function login($username, $password) { $shopper_id = check_credentials($username, $password); if ($shopper_id > 0) { session_regenerate_id(TRUE); $sessid = session_id(); $dbo = db_connect(); $query = "INSERT INTO Session (id, Shopper_id) VALUES (?,?)"; try { $statement = $dbo->prepare($query); $success = $statement->execute(array($sessid, $shopper_id)); } catch (PDOException $ex) { error_log($ex->getMessage()); die($ex->getMessage()); } return TRUE; } else { return FALSE; } }
SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing aselect_credentials parameter")); } $credentials = $_REQUEST['aselect_credentials']; if (!array_key_exists('rid', $_REQUEST)) { SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Missing rid parameter")); } $rid = $_REQUEST['rid']; try { if (!array_key_exists('aselect::authid', $state)) { throw new SimpleSAML_Error_Exception("ASelect authentication source missing in state"); } $authid = $state['aselect::authid']; $aselect = SimpleSAML_Auth_Source::getById($authid); if (is_null($aselect)) { throw new SimpleSAML_Error_Exception("Could not find authentication source with id {$authid}"); } $creds = $aselect->verify_credentials($server_id, $credentials, $rid); if (array_key_exists('attributes', $creds)) { $state['Attributes'] = $creds['attributes']; } else { $res = $creds['res']; $state['Attributes'] = array('uid' => array($res['uid']), 'organization' => array($res['organization'])); } } catch (Exception $e) { SimpleSAML_Auth_State::throwException($state, $e); } SimpleSAML_Auth_Source::completeAuth($state); SimpleSAML_Auth_State::throwException($state, new SimpleSAML_Error_Exception("Internal error in A-Select component")); } check_credentials();
<?php require_once 'inc/functions.php'; /* * If posted information from login form */ if (isset($_POST['submitLogin'])) { if (check_credentials($_POST)) { start_session($_POST['uname']); } else { $msg = 'Invalid Login Credentials!'; } } /* * If user is logged-in * redirect to home.php */ if (isset($_SESSION['username'])) { header('Location: home.php?u=' . $_SESSION['username']); } require 'inc/header.php'; ?> <div class="container"> <form method="POST" class="form-signin col-md-6 col-md-offset-3 col-xs-10 col-xs-offset-1"> <?php if (isset($msg)) { echo "<div class='alert alert-danger' role='alert'>Invalid Login Credentials!</div>"; } ?> <input type="text" name="uname" class="form-control" placeholder="Username" required autofocus> <input type="password" name="pword" class="form-control" placeholder="Password" required>
{ if (!empty($_SERVER['HTTP_CLIENT_IP'])) { $ip = $_SERVER['HTTP_CLIENT_IP']; } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } return $ip; } // Log this login attempt $username = mysql_real_escape_string(stripslashes($_POST['username'])); $md5password = md5(mysql_real_escape_string(stripslashes($_POST['password']))); $naive_ip = $_SERVER['REMOTE_ADDR']; $real_ip = getRealIpAddr(); $query = "INSERT INTO login_attempts (timestamp,username,password,naive_ip," . "real_ip) VALUES (CURRENT_TIMESTAMP,'{$username}','{$md5password}','{$naive_ip}'," . "'{$real_ip}')"; $result = mysql_query($query); if (!$result) { echo "<p>Could not write to log: " . htmlspecialchars(mysql_error()) . "</p>"; } if (check_credentials($username, $md5password)) { header("location:index.php"); } else { unset($_SESSION['username']); unset($_SESSION['password']); unset($_SESSION['admin']); unset($_SESSION['user_id']); header("location:login_failed.php"); } } // include guard
<?php // accept merchant data //app.capsidea.com/paypal1puttxncsv.php?key=your_key&hash=your_hash //error_reporting(0); //ini_set('display_errors', 0); include_once 'csv2arr.php'; include_once 'paypal-inc.php'; $my_data_dir = $my_data_dir . "/mtxn"; @mkdir($my_data_dir, 0777, true); file_put_contents("{$my_data_dir}/paypal-m.log", date(DATE_ATOM) . " " . print_r($_REQUEST, true) . " \n" . print_r($_FILES, true) . "\n", FILE_APPEND); $stime = get_timer(); $dbconn = pg_connect($pg_host) or log_fatal('Could not connect: ' . pg_last_error()); $key = (int) $_GET["key"]; if (!check_credentials($_GET["key"], $_GET["hash"], $dbconn)) { log_fatal("ERR hash incorrect for key={$key}, your hash: " . $_GET["hash"]); } if (isset($_GET["truncate"])) { @pg_query("delete from txn where ikey={$key} and ifile=0;"); @pg_query("delete from merchant where ikey={$key} and src=2;"); @pg_query("delete from cases where ikey={$key} and ifile=0;"); @pg_query("commit;"); log_fatal("all customer txn records deleted"); } if (strtolower($_SERVER['REQUEST_METHOD']) != 'post' || empty($_FILES)) { log_fatal("ERR no file attached"); } // это тут, чтобы работал truncate //$startdate=date("Y-m-d H:00:00O",strtotime($_GET["startdate"])); //$enddate=date("Y-m-d H:00:00O",strtotime($_GET["enddate"])); foreach ($_FILES as $this_item) {
if (isset($_POST)) { $error = ''; $data = array(); if ($_POST['form'] == 'signup') { if (ifExists($_POST['email'])) { $error = 'Already Registered'; } else { if (valid($_POST)) { signup($_POST); } else { $error = 'Invalid Data Entered'; } } } elseif ($_POST['form'] == 'login') { if (valid($_POST)) { if (check_credentials($_POST) == false) { $error = 'Invalid Log In Credentials'; } else { $data['token'] = $token; } } else { $error = 'Please Fill The Form'; } } if ($error != '') { $data['success'] = false; $data['error'] = $error; } else { $data['success'] = true; $data['message'] = 'success'; }
} $captcha_html = ""; } } else { // Already reported block failure } echo "\n <form method='POST'>\n <!-- Your other form inputs (email entry, comment entry, etc.) go here -->\n {$captcha_html}\n <input type='submit' name='submit' value='Submit'>\n </form>\n {$check_text}"; } else { ?> <p>Welcome to the Confident CAPTCHA PHP sample. The table below details if your configuration is supported by Confident CAPTCHA. Local settings are set in <tt>config.php</tt>, and remote settings come from <a href="http://captcha.confidenttechnologies.com/">captcha.confidenttechnologies.com</a>.</p> <?php $response = check_credentials($api_settings); if ($response['status'] == 200) { echo $response['body']; $credentials_good = false === strstr($response['body'], "api_failed='True'"); } else { echo "check_credentials call failed with status code: " . $response['status']; echo "<br />response body: <br />" . $response['body']; $credentials_good = false; } if ($credentials_good) { echo "\n <p>\n Your configuration is supported by the Confident CAPTCHA PHP sample\n code. Use this <tt>config.php</tt> in your own project.\n </p>"; } else { echo "\n <p>\n <b>Your configuration is <i>not</i> supported by the Confident\n CAPTCHA PHP sample code</b>. Please fix the errors before trying the\n samples and integrating into your own project.\n </p>"; } ?>
if ($n >= 0) { $_SESSION['tit'] = $USERS[$n]; header("Location: " . $_SERVER["REQUEST_URI"]); } else { $message = "Invalid username or password"; } } // check for logout if (isset($_GET['logout'])) { $_SESSION['tit'] = array(); // username header("Location: " . $_SERVER["REQUEST_URI"]); } $login_html = "<html><head><title>Tiny Issue Tracker</title><style>body,input{font-family:sans-serif;font-size:11px;} label{display:block;}</style></head>\n\t\t\t\t\t\t\t <body><h2>{$TITLE} - Issue Tracker</h2><p>{$message}</p><form method='POST' action='" . $_SERVER["REQUEST_URI"] . "'>\n\t\t\t\t\t\t\t <label>Username</label><input type='text' name='u' />\n\t\t\t\t\t\t\t <label>Password</label><input type='password' name='p' />\n\t\t\t\t\t\t\t <label></label><input type='submit' name='login' value='Login' />\n\t\t\t\t\t\t\t </form></body></html>"; // show login page on bad credential if (check_credentials($_SESSION['tit']['username'], $_SESSION['tit']['password']) == -1) { die($login_html); } // Check if db exists try { $db = new PDO($DB_CONNECTION, $DB_USERNAME, $DB_PASSWORD); } catch (PDOException $e) { die("DB Connection failed: " . $e->getMessage()); } // create tables if not exist @$db->exec("CREATE TABLE issues (id INTEGER PRIMARY KEY, title TEXT, description TEXT, user TEXT, status INTEGER NOT NULL DEFAULT '0', priority INTEGER, notify_emails TEXT, entrytime DATETIME)"); @$db->exec("CREATE TABLE comments (id INTEGER PRIMARY KEY, issue_id INTEGER, user TEXT, description TEXT, entrytime DATETIME)"); if (isset($_GET["id"])) { // show issue #id $id = pdo_escape_string($_GET['id']); $issue = $db->query("SELECT id, title, description, user, status, priority, notify_emails, entrytime FROM issues WHERE id='{$id}'")->fetchAll();