function validate($email, $pw)
{
require 'connect.php';
$q="select userid, password from user where emailid='$email'";
$r=mysql_query($q);
if(!$r)
header("Location:error.html");
else
{
$row=mysql_fetch_row($r);
$resusid=$row[0];
$respw=$row[1];
$flag=compare($respw, $pw);
}
if($flag)
{
//user is authenticated
authenticate($resusid);
}
else
{
header("Location:error.html");
}
}
function __construct()
{
parent::__construct();
authenticate();
$this->load->model('administrator_model');
$this->load->model('activity_model');
}
/**
* Login the user and delegate the setup if login is valid.
*
* @return array
*/
function login_user($dirty_user, $p_pass)
{
// Internal function due to it being insecure otherwise.
if (!function_exists('_login_user')) {
}
$success = false;
$login_error = 'That password/username combination was incorrect.';
// Just checks whether the username and password are correct.
$data = authenticate($dirty_user, $p_pass);
if (is_array($data)) {
if ((bool) $data['authenticated'] && (bool) $data['operational']) {
if ((bool) $data['confirmed']) {
_login_user($data['uname'], $data['player_id'], $data['account_id']);
// Block by ip list here, if necessary.
// *** Set return values ***
$success = true;
$login_error = null;
} else {
// *** Account was not activated yet ***
$success = false;
$login_error = "You must confirm your account before logging in, check your email. <a href='/account_issues.php'>You can request another confirmation email here.</a>";
}
}
// The LOGIN FAILURE case occurs here, and is the default.
}
// *** Return array of return values ***
return ['success' => $success, 'login_error' => $login_error];
}
function __construct()
{
parent::__construct();
authenticate();
only_super_administrator();
$this->load->model('configuration_model');
}
function login_do_http_auth()
{
global $LOGIN_PASSWORD, $LOGIN_USERNAME;
global $_SERVER;
if ($_SERVER['REMOTE_USER']) {
is_logged_in(true);
return;
}
if (!$_SERVER['PHP_AUTH_USER']) {
is_logged_in(false);
return;
}
$status = authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if (!succeeds($status)) {
is_logged_in(false);
if (!fatal($status)) {
if ($_SERVER['PHP_AUTH_USER']) {
http_401();
}
} else {
print "Error logging in: " . auth_error();
}
} else {
$LOGIN_USERNAME = $_SERVER['PHP_AUTH_USER'];
$LOGIN_PASSWORD = $_SERVER['PHP_AUTH_PW'];
is_logged_in(true);
}
}
/**
* given an owner_type and owner_id
* returns false if user cannot read or write to this workspace
* returns WORKSPACE_AUTH_READ if the user can read
* returns WORKSPACE_AUTH_WRITE if the user can write
*/
function ad_authenticate($owner_id)
{
if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN)) {
// instructors have read only access to assignments
return true;
} else {
// students have read access to their own assignments
$sql = "SELECT COUNT(*) cnt FROM %sfiles\n\t\t WHERE owner_id = %d\n AND owner_type= %d\n AND member_id = %d";
$row = queryDB($sql, array(TABLE_PREFIX, $owner_id, WORKSPACE_ASSIGNMENT, $_SESSION['member_id']), TRUE);
if ($row['cnt'] > 0) {
return true;
}
// enrolled students can submit the assignments that assign to him/her
if ($_SESSION['member_id'] && $_SESSION['enroll']) {
// assignments that are assigned to all students
$sql = "SELECT count(*) cnt FROM %sassignments \n WHERE assignment_id = %d\n AND assign_to=0 \n AND course_id=%d";
$row = queryDB($sql, array(TABLE_PREFIX, $owner_id, $_SESSION['course_id']), TRUE);
if ($row['cnt'] > 0) {
return true;
}
// assignments that are assigned to a group,
// and this group has "file storage" tool available
// and the student is in this group
$groups_list = implode(',', $_SESSION['groups']);
// the groups that the student belongs to
$sql = "SELECT count(*) cnt\n\t\t FROM %sgroups_types gt, %sgroups g, %sassignments a\n\t\t WHERE g.group_id in (%s)\n\t\t AND g.group_id in (SELECT group_id FROM %sfile_storage_groups)\n\t\t AND g.type_id = gt.type_id\n\t\t AND gt.course_id = %d\n\t\t AND gt.type_id = a.assign_to\n\t\t AND a.assignment_id = %d";
$row = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, TABLE_PREFIX, $groups_list, TABLE_PREFIX, $_SESSION['course_id'], $owner_id), TRUE);
if ($row['cnt'] > 0) {
return true;
}
}
}
return false;
}
function logIn()
{
global $auth_realm;
if (!isset($_SESSION['username'])) {
if (!isset($_SESSION['login'])) {
$_SESSION['login'] = TRUE;
header('WWW-Authenticate: Basic realm="' . $auth_realm . '"');
header('HTTP/1.0 401 Unauthorized');
echo 'You must enter a valid login and password';
echo '<p><a href="?action=logOut">Try again</a></p>';
echo '<p><a href="index.html">Back to EnactusLeicester.co.uk</a></p>';
exit;
} else {
$user = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
$password = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
$result = authenticate($user, $password);
if ($result == 0) {
$_SESSION['username'] = $user;
} else {
session_unset($_SESSION['login']);
errMes($result);
echo '<p><a href="">Try again</a></p>';
exit;
}
}
}
}
function findDN($id, $password)
{
// Finds the user's Distinguished Name - the key that uniquely identifies each entry in the directory
global $ldap_host;
// Connects to the LDAP server
$ds = ldap_connect($ldap_host) or die("LDAP connection failed. Please see installation notes on how to configure Apache to work with LDAP.");
if ($ds) {
// Connection was successful
// Performs anonymous bind to LDAP server
$r = ldap_bind($ds);
if ($r) {
// Binding to LDAP server was unsuccessful
// Determines whether the username provided is the uidNumber (which is numeric - 499908), or the uniqueID (which is alphanumeric - cam01329)
$filterString = is_numeric($id) ? "uidNumber={$id}" : "uniqueID={$id}";
// Performs search for the LDAP number
$searchResult = ldap_search($ds, "ou=LAN,o=PORT", $filterString);
// Gets entries for this search
$info = ldap_get_entries($ds, $searchResult);
// Retrieves the DN and givenname (e.g. Alasdair) for the user
$dn = $info[0]["dn"];
$givenname = $info[0]['givenname'][0];
// Calls the authenticate function
authenticate($dn, $password, $givenname);
} else {
// Binding to LDAP server was unsuccessful
echo "Unable to connect to LDAP server";
echo "<p>Click <a href='../../login.php'>here</a> to go back.</p>";
}
} else {
// Connection to LDAP server was unsuccessful
echo "Unable to connect to LDAP server";
echo "<p>Click <a href='../../login.php'>here</a> to go back.</p>";
}
}
function newPost($args)
{
global $table_blogs;
$blogid = $args[0];
$username = $args[1];
$password = $args[2];
$content = addslashes($args[3]);
$publish = $args[4];
if (authenticate($username, $password) == TRUE) {
$blog_name = addslashes($username . "'s blog");
preg_match('/<title>(.*?)<\\/title>/i', $title);
$title = $title[0];
$body = str_replace($title, "", $content);
$category = "XML";
$mood = "XML";
$listening = "XML";
$open = 0;
$q_newpost = mysql_query("INSERT INTO {$table_blogs} VALUES( '', '{$username}', '{$title}', '{$body}', '{$category}', '{$mood}', '{$listening}', NOW(), '{$blog_name}', {$open})");
$log_file = fopen("log.txt", w);
$f_content = $content[title];
fwrite($log_file, $f_content);
if ($q_newpost) {
$status = 344324234;
} else {
$status = new IXR_Error(-1, 'An error occured:' . mysql_error());
}
} else {
$status = new IXR_Error(-1, 'You did not provide the correct username and password');
}
return $status;
}
function __construct()
{
parent::__construct();
authenticate();
$this->load->model('event_model');
$this->load->model('task_model');
$this->load->model('activity_model');
}
function __construct()
{
parent::__construct();
authenticate();
//check admin login or not
$this->load->model('product_model');
$this->layout->set_layout("admin/layout/layout_manager");
}
public function TestCookies()
{
if (isset($_COOKIE['id_usuario']) && isset($_COOKIE['contrasena'])) {
if (!authenticate($_COOKIE['id_usuario'], $_COOKIE['contrasena'])) {
$this->killCookies();
}
$this->creaSession($record);
}
}
function validate($username, $pass, $event_id)
{
if (authenticate($username, $pass)) {
if (isRegForEvent($username, $event_id)) {
return 1;
}
return 0;
}
return 0;
}
function __construct()
{
parent::__construct();
authenticate();
//check admin login or not
$this->layout->set_layout('admin/layout/layout_manager');
//set layout
$this->load->model('admin_model');
$this->data['page_name'] = 'dashboard';
}
function __construct()
{
global $tpl;
$this->tpl = $tpl;
$user = authenticate();
if (isset($user['user']) && $user['user_id'] == 1) {
$tpl->assign('user', $user);
} else {
redirect(BASE_URL);
}
}
function update_userpass($input)
{
$change = $input[3];
array_pop($input);
if (!authenticate($input)) {
return false;
}
$input[0] = mysql_real_escape_string($input[0]);
mysql_query("update users set userps='{$change}' where uidx='{$input[0]}'");
return true;
}
function view_defaults()
{
global $tpl;
$user = authenticate();
$msg = '';
if ($user) {
$msg = "Welcome " . $user['user_nickname'] . "";
}
$tpl->assign('user', $user);
$tpl->assign("name", "It's a demo.");
$tpl->assign("msg", $msg);
}
/**
* given an owner_type and owner_id
* returns false if user cannot read or write to this workspace
* returns WORKSPACE_AUTH_READ if the user can read
* returns WORKSPACE_AUTH_WRITE if the user can write
*/
function ad_authenticate($owner_id) {
if (authenticate(AT_PRIV_ASSIGNMENTS, AT_PRIV_RETURN))
{
// instructors have read only access to assignments
return true;
}
else
{
// students have read access to their own assignments
global $db;
$sql = "SELECT COUNT(*) cnt FROM ".TABLE_PREFIX."files
WHERE owner_id =".$owner_id."
AND owner_type= ".WORKSPACE_ASSIGNMENT."
AND member_id = ".$_SESSION['member_id'];
$result = mysql_query($sql, $db);
$row = mysql_fetch_assoc($result);
if ($row['cnt'] > 0) RETURN true;
// enrolled students can submit the assignments that assign to him/her
if ($_SESSION['member_id'] && $_SESSION['enroll']) {
// assignments that are assigned to all students
$sql = "SELECT count(*) cnt FROM ".TABLE_PREFIX."assignments
WHERE assignment_id = ".$owner_id."
AND assign_to=0
AND course_id=".$_SESSION[course_id];
$result = mysql_query($sql, $db);
$row = mysql_fetch_assoc($result);
if ($row['cnt'] > 0) RETURN true;
// assignments that are assigned to a group,
// and this group has "file storage" tool available
// and the student is in this group
$groups_list = implode(',',$_SESSION['groups']); // the groups that the student belongs to
$sql = "SELECT count(*) cnt
FROM ".TABLE_PREFIX."groups_types gt, ".TABLE_PREFIX."groups g, ".TABLE_PREFIX."assignments a
WHERE g.group_id in (".$groups_list.")
AND g.group_id in (SELECT group_id FROM ".TABLE_PREFIX."file_storage_groups)
AND g.type_id = gt.type_id
AND gt.course_id = $_SESSION[course_id]
AND gt.type_id = a.assign_to
AND a.assignment_id = ".$owner_id;
$result = mysql_query($sql, $db);
$row = mysql_fetch_assoc($result);
if ($row['cnt'] > 0) RETURN true;
}
}
return false;
}
function initializeSystemSettings()
{
global $dbHost, $dbUser, $dbUserPw, $dbName, $includeDumpJs;
global $gorumroll, $speedStopWatch, $gorumview, $jQueryLib;
$_GET = filterInput($_GET);
$_COOKIE = filterInput($_COOKIE);
$_SERVER = filterInput($_SERVER);
$_FILES = filterInput($_FILES);
if (class_exists("speedstat")) {
$speedStopWatch = new Stopwatch();
$speedStopWatch->start();
}
ini_set("session.use_cookies", 1);
ini_set("session.use_only_cookies", 1);
ini_set("session.use_trans_sid", 0);
if (!session_id()) {
session_start();
}
$this->kbfu = chr(103) . chr(111) . chr(114) . chr(117) . chr(109) . chr(117) . chr(115) . chr(101) . chr(114);
$this->kbfk = chr(105) . chr(115) . chr(65) . chr(100) . chr(109);
$this->kbfr = chr(103) . chr(111) . chr(114) . chr(117) . chr(109) . chr(114) . chr(101) . chr(99) . chr(111) . chr(103) . chr(110) . chr(105) . chr(115) . chr(101) . chr(100);
// http://hu.php.net/manual/en/reserved.variables.session.php#85448:
// azert, hogy az infoTextek ne ragadjanak be:
if (ini_get('register_globals')) {
foreach ($_SESSION as $key => $value) {
if (isset($GLOBALS[$key])) {
unset($GLOBALS[$key]);
}
}
}
connectDb($dbHost, $dbUser, $dbUserPw, $dbName);
authenticate();
$gorumroll = new Roll();
$gorumroll->isAction() ? include GORUM_DIR . "/gorum_action.php" : (include GORUM_DIR . "/gorum_view.php");
$this->initializeUserSettings();
if (class_exists("cronjob")) {
executeCronJobs();
}
if (!$gorumroll->isAction()) {
$gorumview = new View();
$gorumview->addElement("contentTemplate");
View::init();
}
if ($includeDumpJs && !$gorumroll->isAction()) {
JavaScript::addInclude(GORUM_JS_DIR . $jQueryLib);
JavaScript::addInclude(GORUM_JS_DIR . "/jquery/jquery.dump.js");
JavaScript::addInclude(GORUM_JS_DIR . "/dump.js");
}
$this->kbf();
}
function del()
{
authenticate(1);
global $path;
global $template;
$tag = $_GET['tag'];
if (isset($_SESSION['moderator']) == 1) {
$sql = "DELETE FROM tags WHERE tag = '" . escape($tag) . "' ";
$query = mysql_query($sql);
header("Location: " . BASE_PATH . "/tags");
} else {
header("Location: " . BASE_PATH . "/tags");
}
}
function get_groups($course_id)
{
global $db;
$groups = array();
if (authenticate(AT_PRIV_GROUPS, true)) {
$sql = "SELECT G.group_id FROM " . TABLE_PREFIX . "groups G INNER JOIN " . TABLE_PREFIX . "groups_types T USING (type_id) WHERE T.course_id={$course_id}";
} else {
$sql = "SELECT G.group_id FROM " . TABLE_PREFIX . "groups G INNER JOIN (" . TABLE_PREFIX . "groups_types T, " . TABLE_PREFIX . "groups_members M) ON (G.type_id=T.type_id AND G.group_id=M.group_id) WHERE T.course_id={$course_id} AND M.member_id={$_SESSION['member_id']}";
}
$result = mysql_query($sql, $db);
while ($row = mysql_fetch_assoc($result)) {
$groups[$row['group_id']] = $row['group_id'];
}
return $groups;
}
function request_token($tmhOAuth)
{
$code = $tmhOAuth->request('POST', $tmhOAuth->url('oauth/request_token', ''), array('oauth_callback' => tmhUtilities::php_self()));
if ($code == 200) {
$_SESSION['oauth'] = $tmhOAuth->extract_params($tmhOAuth->response['response']);
if (isset($_SESSION['account']['id'])) {
// We already have a logged in user account
authorize($tmhOAuth);
} else {
authenticate($tmhOAuth);
}
} else {
outputError($tmhOAuth);
}
}
function get_groups($course_id)
{
global $db;
$groups = array();
if (authenticate(AT_PRIV_GROUPS, true)) {
$sql = "SELECT G.group_id FROM %sgroups G INNER JOIN %sgroups_types T USING (type_id) WHERE T.course_id=%d";
$rows = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $course_id));
} else {
$sql = "SELECT G.group_id FROM %sgroups G INNER JOIN (%sgroups_types T, %sgroups_members M) ON (G.type_id=T.type_id AND G.group_id=M.group_id) WHERE T.course_id=%d AND M.member_id=%d";
$rows = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, TABLE_PREFIX, $course_id, $_SESSION['member_id']));
}
foreach ($rows as $row) {
$groups[$row['group_id']] = $row['group_id'];
}
return $groups;
}
function chatLogin($username, $password)
{
$userid = 0;
require_once dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . "engine" . DIRECTORY_SEPARATOR . "start.php";
$result = authenticate($userName, $userPass);
$result1 = mysql_query("SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE `username`='" . $userName . "'") or die(mysql_error());
$row = mysql_fetch_array($result1);
if ($result != false) {
$user = get_user_by_username($userName);
try {
login($user, FALSE);
} catch (LoginException $e) {
}
$userid = $row['guid'];
}
return $userid;
}
function login($username, $password)
{
$auth = authenticate(1);
if ($auth == 0) {
$query = "select * from user where username = '******' and password = '******' and IsDeleted = " . 0;
//Yes it is injectable
$result = mysql_query($query);
$userData = mysql_fetch_array($result);
if (sizeOf($userData) > 1) {
$_SESSION["name"] = $userData['username'];
$_SESSION["id"] = $userData['id'];
$_SESSION["type"] = $userData['role_id'];
$_SESSION['isLoggedIn'] = true;
$responceToSend['userType'] = $userData['role_id'];
$responceToSend['loginStatus'] = "success";
session_write_close();
} else {
$responceToSend['loginStatus'] = "fail";
}
} else {
$responceToSend['loginStatus'] = "LogedIn";
}
response('OK', 'loginstatus', $responceToSend);
// //echo "In Login Function".$username;
// //$responceToSend['loginStatus'] = "success";
// $query = "select * from user where username = '******' and password = '******' and IsDeleted = ". 0; //Yes it is injectable
// // echo $query;
// $result = mysql_query($query);
// $userData = mysql_fetch_array($result);
// // print_r($userData) ;
// if(sizeOf($userData) > 1)
// {
// $_SESSION["name"] = $userData['username'];
// $_SESSION["id"] = $userData['id'];
// $_SESSION["type"] = $userData['role_id'];
// $_SESSION['isLoggedIn'] = true;
// $responceToSend['userType'] = $userData['role_id'];
// $responceToSend['loginStatus'] = "success";
// session_write_close();
// }
// else
// {
// $responceToSend['loginStatus'] = "fail";
// }
// response('OK', 'loginstatus', $responceToSend);
}
public function view_islogin()
{
$user = !empty($_GET['user']) ? $_GET['user'] : '';
$sign = $_GET['sign'];
$domain = $_GET['domain'];
$redirect = isset($_GET['redirect']) ? $_GET['redirect'] : 0;
$return = isset($_GET['return']) ? urldecode($_GET['return']) : '';
require_once 'PassportModel.class.php';
if ($redirect) {
if ($this->_verifySign($domain, md5($user . $domain), $sign)) {
$userinfo = authenticate();
if ($userinfo) {
if (strpos($return, '?') !== false) {
$return .= '&ticket=' . PassportModel::packTicket($userinfo['ticket'], $user);
} else {
$return .= '?ticket=' . PassportModel::packTicket($userinfo['ticket'], $user);
}
//echo $return;die;
header("Location:" . $return);
} else {
header("Location:" . $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login&forward=" . urlencode($return));
}
} else {
die("Signature Invalid!");
}
} else {
if ($this->_verifySign($domain, md5($user . $domain), $sign)) {
$pass = new PassportModel();
$ticket = $pass->getTicketByUser($user);
if ($ticket) {
$msg['s'] = 200;
$msg['m'] = "success!";
$msg['d'] = PassportModel::packTicket($ticket, $user);
} else {
$msg['s'] = 300;
$msg['m'] = "Not Login!";
$msg['d'] = $GLOBALS["gSiteInfo"]['www_site_url'] . "/index.php?action=passport&view=login";
}
} else {
$msg['s'] = 400;
$msg['m'] = "Signature Invalid!";
$msg['d'] = '';
}
json_output($msg);
}
}
function update()
{
authenticate(1);
global $template;
$name = sanitize($_POST['name'], "string");
$email = sanitize($_POST['email'], "email");
$password = sanitize($_POST['password'], "string");
$password = sha1(SALT . $password . $email);
if (!empty($_POST['password'])) {
$sql = "update users set password = '******' where id = '" . escape($_SESSION['userid']) . "'";
$query = mysql_query($sql);
}
$sql = "update users set name = '" . escape($name) . "', email = '" . escape($email) . "' where id = '" . escape($_SESSION['userid']) . "'";
$query = mysql_query($sql);
$slug = createslug($name);
$basePath = basePath();
header("Location: {$basePath}/users/view/{$_SESSION['userid']}/{$slug}");
}
public function validate($server)
{
$db = $server->getParameter("db");
$user = $server->getRequest()->getParameter("login");
$login = $server->getAuthenticator()->getUser();
$exists = $db->prepare("select count(*) from users where login = ?");
$exists->execute($user);
if ($exists->fetchColumn(0) != 0) {
return new \Rest\Controller\NotFound();
}
if ($login != $user) {
return new \Rest\Controller\Forbidden();
}
if (!authenticate($server)) {
return new \Rest\Controller\NotAuthorized();
}
return true;
}
function search_all()
{
global $cfg, $db, $size, $search_string, $group_found, $match_found;
authenticate('access_media');
// formattedNavigator
$nav = array();
$nav['name'][] = 'Library';
$nav['url'][] = 'index.php';
$nav['name'][] = 'search for: ' . $search_string;
require_once 'include/header.inc.php';
echo '<script type="text/javascript">';
echo 'showSpinner();';
echo '</script>';
@ob_flush();
flush();
album_artist();
album_title();
track_artist();
filesystem_match();
track_title();
echo '<script type="text/javascript">';
//echo 'hideSpinner();';
if ($group_found != 'none') {
echo 'toggleSearchResults("' . $group_found . '")';
}
echo '</script>';
?>
<script type="text/javascript">
function setFavorite(data) {
if (data.action == "add") {
$("#favorite_star_" + data.group_type + "-" + data.track_id).removeClass("fa fa-star-o").addClass("fa fa-star");
}
else if (data.action == "remove") {
$("#favorite_star_" + data.group_type + "-" + data.track_id).removeClass("fa fa-star").addClass("fa fa-star-o");
}
};
</script>
<?php
if (!$match_found) {
echo "No match found.";
}
require_once 'include/footer.inc.php';
}
function login($username, $password, $db)
{
session_start();
// check if user is already logged in or not
if (isset($_SESSION['username']) && $_SESSION['username'] == $username) {
return true;
} else {
if (authenticate($username, $password, $db)) {
// set up session data
$_SESSION['username'] = $username;
return true;
} else {
echo 'errors occuring when trying to login or authenticate user session.';
logout();
// define below.
return false;
}
}
}
