$comm->ident = insert_record('users', $comm); } $f = new StdClass(); $f->owner = $ident; $f->friend = $comm->ident; insert_record('friends', $f); $f->owner = $comm->ident; $f->friend = $ident; insert_record('friends', $f); unset($USER->signingup); unset($USER->alias); if ($mode == 'join') { // we don't need to do these if the user has already had an account. $_SESSION['messages'][] = __gettext('Your account creation was successful!'); // authenticate them. authenticate_account($u->username, $u->password); } redirect($CFG->wwwroot . $u->username); } $showform = true; } if (!empty($showform)) { define("context", "lmsjoin"); templates_page_setup(); $title = __gettext('Join up'); ob_start(); require_once $CFG->dirroot . 'lms/join.html'; $body = ob_get_contents(); ob_end_clean(); $body = templates_draw(array('context' => 'contentholder', 'title' => $title, 'body' => $body)); $title1 = __gettext('Login');
$redirect_url = trim(optional_param('passthru_url')); if (empty($redirect_url)) { $redirect_url = $CFG->wwwroot . "index.php"; } // if we're already logged in, redirect away again. if (logged_on) { $messages[] = gettext("You are already logged on."); define('redirect_url', $redirect_url); $_SESSION['messages'] = $messages; header("Location: " . redirect_url); exit; } $l = optional_param('username'); $p = optional_param('password'); if (!empty($l) && !empty($p)) { $ok = authenticate_account($l, $p); if ($ok) { $messages[] = gettext("You have been logged on."); define('redirect_url', $redirect_url); $_SESSION['messages'] = $messages; header("Location: " . redirect_url); exit; } else { $messages[] = gettext("Unrecognised username or password. The system could not log you on, or you may not have activated your account."); } } else { if (!empty($l) || !empty($p)) { // if ONLY one was entered, make the error message. $messages[] = gettext("Either the username or password were not specified. The system could not log you on."); } }
if (array_key_exists("invite:join:mailwithoutpass", $function)) { $msg = run("invite:join:mailwithoutpass", array($sitename, $username, url)); } email_to_user($u, null, sprintf(__gettext("Your %s account"), $sitename), $msg); } if (INVITE_AUTO_LOGIN) { // It would append the passthru_url to the default URL for the user // http://yoursite.com/<redirect> // You can use the following keywords to be replaced at this time // {{username}} User name // {{user_id}} User id $redirect_url = trim(optional_param('passthru_url', '{{username}}')); $redirect_url = str_replace('{{username}}', $username, $redirect_url); $redirect_url = str_replace('{{user_id}}', $ident, $redirect_url); $redirect_url = $CFG->wwwroot . $redirect_url; $ok = authenticate_account($username, $displaypassword); if ($ok) { //$messages[] = __gettext("You have been logged on."); if (md5($p) == md5("password")) { $_SESSION['messages'][] = __gettext("The password for this account is extremely insecure and represents a major security risk. You should change it immediately."); } define('redirect_url', $redirect_url); header("Location: " . redirect_url); exit; } else { $messages[] = __gettext("Unrecognised username or password. The system could not log you on, or you may not have activated your account."); } } header("Location: " . $CFG->wwwroot); exit; }
<?php // Start the session if (isset($_COOKIE['sessionid'])) { session_id($_COOKIE['sessionid']); } session_name(user_session_name); session_start(); // Check to see if authorization is needed (check cookie) $logged_in = authenticate_account(); // Set logged-in status in stone define('logged_on', $logged_in); // If we're not logged in, set the user ID to -1 if (!logged_on) { $_SESSION['userid'] = -1; }
$auth['method'] = $good_pw; } elseif (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "") { $username = $_SERVER['PHP_AUTH_USER']; $password = md5($_SERVER['PHP_AUTH_PW']); $auth['method'] = "http-basic-auth"; } elseif (isset($_POST['username']) && isset($_POST['password']) && $_POST['username'] != "" && $_POST['password'] != "") { $username = trim($_POST['username']); $password = trim(md5($_POST['password'])); $auth['method'] = "post"; } // Conditions to be extended for other methods (tokens etc.) // If all is well we have a username and password // To be modified for different providers, tokens, etc. and fall-through (iterate through the configured providers) // Elgg authentication provider if (isset($username)) { $logonsuccess = authenticate_account($username, $password); if ($logonsuccess) { $auth['status'] = true; $auth['message'] = "Authenticated"; $auth['code'] = 200; } else { $auth['status'] = false; $auth['message'] = "Incorrect username or password"; $auth['code'] = 801; } } else { $auth['status'] = false; $auth['message'] = "No username or password provided"; $auth['code'] = 801; } $run_result = $auth;