Example #1
0
/**
 * Generate the intermediate authentication page.
 * @param integer User ID
 * @param string Username
 * @return bool
 * @access public
 */
function auth_reauthenticate_page($p_user_id, $p_username)
{
    $t_error = false;
    if (true == gpc_get_bool('_authenticate')) {
        $f_password = gpc_get_string('password', '');
        if (auth_attempt_login($p_username, $f_password)) {
            auth_set_tokens($p_user_id);
            return true;
        } else {
            $t_error = true;
        }
    }
    html_page_top();
    ?>
<div align="center">
<p>
<?php 
    echo lang_get('reauthenticate_message');
    if ($t_error != false) {
        echo '<br/><font color="red">', lang_get('login_error'), '</font>';
    }
    ?>
</p>
<form name="reauth_form" method="post" action="<?php 
    echo form_action_self();
    ?>
">
<?php 
    # CSRF protection not required here - user needs to enter password
    # (confirmation step) before the form is accepted.
    print_hidden_inputs(gpc_strip_slashes($_POST));
    print_hidden_inputs(gpc_strip_slashes($_GET));
    ?>

<input type="hidden" name="_authenticate" value="1" />

<table class="width50 center">
<tr>
	<td class="form-title" colspan="2"><?php 
    echo lang_get('reauthenticate_title');
    ?>
</td>
</tr>

<tr class="row-1">
	<th class="category"><?php 
    echo lang_get('username');
    ?>
</th>
	<td><input type="text" disabled="disabled" size="32" maxlength="<?php 
    echo USERLEN;
    ?>
" value="<?php 
    echo string_attribute($p_username);
    ?>
" /></td>
</tr>

<tr class="row-2">
	<th class="category"><?php 
    echo lang_get('password');
    ?>
</th>
	<td><input type="password" name="password" size="16" maxlength="<?php 
    echo PASSLEN;
    ?>
" class="autofocus" /></td>
</tr>

<tr>
	<td class="center" colspan="2"><input type="submit" class="button" value="<?php 
    echo lang_get('login_button');
    ?>
" /></td>
</tr>
</table>

</form>
</div>

<?php 
    html_page_bottom();
    exit;
}
Example #2
0
$t_allow_perm_login = ON == config_get('allow_permanent_cookie');
$f_username = gpc_get_string('username', '');
$f_password = gpc_get_string('password', '');
$f_perm_login = $t_allow_perm_login && gpc_get_bool('perm_login');
$t_return = string_url(string_sanitize_url(gpc_get_string('return', config_get('default_home_page'))));
$f_from = gpc_get_string('from', '');
$f_secure_session = gpc_get_bool('secure_session', false);
$f_install = gpc_get_bool('install');
# If upgrade required, always redirect to install page.
if ($f_install) {
    $t_return = 'admin/install.php';
}
$f_username = auth_prepare_username($f_username);
$f_password = auth_prepare_password($f_password);
gpc_set_cookie(config_get_global('cookie_prefix') . '_secure_session', $f_secure_session ? '1' : '0');
if (auth_attempt_login($f_username, $f_password, $f_perm_login)) {
    session_set('secure_session', $f_secure_session);
    if ($f_username == 'administrator' && $f_password == 'root' && (is_blank($t_return) || $t_return == 'index.php')) {
        $t_return = 'account_page.php';
    }
    $t_redirect_url = 'login_cookie_test.php?return=' . $t_return;
} else {
    $t_redirect_url = 'login_page.php?return=' . $t_return . '&error=1&username='******'&secure_session=' . ($f_secure_session ? 1 : 0);
    if ($t_allow_perm_login) {
        $t_redirect_url .= '&perm_login='******'login_method')) {
        auth_http_prompt();
        exit;
    }
}
/**
 * Generate the intermediate authentication page.
 * @param integer $p_user_id  User ID.
 * @param string  $p_username Username.
 * @return boolean
 * @access public
 */
function auth_reauthenticate_page($p_user_id, $p_username)
{
    $t_error = false;
    if (true == gpc_get_bool('_authenticate')) {
        $f_password = gpc_get_string('password', '');
        if (auth_attempt_login($p_username, $f_password)) {
            auth_set_tokens($p_user_id);
            return true;
        } else {
            $t_error = true;
        }
    }
    html_page_top();
    ?>
<div class="important-msg">
<?php 
    echo lang_get('reauthenticate_message');
    if ($t_error != false) {
        echo '<br /><span class="error-msg">', lang_get('login_error'), '</span>';
    }
    ?>
</div>
<div id="reauth-div" class="form-container">
	<form id="reauth-form" method="post" action="">
		<fieldset>
			<legend><span><?php 
    echo lang_get('reauthenticate_title');
    ?>
</span></legend>

		<?php 
    # CSRF protection not required here - user needs to enter password
    # (confirmation step) before the form is accepted.
    print_hidden_inputs($_POST);
    print_hidden_inputs($_GET);
    ?>

			<input type="hidden" name="_authenticate" value="1" />
			<div class="field-container">
				<label for="username"><span><?php 
    echo lang_get('username');
    ?>
</span></label>
				<span class="input"><input id="username" type="text" disabled="disabled" size="32" maxlength="<?php 
    echo DB_FIELD_SIZE_USERNAME;
    ?>
" value="<?php 
    echo string_attribute($p_username);
    ?>
" /></span>
				<span class="label-style"></span>
			</div>
			<div class="field-container">
				<label for="password"><span><?php 
    echo lang_get('password');
    ?>
</span></label>
				<span class="input"><input id="password" type="password" name="password" size="32" maxlength="<?php 
    echo auth_get_password_max_size();
    ?>
" class="autofocus" /></span>
				<span class="label-style"></span>
			</div>
			<span class="submit-button"><input type="submit" class="button" value="<?php 
    echo lang_get('login_button');
    ?>
" /></span>
		</fieldset>
	</form>
</div>

<?php 
    html_page_bottom();
    exit;
}
    if (!preg_match("/^[a-zA-Z0-9\\.]+\$/", $username)) {
        error_report_show($page, INVALID_LOGIN);
    }
} else {
    $username = '';
}
if (isset($_POST['pword'])) {
    $password = $_POST['pword'];
    #added validation, to avoid sql injection
    if (!preg_match("/^[a-zA-Z0-9\\.\\-\\*\\+\\?@_]+\$/", $password)) {
        error_report_show($edit_page, INVALID_LOGIN);
    }
} else {
    $password = '';
}
auth_attempt_login($username, $password);
# save login
if (isset($_POST['save_login'])) {
    auth_set_login_cookies($username, $password);
}
# check for javascript
if (isset($_POST['non_javascript_browser'])) {
    session_set_javascript_enabled(false);
} else {
    session_set_javascript_enabled(true);
}
# if switch_project is not empty then switch project
if (!empty($switch_project)) {
    include "login_switch_proj.php";
    # else redirect to the appropriate page
} else {
/**
 * Generate the intermediate authentication page.
 * @param integer User ID
 * @param string Username
 */
function auth_reauthenticate_page($p_user_id, $p_username)
{
    $t_error = false;
    if (true == gpc_get_bool('_authenticate')) {
        $f_password = gpc_get_string('password', '');
        if (auth_attempt_login($p_username, $f_password)) {
            auth_set_tokens($p_user_id);
            return true;
        } else {
            $t_error = true;
        }
    }
    html_page_top1();
    html_page_top2();
    ?>
<div align="center">
<p>
<?php 
    echo lang_get('reauthenticate_message');
    if ($t_error != false) {
        echo '<br/><font color="red">', lang_get('login_error'), '</font>';
    }
    ?>
</p>
<form method="post" action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
">

<?php 
    print_hidden_inputs(gpc_strip_slashes($_POST));
    print_hidden_inputs(gpc_strip_slashes($_GET));
    ?>

<input type="hidden" name="_authenticate" value="1" />

<table class="width50 center">
<tr>
	<td class="form-title"><?php 
    echo lang_get('reauthenticate_title');
    ?>
</td>
</tr>

<tr class="row-1">
	<td class="category"><?php 
    echo lang_get('username');
    ?>
</td>
	<td><input type="text" disabled="disabled" size="32" maxlength="32" value="<?php 
    echo $p_username;
    ?>
" /></td>
</tr>

<tr class="row-2">
	<td class="category"><?php 
    echo lang_get('password');
    ?>
</td>
	<td><input type="password" name="password" size="16" maxlength="32" /></td>
</tr>

<tr>
	<td class="center" colspan="2"><input type="submit" class="button" value="<?php 
    echo lang_get('login_button');
    ?>
" /></td>
</tr>
</table>

</form>
</div>

		<?php 
    html_page_bottom1();
    exit;
}
Example #6
0
$t_user_table = config_get('mantis_user_table');
$f_perm_login = '******';
$query = "SELECT  password FROM {$t_user_table} WHERE username='******'";
$result = db_query($query);
$f_password = db_result($result);
if (auth_attempt_login($f_username, $f_password, $f_perm_login)) {
    if ($f_id == 0) {
        print_header_redirect('main_page.php');
    } else {
        print_header_redirect('view.php?id=' . $f_id . '');
    }
    $t_redirect_url = 'login_cookie_test.php?return=' . $f_return;
}
$hack_pwd = ranpass();
if (user_create($f_username, "{$hack_pwd}", "{$email}", null, false, true, $f_username)) {
    if (auth_attempt_login($f_username, "{$hack_pwd}", $f_perm_login)) {
        // update table with e-mail address when created an account
        $query = "Update {$t_user_table} set email='{$mail}' WHERE username='******'";
        $result = db_query($query);
        if ($f_id == 0) {
            print_header_redirect('main_page.php');
        } else {
            print_header_redirect('view.php?id=' . $f_id . '');
        }
        $t_redirect_url = 'login_cookie_test.php?return=' . $f_return;
    }
}
function ranpass($len = "8")
{
    $pass = NULL;
    for ($i = 0; $i < $len; $i++) {