function login($username, $password)
{
$shopper_id = check_credentials($username, $password);
if ($shopper_id > 0) {
session_regenerate_id(TRUE);
$sessid = session_id();
$dbo = db_connect();
$query = "INSERT INTO Session (id, Shopper_id) VALUES (?,?)";
try {
$statement = $dbo->prepare($query);
$success = $statement->execute(array($sessid, $shopper_id));
} catch (PDOException $ex) {
error_log($ex->getMessage());
die($ex->getMessage());
}
return TRUE;
} else {
return FALSE;
}
}
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter"));
}
$credentials = $_REQUEST['aselect_credentials'];
if (!array_key_exists('rid', $_REQUEST)) {
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter"));
}
$rid = $_REQUEST['rid'];
try {
if (!array_key_exists('aselect::authid', $state)) {
throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state");
}
$authid = $state['aselect::authid'];
$aselect = SimpleSAML_Auth_Source::getById($authid);
if (is_null($aselect)) {
throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}");
}
$creds = $aselect->verify_credentials($server_id, $credentials, $rid);
if (array_key_exists('attributes', $creds)) {
$state['Attributes'] = $creds['attributes'];
} else {
$res = $creds['res'];
$state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization']));
}
} catch (Exception $e) {
SimpleSAML_Auth_State::throwException($state, $e);
}
SimpleSAML_Auth_Source::completeAuth($state);
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component"));
}
check_credentials();
<?php
require_once 'inc/functions.php';
/*
* If posted information from login form
*/
if (isset($_POST['submitLogin'])) {
if (check_credentials($_POST)) {
start_session($_POST['uname']);
} else {
$msg = 'Invalid Login Credentials!';
}
}
/*
* If user is logged-in
* redirect to home.php
*/
if (isset($_SESSION['username'])) {
header('Location: home.php?u=' . $_SESSION['username']);
}
require 'inc/header.php';
?>
<div class="container">
<form method="POST" class="form-signin col-md-6 col-md-offset-3 col-xs-10 col-xs-offset-1">
<?php
if (isset($msg)) {
echo "<div class='alert alert-danger' role='alert'>Invalid Login Credentials!</div>";
}
?>
<input type="text" name="uname" class="form-control" placeholder="Username" required autofocus>
<input type="password" name="pword" class="form-control" placeholder="Password" required>
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
// Log this login attempt
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$md5password = md5(mysql_real_escape_string(stripslashes($_POST['password'])));
$naive_ip = $_SERVER['REMOTE_ADDR'];
$real_ip = getRealIpAddr();
$query = "INSERT INTO login_attempts (timestamp,username,password,naive_ip," . "real_ip) VALUES (CURRENT_TIMESTAMP,'{$username}','{$md5password}','{$naive_ip}'," . "'{$real_ip}')";
$result = mysql_query($query);
if (!$result) {
echo "<p>Could not write to log: " . htmlspecialchars(mysql_error()) . "</p>";
}
if (check_credentials($username, $md5password)) {
header("location:index.php");
} else {
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['admin']);
unset($_SESSION['user_id']);
header("location:login_failed.php");
}
}
// include guard
<?php
// accept merchant data
//app.capsidea.com/paypal1puttxncsv.php?key=your_key&hash=your_hash
//error_reporting(0);
//ini_set('display_errors', 0);
include_once 'csv2arr.php';
include_once 'paypal-inc.php';
$my_data_dir = $my_data_dir . "/mtxn";
@mkdir($my_data_dir, 0777, true);
file_put_contents("{$my_data_dir}/paypal-m.log", date(DATE_ATOM) . " " . print_r($_REQUEST, true) . " \n" . print_r($_FILES, true) . "\n", FILE_APPEND);
$stime = get_timer();
$dbconn = pg_connect($pg_host) or log_fatal('Could not connect: ' . pg_last_error());
$key = (int) $_GET["key"];
if (!check_credentials($_GET["key"], $_GET["hash"], $dbconn)) {
log_fatal("ERR hash incorrect for key={$key}, your hash: " . $_GET["hash"]);
}
if (isset($_GET["truncate"])) {
@pg_query("delete from txn where ikey={$key} and ifile=0;");
@pg_query("delete from merchant where ikey={$key} and src=2;");
@pg_query("delete from cases where ikey={$key} and ifile=0;");
@pg_query("commit;");
log_fatal("all customer txn records deleted");
}
if (strtolower($_SERVER['REQUEST_METHOD']) != 'post' || empty($_FILES)) {
log_fatal("ERR no file attached");
}
// это тут, чтобы работал truncate
//$startdate=date("Y-m-d H:00:00O",strtotime($_GET["startdate"]));
//$enddate=date("Y-m-d H:00:00O",strtotime($_GET["enddate"]));
foreach ($_FILES as $this_item) {
if (isset($_POST)) {
$error = '';
$data = array();
if ($_POST['form'] == 'signup') {
if (ifExists($_POST['email'])) {
$error = 'Already Registered';
} else {
if (valid($_POST)) {
signup($_POST);
} else {
$error = 'Invalid Data Entered';
}
}
} elseif ($_POST['form'] == 'login') {
if (valid($_POST)) {
if (check_credentials($_POST) == false) {
$error = 'Invalid Log In Credentials';
} else {
$data['token'] = $token;
}
} else {
$error = 'Please Fill The Form';
}
}
if ($error != '') {
$data['success'] = false;
$data['error'] = $error;
} else {
$data['success'] = true;
$data['message'] = 'success';
}
}
$captcha_html = "";
}
} else {
// Already reported block failure
}
echo "\n <form method='POST'>\n <!-- Your other form inputs (email entry, comment entry, etc.) go here -->\n {$captcha_html}\n <input type='submit' name='submit' value='Submit'>\n </form>\n {$check_text}";
} else {
?>
<p>Welcome to the Confident CAPTCHA PHP sample. The table below
details if your configuration is supported by Confident CAPTCHA. Local settings
are set in <tt>config.php</tt>, and remote settings come from
<a href="http://captcha.confidenttechnologies.com/">captcha.confidenttechnologies.com</a>.</p>
<?php
$response = check_credentials($api_settings);
if ($response['status'] == 200) {
echo $response['body'];
$credentials_good = false === strstr($response['body'], "api_failed='True'");
} else {
echo "check_credentials call failed with status code: " . $response['status'];
echo "<br />response body: <br />" . $response['body'];
$credentials_good = false;
}
if ($credentials_good) {
echo "\n <p>\n Your configuration is supported by the Confident CAPTCHA PHP sample\n code. Use this <tt>config.php</tt> in your own project.\n </p>";
} else {
echo "\n <p>\n <b>Your configuration is <i>not</i> supported by the Confident\n CAPTCHA PHP sample code</b>. Please fix the errors before trying the\n samples and integrating into your own project.\n </p>";
}
?>
if ($n >= 0) {
$_SESSION['tit'] = $USERS[$n];
header("Location: " . $_SERVER["REQUEST_URI"]);
} else {
$message = "Invalid username or password";
}
}
// check for logout
if (isset($_GET['logout'])) {
$_SESSION['tit'] = array();
// username
header("Location: " . $_SERVER["REQUEST_URI"]);
}
$login_html = "<html><head><title>Tiny Issue Tracker</title><style>body,input{font-family:sans-serif;font-size:11px;} label{display:block;}</style></head>\n\t\t\t\t\t\t\t <body><h2>{$TITLE} - Issue Tracker</h2><p>{$message}</p><form method='POST' action='" . $_SERVER["REQUEST_URI"] . "'>\n\t\t\t\t\t\t\t <label>Username</label><input type='text' name='u' />\n\t\t\t\t\t\t\t <label>Password</label><input type='password' name='p' />\n\t\t\t\t\t\t\t <label></label><input type='submit' name='login' value='Login' />\n\t\t\t\t\t\t\t </form></body></html>";
// show login page on bad credential
if (check_credentials($_SESSION['tit']['username'], $_SESSION['tit']['password']) == -1) {
die($login_html);
}
// Check if db exists
try {
$db = new PDO($DB_CONNECTION, $DB_USERNAME, $DB_PASSWORD);
} catch (PDOException $e) {
die("DB Connection failed: " . $e->getMessage());
}
// create tables if not exist
@$db->exec("CREATE TABLE issues (id INTEGER PRIMARY KEY, title TEXT, description TEXT, user TEXT, status INTEGER NOT NULL DEFAULT '0', priority INTEGER, notify_emails TEXT, entrytime DATETIME)");
@$db->exec("CREATE TABLE comments (id INTEGER PRIMARY KEY, issue_id INTEGER, user TEXT, description TEXT, entrytime DATETIME)");
if (isset($_GET["id"])) {
// show issue #id
$id = pdo_escape_string($_GET['id']);
$issue = $db->query("SELECT id, title, description, user, status, priority, notify_emails, entrytime FROM issues WHERE id='{$id}'")->fetchAll();
