function loginUser($benutzer, $passwort, $conid) { // Anweisung zusammenstellen $sql = "SELECT `Salt`, `Password`, `Fail` FROM `User` WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' AND `Closed` = 0"; // Anweisung an DB schicken $ergebnis = mysqli_query($conid, $sql); // Wurde ein Datensatz gefunden, existiert dieser Benutzername, also // prüfen wir ob die Anmeldedaten korrekt ist if (mysqli_num_rows($ergebnis) == 1) { $datensatz = mysqli_fetch_array($ergebnis); // Resourcen freigeben mysqli_free_result($ergebnis); // Anmeldepasswort vorbereiten $zusatz = $datensatz['Salt']; $hashed_pass = $datensatz['Password']; $anmeldepw = validateLogin($passwort, $hashed_pass, $zusatz); // Prüfen ob ein Datensatz gefunden wurde. In dem Fall stimmen die Anmeldedaten if ($anmeldepw == TRUE) { // Counter für Fehlversuche resetten if ($datensatz['Fail'] != 0) { $sql = "UPDATE `User` SET `Fail` = 0 WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' LIMIT 1"; mysqli_query($conid, $sql); } // Korrekte Anmeldung zurückgeben return true; } else { // Das angegebene Passwort war nicht korrekt, also gehen wir von einem Angriffsversuch aus // und erhöhen den Counter der fehlerhaften Anmeldeversuche $sql = "UPDATE `User` SET `Fail` = `Fail` + 1 WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' LIMIT 1"; mysqli_query($conid, $sql); // Abfragen ob das Limit von 10 Fehlversuche erreicht wurde und in diesem Fall ... $sql = "SELECT `Fail` FROM `User` WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "'"; $ergebnis = mysqli_query($conid, $sql); $anzahl = mysqli_fetch_array($ergebnis); mysqli_free_result($ergebnis); // ... das Konto deaktivieren if ($anzahl['Fail'] > 9) { $sql = "UPDATE `User` SET `Fail` = 0, `Closed` = 1 WHERE LOWER(`Name`) = '" . mysqli_real_escape_string($conid, $benutzer) . "' LIMIT 1"; mysqli_query($conid, $sql); } } } }
<?php function __autoload($class_name) { require_once '../objects/' . $class_name . '.php'; } if (isset($_POST['username']) && isset($_POST['password'])) { $isValidLogin = validateLogin($_POST['username'], $_POST['password']); $urlLocation = "../home.php"; if (!$isValidLogin) { $urlLocation = "../login.php?valid=false"; } header("Location: {$urlLocation}"); } function validateLogin($username, $password) { $isValidLogin = false; $password = md5($password); //create a connection and select the database $conn = mysql_connect(mydbinfo::$HOST, mydbinfo::$USER, mydbinfo::$PASSWORD) or die("DB Connection Failure: " . mysql_error()); mysql_select_db(mydbinfo::$DATABASE); //create and run the query $queryString = sprintf("SELECT * FROM users WHERE username='******' AND password='******' AND registered=1", mysql_real_escape_string($username), mysql_real_escape_string($password)); $result = mysql_query($queryString) or die("Query Error: " . mysql_error()); print "Num Rows: " + mysql_num_rows($result); if (mysql_num_rows($result) == 1) { echo "found result"; $row = mysql_fetch_assoc($result); $user = new AuthorisedUser($row['id'], $row['username'], $row['name'], $row['pic_url'], $row['website'], $row['bio']); session_start(); session_regenerate_id();
<?php include 'scripts/header.php'; validateLogin($loggedIn); ?> <!DOCTYPE html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <meta charset="utf-8"> <meta name="viewport" content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width"> <title></title> <link href="lib/ionic/css/ionic.css" rel="stylesheet"> <link href="css/style.css" rel="stylesheet"> <script src="lib/ionic/js/ionic.bundle.js"></script> <script src="lib/jquery-1.10.2.min.js"></script> <script src="js/app.js"></script> <script src="js/controllers.js"></script> <script src="js/services.js"></script> <script src="js/directives.js"></script> </head> <body ng-app="etiMobile"> <ion-nav-bar class="bar-positive"> <ion-nav-back-button> </ion-nav-back-button> </ion-nav-bar> <!--
<?php echo '<html>'; echo '<!-- Latest compiled and minified CSS --> <link rel="stylesheet" href="public/css/bootstrap.min.css" integrity="sha512-dTfge/zgoMYpP7QbHy4gWMEGsbsdZeCXz7irItjcC3sPUFtf0kuFbDz/ixG7ArTxmDjLXDmezHubeNikyKGVyQ==" crossorigin="anonymous"> <!-- Optional theme --> <link rel="stylesheet" href="public/css/bootstrap-theme.min.css" integrity="sha384-aUGj/X2zp5rLCbBxumKTCw2Z50WgIr1vs/PFN4praOTvYXWlVyh2UtNUU0KAUhAX" crossorigin="anonymous"> <!-- Latest compiled and minified JavaScript --> <script src="public/js/bootstrap.min.js" integrity="sha512-K1qjQ+NcF2TYO/eI3M6v8EiNYZfA95pQumfvcVrTHtwQVDG+aHRqLi/ETn2uB+1JqwYqVG3LIvdm9lj6imS/pQ==" crossorigin="anonymous"></script>'; enter(); echo '<form method="POST" action="http://localhost:8000"> <div class="form-group"> <label for="exampleInputLogin">Login:</label> <input type="text" class="form-control" id="exampleInputLogin" name="login"/><br/>' . validateLogin($_REQUEST['login']) . ' </div> <div class="form-group"> <label for="exampleInputPassword1">Password</label> <input type="text" class="form-control" id="exampleInputPassword" name="password"/></br>' . validatePassword($_REQUEST['password']) . ' </div> <input type="submit" class="btn btn-default" value="Send"/> </form>'; enter(); echo '<a href="/src/reg.php">Зарегистрируйтесь</a>'; echo '</html>'; /* http://getbootstrap.com/getting-started/#template - Sign-in page http://getbootstrap.com/examples/signin/ */ /*сделать форму регистрации*/
} else { } wp_reset_postdata(); if ($the_id != "") { $loggedIn = $the_id; } else { $loggedIn = false; } } return $loggedIn; } $location = home_url(); $tablebooking_page = $location . "/table-booking/"; // find order for logged in user if (isset($_POST['submit'])) { $loggedIn = validateLogin($_POST); if (!$loggedIn) { wp_redirect($tablebooking_page . "?error=true#login_form"); } else { $bookingID = $loggedIn; } } else { wp_redirect($tablebooking_page . "?error=true#login_form"); } ?> </div> </div><!--End top3_box_sub_left--> <br class="clearBoth"/> </div>
<?php require_once 'global.php'; if (isset($_POST['loginForm'])) { $username = $_POST['username']; $password = $_POST['password']; validateLogin($username, $password); }
if (isset($_POST['register'])) { include 'register.php'; $r = new Register(); if ($r) { //true if $r is not null if ($r->register()) { header("Location: succ_reg.html"); } } } if (isset($_POST['login'])) { $email = $_POST['email']; # $password = md5($_POST['password']); # $password = hash('sha256', $_POST['password']); $password = $_POST['password']; if (validateLogin($email, $password)) { header("Location: direct.php"); } else { echo 'invalid email/password'; } } function validateLogin($email, $password) { $db = new mysqli('localhost', 'root', '', 'Library'); $result = $db->query("SELECT * FROM Users WHERE email = '{$email}' && password = '******'"); if ($result->num_rows) { $result = $result->fetch_object(); $_SESSION['name'] = $result->name; $_SESSION['email'] = $result->email; return true; }
break; case 'get_dest_URL': $tripID = $_REQUEST['trip_id']; $result = getTripDetails($tripID); $placeID = $result['DestinationID']; echo getPlaceURL($placeID); break; case 'get_profile_pic': getUserProfilePic($_COOKIE['userID']); break; case 'add_user': addUser($_POST['first_name'], $_POST['last_name'], $_POST['email'], md5($_POST['password'])); break; case 'validate_user': $encrip_password = md5($_POST['password']); validateLogin($_POST['username'], $encrip_password); break; case 'get_driver_pic': $tripID = $_REQUEST['trip_id']; $details = getTripDetails($tripID); $user = $details['DriverID']; echo getUserProfilePic($user); break; case 'upload_profile_pic': upload_pp($_COOKIE['userID']); // Redirect to home-page header('Location: /pages/sr_profilePage.html'); break; case 'get_user_name': getUserName($_COOKIE['userID']); break;
<?php session_start(); error_reporting(E_ALL); require_once 'constants.php'; ini_set('display_errors', 1); $user_in = filter_input(INPUT_POST, "user", FILTER_SANITIZE_STRING); $pw_in = filter_input(INPUT_POST, "pw", FILTER_SANITIZE_STRING); $user = validateUser($user_in); $pw = validatePassword($pw_in); validateLogin($user, $pw); //========================================================= // Functions used to validate login credentials. //--------------------------------------------------------- function validateLogin($user, $pw) { global $url; if (doesUserDirectoryExist($user)) { // User Exists $pwFile = $GLOBALS['directory'] . "users/" . $user . "/pw.txt"; if (file_get_contents($pwFile) === $pw) { $_SESSION['logged_on'] = 1; $_SESSION['user'] = $user; header('Location: ' . $GLOBALS['url']); } else { echo "<font color=\"red\"><b>ERROR: Input did not match a registed username & password combination.</b></font><br>"; echo "(Main page will reload shortly...)\n"; echo "<script type=\"text/javascript\">\nreload_page=function() {\n\tlocation.replace(\"{$url}\");\n}\n"; echo "var intervalID = window.setInterval(reload_page, 5000);\n</script>\n"; } } else {
if ($f == "public_html") { break; } } define('ROOT_PATH', $mRootpath); error_reporting(E_ALL); ini_set("display_errors", 1); $database = @mysql_connect('mysql.eecs.ku.edu', $username, $password); if (!$database) { die('Could not connect: ' . mysql_error()); } if (!mysql_select_db($username, $database)) { die('Could not select database: ' . mysql_error()); } $user = $_POST['user']; $pass = $_POST['pass']; //Given username and password returns results of query. function validateLogin($user, $pass, $database) { $sql_query = 'SELECT * FROM USER WHERE user_id = "' . $user . '" AND password = "******"'; return mysql_query($sql_query, $database); } //Call to get recrods from user table. $result = validateLogin($user, $pass, $database); //Checks if record exists or not if (mysql_num_rows($result) == 0) { echo "NO"; } else { echo "YES"; } mysql_close($database);
<?php $contype = "dev"; $globalpath = "../../preprod/"; include_once "resizeclass.php"; include_once "connect.php"; include_once "errorconstants.php"; include_once "functions.php"; global $authuserid; if (!empty($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; echo $authuserid = validateLogin($username, $password); exit; } else { if (!function_exists('http_response_code')) { getStatusCode(401); exit; } } function generateResponse($issuccess, $message = NULL, $data = NULL) { $json = array(); $json['IsSuccess'] = $issuccess; if ($message != NULL) { $json['message'] = $message; } if ($data != NULL) { $json['item'] = $data; } return $json;
} else { echo "Vor-/Nachname, Benutzername, Passswort und Email müssen eingegeben werden."; } break; case "PwForgot": if (strlen($_REQUEST['Email']) > 0) { forgotPasswd($_REQUEST['Email']); } else { echo "Email muss eingegeben werden."; } break; default: if (!isset($_REQUEST['User']) || !isset($_REQUEST['Pw']) || strlen($_REQUEST['User']) == 0 || strlen($_REQUEST['Pw']) == 0) { echo "Benutzer und Passwort müssen eingegeben werden."; } else { if (!validateLogin($DBCONNECT, $_REQUEST['User'], $_REQUEST['Pw'])) { echo "Benutzer oder Passwort fehlerhaft"; } else { /** * LOGIN ERFOLGREICH * --------------------------------- * * AB HIER STANDARF-FUNKTIONALITÄT * FÜR REGISTRIERTE BENUTZER * * --------------------------------- */ $_SESSION['config']->CURRENTUSER->login($_REQUEST['User'], $_REQUEST['Pw']); $userId = $_SESSION['config']->CURRENTUSER->USERID; switch ($command) { case "updateGpsKoords":
$signup_message = ""; } // check username if ($username == null) { $signup_message = $signup_message . "<li>username is required</li>"; $username = ""; } // check password if ($password == null) { $signup_message = $signup_message . "<li>password is required</li>"; } else { if ($username != null) { // validate login $bValidatedLogin = false; try { $bValidatedLogin = validateLogin($username, $password); } catch (PDOException $e) { echo $e->getMessage() . "<br />"; $bValidatedLogin = false; } if (!$bValidatedLogin) { $signup_message = $signup_message . "<li>Login failed; username or password was not found</li>"; } } } // compile list if ($signup_message != "") { $signup_message = "<content>Found the following errors:</content><ul>" . $signup_message . "</ul>"; } else { // obviously nothing is wrong $signup_message = "successful";
<link href="../bootstrap/css/bootstrap.min.css" rel="stylesheet"> <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries --> <!-- WARNING: Respond.js doesn't work if you view the page via file:// --> <!--[if lt IE 9]> <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script> <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]--> </head> <body> <?php do_html_header(''); //padding checkLogout(); //check if logout button was clicked. validateLogin(); //check if username and password is submitted correctly. if ($_SESSION['isOn'] === 1) { display_userNavbar(); if ($_SESSION['userType'] == 'a') { ?> <div class='container'> <table> <tr> <td valign="top"><?php display_agentMenu(); ?> </td> <td> </td> <td><?php display_agentScreen();
<?php if (!isset($_SESSION)) { session_start(); } if (isset($_SESSION['email'])) { header("Location: members/arena.php"); } if (isset($_POST['sign_in'])) { $email = $_POST['email']; $password = $_POST['password']; if (validateLogin($email, md5($password))) { header("Location: ../pages/members/arena.php"); } else { ?> <script>window.alert("Invalid email/password!")</script> <?php } } ?> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> <meta name="description" content="Connect all gamers together."> <meta name="author" content="Ahmad Elsagheer and Ahmed Soliman"> <link rel="icon" href="../images/basic/web_icon.png">
*/ require_once __DIR__ . '/../bootstrap.php'; session_start(); if (!isSignedIn()) { header('Location: sign_in.php'); exit; } try { $user = getUser(getSignedInUser()); if (isset($user['creditcard_id']) && $user['creditcard_id'] != NULL) { $card = getCreditCard($user['creditcard_id']); } // Sign in form postback if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Confirm that the user has provided the correct current password if (validateLogin($_POST['user']['email'], $_POST['user']['current_password'])) { $creditCardId = NULL; $newPassword = NULL; $newCard = array_map('trim', $_POST['user']['credit_card']); $newValues = count(array_filter($newCard, 'strlen')); // Update credit card info if new credit card data has been provided if ($newValues > 0 && $newValues < 5) { $message = "Please fill in all required credit card values."; $messageType = "error"; } else { if ($newValues == 5) { $creditCardId = saveCard($newCard); $card = getCreditCard($creditCardId); } } // Update password if new password data has been provided
} else { showPage($_SESSION['username'], $_SESSION['access'], validateNewRefund()); } //if errors exist, show page again & fill in values } else { //form has not been submitted showPage($_SESSION['username'], $_SESSION['access']); //show page if user is logged in } } else { showLogin('The current user is not authorized to view this page.'); //unauthenticated users get OWNED!! } } elseif ($_POST['username']) { //if user has attempted to login, validate login if (validateLogin($_POST['username'], $_POST['password'])) { showPage($_SESSION['username'], $_SESSION['access']); //valid user! Show page! } else { showLogin('Login invalid. Please try again'); } } else { //Else show login screen (no user is logged in and no login attempt has been made) showLogin(); } function uploadFiles() { /* array (size=17) 'amount' => string '321' (length=3) 'payable' => string 'me' (length=2)
<?php header('Content-Type: application/json'); //$json_signin_data = file_get_contents('php://input'); //$user_data = json_decode($json_signin_data); $user_data->Email = $_REQUEST['Email']; $user_data->Password = $_REQUEST['Password']; require '../connection.php'; require 'functions.php'; if ($user_data->Email != '' && $user_data->Password != '') { $isLoggedIn = validateLogin($user_data, $conn); if ($isLoggedIn == 10003) { $response = array('ResponseCode' => 10003, 'ResponseText' => 'Wrong Email/Password'); echo json_encode($response); exit; } elseif ($isLoggedIn == 10007) { $response = array('ResponseCode' => 10007, 'ResponseText' => 'User has been blocked'); echo json_encode($response); exit; } elseif ($isLoggedIn['ResponseCode'] == 11111) { $response = array('ResponseCode' => 11111, 'ResponseText' => 'Success for login', 'Merchantid' => $isLoggedIn['merchant_id'], 'MerchantName' => $isLoggedIn['merchant_name'], 'Latitude' => $isLoggedIn['latitude'], 'Longitude' => $isLoggedIn['longitude'], 'Points' => $isLoggedIn['points']); echo json_encode($response); exit; } } else { $response = array('ResponseCode' => 10000, 'ResponseText' => 'Empty fields'); echo json_encode($response); exit; }