public function control()
 {
     $this->setPageTitle('Log in');
     $this->setViewTemplate('session.login.tpl');
     $this->view_mgr->addHelp('login', 'userguide/accounts/index');
     $this->disableCaching();
     //don't show login form if already logged in
     if ($this->isLoggedIn()) {
         $controller = new DashboardController(true);
         return $controller->go();
     } else {
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
             if ($_POST['email'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['email'] == '') {
                     $this->addErrorMessage("Email must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $user_email = $_POST['email'];
                 if (get_magic_quotes_gpc()) {
                     $user_email = stripslashes($user_email);
                 }
                 $this->addToView('email', $user_email);
                 $owner = $owner_dao->getByEmail($user_email);
                 if (!$owner) {
                     $this->addErrorMessage("Incorrect email");
                     return $this->generateView();
                 } elseif (!$owner->is_activated) {
                     $this->addErrorMessage("Inactive account. " . $owner->account_status . ". " . '<a href="forgot.php">Reset your password.</a>');
                     return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $owner_dao->getPass($user_email))) {
                     //failed login
                     if ($owner->failed_logins >= 10) {
                         $owner_dao->deactivateOwner($user_email);
                         $owner_dao->setAccountStatus($user_email, "Account deactivated due to too many failed logins");
                     }
                     $owner_dao->incrementFailedLogins($user_email);
                     $this->addErrorMessage("Incorrect password");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($owner);
                     $owner_dao->updateLastLogin($user_email);
                     $owner_dao->resetFailedLogins($user_email);
                     $owner_dao->clearAccountStatus('');
                     $controller = new DashboardController(true);
                     return $controller->control();
                 }
             }
         } else {
             return $this->generateView();
         }
     }
 }
 /**
  * @return string
  */
 public function control()
 {
     $output = "";
     $authorized = false;
     if (isset($this->argc) && $this->argc > 2) {
         // check for CLI credentials
         $session = new Session();
         $streamer_method = $this->argv[1];
         $username = $this->argv[2];
         if ($this->argc > 3) {
             $pw = $this->argv[3];
         } else {
             $pw = getenv('THINKUP_PASSWORD');
         }
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         $owner = $owner_dao->getByEmail($username);
         $passcheck = $owner_dao->getPass($username);
         if ($session->pwdCheck($pw, $passcheck)) {
             $authorized = true;
             Session::completeLogin($owner);
         } else {
             $output = "ERROR: Incorrect username and password.";
         }
     } else {
         // check user is logged in on the web
         if ($this->isLoggedIn()) {
             $authorized = true;
         } else {
             $output = "ERROR: Invalid or missing stream method, username, and password.";
         }
     }
     if ($authorized) {
         $streamer = Streamer::getInstance();
         // print "have streamer method: $streamer_method\n";
         switch ($streamer_method) {
             case 'stream':
                 $streamer->stream();
                 break;
             case 'streamProcess':
                 $streamer->streamProcess();
                 break;
             case 'shutdownStreams':
                 $streamer->shutdownStreams();
                 break;
             default:
                 $output = "Error: could not identify stream method to run.";
         }
     }
     return $output;
 }
 public function control()
 {
     $this->setPageTitle('Log in');
     $this->setViewTemplate('session.login.tpl');
     $this->disableCaching();
     //don't show login form if already logged in
     if ($this->isLoggedIn()) {
         $controller = new DashboardController(true);
         return $controller->go();
     } else {
         $od = DAOFactory::getDAO('OwnerDAO');
         if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
             if ($_POST['email'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['email'] == '') {
                     $this->addErrorMessage("Email must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $user_email = $_POST['email'];
                 $this->addToView('email', $user_email);
                 $owner = $od->getByEmail($user_email);
                 if (!$owner) {
                     $this->addErrorMessage("Incorrect email");
                     return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $od->getPass($user_email))) {
                     $this->addErrorMessage("Incorrect password");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($owner);
                     $od->updateLastLogin($user_email);
                     $controller = new DashboardController(true);
                     return $controller->control();
                 }
             }
         } else {
             return $this->generateView();
         }
     }
 }
 public function go()
 {
     $this->setViewTemplate('admin_login.tpl');
     $this->addPageTitle('Log in');
     if ($this->isLoggedIn()) {
         header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/dashboard.php");
     } else {
         if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) {
             if ($_POST['username'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['username'] == '') {
                     $this->addErrorMessage("Username must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $username = $_POST['username'];
                 $this->addToView('username', $username);
                 $user = User::findByUsername($username);
                 if (!$user) {
                     $this->addErrorMessage("Incorrect username");
                     return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) {
                     $this->addErrorMessage("Incorrect password");
                     return $this->generateView();
                 } elseif (!$user->type) {
                     $this->addErrorMessage("You are not an administrator");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($user);
                     header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/login.php");
                 }
             }
         } else {
             $this->addPageTitle('Log in');
             return $this->generateView();
         }
     }
 }
 public function go()
 {
     $this->setViewTemplate('landingpage.tpl');
     $this->addPageTitle('Log in');
     if ($this->isLoggedIn()) {
         $controller = new LandingPageController();
         return $controller->go();
     } else {
         if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) {
             if ($_POST['username'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['username'] == '') {
                     $this->addErrorMessage("Username must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $username = $_POST['username'];
                 $this->addToView('username', $username);
                 $user = User::findByUsername($username);
                 if (!$user) {
                     header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=username");
                     //return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) {
                     header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=password");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($user);
                     header('Location:' . SOURCE_ROOT_PATH . "pages/home.php");
                 }
             }
         } else {
             $this->addPageTitle('Log in');
             return $this->generateView();
         }
     }
 }
    public function control() {
        $output = "";
        $authorized = false;

        if (isset($this->argc) && $this->argc > 1) { // check for CLI credentials
            $session = new Session();
            $username = $this->argv[1];
            if ($this->argc > 2) {
                $pw = $this->argv[2];
            } else {
                $pw = getenv('THINKUP_PASSWORD');
            }

            $owner_dao = DAOFactory::getDAO('OwnerDAO');
            $owner = $owner_dao->getByEmail($username);
            $passcheck = $owner_dao->getPass($username);
            if ($session->pwdCheck($pw, $passcheck)) {
                $authorized = true;
                Session::completeLogin($owner);
            } else {
                $output = "ERROR: Incorrect username and password.";
            }
        } else { // check user is logged in on the web
            if ( $this->isLoggedIn() ) {
                $authorized = true;
            } else {
                $output = "ERROR: Invalid or missing username and password.";
            }
        }

        if ($authorized) {
            $crawler = Crawler::getInstance();
            $crawler->crawl();
        }

        return $output;
    }
    public function testOfControllerGoodTokenMatchedNewPassword()
    {
        $time = strtotime('-1 hour');
        $q = <<<SQL
UPDATE #prefix#owners
SET password_token = '{$this->token}_{$time}'
WHERE id = 1;
SQL;
        $this->db->exec($q);
        $_POST['password'] = 'the same';
        $_POST['password_confirm'] = 'the same';
        $_GET['token'] = $this->token;
        $controller = new PasswordResetController(true);
        $result = $controller->go();
        $dao = DAOFactory::getDAO('OwnerDAO');
        $session = new Session();
        $this->assertTrue($session->pwdCheck($_POST['password'], $dao->getPass('me@example.com')));
    }
    public function testOfControllerGoodTokenMatchedNewPassword() {
        $dao = DAOFactory::getDAO('OwnerDAO');
        $dao->setAccountStatus("me@example.com", "Deactivated account");

        $time = strtotime('-1 hour');
        $q = <<<SQL
UPDATE #prefix#owners
SET password_token = '{$this->token}_{$time}'
WHERE id = 1;
SQL;
        $this->testdb_helper->runSQL($q);

        $_POST['password'] = 'the same';
        $_POST['password_confirm'] = 'the same';
        $_GET['token'] = $this->token;
        $controller = new PasswordResetController(true);
        $result = $controller->go();

        $session = new Session();

        $this->assertTrue($session->pwdCheck($_POST['password'], $dao->getPass('me@example.com')));
        $owner = $dao->getByEmail('me@example.com');
        $this->assertEqual($owner->account_status, '');
    }
Example #9
0
require_once "init.php";
$session = new Session();
if ($session->isLoggedIn()) {
    header("Location: ../index.php");
}
$db = new Database($THINKTANK_CFG);
$conn = $db->getConnection();
$od = new OwnerDAO($db);
$user_email = mysql_real_escape_string($_POST['email']);
$s = new SmartyThinkTank();
$s->caching = false;
if ($_POST['Submit'] == 'Login') {
    $result = $od->getForLogin($user_email);
    if (!$result) {
        header("Location: login.php?emsg=Invalid+email+or+password");
    } elseif (!$session->pwdCheck($_POST['pwd'], $result['pwd'])) {
        header("Location: login.php?emsg=Incorrect+email+or+password");
    } else {
        // this sets variables in the session
        $session->completeLogin($result);
        $od->updateLastLogin($user_email);
        if (isset($_GET['ret']) && !empty($_GET['ret'])) {
            header("Location: {$_GET['ret']}");
        } else {
            header("Location: " . $THINKTANK_CFG['site_root_path']);
        }
        exit;
    }
}
if (isset($_GET["emsg"])) {
    $emsg = $_GET["emsg"];
Example #10
0
chdir("..");
require_once 'config.webapp.inc.php';
ini_set("include_path", ini_get("include_path") . PATH_SEPARATOR . $INCLUDE_PATH);
require_once "init.php";
session_start();
$session = new Session();
if (!$session->isLoggedIn()) {
    header("Location: ../index.php");
}
$db = new Database($THINKTANK_CFG);
$conn = $db->getConnection();
$od = new OwnerDAO($db);
if ($_POST['changepass'] == 'Change Password') {
    $originalpass = $od->getPass($_SESSION['user']);
    $origpass = $originalpass['pwd'];
    if (!$session->pwdCheck($_POST['oldpass'], $origpass)) {
        $errormsg = "Old password does not match or empty.";
    } elseif ($_POST['pass1'] != $_POST['pass2']) {
        $errormsg = "New passwords did not match. Your password has not been changed.";
    } elseif (strlen($_POST['pass1']) < 5) {
        $errormsg = "New password must be at least 5 characters. Your password has not been changed.";
    } else {
        $cryptpass = $session->pwdcrypt($_POST['pass1']);
        $od->updatePassword($_SESSION['user'], $cryptpass);
        $successmsg = "Your password has been updated.";
    }
}
$id = new InstanceDAO($db);
$od = new OwnerDAO($db);
$cfg = new Config();
$s = new SmartyThinkTank();
Example #11
0
<?php

chdir("..");
require_once "common/init.php";
$authorized = false;
if (isset($argc) && $argc > 1) {
    // check for CLI credentials
    $session = new Session();
    $username = $argv[1];
    $pw = $argv[2];
    $od = new OwnerDAO($db);
    $result = $od->getForLogin($username);
    if ($session->pwdCheck($pw, $result['pwd'])) {
        $authorized = true;
        echo "Authorized to run crawler.";
    } else {
        echo "Incorrect username and password.";
    }
} else {
    // check user is logged in on the web
    session_start();
    $session = new Session();
    if ($session->isLoggedIn()) {
        $authorized = true;
    }
}
if ($authorized) {
    $crawler->crawl();
    if (isset($conn)) {
        $db->closeConnection($conn);
        // Clean up