function __construct($username, $password) { //if user is authenticated successfully, sets the session to username if (authenticateUser($username, $password)) { $_SESSION["username"] = $username; } else { throw new Exception("Login Failed!"); } }
function checkLogin($loginUsername, $loginPassword, $connection) { if (authenticateUser($loginUsername, $loginPassword, $connection)) { registerLogin($loginUsername); // Clear the formVars so a future <form> is blank unset($_SESSION["loginFormVars"]); unset($_SESSION["loginErrors"]); header("Location: " . S_MAIN); exit; } else { // Register an error message $_SESSION["message"] = "Username or password incorrect. Login failed."; header("Location: " . S_LOGIN); exit; } }
<?php if (!isset($_SERVER['PHP_AUTH_USER'])) { Header("WWW-Authenticate: Basic realm=\"You must Log In!\""); Header("HTTP/1.0 401 Unauthorized"); exit; } include_once "include_db.php"; include_once "include_functions.php"; $USERNAME = $_SERVER["PHP_AUTH_USER"]; $USERPASS = $_SERVER["PHP_AUTH_PW"]; if (authenticateUser($USERNAME, $USERPASS)) { $_SESSION["uname"] = $USERNAME; } else { echo "Invalid Username or Password!"; unset($_SERVER); exit; } $GLOBAL_VAR_SUBDOMAIN = $_SESSION["subdomain"]; $GLOBAL_VAR_SUBDOMAINUSER = $_SESSION["uname"]; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> <?php $CLIENTNAME = getVariableFromMasterSubdomainRow('clientName'); echo $CLIENTNAME . " - " . APPNAME; // <meta name="apple-touch-fullscreen" content="YES" /> ?> </title>
/** * authenticate a username and password using Basic HTTP Authentication * * This function uses authenticateUser(), for authentication, but retrives the userName and password provided via basic auth. * @return bool return true if the user is already logged in or the basic HTTP auth username and password credentials match a user in the database return false if they don't * @TODO Security audit for this functionality * @TODO Do we really need a return value here? * @TODO should we reauthenticate the user even if already logged in? * @TODO do we need to set the user language and other jobs done in login.php? Should that loading be moved to a function called from the authenticateUser function? */ function basicHTTPAuthenticateUser() { global $pgv_lang; $user_id = getUserId(); if (empty($user_id)) { //not logged in. if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !authenticateUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], true)) { header('WWW-Authenticate: Basic realm="' . $pgv_lang["basic_realm"] . '"'); header('HTTP/1.0 401 Unauthorized'); echo $pgv_lang["basic_auth_failure"]; exit; } } else { //already logged in or successful basic authentication return true; //probably not needed } }
} if (checkMandatory("newPassword1", "first new password", "pwdErrors", "pwdFormVars")) { checkMinAndMaxLength("newPassword1", 6, 8, "first new password", "pwdErrors", "pwdFormVars"); } if (checkMandatory("newPassword2", "second new password", "pwdErrors", "pwdFormVars")) { checkMinAndMaxLength("newPassword2", 6, 8, "second new password", "pwdErrors", "pwdFormVars"); } // Did we find no errors? Ok, check the new passwords are the // same, and that the current password is different. // Then, check the current password. if (count($_SESSION["pwdErrors"]) == 0) { if ($_SESSION["pwdFormVars"]["newPassword1"] != $_SESSION["pwdFormVars"]["newPassword2"]) { $_SESSION["pwdErrors"]["newPassword1"] = "The new passwords must match."; } elseif ($_SESSION["pwdFormVars"]["newPassword1"] == $_SESSION["pwdFormVars"]["currentPassword"]) { $_SESSION["pwdErrors"]["newPassword1"] = "The password must change."; } elseif (!authenticateUser($_SESSION["loginUsername"], $_SESSION["pwdFormVars"]["currentPassword"], $connection)) { $_SESSION["pwdErrors"]["currentPassword"] = "******"; } } // Now the script has finished the validation, // check if there were any errors if (count($_SESSION["pwdErrors"]) > 0) { // There are errors. Relocate back to the password form header("Location: " . S_PASSWORD); exit; } // Create the encrypted password $stored_password = md5(trim($_SESSION["pwdFormVars"]["newPassword1"])); // Update the user row $query = "UPDATE users SET password = '******'\n WHERE user_name = '{$_SESSION["loginUsername"]}'"; $result = $connection->query($query);
} } else { $out = FAILED; } } else { $out = FAILED; } } else { $out = FAILED; } } else { $out = FAILED; } break; case "responseOfDeviceReqs": $userId = authenticateUser($db, $username, $password); if ($userId != NULL) { $sqlApprove = NULL; $sqlDiscard = NULL; if (isset($_REQUEST['approvedDevices'])) { $deviceNames = split(",", $_REQUEST['approvedDevices']); $deviceCount = count($deviceNames); $deviceNamesQueryPart = NULL; for ($i = 0; $i < $deviceCount; $i++) { if (strlen($deviceNames[$i]) > 0) { if ($i > 0) { $deviceNamesQueryPart .= ","; } $deviceNamesQueryPart .= "'" . $deviceNames[$i] . "'"; } }
<?php error_reporting(E_ALL); ini_set('include_path', '.:/Library/WebServer/Documents/gloasis'); session_start(); if (isset($_REQUEST['username'])) { include "login/user_auth.php"; $login = authenticateUser($_POST['username'], $_POST['password']); } if (isset($_SESSION['user_id'])) { $loggedIn = 1; } else { $loggedIn = 0; } include "controllers/home.php"; ?> <!DOCTYPE html> <html> <head> <script type="text/javascript" src="jQuery/jquery-2.1.0.min.js"></script> <title>Gloasis</title> <link rel="stylesheet" href="styles/stylesheet.css" /> <script type="text/javascript"> logout = function() { window.location.href = "http://localhost/gloasis/modules/home/logout.php"; } </script> <script type="text/javascript" src="feed/submit_new_word.js"></script> </head> <body> <div class="header">
$action = safe_REQUEST($_REQUEST, 'action'); // The following actions can be performed without being connected. switch ($action) { case '': addDebugLog("ERROR 1: No action specified."); print "ERROR 1: No action specified.\n"; exit; case 'version': addDebugLog($action . " SUCCESS\n" . PGV_VERSION_TEXT . "\n"); print "SUCCESS\n" . PGV_VERSION_TEXT . "\n"; exit; case 'connect': $username = safe_REQUEST($_REQUEST, 'username'); if ($username) { $password = safe_REQUEST($_REQUEST, 'password'); $user_id = authenticateUser($username, $password); if ($user_id) { $stat = newConnection(); if ($stat !== false) { addDebugLog($action . " username={$username} SUCCESS\n" . $stat); print "SUCCESS\n" . $stat; } $_SESSION['connected'] = $user_id; } else { addDebugLog($action . " username={$username} ERROR 10: Username and password key failed to authenticate."); print "ERROR 10: Username and password key failed to authenticate.\n"; } } else { $stat = newConnection(); if ($stat !== false) { addDebugLog($action . " SUCCESS\n" . $stat);
$filename = "top10-temps-longitude-moscow " . date("Y-m-d"); exportCSV($query, $headerArray, $filename); } else { $statement->execute(); $results = $statement->fetchAll(PDO::FETCH_ASSOC); $app->response->headers->set('Content-Type', 'application/json'); $json = json_encode($results); echo $json; } }); /* Third: Rainfall in the world of any weatherstation of the current day (from the current time till 00:00, going back) */ $app->get('/rainfall/:station', authenticateUser(), function ($station) use($app) { $export = isset($_GET['export']) ? $_GET['export'] : false; $conn = Connection::getInstance(); $query = "\n SELECT time, prcp\n FROM measurements\n WHERE stn = {$station}\n AND date = '" . date("Y-m-d") . "'\n ORDER BY time ASC"; if ($export == "true") { $stmt = $conn->db->prepare("Select name from stations where stn = :stn"); $stmt->execute([':stn' => $station]); $res = $stmt->fetchAll(); $name = $station; if (count($res) > 0) { $name = $res[0]['name']; } $headerArray = array('time', 'Prcp'); $filename = "Rainfall_{$name}_" . date("Y-m-d"); exportCSV($query, $headerArray, $filename); } else {
if ($login_wordpress == TRUE) { if (WordpressAuthenticateUser()) { wp_get_current_user(); $user_id = $current_user->ID; $username = $current_user->user_login; $rand_cookie = rand(1, 99999); $enc_cookie = md5($rand_cookie); $usercookie = $user_id . "." . $enc_cookie; setcookie("usercookie", $usercookie, time() + 3600 * 24 * 30, $app_dir); setcookie("username", $username, time() + 3600 * 24 * 30, $app_dir); // Relocate back to where you came from header("Location: {$where_to}"); die; } } else { if (authenticateUser($connection, $username, $password)) { // Record each time the user logs in $IP = $_SERVER["REMOTE_ADDR"]; $query = "SELECT UserID as user_id FROM Users WHERE UserName = '******'"; $result = mysqli_query($connection, $query) or die(mysqli_error($connection)); $row = mysqli_fetch_array($result, MYSQL_ASSOC); extract($row); //Set cookie and session $rand_cookie = rand(1, 99999); $enc_cookie = md5($rand_cookie); $usercookie = $user_id . "." . $enc_cookie; setcookie("usercookie", $usercookie, time() + 3600 * 24 * 30, $app_dir); setcookie("username", $username, time() + 3600 * 24 * 30, $app_dir); //Insert cookie to database $remote_host = $_SERVER['REMOTE_ADDR']; $query = "INSERT INTO Cookies (`user_id` ,`cookie`, `hostname`, `TimeStamp`) VALUES \n\t\t\t\t('{$user_id}', '{$enc_cookie}', '{$remote_host}', NOW())";
Updated: */ require_once "includes/authentication.inc"; require_once "includes/db.inc"; // Get a connection to the database. if (!($connection = @mysql_connect($hostName, $username, $password))) { die("Could not connect to database"); } // Now that we are connected, select the correct database. if (!mysql_select_db($databaseName, $connection)) { showerror(); } $user_name = mysqlclean($_POST, "username", 25, $connection); $pass1 = mysqlclean($_POST, "password", 16, $connection); session_start(); // Authenticate the user. if (authenticateUser($connection, $user_name, $pass1)) { //Register the username $_SESSION["loggedinUserName"] = $user_name; //Register the current IP address of the user. $_SESSION["loginIP"] = $_SERVER["REMOTE_ADDR"]; // Send the user to the Dashboard. header("Location: dashboard.php"); exit; } else { //Authentication failed, setup a logout message $_SESSION["message"] = "Could not login as '{$user_name}'"; // Send user to the logout page. header("Location: logout.php"); exit; }
<?php require 'config/initialize.php'; mustBeGuest(); if (isset($_POST['authForm'])) { $username = sanitizeString($_POST['username'], $connection); $password = sanitizeString($_POST['password'], $connection); if ($username == "" || $password == "") { header("location: index.php"); } else { authenticateUser($username, $password, $connection); } } view('auth/auth');
/** * Handles the login process: Verifies, then logs in, a valid user, or throws an * error if login credentials are faulty. * * TODO: handle the error situations in the else clauses. * * PHP version 5.3.28 * * @category Web_App * @package Web_App * @author Roy Vanegas <*****@*****.**> * @license https://gnu.org/licenses/gpl.html GNU General Public License * @link https://bitbucket.org/code-warrior/web-app/ */ session_start(); require_once "includes/main.php"; if (isset($_POST["submitted"])) { if (1 == $_POST["submitted"]) { if (0 < strlen($_POST['email']) && 0 < strlen($_POST['password'])) { $email = trim($_POST['email']); $password = trim($_POST['password']); if (authenticateUser($email, $password)) { $_SESSION['valid'] = true; $_SESSION['email'] = $email; header("Location: home.php"); } else { header("Location: error.php?message_type=login_error"); } } } }
/** * @Author: PI704 (Alexander Awitin) * @Date: 2015-12-04 12:46:00 * @Last Modified by: Alexander * @Last Modified time: 2016-03-11 17:20:17 */ session_start(); $root = '../'; require_once $root . 'functions.php'; if (isset($_SESSION['username']) && userExists($_SESSION['username'])) { header("Location: {$root}"); exit; } else { if (isset($_POST['submit'])) { // Loop through each redentials saved on 'users.php' $authResult = authenticateUser($_POST['username'], $_POST['password']); if ($authResult['result']) { /* * Do something if credentials MATCHES ... * */ // Unset any login messages if exists... (Message is used in login alerts. e.g. Login failed) unset($_SESSION['LoginMessage']); // Store the username in the cookie $_SESSION['username'] = $_POST['username']; // Enter the main site header("Location: {$root}"); // Exit this script exit; } /*
/************************************************************************* * * EHACKB RFID SYSTEM * __________________ * * [2014] - [2015] Arnaud Coel * All Rights Reserved. * */ define("main", true); session_start(); include "lib/db.php"; include "lib/user.php"; include "lib/pos.php"; if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['rfid'])) { authenticateUser($_POST['username'], $_POST['password'], $_POST['rfid'], $db); } if (!isset($_GET['page'])) { $_GET['page'] = ""; } if ($_GET['page'] == "logout") { session_destroy(); header("Location: index.php?page=login"); } if ($_GET['page'] == "authenticate" && isset($_SESSION['authenticated'])) { header("Location: ?page=home"); } if (!isset($_SESSION['authenticated']) && $_GET['page'] != "authenticate") { header("Location: ?page=authenticate"); } /*
function changePassword($old, $new, $rep) { $foundError = FALSE; $errors = array(); if (!$old) { $foundError = TRUE; $errors['oldpass'] = '******'; } if (!$new) { $foundError = TRUE; $errors['newpass'] = '******'; } if (!$rep) { $foundError = TRUE; $errors['repnewpass'] = '******'; } if ($foundError) { print json_encode(array('success' => false, 'errors' => $errors)); return; } $user = $_SESSION['user']; $userId = $user['user_id']; $testauth = authenticateUser($user['email'], $old); if (!$testauth) { print json_encode(array('success' => false, 'errors' => array('oldpass' => 'Incorrect password'))); return; } if ($new != $rep) { print json_encode(array('success' => false, 'errors' => array('repnewpass' => 'Passwords do not match'))); return; } if (strlen($new) < 8) { print json_encode(array('success' => false, 'errors' => array('newpass' => 'Password must be at least 8 characters long'))); return; } // TODO add password complexity requirements here $rs = db_do('UPDATE virtual_users SET password = CRYPT(?, GEN_SALT(\'bf\', 8)) WHERE user_id = ?', array($new, $userId)); if ($rs) { print json_encode(array('success' => true)); return; } print json_encode(array('success' => false, 'errors' => array('newpass' => 'Unknown Error'))); }
<?php include_once '../lib/session.inc.php'; include_once '../lib/user.inc.php'; $user = $_POST['user']; $pass = $_POST['pass']; $userId = authenticateUser($user, $pass); if ($userId) { $_SESSION['user'] = loadUser($userId); print json_encode(array('success' => true, 'pass' => encryptPass($pass))); } else { print json_encode(array('success' => false)); }
$action_value = "./login.php?action=login"; $subheading = $button_value = "Login"; } else { if ("register" == $_GET['action']) { $action_value = "./register.php?action=register"; $subheading = $button_value = "Register"; } } } if (isset($_POST["submitted"])) { if (1 == $_POST["submitted"]) { if (whiteList()) { if (0 < strlen($_POST['username']) && 0 < strlen($_POST['password'])) { $username = htmlentities(trim($_POST['username']), ENT_QUOTES | 'ENT_HTML5', "UTF-8"); $password = trim($_POST['password']); if (authenticateUser($username, $password)) { $_SESSION['valid'] = true; $_SESSION['username'] = $username; header("Location: home.php"); } else { header("Location: error.php?message_type=login_error"); } } } } } ?> <!DOCTYPE html> <html> <head>
$app_admin_email = "unknown"; } $pumilio_version = trim(file_get_contents($absolute_dir . '/include/version.txt', true)); echo "<pumilio_title>{$app_custom_name}</pumilio_title>\n\t<pumilio_description>{$app_custom_text}</pumilio_description>\n\t<pumilio_administrator_email>{$app_admin_email}</pumilio_administrator_email>\n\t<pumilio_logo>{$app_url}/{$app_logo}</pumilio_logo>\n\t<pumilio_url>{$app_url}</pumilio_url>\n\t<pumilio_version>{$pumilio_version}</pumilio_version>\n"; #Check if allowed if ($use_xml == "") { $use_xml = "0"; } #Allowed? if ($use_xml == 0) { echo "<pumilio_xml_access>FALSE</pumilio_xml_access>\n"; } elseif ($use_xml == 1) { if ($xml_access == "0") { $login = filter_var($_GET["login"], FILTER_SANITIZE_STRING); $login_exp = explode(":", $login); if (!authenticateUser($connection, $login_exp[0], $login_exp[1])) { echo "<pumilio_xml_access>FALSE</pumilio_xml_access>\n"; echo "</pumilio>"; die; } } echo "<pumilio_xml_access>TRUE</pumilio_xml_access>\n"; $type = filter_var($_GET["type"], FILTER_SANITIZE_STRING); if ($type == "") { $query = "SELECT DISTINCT SiteID from Sounds WHERE Sounds.SoundStatus!='9'"; $result = mysqli_query($connection, $query) or die(mysqli_error($connection)); $nrows = mysqli_num_rows($result); if ($nrows > 0) { echo "<Sites>"; for ($q = 0; $q < $nrows; $q++) { $row = mysqli_fetch_array($result);
$sterilize = stripcslashes($sterilize); $sterilize = stripslashes($sterilize); $sterilize = addslashes($sterilize); return $sterilize; } $loginUsername = sterilize($_POST['loginUsername']); $loginPassword = sterilize($_POST['loginPassword']); //if ($source != "calc") { $aValid = array('-', '_', '.', '*', '@', '!', '#', '$', '%', '^', '&', '+', '='); if (ctype_alnum(str_replace($aValid, '', $loginUsername))) { if (!mysql_selectdb($database_brewing, $connection)) { showerror(); } session_start(); // Authenticate the user if (authenticateUser($connection, $loginUsername, $loginPassword)) { // Register the loginUsername $_SESSION["loginUsername"] = $loginUsername; // If the username/password combo is OK, relocate to the "protected" content index page header("Location: ../admin/index.php"); exit; } else { // If the username/password combo is incorrect or not found, relocate to the login error page header("Location: ../index.php?page=login§ion=loginError"); session_destroy(); exit; } } else { // If the username/password combo is incorrect or not found, relocate to the login error page header("Location: ../index.php?page=login§ion=loginError"); session_destroy();
addFriend($apikeyvalue, $userid, $friends); break; case 'removefriend': removeFriend($apikeyvalue, $userid, $friends); break; case 'getfriend': getfriend($apikeyvalue, $userid); break; case 'checkAPIKEY': checkAPIKEY($apikeyvalue); break; case 'checkpassword': checkpassword($apikeyvalue, $password); break; case 'authenticateUser': authenticateUser($apikeyvalue, $username, $password); break; case 'removeuser': removeuser($apikeyvalue, $userid); default: echo 'Invalid Action'; exit; break; } } /* FUNCTIONS */ function checkAPIKEY($keyvalue) { global $apikey; if (!empty($keyvalue) && !empty($apikey)) { if ($apikey == $keyvalue) {
<?php //type of request //1: get description of product //2: delete product //3: edit price if (isset($_REQUEST['cmd'])) { $cmd = $_REQUEST['cmd']; function authenticateUser() { include "adb.php"; $user_email = $_REQUEST['usermail']; $user_pass = $_REQUEST['userpass']; $obj = new adb(); $sql_users = "select * from users where email='{$user_email}'\n\tand password='******'"; if ($obj->query($sql_users)) { $dataset = $obj->fetch(); if (empty($dataset['email']) or empty($dataset['password'])) { echo '{"result":2}'; } else { echo '{"result":1}'; } } } switch ($cmd) { case 1: authenticateUser(); break; default: } }
// Process Login.php values and authenticates user against database // Creates session and allows the user to proceed to the program // // (C)2010 Noel Espinales All Rights Reserved. //Starts the Session session_start(); //DB Connection Strings include 'globals.php'; //Grab values from Login.php $name = $_POST['name']; $pwd = $_POST['pwd']; $ip = $_POST['ip']; //SHA1 encryption for password $pwd = sha1($pwd); //Authenticates the user against the database with the given credentials $validated = authenticateUser($name, $pwd); if ($validated == TRUE) { //SQL statement to grab user's permission from the databse and store them in $permission $sql2 = "SELECT * FROM users WHERE username = '******' AND password ='******'"; $resultName = mysql_query($sql2) or die(mysql_error()); //Grab field and store them in an array while ($cName = mysql_fetch_array($resultName)) { $permission = $cName[3]; } $_SESSION['loggedin'] = 1; // store session data $_SESSION['username'] = $name; // set username $_SESSION['access'] = $permission; // Grab permissions $time = date("F j, Y, g:i a");