function chk_user(&$eps_user) { global $epsclass, $eps_config, $eps_cookie, $eps_session; eps_session_start(); // Set Guest $cookie = array('user_id' => 0, 'password_hash' => 0); // Get User_id And Password_hash if (!empty($_SESSION[$eps_session['name']])) { list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_SESSION[$eps_session['name']]); } else { if (!empty($_COOKIE[$eps_cookie['name']])) { list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$eps_cookie['name']]); } } if ($cookie['user_id'] > 0) { // Check User $result = $epsclass->db->query("SELECT g.g_title,u.* FROM " . TBL_USER . " u LEFT JOIN " . TBL_GROUP . " g ON u.group_id=g.g_id WHERE u.id=" . intval($cookie['user_id'])) or error('Unable to fetch user information', __FILE__, __LINE__, $epsclass->db->error()); $eps_user = $epsclass->db->fetch_assoc($result); $epsclass->db->free_result($result); // Authorisation Failed if (!isset($eps_user['id']) || md5($eps_cookie['seed'] . $eps_user['password']) != $cookie['password_hash']) { set_user(0, 0); return; } // ADMIN if ($eps_user['group_id'] == EPS_ADMIN) { define('IS_ADMIN', true); } else { define('IS_ADMIN', false); } // MODADMIN if ($eps_user['group_id'] == EPS_ADMIN || $eps_user['group_id'] == EPS_MOD) { define('IS_MODADMIN', true); } else { define('IS_MODADMIN', false); } unset($eps_user['password']); // Language No Exists if (!@file_exists(EPS_ROOT . 'lang/' . $eps_user['language'])) { $eps_user['language'] = $eps_config['default_lang']; } // Style No Exists if (!@file_exists(EPS_ROOT . 'style/' . $eps_user['style'] . '.css')) { $eps_user['style'] = $eps_config['default_style']; } $eps_user['ip_address'] = get_ip(); $eps_user['is_guest'] = false; } else { set_guest(); } }
function register($username, $password, $confirm) { if (empty($username)) { return error_message(E_REGISTER, E_NO_USERNAME); } if (empty($password)) { return error_message(E_REGISTER, E_NO_PASSWORD); } if (empty($confirm)) { return error_message(E_REGISTER, E_NO_CONFIRM); } if ($password !== $confirm) { return error_message(E_REGISTER, 'Mismatch'); } $user = look_up_key_value($username, USER_ACCOUNT_FILE); if (!empty($user)) { return error_message(E_REGISTER, E_ACCOUNT_EXISTS); } add_key_value($username, [$username, password_hash($password, PASSWORD_DEFAULT)], USER_ACCOUNT_FILE); set_user($username); return ''; }
<?php include_once 'loader.php'; $action = $_POST['action']; $data = $_POST['data']; $uid = $_POST['uid']; switch ($action) { case 'set_user': $user_object = $_POST['user']; $fbuid = $_POST['fbuid']; set_user($user_object, $fbuid); break; case 'process': $additional = $_POST['additional']; $like_object = $_POST['like']; $fbuid = $_POST['fbuid']; process($like_object, $additional, $fbuid); break; case 'save_forum_relation': $like_id = $_POST['like_id']; $forum_id = $_POST['forum_id']; $category_id = $_POST['category_id']; save_forum_relation($like_id, $forum_id); break; case 'getlike': $like_id = $_POST['likeid']; $like_object = $_POST['like']; $fbuid = $_POST['fbuid']; get_like($like_id, $fbuid, $like_object); break; case 'save_existing_like':
/** * \brief maakt de verbinding met de database * * @author P.Welling * * @since 1.0 */ function connect_db() { $this->db = set_db(); $this->pw = set_pw(); $this->user = set_user(); $this->conn = mysql_pconnect('localhost', $this->user, $this->pw) or trigger_error(mysql_error(), E_USER_ERROR); }
*/ $app->get('/about', function () use($app, $client, $service) { checkUserAuthentication($app); try { $about = $service->about->get(); renderJson($app, $about); } catch (Exception $ex) { renderEx($app, $ex); } }); /** * The start page, also handles the OAuth2 callback. */ $app->get('/', function () use($app, $client, $user) { // handle OAuth2 callback if code is set. if ($code = $app->request()->get('code')) { // handle code, retrieve credentials. $client->authenticate(); $tokens = $client->getAccessToken(); set_user($tokens); $app->redirect('/'); } if ($user) { // if there is a user in the session $app->render('index.html'); } else { // redirect to the auth page $app->redirect($client->createAuthUrl()); } }); $app->run();
$epsclass->validate->chk_username($username); if ($epsclass->validate->chk_length($password1, 6, 20, $eps_lang['Password'])) { $epsclass->validate->chk_match($password1, $password2, $eps_lang['Password']); } if ($epsclass->validate->chk_email($email1)) { $epsclass->validate->chk_match($email1, $email2, $eps_lang['Email']); } $epsclass->validate->chk_s_id($s_id); if ($epsclass->validate->chk_empty($confirm_code, $eps_lang['Confirm_code'])) { $epsclass->validate->chk_match($confirm_code, eps_encrypt($code, 6), $eps_lang['Confirm_code']); } if (empty($epsclass->validate->errors)) { $password = eps_hash($password1); $inserts = array('username' => $username, 'password' => $password, 'email' => $email1, 's_id' => $s_id, 'group_id' => EPS_MEMBER, 'reg_time' => time(), 'language' => $eps_config['default_lang'], 'style' => $eps_config['default_style'], 'timezone' => $eps_config['default_timezone'], 'ajax' => $eps_config['default_ajax'], 'ip_address' => get_ip()); $epsclass->db->vinsert(TBL_USER, $inserts); set_user($epsclass->db->insert_id(), $password, false); $_SESSION['visual'] = ''; // Emailer $epsclass->load_class('class_emailer'); $mail_tpl = trim(file_get_contents(EPS_ROOT . 'lang/' . $eps_user['language'] . '/welcome.tpl')); if (preg_match('#\\<subject\\>(.*?)\\</subject\\>#is', $mail_tpl, $subject_tpl)) { $subject = $subject_tpl[1]; } else { $subject = $eps_config['title']; } $message = trim(preg_replace('#\\<subject\\>.*?\\</subject\\>#is', '', $mail_tpl)); $message = str_replace('<site_title>', $eps_config['title'], $message); $message = str_replace('<base_url>', $eps_config['base_url'], $message); $message = str_replace('<username>', $username, $message); $message = str_replace('<password>', $password1, $message); $message = str_replace('<login_url>', $eps_config['base_url'] . 'index.php?eps=login', $message);
if (empty($epsclass->validate->errors)) { $username_tmp = eps_strtolower($username); //$result = $epsclass->db->query("SELECT id,password,group_id,active FROM ".TBL_USER." WHERE LOWER(username)='".$epsclass->db->escape($username_tmp)."'") or error('Unable to fetch user info', __FILE__, __LINE__, $epsclass->db->error()); $result = $epsclass->db->vselect(TBL_USER, array('id', 'password', 'group_id', 'active'), "WHERE LOWER(username)='" . $epsclass->db->escape($username_tmp) . "'", true); if ($epsclass->db->num_rows($result) == 1) { list($user_id, $db_password, $group_id, $active) = $epsclass->db->fetch_row($result); $epsclass->db->free_result($result); // Check if (!$active && !IS_ADMIN) { $errors[] = $eps_lang['User_inactive']; } else { if ($db_password != eps_hash($password)) { $errors[] = $eps_lang['Password_wrong']; } else { // Set User With Password In Database set_user($user_id, $db_password, $auto); $epsclass->antiflood->update('login', 2); redirect('index.php' . (isset($_GET['eps']) && $_GET['eps'] != 'login' ? '?eps=' . $_GET['eps'] : ''), $eps_lang['Redirect_login']); //redirect((isset($_SESSION['in_page']) && in_array($_GET['eps'], array('login', 'calendar', 'visual'))) ? 'index.php' : gen_current_url(), $eps_lang['Redirect_login']); return; } } } else { $errors[] = $eps_lang['Username_wrong']; } } else { $errors = $epsclass->validate->errors; $epsclass->validate->data_reset(); } } $_SESSION['visual'] = eps_random(9);
$action = eps_get_var('action', ''); // Class Validate $epsclass->load_class('class_validate'); // Class Anti-flood $epsclass->load_class('class_antiflood'); $tabindex = 1; $errors = array(); $need_old_pass = true; $epsclass->validate->data_reset(); $smarty->assign('uid', $uid); // L o g o u t if ($action == 'logout') { if ($uid != $eps_user['id']) { return; } else { set_user(0, 0); redirect('index.php', $eps_lang['Redirect_' . $action]); return; } } else { if ($action == 'changepass') { $secr_key = eps_get_var('key', ''); // Permission if (!empty($secr_key) || IS_ADMIN) { if (!IS_ADMIN) { if ($epsclass->validate->secr_verify($secr_key)) { //$result = $epsclass->db->query("SELECT 1 FROM ".TBL_USER." WHERE id='".$epsclass->db->escape($uid)."' AND security='".$epsclass->db->escape($secr_key)."'") or error('Unable to fetch code', __FILE__, __LINE__, $epsclass->db->error()); $result = $epsclass->db->vselect(TBL_USER, "1", "WHERE `id`='" . $epsclass->db->escape($uid) . "' AND `security`='" . $epsclass->db->escape($secr_key) . "'", true); if ($epsclass->db->num_rows($result) == 1) { $need_old_pass = false; } else {
$error = 'Username exists.'; break; } // Verify that the email address has not been used in a previous registration. $mailsearch = "SELECT email from users WHERE email=?"; $res_mailsearch = $context->db->query($mailsearch, $_POST['email']); $email_match = $res_mailsearch->fetchRow(DB_FETCHMODE_ASSOC); if ($email_match) { $error = 'Someone has already registered with that email address.'; break; } $new_user = add_user($context->db); $new_user['name'] = $_POST['username']; $new_user['email'] = $_POST['email']; $new_user['password'] = $_POST['password1']; $registered_user = set_user($context->db, $new_user); if ($registered_user === false) { $error = 'User name exists.'; break; } $hash = md5(rand(0, 1000)); $q = 'UPDATE users SET hash=? WHERE name=?'; $res = $context->db->query($q, $hash, $_POST['username']); login_user_by_id($context->db, $registered_user['id']); $to = $_POST['email']; $subject = 'Field Papers Verification'; $url = sprintf('http://%s%s/verify.php?email=%s&hash=%s', get_domain_name(), get_base_dir(), urlencode($_POST['email']), urlencode($hash)); $message = "Thanks for signing up for Field Papers!\n \n Please verify your account: {$url}\n \n "; $headers = 'From:noreply@fieldpapers.org' . "\r\n"; mail($to, $subject, $message, $headers); // redirect