Example #1
1
function checkLogin($referer, $post)
{
    if (isset($_SESSION['username'])) {
        return 1;
    }
    return doLogin($referer, $post);
}
Example #2
1
function requestProcessor($request)
{
    echo "received request" . PHP_EOL;
    var_dump($request);
    if (!isset($request['type'])) {
        return "ERROR: unsupported message type";
    }
    switch ($request['type']) {
        case "login":
            $authentication = doLogin($request['username'], $request['password']);
            if ($authentication == true) {
                return array("returnCode" => '0', 'message' => "Login Successful.");
            } else {
                return array("returnCode" => '1', 'message' => "Login Unsuccessful.");
            }
        case "register":
            $registerUser = doRegister($request['username'], $request['password'], $request['email']);
            if ($registerUser == true) {
                return array("returnCode" => '2', 'message' => "Register Successful.");
            } else {
                return array("returnCode" => '3', 'message' => "Register Unsuccessful.");
            }
        case "validate_session":
            return doValidate($request['sessionId']);
    }
    //return array("returnCode" => '0', 'message'=>"Server received request and processed");
}
Example #3
0
function setupSession()
{
    session_start();
    if (!isset($_SERVER["PHP_AUTH_USER"])) {
        die("Not authorized by HTTP server");
    }
    doLogin($_SERVER["PHP_AUTH_USER"]);
}
function requestProcessor($request)
{
    echo "received request" . PHP_EOL;
    var_dump($request);
    switch ($request['type']) {
        case "login":
            return doLogin($request['username'], $request['password']);
        case "validate_session":
            return doValidate($request['sessionId']);
    }
    return "received request";
}
function requestProcessor($request)
{
    echo "received request" . PHP_EOL;
    var_dump($request);
    if (!isset($request['type'])) {
        return "ERROR: unsupported message type";
    }
    switch ($request['type']) {
        case "login":
            return doLogin($request['username'], $request['password']);
        case "validate_session":
            return doValidate($request['sessionId']);
    }
    return "Server received request and processed";
}
Example #6
0
function login()
{
    if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn']) {
        header("location:/");
    }
    $username = '';
    $password = '';
    if (isset($_POST['username'])) {
        $username = $_POST['username'];
    }
    if (isset($_POST['password'])) {
        $password = $_POST['password'];
    }
    if ($username == '' || $password == '') {
        return;
    } else {
        if (doLogin($username, $password)) {
            header("location:/");
        } else {
            $GLOBALS['flashData'] = "Username or password incorect";
        }
    }
}
Example #7
0
File: farm.php Project: arisro/trav
<?php

date_default_timezone_set('Europe/Bucharest');
require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/config.php';
use GuzzleHttp\Client;
use Symfony\Component\DomCrawler\Crawler;
echo "Starting...\n";
sleep(rand(30, 100));
$headers = array('Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Encoding' => 'gzip, deflate', 'Accept-Language' => 'en-US,en;q=0.8,ro;q=0.6,pl;q=0.4,de;q=0.2,ru;q=0.2,fr;q=0.2', 'Cache-Control' => 'max-age=0', 'Connection' => 'keep-alive', 'User-Agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36');
foreach ($config['accounts'] as $account) {
    $client = new Client(['base_uri' => 'http://' . $account['server'], 'cookies' => true]);
    // Login
    doLogin($client, $headers, $account['username'], $account['password']);
    sleep(rand(2, 4));
    $farmsList = getFarmsList($client, $headers);
    sleep(rand(2, 5));
    $attackFarmsIds = array();
    $lastTime = time() - 30 * 60;
    foreach ($farmsList['farms'] as $farm) {
        if (!$farm['isAttacked'] && $farm['prevAttack'] < 3 && $farm['prevAttackTime'] < $lastTime) {
            echo "Attacking " . $farm['name'] . " (" . $farm['id'] . ").\n";
            $attackFarmsIds[] = $farm['id'];
        }
    }
    doAttackFarms($client, $headers, $farmsList['lid'], $farmsList['a'], $attackFarmsIds);
}
echo "Finished.\n";
// Requests
function doLogin($client, $headers, $username, $password)
{
Example #8
0
<?php

session_start();
include 'helpers/error_messages.php';
// Incluye las variables tipo Array para el manejo de errores.
include 'functions/login.php';
// Incluye las funciones para el login.
if (isset($_POST['login_submitted'])) {
    if (isset($_POST['InputEmail'])) {
        $username = $_POST['InputEmail'];
    }
    if (isset($_POST['InputPassword'])) {
        $password = $_POST['InputPassword'];
    }
    if (!empty($username) and !empty($password)) {
        doLogin($username, $password);
        $LoginExitoso = doCheckLoginStatus();
        if ($LoginExitoso) {
            $Login_ErrorMsg = 0;
            // Sin mensaje de error.
        } else {
            $Login_ErrorMsg = 2;
        }
        // En caso que no sea exitoso el login.
    } else {
        $Login_ErrorMsg = 1;
    }
    // En caso que User o Pass estén vacios.
    if (isset($_POST['recovering_password'])) {
        // En caso que se haya pedido recordar password
        if (!empty($_POST['InputEmail'])) {
Example #9
0
<?php 
function doLogin($uid, $pwd)
{
    $fp = fopen("passwd", "r");
    while (!feof($fp)) {
        $line = chop(fgets($fp));
        $a = split(":", $line);
        if ($uid == $a[0] && $pwd == $a[1]) {
            fclose($fp);
            return true;
        }
    }
    fclose($fp);
    return false;
}
$user_name = $_REQUEST['user_id'];
$user_password = $_REQUEST['user_pwd'];
if (doLogin($user_name, $user_password)) {
    echo "<b>登入成功</b>";
} else {
    echo "<font color=\"red\"><b>登入失敗,請輸入正確的帳號密碼</b></font>";
}
Example #10
0
<?php

require 'api/user.php';
// Variables
$user_id = $_GET['user_id'];
$user_pass = $_GET['user_pass'];
$retVal['session_uuid'] = doLogin($user_id, $user_pass);
echo json_encode($retVal);
Example #11
0
        if (preg_match("/^[a-zA-Z0-9-_]{1,50}+\$/", $_POST["password"])) {
            include "../a/include/mysql.connect.php";
            // get user from db
            $sql = "SELECT * FROM user_about WHERE username='******' AND active = 1";
            $result = mysql_query($sql, $db);
            $row = mysql_fetch_assoc($result);
            // encrypt the entered password
            $secret_salt = "InQefAJ6iD";
            $password = $_POST['password'];
            $salted_password = $secret_salt . $password;
            $password_hash = hash('sha256', $salted_password);
            // check password
            if ($row['password'] == $password_hash) {
                // sets 3 cookies (LoggedInNavbar, LoggedInUsername, LoggedInPassword)
                // and starts session
                doLogin($_POST["username"], $_POST["password"], $password_hash);
                // redirect
                header('Location: http://roondoo.com/s/set-general.php');
            }
            mysql_close($db);
        }
    }
}
?>
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8">
    <title>roondoo | Log In</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link href="../a/css/bootstrap.min.css" rel="stylesheet">
Example #12
0
 public function auth()
 {
     $title = 'Администраторская панель';
     if (isset($_GET['logout']) and $_GET['logout'] == 'Y') {
         if (isAdmin()) {
             doLogout();
         }
         $is_auth_complete = $this::ADMIN_AUTH_LOGOUT;
         $auth_message = 'Вы не авторизованы';
         $showAuthForm = true;
     } else {
         if (isAdmin()) {
             $auth_message = 'Уже авторизован';
             $is_auth_complete = $this::ADMIN_AUTH_ALREADY;
         } else {
             if (empty($_POST['login']) or empty($_POST['password'])) {
                 $auth_message = 'Необходима авторизация';
                 $is_auth_complete = $this::ADMIN_AUTH_EMPTY;
             } else {
                 $login = $_POST['login'];
                 $password = $_POST['password'];
                 if ($login == Settings::admin_login and $password == Settings::admin_password) {
                     $auth_message = 'Авторизация успешна';
                     $is_auth_complete = $this::ADMIN_AUTH_SUCCESS;
                 } else {
                     $auth_message = 'Неверные данные';
                     $is_auth_complete = $this::ADMIN_AUTH_WRONG;
                 }
             }
             if ($is_auth_complete == $this::ADMIN_AUTH_SUCCESS) {
                 doLogin();
             }
         }
         if ($is_auth_complete == $this::ADMIN_AUTH_ALREADY or $is_auth_complete == $this::ADMIN_AUTH_SUCCESS) {
             $showAuthForm = false;
         } else {
             $showAuthForm = true;
         }
     }
     $this->data['admin-auth-result'] = array('status' => $is_auth_complete, 'message' => $auth_message, 'showAuthForm' => $showAuthForm);
     $this->render('templates/admin-auth.phtml', $title);
 }
    if (!is_readable($path)) {
        echo 'path (' . $pathHTML . ') can\'t be read';
    }
}
/**
 * perform requested action
 */
if ($do) {
    if (isset($_GET['subject']) && !isNull($_GET['subject'])) {
        $subject = str_replace('/', null, $_GET['subject']);
        $subjectURL = escape($subject);
        $subjectHTML = htmlspecialchars($subject);
    }
    switch ($do) {
        case 'login':
            exit(doLogin());
        case 'logout':
            exit(doLogout());
        case 'shell':
            nonce_check();
            exit(shell_exec($_POST['cmd']));
        case 'create':
            nonce_check();
            exit(doCreate($_POST['f_name'], $_GET['f_type'], $path));
        case 'upload':
            nonce_check();
            exit(doUpload($path));
        case 'chmod':
            nonce_check();
            exit(doChmod($subject, $path, $_POST['mod']));
        case 'extract':
Example #14
0
<?php

include 'login_functions.php';
doLogin($_POST["uname"], $_POST["pass"]);
Example #15
0
File: pafm.php Project: net32/pafm
/** clean variables **/
if (!isNull($_GET['subject'])) {
    $subject = str_replace('/', null, $_GET['subject']);
    $subjectURL = escape($subject);
    $subjectHTML = htmlspecialchars($subject);
}
if (!isNull($_GET['to'])) {
    $to = preg_match($pathRegEx, $_GET['to']) ? null : $_GET['to'];
    $toHTML = htmlspecialchars($to);
    $toURL = escape($to);
}
/** perform requested action **/
if ($do) {
    switch ($do) {
        case 'login':
            exit(doLogin($_POST['pwd']));
        case 'logout':
            exit(doLogout());
        case 'create':
            token_check();
            exit(doCreate($_POST['file'], $_POST['folder'], $path));
        case 'upload':
            token_check();
            exit(doUpload($path));
        case 'chmod':
            token_check();
            exit(doChmod($subject, $path, $_POST['mod']));
        case 'extract':
            token_check();
            exit(doExtract($subject, $path));
        case 'readFile':
Example #16
0
function pose($username)
{
    if (filter_input(INPUT_COOKIE, 'session_data') === null) {
        return false;
    }
    if (!isAlphanumeric($username)) {
        return false;
    }
    doLogin($username);
    return true;
}
Example #17
0
/**
 * This function runs the specified test.
 *
 * @param $test  Associative array with the test parameters.
 * @return TRUE on success, FALSE on failure.
 */
function doTest($test)
{
    $curl = curlCreate();
    $res = TRUE;
    /* Initialize SSO. */
    do {
        $loginPage = initSSO($test, $curl);
        if ($loginPage === FALSE) {
            $res = FALSE;
            break;
        }
        echo 'Logging in.' . "\n";
        $result = doLogin($test, $curl, $loginPage);
        if ($result !== "OK") {
            if (is_string($result)) {
                echo 'Failed to log in. Result from SP: ' . $result . "\n";
            } else {
                echo 'Failed to log in.' . "\n";
            }
            $res = FALSE;
            break;
        }
        echo 'Logged in, attributes OK' . "\n";
        if (array_key_exists('protocol', $test) && $test['protocol'] === 'shib13') {
            echo 'Shib13: Logout not implemented.' . "\n";
            break;
        }
        echo 'Logging out.' . "\n";
        $result = doLogout($test, $curl);
        if ($result !== "OK") {
            if (is_string($result)) {
                echo 'Failed to log out. Result from SP: ' . $result . "\n";
            } else {
                echo 'Failed to log out.' . "\n";
            }
            $res = FALSE;
            break;
        }
        echo 'Logged out.' . "\n";
    } while (0);
    curl_close($curl);
    return $res;
}
Example #18
0
<?php

if (!isset($_SESSION)) {
    session_start();
}
require_once 'Connections/church.php';
require_once 'functions.php';
$errorMessage = '';
if (isset($_POST['login'])) {
    $errorMessage = '&nbsp;';
    $username = $_POST['name'];
    $password = $_POST['password'];
    $result = doLogin($username, $password);
    if ($result != '') {
        $errorMessage = $result;
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script>
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />

<link href="/st_peters/tms.css" rel="stylesheet" type="text/css" />
</head>

<body>
<form id="form1" name="form1" method="post" action="">
Example #19
0
     // Logout and clear auth cookie
     setcookie($cookiename, json_encode($_SESSION['daloauth']), time() - 10, '/');
     $utils->redirect($exturl);
     break;
 case 4:
     // Already logged in
 // Already logged in
 case 12:
     $utils->redirect($postloginurl);
     break;
 case 5:
     // Nothing tried yet
     // Process standard form actions
     switch ($form['action']) {
         case 'login':
             doLogin($form);
             break;
         case "register":
             registerNewUser();
             break;
         case "getsecurityquestion":
             $question = getSecurityQuestion($form['username']);
             if ($question === false) {
                 sendJSONError($lang['forgot_password_no_question']);
             } else {
                 sendJSONResponse(array("question" => $question));
             }
             break;
         case "fetchpassword":
             $form['answer'] = $utils->getRequestVar('answer');
             $form['answer'] = $db->escape($form['answer']);
Example #20
0
error_reporting(E_ALL);
// start the session managment
session_start();
// INCLUDE FILES
include_once 'functions.php';
if (isset($_POST['submit'])) {
    // get credentials to login
    $user = htmlspecialchars($_POST['username']);
    $password = htmlspecialchars($_POST['password']);
    $user = '******';
    $password = '******';
    // setup the soap client
    $forge_soap_url = "https://forge.ctrip.ufl.edu:443/soap/index.php?wsdl";
    $soapClient = new SoapClient($forge_soap_url);
    // check to see if we can login
    $sessionKey = doLogin($soapClient, $user, $password);
    if ($sessionKey != null) {
        $_SESSION['sessionId'] = $sessionKey;
    }
    //print "isLoggedIn?: ".isLoggedIn($_SESSION['sessionId'])."<br>";
    print "Forge API Version: " . $soapClient->version() . "<br>";
    // Init variables
    $intGroupId = 0;
    $intGroupProjectId = 0;
    $strSummary = "";
    $strDetails = "";
    $intPriority = 0;
    $intHours = 0;
    $intStartDate = 0;
    $intEndDate = 0;
    $intCategoryId = 0;
Example #21
0
                $ad->key = "ARC_USER_AD";
                $ad->value = true;
                $ad->userid = $user->id;
                $ad->update();
                doLogin($user);
                return;
            }
        } else {
            Log::createLog("danger", "ldap", "LDAP lookup failed.");
        }
    }
    // end ldap
    $user = \User::getByEmail($_POST["email"]);
    if ($user->verifyPassword($_POST["password"])) {
        if ($user->enabled) {
            doLogin($user);
            return;
        } else {
            system\Helper::arcAddMessage("danger", "Account disabled");
            Log::createLog("danger", "user", "Attempt to access disabled account: " . $_POST["email"]);
            return;
        }
    }
    system\Helper::arcAddMessage("danger", "Invalid username and/or password");
    Log::createLog("warning", "user", "Incorrect password: "******"email"]);
} else {
    return system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/login.js");
}
function doLogin($user)
{
    system\Helper::arcSetUser($user);
/*****************************************
//
//    signin page template for my.Contacts
//    Author: Keran McKenzie
//    Date:   18 Jan 2013
//
//    Provided as sample only, not intended for production
//      This page manages the signin process
//      In production you wouldn't handle it this way
//
*******************************************/
// do we have form data?
if (isset($_POST['username'])) {
    // yes, so lets process it
    // first up doLogin (in production always clean up what's posted in the form!! - never submit user supplied data raw!)
    if (doLogin($_POST['username'], $_POST['password'])) {
        // login worked - lets now push the user through to the customer details
        // first lets write the username & password to session vars as we'll need them again in the future
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['password'] = $_POST['password'];
        // lets make sure we RIGHT the session so Chrome behaves nicely
        session_write_close();
        // lets move the user on now
        header('Location: ' . $pageURL . 'customers/');
        exit;
        // stop anything else running - probably redundant really
    } else {
        // login failed - reload the form (in production don't stick the form in twice - write better code ;) he he he)
        $_SESSION['username'] = '';
        $_SESSION['password'] = '';
        // lets make sure we RIGHT the session so Chrome behaves nicely
Example #23
0
 /**
  * Actually logs you in.
  *
  * What it does:
  * - checks credentials and checks that login was successful.
  * - it employs protection against a specific IP or user trying to brute force
  *   a login to an account.
  * - upgrades password encryption on login, if necessary.
  * - after successful login, redirects you to $_SESSION['login_url'].
  * - accessed from ?action=login2, by forms.
  *
  * On error, uses the same templates action_login() uses.
  */
 public function action_login2()
 {
     global $txt, $scripturl, $user_info, $user_settings, $modSettings, $context, $sc;
     // Load cookie authentication and all stuff.
     require_once SUBSDIR . '/Auth.subs.php';
     // Beyond this point you are assumed to be a guest trying to login.
     if (!$user_info['is_guest']) {
         redirectexit();
     }
     // Are you guessing with a script?
     checkSession('post');
     validateToken('login');
     spamProtection('login');
     // Set the login_url if it's not already set (but careful not to send us to an attachment).
     if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0 || isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false) {
         $_SESSION['login_url'] = $_SESSION['old_url'];
     }
     // Been guessing a lot, haven't we?
     if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
         fatal_lang_error('login_threshold_fail', 'critical');
     }
     // Set up the cookie length.  (if it's invalid, just fall through and use the default.)
     if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
         $modSettings['cookieTime'] = 3153600;
     } elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
         $modSettings['cookieTime'] = (int) $_POST['cookielength'];
     }
     loadLanguage('Login');
     // Load the template stuff
     loadTemplate('Login');
     loadJavascriptFile('sha256.js', array('defer' => true));
     $context['sub_template'] = 'login';
     // Set up the default/fallback stuff.
     $context['default_username'] = isset($_POST['user']) ? preg_replace('~&amp;#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'], ENT_COMPAT, 'UTF-8')) : '';
     $context['default_password'] = '';
     $context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
     $context['login_errors'] = array($txt['error_occurred']);
     $context['page_title'] = $txt['login'];
     // Add the login chain to the link tree.
     $context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
     // This is an OpenID login. Let's validate...
     if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID'])) {
         require_once SUBSDIR . '/OpenID.subs.php';
         $open_id = new OpenID();
         if ($open_id->validate($_POST['openid_identifier']) !== 'no_data') {
             return $open_id;
         } else {
             $context['login_errors'] = array($txt['openid_not_found']);
             return;
         }
     }
     // You forgot to type your username, dummy!
     if (!isset($_POST['user']) || $_POST['user'] == '') {
         $context['login_errors'] = array($txt['need_username']);
         return;
     }
     // No one needs a username that long, plus we only support 80 chars in the db
     if (Util::strlen($_POST['user']) > 80) {
         $_POST['user'] = Util::substr($_POST['user'], 0, 80);
     }
     // Can't use a password > 64 characters sorry, to long and only good for a DoS attack
     // Plus we expect a 64 character one from SHA-256
     if (isset($_POST['passwrd']) && strlen($_POST['passwrd']) > 64 || isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) > 64) {
         $context['login_errors'] = array($txt['improper_password']);
         return;
     }
     // Hmm... maybe 'admin' will login with no password. Uhh... NO!
     if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 64)) {
         $context['login_errors'] = array($txt['no_password']);
         return;
     }
     // No funky symbols either.
     if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0) {
         $context['login_errors'] = array($txt['error_invalid_characters_username']);
         return;
     }
     // Are we using any sort of integration to validate the login?
     if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true)) {
         $context['login_errors'] = array($txt['login_hash_error']);
         $context['disable_login_hashing'] = true;
         return;
     }
     // Find them... if we can
     $user_settings = loadExistingMember($_POST['user']);
     // Let them try again, it didn't match anything...
     if (empty($user_settings)) {
         $context['login_errors'] = array($txt['username_no_exist']);
         return;
     }
     // Figure out if the password is using Elk's encryption - if what they typed is right.
     if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) === 64) {
         // Challenge what was passed
         $valid_password = validateLoginPassword($_POST['hash_passwrd'], $user_settings['passwd']);
         // Let them in
         if ($valid_password) {
             $sha_passwd = $_POST['hash_passwrd'];
             $valid_password = true;
         } elseif (preg_match('/^[0-9a-f]{40}$/i', $user_settings['passwd']) && isset($_POST['old_hash_passwrd']) && $_POST['old_hash_passwrd'] === hash('sha1', $user_settings['passwd'] . $sc)) {
             // Old password passed, turn off hashing and ask for it again so we can update the db to something more secure.
             $context['login_errors'] = array($txt['login_hash_error']);
             $context['disable_login_hashing'] = true;
             unset($user_settings);
             return;
         } else {
             // Don't allow this!
             validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
             $_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1;
             // To many tries, maybe they need a reminder
             if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
                 redirectexit('action=reminder');
             } else {
                 log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
                 // Wrong password, lets enable plain text responses in case form hashing is causing problems
                 $context['disable_login_hashing'] = true;
                 $context['login_errors'] = array($txt['incorrect_password']);
                 unset($user_settings);
                 return;
             }
         }
     } else {
         // validateLoginPassword will hash this like the form normally would and check its valid
         $sha_passwd = $_POST['passwrd'];
         $valid_password = validateLoginPassword($sha_passwd, $user_settings['passwd'], $user_settings['member_name']);
     }
     // Bad password!  Thought you could fool the database?!
     if ($valid_password === false) {
         // Let's be cautious, no hacking please. thanx.
         validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
         // Maybe we were too hasty... let's try some other authentication methods.
         $other_passwords = $this->_other_passwords($user_settings);
         // Whichever encryption it was using, let's make it use ElkArte's now ;).
         if (in_array($user_settings['passwd'], $other_passwords)) {
             $user_settings['passwd'] = validateLoginPassword($sha_passwd, '', '', true);
             $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
             // Update the password hash and set up the salt.
             updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'], 'passwd_flood' => ''));
         } else {
             // They've messed up again - keep a count to see if they need a hand.
             $_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1;
             // Hmm... don't remember it, do you?  Here, try the password reminder ;).
             if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
                 redirectexit('action=reminder');
             } else {
                 // Log an error so we know that it didn't go well in the error log.
                 log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
                 $context['login_errors'] = array($txt['incorrect_password']);
                 return;
             }
         }
     } elseif (!empty($user_settings['passwd_flood'])) {
         // Let's be sure they weren't a little hacker.
         validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
         // If we got here then we can reset the flood counter.
         updateMemberData($user_settings['id_member'], array('passwd_flood' => ''));
     }
     // Correct password, but they've got no salt; fix it!
     if ($user_settings['password_salt'] == '') {
         $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
         updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt']));
     }
     // Check their activation status.
     if (!checkActivation()) {
         return;
     }
     doLogin();
 }
Example #24
0
$cfg['mysql_linkid'] = @mysql_connect($cfg['mysql_server'], $cfg['mysql_user'], $cfg['mysql_pass']);
if (!$cfg['mysql_linkid']) {
    die('Failed to connect to MySQL.');
}
if (!@mysql_select_db($cfg['mysql_dbname'])) {
    die('Failed to connect MySQL database');
}
/* includes */
require_once PATH . './class.template.php';
require_once PATH . './functions.php';
/* load template class */
$template = new Template();
/* doLogin aSync request */
/* print @ login-response innerHTML */
if (!empty($_REQUEST['doLogin'])) {
    doLogin($_POST['login_user_name'], $_POST['login_user_password']);
    exit;
}
/* get pages */
$pagesArray = array();
if (is_dir(PATH . './pages/')) {
    if ($dh = opendir(PATH . './pages/')) {
        while (($file = readdir($dh)) !== false) {
            $ext = substr($file, strlen($file) - 3, strlen($file));
            $name = substr($file, 0, strlen($file) - 4);
            if ($ext == 'php') {
                $pagesArray[$name] = $name;
            }
        }
    }
}
<?php

include "../config/settings.php";
include "db_connect.php";
include "utils.php";
$login = doLogin($_POST['username'], $_POST['password']);
$mysqli->close();
if ($login['success']) {
    if (!empty($_SESSION["deniedURL"])) {
        $url = $_SESSION["deniedURL"];
        unset($_SESSION["deniedURL"]);
        header("Location:" . $url);
    } else {
        header("Location:../");
    }
    //Default destination
} else {
    header("Location:../login_page.php?msg=" . $login['msgId']);
}
//Back to login page with error
Example #26
0
    $db->executa($db->getJoinRecord("funcionarios", "fun_nome='{$usu_login}' and fun_senha='{$usu_senha}'", '', 0), true, "user");
    if ($db->num_rows == 1) {
        $id = $db->user["usu_id"];
        $login = $db->user["usu_login"];
        $itens = array("usu_id" => $id, "usu_login" => $login, "status" => 1);
        $str = $json->encode($itens);
        session_register("usu_nome");
        session_register("usu_id");
        $_SESSION["usu_modulo"] = 0;
        $_SESSION["usu_nome"] = $db->user["fun_nome"];
        $_SESSION["usu_id"] = $db->user["fun_id"];
        $_SESSION["sis_exerc"] = $exercicio;
        $_SESSION["usu_grpid"] = $grp_id;
        $_SESSION["bgcolor"] = "#EAE5DA";
        $_SESSION["dtatend"] = date("d/m/Y");
        if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
            $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
        } else {
            $ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
        }
    } else {
        $itens = array("usu_id" => '', "usu_login" => $_GET["usu_login"], "status" => 2);
        $str = $json->encode($itens);
    }
    return $str;
}
switch ($_GET["fc"]) {
    case 'doLogin':
        echo doLogin($_GET["usu_login"], $_GET["usu_senha"]);
        break;
}
Example #27
0
<?php

session_start();
require 'include/config.php';
require 'functions/functions_checkuser.php';
$errorMessage = "กรุณาเข้าสู่ระบบ เพื่อใช้งาน";
if (isset($_POST['txtUserName'])) {
    $result = doLogin();
    if ($result != '') {
        $errorMessage = $result;
    }
}
?>
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>Admin KPI | Log in</title>
    <!-- Tell the browser to be responsive to screen width -->
    <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
    <!-- Bootstrap 3.3.5 -->
    <link rel="stylesheet" href="@assets/bootstrap/css/bootstrap.min.css">
    <!-- Font Awesome -->
    <link rel="stylesheet" href="@assets/bootstrap/font-awesome/css/font-awesome.min.css">
    <!-- Ionicons -->
    <link rel="stylesheet" href="@assets/bootstrap/ionicons.min.css">
    <!-- Theme style -->
    <link rel="stylesheet" href="@assets/dist/css/AdminLTE.min.css">
    <!-- iCheck -->
    <link rel="stylesheet" href="@assets/plugins/iCheck/square/blue.css">
Example #28
0
             $res = doReg($username, md5($password), 1);
             if ($res[0] == 1) {
                 header("location:index.php?ac=login");
             } else {
                 exit($res[1]);
             }
         }
     }
 } else {
     if ($ac == 'doLogin') {
         $username = trim($_POST['username']);
         $password = trim($_POST['password']);
         if (empty($username) || empty($password)) {
             exit('用户名或者密码不能为空!');
         } else {
             $res = doLogin($username, md5($password));
             if ($res[0] == 1) {
                 $_SESSION['userinfo'] = $res[2];
                 header("location:index.php");
             } else {
                 exit($res[1]);
             }
         }
     } else {
         if ($ac == 'logout') {
             session_destroy();
             header("location:index.php");
         } else {
             if ($ac == 'ask') {
                 include 'tpl/addquestion.php';
             } else {
Example #29
0
<?php

require_once realpath(dirname(__FILE__) . '/../../..') . '/enviroment.php';
require_once APPPATH . 'modules/mod_discount/admin.php';
doLogin();
/**
 * Generated by PHPUnit_SkeletonGenerator 1.2.1 on 2013-07-03 at 13:11:06.
 */
class AdminTest extends \PHPUnit_Framework_TestCase
{
    /**
     * @var Admin
     */
    protected $object;
    /**
     * Sets up the fixture, for example, opens a network connection.
     * This method is called before a test is executed.
     */
    protected function setUp()
    {
        $this->object = new Admin();
    }
    /**
     * Tears down the fixture, for example, closes a network connection.
     * This method is called after a test is executed.
     */
    protected function tearDown()
    {
    }
    /**
     * Prepare test data
function requestProcessor($request)
{
    echo "received request" . PHP_EOL;
    var_dump($request);
    if (!isset($request['type'])) {
        return "ERROR: unsupported message type";
    }
    switch ($request['type']) {
        case "login":
            //return doLogin($request['username'],$request['password']);
            $auth = doLogin($request['username'], $request['password']);
            if ($auth == true) {
                return array('hello' => 'world');
            }
        case "validate_session":
            return doValidate($request['sessionId']);
            //in case friends this will return a list of friends from
            //the the steam user, and send it in an array to the client.
        //in case friends this will return a list of friends from
        //the the steam user, and send it in an array to the client.
        case "showFriends":
            return showFriends($request['steamid']);
        case "popFri":
            addFriendsToUsers($request['steamid']);
        case "add":
            retrieveUserInfo($request['steamid']);
            //return array("returnCode" => '0', 'message'=>"Server received request and processed");
    }
    //return array("returnCode" => '0', 'message'=>"Server received request and processed");
}