any non-storage function calls are just using GET if ($function != 'storage' && $_SERVER['REQUEST_METHOD'] != 'GET') { report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 400); } #user passes preliminaries, connections made, onto actually getting the data try { $db = new WeaveStorage($username); #Auth the user verify_user($username, $db); #user passes preliminaries, connections made, onto actually getting the data if ($_SERVER['REQUEST_METHOD'] == 'GET') { if ($function == 'info') { switch ($collection) { case 'quota': exit(json_encode(array($db->get_storage_total()))); case 'collections': exit(json_encode($db->get_collection_list_with_timestamps())); case 'collection_counts': exit(json_encode($db->get_collection_list_with_counts())); case 'collection_usage': $results = $db->get_collection_storage_totals(); foreach (array_keys($results) as $collection) { $results[$collection] = ceil($results[$collection] / 1024); #converting to k from bytes
_gaq.push(['_setAccount', 'UA-78945-24']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <?php include_once "config.php"; include_once "functions.php"; #error_reporting(0); verify_user(); print "<Table><tr><td valign=top>"; print "<center>"; show_gravitar_img(); print "<br>"; print "<a href='dashboard.php?c=logout' alt='log out'><img src='logout.png'></a><br>"; print "<br>"; # <!-- Twitter Button --> print "<a href='https://twitter.com/rsshose' class='twitter-follow-button' data-show-count='false'>Follow @rsshose</a>"; print "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src='//platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document,'script','twitter-wjs');</script><br>"; print "</center>"; print "</td><td valign=top>"; #$vhash_cookie = $_COOKIE['vhash']; #print ("DASHBOARD HASH KEY: $vhash_cookie<br>"); print "<form action='upload_opml_file.php' method='post' enctype='multipart/form-data'>\n"; print "<label for='file'>Upload GReader OPML File:</label>\n";
function login($forms) { $error = ""; $username = $forms["username"]; $password = $forms["password"]; if (!$password) { $password = "******"; } // die("$password"); if ($forms["authtype"] == "ldap") { //define an appropriate ldap search filter to find your users, and filter out accounts such as administrator(administrator should be renamed anyway!). $filter = "(&(|(!(displayname=Administrator*))(!(displayname=Admin*)))(" . LDAP_CN . "={$username}))"; $dn = LDAP_CN . "={$username}, "; if (!($connect = @ldap_connect(LDAP_SRV))) { $error .= "Could not connect to LDAP server:" . LDAP_SRV; } switch (LDAP_MSAD) { case "YES": ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); if (!($bind = @ldap_bind($connect, "{$username}@" . LDAP_DOMAIN, $password))) { $error .= " Unable to bind to LDAP Server: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>"; } break; default: if (!($bind = @ldap_bind($connect, "{$dn}" . LDAP_BASE_DN, $password))) { $error .= " Unable to bind to LDAP Server: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>"; } } if (!($sr = @ldap_search($connect, LDAP_BASE_DN, $filter))) { #search for user $error .= " Unable to search: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>"; } $info = @ldap_get_entries($connect, $sr); // print "Number of entries returned is " .ldap_count_entries($connect, $sr)."<p>"; if (LDAP_USEPRIV == "ON") { if (in_array(LDAP_RW_GROUP, $info[0]["groupmembership"])) { $_SESSION["userpriv"] = "rw"; } elseif (in_array(LDAP_RO_GROUP, $info[0]["groupmembership"])) { $_SESSION["userpriv"] = "ro"; } else { $_SESSION["userpriv"] = "disabled"; // echo "User privileges are " . $_SESSION["userpriv"] . "<br>"; } } if (trim($error) != "") { return $error; } else { $fullname = $info[0]["cn"][0]; $fqdn = $info[0]["dn"]; $_SESSION["username"] = $username; $_SESSION["groups"] = $info[0]["groupmembership"]; $_SESSION["token"] = $password; $_SESSION["fullname"] = $fullname; $_SESSION["fqdn"] = $fqdn; $flname = explode(" ", $fullname); $_SESSION["firstname"] = $flname[0]; $_SESSION["lastname"] = $flname[1]; $_SESSION["pageId"] = "searchform"; // die(phpinfo()); // die(print_r($info[0])); // die(print_r($_SESSION)); } /* from here, do your sql query to query the database to search for existing record with correct username and password */ } elseif ($forms["authtype"] == "basic") { // Using Web basic authentication. Check to see if $_SERVER['REMOTE_USER'] has access, and act accordingly. $username = $_SERVER['REMOTE_USER']; if ($username == "") { $username = "******"; } $dbLink = db_connect_syslog(DBUSER, DBUSERPW); if ($username && verify_user($username, $dbLink)) { $sessionId = md5(mt_rand()); $_SESSION["pageId"] = "searchform"; $expTime = time() + SESSION_EXP_TIME; $expTimeDB = date('Y-m-d H:i:s', $expTime); // Update sessionId and exptime in database $query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n\t\t\t\texptime='" . $expTimeDB . "' WHERE username='******'"; $result = perform_query($query, $dbLink); } else { $error .= " Sorry, {$username} does not have access to this service."; $_SESSION["error"] = "{$error}"; } } elseif ($forms["authtype"] == "cert") { // Using Cert basic authentication.Check certificate SerialNumber first, Subject DN if SerialNumber fails $dbLink = db_connect_syslog(DBUSER, DBUSERPW); if (verify_user($_SERVER['SSL_CLIENT_M_SERIAL'], $dbLink) || verify_user($_SERVER['SSL_CLIENT_S_DN'], $dbLink)) { $sessionId = md5(mt_rand()); $_SESSION["pageId"] = "searchform"; $expTime = time() + SESSION_EXP_TIME; $expTimeDB = date('Y-m-d H:i:s', $expTime); // Update sessionId and exptime in database $query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n exptime='" . $expTimeDB . "' WHERE username='******'"; $result = perform_query($query, $dbLink); } else { $error .= " Sorry, {$username} does not have access to this service."; $_SESSION["error"] = "{$error}"; } } else { // Not using LDAP or WebBasic, revert to local db authentication if ($_POST["username"]) { $username = $_POST["username"]; $password = $_POST["password"]; // die("Info: $username, $password"); $dbLink = db_connect_syslog(DBUSER, DBUSERPW); if ($username && $password && verify_login($username, $password, $dbLink)) { $sessionId = md5(mt_rand()); $_SESSION["pageId"] = "searchform"; // Calculate the expiration time $expTime = time() + SESSION_EXP_TIME; $expTimeDB = date('Y-m-d H:i:s', $expTime); // Update sessionId and exptime in database $query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n\t\t\t\t\texptime='" . $expTimeDB . "' WHERE username='******'"; $result = perform_query($query, $dbLink); } else { $error .= " Invalid password for user {$username}"; $_SESSION["error"] = "{$error}"; } } else { $error .= " Missing POST variables"; $_SESSION["error"] = "{$error}"; } } if (trim($error) != "") { return $error; } else { $_SESSION["username"] = $username; return $username; } }
<?php # # Author: Troy Riblett, troy.riblett@oit.edu # Created: 1/16/2016 # Last Modified: 1/23/2016 # # login_user # This script is designed to be a wrapper around the verify user script # to handle extra details and close the database connection. try { #Includes the code for verifying the user require '/var/www/dboperations/verify_user.php'; #Retrieves a json object with the token for the user $verification_json = verify_user($username, $password, true); $verification_json['Operation'] = "Login"; #Encodes the object and returns it as a json object. echo json_encode($verification_json); #echo var_dump($verification_json); $db_connection = null; } catch (PDOException $except) { echo $except->getMessage() . "\n"; } catch (InvalidArgumentException $arg_except) { echo $arg_except->getMessage() . "\n"; }
case 'add_customer': include_once __DIR__ . '/customers/add_customer.php'; $responseArray['response'] = add_customer($values); $responseArray['message'] = 'Customer successfully added'; break; case 'update_customer': include_once __DIR__ . '/customers/update_customer.php'; $responseArray['response'] = update_customer($values); $responseArray['message'] = 'Customer updated.'; break; case 'get_customers': include_once __DIR__ . '/customers/get_customers.php'; $responseArray['response'] = get_customers($values); $responseArray['message'] = 'Customers successfully read'; break; case 'verify_user': include_once __DIR__ . '/customers/verify_user.php'; $responseArray['response'] = verify_user($values); $responseArray['message'] = 'User verified'; break; case "verify_admin": include_once __DIR__ . '/customers/verify_admin.php'; $responseArray['response'] = verify_admin($values); $responseArray['message'] = 'Admin verified'; break; default: throw new Exception("Unknown function: {$function}"); } $responseArray['status'] = 'success'; echo json_encode($responseArray); exit;
$rec = mysqli_query($con, $sql); $count = 0; while ($row = mysqli_fetch_object($rec)) { $count++; $result = $row; } if ($count == 1) { return 1; } else { return 0; } } /* Iniciar código para registrar un usario */ if (isset($_POST['register'])) { //Se vaerifica si el botón register fue presionado if (verify_user($_POST['user'], $result) == 1) { /* aquí entra si ya existe el usuario*/ echo "<script>alert('El usuario que ingreso no esta disponible.<br> Por favor ingrese otro.')</script>"; } else { /* aquí entra si el usuario no existe */ if (verify_email($_POST['email'], $result) == 1) { /* aquí entra si ya existe el usuario*/ echo "<script>alert('Ya existe un usuario con este email.<br> Por favor ingrese otro o recupera tu cuenta.')</script>"; } else { if ($_POST['pass'] == $_POST['pass2']) { /* si las contraseñas coinciden */ if ($_FILES['picture']["error"] > 0) { /* Cuando ocurre un error al guardar la imagen */ echo "<script>alert('Error al guardar imagen.');</script>"; } else { $permitidos = array("image/jpg", "image/jpeg", "image/gif", "image/png");
function docs() { if (isset($_POST['action'])) { $action = post('action'); if ($action == 'verify') { verify_user(post('uid')); } else { if ($action == 'unverify') { unverify_user(post('uid')); } else { throw new Error("unknown action", "unknown action: {$action}"); } } } show_docs_form(); if (isset($_GET['uid'])) { show_user_documents_for_user(get('uid')); } else { if (isset($_GET['verified_with_no_docs'])) { show_user_verified_with_no_documents(); } else { show_user_documents(); } } echo "<div class='content_box'>\n"; echo "<h3>Upload Docs for Users</h3>\n"; echo "<p><a href=\"?page=identity\">Upload more docs</a></p>\n"; echo "</div>\n"; }
<?php require_once __DIR__ . "/libs/Event.php"; require_once __DIR__ . "/libs/functions.php"; header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); if (isset($_GET["u"])) { if (verify_user($_GET["u"]) == true) { $json_string = file_get_contents("php://input"); Event::onMessage(json_decode($json_string, true), __DIR__ . "/libs/Services"); } else { echo '{"code":33406, "msg":"invalid tdid or u"}'; } } else { echo '{"code":33407, "msg":"miss param tdid or u"}'; }
# Author: Troy Riblett, troy.riblett@oit.edu # Created: 1/16/2016 # Last Modified: 1/23/2016 # # del_user # This php script removes the user from the database if their username # and password are successfully verified try { #includes the script for getting the db connection require '/var/www/dbconnection/Get_db_connection.php'; #Makes a call to a the get_db_connection that sets up the PDO connection $db_connection = DbConnection::get_instance()->get_db_connection(); #includes the code that is used to verify the user require 'verify_user'; #Gets the status of the attempt to verify the user $verification_status = verify_user($username, $password); $json_delete_status = array(); $json_delete_status['Operation'] = "Delete"; #If the verify_user function suceeded, remove the user if ($verification_status['verified'] = true) { #Creates the prepared statement to delete the user from the table $stmt_handle = $db_connection->prepare('Delete Biometrix.dbo.LoginTable Where Username = :name'); #Binds the username to the prepared statement $stmt_handle->bindValue(':name', $argv[1], PDO::PARAM_STR); $stmt_handle->execute(); $json_delete_status['Deleted'] = true; $json_delete_status['Verified'] = true; } else { $json_delete_status['Deleted'] = false; $json_delete_status['Verified'] = false; $json_delete_status['Error'] = "Account not found";