function _scratchpadify_install_configure_form_submit($form, &$form_state)
{
    global $user;
    variable_set('site_name', $form_state['values']['site_name']);
    variable_set('site_mail', $form_state['values']['site_mail']);
    variable_set('date_default_timezone', $form_state['values']['date_default_timezone']);
    // Enable update.module if this option was selected.
    if ($form_state['values']['update_status_module'][1]) {
        // Stop enabling the update module, it's a right royal pain in the arse.
        //drupal_install_modules(array('update'));
    }
    // Turn this off temporarily so that we can pass a password through.
    variable_set('user_email_verification', FALSE);
    $form_state['old_values'] = $form_state['values'];
    $form_state['values'] = $form_state['values']['account'];
    // We precreated user 1 with placeholder values. Let's save the real values.
    $account = user_load(1);
    $merge_data = array('init' => $form_state['values']['mail'], 'roles' => array(), 'status' => 0);
    user_save($account, array_merge($form_state['values'], $merge_data));
    // Log in the first user.
    user_authenticate($form_state['values']);
    $form_state['values'] = $form_state['old_values'];
    unset($form_state['old_values']);
    variable_set('user_email_verification', TRUE);
    if (isset($form_state['values']['clean_url'])) {
        variable_set('clean_url', $form_state['values']['clean_url']);
    }
    // The user is now logged in, but has no session ID yet, which
    // would be required later in the request, so remember it.
    $user->sid = session_id();
    // Record when this install ran.
    variable_set('install_time', time());
}
Ejemplo n.º 2
0
 /**
  * check if the login username and password match the db.
  * @param $username the inserted username
  * @param $password the inserted password (unhashed)
  * @return the logged in user's db row as array if login was a success, else "fail" will be returned.
  */
 public static function checkLoginMatch($username, $password)
 {
     if (!user_authenticate($username, $password)) {
         return 'fail';
     } else {
         return db_query("SELECT * FROM {users} WHERE name = :name", array(':name' => $username))->fetchAssoc();
     }
 }
 /**
  * {@inheritdoc}
  *
  * @see user_login_authenticate_validate().
  */
 public function authenticate(RequestInterface $request)
 {
     $username = $request->getUser();
     $password = $request->getPassword();
     // Do not allow any login from the current user's IP if the limit has been
     // reached. Default is 50 failed attempts allowed in one hour. This is
     // independent of the per-user limit to catch attempts from one IP to log
     // in to many different user accounts.  We have a reasonably high limit
     // since there may be only one apparent IP for all users at an institution.
     if (!flood_is_allowed('failed_login_attempt_ip', variable_get('user_failed_login_ip_limit', 50), variable_get('user_failed_login_ip_window', 3600))) {
         throw new FloodException(format_string('Rejected by ip flood control.'));
     }
     if (filter_var($username, FILTER_VALIDATE_EMAIL)) {
         if (!($uid = db_query_range("SELECT uid FROM {users} WHERE LOWER(mail) = LOWER(:mail) AND status = 1", 0, 1, array(':mail' => $username))->fetchField())) {
             // Always register an IP-based failed login event.
             flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600), ip_address());
             return null;
         } else {
             $username = db_query_range("SELECT name FROM {users} WHERE LOWER(mail) = LOWER(:mail) AND status = 1", 0, 1, array(':mail' => $username))->fetchField();
         }
     } else {
         if (!($uid = db_query_range("SELECT uid FROM {users} WHERE name = :name AND status = 1", 0, 1, array(':name' => $username))->fetchField())) {
             // Always register an IP-based failed login event.
             flood_register_event('failed_login_attempt_ip', variable_get('user_failed_login_ip_window', 3600), ip_address());
             return null;
         }
     }
     if (variable_get('user_failed_login_identifier_uid_only', false)) {
         // Register flood events based on the uid only, so they apply for any
         // IP address. This is the most secure option.
         $identifier = $uid;
     } else {
         // The default identifier is a combination of uid and IP address. This
         // is less secure but more resistant to denial-of-service attacks that
         // could lock out all users with public user names.
         $identifier = $uid;
         // . '-' . ip_address();
     }
     // Don't allow login if the limit for this user has been reached.
     // Default is to allow 5 failed attempts every 6 hours.
     if (flood_is_allowed('failed_login_attempt_user', variable_get('user_failed_login_user_limit', 5), variable_get('user_failed_login_user_window', 21600), $identifier)) {
         // We are not limited by flood control, so try to authenticate.
         if ($uid = user_authenticate($username, $password)) {
             // Clear the user based flood control.
             flood_clear_event('failed_login_attempt_user', $identifier);
             $user = user_load($uid);
             return user_load($uid);
         }
         flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 3600), $identifier);
     } else {
         flood_register_event('failed_login_attempt_user', variable_get('user_failed_login_user_window', 3600), $identifier);
         throw new FloodException(format_string('Rejected by user flood control.'));
     }
 }
Ejemplo n.º 4
0
/**
 * Returns user type, true if type equals 0, false if not logged in.
 * Returns PHP_INT_MAX if user is admin.
 */
function is_logged_in($recheck = false)
{
    static $type = -1;
    if ($type >= 0 && !$recheck) {
        return $type;
    }
    if (!isset($_SESSION['s_user']) || !isset($_SESSION['s_passwd'])) {
        return false;
    }
    if ($_SESSION['s_user'] == DB_USER && $_SESSION['s_passwd'] == DB_PASSWD) {
        return PHP_INT_MAX;
    }
    $username = pg_escape_string($_SESSION['s_user']);
    if (array_key_exists('s_admin_user', $_SESSION)) {
        $username = pg_escape_string($_SESSION['s_admin_user']);
    }
    $passwd_correct = $username == DB_USER && $_SESSION['s_passwd'] == DB_PASSWD;
    $company_id = null;
    $user_type = 0;
    if ($passwd_correct) {
        $company_id = 1;
        $user_type = 1;
    } else {
        $result = pg_query("SELECT company_id, passwd, passwd_salt, type FROM users WHERE username = '{$username}'");
        if ($row = pg_fetch_assoc($result)) {
            $company_id = $row['company_id'];
            $user_type = $row['type'];
            if (user_authenticate($company_id, $_SESSION['s_passwd'], $row['passwd'], $row['passwd_salt'])) {
                $passwd_correct = true;
            }
        }
    }
    if (!$passwd_correct) {
        return false;
    }
    $logged_in_user = pg_escape_string($_SESSION['s_user']);
    $result = pg_query("SELECT company_id, type FROM users WHERE username = '{$logged_in_user}'");
    if ($row = pg_fetch_assoc($result)) {
        $type = $row['type'];
        if ($type == 0) {
            $type = true;
        }
        if ($username != DB_USER && $company_id != $row['company_id']) {
            $type = false;
        }
        if ($username != $logged_in_user && (($user_type & 1) == 0 || !$company_id)) {
            $type = false;
        }
    } else {
        $type = false;
    }
    return $type;
}
    }
    $password_ok = false;
    if (array_key_exists('password', $_POST)) {
        //Validation du password
        $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_MAGIC_QUOTES);
        $password = filter_var($password, FILTER_SANITIZE_STRING);
        // Validation du username : des alpha minuscules et des chiffres, min 4 caractères
        $password_ok = 1 === preg_match('/^[A-Za-z0-9%&$!*?]{8,}$/', $password);
        //Supprime les balises, et supprime ou encode les caractères spéciaux.
        //var_dump($password);
        //var_dump($password_ok);
    }
    if ($username_ok && $password_ok) {
        //Vérification des 2 critères pour la connexion
        require_once 'data/_users.php';
        $user_info = user_authenticate($_POST['username'], $_POST['password']);
        if ($user_info) {
            //Si il est authentifier(valide) il va créer une session de login
            $_SESSION[PESS_USERNAME] = $user_info['username'];
            $message_login = 'Bienvenue ' . $user_info['username'];
            $est_connecter = true;
        } else {
            //Sinon Échec de connexion
            $message_login = 'La combinaison de votre pseudo et du mots de passe sont invalides';
        }
    }
} elseif (array_key_exists('dologout', $_POST)) {
    //Si l'usager veut se déconnecter
    unset($_SESSION[PESS_USERNAME]);
    //Destruction de la session de connection
    $est_connecter = false;
Ejemplo n.º 6
0
 /**
  * Login
  * User can login via username or email
  * @param string $email, username or email adddress
  * @return bool $success
  */
 public function login($email, $password)
 {
     $sucess = 0;
     try {
         if ($this->isEmail($email)) {
             $username = $this->getUserName($email);
         } else {
             $username = $email;
         }
         if (\user_authenticate($username, $password)) {
             $userObj = \user_load_by_name($username);
             $this->setUserData($userObj);
             $this->setUserId($userObj->uid);
             $formState = array();
             $formState['uid'] = $userObj->uid;
             \user_login_submit(array(), $formState);
             $sucess = 1;
         } else {
             $this->setError("login failed, bad username or password.");
         }
     } catch (\Exception $e) {
         $this->setError($e->getMessage());
     }
     return $sucess;
 }
Ejemplo n.º 7
0
 /**
  * load drupal bootstrap
  *
  * @param $name string  optional username for login
  * @param $pass string  optional password for login
  */
 function loadBootStrap($params = array(), $loadUser = TRUE, $throwError = TRUE, $realPath = NULL)
 {
     $uid = CRM_Utils_Array::value('uid', $params);
     $name = CRM_Utils_Array::value('name', $params, FALSE) ? $params['name'] : trim(CRM_Utils_Array::value('name', $_REQUEST));
     $pass = CRM_Utils_Array::value('pass', $params, FALSE) ? $params['pass'] : trim(CRM_Utils_Array::value('pass', $_REQUEST));
     //take the cms root path.
     $cmsPath = $this->cmsRootPath($realPath);
     if (!file_exists("{$cmsPath}/includes/bootstrap.inc")) {
         echo '<br />Sorry, unable to locate bootstrap.inc.';
         exit;
     }
     chdir($cmsPath);
     require_once 'includes/bootstrap.inc';
     @drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
     if (!function_exists('module_exists') || !module_exists('civicrm')) {
         echo '<br />Sorry, could not able to load drupal bootstrap.';
         exit;
     }
     // lets also fix the clean url setting
     // CRM-6948
     $config->cleanURL = (int) variable_get('clean_url', '0');
     // we need to call the config hook again, since we now know
     // all the modules that are listening on it, does not apply
     // to J! and WP as yet
     // CRM-8655
     CRM_Utils_Hook::config($config);
     if (!$loadUser) {
         return TRUE;
     }
     //load user, we need to check drupal permissions.
     if ($name) {
         $user = user_authenticate(array('name' => $name, 'pass' => $pass));
         if (empty($user->uid)) {
             echo '<br />Sorry, unrecognized username or password.';
             exit;
         }
     } elseif ($uid) {
         $account = user_load(array('uid' => $uid));
         if (empty($account->uid)) {
             echo '<br />Sorry, unrecognized user id.';
             exit;
         } else {
             global $user;
             $user = $account;
         }
     }
 }
Ejemplo n.º 8
0
 /**
  * Attempt to log in using the given username and password.
  *
  * On a successful login, this function should return the users attributes. On failure,
  * it should throw an exception. If the error was caused by the user entering the wrong
  * username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.
  *
  * Note that both the username and the password are UTF-8 encoded.
  *
  * @param string $username  The username the user wrote.
  * @param string $password  The password the user wrote.
  * @return array  Associative array with the users attributes.
  */
 protected function login($username, $password)
 {
     assert('is_string($username)');
     assert('is_string($password)');
     // authenticate the user
     $drupaluid = user_authenticate($username, $password);
     if (0 == $drupaluid) {
         throw new SimpleSAML_Error_Error('WRONGUSERPASS');
     }
     // load the user object from Drupal
     $drupaluser = user_load($drupaluid);
     // get all the attributes out of the user object
     $userAttrs = get_object_vars($drupaluser);
     // define some variables to use as arrays
     $userAttrNames = null;
     $attributes = null;
     // figure out which attributes to include
     if (NULL == $this->attributes) {
         $userKeys = array_keys($userAttrs);
         // populate the attribute naming array
         foreach ($userKeys as $userKey) {
             $userAttrNames[$userKey] = $userKey;
         }
     } else {
         // populate the array of attribute keys
         // populate the attribute naming array
         foreach ($this->attributes as $confAttr) {
             $userKeys[] = $confAttr['drupaluservar'];
             $userAttrNames[$confAttr['drupaluservar']] = $confAttr['callit'];
         }
     }
     // an array of the keys that should never be included
     // (e.g., pass)
     $skipKeys = array('pass');
     // package up the user attributes
     foreach ($userKeys as $userKey) {
         // skip any keys that should never be included
         if (!in_array($userKey, $skipKeys)) {
             if (is_string($userAttrs[$userKey]) || is_numeric($userAttrs[$userKey]) || is_bool($userAttrs[$userKey])) {
                 $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]);
             } elseif (is_array($userAttrs[$userKey])) {
                 // if the field is a field module field, special handling is required
                 if (substr($userKey, 0, 6) == 'field_') {
                     $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]['und'][0]['safe_value']);
                 } else {
                     // otherwise treat it like a normal array
                     $attributes[$userAttrNames[$userKey]] = $userAttrs[$userKey];
                 }
             }
         }
     }
     return $attributes;
 }
    $headers = getallheaders();
    $authCredentials = null;
    if (!empty($headers['Authorization'])) {
        $headerAuth = explode(' ', $headers['Authorization'], 2);
        $authCredentials = array_combine(array('username', 'password'), explode(':', base64_decode(end($headerAuth)), 2));
    } else {
        if (@$_SERVER['PHP_AUTH_USER'] && @$_SERVER['PHP_AUTH_PW']) {
            $authCredentials = array('username' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']);
        }
    }
    if ($authCredentials) {
        if (is_array($userFilter) && !in_array($authCredentials['username'], $userFilter)) {
            header('HTTP/1.0 401 Unauthorized');
            die('HTTP/1.0 401 Unauthorized');
        }
        $authResult = user_authenticate($authCredentials['username'], $authCredentials['password']);
        if (!$authResult) {
            header('HTTP/1.0 401 Unauthorized');
            die('HTTP/1.0 401 Unauthorized');
        }
    } else {
        header('HTTP/1.0 400 Bad Request');
        die('HTTP/1.0 400 Bad Request');
    }
}
// Prepare CLI Requirements
define('STDIN', fopen('php://input', 'r'));
define('STDOUT', fopen('php://output', 'w'));
$_SERVER['argv'] = array('autoupdate.php');
$mQuery = array_merge($_GET, $_POST);
foreach ($mQuery as $k => $v) {
Ejemplo n.º 10
0
 /**
  * Attempt to log in using the given username and password.
  *
  * On a successful login, this function should return the users attributes. On failure,
  * it should throw an exception. If the error was caused by the user entering the wrong
  * username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.
  *
  * Note that both the username and the password are UTF-8 encoded.
  *
  * @param string $username  The username the user wrote.
  * @param string $password  The password the user wrote.
  * @return array  Associative array with the users attributes.
  */
 protected function login($username, $password)
 {
     assert('is_string($username)');
     assert('is_string($password)');
     // accomodating email logins here
     if ($result = db_query('SELECT name FROM {users} WHERE LOWER(mail) = LOWER(:name)', array(':name' => $username))) {
         if ($record = $result->fetchAssoc()) {
             $username = $record['name'];
         }
     }
     // authenticate the user
     // check if user is not blocked first
     if (!user_is_blocked($username)) {
         $drupaluid = user_authenticate($username, $password);
         if (0 == $drupaluid) {
             throw new SimpleSAML_Error_Error('WRONGUSERPASS');
         }
     } else {
         throw new SimpleSAML_Error_Error('USERBLOCKED');
     }
     // load the user object from Drupal
     $drupaluser = user_load($drupaluid);
     // get all the attributes out of the user object
     $userAttrs = get_object_vars($drupaluser);
     // define some variables to use as arrays
     $userAttrNames = null;
     $attributes = null;
     // figure out which attributes to include
     if (NULL == $this->attributes) {
         $userKeys = array_keys($userAttrs);
         // populate the attribute naming array
         foreach ($userKeys as $userKey) {
             $userAttrNames[$userKey] = $userKey;
         }
     } else {
         // populate the array of attribute keys
         // populate the attribute naming array
         foreach ($this->attributes as $confAttr) {
             $userKeys[] = $confAttr['drupaluservar'];
             $userAttrNames[$confAttr['drupaluservar']] = $confAttr['callit'];
         }
     }
     // an array of the keys that should never be included
     // (e.g., pass)
     $skipKeys = array('pass', 'field_address');
     // package up the user attributes
     foreach ($userKeys as $userKey) {
         // skip any keys that should never be included
         if (!in_array($userKey, $skipKeys)) {
             if (is_string($userAttrs[$userKey]) || is_numeric($userAttrs[$userKey]) || is_bool($userAttrs[$userKey])) {
                 $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]);
             } elseif (is_array($userAttrs[$userKey])) {
                 // if the field is a field module field, special handling is required
                 if (substr($userKey, 0, 6) == 'field_') {
                     if ($userAttrs[$userKey]['und'][0]['safe_value']) {
                         $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]['und'][0]['safe_value']);
                     } else {
                         if ($userAttrs[$userKey]['und'][0]['value']) {
                             $attributes[$userAttrNames[$userKey]] = array($userAttrs[$userKey]['und'][0]['value']);
                         } else {
                             // accomodate taxonomy term reference fields
                             foreach ($userAttrs[$userKey]['und'] as $key => $value) {
                                 if ($value['tid']) {
                                     $term_object = taxonomy_term_load($value['tid']);
                                     $attributes[$userAttrNames[$userKey]][$key] = $term_object->name;
                                 }
                             }
                         }
                     }
                 } else {
                     // otherwise treat it like a normal array
                     $attributes[$userAttrNames[$userKey]] = $userAttrs[$userKey];
                 }
             }
         }
     }
     return $attributes;
 }
Ejemplo n.º 11
0
 /**
  * load drupal bootstrap
  *
  * @param $name string  optional username for login
  * @param $pass string  optional password for login
  */
 static function loadBootStrap($name = null, $pass = null, $uid = null)
 {
     //take the cms root path.
     $cmsPath = self::cmsRootPath();
     if (!file_exists("{$cmsPath}/includes/bootstrap.inc")) {
         echo '<br />Sorry, could not able to locate bootstrap.inc.';
         exit;
     }
     chdir($cmsPath);
     require_once 'includes/bootstrap.inc';
     @drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
     if (!function_exists('module_exists') || !module_exists('civicrm')) {
         echo '<br />Sorry, could not able to load drupal bootstrap.';
         exit;
     }
     //load user, we need to check drupal permissions.
     $name = $name ? $name : trim(CRM_Utils_Array::value('name', $_REQUEST));
     $pass = $pass ? $pass : trim(CRM_Utils_Array::value('pass', $_REQUEST));
     if ($name) {
         $user = user_authenticate(array('name' => $name, 'pass' => $pass));
         if (empty($user->uid)) {
             echo '<br />Sorry, unrecognized username or password.';
             exit;
         }
     } else {
         if ($uid) {
             $account = user_load(array('uid' => $uid));
             if (empty($account->uid)) {
                 echo '<br />Sorry, unrecognized user id.';
                 exit;
             } else {
                 global $user;
                 $user = $account;
             }
         }
     }
 }
Ejemplo n.º 12
0
 function auth($username, $server, $password)
 {
     return user_authenticate($username, $password) !== FALSE;
 }
Ejemplo n.º 13
0
 /**
  * Drupal get login example
  */
 public function postLogin()
 {
     $drupal = new \erdiko\drupal\Model();
     /*
     if(\user_load_by_name($_POST['name']) == FALSE)
     {
     	if(\user_load_by_mail($_POST['name']) == FALSE)
     	{
     		$content = \form_set_error('name', t('This username does not exist'));
     		$content = $content.'This username does not exist';
     	}
     }
     */
     if (strpos($_POST['name'], '@') === FALSE) {
         $user = \user_load_by_name($_POST['name']);
         if ($user) {
             $success = \user_authenticate($_POST['name'], $_POST['pass']);
             if ($success) {
                 $content = 'Login successful. Welcome ' . $_POST['name'];
             } else {
                 $content = 'Incorrect password.';
             }
         } else {
             $content = 'User does not exist.';
         }
     } else {
         $content = 'Please enter your user name, not email.';
     }
     if (strpos($content, 'Login successful') === FALSE) {
         $elements = $drupal->drupal_get_form("user_login");
         $form = \drupal_render($elements);
         $this->setContent($content . ' ' . $form);
     } else {
         $this->setContent($content);
     }
 }
<?php

chdir("../../civi4");
require_once "includes/bootstrap.inc";
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
header("Content-Type: application/json; charset=utf-8");
$response = array("username" => "", "error" => 0);
if (user_is_logged_in()) {
    $response["username"] = $user->name;
    echo json_encode($response);
    exit;
}
if ($_POST["username"] && $_POST["password"]) {
    $loginArray = array("name" => $_POST["username"], "pass" => $_POST["password"]);
    $login = user_authenticate($loginArray);
    if ($login) {
        $response["username"] = $user->name;
        echo json_encode($response);
        exit;
    }
    $response["error"] = 1;
    echo json_encode($response);
    exit;
}
echo json_encode($response);
exit;
Ejemplo n.º 15
0
if (username_exists('gp')) {
    echo "Le username (gp) est pris.";
}
/**
 * Authentification d'un utilisateur
 * UC1 : Échec de l'authentification
 * UC2 : Réussite de l'authentification
 */
// UC1 : Tentative d'authentification avec un mot de passe incorrect
$gp_user_info = user_authenticate('gp', 'invalid_password');
// En principe, le réponse vaut false
if (false === $gp_user_info) {
    echo "<p>L'authentification de l'utilisateur 'gp' avec le mot de passe 'invalid_password' a échoué.</p>";
}
// UC2 : Tentative d'authentification réussie
$gp_user_info = user_authenticate('gp', 'gp');
// En principe la réponse ne vaut pas false et contient les paramètres de l'utilisateur authentifié
if (false === $gp_user_info) {
    echo "<p>L'authentification de l'utilisateur 'gp' avec le mot de passe 'gp' a échoué.</p>";
} else {
    echo "<p>L'authentification de l'utilisateur 'gp' avec le mot de passe 'gp' a réussi.</p>";
    echo "<p>Les paramètres de l'utilisateur sont :" . implode($gp_user_info, ',') . "</p>";
}
/**
 * Enregistrer plusieurs connexions et déconnexions et Lister les utilisateurs connectés
 *
 * UC1: Connexion utilisateur 'gp'
 * UC2: Déconnexion utilisateur 'gp'
 * UC3: Lister des utilisateurs connectés après ajouts et connexion
 */
// UC1 : Connexion utilisateur 'gp'
Ejemplo n.º 16
0
 /**
  * load drupal bootstrap
  *
  * @param array $params Either uid, or name & pass.
  * @param boolean $loadUser boolean Require CMS user load.
  * @param boolean $throwError If true, print error on failure and exit.
  * @param boolean|string $realPath path to script
  */
 function loadBootStrap($params = array(), $loadUser = TRUE, $throwError = TRUE, $realPath = NULL)
 {
     //take the cms root path.
     $cmsPath = $this->cmsRootPath($realPath);
     if (!file_exists("{$cmsPath}/includes/bootstrap.inc")) {
         if ($throwError) {
             echo '<br />Sorry, could not locate bootstrap.inc\\n';
             exit;
         }
         return FALSE;
     }
     // load drupal bootstrap
     chdir($cmsPath);
     define('DRUPAL_ROOT', $cmsPath);
     // For drupal multi-site CRM-11313
     if ($realPath && strpos($realPath, 'sites/all/modules/') === FALSE) {
         preg_match('@sites/([^/]*)/modules@s', $realPath, $matches);
         if (!empty($matches[1])) {
             $_SERVER['HTTP_HOST'] = $matches[1];
         }
     }
     require_once 'includes/bootstrap.inc';
     // @ to suppress notices eg 'DRUPALFOO already defined'.
     @drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
     // explicitly setting error reporting, since we cannot handle drupal related notices
     error_reporting(1);
     if (!function_exists('module_exists') || !module_exists('civicrm')) {
         if ($throwError) {
             echo '<br />Sorry, could not load drupal bootstrap.';
             exit;
         }
         return FALSE;
     }
     // seems like we've bootstrapped drupal
     $config = CRM_Core_Config::singleton();
     // lets also fix the clean url setting
     // CRM-6948
     $config->cleanURL = (int) variable_get('clean_url', '0');
     // we need to call the config hook again, since we now know
     // all the modules that are listening on it, does not apply
     // to J! and WP as yet
     // CRM-8655
     CRM_Utils_Hook::config($config);
     if (!$loadUser) {
         return TRUE;
     }
     $uid = CRM_Utils_Array::value('uid', $params);
     if (!$uid) {
         //load user, we need to check drupal permissions.
         $name = CRM_Utils_Array::value('name', $params, FALSE) ? $params['name'] : trim(CRM_Utils_Array::value('name', $_REQUEST));
         $pass = CRM_Utils_Array::value('pass', $params, FALSE) ? $params['pass'] : trim(CRM_Utils_Array::value('pass', $_REQUEST));
         if ($name) {
             $uid = user_authenticate($name, $pass);
             if (!$uid) {
                 if ($throwError) {
                     echo '<br />Sorry, unrecognized username or password.';
                     exit;
                 }
                 return FALSE;
             }
         }
     }
     if ($uid) {
         $account = user_load($uid);
         if ($account && $account->uid) {
             global $user;
             $user = $account;
             return TRUE;
         }
     }
     if ($throwError) {
         echo '<br />Sorry, can not load CMS user account.';
         exit;
     }
     // CRM-6948: When using loadBootStrap, it's implicit that CiviCRM has already loaded its settings
     // which means that define(CIVICRM_CLEANURL) was correctly set.
     // So we correct it
     $config = CRM_Core_Config::singleton();
     $config->cleanURL = (int) variable_get('clean_url', '0');
     // CRM-8655: Drupal wasn't available during bootstrap, so hook_civicrm_config never executes
     CRM_Utils_Hook::config($config);
     return FALSE;
 }
Ejemplo n.º 17
0
<?php

// Réception des données de formulaire de login/logout
//var_dump($_SESSION);
$username = null;
$password = null;
if (array_key_exists('dologin', $_POST) && array_key_exists('username', $_POST) && array_key_exists('password', $_POST)) {
    // User cherche à se connecter
    require_once 'db/_user.php';
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
    if ($auth = user_authenticate($username, $password)) {
        //authentifié
        do_login($username);
        // Connecté
    } else {
        //( ! array_key_exists($_POST['username'] && array_key_exists($_POST['password'])));
        echo "Vous devez entrer un indentifiant et mot de passe valide";
        // TODO Gérer le bla bla de authentification invalide ici
    }
    //    var_dump($auth);exit();
} elseif (array_key_exists('dologout', $_POST)) {
    // User cherche à se déconnecter
    do_logout();
    // On le déconnecte
    header('Location:' . HOME_PAGE);
}
//
?>

<?php 
Ejemplo n.º 18
0
<?php

DEFINE('SECURE', true);
require "include/global.php";
if (isset($_POST['submit'])) {
    // Oh the joy of manual form validation
    $errors = false;
    // First, check all compulsary fields aren't blank
    if (empty($_POST['username'])) {
        $errors[] = 'You must fill in a username';
    }
    if (empty($_POST['password'])) {
        $errors[] = 'Please enter a password';
    }
    if (!$errors) {
        // More validation, but no point if anything is empty
        lib('User');
        if (user_authenticate($_POST['username'], $_POST['password'])) {
            header('Location: /account.php');
            die;
            // Just in case?
        } else {
            $errors[] = 'Invalid username or password. Please try again';
        }
    }
    $smarty->assign('errors', $errors);
}
$smarty->display('login.tpl');
?>