function login() { $login = db_escape_string($_REQUEST["user"]); $password = $_REQUEST["password"]; $password_base64 = base64_decode($_REQUEST["password"]); if (SINGLE_USER_MODE) { $login = "******"; } $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '******'"); if (db_num_rows($result) != 0) { $uid = db_fetch_result($result, 0, "id"); } else { $uid = 0; } if (!$uid) { print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); return; } if (get_pref($this->link, "ENABLE_API_ACCESS", $uid)) { if (authenticate_user($this->link, $login, $password)) { // try login with normal password print $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { if (authenticate_user($this->link, $login, $password_base64)) { // else try with base64_decoded password print $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { // else we are not logged in print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); } } } else { print $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED")); } }
private function auth($username, $password) { global $config; $login_ok = false; if (!empty($username) && !empty($password)) { $attributes = array(); $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); if (authenticate_user($username, $password, $authcfg, $attributes) || authenticate_user($username, $password)) { $login_ok = true; } } if (!$login_ok) { log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr); require_once "XML/RPC2/Exception.php"; throw new XML_RPC2_FaultException(gettext('Authentication failed: Invalid username or password'), -1); } $user_entry = getUserEntry($username); /* * admin (uid = 0) is allowed * or regular user with necessary privilege */ if (isset($user_entry['uid']) && $user_entry['uid'] != '0' && !userHasPrivilege($user_entry, 'system-xmlrpc-ha-sync')) { log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr . " not enough privileges"); require_once "XML/RPC2/Exception.php"; throw new XML_RPC2_FaultException(gettext('Authentication failed: not enough privileges'), -2); } return; }
function before($route = array()) { #print_r($route); exit; #inspect the $route array, looking at various options that may have been passed in if (@$route['options']['authenticate']) { authenticate_user() or halt("Access denied"); } if (@$route['options']['validation_function']) { call_if_exists($route['options']['validation_function'], params()) or halt("Woops! Params did not pass validation"); } }
/** * do a basic authentication, uses $_SERVER['HTTP_AUTHORIZATION'] to validate user. * @param $http_auth_header http_authorization header content * @return bool */ function http_basic_auth($http_auth_header) { $tags = explode(" ", $http_auth_header); if (count($tags) >= 2) { $userinfo = explode(":", base64_decode($tags[1])); if (count($userinfo) >= 2) { return authenticate_user($userinfo[0], $userinfo[1]); } } // not authenticated return false; }
function login() { @session_destroy(); @session_start(); $login = $this->dbh->escape_string($_REQUEST["user"]); $password = $_REQUEST["password"]; $password_base64 = base64_decode($_REQUEST["password"]); if (SINGLE_USER_MODE) { $login = "******"; } $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '******'"); if ($this->dbh->num_rows($result) != 0) { $uid = $this->dbh->fetch_result($result, 0, "id"); } else { $uid = 0; } if (!$uid) { $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); return; } if (get_pref("ENABLE_API_ACCESS", $uid)) { if (authenticate_user($login, $password)) { // try login with normal password $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { // else we are not logged in user_error("Failed login attempt for {$login} from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); } } } else { $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED")); } }
/** function used to change the password for the customer portal * @param array $input_array - array which contains the following values => int $id - customer id int $sessionid - session id string $username - customer name string $password - new password to change * return array $list - returns array with all the customer details */ function change_password($input_array) { global $adb, $log; $log->debug("Entering customer portal function change_password"); $adb->println($input_array); $id = (int) $input_array['id']; $sessionid = $input_array['sessionid']; $username = $input_array['username']; $password = $input_array['password']; $version = $input_array['version']; if (!validateSession($id, $sessionid)) { return null; } $list = authenticate_user($username, $password, $version, 'false'); if (!empty($list[0]['id'])) { return array('MORE_THAN_ONE_USER'); } $sql = "update vtiger_portalinfo set user_password=? where id=? and user_name=?"; $result = $adb->pquery($sql, array($password, $id, $username)); $log->debug("Exiting customer portal function change_password"); return $list; }
function get_templates($r) { xml_start_tag("get_templates"); $app_name = (string) $r->app_name; if ($app_name) { $app = get_submit_app($app_name); } else { $job_name = (string) $r->job_name; $wu = get_wu($job_name); $app = BoincApp::lookup_id($wu->appid); } list($user, $user_submit) = authenticate_user($r, $app); $in = file_get_contents(project_dir() . "/templates/" . $app->name . "_in"); $out = file_get_contents(project_dir() . "/templates/" . $app->name . "_out"); if ($in === false || $out === false) { xml_error(-1, "template file missing"); } echo "<templates>\n{$in}\n{$out}\n</templates>\n </get_templates>\n "; }
case "delete-connection": $ids = db_escape_string($_REQUEST["ids"]); db_query($link, "DELETE FROM ttirc_connections WHERE\n\t\t\tid IN ({$ids}) AND status = 0 AND owner_uid = " . $_SESSION["uid"]); print_connections($link); break; case "create-connection": $title = db_escape_string(trim($_REQUEST["title"])); if ($title) { db_query($link, "INSERT INTO ttirc_connections (enabled, title, owner_uid)\n\t\t\t\tVALUES ('false', '{$title}', '" . $_SESSION["uid"] . "')"); } print_connections($link); break; case "fetch-profiles": $login = db_escape_string($_REQUEST["login"]); $password = db_escape_string($_REQUEST["password"]); if (authenticate_user($link, $login, $password)) { $result = db_query($link, "SELECT * FROM ttirc_settings_profiles\n\t\t\t\t\tWHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title"); print "<select style='width: 100%' name='profile'>"; print "<option value='0'>" . __("Default profile") . "</option>"; while ($line = db_fetch_assoc($result)) { $id = $line["id"]; $title = $line["title"]; print "<option value='{$id}'>{$title}</option>"; } print "</select>"; $_SESSION = array(); } break; case "toggle-connection": $connection_id = (int) db_escape_string($_REQUEST["connection_id"]); $status = bool_to_sql_bool(db_escape_string($_REQUEST["set_enabled"]));
?> </div> <div class="button"> <p><a href ="user.php">Member Area</a></p> </div> <div class="button"> <p><a href ="admin.php">Admin Area</a></p> </div> </header> <?php // Authenticate user authenticate_user(100); ?> <article style="color:#FFFFFF;"> <p> <!-- <center><img src="logo_big.png"></center> Insert Main Logo here --> <hr/> <center><h1>Member Area</h1></center> <hr/> <p> <div class="box"> <p> Hello, user! Welcome to the user area of this site. </p> </div>
##|-PRIV require "guiconfig.inc"; require_once "radius.inc"; if ($_POST) { $pconfig = $_POST; unset($input_errors); $authcfg = auth_get_authserver($_POST['authmode']); if (!$authcfg) { $input_errors[] = $_POST['authmode'] . " " . gettext("is not a valid authentication server"); } if (empty($_POST['username']) || empty($_POST['password'])) { $input_errors[] = gettext("A username and password must be specified."); } if (!$input_errors) { $attributes = array(); if (authenticate_user($_POST['username'], $_POST['password'], $authcfg, $attributes)) { $savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully."); $groups = getUserGroups($_POST['username'], $authcfg, $attributes); $savemsg .= " " . gettext("This user is a member of groups") . ": <br />"; $savemsg .= "<ul>"; foreach ($groups as $group) { $savemsg .= "<li>" . "{$group} " . "</li>"; } $savemsg .= "</ul>"; } else { $input_errors[] = gettext("Authentication failed."); } } } else { if (isset($config['system']['webgui']['authmode'])) { $pconfig['authmode'] = $config['system']['webgui']['authmode'];
// for($i=0;$i<sizeof($options);$i++): // echo $options[$i]; // endfor; // die(); $d = editSingleMultipleChoiceQuest($qID, $diff, $isMultiple, $quest, $correct, $options, $correctID, $optionalID); echo $d; // unset($_SESSION['optIDS']); // unset($_SESSION['corrIDS']); } if (isset($_POST['loginPassword'])) { if (!isset($_POST['loginUsername'])) { echo "Please fill out the form!"; header("Location: ../HTML/login.php"); } //Assign values to variables $username = $_POST['loginUsername']; $password = $_POST['loginPassword']; $q = authenticate_user($username, $password); // header("Location: ../HTML/login.php"); //Create our session variables that will be used for validation, etc. $_SESSION['user_type'] = $q['user_type']; $_SESSION['user_ID'] = $q['user_ID']; $_SESSION['vKey'] = $q['vKey']; header("Location: ../HTML/login.php"); } //Delete multiple choice question if (isset($_POST['delete_qID'])) { $qID = $_POST['delete_qID']; $q = deleteMultipleChoiceQuestion($qID); echo $q; }
syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n"); closelog(); exit(1); } if (!is_array($authmodes)) { syslog(LOG_WARNING, "No authentication server has been selected to authenticate against. Denying authentication for user {$username}"); closelog(); exit(1); } $attributes = array(); foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); if (!$authcfg && $authmode != "local") { continue; } $authenticated = authenticate_user($username, $password, $authcfg); if ($authenticated == true) { break; } } if ($authenticated == false) { syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n"); closelog(); exit(-1); } if (empty($common_name)) { $common_name = getenv("common_name"); if (empty($common_name)) { $common_name = getenv("username"); } }
<?php include 'system_load.php'; //Including this file we load system. //user Authentication. authenticate_user('admin'); //user level object $new_userlevel = new Userlevel(); //installation form processing when submits. if (isset($_POST['settings_submit']) && $_POST['settings_submit'] == 'Yes') { //validation to check if fields are empty! if ($_POST['site_url'] == '') { $message = $language['site_url_empty']; } else { if ($_POST['email_from'] == '') { $message = $language['email_from_required']; } else { if ($_POST['email_to'] == '') { $message = $language['reply_cannot_empty']; } else { //adding site url set_option('site_url', $_POST['site_url']); set_option('site_name', $_POST['site_name']); set_option('email_from', $_POST['email_from']); set_option('email_to', $_POST['email_to']); set_option('public_key', $_POST['public_key']); set_option('private_key', $_POST['private_key']); set_option('redirect_on_logout', $_POST['redirect_on_logout']); set_option('language', $_POST['language']); set_option('skin', $_POST['skin']); set_option('maximum_login_attempts', $_POST['maximum_login_attempts']);
header("Location: index.php"); exit; } else { if ($_REQUEST['state'] == "login_screen") { // LOGIN SCREEN $smarty->display('header.tpl'); require 'src/login_screen.php'; $smarty->display('footer.tpl'); exit; } else { if ($_REQUEST['state'] == "login") { // LOGIN if (!isset($_REQUEST['mode'])) { $auth = "FALSE"; if (isset($_REQUEST['email']) && isset($_REQUEST['password'])) { $auth = authenticate_user($_REQUEST['email'], $_REQUEST['password']); } else { set_msg_err("Error: You must supply a username and password"); header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID); exit; } if ($auth == "TRUE") { header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID . "&state=logged_in"); exit; } else { set_msg_err("Error signing on: incorrect email address or password<p><a href=" . $_SERVER['PHP_SELF'] . "?" . SID . "&state=help>forgot your password?</a>"); header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID); exit; } } else { // Make sure they are logged in
require_once "config.php"; require_once "db.php"; require_once "db-prefs.php"; no_cache_incantation(); startup_gettext(); $script_started = getmicrotime(); $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); if (!init_connection($link)) { return; } header("Content-Type: text/plain; charset=utf-8"); if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) { ob_start("ob_gzhandler"); } if (SINGLE_USER_MODE) { authenticate_user($link, "admin", null); } $purge_intervals = array(0 => __("Use default"), -1 => __("Never purge"), 5 => __("1 week old"), 14 => __("2 weeks old"), 31 => __("1 month old"), 60 => __("2 months old"), 90 => __("3 months old")); $update_intervals = array(0 => __("Default interval"), -1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly")); $update_intervals_nodefault = array(-1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly")); $update_methods = array(0 => __("Default"), 1 => __("Magpie"), 2 => __("SimplePie")); if (DEFAULT_UPDATE_METHOD == "1") { $update_methods[0] .= ' (SimplePie)'; } else { $update_methods[0] .= ' (Magpie)'; } $access_level_names = array(0 => __("User"), 5 => __("Power User"), 10 => __("Administrator")); #$error = sanity_check($link); #if ($error['code'] != 0 && $op != "logout") { # print json_encode(array("error" => $error)); # return;
function login() { $_SESSION["prefs_cache"] = array(); if (!SINGLE_USER_MODE) { $login = db_escape_string($_POST["login"]); $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; if (authenticate_user($this->link, $login, $password)) { $_POST["password"] = ""; $_SESSION["language"] = $_POST["language"]; $_SESSION["ref_schema_version"] = get_schema_version($this->link, true); $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; if ($_POST["profile"]) { $profile = db_escape_string($_POST["profile"]); $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($result) != 0) { $_SESSION["profile"] = $profile; $_SESSION["prefs_cache"] = array(); } } } else { $_SESSION["login_error_msg"] = __("Incorrect username or password"); } if ($_REQUEST['return']) { header("Location: " . $_REQUEST['return']); } else { header("Location: " . SELF_URL_PATH); } } }
require_once "sessions.php"; require_once "functions.php"; require_once "config.php"; require_once "db.php"; require_once "db-prefs.php"; startup_gettext(); $script_started = microtime(true); if (!init_plugins()) { return; } header("Content-Type: text/json; charset=utf-8"); if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) { ob_start("ob_gzhandler"); } if (SINGLE_USER_MODE) { authenticate_user("admin", null); } if ($_SESSION["uid"]) { if (!validate_session()) { header("Content-Type: text/json"); print error_json(6); return; } load_user_plugins($_SESSION["uid"]); } $purge_intervals = array(0 => __("Use default"), -1 => __("Never purge"), 5 => __("1 week old"), 14 => __("2 weeks old"), 31 => __("1 month old"), 60 => __("2 months old"), 90 => __("3 months old")); $update_intervals = array(0 => __("Default interval"), -1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly")); $update_intervals_nodefault = array(-1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly")); $access_level_names = array(0 => __("User"), 5 => __("Power User"), 10 => __("Administrator")); $op = str_replace("-", "_", $op); $override = PluginHost::getInstance()->lookup_handler($op, $method);
function upload_files($r) { xml_start_tag("upload_files"); list($user, $user_submit) = authenticate_user($r, null); $fanout = parse_config(get_config(), "<uldl_dir_fanout>"); $delete_time = (int) $r->delete_time; $batch_id = (int) $r->batch_id; //print_r($_FILES); $i = 0; foreach ($r->md5 as $f) { $md5 = (string) $f; $name = "file_{$i}"; $tmp_name = $_FILES[$name]['tmp_name']; if (!is_uploaded_file($tmp_name)) { xml_error(-1, "{$tmp_name} is not an uploaded file"); } $fname = job_file_name($md5); $path = dir_hier_path($fname, project_dir() . "/download", $fanout); rename($tmp_name, $path); $now = time(); $jf_id = BoincJobFile::insert("(md5, create_time, delete_time) values ('{$md5}', {$now}, {$delete_time})"); if (!$jf_id) { xml_error(-1, "upload_files(): BoincJobFile::insert({$md5}) failed: " . BoincDb::error()); } if ($batch_id) { BoincBatchFileAssoc::insert("(batch_id, job_file_id) values ({$batch_id}, {$jf_id})"); } $i++; } echo "<success/>\n </upload_files>\n "; }
/** function used to change the password for the customer portal * @param array $input_array - array which contains the following values => int $id - customer id int $sessionid - session id string $username - customer name string $password - new password to change * return array $list - returns array with all the customer details */ function change_password($input_array) { $adb = PearDatabase::getInstance(); $log = vglobal('log'); $log->debug("Entering customer portal function change_password"); $adb->println($input_array); $id = (int) $input_array['id']; $sessionid = $input_array['sessionid']; $userName = $input_array['username']; $old_password = $input_array['old_password']; $newPassword = $input_array['new_password']; $version = $input_array['version']; if (!validateSession($id, $sessionid)) { return null; } $list = authenticate_user($userName, $old_password, $version, 'false'); if (!empty($list[0]['id'])) { $newPassword = CustomerPortalPassword::encryptPassword($newPassword, $userName); $sql = "update vtiger_portalinfo set user_password=? where id=? and user_name=?"; $result = $adb->pquery($sql, array($newPassword, $id, $userName)); $list = array('LBL_PASSWORD_CHANGED'); } $log->debug("Exiting customer portal function change_password"); return $list; }
function login() { if (!SINGLE_USER_MODE) { $login = $this->dbh->escape_string($_POST["login"]); $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; if ($remember_me) { session_set_cookie_params(SESSION_COOKIE_LIFETIME); } else { session_set_cookie_params(0); } @session_start(); if (authenticate_user($login, $password)) { $_POST["password"] = ""; if (get_schema_version() >= 120) { $_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]); } $_SESSION["ref_schema_version"] = get_schema_version(true); $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; if ($_POST["profile"]) { $profile = $this->dbh->escape_string($_POST["profile"]); $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]); if ($this->dbh->num_rows($result) != 0) { $_SESSION["profile"] = $profile; } } } else { $_SESSION["login_error_msg"] = __("Incorrect username or password"); user_error("Failed login attempt from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING); } if ($_REQUEST['return']) { header("Location: " . $_REQUEST['return']); } else { header("Location: " . SELF_URL_PATH); } } }
function login_sequence($link, $login_form = 0) { $_SESSION["prefs_cache"] = false; if (SINGLE_USER_MODE) { authenticate_user($link, "admin", null); cache_prefs($link); load_user_plugins($link, $_SESSION["uid"]); } else { if (!$_SESSION["uid"] || !validate_session($link)) { if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) { $_SESSION["ref_schema_version"] = get_schema_version($link, true); } else { authenticate_user($link, null, null, true); } if (!$_SESSION["uid"]) { render_login_form($link, $login_form); } } else { /* bump login timestamp */ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); } if ($_SESSION["uid"] && $_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) { setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME); } if ($_SESSION["uid"]) { cache_prefs($link); load_user_plugins($link, $_SESSION["uid"]); } } }
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * */ require_once "config.inc"; require_once "auth.inc"; openlog("squid", LOG_ODELAY, LOG_AUTH); $f = fopen("php://stdin", "r"); while ($line = fgets($f)) { $fields = explode(' ', trim($line)); $username = rawurldecode($fields[0]); $password = rawurldecode($fields[1]); if (authenticate_user($username, $password)) { $user = getUserEntry($username); if (is_array($user) && userHasPrivilege($user, "user-proxy-auth")) { syslog(LOG_NOTICE, "user '{$username}' authenticated\n"); fwrite(STDOUT, "OK\n"); } else { syslog(LOG_WARNING, "user '{$username}' cannot authenticate for squid because of missing user-proxy-auth role"); fwrite(STDOUT, "ERR\n"); } } else { syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n"); fwrite(STDOUT, "ERR\n"); } } closelog();
commented - show threads ordered by when they were first commented, giving information about the original comment. -----------------------------------------------------------------------------*/ define('LUNA_QUIET_VISIT', 1); if (!defined('LUNA_ROOT')) { define('LUNA_ROOT', dirname(__FILE__) . '/'); } require LUNA_ROOT . 'include/common.php'; // The length at which thread subjects will be truncated (for HTML output) if (!defined('LUNA_EXTERN_MAX_SUBJECT_LENGTH')) { define('LUNA_EXTERN_MAX_SUBJECT_LENGTH', 30); } // If we're a guest and we've sent a username/pass, we can try to authenticate using those details if ($luna_user['is_guest'] && isset($_SERVER['PHP_AUTH_USER'])) { authenticate_user($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); } if ($luna_user['g_read_board'] == '0') { http_authenticate_user(); exit(__('You do not have permission to view this page.', 'luna')); } $action = isset($_GET['action']) ? strtolower($_GET['action']) : 'feed'; // Handle a couple old formats, from FluxBB 1.2 switch ($action) { case 'active': $action = 'feed'; $_GET['order'] = 'last_comment'; break; case 'new': $action = 'feed'; $_GET['order'] = 'commented';
?> </div> <div class="button"> <p><a href ="user.php">Member Area</a></p> </div> <div class="button"> <p><a href ="admin.php">Admin Area</a></p> </div> </header> <?php // Authenticate user authenticate_user(900); ?> <article style="color:#FFFFFF;"> <p> <!-- <center><img src="logo_big.png"></center> Insert Main Logo here --> <hr/> <center><h1>Admin Lounge</h1></center> <hr/> <p> <div class="box"> <p> Hello, admin! Welcome to the elite admin area of the site, where no user peasants may roam. </p> </div>
function login_sequence() { if (SINGLE_USER_MODE) { @session_start(); authenticate_user("admin", null); startup_gettext(); load_user_plugins($_SESSION["uid"]); } else { if (!validate_session()) { $_SESSION["uid"] = false; } if (!$_SESSION["uid"]) { if (AUTH_AUTO_LOGIN && authenticate_user(null, null)) { $_SESSION["ref_schema_version"] = get_schema_version(true); } else { authenticate_user(null, null, true); } if (!$_SESSION["uid"]) { @session_destroy(); setcookie(session_name(), '', time() - 42000, '/'); render_login_form(); exit; } } else { /* bump login timestamp */ db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["last_login_update"] = time(); } if ($_SESSION["uid"]) { startup_gettext(); load_user_plugins($_SESSION["uid"]); /* cleanup ccache */ db_query("DELETE FROM ttrss_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feeds WHERE\n\t\t\t\t\t\t\tttrss_feeds.id = feed_id) = 0"); db_query("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feed_categories WHERE\n\t\t\t\t\t\t\tttrss_feed_categories.id = feed_id) = 0"); } } }
function cookie_login(&$forum_user) { global $forum_db, $db_type, $forum_config, $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $forum_time_formats, $forum_date_formats; $now = time(); $expire = $now + 1209600; // The cookie expires after 14 days // We assume it's a guest $cookie = array('user_id' => 1, 'password_hash' => 'Guest', 'expiration_time' => 0, 'expire_hash' => 'Guest'); $return = ($hook = get_hook('fn_cookie_login_start')) ? eval($hook) : null; if ($return != null) { return; } // If a cookie is set, we get the user_id and password hash from it if (!empty($_COOKIE[$cookie_name])) { $cookie_data = explode('|', base64_decode($_COOKIE[$cookie_name])); if (!empty($cookie_data) && count($cookie_data) == 4) { list($cookie['user_id'], $cookie['password_hash'], $cookie['expiration_time'], $cookie['expire_hash']) = $cookie_data; } } ($hook = get_hook('fn_cookie_login_fetch_cookie')) ? eval($hook) : null; // If this a cookie for a logged in user and it shouldn't have already expired if (intval($cookie['user_id']) > 1 && intval($cookie['expiration_time']) > $now) { authenticate_user(intval($cookie['user_id']), $cookie['password_hash'], true); // We now validate the cookie hash if ($cookie['expire_hash'] !== sha1($forum_user['salt'] . $forum_user['password'] . forum_hash(intval($cookie['expiration_time']), $forum_user['salt']))) { set_default_user(); } // If we got back the default user, the login failed if ($forum_user['id'] == '1') { forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire); return; } // Send a new, updated cookie with a new expiration timestamp $expire = intval($cookie['expiration_time']) > $now + $forum_config['o_timeout_visit'] ? $now + 1209600 : $now + $forum_config['o_timeout_visit']; forum_setcookie($cookie_name, base64_encode($forum_user['id'] . '|' . $forum_user['password'] . '|' . $expire . '|' . sha1($forum_user['salt'] . $forum_user['password'] . forum_hash($expire, $forum_user['salt']))), $expire); // Set a default language if the user selected language no longer exists if (!file_exists(FORUM_ROOT . 'lang/' . $forum_user['language'] . '/common.php')) { $forum_user['language'] = $forum_config['o_default_lang']; } // Set a default style if the user selected style no longer exists if (!file_exists(FORUM_ROOT . 'style/' . $forum_user['style'] . '/' . $forum_user['style'] . '.php')) { $forum_user['style'] = $forum_config['o_default_style']; } if (!$forum_user['disp_topics']) { $forum_user['disp_topics'] = $forum_config['o_disp_topics_default']; } if (!$forum_user['disp_posts']) { $forum_user['disp_posts'] = $forum_config['o_disp_posts_default']; } // Check user has a valid date and time format if (!isset($forum_time_formats[$forum_user['time_format']])) { $forum_user['time_format'] = 0; } if (!isset($forum_date_formats[$forum_user['date_format']])) { $forum_user['date_format'] = 0; } // Define this if you want this visit to affect the online list and the users last visit data if (!defined('FORUM_QUIET_VISIT')) { // Update the online list if (!$forum_user['logged']) { $forum_user['logged'] = $now; $forum_user['csrf_token'] = random_key(40, false, true); $forum_user['prev_url'] = get_current_url(255); // REPLACE INTO avoids a user having two rows in the online table $query = array('REPLACE' => 'user_id, ident, logged, csrf_token', 'INTO' => 'online', 'VALUES' => $forum_user['id'] . ', \'' . $forum_db->escape($forum_user['username']) . '\', ' . $forum_user['logged'] . ', \'' . $forum_user['csrf_token'] . '\'', 'UNIQUE' => 'user_id=' . $forum_user['id']); if ($forum_user['prev_url'] != null) { $query['REPLACE'] .= ', prev_url'; $query['VALUES'] .= ', \'' . $forum_db->escape($forum_user['prev_url']) . '\''; } ($hook = get_hook('fn_cookie_login_qr_add_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Reset tracked topics set_tracked_topics(null); } else { // Special case: We've timed out, but no other user has browsed the forums since we timed out if ($forum_user['logged'] < $now - $forum_config['o_timeout_visit']) { $query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']); ($hook = get_hook('fn_cookie_login_qr_update_user_visit')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); $forum_user['last_visit'] = $forum_user['logged']; } // Now update the logged time and save the current URL in the online list $query = array('UPDATE' => 'online', 'SET' => 'logged=' . $now, 'WHERE' => 'user_id=' . $forum_user['id']); $current_url = get_current_url(255); if ($current_url != null) { $query['SET'] .= ', prev_url=\'' . $forum_db->escape($current_url) . '\''; } if ($forum_user['idle'] == '1') { $query['SET'] .= ', idle=0'; } ($hook = get_hook('fn_cookie_login_qr_update_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Update tracked topics with the current expire time if (isset($_COOKIE[$cookie_name . '_track'])) { forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $forum_config['o_timeout_visit']); } } } $forum_user['is_guest'] = false; $forum_user['is_admmod'] = $forum_user['g_id'] == FORUM_ADMIN || $forum_user['g_moderator'] == '1'; } else { set_default_user(); } ($hook = get_hook('fn_cookie_login_end')) ? eval($hook) : null; }
function login_sequence($link, $mobile = false) { if (!SINGLE_USER_MODE) { $login_action = $_POST["login_action"]; # try to authenticate user if called from login form if ($login_action == "do_login") { $login = $_POST["login"]; $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; if (authenticate_user($link, $login, $password)) { $_POST["password"] = ""; $_SESSION["language"] = $_POST["language"]; $_SESSION["ref_schema_version"] = get_schema_version($link, true); $_SESSION["bw_limit"] = !!$_POST["bw_limit"]; if ($_POST["profile"]) { $profile = db_escape_string($_POST["profile"]); $result = db_query($link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($result) != 0) { $_SESSION["profile"] = $profile; $_SESSION["prefs_cache"] = array(); } } header("Location: " . $_SERVER["REQUEST_URI"]); exit; return; } else { $_SESSION["login_error_msg"] = __("Incorrect username or password"); } } if (!$_SESSION["uid"] || !validate_session($link)) { render_login_form($link, $mobile); //header("Location: login.php"); exit; } else { /* bump login timestamp */ db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) { setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME); } /* bump counters stamp since we're getting reloaded anyway */ $_SESSION["get_all_counters_stamp"] = time(); } } else { return authenticate_user($link, "admin", null); } }
<?php include 'system_load.php'; //This loads system. //user Authentication. authenticate_user('all'); //Delete note. if (isset($_POST['delete_note']) && $_POST['delete_note'] != '') { $message = $notes_obj->delete_note($_POST['delete_note']); } //delete ends here. $page_title = $language["my_notes"]; //You can edit this to change your page title. $sub_title = "Manage your notes."; require_once "Includes/header.php"; //including header file. //display message if exist. if (isset($message) && $message != '') { echo '<div class="alert alert-success">'; echo $message; echo '</div>'; } ?> <p> <a href="manage_notes.php" class="btn btn-primary btn-default"><?php echo $language["add_new"]; ?> </a> </p> <?php $notes_obj->list_notes();
if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; } else { closelog(); return 1; } } $attributes = array(); foreach ($authmodes as $authmode) { $authcfg = auth_get_authserver($authmode); if (!$authcfg && $authmode != "Local Database") { continue; } $authenticated = authenticate_user($username, $password, $authcfg, $attributes); if ($authenticated == true) { break; } } if ($authenticated == false) { syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n"); if (isset($_GET['username'])) { echo "FAILED"; closelog(); return; } else { closelog(); return -1; } }
##|-PRIV require "guiconfig.inc"; require_once "PEAR.inc"; require_once "radius.inc"; if ($_POST) { $pconfig = $_POST; unset($input_errors); $authcfg = auth_get_authserver($_POST['authmode']); if (!$authcfg) { $input_errors[] = $_POST['authmode'] . " " . gettext("is not a valid authentication server"); } if (empty($_POST['username']) || empty($_POST['password'])) { $input_errors[] = gettext("A username and password must be specified."); } if (!$input_errors) { if (authenticate_user($_POST['username'], $_POST['password'], $authcfg)) { $savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully."); $groups = getUserGroups($_POST['username'], $authcfg); $savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />"; foreach ($groups as $group) { $savemsg .= "{$group} "; } } else { $input_errors[] = gettext("Authentication failed."); } } } $pgtitle = array(gettext("Diagnostics"), gettext("Authentication")); $shortcut_section = "authentication"; include "head.inc"; ?>