public function __construct(Request $request)
{
AppOptionHelper::load();
$this->localeCode = currentLocaleCode();
$this->is_auth = isAuth();
$this->auth_user = authUser();
if ($this->is_auth) {
$own_directory = $this->auth_user->ownDirectory;
config(['katniss.disks.' . $own_directory => ['driver' => 'local', 'root' => storage_path('../public/upload/file_manager/users/' . $own_directory)]]);
}
}
function login($username, $pass, $mysqli)
{
$username = clean($username, $mysqli);
$pass = clean($pass, $mysqli);
if (authUser($username, $pass, $mysqli) == true) {
//header('Location: ../app/');
return 1;
} else {
return 0;
}
}
function authUser($user, $pass)
{
$db = getDB();
$query = 'SELECT username, hash, groups FROM gpadb.users WHERE username LIKE :user';
$stmt = $db->prepare($query);
$stmt->bindParam(':user', $user);
$stmt->execute();
$rows = $stmt->fetch(PDO::FETCH_ASSOC);
$group = $rows['groups'];
$hash = $rows['hash'];
$_SESSION['user'] = $user;
if (password_verify($pass, $hash)) {
$_SESSION['password'] = $hash;
header('Location: ../main');
} else {
$_SESSION['loginError'] = true;
array_push($_SESSION['error'], 'That did not work; please try again');
destroySessionsButKeepErrors();
header('Location: ../');
}
}
// If clicked on register button, redirect to self-register form
if (isset($_POST['register'])) {
header('Location: ../register');
} else {
if (!isset($_POST['user']) || !isset($_POST['password'])) {
redirectIfNotLoggedIn();
} else {
authUser($_POST['user'], $_POST['password']);
}
}
<?php
/* AUTHOR: poke19962008 */
include_once 'config.php';
$mail = $_GET['email'];
$pwd = md5($_GET['pwd'] . "ALS52KAO09");
function authUser()
{
$query = $GLOBALS["db"]->prepare("SELECT * FROM `User_Details` WHERE `Mail` = ? AND `Password` = ?");
$query->execute(array($GLOBALS["mail"], $GLOBALS["pwd"]));
$query = $query->fetch(PDO::FETCH_ASSOC);
if ($query) {
return 1;
} else {
return 0;
}
}
if (isset($pwd, $mail)) {
if (authUser()) {
$query = $GLOBALS["db"]->prepare("SELECT `ID` FROM `User_Details` WHERE `Mail` = ? AND `Password` = ?");
$query->execute(array($GLOBALS["mail"], $GLOBALS["pwd"]));
$LoginID = $query->fetch(PDO::FETCH_ASSOC)["ID"];
echo json_encode(array("Success" => True, "LoginID" => $LoginID, "LoginPwd" => $pwd));
} else {
echo json_encode(array("Success" => False, "Message" => "Wrong Email or Password."));
}
} else {
echo json_encode(array("Success" => False, "Message" => "Parameters missing."));
}
<?php
require_once 'include/function.inc.php';
require_once 'core.php';
$valid = false;
if (!isset($_SERVER['PHP_AUTH_USER'])) {
authUser();
} else {
if (validUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
$valid = true;
}
}
if ($valid == false) {
authUser();
}
/**
* Llamado de xajax
*/
require './include/xajax_0.5_standard/xajax_core/xajax.inc.php';
$xajax = new xajax();
//$xajax->configure('debug', true);
$xajax->configure('javascript URI', './include/xajax_0.5_standard/');
$xajax->registerFunction('insertActuacion');
$xajax->registerFunction('EditFieldActuacion');
$xajax->registerFunction('editActuacion');
$xajax->registerFunction('returnValueActuacion');
$xajax->registerFunction('deleteActuacion');
$xajax->registerFunction('confirmDeleteActuacion');
$xajax->processRequest();
/**
* Fin xajax
return $db->f('ID');
} else {
return 0;
}
} else {
return 0;
}
}
$groups = load_class("Groups");
$accountGroup = load_class("AccountGroup");
$messages = load_class("Messages");
$messageGroup = load_class("MessageGroup");
$requestLog = load_class("RequestLog");
$acc = $_REQUEST['account_id'];
$pwd = $_REQUEST['account_pw'];
$acc_id = authUser($acc, $pwd);
// if ($_REQUEST['acc_id']) $acc_id = $_REQUEST['acc_id'];
if ($acc_id == 0) {
echo "{'Error': 'No User Data!'}";
exit(0);
}
$now = date("Y-m-d H:i:s");
$msg = array();
$db = $messages->sql("grouped='0'", "published desc");
$i = 0;
$msg['ALL'] = array();
while ($db->next_record()) {
if ($db->f("published") > 0 && $db->f("published") > $now) {
continue;
}
if ($db->f("closed") > 0 && $db->f("closed") <= $now) {
function authUser($acc, $pwd)
{
if ($acc && $pwd) {
$db = new ps_DB();
$pwd = md5($pwd);
$sql = "select ID, name, authority from account where username='******' and password='******' ";
$db->query($sql);
if ($db->next_record()) {
return $db->f('ID');
} else {
return 0;
}
} else {
return 0;
}
}
$acc = $_REQUEST['account_id'];
$pwd = $_REQUEST['account_pw'];
$ret = authUser($acc, $pwd);
if ($ret == 0) {
echo "AUTH_ERROR";
return;
}
$target_path = "upload/";
$dateSN = date("mdHis");
$target_path = $target_path . $acc . "_" . $ret . "_" . $dateSN . "_" . basename($_FILES['uploadedfile']['name']);
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo basename($_FILES['uploadedfile']['name']);
} else {
echo "Error! (" . $target_path . ")";
}
if ($user) {
redirect("/");
} else {
Application::sendHTMLString(Application::template(dirname(__FILE__) . "/templates/signin.html", []));
}
});
Macaw::post('/sign', function () {
$user = getUser();
if ($user) {
redirect("/");
} else {
$gump = new GUMP();
$data = $gump->sanitize($_POST);
$gump->validation_rules(array('password' => 'required', 'username' => 'required'));
$validated_data = $gump->run($data);
if ($validated_data && authUser($validated_data['username'], $validated_data['password'])) {
redirect("/");
} else {
redirectToLogin();
//authUser( $validated_data['username'], $validated_data['password'] );
}
}
});
// выход из системы
Macaw::get('logout', function () {
if (exitUser()) {
redirectToLogin();
}
});
// Поиск по пользователям
Macaw::post('/customer_sources/(:any)/(:any)', function ($field, $query) {
public function storeUser()
{
if (isAuth()) {
if (count($this->changingDataStore) > 0) {
$userSettings = authUser()->settings;
foreach ($this->changingDataStore as $key => $value) {
$userSettings->{$key} = $value;
}
$userSettings->save();
}
}
}
}
//конец адреса
regUser($name = "", $login, $password = "", $email, $phone, $role = "inactive");
if (empty($error_reg)) {
saveOrder($bucket, $price, $user_id, $delivery_type, $address);
header("Location: success.php?not");
exit;
} else {
header("Location:" . $_SERVER['HTTP_REFERER'] . "?error_reg={$error_reg}");
exit;
}
} elseif (isset($_POST['logIn'])) {
//авторизация
$login = clearStr($_POST['login']);
$password = clearStr($_POST['pass']);
authUser($login, $password);
if ($arr['isAuth'] === 1) {
$_SESSION['login'] = $login;
$_SESSION['auth'] = 1;
} elseif ($arr['isAuth'] === 2) {
$_SESSION['login'] = $login;
$_SESSION['auth'] = 2;
} else {
header("Location: /MyShop/?error_msg=" . $arr['error_msg']);
exit;
}
} elseif (isset($_POST['reg'])) {
//регистрация
$name = clearStr($_POST['name']);
$phone = clearStr($_POST['tel']);
$login = clearStr($_POST['login']);
$stmnt->execute();
$stmnt->bind_result($salt);
$stmnt->fetch();
$stmnt->close();
if (!$salt) {
echo "user wasn't found ";
return false;
}
$phash = crypt($password, $salt);
$stmnt = $conn->prepare("SELECT USER_UID FROM USERS2 WHERE USER_UID = ? AND USER_PWDHSH = ?");
$stmnt->bind_param('ss', $username, $phash);
$stmnt->execute();
$stmnt->bind_result($uid);
while ($stmnt->fetch()) {
if ($uid == $username) {
$stmnt->close();
return true;
} else {
echo "password incorrect";
return false;
}
}
return false;
}
$fail = false;
session_start();
if (authUser($_POST["USERNAME"], $_POST["PASSWORD"])) {
echo "True";
} else {
echo "False";
}
// return true if user profile is found.
// Uncomment the section below for role checking
/*$roleNames = $userProfile['roleNames'];
foreach ($roleNames as $role)
{
if (strtolower($role) == 'administrator')
return true;
}*/
}
return false;
}
// SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
// authenticated users can access this file or use some kind of session checking.
//$Config['Enabled'] = true ;
$Config['Enabled'] = authUser();
// Path to user files relative to the document root.
$Config['UserFilesPath'] = OPENBIZ_APP_URL . '/files/upload/';
// Fill the following value it you prefer to specify the absolute path for the
// user files directory. Useful if you are using a virtual directory, symbolic
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
// Attention: The above 'UserFilesPath' must point to the same directory.
$Config['UserFilesAbsolutePath'] = '';
// Due to security issues with Apache modules, it is recommended to leave the
// following setting enabled.
$Config['ForceSingleExtension'] = true;
// Perform additional checks for image files.
// If set to true, validate image size (using getimagesize).
$Config['SecureImageUploads'] = true;
// What the user can do with this connector.
$Config['ConfigAllowedCommands'] = array('QuickUpload', 'FileUpload', 'GetFolders', 'GetFoldersAndFiles', 'CreateFolder');
/**
* @param string $password
* @param User $user
* @return bool
*/
function isMatchedUserPassword($password, User $user = null)
{
if (empty($user)) {
if (isAuth()) {
$user = authUser();
}
}
return empty($user) ? false : Hash::check($password, $user->password);
}
