echo "Successful Registration, Please Login."; }else{ echo "An account with these details already exists."; } }else if(isset($_GET['logout'])){ setcookie("username",""); setcookie("password",""); }else if(isset($_GET['createcharacter'])){ $charname = strip_tags($_GET['createcharacter']); $class = strip_tags($_GET['class']); $username = $_COOKIE['username']; $password = $_COOKIE['password']; $row = $mysql->query("select * from accounts where username = '******' and password = '******'",true); if($row['id'] == ""){ die('error'); } $row1 = $mysql->query("select * from players where account = ".$row['id']); if($mysql->num_rows($row1) == 3){ die('error'); } $mysql->query("insert into players (name,sprite,map,position,items,account)values('$charname',120,$start_map,'$start_position','','".$row['id']."')"); DoLogin($mysql,$username,$password); } function DoLogin($mysql,$username,$password){ $map = $mysql->query("select id from accounts where username = '******' and password = '******' and banned = 0"); if($mysql->num_rows($map) > 0){ while($row = $mysql->fetch_array($map)){ $userid = $row['id']; $map = $mysql->query("select * from players where account = $userid"); if($mysql->num_rows($map) > 0){ $count = 0; while($row2 = $mysql->fetch_array($map)){ echo '<table style="cursor:pointer;width:100%" onclick="InitiallyLoadPlayer('.$row2['id'].');" onmouseout="$(this).css(\'background-color\',\'transparent\')" onmouseover="$(this).css(\'background-color\',\'#FFFFFF\')"><tr><td width="32"><div style="width:32px;height:32px" id="charselectimg-'.$count.'"></div><div style="display:none" id="charselectsprite-'.$count.'">'.$row2['sprite'].'</div></td><td>'.$row2['name'].'</td></tr></table>'; $count++; } }else{ echo "No Characters."; }
function Login2() { global $txt, $scripturl, $user_info, $user_settings, $smcFunc; global $cookiename, $maintenance, $modSettings, $context, $sc, $sourcedir; // Load cookie authentication stuff. require_once $sourcedir . '/Subs-Auth.php'; if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest']) { if (isset($_COOKIE[$cookiename]) && preg_match('~^a:[34]:\\{i:0;(i:\\d{1,6}|s:[1-8]:"\\d{1,8}");i:1;s:(0|40):"([a-fA-F0-9]{40})?";i:2;[id]:\\d{1,14};(i:3;i:\\d;)?\\}$~', $_COOKIE[$cookiename]) === 1) { list(, , $timeout) = @unserialize($_COOKIE[$cookiename]); } elseif (isset($_SESSION['login_' . $cookiename])) { list(, , $timeout) = @unserialize($_SESSION['login_' . $cookiename]); } else { trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR); } $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($user_info['id'], array('password_salt' => $user_settings['password_salt'])); setLoginCookie($timeout - time(), $user_info['id'], sha1($user_settings['passwd'] . $user_settings['password_salt'])); redirectexit('action=login2;sa=check;member=' . $user_info['id'], $context['server']['needs_login_fix']); } elseif (isset($_GET['sa']) && $_GET['sa'] == 'check') { // Strike! You're outta there! if ($_GET['member'] != $user_info['id']) { fatal_lang_error('login_cookie_error', false); } // Some whitelisting for login_url... if (empty($_SESSION['login_url'])) { redirectexit(); } else { // Best not to clutter the session data too much... $temp = $_SESSION['login_url']; unset($_SESSION['login_url']); redirectexit($temp); } } // Beyond this point you are assumed to be a guest trying to login. if (!$user_info['is_guest']) { redirectexit(); } // Set the login_url if it's not already set (but careful not to send us to an attachment). if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0) { $_SESSION['login_url'] = $_SESSION['old_url']; } // Are you guessing with a script that doesn't keep the session id? spamProtection('login'); // Been guessing a lot, haven't we? if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) { fatal_lang_error('login_threshold_fail', 'critical'); } // Set up the cookie length. (if it's invalid, just fall through and use the default.) if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) { $modSettings['cookieTime'] = 3153600; } elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) { $modSettings['cookieTime'] = (int) $_POST['cookielength']; } loadLanguage('Login'); // Load the template stuff - wireless or normal. if (WIRELESS) { $context['sub_template'] = WIRELESS_PROTOCOL . '_login'; } else { loadTemplate('Login'); $context['sub_template'] = 'login'; } // Set up the default/fallback stuff. $context['default_username'] = isset($_REQUEST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_REQUEST['user'])) : ''; $context['default_password'] = ''; $context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600; $context['login_errors'] = array($txt['error_occured']); $context['page_title'] = $txt['login']; // Add the login chain to the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']); if (!empty($_REQUEST['openid_identifier']) && !empty($modSettings['enableOpenID'])) { require_once $sourcedir . '/Subs-OpenID.php'; return smf_openID_validate($_REQUEST['openid_identifier']); } // You forgot to type your username, dummy! if (!isset($_REQUEST['user']) || $_REQUEST['user'] == '') { $context['login_errors'] = array($txt['need_username']); return; } // Hmm... maybe 'admin' will login with no password. Uhh... NO! if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_REQUEST['hash_passwrd']) || strlen($_REQUEST['hash_passwrd']) != 40)) { $context['login_errors'] = array($txt['no_password']); return; } // No funky symbols either. if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_REQUEST['user'])) != 0) { $context['login_errors'] = array($txt['error_invalid_characters_username']); return; } // Are we using any sort of integration to validate the login? if (isset($modSettings['integrate_validate_login']) && is_callable($modSettings['integrate_validate_login'])) { if (call_user_func(strpos($modSettings['integrate_validate_login'], '::') === false ? $modSettings['integrate_validate_login'] : explode('::', $modSettings['integrate_validate_login']), $_REQUEST['user'], isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40 ? $_REQUEST['hash_passwrd'] : null, $modSettings['cookieTime']) == 'retry') { $context['login_errors'] = array($txt['login_hash_error']); $context['disable_login_hashing'] = true; return; } } // Load the data up! $request = $smcFunc['db_query']('', ' SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri, passwd_flood FROM {db_prefix}members WHERE ' . ($smcFunc['db_case_sensitive'] ? 'LOWER(member_name) = LOWER({string:user_name})' : 'member_name = {string:user_name}') . ' LIMIT 1', array('user_name' => $smcFunc['db_case_sensitive'] ? strtolower($_REQUEST['user']) : $_REQUEST['user'])); // Probably mistyped or their email, try it as an email address. (member_name first, though!) if ($smcFunc['db_num_rows']($request) == 0) { $smcFunc['db_free_result']($request); $request = $smcFunc['db_query']('', ' SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri, passwd_flood FROM {db_prefix}members WHERE email_address = {string:user_name} LIMIT 1', array('user_name' => $_REQUEST['user'])); // Let them try again, it didn't match anything... if ($smcFunc['db_num_rows']($request) == 0) { $context['login_errors'] = array($txt['username_no_exist']); return; } } $user_settings = $smcFunc['db_fetch_assoc']($request); $smcFunc['db_free_result']($request); // Figure out the password using SMF's encryption - if what they typed is right. if (isset($_REQUEST['hash_passwrd']) && strlen($_REQUEST['hash_passwrd']) == 40) { // Needs upgrading? if (strlen($user_settings['passwd']) != 40) { $context['login_errors'] = array($txt['login_hash_error']); $context['disable_login_hashing'] = true; unset($user_settings); return; } elseif ($_REQUEST['hash_passwrd'] == sha1($user_settings['passwd'] . $sc)) { $sha_passwd = $user_settings['passwd']; } else { // Don't allow this! validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']); $_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1; if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user'); $context['disable_login_hashing'] = true; $context['login_errors'] = array($txt['incorrect_password']); unset($user_settings); return; } } } else { $sha_passwd = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd'])); } // Bad password! Thought you could fool the database?! if ($user_settings['passwd'] != $sha_passwd) { // Let's be cautious, no hacking please. thanx. validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']); // Maybe we were too hasty... let's try some other authentication methods. $other_passwords = array(); // None of the below cases will be used most of the time (because the salt is normally set.) if ($user_settings['password_salt'] == '') { // YaBB SE, Discus, MD5 (used a lot), SHA-1 (used some), SMF 1.0.x, IkonBoard, and none at all. $other_passwords[] = crypt($_POST['passwrd'], substr($_POST['passwrd'], 0, 2)); $other_passwords[] = crypt($_POST['passwrd'], substr($user_settings['passwd'], 0, 2)); $other_passwords[] = md5($_POST['passwrd']); $other_passwords[] = sha1($_POST['passwrd']); $other_passwords[] = md5_hmac($_POST['passwrd'], strtolower($user_settings['member_name'])); $other_passwords[] = md5($_POST['passwrd'] . strtolower($user_settings['member_name'])); $other_passwords[] = $_POST['passwrd']; // This one is a strange one... MyPHP, crypt() on the MD5 hash. $other_passwords[] = crypt(md5($_POST['passwrd']), md5($_POST['passwrd'])); // Snitz style - SHA-256. Technically, this is a downgrade, but most PHP configurations don't support sha256 anyway. if (strlen($user_settings['passwd']) == 64 && function_exists('mhash') && defined('MHASH_SHA256')) { $other_passwords[] = bin2hex(mhash(MHASH_SHA256, $_POST['passwrd'])); } // phpBB3 users new hashing. We now support it as well ;). $other_passwords[] = phpBB3_password_check($_POST['passwrd'], $user_settings['passwd']); // APBoard 2 Login Method. $other_passwords[] = md5(crypt($_REQUEST['passwrd'], 'CRYPT_MD5')); } elseif (strlen($user_settings['passwd']) == 32) { // vBulletin 3 style hashing? Let's welcome them with open arms \o/. $other_passwords[] = md5(md5($_POST['passwrd']) . $user_settings['password_salt']); // Hmm.. p'raps it's Invision 2 style? $other_passwords[] = md5(md5($user_settings['password_salt']) . md5($_POST['passwrd'])); // Some common md5 ones. $other_passwords[] = md5($user_settings['password_salt'] . $_POST['passwrd']); $other_passwords[] = md5($_POST['passwrd'] . $user_settings['password_salt']); $other_passwords[] = md5($_POST['passwrd']); $other_passwords[] = md5(md5($_POST['passwrd'])); } elseif (strlen($user_settings['passwd']) == 40) { // Maybe they are using a hash from before the password fix. $other_passwords[] = sha1(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd'])); // BurningBoard3 style of hashing. $other_passwords[] = sha1($user_settings['password_salt'] . sha1($user_settings['password_salt'] . sha1($_REQUEST['passwrd']))); // Perhaps we converted to UTF-8 and have a valid password being hashed differently. if ($context['character_set'] == 'utf8' && !empty($modSettings['previousCharacterSet']) && $modSettings['previousCharacterSet'] != 'utf8') { // Try iconv first, for no particular reason. if (function_exists('iconv')) { $other_passwords['iconv'] = sha1(strtolower(iconv('UTF-8', $modSettings['previousCharacterSet'], $user_settings['member_name'])) . un_htmlspecialchars(iconv('UTF-8', $modSettings['previousCharacterSet'], $_POST['passwrd']))); } // Say it aint so, iconv failed! if (empty($other_passwords['iconv']) && function_exists('mb_convert_encoding')) { $other_passwords[] = sha1(strtolower(mb_convert_encoding($user_settings['member_name'], 'UTF-8', $modSettings['previousCharacterSet'])) . un_htmlspecialchars(mb_convert_encoding($_POST['passwrd'], 'UTF-8', $modSettings['previousCharacterSet']))); } } } // SMF's sha1 function can give a funny result on Linux (Not our fault!). If we've now got the real one let the old one be valid! if (strpos(strtolower(PHP_OS), 'win') !== 0) { require_once $sourcedir . '/Subs-Compat.php'; $other_passwords[] = sha1_smf(strtolower($user_settings['member_name']) . un_htmlspecialchars($_POST['passwrd'])); } // Whichever encryption it was using, let's make it use SMF's now ;). if (in_array($user_settings['passwd'], $other_passwords)) { $user_settings['passwd'] = $sha_passwd; $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); // Update the password and set up the hash. updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'])); } else { // They've messed up again - keep a count to see if they need a hand. $_SESSION['failed_login'] = @$_SESSION['failed_login'] + 1; // Hmm... don't remember it, do you? Here, try the password reminder ;). if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { // Log an error so we know that it didn't go well in the error log. log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user'); $context['login_errors'] = array($txt['incorrect_password']); return; } } } elseif (!empty($user_settings['passwd_flood'])) { // Let's be sure they wern't a little hacker. validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true); // If we got here then we can reset the flood counter. updateMemberData($user_settings['id_member'], array('passwd_flood' => '')); } // Correct password, but they've got no salt; fix it! if ($user_settings['password_salt'] == '') { $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt'])); } // Check their activation status. if (!checkActivation()) { return; } DoLogin(); }
function smf_openID_return() { global $smcFunc, $user_info, $user_profile, $sourcedir, $modSettings, $context, $sc, $user_settings; // Is OpenID even enabled? if (empty($modSettings['enableOpenID'])) { fatal_lang_error('no_access', false); } if (!isset($_GET['openid_mode'])) { fatal_lang_error('openid_return_no_mode', false); } // @todo Check for error status! if ($_GET['openid_mode'] != 'id_res') { fatal_lang_error('openid_not_resolved'); } // SMF has this annoying habit of removing the + from the base64 encoding. So lets put them back. foreach (array('openid_assoc_handle', 'openid_invalidate_handle', 'openid_sig', 'sf') as $key) { if (isset($_GET[$key])) { $_GET[$key] = str_replace(' ', '+', $_GET[$key]); } } // Did they tell us to remove any associations? if (!empty($_GET['openid_invalidate_handle'])) { smf_openid_removeAssociation($_GET['openid_invalidate_handle']); } $server_info = smf_openid_getServerInfo($_GET['openid_identity']); // Get the association data. $assoc = smf_openID_getAssociation($server_info['server'], $_GET['openid_assoc_handle'], true); if ($assoc === null) { fatal_lang_error('openid_no_assoc'); } $secret = base64_decode($assoc['secret']); $signed = explode(',', $_GET['openid_signed']); $verify_str = ''; foreach ($signed as $sign) { $verify_str .= $sign . ':' . strtr($_GET['openid_' . str_replace('.', '_', $sign)], array('&' => '&')) . "\n"; } $verify_str = base64_encode(sha1_hmac($verify_str, $secret)); if ($verify_str != $_GET['openid_sig']) { fatal_lang_error('openid_sig_invalid', 'critical'); } if (!isset($_SESSION['openid']['saved_data'][$_GET['t']])) { fatal_lang_error('openid_load_data'); } $openid_uri = $_SESSION['openid']['saved_data'][$_GET['t']]['openid_uri']; $modSettings['cookieTime'] = $_SESSION['openid']['saved_data'][$_GET['t']]['cookieTime']; if (empty($openid_uri)) { fatal_lang_error('openid_load_data'); } // Any save fields to restore? $context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array(); // Is there a user with this OpenID_uri? $result = $smcFunc['db_query']('', ' SELECT passwd, id_member, id_group, lngfile, is_activated, email_address, additional_groups, member_name, password_salt, openid_uri FROM {db_prefix}members WHERE openid_uri = {string:openid_uri}', array('openid_uri' => $openid_uri)); $member_found = $smcFunc['db_num_rows']($result); if (!$member_found && isset($_GET['sa']) && $_GET['sa'] == 'change_uri' && !empty($_SESSION['new_openid_uri']) && $_SESSION['new_openid_uri'] == $openid_uri) { // Update the member. updateMemberData($user_settings['id_member'], array('openid_uri' => $openid_uri)); unset($_SESSION['new_openid_uri']); $_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri); // Send them back to profile. redirectexit('action=profile;area=authentication;updated'); } elseif (!$member_found) { // Store the received openid info for the user when returned to the registration page. $_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri); if (isset($_GET['openid_sreg_nickname'])) { $_SESSION['openid']['nickname'] = $_GET['openid_sreg_nickname']; } if (isset($_GET['openid_sreg_email'])) { $_SESSION['openid']['email'] = $_GET['openid_sreg_email']; } if (isset($_GET['openid_sreg_dob'])) { $_SESSION['openid']['dob'] = $_GET['openid_sreg_dob']; } if (isset($_GET['openid_sreg_gender'])) { $_SESSION['openid']['gender'] = $_GET['openid_sreg_gender']; } // Were we just verifying the registration state? if (isset($_GET['sa']) && $_GET['sa'] == 'register2') { require_once $sourcedir . '/Register.php'; return Register2(true); } else { redirectexit('action=register'); } } elseif (isset($_GET['sa']) && $_GET['sa'] == 'revalidate' && $user_settings['openid_uri'] == $openid_uri) { $_SESSION['openid_revalidate_time'] = time(); // Restore the get data. require_once $sourcedir . '/Subs-Auth.php'; $_SESSION['openid']['saved_data'][$_GET['t']]['get']['openid_restore_post'] = $_GET['t']; $query_string = construct_query_string($_SESSION['openid']['saved_data'][$_GET['t']]['get']); redirectexit($query_string); } else { $user_settings = $smcFunc['db_fetch_assoc']($result); $smcFunc['db_free_result']($result); $user_settings['passwd'] = sha1(strtolower($user_settings['member_name']) . $secret); $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'])); // Cleanup on Aisle 5. $_SESSION['openid'] = array('verified' => true, 'openid_uri' => $openid_uri); require_once $sourcedir . '/LogInOut.php'; if (!checkActivation()) { return; } DoLogin(); } }
/** * Set session variables and permissions after login via Facebook * */ function AfterFBLogIn($pUsername, $pPassword) { global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cDisplayNameField, $globalEvents; $logged = false; $strUsername = (string) $pUsername; $sUsername = $strUsername; if (NeedQuotes($cUserNameFieldType)) { $strUsername = db_prepare_string($strUsername); } else { $strUsername = 0 + $strUsername; } $strSQL = "select * from " . AddTableWrappers("") . " where " . AddFieldWrappers($cUserNameField) . "=" . $strUsername . ""; $rs = db_query($strSQL, $conn); $data = db_fetch_array($rs); if ($data) { $logged = true; $pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername; DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword); SetAuthSessionData($pUsername, $data, true, $pPassword); } }
/** * Set session variables and permissions after login via Facebook * @intellisense */ function AfterFBLogIn($pUsername, $pPassword, &$pageObject = null) { global $cman, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cDisplayNameField, $globalEvents; $logged = false; $strUsername = (string) $pUsername; $sUsername = $strUsername; $connection = $cman->getForLogin(); if (NeedQuotes($cUserNameFieldType)) { $strUsername = $connection->prepareString($strUsername); } else { $strUsername = 0 + $strUsername; } $strSQL = "select * from " . $connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $connection->addFieldWrappers($cUserNameField) . "=" . $strUsername . ""; $data = $connection->query($strSQL)->fetchAssoc(); if (count($data)) { $logged = true; $pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername; DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword, $pageObject); SetAuthSessionData($pUsername, $data, true, $pPassword, $pageObject); } }
function CheckLogin($username, $password) { $validlogin = false; //if ($GLOBALS['cfg']['enablecas']){ // Debug(__FILE__, __LINE__,"Checking against CAS server"); // echo "Using CAS authentication<br>"; // $username = AuthenticateCASUser(); // exit(0); // if ($username != "") { // $validlogin = true; // } //} //else { if (AuthenticateUnixUser($username, $password) && !$GLOBALS['ispublic']) { Debug(__FILE__, __LINE__, "This is a Unix user account"); $validlogin = true; } else { Debug(__FILE__, __LINE__, "Not a unix user account"); if (AuthenticateStandardUser($username, $password)) { $validlogin = true; } else { return false; } } //} if ($validlogin) { DoLogin($username); return true; } }
} else { return ""; } } function Logout() { // destroy the session session_destroy(); return "Cierre De Sesion Existoso"; } $possible_url = array("session", "login", "logout"); $value = "An error has occurred"; if (isset($_GET["action"]) && in_array($_GET["action"], $possible_url)) { switch ($_GET["action"]) { case "session": $value = session(); break; case "logout": $value = Logout(); break; case "login": if (isset($_GET["id"])) { $value = DoLogin($_GET["id"]); } else { $value = "Missing argument"; } break; } } //return JSON array exit(json_encode($value));
if(mlang_getcurrentlang()=="") { } set_error_handler("connect_error_handler"); $conn = db_connect(); restore_error_handler(); if(!isLogged()) { $allowGuest = true; $scriptname = getFileNameFromURL(); if($allowGuest && $scriptname!="login.php" && $scriptname!="remind.php" && $scriptname!="register.php") { DoLogin(true); } } $isGroupSecurity = true; $isUseRTEBasic = true; $isUseRTECK = false; $isUseRTEInnova = false; $caseInsensitiveUsername = 0; include(getabspath('classes/projectsettings.php'));
/** * Login method * @param String pUsername * @param String pPassword */ function LogIn($pUsername, $pPassword) { // username and password are stored in the database global $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField; $logged = false; $strUsername = (string) $pUsername; $strPassword = (string) $pPassword; $loginSet = ProjectSettings::getForLogin(); $cipherer = RunnerCipherer::getForLogin($loginSet); $sUsername = $strUsername; $sPassword = $strPassword; if ($cipherer->isFieldEncrypted($cUserNameField)) { $strUsername = $cipherer->MakeDBValue($cUserNameField, $strUsername, "", true); } else { if (NeedQuotes($cUserNameFieldType)) { $strUsername = $this->connection->prepareString($strUsername); } else { $strUsername = 0 + $strUsername; } } if ($cipherer->isFieldEncrypted($cPasswordField)) { $strPassword = $cipherer->MakeDBValue($cPasswordField, $strPassword, "", true); } else { if (NeedQuotes($cPasswordFieldType)) { $strPassword = $this->connection->prepareString($strPassword); } else { $strPassword = 0 + $strPassword; } } if ($loginSet) { if (!$this->pSet->isCaseInsensitiveUsername()) { $where = $this->getFieldSQLDecrypt($cUserNameField) . "=" . $strUsername . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword; } else { $where = $this->connection->upper($this->getFieldSQLDecrypt($cUserNameField)) . "=" . $this->pSet->getCaseSensitiveUsername($strUsername) . " and " . $this->getFieldSQLDecrypt($cPasswordField) . "=" . $strPassword; } $tempSQLQuery = $loginSet->GetTableData(".sqlquery"); $tempSQLQuery->addWhere($where); $tempSQLQuery->addWhere($this->connection->addFieldWrappers("active1") . "=1"); $strSQL = $tempSQLQuery->toSql(); } else { $strSQL = "select * from " . $this->connection->addTableWrappers("ConsolidatedStockEnquiry_users") . " where " . $this->connection->addFieldWrappers($cUserNameField) . "=" . $strUsername . " and " . $this->connection->addFieldWrappers($cPasswordField) . "=" . $strPassword; $strSQL .= " and " . $this->connection->addFieldWrappers("active1") . "=1"; } $data = $cipherer->DecryptFetchedArray($this->connection->query($strSQL)->fetchAssoc()); if ($data) { if ($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField]) == $this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField] == $sPassword) { $logged = true; $pDisplayUsername = $data[$cDisplayNameField] != '' ? $data[$cDisplayNameField] : $sUsername; } } if ($logged && $this->isCaptchaOk) { DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword, $this); SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword, $this); return true; } if ($this->auditObj) { $this->auditObj->LogLoginFailed($pUsername); $this->auditObj->LoginUnsuccessful($pUsername); } return false; }
$action = GetVariable("action"); /* edit variables */ $username = GetVariable("username"); $password = GetVariable("password"); //$persistent = GetVariable("persistent"); /* database connection */ $link = mysql_connect($GLOBALS['cfg']['mysqlhost'],$GLOBALS['cfg']['mysqluser'],$GLOBALS['cfg']['mysqlpassword']) or die ("Could not connect: " . mysql_error()); mysql_select_db($GLOBALS['cfg']['mysqldatabase']) or die ("Could not select database<br>"); /* ----- determine which action to take ----- */ if ($action == "login") { if (!DoLogin($username, $password)) DisplayLogin("Incorrect login. Make sure Caps Lock is not on"); else { header("Location: index.php"); } } elseif ($action =="logout") { DoLogout(); DisplayLogin("You have been logged out"); } else { DisplayLogin(""); } /* -------------------------------------------- */
/** * Login method * */ function LogIn($pUsername,$pPassword){ // username and password are stored in the database global $conn, $cUserNameFieldType, $cPasswordFieldType, $cUserNameField, $cPasswordField, $cDisplayNameField; $logged = false; $strUsername = (string)$pUsername; $strPassword = (string)$pPassword; $cipherer = new RunnerCipherer("webreport_users"); $sUsername = $strUsername; $sPassword = $strPassword; if($cipherer->isFieldEncrypted($cUserNameField)) $strUsername = $cipherer->MakeDBValue($cUserNameField,$strUsername,"","",true); else { if(NeedQuotes($cUserNameFieldType)) $strUsername = db_prepare_string($strUsername); else $strUsername = (0+$strUsername); } if($cipherer->isFieldEncrypted($cPasswordField)) $strPassword = $cipherer->MakeDBValue($cPasswordField,$strPassword,"","",true); else { if(NeedQuotes($cPasswordFieldType)) $strPassword = db_prepare_string($strPassword); else $strPassword = (0+$strPassword); } $fieldList = ""; $lSet = new ProjectSettings("webreport_users", PAGE_LIST); if($lSet->GetTableData(".sqlquery")) $fieldList = $lSet->GetTableData(".sqlquery")->toSql(); if($fieldList) { if(!$this->pSet->isCaseInsensitiveUsername()) { $where = AddTableWrappers(GetFullFieldName($cUserNameField,"webreport_users",false)). "=".$strUsername." and ".AddTableWrappers(GetFullFieldName($cPasswordField,"webreport_users",false))."=".$strPassword; } else { $where = db_upper(getFullFieldName($cUserNameField,"webreport_users",false)). "=".$this->pSet->getCaseSensitiveUsername($strUsername)." and ".GetFullFieldName($cPasswordField,"webreport_users",false). "=".$strPassword; } $tempSQLQuery = $lSet->GetTableData(".sqlquery"); $tempSQLQuery->addWhere($where); $strSQL = $tempSQLQuery->toSql(); } else { $strSQL = "select * from ".AddTableWrappers("webreport_users")." where ".AddFieldWrappers($cUserNameField)."=".$strUsername." and ".AddFieldWrappers($cPasswordField)."=".$strPassword; } $rs = db_query($strSQL,$conn); $data = $cipherer->DecryptFetchedArray($rs); if($data){ if($this->pSet->getCaseSensitiveUsername(@$data[$cUserNameField])==$this->pSet->getCaseSensitiveUsername($sUsername) && @$data[$cPasswordField]==$sPassword){ $logged=true; $pDisplayUsername = $data[$cDisplayNameField]!='' ? $data[$cDisplayNameField] : $sUsername; } } if($logged && $this->isCaptchaOk) { DoLogin(false, $pUsername, $pDisplayUsername, "", ACCESS_LEVEL_USER, $pPassword); SetAuthSessionData($pUsername, $data, $this->fromFacebook, $pPassword); return true; } else { if($this->auditObj) { $this->auditObj->LogLoginFailed($pUsername); $this->auditObj->LoginUnsuccessful($pUsername); } return false; } }