function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             if (isset($_POST['submit'])) {
                 $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
                 if (isset($_POST['_x_oldpass']) && $_POST['_x_oldpass'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
                     $config = (require_once __DIR__ . "/../../config/config.php");
                     if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                         $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                         if ($config['PASSWORD_SUGGESTION'] === "ON") {
                             $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                         }
                         return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
                     }
                     if ($_POST['pass'] !== $_POST['repass']) {
                         $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
                     }
                     try {
                         $userObj = phpsec\UserManagement::logIn($userID, $_POST['_x_oldpass']);
                         $userObj->resetPassword($_POST['_x_oldpass'], $_POST['pass']);
                         $this->info .= "Your password have been changed successfully." . "<BR>";
                     } catch (phpsec\WrongPasswordException $e) {
                         if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
                             try {
                                 new phpsec\AdvancedPasswordManagement($userID, $_POST['pass'], TRUE);
                             } catch (phpsec\BruteForceAttackDetectedException $ex) {
                                 \phpsec\User::lockAccount($userID);
                                 $this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
                             }
                         }
                         $this->error .= "Your old password does not seems correct. Please enter your old password for verification." . "<BR>";
                     }
                 } else {
                     $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 }
             }
         } else {
             $this->error .= "You are not logged-in. Please login to complete the operation." . "<BR>";
             $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
             header("Location: {$newLocation}");
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
 }
 function Handle($Request)
 {
     header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
     header("Pragma: no-cache");
     $userSession = new phpsec\Session();
     $sessionID = $userSession->existingSession();
     if ($sessionID != FALSE) {
         $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
         return require_once __DIR__ . "/../../view/default/user/index.php";
     } else {
         $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
         header("Location: {$newLocation}");
     }
 }
 function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             if (isset($_POST['submit'])) {
                 if (isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
                     $config = (require_once __DIR__ . "/../../config/config.php");
                     if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                         $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                         if ($config['PASSWORD_SUGGESTION'] === "ON") {
                             $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                         }
                         return require_once __DIR__ . "/../../view/default/user/newpassword.php";
                     }
                     if ($_POST['pass'] !== $_POST['repass']) {
                         $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/newpassword.php";
                     }
                     $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
                     if ($userID !== FALSE) {
                         $userObj = phpsec\UserManagement::forceLogIn($userID);
                         if ($userObj->forceResetPassword($_POST['pass'])) {
                             $this->info .= "Your Password has been changed successfully." . "<BR>";
                         } else {
                             $this->error .= "We encountered an error. Please re-try later!" . "<BR>";
                         }
                     } else {
                         $userSession->destroySession();
                         $this->error .= "Your session seems to be invalid. Cannot proceed!!" . "<BR>";
                     }
                 } else {
                     $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 }
             }
         } else {
             $this->error .= "Seems you should not be accessing this page!" . "<BR>";
             $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
             header("Location: {$newLocation}");
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/newpassword.php";
 }
 function Handle($Request)
 {
     try {
         if (isset($_POST['submit'])) {
             if (isset($_POST['user']) && isset($_POST['email']) && isset($_POST['pass']) && isset($_POST['repass'])) {
                 $config = (require_once __DIR__ . "/../../config/config.php");
                 if (phpsec\UserManagement::userExists($_POST['user'])) {
                     $this->error .= "ERROR: This username is not available. Please select a different one." . "<BR>";
                     if ($config['USERNAME_SUGGESTION'] === "ON") {
                         do {
                             $suggestedUsername = \phpsec\BasicPasswordManagement::generate(0.1);
                         } while (phpsec\UserManagement::userExists($suggestedUsername));
                         $this->info .= "This username is available: " . $suggestedUsername . "<BR>";
                     }
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 if (!preg_match('/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,63})$/', $_POST['email'])) {
                     $this->error .= "Invalid email address." . "<BR>";
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 if ($_POST['pass'] !== $_POST['repass']) {
                     $this->error .= "ERROR: Password fields do not match!" . "<BR>";
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
                     $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
                     if ($config['PASSWORD_SUGGESTION'] === "ON") {
                         $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
                     }
                     return require_once __DIR__ . "/../../view/default/user/signup.php";
                 }
                 phpsec\UserManagement::createUser($_POST['user'], $_POST['pass'], $_POST['email']);
                 $nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $_POST['email'];
                 header("Location: {$nextLocation}");
             } else {
                 $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
                 return require_once __DIR__ . "/../../view/default/user/signup.php";
             }
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
         return require_once __DIR__ . "/../../view/default/user/signup.php";
     }
     return require_once __DIR__ . "/../../view/default/user/signup.php";
 }
 function Handle($Request)
 {
     try {
         if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['verification']) && $_GET['verification'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) {
             if (phpsec\AdvancedPasswordManagement::tempPassword($_GET['user'], $_GET['verification'])) {
                 if ($_GET['mode'] === 'temppass') {
                     $userSession = new phpsec\Session();
                     $userSessionID = $userSession->newSession($_GET['user']);
                     $nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/requestnewpassword";
                     header("Location: {$nextLocation}");
                 } else {
                     if ($_GET['mode'] === 'activation') {
                         \phpsec\User::activateAccount($_GET['user']);
                         $this->info .= "Your account <b>" . $_GET['user'] . "</b> is now activated." . "<BR>";
                         require_once __DIR__ . "/../../view/default/user/temppass.php";
                     }
                 }
             } else {
                 $this->error .= "ERROR: This validation token does not match our records!!!" . "<BR>";
                 return require_once __DIR__ . "/../../view/default/user/temppass.php";
             }
         } else {
             if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['email']) && $_GET['email'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) {
                 $tempPass = phpsec\AdvancedPasswordManagement::tempPassword($_GET['user']);
                 $message = "Please open the following link in order to complete the process:\n";
                 $message .= \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=" . $_GET['mode'] . "&verification=" . $tempPass . "\n\n\n";
                 $message .= "Sometimes the email ends up in the Spam folder. So also please check your spam folder in case you didn't receive the email.\n\n";
                 $message .= "If you did nothing to get this email, just ignore it.\n";
                 $message = wordwrap($message, 70, "\r\n");
                 $send = \mail($_GET['email'], "Authentication Email", $message, "FROM: " . "*****@*****.**");
                 if (!$send) {
                     $this->error .= "ERROR: Mail was not send!" . "<BR>";
                 }
                 return require_once __DIR__ . "/../../view/default/user/temppass.php";
             } else {
                 return require_once __DIR__ . "/../../view/default/404.php";
             }
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
         return require_once __DIR__ . "/../../view/default/user/temppass.php";
     }
 }
 function Handle($Request)
 {
     try {
         if (isset($_POST['submit'])) {
             if (isset($_POST['email']) && $_POST['email'] != "") {
                 $userID = phpsec\User::getUserIDFromEmail($_POST['email']);
                 if ($userID !== FALSE) {
                     $nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=temppass" . "&email=" . $_POST['email'];
                     header("Location: {$nextLocation}");
                 } else {
                     $this->error .= "This email ID is not registered in our DB. Please enter the email you provided at the time of sign-up. Alternatively it might happen that multiple accounts are associated with this Email ID. For the time being only 1 email account is supported per userID." . "<BR>";
                 }
             } else {
                 $this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
             }
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/forgotpassword.php";
 }
 function Handle($Request)
 {
     try {
         $userSession = new phpsec\Session();
         $sessionID = $userSession->existingSession();
         if ($sessionID != FALSE) {
             $userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
             $userObj = phpsec\UserManagement::forceLogIn($userID);
             phpsec\UserManagement::logOut($userObj);
         } else {
             phpsec\User::deleteAuthenticationToken();
         }
         $this->info .= "You are now logged out." . "<BR>";
         $nextURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
         header("Location: {$nextURL}");
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
         $lastURL = $_SERVER['HTTP_REFERER'];
         header("Location: {$lastURL}");
     }
 }
 function Handle($Request)
 {
     try {
         $config = (require_once __DIR__ . "/../../config/config.php");
         $userID = \phpsec\User::checkRememberMe();
         if (!$userID) {
             if (isset($_POST['submit'])) {
                 if (isset($_POST['user']) && $_POST['user'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") {
                     try {
                         $userID = $_POST['user'];
                         $userObj = phpsec\UserManagement::logIn($_POST['user'], $_POST['pass']);
                     } catch (phpsec\WrongPasswordException $e) {
                         if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
                             try {
                                 new phpsec\AdvancedPasswordManagement($_POST['user'], $_POST['pass'], TRUE);
                             } catch (phpsec\BruteForceAttackDetectedException $ex) {
                                 \phpsec\User::lockAccount($_POST['user']);
                                 $this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
                             }
                         }
                         $this->error .= "Incorrect Username/Password combination!" . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/login.php";
                     } catch (phpsec\UserAccountInactive $e) {
                         $userEmail = phpsec\User::getPrimaryEmail($_POST['user']);
                         $activationLink = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $userEmail;
                         $this->error .= "ERROR: The account is inactive. Please activate your account by clicking <a href=\"{$activationLink}\">here</a>." . "<BR>";
                         return require_once __DIR__ . "/../../view/default/user/login.php";
                     }
                     if (isset($_POST['remember-me']) && $_POST['remember-me'] == "on") {
                         if (phpsec\HttpRequest::isHTTPS()) {
                             phpsec\User::enableRememberMe($_POST['user']);
                         } else {
                             phpsec\User::enableRememberMe($_POST['user'], FALSE, TRUE);
                         }
                     }
                 } else {
                     $this->error .= "Empty fields are not allowed. Please fill the required areas." . "<BR>";
                 }
             } else {
                 return require_once __DIR__ . "/../../view/default/user/login.php";
             }
         }
         $userSession = new phpsec\Session();
         try {
             $sessionID = $userSession->existingSession();
             if ($sessionID) {
                 $userSessionID = $userSession->rollSession();
             } else {
                 $userSessionID = $userSession->newSession($userID);
             }
             $userObj = phpsec\UserManagement::forceLogIn($userID);
             if ($userObj->isPasswordExpired()) {
                 $this->info .= "Its been too long since you have changed your password. For security reasons, please change your password." . "<BR>";
             }
             $url_to_redirect = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/user/index";
             header("HTTP/1.1 302 Found");
             header('Location: ' . $url_to_redirect);
         } catch (\phpsec\SessionExpired $e) {
             $this->error .= $e->getMessage() . "<BR>";
             phpsec\User::deleteAuthenticationToken();
         }
     } catch (Exception $e) {
         $this->error .= $e->getMessage() . "<BR>";
     }
     return require_once __DIR__ . "/../../view/default/user/login.php";
 }
Beispiel #9
0
						<td><input type="text" name="user" id="user" maxlength="32"></td>
					</tr>
					<tr name="pass-field" id="pass-field">
						<td><label>Password:</label></td>
						<td><input type="password" name="pass" id="pass" maxlength="32"></td>
					</tr>
					<tr name="remember-me-field" id="remember-me-field">
						<td><label>Remember Me:</label></td>
						<td><input type="checkbox" name="remember-me" id="remember-me"></td>
					</tr>
					<tr name="checkout-field" id="checkout-field">
						<td><input type="submit" name="submit" id="submit" value="Submit"></td>
						<td><input type="reset" name="reset" id="reset" value="Reset"></td>
					</tr>
				</table>
			</form>
		</div>

		<BR><a <?php 
$forgotpasswordURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/forgotpassword";
echo "href='{$forgotpasswordURL}'";
?>
 >Forgot Password</a> Click Here to recover your access to account in case you have forgot your password.

		<script type="text/javascript" <?php 
echo 'src="' . "http://localhost/rnj/framework/file/js/check.js" . '"';
?>
 ></script>
	</body>
</html>
Beispiel #10
0
<html>
	<head>
		<title>RNJ - Temporary Password</title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
		<link rel="stylesheet" type="text/css" <?php 
echo 'href="' . "http://localhost/rnj/framework/file/css/style.css" . '"';
?>
 />
	</head>

	<body>
		<?php 
include __DIR__ . "/../../default/include.php";
?>

		<div name="temp_pass-div" id="temp_pass-div">
		<p><h2>An e-mail has been sent to the email address you provided. Click on the link inside the email to complete this process.</h2></p>
		<p>If you have not received your email, please <a <?php 
$link = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=" . $_GET['mode'] . "&email=" . $_GET['email'];
echo "href='{$link}'";
?>
 >click this link</a> to resend the mail.</p>
		</div>
	</body>
</html>
Beispiel #11
0
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
		<link rel="stylesheet" type="text/css" <?php 
echo 'href="' . "http://localhost/rnj/framework/file/css/style.css" . '"';
?>
 />
	</head>

	<body>
		<?php 
include __DIR__ . "/../include.php";
?>
		Hello, <?php 
echo $userID;
?>
.<BR>
		This is the index page of the application. Once the user is logged in, this page is shown

		Click <a <?php 
$logoutURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/logout";
echo "href='{$logoutURL}'";
?>
 >here</a> to logout.
		<BR><BR><BR>
		Click <a <?php 
$passresetURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/passwordreset";
echo "href='{$passresetURL}'";
?>
 >here</a> to reset your password.
	</body>
</html>