Ejemplo n.º 1
0
function login($username, $password)
{
    $user = getUserByUsername($username);
    if (!$user) {
        throw new InvalidArgumentException("Username not registered.");
    }
    if (!password_verify($password, $user["hash"])) {
        throw new InvalidArgumentException("Password incorrect.");
    }
    $_SESSION["userid"] = $user["id"];
}
    $name = makeStringSafe($name);
    $email = makeStringSafe($email);
    $user_level = makeStringSafe($user_level);
    $password = "";
    if (!getConfigVar("use_ldap")) {
        $password = makeStringSafe(generatePassword(9, 4));
    }
    doQuery("INSERT INTO " . getDBPrefix() . "_users SET username = '******', name = '" . $name . "', password = '******', email = '" . $email . "', user_level = '" . $user_level . "', warnings = '0'");
    $user = mysql_fetch_assoc(doQuery("SELECT user_id FROM " . getDBPrefix() . "_users ORDER BY user_id DESC LIMIT 1"));
    logAddUser(getSessionVariable('user_id'), $user['user_id']);
    return $password;
}
function createUserFromLDAP($username, $password)
{
    $auth_user = $username . "@" . getConfigVar('ldap_domain');
    if ($connect = @ldap_connect(getConfigVar('ldap_server'))) {
        if ($bind = @ldap_bind($connect, $auth_user, $password)) {
            $ldap_dn = "ou=people, dc=radford, dc=EDU";
            $filter = "(sAMAccountName={$username})";
            $result = ldap_search($connect, $ldap_dn, $filter);
Ejemplo n.º 3
0
 public function doRequest()
 {
     global $permission;
     $this->data[0] = limitString(clean($this->data[0], true), 30);
     $this->data[1] = limitString(clean($this->data[1], true), 300);
     $this->data[2] = clean($this->data[2], true);
     if (!empty($this->data[0]) && $this->user->hasPermission($permission["board_edit"], $this->element)) {
         if ($this->element->editTitle($this->user, $this->data[0]) && $this->element->editDescription($this->user, $this->data[1])) {
             foreach (explode(",", strtolower($this->data[2]) . ",") as $username) {
                 $user = getUserByUsername(trim($username));
                 if ($user != null) {
                     if ($user->id > 0) {
                         $user->moderate($this->element);
                         $user->save($this->con);
                     }
                 }
             }
             if (!empty($this->data[3])) {
                 $this->element->move($this->user, ForumElement::getElementFromCode($this->data[3]));
             }
             $this->element->save($this->con);
             return "Successfully edited board.";
         } else {
             return "Failed to edited board.";
         }
     }
     return "Invalid board name";
 }
Ejemplo n.º 4
0
 //validation
 if ($_POST['username'] == '') {
     $error['username'] = '******';
     $form_valid = false;
 }
 if ($_POST['password'] == '') {
     $error['password'] = '******';
     $form_valid = false;
 } elseif (strlen($_POST['password']) <= 7) {
     $error['password'] = '******';
     $form_valid = false;
 }
 // form filled in appropriately, run check against database...
 if ($form_valid == true) {
     // check username exists in the database...
     $user_exists = getUserByUsername($_POST['username']);
     if ($user_exists != true) {
         // if doesnt exist, error...
         $error['username'] = '******';
     } else {
         // if does exist...
         // check password is correct for the username...
         $user = getUserByLogin($_POST['username'], md5($_POST['password']));
         if ($user != true) {
             // if password not correct for the username, error...
             $error['password'] = '******';
         } elseif ($user == true) {
             // if password correct for the username, set session and redirect...
             $_SESSION['logged_in'] = true;
             $_SESSION['userId'] = $user['id'];
             $_SESSION['username'] = $user['username'];
Ejemplo n.º 5
0
<?php

require_once $_SERVER["DOCUMENT_ROOT"] . "/lib/dblayer.php";
require_once $_SERVER["DOCUMENT_ROOT"] . "/subs.php";
require_once $_SERVER["DOCUMENT_ROOT"] . "/conf.inc.php";
$db = new DBLayer($CNF["db_host"], $CNF["db_user"], $CNF["db_pass"], $CNF["db_name"]);
$db->query("SET NAMES utf8");
$action = checkRequest("action");
$domain = checkRequest("domain");
$username = checkRequest("username");
$user_id = getUserByUsername($username)['uid'];
if ($user_id < 1) {
    $user_id = createUser($username);
}
$workstation = mb_strtolower(checkRequest("workstation"), "UTF-8");
$ip = trim(checkRequest("ip"));
$workstation_id = strlen($workstation) > 0 ? checkWorkstation($workstation, $ip) : null;
switch ($action) {
    case "start":
        logonWorkstation($workstation_id, $ip);
        break;
    case "shutdown":
        echo "ws: {$workstation_id}, IP: {$ip}";
        logoffWorkstation($workstation_id);
        break;
    case "logon":
        echo $workstation_id;
        logonWorkstation($workstation_id, $ip);
        logonUser($user_id, $domain, $workstation_id);
        break;
    case "logoff":
Ejemplo n.º 6
0
 unset($_SESSION['raw_verify']);
 unset($_SESSION['raw_pseudo']);
 unset($_SESSION['raw_email']);
 unset($_SESSION['error_msg']);
 unset($_SESSION['info']);
 // Get new account information.
 $_SESSION['raw_password'] = $_POST['password'];
 $_SESSION['raw_verify'] = $_POST['verify'];
 $_SESSION['raw_pseudo'] = $_POST['pseudo'];
 $_SESSION['raw_email'] = $_POST['email'];
 $password = filter_input(INPUT_POST, 'password', FILTER_VALIDATE_REGEXP, $password_pattern);
 $verify = filter_input(INPUT_POST, 'verify', FILTER_VALIDATE_REGEXP, $password_pattern);
 $pseudo = trim(filter_input(INPUT_POST, 'pseudo', FILTER_SANITIZE_STRING));
 $email = trim(filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL));
 // Check if the user exists in the database.
 $user_pseudo = getUserByUsername($pseudo);
 if ($user_pseudo != NULL) {
     $_SESSION['error_msg'] = "This username already exists.";
     $_SESSION['wrong_pseudo'] = true;
     header('location: /app/admin/login/?action=signup');
     exit;
 }
 // Check if the email is valid.
 if (!$email) {
     $_SESSION['error_msg'] = "This email is invalid. Please type a valid email.";
     $_SESSION['wrong_email'] = true;
     header('location: /app/admin/login/?action=signup');
     exit;
 }
 // Check if the email exists in the database.
 $user_email = getUserByEmail($email);
Ejemplo n.º 7
0
function processLDAPLogin($username, $password)
{
    if (authLDAPUser($username, $password)) {
        $userresult = getUserByUsername($username);
        if (mysql_num_rows($userresult) > 0) {
            return $userresult;
        } else {
            if (getConfigVar("login_to_register")) {
                return createUserFromLDAP($username, $password);
            } else {
                return false;
            }
        }
    } else {
        return false;
    }
}
Ejemplo n.º 8
0
    $password = mysql_real_escape_string($_POST["password"]);
    $data_login = array('username' => $username, 'password' => md5($password), 'status' => 1);
    $error = array();
    $error_warning = NULL;
    if (empty($username)) {
        $error[] = $lang['error_username_empty'];
    }
    if (empty($password)) {
        $error[] = $lang['error_password_empty'];
    }
    if (!verifyLoginAdmin($data_login)) {
        $error[] = $lang['error_failed_login'];
    }
    if (empty($error)) {
        $success = $lang['success_login'];
        $user_data = getUserByUsername($data_login);
        $_SESSION['coin_user_id'] = $user_data['user_id'];
        header('Location:home.html');
    } else {
        foreach ($error as $key => $values) {
            $error_warning = $values . '<br/>';
        }
    }
}
?>
<div id="content">
	<div class="box" style="width: 400px; min-height: 300px; margin-top: 40px; margin-left: auto; margin-right: auto;">
		<div class="heading">
			<h1><img src="includes/images/lockscreen.png" alt="" /> <?php 
echo $lang['text_login'];
?>
Ejemplo n.º 9
0
        $erroroccured = true;
        $error = 'ERROR - no lastname supplied';
    }
    if (!isset($msisdn) || $msisdn == "") {
        $erroroccured = true;
        $error = 'ERROR - no mobile number supplied';
    }
    if (!$erroroccured) {
        // Going to add a user now have confirmed all the required values were supplied.
        $result = createUser($username, $password, $firstname, $lastname, $username, $msisdn);
        if ($result == "ERROR") {
            $erroroccured = true;
            $error = 'ERROR - not able to create user at this time please try again later.';
        } else {
            $users = array();
            $users = getUserByUsername($username);
            if (count($users) == 0) {
                $erroroccured = true;
                $error = 'ERROR - not able to locate user at this time please try again later.';
            }
        }
    }
} else {
    $erroroccured = true;
    $error = 'ERROR - no valid action supplied';
}
echo '
	<?xml version="1.0" encoding="UTF-8"?>';
if ($erroroccured) {
    echo '		
		<response code="400">
Ejemplo n.º 10
0
function process_registration()
{
    // used for testing
    //sleep(1);
    $username = strtolower(trim($_POST['username']));
    $email = trim($_POST['email']);
    $password = trim($_POST['password']);
    include _DOCROOT . '/inc/sql-core.php';
    include _DOCROOT . '/html/pre-header.php';
    include _DOCROOT . '/inc/functions.class.php';
    include _DOCROOT . '/modules/site/site-data.php';
    $fn = new Functions();
    $err = false;
    // 1. check value fields.
    $email_check = $fn->checkEmail($email);
    if ($email_check === false) {
        $err = true;
        $htmls['#email_err'] = 'Invalid format. Use something similar to username@domain.com';
    }
    $un_check = $fn->checkUsername($username);
    if ($un_check != "") {
        $err = true;
        $htmls['#username_err'] = $un_check;
    }
    $pw_check = $fn->checkUsername($password);
    if ($pw_check != "") {
        $err = true;
        $htmls['#password_err'] = $pw_check;
    }
    $existingUser = getUserByUsername($username);
    if (count($existingUser) > 0) {
        $err = true;
        $htmls['#username_err'] = "Username already exists. Try a different name.";
    }
    $existingUser = getUserByEmail($email);
    if (count($existingUser) > 0) {
        $err = true;
        $htmls['#email_err'] = "This email is already registered. Try a different one.";
    }
    if ($err) {
        echo json_encode(array('htmls' => $htmls));
    } else {
        // 2. create user folder.
        $fn->makeUserFolder(strtolower($username));
        // 3. create salt / tokens.
        $salt = md5($username . time());
        $token = md5($email . $salt);
        // 4. insert into database.
        $sql_u = "INSERT INTO signup (\n                email,\n                username,\n                `password`,\n                token,\n                salt,\n                fname,\n                lname,\n                bday,\n                created,\n                lastloggedin\n            ) VALUES (\n                ?,?,?,?,?,?,?,?,?,?\n            )";
        sqlRun($sql_u, 'ssssssssii', array($email, $username, md5($password), $token, $salt, "", "", "", time(), time()));
        // 5. send out email.
        $to = $email;
        $subject = "Your Website Registration";
        $message = "Click this link to validate your email. Or, copy / paste this code";
        $headers = 'From: webmaster@mypersonalwebsite.com' . "\r\n" . 'Reply-To: webmaster@mypersonalwebsite.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
        //mail($to, $subject, $message, $headers);
        // 6. Set session variables.
        $_SESSION['site_user_username'] = $username;
        $_SESSION['site_user_salt'] = $salt;
        $_SESSION['site_user_token'] = $token;
        // 7. display success message (check email or check email and enter verification code).
        echo json_encode(array('closevbox' => true, 'redirect' => $username));
        /*
        echo json_encode(array(
            'closevbox' => true,
            'redirect' => strtolower(trim($_POST['username']))
        ));
        */
    }
}
function processLDAPLogin($username, $password){

	if(authLDAPUser($username, $password)){
	
		$userresult = getUserByUsername($username);
		
		if(mysql_num_rows($userresult) >= 1){
		
			return $userresult;
			
		}else{
		
			return createUserFromLDAP($username, $password);
		
		}
	
	}else{
	
		return false;
	
	}

}