function login($data, $ip)
{
//separate data
if ($obs = json_decode($data, true)) {
//sanitization
$user = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['n']), ENT_QUOTES, "utf-8");
$pw = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['p']), ENT_QUOTES, "utf-8");
//retrieve pass and id from DB
$res = json_decode(processLogin($user), true);
$dbPass = $res[0]['password'];
$id = $res[0]['userId'];
//hash entered password
$cPass = hashPass($pw);
//compare hashed pws
if ($cPass == $dbPass) {
//generate token
$token = createToken($ip, $id);
//set cookie to token value
$time = time() + 86400 / 2;
setcookie("token", $token, $time, "/");
session_start();
setLoginData($_SESSION['user_id'], $user);
return 1;
} else {
setcookie("token", " ", time() - 1);
return -1;
}
} else {
return -1;
}
}
function processInput()
{
// Checking if any iput was made
if (isset($_POST['inputType'])) {
// Copying to better vars
$inputType = $_POST['inputType'];
// Taking action based on input type
switch ($inputType) {
case 'privateresource':
processPrivateResource();
break;
case 'login':
processLogin();
break;
case 'editprivateresource':
processEditPrivateResource();
break;
default:
$errors[] = "Stop messing with the HTML!";
break;
}
}
}
<?php
ini_set('display_errors', 'On');
session_start();
require "./db_connect.php";
if (array_key_exists("email_address", $_POST) && array_key_exists("password", $_POST)) {
if (isset($_POST['email_address']) && isset($_POST['password'])) {
echo processLogin($_POST['email_address'], $_POST['password'], $mysqli);
}
} else {
echo "didnt work<br>";
}
function processLogin($input_email, $input_pwd, $mysqli)
{
$retval = NULL;
$result = 0;
$email_address_clean = mysqli_real_escape_string($mysqli, $input_email);
$password_clean = mysqli_real_escape_string($mysqli, $input_pwd);
$dbquery = "\n\t\tSELECT email_address, first_name, last_name, balance\n\t\tFROM usr_db\n\t\tWHERE email_address='" . $email_address_clean . "' \n \t\tAND pass='******'";
//prepare
if (!($stmt = $mysqli->prepare($dbquery))) {
echo "Falied to prepare query (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
//execute
if (!$stmt->execute()) {
echo "Falied to execute query (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
//bind
if (!$stmt->bind_result($db_email, $db_fname, $db_lname, $db_balance)) {
echo "Falied to bind parameters (" . $mysqli->connect_errno . ") </p>" . $mysqli->connect_error;
}
reorganization...
*/
session_start();
//error_reporting(E_ALL);
//ini_set('display_errors', '2');
require './lib/constants.php';
require 'functions.php';
$resid = 0;
$page = "";
$errormessage = "";
$message = "";
if (isset($_POST['page']) && $_POST['page'] == "login") {
$id = $_POST['id'];
$password = $_POST['pass'];
$resid = $_POST['resid'];
$userq = processLogin($id, $password);
$error = 0;
if (getConfigVar("use_ldap")) {
if (mysql_num_rows($userq) == 0) {
$error = RES_ERROR_LOGIN_USER_PASS;
$errormessage = "Incorrect user name or password<br><br>";
}
} else {
if (mysql_num_rows($userq) == 0) {
$error = RES_ERROR_LOGIN_NO_USER;
$errormessage = "No such user id<br><br>";
} else {
$row = mysql_fetch_assoc($userq);
if ($row['password'] != encrypt($password)) {
$error = RES_ERROR_LOGIN_USER_PASS;
$errormessage = "Incorrect user name or password<br><br>";
<li><a href="UserData.php">User Data</a></li>
<li><a href="FriendData.php">Friend Data</a></li-->
</ul>
</div>
</div>
<hr>
<h2>Login</h2>
<br>
<?php
//connect to kate and database.
$err = "";
if (isset($_POST['submitLogin'])) {
processLogin($connection);
} else {
showLogin($err, $connection);
}
function showLogin($err, $connection)
{
echo "<form action = 'Login.php' method='POST'>\n \n <legend><p><b>Sign in</b></p></legend>\n <p>{$err}</p>\n <p>Username: <input type = 'text' name ='username'></p>\n\n <p>Password: <input type = 'password' name ='password'><br></p>\n\n \n\n <input type='submit' name='submitLogin' value = 'Login'>\n \n </form>";
}
function processLogin($connection)
{
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$checkUsername = "******";
$result = mysqli_query($connection, $checkUsername);
if (mysqli_num_rows($result) != 0) {
$checkPassword = "******";
pwOutPut();
exit;
}
$userId = $weiboLoginService->fetchBoundUser($sessionInfo['sessiondata']['platformSessionId']);
if (!$userId) {
Showmsg('使用' . $loginWay['accountTitle'] . '自动登录失败,请重试');
}
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
if (!$userService->get($userId)) {
$userBindService = L::loadClass('WeiboUserBindService', 'sns/weibotoplatform/service');
/* @var $userBindService PW_WeiboUserBindService */
$userBindService->unbind($userId, $type);
Showmsg('用户在站点已删除,请重试');
}
list($winduid, $groupid, $windpwd, $showmsginfo) = processLogin($userId);
require_once file_exists(D_P . "data/groupdb/group_{$groupid}.php") ? Pcv(D_P . "data/groupdb/group_{$groupid}.php") : D_P . "data/groupdb/group_1.php";
Loginipwrite($winduid);
if (GetCookie('o_invite') && $db_modes['o']['ifopen'] == 1) {
list($o_u, $hash, $app) = explode("\t", GetCookie('o_invite'));
if (is_numeric($o_u) && strlen($hash) == 18) {
require_once R_P . 'require/o_invite.php';
}
}
$jumpurl = isset($sessionInfo['sessiondata']['httpReferer']) ? $sessionInfo['sessiondata']['httpReferer'] : $db_bfn;
//passport
if ($db_pptifopen && $db_ppttype == 'server' && ($db_ppturls || $forward)) {
$tmp = $jumpurl;
$jumpurl = $forward ? $forward : $db_ppturls;
$forward = $tmp;
//TODO 这里面有obheader,用到$action
<?php
require_once 'header.php';
require_once '../classes/User.php';
session_start();
if (isset($_SESSION['email'])) {
header("Location: welcome.php");
}
if (!isset($_POST['login'])) {
outputLoginForm("");
} else {
$errorMessage = processLogin();
if ($errorMessage) {
outputLoginForm($errorMessage);
} else {
header("Location: welcome.php");
}
}
function processLogin()
{
if (empty($_POST['email']) || empty($_POST['passwd'])) {
return "fill all the values";
//return errormessage
} else {
$user = User::getUserFromDatabase($_POST['email'], $_POST['passwd']);
if ($user) {
$_SESSION['userId'] = $user->mId;
$_SESSION['email'] = $user->mEmail;
$_SESSION['firstName'] = $user->mFirstName;
return;
} else {
require './lib/constants.php';
require 'functions.php';
$resid = 0;
$page = "";
$errormessage = "";
$message = "";
if(isset($_POST['page']) && $_POST['page'] == "login"){
$id = $_POST['id'];
$password = $_POST['pass'];
$resid = $_POST['resid'];
$userq = processLogin($id);
$error = 0;
if(mysql_num_rows($userq)==0){
$error = RES_ERROR_LOGIN_NO_USER;
$errormessage = "No such user id<br><br>";
}else{
$row = mysql_fetch_assoc($userq);
if($row['password'] != encrypt($password)){
$error = RES_ERROR_LOGIN_USER_PASS;
<?php
require_once 'header.php';
require_once 'menubar.php';
require_once 'connection.php';
require_once 'classes/User.php';
session_start();
if (isset($_SESSION['email'])) {
header("Location: start.php");
}
if (!isset($_POST['login'])) {
outputLoginForm("");
} else {
$errorMessage = processLogin($conn);
if ($errorMessage) {
outputLoginForm($errorMessage);
} else {
header("Location: start.php");
}
}
function processLogin($connection)
{
if (empty($_POST['email']) || empty($_POST['passwd'])) {
return "fill all the values";
//return errormessage
} else {
$user = User::getUserFromDatabase($_POST['email'], $_POST['passwd']);
if ($user) {
$_SESSION['email'] = $user->mEmail;
$_SESSION['firstName'] = $user->mFirstName;
return;
} else {
/***************************************************************
* Check to see if users IP is authorized to view the ASP
***************************************************************/
if (!checkIpAuth($cfg->get('admin_hosts'))) {
die("<font color='red'>ERROR:</font> You are NOT Authorised to access this Page!");
}
/***************************************************************
* Import database class
***************************************************************/
include 'includes/db/class.database.php';
$DB = new Database($cfg->get('db_host'), $cfg->get('db_port'), $cfg->get('db_user'), $cfg->get('db_pass'), $cfg->get('db_name'));
/***************************************************************
* Check for login / logout requests
***************************************************************/
if ($_POST['action'] == 'login') {
processLogin();
} elseif ($_POST['action'] == 'logout' || $_GET['action'] == 'logout') {
processLogout();
}
/***************************************************************
* Check database version
***************************************************************/
$dbver = getDbVer();
if ($cfg->get('db_expected_ver') == $dbver) {
$dbver_txt = $dbver;
} else {
$dbver_txt = "<font color=\"red\"><b>" . $dbver . "</b></font>";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
function processSignup($request, $provider)
{
//don't attempt to signup already logged in users
if (MM_Utils::isLoggedIn()) {
$loggedInUser = MM_Utils::getCurrentUser();
$redirectUrl = isset($request['redirect_url']) ? $request['redirect_url'] : MM_CorePageEngine::getUrl(MM_CorePageType::$MEMBER_HOME_PAGE, null, $loggedInUser);
wp_redirect($redirectUrl);
exit;
}
if (!$provider->allowsSignups()) {
//configuration does not allow signups
throw new Exception("Signups not allowed", "1001007");
}
if (isset($request['membership_level'])) {
$membershipLevel = trim($request['membership_level']);
$membershipLevel = htmlentities($membershipLevel);
if (!is_numeric($membershipLevel)) {
//membership level was not passed as a valid id
throw new Exception("Invalid Membership Level", "1001008");
}
} else {
$membershipLevel = $provider->getSignupMembershipLevel();
if (!is_numeric($membershipLevel) || $membershipLevel == 0) {
//should never happen - default signup membership level is invalid
throw new Exception("Invalid Default Membership Level", "1001009");
}
}
//ensure that if the chosen provider doesnt allow access to the email, and the provider is configured not to generate one, that one was supplied
if ($provider->getEmailHandlingStrategy() == MM_AbstractSocialLoginExtension::$EMAIL_RETRIEVED_BY_POPUP && empty($request['email'])) {
//email required but not supplied
throw new Exception("No email supplied", "1001010");
}
//Authenticate with the provider, and retrieve the remote user profile
$authResponse = $provider->authenticate();
if (!MM_Response::isSuccess($authResponse)) {
//error authenticating
throw new Exception("Error authenticating with social network", "1001016");
}
$profileResponse = $provider->getUserProfile();
if (!MM_Response::isSuccess($profileResponse)) {
//retrievng profile failed
throw new Exception("Unable to retrieve profile from social network", "1001011");
}
$profile = $profileResponse->message;
if (!isset($profile->identifier) || empty($profile->identifier)) {
//invalid social network identifier returned
throw new Exception("Invalid social network identifier", "1001012");
}
//Populate memberinfo with the necessary member information, in the expected format
$memberInfo = array();
$memberInfo["membership_level"] = $membershipLevel;
if (isset($profile->firstName) && !empty($profile->firstName)) {
$memberInfo['first_name'] = $profile->firstName;
}
if (isset($profile->lastName) && !empty($profile->lastName)) {
$memberInfo['last_name'] = $profile->lastName;
}
$emailHandlingStrategy = $provider->getEmailHandlingStrategy();
if ($emailHandlingStrategy == MM_AbstractSocialLoginExtension::$EMAIL_RETRIEVED_BY_POPUP) {
//TODO: sanitize email
$memberInfo['email'] = $request['email'];
} else {
if ($emailHandlingStrategy == MM_AbstractSocialLoginExtension::$EMAIL_PROVIDED) {
if (isset($profile->emailVerified) && !empty($profile->emailVerified)) {
$memberInfo['email'] = $profile->emailVerified;
} else {
if (isset($profile->email) && !empty($profile->email)) {
$memberInfo['email'] = $profile->email;
} else {
throw new Exception("Social Network provider was supposed to supply user email, but did not", "1001013");
}
}
} else {
if ($emailHandlingStrategy == MM_AbstractSocialLoginExtension::$EMAIL_GENERATE_BOGUS_EMAIL) {
$bogusUser = MM_Utils::createRandomString(8, true) . MM_Utils::createRandomString(24);
//TODO: tag user portion of email with social network identifier
$bogusDomain = "example.com";
$memberInfo['email'] = "{$bogusUser}@{$bogusDomain}";
}
}
}
$socialSignupRequest = new MM_SocialLoginRequest($memberInfo);
$response = $socialSignupRequest->submitRequest();
if (MM_Response::isSuccess($response)) {
$newUser = $socialSignupRequest->getNewUser();
$provider->linkUserToSocialMediaAccount($newUser, $profile->identifier);
$socialSignupRequest->completeSignup();
exit;
} else {
if (strpos($response->message, "already exists") !== false) {
//the member signing up already exists, send them to login instead
processLogin($request, $provider);
exit;
}
throw new Exception($response->message, "1001014");
}
//end signup block
exit;
}
