Ejemplos de código de ulNonce en PHP

Ejemplo n.º 1

0

Mostrar archivo

Archivo: DuoSecLoginBackend.inc.php Proyecto: hoangsoft90/cpanel-manager

 private function DuoAuth()
 {
     $this->AuthResult = false;
     // Verify nonce first
     if (!isset($_POST['ulDuoSecLoginNonce'])) {
         return ulLoginBackend::ERROR;
     }
     if (!ulNonce::Verify('ulDuoSecLogin', $_POST['ulDuoSecLoginNonce'])) {
         return ulLoginBackend::ERROR;
     }
     //make sure that verifyResponse does not return NULL
     //if it is NOT NULL then it will return a username
     //you can then set any cookies/session data for that username
     //and complete the login process
     $resp = Duo::verifyResponse(UL_DUOSEC_IKEY, UL_DUOSEC_SKEY, UL_DUOSEC_AKEY, $_POST['sig_response']);
     if ($resp != NULL) {
         $this->AuthResult = $resp;
         return true;
     } else {
         return ulLoginBackend::BAD_CREDENTIALS;
     }
 }

Ejemplo n.º 2

0

Mostrar archivo

Archivo: uLogin.inc.php Proyecto: hoangsoft90/cpanel-manager

 public function Autologin()
 {
     if (!$this->Backend->IsAutoLoginAllowed()) {
         return false;
     }
     // Cookie-name
     $autologin_name = 'AutoLogin';
     // Read encrypted cookie
     if (!isset($_COOKIE[$autologin_name])) {
         return false;
     }
     $data = $_COOKIE[$autologin_name];
     // Decrypt cookie data
     $parts = explode(':::', $data);
     $username = $parts[0];
     $nonce = $parts[1];
     $hmac = $parts[2];
     // Check if nonce in cookie is valid
     if (!ulNonce::Verify("{$username}-autologin", $nonce)) {
         $this->SetAutologin($username, false);
         return false;
     }
     // Check if cookie was set by us.
     if ($hmac != hash_hmac(UL_HMAC_FUNC, "{$username}:::{$nonce}", UL_SITE_KEY)) {
         $this->SetAutologin($username, false);
         $this->AuthFail(NULL, $username);
         return false;
     }
     // Get Uid and see if user exists. See if user is still valid.
     $uid = $this->Uid($username);
     if ($uid === false) {
         $this->SetAutologin($username, false);
         $this->AuthFail(NULL, $username);
         return false;
     }
     // Check if there is a block that applies to us
     if ($this->BlockCheck($uid) !== true) {
         $this->SetAutologin($username, false);
         $this->AuthFail($uid, $username);
         return false;
     }
     // Everything seems alright. Log user in and set new autologin cookie.
     $this->AuthSuccess($uid, $username);
     $this->SetAutologin($username, true);
     return $uid;
 }

Ejemplo n.º 3

0

Mostrar archivo

Archivo: example.php Proyecto: paul-hudlow/ksu-6623-project

		<td>
			<select name="action">
			<option>login</option>
			<option>autologin</option>
			<option>create</option>
			</select>
		</td>
	</tr>

	<tr>
		<td>
			Nonce:
		</td>
		<td>
			<input type="text" id="nonce" name="nonce" value="<?php 
    echo ulNonce::Create('login');
    ?>
">
		</td>
	</tr>

	<tr>
		<td>
		<input type="submit">
		</td>
	</tr>

	</table>
	</form>
<?php 
}

Ejemplo n.º 4

0

Mostrar archivo

Archivo: template.php Proyecto: sahartak/v1poject

function page_header($showbuttons=1){
    if (array_get($_SESSION['admin'], 'is_logged') == 1) {
        $PageTitle = getLang('atitle_logged');
    } else {
        $PageTitle = getLang('atitle_notlogged');
    }

    echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>'.$PageTitle.'</title>
<meta http-equiv="content-type" content="application/xhtml+xml; charset=UTF-8" />
<meta name="robots" content="NOINDEX,NOFOLLOW" />
<meta http-equiv="X-UA-Compatible" content="IE=8" />
<meta http-equiv="content-language" content="en" />
<meta name="language" content="en" />';
    
    if(array_get($_SESSION['admin'], 'is_logged') == true) {
    echo '
<link href="../themes/smoothness/jquery-ui-1.7.2.custom.css" media="all" rel="stylesheet" type="text/css" />
<link href="../css/validationEngine.jquery.css" media="all" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="../js/jquery-ui-1.7.2.custom.min.js"></script>
<script type="text/javascript" src="../js/underscore-min.js"></script>
<script type="text/javascript" src="js/scripts.js"></script>
<script type="text/javascript">

var AJAX_URL = "' . $_SERVER['REQUEST_URI'] . '";
    
jQuery(document).ready(function($){
    var $tabs = $("#tabs").tabs({
        select: function(event, ui){
            var url = $.data(ui.tab, "load.tabs");
            var tabid = ui.panel.id;
            
            if(url) {
                location.href = url;
                return false;
            }
       	
           	return true;
        }
    });

    $("#tabs").tabs("select", '.($_SESSION['admin']['selected_tab']+0).');
    $("div.TabsHolder").show();

    $("#Tab0, #Tab1, #Tab2, #Tab3, #Tab5, #Tab6, #Tab7, #Tab10").click(function() {
        location.href = $(this).attr("rel");
        return false;
    });

    $("#expiry_date, #trade_date, #tr_date, #user_app_date, #date_value").datepicker({
        changeMonth: true,
        changeYear: true,
        dateFormat: "yy-mm-dd"
    });
});
</script>';
    }
    echo '
<link href="css/styles.css" media="screen" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="css/font-awesome/css/font-awesome.min.css">
</head>
	
<body>
<div class="wrapper">';
    if(array_get($_SESSION['admin'], 'is_logged') == true) {
    	$mailsToSend='';
    	$db=new DBConnection();
    	if($showbuttons==1) {
	    $query='SELECT COUNT(*) AS total_mails FROM mail_queue WHERE is_sent=0';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_mails']>0){
            $mailsToSend=' ('.$row['total_mails'].')';
        }

	    $usersActive='';
	    $usersPending='';
	    $usersDisabled='';
	    $usersTrades0='';
	    $usersTrades1='';
	    $usersTrades2='';
        
	    $query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=1';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_num']>0){
            $usersActive=' ('.$row['total_num'].')';
        }

	    $query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=2';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_num']>0){
            $usersPending=' ('.$row['total_num'].')';
        }

	    $query='SELECT COUNT(*) AS total_num FROM users WHERE user_status=3';
	    $res=$db->rq($query);
	    $row=$db->fetch($res);
	    if($row['total_num']>0){
            $usersDisabled=' ('.$row['total_num'].')';
        }

	    $query='SELECT COUNT(trades_id) AS total_num FROM users
	    LEFT JOIN trades ON users.user_account_num=trades.user_account_num
	    GROUP BY users.user_account_num
	    HAVING total_num>=2';
	    $res=$db->rq($query);
	    $num_rows=$db->num_rows($res);
	    if($num_rows>0){
            $usersTrades2=' ('.$num_rows.')';
        }

	    $query='SELECT COUNT(trades_id) AS total_num FROM users
	    LEFT JOIN trades ON users.user_account_num=trades.user_account_num
	    GROUP BY users.user_account_num
	    HAVING total_num=1';
	    $res=$db->rq($query);
	    $num_rows=$db->num_rows($res);
	    if($num_rows>0){
            $usersTrades1=' ('.$num_rows.')';
        }

	    $query='SELECT COUNT(trades_id) AS total_num FROM users
	    LEFT JOIN trades ON users.user_account_num=trades.user_account_num
	    GROUP BY users.user_account_num
	    HAVING total_num=0';
	    $res=$db->rq($query);
	    $num_rows=$db->num_rows($res);
	    if($num_rows>0){
            $usersTrades0=' ('.$num_rows.')';
        }
        
        $adminType = array_get($_SESSION['admin'], 'type');

	echo '
    <div class="TabsHolder">
	<div id="tabs">
	    <ul>
		<li><a href="#TC-10" id="Tab0" rel="users.php?view=active">Accounts</a></li>
		<li><a href="#TC-50" id="Tab1" rel="trades.php">Option Trades</a></li>
		<li><a href="#TC-60" id="Tab2" rel="strades.php">Stock Trades</a></li>
		<li><a href="#TC-70" id="Tab3" rel="transfers.php">Transfers</a></li>
		<li><a href="#TC-65" id="Tab7" rel="stocks.php">Stock Management</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-80" id="Tab4">Back-end Settings</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-81" id="Tab8">Front-end Settings</a></li>
		<li><a href="#TC-85" id="Tab5" rel="users_advisors.php">Advisors</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-90" id="Tab6" rel="users_admins.php">Backend users</a></li>
		<li' . ($adminType == 'owner' ? '' : ' style="display: none;"') . '><a href="#TC-92" id="Tab9">Mails</a></li>
		<li><a href="#TC-93" id="Tab10" rel="logs_show.php">Logs</a></li>
		<li><a href="index.php?logout=true">Sign out</a></li>
	    </ul>
	
	    <div id="TC-10">
		<a href="users.php">List all</a> |
		<a href="users.php?action=new">Add new</a> |
		<a href="users.php?view=active">Active'.$usersActive.'</a> |
		<a href="users.php?view=disabled">Disabled'.$usersPending.'</a> |
		<a href="users.php?view=pending">Pending'.$usersDisabled.'</a> |
		<a href="users.php?view=trades2">2+ trades'.$usersTrades2.'</a> |
		<a href="users.php?view=trades1">1 trade'.$usersTrades1.'</a> |
		<a href="users.php?view=trades0">0 trades'.$usersTrades0.'</a>
	    </div>
			
	    <div id="TC-50">
		<a href="trades.php?action=new_buy">New BUY order</a> | 
		<a href="trades.php?action=list_open">New SELL order</a> | 
		<a href="trades.php">View all orders</a>
	    </div>
		
		<div id="TC-60">
		<a href="strades.php?action=new_buy">New BUY order</a> | 
		<a href="strades.php?action=list_open">New SELL order</a> | 
		<a href="strades.php?action=new_short">New SHORT order</a> | 
		<a href="strades.php?action=new_cover">New COVER order</a> | 
		<a href="strades.php">View all orders</a>
		</div>
		
		<div id="TC-65">
		<a href="stocks.php?action=new_value">Add New Values</a> | 
		<a href="stocks.php?action=list_dates">Edit Values</a> | 
		<a href="stocks_edit.php">Edit All Values</a> | 
		<a href="stocks.php?action=new_stock">Add New Stock</a> | 
		<a href="stocks.php">List all stocks</a> | 
		<a href="stocks.php?action=force_update">Force Update Values</a>
		</div>
			
	    <div id="TC-70">
		<a href="transfers.php?action=new_deposit">Add new Deposit</a> | 
		<a href="transfers.php?action=new_withdraw">Add new Withdraw</a> | 
		<a href="transfers.php">View all transfers</a>
	    </div>
		
	    <div id="TC-85">
		<a href="users_advisors.php">List all</a> | 
		<a href="users_advisors.php?action=new">Add new</a>
	    </div>
	    
	    <div id="TC-93">
			<a href="logs_show.php">Overview</a> 
	    </div>';
    
    if ($adminType == 'owner') {
        echo '
            <div id="TC-80">
                <a href="settings_css.php">CSS Styles</a> | 
                <a href="settings_translations.php">Translations</a> |
                <a href="commodities.php">Commodities</a> | 
                <a href="commodities_groups.php">Commodities - groups</a> | 
                <a href="expiry_dates.php">Commodities - exp. dates</a> |
                <a href="settings_pdf.php">PDF Settings</a> |
                <a href="pdf_templates.php">PDF Templates</a>
            </div>

            <div id="TC-81">
                <a href="settings_header_front.php">Custom Header</a> | 
                <a href="settings_footer_front.php">Custom Footer</a> | 
                <a href="settings_css_front.php">CSS Styles</a> | 
                <a href="settings_translations_front.php">Translations</a> |
                <a href="settings_deposit_text.php">Deposit\'s Text</a> |
                <a href="settings_other.php">Other settings</a> 
            </div>
            
            <div id="TC-90">
                <a href="users_admins.php">List all</a> | 
                <a href="users_admins.php?action=new">Add new</a>
            </div>

            <div id="TC-92">
                <a href="mails_smtp_settings.php">Mail Settings</a> | 
                <a href="mails_templates.php">Templates</a> |
                <a href="mails_assigns.php">Mail Assigns</a> |  
                <a href="mails_mass.php">Mass mail</a> | 
                <a href="mails_outbox.php">Outbox Queue'.$mailsToSend.'</a>
            </div>
        ';
    }
    
    echo '
	</div>
    </div>';
    
    	}
	echo '
    <div class="MainContainer">';
    }else{
	$db=new DBConnection();

	$UserIP=GetHostByName($_SERVER["REMOTE_ADDR"]);
	$query='SELECT banned_ips_id FROM banned_ips WHERE banned_ip="'.$UserIP.'" LIMIT 1';
	$res=$db->rq($query);
	$num_rows=$db->num_rows($res);
	$db->close();
	if($num_rows>0) {
	    echo '<div class="LoginContainer"><h3>'.getLang('lform_publicbanmessage').'</h3></div>';
	}else{
	    echo '
	<div class="LoginContainer">
	    <h3>'.getLang('aform_title').'</h3>
	    '.((array_get($_GET, 'error') == 1)?'<div class="errorsHolder">Invalid username or password</div>':'').'
	    <form name="login_form" method="post">
		<div style="float:left;">
		    <div class="labels">'.getLang('lform_username').':</div><br />
		    <div class="labels">'.getLang('lform_password').':</div>
		</div>

		<div style="float:left;">
		    <input type="text" name="l_username" class="tinputs"><br />
		    <input type="password" name="l_password" class="tinputs">
		</div>
        
        <input type="hidden" id="nonce" name="nonce" value="'. ulNonce::Create('login') .'" />

		<br />
		<input type="submit" name="_login" class="submitBtn" value="'.getLang('lform_submitbtn').'">
	    </form>';
	}
    }
}

Ejemplo n.º 5

0

Mostrar archivo

Archivo: session.inc.php Proyecto: hoangsoft90/cpanel-manager

 private static function verifyTokenCookie()
 {
     if (!UL_PREVENT_REPLAY) {
         return true;
     }
     $cookieName = 'SSESTOKEN';
     if (!isset($_COOKIE[$cookieName])) {
         return false;
     }
     $cookieData = $_COOKIE[$cookieName];
     return ulNonce::Verify('ulSessionToken', $cookieData);
 }

Ejemplo n.º 6

0

Mostrar archivo

Archivo: DuoShowAuth.inc.php Proyecto: hoangsoft90/cpanel-manager

	'post_action':'<?php 
echo $returnUrl;
?>
',
	'sig_request':'<?php 
echo $sig_request;
?>
'
});
</script>

<?php 
// ********************************
//	Your HTML here
//  header, body, text, etc.
// ********************************
?>

<iframe id="duo_iframe" width="500" height="800" frameborder="0" allowtransparency="true" style="background: transparent;"></iframe>
<form method="POST" id="duo_form">
	<input type="hidden" name="ulDuoSecLoginNonce" value="<?php 
echo ulNonce::Create('ulDuoSecLogin');
?>
" />
</form>

<?php 
// ********************************
//	Your HTML here
//  body, text, footer etc.
// ********************************

Ejemplo n.º 7

0

Mostrar archivo

Archivo: auth.php Proyecto: sahartak/v1poject

if (isAppLoggedIn()) {
   if (isset($_GET['logout'])){
       $ulogin->Logout($_SESSION['admin']['adminid']);
       
       //addLog('Back-end', 'Login', ''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')', ''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')', 'Admin logged out.');
    
       unset($_SESSION['admin']);
       
       header('Location: ../index.php?logout=true&redirect_to=admin');
       exit();
   }
}
else {
    if (isset($_POST['_login'])){
        if (isset($_POST['nonce']) && ulNonce::Verify('login', $_POST['nonce'])){
            if (isset($_POST['autologin'])){
                $_SESSION['appRememberMeRequested'] = true;
            }
            else {
                unset($_SESSION['appRememberMeRequested']);
            }

			$ulogin->Authenticate($_POST['l_username'], $_POST['l_password']);
			if ($ulogin->IsAuthSuccess()){
				// Since we have specified callback functions to uLogin,
				// we don't have to do anything here.
			}
		} else {
            $msg = 'invalid nonce';
        }

Ejemplos de ulNonce en PHP