function logon_perform() { // Check to see if the user is logging in as a guest or a normal user. if (isset($_POST['guest_logon'])) { // Check the Guest account is enabled. if (!user_guest_enabled()) { return false; } // Initialise Guest user session. session::start(0); // Generate new CSRF token session::refresh_csrf_token(); // Update the visitor log session::update_visitor_log(0, true); // Success return true; } else { if (isset($_POST['user_logon']) && isset($_POST['user_password'])) { // Extract the submitted username $user_logon = $_POST['user_logon']; // Extract the submitted password $user_password = $_POST['user_password']; // Try and login the user. if (($uid = user_logon($user_logon, $user_password)) !== false) { // Initialise a user session. session::start($uid); // Generate new CSRF token session::refresh_csrf_token(); // Update User's last forum visit forum_update_last_visit($uid); // Update the visitor log session::update_visitor_log($uid, true); // Check if we should save a token to allow auto logon, if (isset($_POST['user_remember']) && $_POST['user_remember'] == 'Y') { // Get a token for the entered password. $user_token = user_generate_token($uid); // Set a cookie with the logon and the token. html_set_cookie('user_logon', $user_logon, time() + YEAR_IN_SECONDS); html_set_cookie('user_token', $user_token, time() + YEAR_IN_SECONDS); } else { // Remove the cookie. html_set_cookie('user_logon', '', time() - YEAR_IN_SECONDS); html_set_cookie('user_token', '', time() - YEAR_IN_SECONDS); } // Success return true; } } } // Failed return false; }
function logon_perform() { $webtag = get_webtag(); // Check to see if the user is logging in as a guest or a normal user. if (isset($_POST['guest_logon'])) { // Check the Guest account is enabled. if (!user_guest_enabled()) { return false; } // Initialise Guest user session. session::create(0); // Success return true; } else { if (isset($_POST['user_logon']) && isset($_POST['user_password'])) { // Extract the submitted username $user_logon = $_POST['user_logon']; // Extract the submitted password $user_password = $_POST['user_password']; // Try and login the user. if ($uid = user_logon($user_logon, $user_password)) { // Initialise a user session. session::create($uid); // Check if we should save a token to allow auto logon, if (isset($_POST['user_remember']) && $_POST['user_remember'] == 'Y') { // Get a token for the entered password. $user_token = user_generate_token($uid); // Set a cookie with the logon and the token. html_set_cookie('user_logon', $user_logon, time() + YEAR_IN_SECONDS); html_set_cookie('user_token', $user_token, time() + YEAR_IN_SECONDS); } else { // Remove the cookie. html_set_cookie('user_logon', '', time() - YEAR_IN_SECONDS); html_set_cookie('user_token', '', time() - YEAR_IN_SECONDS); } // Success return true; } } } // Failed return false; }
function admin_check_credentials() { $webtag = get_webtag(); if (($admin_timeout = session::get_value('ADMIN_TIMEOUT')) && $admin_timeout > time()) { session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS); return true; } if (isset($_POST['admin_logon']) && isset($_POST['admin_password'])) { $admin_logon = $_POST['admin_logon']; $admin_password = $_POST['admin_password']; if (($admin_uid = user_logon($admin_logon, $admin_password)) && $admin_uid == session::get_value('UID')) { session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS); return true; } else { html_display_error_msg(gettext("The username or password you supplied are not valid."), '500', 'center'); } } html_draw_top(); if (isset($error_message) && strlen(trim($error_message)) > 0) { html_display_error_msg($error_message, '500', 'center'); } if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) { html_display_warning_msg(gettext('To save any changes you must re-authenticate yourself'), '500', 'center'); } else { html_display_warning_msg(gettext('To access the Admin area you must re-authenticate yourself'), '500', 'center'); } echo "<div align=\"center\">\n"; echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n"; if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) { echo form_input_hidden_array($_POST); } echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n"; echo " <br />\n"; echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"325\">\n"; echo " <tr>\n"; echo " <td align=\"left\">\n"; echo " <table class=\"box\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"posthead\">\n"; echo " <table class=\"posthead\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"left\" class=\"subhead\">", gettext("Please enter your password"), "</td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " <table class=\"posthead\" width=\"100%\">\n"; echo " <tr>\n"; echo " <td align=\"center\">\n"; echo " <table class=\"posthead\" width=\"95%\">\n"; echo " <tr>\n"; echo " <td align=\"right\" width=\"90\">", gettext("Username"), ":</td>\n"; echo " <td align=\"left\">", form_input_text('admin_logon', '', 24, 32, '', 'bhinputlogon'), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"right\" width=\"90\">", gettext("Password"), ":</td>\n"; echo " <td align=\"left\">", form_input_password('admin_password', '', 24, 32, '', 'bhinputlogon'), "</td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"left\"> </td>\n"; echo " </tr>\n"; echo " <tr>\n"; echo " <td align=\"center\" colspan=\"2\">", form_submit('logon', gettext("Logon")), "</td>\n"; echo " </tr>\n"; echo " </table>\n"; echo " </form>\n"; echo "</div>\n"; html_draw_bottom(); exit; }
function user_controller() { global $session, $action, $format, $allowusersregister; $output['content'] = ""; $output['message'] = ""; //-------------------------------------------------------------------------- // Login user (PUBLIC ACTION) // http://yoursite/emoncms/user/login?name=john&pass=test //-------------------------------------------------------------------------- if ($action == 'login') { if (isset($_POST['name']) && isset($_POST['pass']) && ($_POST['name'] && $_POST['pass'])) { $username = preg_replace('/[^\\w\\s-.]/', '', $_POST['name']); // filter out all except for alphanumeric white space and dash $username = db_real_escape_string($username); $password = db_real_escape_string($_POST['pass']); $result = user_logon($username, $password); if ($result == 0) { $output['message'] = _('Invalid username or password'); $output['content'] = view("user/login_block.php", array()); } else { $output['message'] = _('Welcome, you are now logged in'); if ($format == 'html') { header('Location: ../dashboard/list'); } } } else { $output['content'] = view('user/login_block.php', array()); } } elseif ($action == 'create' && $allowusersregister) { $username = preg_replace('/[^\\w\\s-.]/', '', $_POST["name"]); // filter out all except for alphanumeric white space and dash $username = db_real_escape_string($username); $password = db_real_escape_string($_POST["pass"]); // New option to return apikey on register - for use with drupal auth integration if ($_GET['returnapikey'] == true) { $returnapikey = true; } else { $returnapikey = false; } if (get_user_id($username) != 0) { $output['message'] = _("Sorry username already exists"); } elseif (strlen($username) < 4 || strlen($username) > 30) { $output['message'] = _("Please enter a username that is 4 to 30 characters long") . "<br/>"; } elseif (strlen($password) < 4 || strlen($password) > 30) { $output['message'] = _("Please enter a password that is 4 to 30 characters long") . "<br/>"; } else { $user = create_user($username, $password); if (!$returnapikey) { $result = user_logon($username, $password); $output['message'] = _("Your new account has been created"); } else { $output['message'] = $user['readapikey']; } if ($format == 'html') { header("Location: ../dashboard/list"); } if ($_SESSION['write']) { create_user_statistics($_SESSION['userid']); } } } elseif ($action == 'changepass' && $_SESSION['write']) { $oldpass = db_real_escape_string($_POST['oldpass']); $newpass = db_real_escape_string($_POST['newpass']); if (strlen($newpass) < 4 || strlen($newpass) > 30) { $output['message'] = _("Please enter a password that is 4 to 30 characters long") . "<br/>"; } elseif (change_password($_SESSION['userid'], $oldpass, $newpass)) { $output['message'] = _("Your password has been changed"); } else { $output['message'] = _("Invalid password"); } } elseif ($action == 'changedetails' && $_SESSION['write']) { $username = preg_replace('/[^\\w\\s-.]/', '', $_POST["username"]); $username = db_real_escape_string($username); $email = preg_replace('/[^\\w\\s-.@]/', '', $_POST["email"]); $email = db_real_escape_string($email); $id = get_user_id($username); if ($id && $id != $_SESSION['userid']) { $output['message'] = _("Sorry username already exists"); } elseif (strlen($username) < 4 || strlen($username) > 30) { $output['message'] = _("Please enter a username that is 4 to 30 characters long") . "<br/>"; } elseif (!$email) { $output['message'] = _("No email address present") . "<br/>"; } else { set_user_username($_SESSION['userid'], $username); set_user_email($_SESSION['userid'], $email); } } elseif ($action == 'newapiread' && $session['write']) { $apikey_read = md5(uniqid(mt_rand(), true)); set_apikey_read($session['userid'], $apikey_read); $output['message'] = _("New read apikey: ") . $apikey_read; if ($format == 'html') { header("Location: view"); } } elseif ($action == 'newapiwrite' && $session['write']) { $apikey_write = md5(uniqid(mt_rand(), true)); set_apikey_write($session['userid'], $apikey_write); $output['message'] = _("New write apikey: ") . $apikey_write; if ($format == 'html') { header("Location: view"); } } elseif ($action == 'logout' && $session['read']) { if ($_POST['CSRF_token'] == $_SESSION['CSRF_token']) { user_logout(); $output['message'] = _("You are logged out"); } else { reset_CSRF_token(); $output['message'] = _("Invalid token"); } if ($format == 'html') { header("Location: ../"); } } elseif ($action == 'getapiread' && $session['read']) { $apikey_read = get_apikey_read($session['userid']); $output = $apikey_read; } elseif ($action == 'getapiwrite' && $session['write']) { $apikey_write = get_apikey_write($session['userid']); $output = $apikey_write; } elseif ($action == 'view' && $session['write']) { $user = get_user($session['userid']); $stats = get_statistics($session['userid']); if ($format == 'json') { $output['content'] = json_encode($user); } if ($format == 'html') { $output['content'] = view("user_view.php", array('user' => $user, 'stats' => $stats)); } } elseif ($action == 'setlang' && $session['write']) { // Store userlang in database set_user_lang($session['userid'], $_GET['lang']); // Reload the page if ($format == 'html') { header("Location: view"); } } return $output; }