function validate($email, $pw) { require 'connect.php'; $q="select userid, password from user where emailid='$email'"; $r=mysql_query($q); if(!$r) header("Location:error.html"); else { $row=mysql_fetch_row($r); $resusid=$row[0]; $respw=$row[1]; $flag=compare($respw, $pw); } if($flag) { //user is authenticated authenticate($resusid); } else { header("Location:error.html"); } }
function __construct() { parent::__construct(); authenticate(); $this->load->model('administrator_model'); $this->load->model('activity_model'); }
/** * Login the user and delegate the setup if login is valid. * * @return array */ function login_user($dirty_user, $p_pass) { // Internal function due to it being insecure otherwise. if (!function_exists('_login_user')) { } $success = false; $login_error = 'That password/username combination was incorrect.'; // Just checks whether the username and password are correct. $data = authenticate($dirty_user, $p_pass); if (is_array($data)) { if ((bool) $data['authenticated'] && (bool) $data['operational']) { if ((bool) $data['confirmed']) { _login_user($data['uname'], $data['player_id'], $data['account_id']); // Block by ip list here, if necessary. // *** Set return values *** $success = true; $login_error = null; } else { // *** Account was not activated yet *** $success = false; $login_error = "You must confirm your account before logging in, check your email. <a href='/account_issues.php'>You can request another confirmation email here.</a>"; } } // The LOGIN FAILURE case occurs here, and is the default. } // *** Return array of return values *** return ['success' => $success, 'login_error' => $login_error]; }
function __construct() { parent::__construct(); authenticate(); only_super_administrator(); $this->load->model('configuration_model'); }
function login_do_http_auth() { global $LOGIN_PASSWORD, $LOGIN_USERNAME; global $_SERVER; if ($_SERVER['REMOTE_USER']) { is_logged_in(true); return; } if (!$_SERVER['PHP_AUTH_USER']) { is_logged_in(false); return; } $status = authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); if (!succeeds($status)) { is_logged_in(false); if (!fatal($status)) { if ($_SERVER['PHP_AUTH_USER']) { http_401(); } } else { print "Error logging in: " . auth_error(); } } else { $LOGIN_USERNAME = $_SERVER['PHP_AUTH_USER']; $LOGIN_PASSWORD = $_SERVER['PHP_AUTH_PW']; is_logged_in(true); } }
/** * given an owner_type and owner_id * returns false if user cannot read or write to this workspace * returns WORKSPACE_AUTH_READ if the user can read * returns WORKSPACE_AUTH_WRITE if the user can write */ function ad_authenticate($owner_id) { if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN)) { // instructors have read only access to assignments return true; } else { // students have read access to their own assignments $sql = "SELECT COUNT(*) cnt FROM %sfiles\n\t\t WHERE owner_id = %d\n AND owner_type= %d\n AND member_id = %d"; $row = queryDB($sql, array(TABLE_PREFIX, $owner_id, WORKSPACE_ASSIGNMENT, $_SESSION['member_id']), TRUE); if ($row['cnt'] > 0) { return true; } // enrolled students can submit the assignments that assign to him/her if ($_SESSION['member_id'] && $_SESSION['enroll']) { // assignments that are assigned to all students $sql = "SELECT count(*) cnt FROM %sassignments \n WHERE assignment_id = %d\n AND assign_to=0 \n AND course_id=%d"; $row = queryDB($sql, array(TABLE_PREFIX, $owner_id, $_SESSION['course_id']), TRUE); if ($row['cnt'] > 0) { return true; } // assignments that are assigned to a group, // and this group has "file storage" tool available // and the student is in this group $groups_list = implode(',', $_SESSION['groups']); // the groups that the student belongs to $sql = "SELECT count(*) cnt\n\t\t FROM %sgroups_types gt, %sgroups g, %sassignments a\n\t\t WHERE g.group_id in (%s)\n\t\t AND g.group_id in (SELECT group_id FROM %sfile_storage_groups)\n\t\t AND g.type_id = gt.type_id\n\t\t AND gt.course_id = %d\n\t\t AND gt.type_id = a.assign_to\n\t\t AND a.assignment_id = %d"; $row = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, TABLE_PREFIX, $groups_list, TABLE_PREFIX, $_SESSION['course_id'], $owner_id), TRUE); if ($row['cnt'] > 0) { return true; } } } return false; }
function logIn() { global $auth_realm; if (!isset($_SESSION['username'])) { if (!isset($_SESSION['login'])) { $_SESSION['login'] = TRUE; header('WWW-Authenticate: Basic realm="' . $auth_realm . '"'); header('HTTP/1.0 401 Unauthorized'); echo 'You must enter a valid login and password'; echo '<p><a href="?action=logOut">Try again</a></p>'; echo '<p><a href="index.html">Back to EnactusLeicester.co.uk</a></p>'; exit; } else { $user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; $password = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; $result = authenticate($user, $password); if ($result == 0) { $_SESSION['username'] = $user; } else { session_unset($_SESSION['login']); errMes($result); echo '<p><a href="">Try again</a></p>'; exit; } } } }
function findDN($id, $password) { // Finds the user's Distinguished Name - the key that uniquely identifies each entry in the directory global $ldap_host; // Connects to the LDAP server $ds = ldap_connect($ldap_host) or die("LDAP connection failed. Please see installation notes on how to configure Apache to work with LDAP."); if ($ds) { // Connection was successful // Performs anonymous bind to LDAP server $r = ldap_bind($ds); if ($r) { // Binding to LDAP server was unsuccessful // Determines whether the username provided is the uidNumber (which is numeric - 499908), or the uniqueID (which is alphanumeric - cam01329) $filterString = is_numeric($id) ? "uidNumber={$id}" : "uniqueID={$id}"; // Performs search for the LDAP number $searchResult = ldap_search($ds, "ou=LAN,o=PORT", $filterString); // Gets entries for this search $info = ldap_get_entries($ds, $searchResult); // Retrieves the DN and givenname (e.g. Alasdair) for the user $dn = $info[0]["dn"]; $givenname = $info[0]['givenname'][0]; // Calls the authenticate function authenticate($dn, $password, $givenname); } else { // Binding to LDAP server was unsuccessful echo "Unable to connect to LDAP server"; echo "<p>Click <a href='../../login.php'>here</a> to go back.</p>"; } } else { // Connection to LDAP server was unsuccessful echo "Unable to connect to LDAP server"; echo "<p>Click <a href='../../login.php'>here</a> to go back.</p>"; } }
function newPost($args) { global $table_blogs; $blogid = $args[0]; $username = $args[1]; $password = $args[2]; $content = addslashes($args[3]); $publish = $args[4]; if (authenticate($username, $password) == TRUE) { $blog_name = addslashes($username . "'s blog"); preg_match('/<title>(.*?)<\\/title>/i', $title); $title = $title[0]; $body = str_replace($title, "", $content); $category = "XML"; $mood = "XML"; $listening = "XML"; $open = 0; $q_newpost = mysql_query("INSERT INTO {$table_blogs} VALUES( '', '{$username}', '{$title}', '{$body}', '{$category}', '{$mood}', '{$listening}', NOW(), '{$blog_name}', {$open})"); $log_file = fopen("log.txt", w); $f_content = $content[title]; fwrite($log_file, $f_content); if ($q_newpost) { $status = 344324234; } else { $status = new IXR_Error(-1, 'An error occured:' . mysql_error()); } } else { $status = new IXR_Error(-1, 'You did not provide the correct username and password'); } return $status; }
function __construct() { parent::__construct(); authenticate(); $this->load->model('event_model'); $this->load->model('task_model'); $this->load->model('activity_model'); }
function __construct() { parent::__construct(); authenticate(); //check admin login or not $this->load->model('product_model'); $this->layout->set_layout("admin/layout/layout_manager"); }
public function TestCookies() { if (isset($_COOKIE['id_usuario']) && isset($_COOKIE['contrasena'])) { if (!authenticate($_COOKIE['id_usuario'], $_COOKIE['contrasena'])) { $this->killCookies(); } $this->creaSession($record); } }
function validate($username, $pass, $event_id) { if (authenticate($username, $pass)) { if (isRegForEvent($username, $event_id)) { return 1; } return 0; } return 0; }
function __construct() { parent::__construct(); authenticate(); //check admin login or not $this->layout->set_layout('admin/layout/layout_manager'); //set layout $this->load->model('admin_model'); $this->data['page_name'] = 'dashboard'; }
function __construct() { global $tpl; $this->tpl = $tpl; $user = authenticate(); if (isset($user['user']) && $user['user_id'] == 1) { $tpl->assign('user', $user); } else { redirect(BASE_URL); } }
function update_userpass($input) { $change = $input[3]; array_pop($input); if (!authenticate($input)) { return false; } $input[0] = mysql_real_escape_string($input[0]); mysql_query("update users set userps='{$change}' where uidx='{$input[0]}'"); return true; }
function view_defaults() { global $tpl; $user = authenticate(); $msg = ''; if ($user) { $msg = "Welcome " . $user['user_nickname'] . ""; } $tpl->assign('user', $user); $tpl->assign("name", "It's a demo."); $tpl->assign("msg", $msg); }
/** * given an owner_type and owner_id * returns false if user cannot read or write to this workspace * returns WORKSPACE_AUTH_READ if the user can read * returns WORKSPACE_AUTH_WRITE if the user can write */ function ad_authenticate($owner_id) { if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN)) { // instructors have read only access to assignments return true; } else { // students have read access to their own assignments global $db; $sql = "SELECT COUNT(*) cnt FROM ".TABLE_PREFIX."files WHERE owner_id =".$owner_id." AND owner_type= ".WORKSPACE_ASSIGNMENT." AND member_id = ".$_SESSION['member_id']; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); if ($row['cnt'] > 0) RETURN true; // enrolled students can submit the assignments that assign to him/her if ($_SESSION['member_id'] && $_SESSION['enroll']) { // assignments that are assigned to all students $sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."assignments WHERE assignment_id = ".$owner_id." AND assign_to=0 AND course_id=".$_SESSION[course_id]; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); if ($row['cnt'] > 0) RETURN true; // assignments that are assigned to a group, // and this group has "file storage" tool available // and the student is in this group $groups_list = implode(',',$_SESSION['groups']); // the groups that the student belongs to $sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."groups_types gt, ".TABLE_PREFIX."groups g, ".TABLE_PREFIX."assignments a WHERE g.group_id in (".$groups_list.") AND g.group_id in (SELECT group_id FROM ".TABLE_PREFIX."file_storage_groups) AND g.type_id = gt.type_id AND gt.course_id = $_SESSION[course_id] AND gt.type_id = a.assign_to AND a.assignment_id = ".$owner_id; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); if ($row['cnt'] > 0) RETURN true; } } return false; }
function initializeSystemSettings() { global $dbHost, $dbUser, $dbUserPw, $dbName, $includeDumpJs; global $gorumroll, $speedStopWatch, $gorumview, $jQueryLib; $_GET = filterInput($_GET); $_COOKIE = filterInput($_COOKIE); $_SERVER = filterInput($_SERVER); $_FILES = filterInput($_FILES); if (class_exists("speedstat")) { $speedStopWatch = new Stopwatch(); $speedStopWatch->start(); } ini_set("session.use_cookies", 1); ini_set("session.use_only_cookies", 1); ini_set("session.use_trans_sid", 0); if (!session_id()) { session_start(); } $this->kbfu = chr(103) . chr(111) . chr(114) . chr(117) . chr(109) . chr(117) . chr(115) . chr(101) . chr(114); $this->kbfk = chr(105) . chr(115) . chr(65) . chr(100) . chr(109); $this->kbfr = chr(103) . chr(111) . chr(114) . chr(117) . chr(109) . chr(114) . chr(101) . chr(99) . chr(111) . chr(103) . chr(110) . chr(105) . chr(115) . chr(101) . chr(100); // http://hu.php.net/manual/en/reserved.variables.session.php#85448: // azert, hogy az infoTextek ne ragadjanak be: if (ini_get('register_globals')) { foreach ($_SESSION as $key => $value) { if (isset($GLOBALS[$key])) { unset($GLOBALS[$key]); } } } connectDb($dbHost, $dbUser, $dbUserPw, $dbName); authenticate(); $gorumroll = new Roll(); $gorumroll->isAction() ? include GORUM_DIR . "/gorum_action.php" : (include GORUM_DIR . "/gorum_view.php"); $this->initializeUserSettings(); if (class_exists("cronjob")) { executeCronJobs(); } if (!$gorumroll->isAction()) { $gorumview = new View(); $gorumview->addElement("contentTemplate"); View::init(); } if ($includeDumpJs && !$gorumroll->isAction()) { JavaScript::addInclude(GORUM_JS_DIR . $jQueryLib); JavaScript::addInclude(GORUM_JS_DIR . "/jquery/jquery.dump.js"); JavaScript::addInclude(GORUM_JS_DIR . "/dump.js"); } $this->kbf(); }
function del() { authenticate(1); global $path; global $template; $tag = $_GET['tag']; if (isset($_SESSION['moderator']) == 1) { $sql = "DELETE FROM tags WHERE tag = '" . escape($tag) . "' "; $query = mysql_query($sql); header("Location: " . BASE_PATH . "/tags"); } else { header("Location: " . BASE_PATH . "/tags"); } }
function get_groups($course_id) { global $db; $groups = array(); if (authenticate(AT_PRIV_GROUPS, true)) { $sql = "SELECT G.group_id FROM " . TABLE_PREFIX . "groups G INNER JOIN " . TABLE_PREFIX . "groups_types T USING (type_id) WHERE T.course_id={$course_id}"; } else { $sql = "SELECT G.group_id FROM " . TABLE_PREFIX . "groups G INNER JOIN (" . TABLE_PREFIX . "groups_types T, " . TABLE_PREFIX . "groups_members M) ON (G.type_id=T.type_id AND G.group_id=M.group_id) WHERE T.course_id={$course_id} AND M.member_id={$_SESSION['member_id']}"; } $result = mysql_query($sql, $db); while ($row = mysql_fetch_assoc($result)) { $groups[$row['group_id']] = $row['group_id']; } return $groups; }
function request_token($tmhOAuth) { $code = $tmhOAuth->request('POST', $tmhOAuth->url('oauth/request_token', ''), array('oauth_callback' => tmhUtilities::php_self())); if ($code == 200) { $_SESSION['oauth'] = $tmhOAuth->extract_params($tmhOAuth->response['response']); if (isset($_SESSION['account']['id'])) { // We already have a logged in user account authorize($tmhOAuth); } else { authenticate($tmhOAuth); } } else { outputError($tmhOAuth); } }
function get_groups($course_id) { global $db; $groups = array(); if (authenticate(AT_PRIV_GROUPS, true)) { $sql = "SELECT G.group_id FROM %sgroups G INNER JOIN %sgroups_types T USING (type_id) WHERE T.course_id=%d"; $rows = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $course_id)); } else { $sql = "SELECT G.group_id FROM %sgroups G INNER JOIN (%sgroups_types T, %sgroups_members M) ON (G.type_id=T.type_id AND G.group_id=M.group_id) WHERE T.course_id=%d AND M.member_id=%d"; $rows = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, TABLE_PREFIX, $course_id, $_SESSION['member_id'])); } foreach ($rows as $row) { $groups[$row['group_id']] = $row['group_id']; } return $groups; }
function chatLogin($username, $password) { $userid = 0; require_once dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . "engine" . DIRECTORY_SEPARATOR . "start.php"; $result = authenticate($userName, $userPass); $result1 = mysql_query("SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE `username`='" . $userName . "'") or die(mysql_error()); $row = mysql_fetch_array($result1); if ($result != false) { $user = get_user_by_username($userName); try { login($user, FALSE); } catch (LoginException $e) { } $userid = $row['guid']; } return $userid; }
function login($username, $password) { $auth = authenticate(1); if ($auth == 0) { $query = "select * from user where username = '******' and password = '******' and IsDeleted = " . 0; //Yes it is injectable $result = mysql_query($query); $userData = mysql_fetch_array($result); if (sizeOf($userData) > 1) { $_SESSION["name"] = $userData['username']; $_SESSION["id"] = $userData['id']; $_SESSION["type"] = $userData['role_id']; $_SESSION['isLoggedIn'] = true; $responceToSend['userType'] = $userData['role_id']; $responceToSend['loginStatus'] = "success"; session_write_close(); } else { $responceToSend['loginStatus'] = "fail"; } } else { $responceToSend['loginStatus'] = "LogedIn"; } response('OK', 'loginstatus', $responceToSend); // //echo "In Login Function".$username; // //$responceToSend['loginStatus'] = "success"; // $query = "select * from user where username = '******' and password = '******' and IsDeleted = ". 0; //Yes it is injectable // // echo $query; // $result = mysql_query($query); // $userData = mysql_fetch_array($result); // // print_r($userData) ; // if(sizeOf($userData) > 1) // { // $_SESSION["name"] = $userData['username']; // $_SESSION["id"] = $userData['id']; // $_SESSION["type"] = $userData['role_id']; // $_SESSION['isLoggedIn'] = true; // $responceToSend['userType'] = $userData['role_id']; // $responceToSend['loginStatus'] = "success"; // session_write_close(); // } // else // { // $responceToSend['loginStatus'] = "fail"; // } // response('OK', 'loginstatus', $responceToSend); }
public function view_islogin() { $user = !empty($_GET['user']) ? $_GET['user'] : ''; $sign = $_GET['sign']; $domain = $_GET['domain']; $redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 0; $return = isset($_GET['return']) ? urldecode($_GET['return']) : ''; require_once 'PassportModel.class.php'; if ($redirect) { if ($this->_verifySign($domain, md5($user . $domain), $sign)) { $userinfo = authenticate(); if ($userinfo) { if (strpos($return, '?') !== false) { $return .= '&ticket=' . PassportModel::packTicket($userinfo['ticket'], $user); } else { $return .= '?ticket=' . PassportModel::packTicket($userinfo['ticket'], $user); } //echo $return;die; header("Location:" . $return); } else { header("Location:" . $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login&forward=" . urlencode($return)); } } else { die("Signature Invalid!"); } } else { if ($this->_verifySign($domain, md5($user . $domain), $sign)) { $pass = new PassportModel(); $ticket = $pass->getTicketByUser($user); if ($ticket) { $msg['s'] = 200; $msg['m'] = "success!"; $msg['d'] = PassportModel::packTicket($ticket, $user); } else { $msg['s'] = 300; $msg['m'] = "Not Login!"; $msg['d'] = $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login"; } } else { $msg['s'] = 400; $msg['m'] = "Signature Invalid!"; $msg['d'] = ''; } json_output($msg); } }
function update() { authenticate(1); global $template; $name = sanitize($_POST['name'], "string"); $email = sanitize($_POST['email'], "email"); $password = sanitize($_POST['password'], "string"); $password = sha1(SALT . $password . $email); if (!empty($_POST['password'])) { $sql = "update users set password = '******' where id = '" . escape($_SESSION['userid']) . "'"; $query = mysql_query($sql); } $sql = "update users set name = '" . escape($name) . "', email = '" . escape($email) . "' where id = '" . escape($_SESSION['userid']) . "'"; $query = mysql_query($sql); $slug = createslug($name); $basePath = basePath(); header("Location: {$basePath}/users/view/{$_SESSION['userid']}/{$slug}"); }
public function validate($server) { $db = $server->getParameter("db"); $user = $server->getRequest()->getParameter("login"); $login = $server->getAuthenticator()->getUser(); $exists = $db->prepare("select count(*) from users where login = ?"); $exists->execute($user); if ($exists->fetchColumn(0) != 0) { return new \Rest\Controller\NotFound(); } if ($login != $user) { return new \Rest\Controller\Forbidden(); } if (!authenticate($server)) { return new \Rest\Controller\NotAuthorized(); } return true; }
function search_all() { global $cfg, $db, $size, $search_string, $group_found, $match_found; authenticate('access_media'); // formattedNavigator $nav = array(); $nav['name'][] = 'Library'; $nav['url'][] = 'index.php'; $nav['name'][] = 'search for: ' . $search_string; require_once 'include/header.inc.php'; echo '<script type="text/javascript">'; echo 'showSpinner();'; echo '</script>'; @ob_flush(); flush(); album_artist(); album_title(); track_artist(); filesystem_match(); track_title(); echo '<script type="text/javascript">'; //echo 'hideSpinner();'; if ($group_found != 'none') { echo 'toggleSearchResults("' . $group_found . '")'; } echo '</script>'; ?> <script type="text/javascript"> function setFavorite(data) { if (data.action == "add") { $("#favorite_star_" + data.group_type + "-" + data.track_id).removeClass("fa fa-star-o").addClass("fa fa-star"); } else if (data.action == "remove") { $("#favorite_star_" + data.group_type + "-" + data.track_id).removeClass("fa fa-star").addClass("fa fa-star-o"); } }; </script> <?php if (!$match_found) { echo "No match found."; } require_once 'include/footer.inc.php'; }
function login($username, $password, $db) { session_start(); // check if user is already logged in or not if (isset($_SESSION['username']) && $_SESSION['username'] == $username) { return true; } else { if (authenticate($username, $password, $db)) { // set up session data $_SESSION['username'] = $username; return true; } else { echo 'errors occuring when trying to login or authenticate user session.'; logout(); // define below. return false; } } }