function loginUser($benutzer, $passwort, $conid)
{
// Anweisung zusammenstellen
$sql = "SELECT `Salt`, `Password`, `Fail` FROM `User` WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' AND `Closed` = 0";
// Anweisung an DB schicken
$ergebnis = mysqli_query($conid, $sql);
// Wurde ein Datensatz gefunden, existiert dieser Benutzername, also
// prüfen wir ob die Anmeldedaten korrekt ist
if (mysqli_num_rows($ergebnis) == 1) {
$datensatz = mysqli_fetch_array($ergebnis);
// Resourcen freigeben
mysqli_free_result($ergebnis);
// Anmeldepasswort vorbereiten
$zusatz = $datensatz['Salt'];
$hashed_pass = $datensatz['Password'];
$anmeldepw = validateLogin($passwort, $hashed_pass, $zusatz);
// Prüfen ob ein Datensatz gefunden wurde. In dem Fall stimmen die Anmeldedaten
if ($anmeldepw == TRUE) {
// Counter für Fehlversuche resetten
if ($datensatz['Fail'] != 0) {
$sql = "UPDATE `User` SET `Fail` = 0 WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' LIMIT 1";
mysqli_query($conid, $sql);
}
// Korrekte Anmeldung zurückgeben
return true;
} else {
// Das angegebene Passwort war nicht korrekt, also gehen wir von einem Angriffsversuch aus
// und erhöhen den Counter der fehlerhaften Anmeldeversuche
$sql = "UPDATE `User` SET `Fail` = `Fail` + 1 WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' LIMIT 1";
mysqli_query($conid, $sql);
// Abfragen ob das Limit von 10 Fehlversuche erreicht wurde und in diesem Fall ...
$sql = "SELECT `Fail` FROM `User` WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "'";
$ergebnis = mysqli_query($conid, $sql);
$anzahl = mysqli_fetch_array($ergebnis);
mysqli_free_result($ergebnis);
// ... das Konto deaktivieren
if ($anzahl['Fail'] > 9) {
$sql = "UPDATE `User` SET `Fail` = 0, `Closed` = 1 WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' LIMIT 1";
mysqli_query($conid, $sql);
}
}
}
}
<?php
function __autoload($class_name)
{
require_once '../objects/' . $class_name . '.php';
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$isValidLogin = validateLogin($_POST['username'], $_POST['password']);
$urlLocation = "../home.php";
if (!$isValidLogin) {
$urlLocation = "../login.php?valid=false";
}
header("Location: {$urlLocation}");
}
function validateLogin($username, $password)
{
$isValidLogin = false;
$password = md5($password);
//create a connection and select the database
$conn = mysql_connect(mydbinfo::$HOST, mydbinfo::$USER, mydbinfo::$PASSWORD) or die("DB Connection Failure: " . mysql_error());
mysql_select_db(mydbinfo::$DATABASE);
//create and run the query
$queryString = sprintf("SELECT * FROM users WHERE username='******' AND password='******' AND registered=1", mysql_real_escape_string($username), mysql_real_escape_string($password));
$result = mysql_query($queryString) or die("Query Error: " . mysql_error());
print "Num Rows: " + mysql_num_rows($result);
if (mysql_num_rows($result) == 1) {
echo "found result";
$row = mysql_fetch_assoc($result);
$user = new AuthorisedUser($row['id'], $row['username'], $row['name'], $row['pic_url'], $row['website'], $row['bio']);
session_start();
session_regenerate_id();
<?php
include 'scripts/header.php';
validateLogin($loggedIn);
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<meta charset="utf-8">
<meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width">
<title></title>
<link href="lib/ionic/css/ionic.css" rel="stylesheet">
<link href="css/style.css" rel="stylesheet">
<script src="lib/ionic/js/ionic.bundle.js"></script>
<script src="lib/jquery-1.10.2.min.js"></script>
<script src="js/app.js"></script>
<script src="js/controllers.js"></script>
<script src="js/services.js"></script>
<script src="js/directives.js"></script>
</head>
<body ng-app="etiMobile">
<ion-nav-bar class="bar-positive">
<ion-nav-back-button>
</ion-nav-back-button>
</ion-nav-bar>
<!--
<?php
echo '<html>';
echo '<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="public/css/bootstrap.min.css" integrity="sha512-dTfge/zgoMYpP7QbHy4gWMEGsbsdZeCXz7irItjcC3sPUFtf0kuFbDz/ixG7ArTxmDjLXDmezHubeNikyKGVyQ==" crossorigin="anonymous">
<!-- Optional theme -->
<link rel="stylesheet" href="public/css/bootstrap-theme.min.css" integrity="sha384-aUGj/X2zp5rLCbBxumKTCw2Z50WgIr1vs/PFN4praOTvYXWlVyh2UtNUU0KAUhAX" crossorigin="anonymous">
<!-- Latest compiled and minified JavaScript -->
<script src="public/js/bootstrap.min.js" integrity="sha512-K1qjQ+NcF2TYO/eI3M6v8EiNYZfA95pQumfvcVrTHtwQVDG+aHRqLi/ETn2uB+1JqwYqVG3LIvdm9lj6imS/pQ==" crossorigin="anonymous"></script>';
enter();
echo '<form method="POST" action="http://localhost:8000">
<div class="form-group">
<label for="exampleInputLogin">Login:</label>
<input type="text" class="form-control" id="exampleInputLogin" name="login"/><br/>' . validateLogin($_REQUEST['login']) . '
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="text" class="form-control" id="exampleInputPassword" name="password"/></br>' . validatePassword($_REQUEST['password']) . '
</div>
<input type="submit" class="btn btn-default" value="Send"/>
</form>';
enter();
echo '<a href="/src/reg.php">Зарегистрируйтесь</a>';
echo '</html>';
/* http://getbootstrap.com/getting-started/#template - Sign-in page http://getbootstrap.com/examples/signin/ */
/*сделать форму регистрации*/
} else {
}
wp_reset_postdata();
if ($the_id != "") {
$loggedIn = $the_id;
} else {
$loggedIn = false;
}
}
return $loggedIn;
}
$location = home_url();
$tablebooking_page = $location . "/table-booking/";
// find order for logged in user
if (isset($_POST['submit'])) {
$loggedIn = validateLogin($_POST);
if (!$loggedIn) {
wp_redirect($tablebooking_page . "?error=true#login_form");
} else {
$bookingID = $loggedIn;
}
} else {
wp_redirect($tablebooking_page . "?error=true#login_form");
}
?>
</div>
</div><!--End top3_box_sub_left-->
<br class="clearBoth"/>
</div>
<?php
require_once 'global.php';
if (isset($_POST['loginForm'])) {
$username = $_POST['username'];
$password = $_POST['password'];
validateLogin($username, $password);
}
if (isset($_POST['register'])) {
include 'register.php';
$r = new Register();
if ($r) {
//true if $r is not null
if ($r->register()) {
header("Location: succ_reg.html");
}
}
}
if (isset($_POST['login'])) {
$email = $_POST['email'];
# $password = md5($_POST['password']);
# $password = hash('sha256', $_POST['password']);
$password = $_POST['password'];
if (validateLogin($email, $password)) {
header("Location: direct.php");
} else {
echo 'invalid email/password';
}
}
function validateLogin($email, $password)
{
$db = new mysqli('localhost', 'root', '', 'Library');
$result = $db->query("SELECT * FROM Users WHERE email = '{$email}' && password = '******'");
if ($result->num_rows) {
$result = $result->fetch_object();
$_SESSION['name'] = $result->name;
$_SESSION['email'] = $result->email;
return true;
}
break;
case 'get_dest_URL':
$tripID = $_REQUEST['trip_id'];
$result = getTripDetails($tripID);
$placeID = $result['DestinationID'];
echo getPlaceURL($placeID);
break;
case 'get_profile_pic':
getUserProfilePic($_COOKIE['userID']);
break;
case 'add_user':
addUser($_POST['first_name'], $_POST['last_name'], $_POST['email'], md5($_POST['password']));
break;
case 'validate_user':
$encrip_password = md5($_POST['password']);
validateLogin($_POST['username'], $encrip_password);
break;
case 'get_driver_pic':
$tripID = $_REQUEST['trip_id'];
$details = getTripDetails($tripID);
$user = $details['DriverID'];
echo getUserProfilePic($user);
break;
case 'upload_profile_pic':
upload_pp($_COOKIE['userID']);
// Redirect to home-page
header('Location: /pages/sr_profilePage.html');
break;
case 'get_user_name':
getUserName($_COOKIE['userID']);
break;
<?php
session_start();
error_reporting(E_ALL);
require_once 'constants.php';
ini_set('display_errors', 1);
$user_in = filter_input(INPUT_POST, "user", FILTER_SANITIZE_STRING);
$pw_in = filter_input(INPUT_POST, "pw", FILTER_SANITIZE_STRING);
$user = validateUser($user_in);
$pw = validatePassword($pw_in);
validateLogin($user, $pw);
//=========================================================
// Functions used to validate login credentials.
//---------------------------------------------------------
function validateLogin($user, $pw)
{
global $url;
if (doesUserDirectoryExist($user)) {
// User Exists
$pwFile = $GLOBALS['directory'] . "users/" . $user . "/pw.txt";
if (file_get_contents($pwFile) === $pw) {
$_SESSION['logged_on'] = 1;
$_SESSION['user'] = $user;
header('Location: ' . $GLOBALS['url']);
} else {
echo "<font color=\"red\"><b>ERROR: Input did not match a registed username & password combination.</b></font><br>";
echo "(Main page will reload shortly...)\n";
echo "<script type=\"text/javascript\">\nreload_page=function() {\n\tlocation.replace(\"{$url}\");\n}\n";
echo "var intervalID = window.setInterval(reload_page, 5000);\n</script>\n";
}
} else {
if ($f == "public_html") {
break;
}
}
define('ROOT_PATH', $mRootpath);
error_reporting(E_ALL);
ini_set("display_errors", 1);
$database = @mysql_connect('mysql.eecs.ku.edu', $username, $password);
if (!$database) {
die('Could not connect: ' . mysql_error());
}
if (!mysql_select_db($username, $database)) {
die('Could not select database: ' . mysql_error());
}
$user = $_POST['user'];
$pass = $_POST['pass'];
//Given username and password returns results of query.
function validateLogin($user, $pass, $database)
{
$sql_query = 'SELECT * FROM USER WHERE user_id = "' . $user . '" AND password = "******"';
return mysql_query($sql_query, $database);
}
//Call to get recrods from user table.
$result = validateLogin($user, $pass, $database);
//Checks if record exists or not
if (mysql_num_rows($result) == 0) {
echo "NO";
} else {
echo "YES";
}
mysql_close($database);
<?php
$contype = "dev";
$globalpath = "../../preprod/";
include_once "resizeclass.php";
include_once "connect.php";
include_once "errorconstants.php";
include_once "functions.php";
global $authuserid;
if (!empty($_SERVER['PHP_AUTH_USER'])) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
echo $authuserid = validateLogin($username, $password);
exit;
} else {
if (!function_exists('http_response_code')) {
getStatusCode(401);
exit;
}
}
function generateResponse($issuccess, $message = NULL, $data = NULL)
{
$json = array();
$json['IsSuccess'] = $issuccess;
if ($message != NULL) {
$json['message'] = $message;
}
if ($data != NULL) {
$json['item'] = $data;
}
return $json;
} else {
echo "Vor-/Nachname, Benutzername, Passswort und Email müssen eingegeben werden.";
}
break;
case "PwForgot":
if (strlen($_REQUEST['Email']) > 0) {
forgotPasswd($_REQUEST['Email']);
} else {
echo "Email muss eingegeben werden.";
}
break;
default:
if (!isset($_REQUEST['User']) || !isset($_REQUEST['Pw']) || strlen($_REQUEST['User']) == 0 || strlen($_REQUEST['Pw']) == 0) {
echo "Benutzer und Passwort müssen eingegeben werden.";
} else {
if (!validateLogin($DBCONNECT, $_REQUEST['User'], $_REQUEST['Pw'])) {
echo "Benutzer oder Passwort fehlerhaft";
} else {
/**
* LOGIN ERFOLGREICH
* ---------------------------------
*
* AB HIER STANDARF-FUNKTIONALITÄT
* FÜR REGISTRIERTE BENUTZER
*
* ---------------------------------
*/
$_SESSION['config']->CURRENTUSER->login($_REQUEST['User'], $_REQUEST['Pw']);
$userId = $_SESSION['config']->CURRENTUSER->USERID;
switch ($command) {
case "updateGpsKoords":
$signup_message = "";
}
// check username
if ($username == null) {
$signup_message = $signup_message . "<li>username is required</li>";
$username = "";
}
// check password
if ($password == null) {
$signup_message = $signup_message . "<li>password is required</li>";
} else {
if ($username != null) {
// validate login
$bValidatedLogin = false;
try {
$bValidatedLogin = validateLogin($username, $password);
} catch (PDOException $e) {
echo $e->getMessage() . "<br />";
$bValidatedLogin = false;
}
if (!$bValidatedLogin) {
$signup_message = $signup_message . "<li>Login failed; username or password was not found</li>";
}
}
}
// compile list
if ($signup_message != "") {
$signup_message = "<content>Found the following errors:</content><ul>" . $signup_message . "</ul>";
} else {
// obviously nothing is wrong
$signup_message = "successful";
<link href="../bootstrap/css/bootstrap.min.css" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<?php
do_html_header('');
//padding
checkLogout();
//check if logout button was clicked.
validateLogin();
//check if username and password is submitted correctly.
if ($_SESSION['isOn'] === 1) {
display_userNavbar();
if ($_SESSION['userType'] == 'a') {
?>
<div class='container'>
<table>
<tr>
<td valign="top"><?php
display_agentMenu();
?>
</td>
<td> </td>
<td><?php
display_agentScreen();
<?php
if (!isset($_SESSION)) {
session_start();
}
if (isset($_SESSION['email'])) {
header("Location: members/arena.php");
}
if (isset($_POST['sign_in'])) {
$email = $_POST['email'];
$password = $_POST['password'];
if (validateLogin($email, md5($password))) {
header("Location: ../pages/members/arena.php");
} else {
?>
<script>window.alert("Invalid email/password!")</script>
<?php
}
}
?>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<meta name="description" content="Connect all gamers together.">
<meta name="author" content="Ahmad Elsagheer and Ahmed Soliman">
<link rel="icon" href="../images/basic/web_icon.png">
*/
require_once __DIR__ . '/../bootstrap.php';
session_start();
if (!isSignedIn()) {
header('Location: sign_in.php');
exit;
}
try {
$user = getUser(getSignedInUser());
if (isset($user['creditcard_id']) && $user['creditcard_id'] != NULL) {
$card = getCreditCard($user['creditcard_id']);
}
// Sign in form postback
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Confirm that the user has provided the correct current password
if (validateLogin($_POST['user']['email'], $_POST['user']['current_password'])) {
$creditCardId = NULL;
$newPassword = NULL;
$newCard = array_map('trim', $_POST['user']['credit_card']);
$newValues = count(array_filter($newCard, 'strlen'));
// Update credit card info if new credit card data has been provided
if ($newValues > 0 && $newValues < 5) {
$message = "Please fill in all required credit card values.";
$messageType = "error";
} else {
if ($newValues == 5) {
$creditCardId = saveCard($newCard);
$card = getCreditCard($creditCardId);
}
}
// Update password if new password data has been provided
} else {
showPage($_SESSION['username'], $_SESSION['access'], validateNewRefund());
}
//if errors exist, show page again & fill in values
} else {
//form has not been submitted
showPage($_SESSION['username'], $_SESSION['access']);
//show page if user is logged in
}
} else {
showLogin('The current user is not authorized to view this page.');
//unauthenticated users get OWNED!!
}
} elseif ($_POST['username']) {
//if user has attempted to login, validate login
if (validateLogin($_POST['username'], $_POST['password'])) {
showPage($_SESSION['username'], $_SESSION['access']);
//valid user! Show page!
} else {
showLogin('Login invalid. Please try again');
}
} else {
//Else show login screen (no user is logged in and no login attempt has been made)
showLogin();
}
function uploadFiles()
{
/*
array (size=17)
'amount' => string '321' (length=3)
'payable' => string 'me' (length=2)
<?php
header('Content-Type: application/json');
//$json_signin_data = file_get_contents('php://input');
//$user_data = json_decode($json_signin_data);
$user_data->Email = $_REQUEST['Email'];
$user_data->Password = $_REQUEST['Password'];
require '../connection.php';
require 'functions.php';
if ($user_data->Email != '' && $user_data->Password != '') {
$isLoggedIn = validateLogin($user_data, $conn);
if ($isLoggedIn == 10003) {
$response = array('ResponseCode' => 10003, 'ResponseText' => 'Wrong Email/Password');
echo json_encode($response);
exit;
} elseif ($isLoggedIn == 10007) {
$response = array('ResponseCode' => 10007, 'ResponseText' => 'User has been blocked');
echo json_encode($response);
exit;
} elseif ($isLoggedIn['ResponseCode'] == 11111) {
$response = array('ResponseCode' => 11111, 'ResponseText' => 'Success for login', 'Merchantid' => $isLoggedIn['merchant_id'], 'MerchantName' => $isLoggedIn['merchant_name'], 'Latitude' => $isLoggedIn['latitude'], 'Longitude' => $isLoggedIn['longitude'], 'Points' => $isLoggedIn['points']);
echo json_encode($response);
exit;
}
} else {
$response = array('ResponseCode' => 10000, 'ResponseText' => 'Empty fields');
echo json_encode($response);
exit;
}
