function login()
{
    if (isset($_POST['username'])) {
        $db = new mysqli('localhost', 'root', 'root', 'gurucodertutorial_login');
        $username = $db->real_escape_string($_POST['username']);
        $password = $db->real_escape_string($_POST['password']);
        if (userExists($username)) {
            if (verifyPassword($username, $password)) {
                header('Location: /GuruCoder-Tutorials/login.php?message=Successfully logged in');
            } else {
                header('Location: /GuruCoder-Tutorials/login.php?message=Incorrect password');
            }
        } else {
            header('Location: /GuruCoder-Tutorials/login.php?message=No user exists');
        }
    }
}
Exemple #2
0
 static function login($username, $password)
 {
     if (!is_string($username) || !is_string($password)) {
         return false;
     }
     $sql = "SELECT * FROM users WHERE name = :username;";
     $db = static::getDb();
     $s = $db->prepare($sql);
     $s->execute([":username" => $username]);
     $user = $s->fetch(PDO::FETCH_ASSOC);
     if ($user != null && $user !== false && verifyPassword($password, $user["password"])) {
         static::setCookie(static::LOGIN_COOKIE, $user["auth_key"]);
         static::updateAuthKey($user["id"]);
         return true;
     } else {
         return false;
     }
 }
Exemple #3
0
function administratorLogIn($db, $email, $password)
{
    $check = $db->prepare('SELECT * FROM person WHERE email = :email');
    $check->execute(array(':email' => $email));
    if (($emailExist = $check->fetch()) && verifyPassword($emailExist['hash'], $password)) {
        $update = $db->prepare('UPDATE person SET hash = :hash, last_connection = :lastConnection WHERE id = :id');
        $update->execute(array(':hash' => generatePassword($password), ':lastConnection' => date('Y-m-d H:i:s'), ':id' => $emailExist['id']));
        $_SESSION['id'] = $emailExist['id'];
        $_SESSION['first_name'] = $emailExist['first_name'];
        $_SESSION['last_name'] = $emailExist['last_name'];
        $_SESSION['gender'] = $emailExist['gender'];
        $_SESSION['email'] = $emailExist['email'];
        $_SESSION['is_administrator'] = $emailExist['is_administrator'];
        $_SESSION['last_connection'] = $emailExist['last_connection'];
    } else {
        header('Location: index.php?msg=errorConnection');
    }
}
function execChangePW($password, $newpassword, $confirmpw)
{
    if ($password == "" || $newpassword == "" || $confirmpw == "") {
        return "Please fill all the necessary information!";
    }
    if (!isValidPassword($password) || !isValidPassword($newpassword)) {
        return "Please enter a valid password!";
    }
    if ($newpassword !== $confirmpw) {
        return "The new password and the confirmed new password must be the same!";
    }
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($_SESSION["userID"]);
    if (!verifyPassword($password, $user->getPassword())) {
        return "The old password you entered is not correct!";
    }
    $encryptPW = encryptPassword($newpassword);
    $user->setPassword($encryptPW);
    $userDAO->updateUser($user);
    return true;
}
Exemple #5
0
function execLogin($username, $password)
{
    $username = (string) $username;
    $password = (string) $password;
    if ($username == "" || $password == "") {
        return "Username or password can not be empty!";
    }
    if (!isValidUsername($username) || !isValidPassword($password)) {
        return "Username or password is invalid!";
    }
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByUsername($username);
    if ($user === null || !verifyPassword($password, $user->getPassword())) {
        return "There is no user account matching the Username and Password provided.";
    }
    if ($user->getRole()->getRoleID() == "4") {
        return "This user was forbidden to login!";
    }
    login($user->getUserID());
    return true;
}
/**
* Überprüft, ob das angegebene Passwort korrekt ist. Wenn dem so ist,
* wird je nachdem, welche Daten vorhanden sind, das Passwort und/oder
* die E-Mail-Adresse modifiziert.
*/
function executeModification()
{
    // Passwort überpruefen
    if (!isset($_POST['currentPassword'])) {
        throw new Exception('Bitte geben Sie Ihr Passwort an.');
    }
    $verified = verifyPassword();
    if (!$verified) {
        throw new Exception('Bitte geben Sie ihr korrektes Passwort an.');
    }
    $success = true;
    $userid = $_SESSION['userid'];
    // überpruefen, was geändert werden soll
    $changePassword = isset($_POST['newPassword']) && $_POST['newPassword'] != '' && (isset($_POST['newPasswordRepeat']) && $_POST['newPasswordRepeat'] != '');
    $changeEmail = isset($_POST['newEmail']) && $_POST['newEmail'] != '' && (isset($_POST['newEmailRepeat']) && $_POST['newEmailRepeat'] != '');
    if ($changePassword) {
        $success &= changePassword();
    }
    if ($changeEmail) {
        $success &= changeEmail();
    }
    if ($success) {
        if ($changeEmail && $changePassword) {
            echo "Ihre E-Mail-Adresse und Ihr Passwort wurden erfolgreich geändert.";
        } else {
            if ($changeEmail && !$changePassword) {
                echo "Ihre E-Mail-Adresse wurde erfolgreich geändert.";
            } else {
                if (!$changeEmail && $changePassword) {
                    echo "Ihr Passwort wurde erfolgreich geändert.";
                }
            }
        }
    } else {
        throw new Exception();
    }
}
         }
     } else {
         displayAccountForm("fail", $us_state_abbrevs, $relationships);
         displayPasswordForm("");
     }
 } elseif (!empty($_POST["fname"]) && !empty($_POST["lname"]) && !empty($_POST["duedate"]) && !empty($_POST["status"]) && !empty($_POST["address"]) && !empty($_POST["city"]) && !empty($_POST["state"]) && !empty($_POST["zip"]) && !empty($_POST["phone"]) && !empty($_POST["email"]) && !empty($_POST["emergency_fname"]) && !empty($_POST["emergency_lname"]) && !empty($_POST["emergency_phone"]) && !empty($_POST["emergency_relationship"]) && (empty($_POST["automatedPasswordReset"]) && (!empty($_POST["newPassword1"]) || !empty($_POST["newPassword2"])))) {
     if (verifyEmail(trim($_POST["email"]))) {
         if (submitAccountInformation($_POST["fname"], $_POST["lname"], $_POST["duedate"], $_POST["status"], $_POST["address"], $_POST["city"], $_POST["state"], $_POST["zip"], preg_replace("/[^0-9]/", "", $_POST["phone"]), $_POST["email"], $_POST["notes"], $_POST["adminnotes"], $_POST["buttonMemberID"]) && submitEmergencyContactInformation($_POST["emergency_fname"], $_POST["emergency_lname"], preg_replace("/[^0-9]/", "", $_POST["emergency_phone"]), $_POST["emergency_relationship"], $_POST["buttonMemberID"])) {
             displayAccountForm("success", $us_state_abbrevs, $relationships);
         } else {
             displayAccountForm("tech_diff", $us_state_abbrevs, $relationships);
         }
     } else {
         displayAccountForm("fail", $us_state_abbrevs, $relationships);
     }
     if (verifyPassword($_POST["newPassword1"], $_POST["newPassword2"])) {
         if (submitPassword($_POST["newPassword1"])) {
             displayPasswordForm("manual");
         } else {
             displayPasswordForm("tech_diff");
         }
     } else {
         displayPasswordForm("fail");
     }
 } elseif (!empty($_POST["fname"]) && !empty($_POST["lname"]) && !empty($_POST["duedate"]) && !empty($_POST["status"]) && !empty($_POST["address"]) && !empty($_POST["city"]) && !empty($_POST["state"]) && !empty($_POST["zip"]) && !empty($_POST["phone"]) && !empty($_POST["email"]) && !empty($_POST["emergency_fname"]) && !empty($_POST["emergency_lname"]) && !empty($_POST["emergency_phone"]) && !empty($_POST["emergency_relationship"]) && $_POST["automatedPasswordReset"] == TRUE) {
     $accountInfoStatus = FALSE;
     if (verifyEmail(trim($_POST["email"]))) {
         if (submitAccountInformation($_POST["fname"], $_POST["lname"], $_POST["duedate"], $_POST["status"], $_POST["address"], $_POST["city"], $_POST["state"], $_POST["zip"], preg_replace("/[^0-9]/", "", $_POST["phone"]), $_POST["email"], $_POST["notes"], $_POST["adminnotes"], $_POST["buttonMemberID"]) && submitEmergencyContactInformation($_POST["emergency_fname"], $_POST["emergency_lname"], preg_replace("/[^0-9]/", "", $_POST["emergency_phone"]), $_POST["emergency_relationship"], $_POST["buttonMemberID"])) {
             displayAccountForm("success", $us_state_abbrevs, $relationships);
             $accountInfoStatus = TRUE;
         } else {
Exemple #8
0
function loginUser()
{
    global $dbConnection;
    if (!connectionExists()) {
        getConnection();
    }
    $errorObject = array();
    $userEmail = $_POST['userEmail'];
    $stmt = $dbConnection->prepare("SELECT * FROM users WHERE email = '{$userEmail}'");
    $stmt->execute();
    if ($stmt->rowCount() > 0) {
        $result = $stmt->fetch(PDO::FETCH_ASSOC);
        if (verifyPassword($_POST['userPassword'], $result['passwordHash'])) {
            $userData = array();
            $userData['message'] = "Success";
            $userData['id'] = $result['id'];
            $userData['userName'] = $result['userName'];
            $userData['userEmail'] = $result['email'];
            $userData['dateJoined'] = $result['dateJoined'];
            echo json_encode($userData);
        } else {
            $errorObject['message'] = 'Incorrect password';
            echo json_encode($errorObject);
        }
    } else {
        $errorObject['message'] = 'Email does not exist';
        echo json_encode($errorObject);
    }
}
Exemple #9
0
$app->get('/{url}/edit/', function ($url) use($app) {
    return $app->redirect($url . '/edit');
});
// la méthode POST sur la view de chaque note
// il y'aura plusieurs POST possibles vers cette page cest pour cela qu'on fait un switch
$app->post('/{url}/edit', function ($url) use($app) {
    $pdo = $app['pdo'];
    require './src/model_note_edit.php';
    $type = $app['request']->get('type');
    // 'type' sera un champ caché dans tous les formulaires
    // on fera varier sa valeur selon le cas
    // login | protectView | protectEdit | changeUrl
    switch ($type) {
        case "login":
            $password = $app['request']->get('password');
            if (verifyPassword($url, $password, $pdo)) {
                if (isset($app['session']) and $app['session']->get('id') == $url) {
                    $app['session']->set('edit', True);
                } else {
                    // set and get session attributes
                    $app['session']->set('id', $url);
                    $app['session']->set('view', False);
                    $app['session']->set('edit', True);
                }
                return true;
            } else {
                $app->abort(401, "password incorrect");
            }
        case "protectView":
            $password = $app['request']->get('password');
            protectView($url, $password, $pdo);
Exemple #10
0
function restRequestSecurity($action, $email, $password, $confirm, $inviteCode)
{
    $securityMsgs = array("bad-invite-code" => "Invite code is missing, expired, or invalid.", "bad-credentials" => "The email address or password you entered is incorrect.", "invalid-email" => "Please enter a valid email address.", "mismatch" => "Passwords do not match.", "user-exists" => "That email address is already in use.", "create-fail" => "Cannot create user.");
    $email = strtolower(trim($email));
    $accountsDb = readAccountsDb();
    $user = array_key_exists($email, $accountsDb->users) ? $accountsDb->users->{$email} : null;
    if ($action === "login") {
        $msg = verifyPassword($user, $password) ? loginUser($email) : $securityMsgs["bad-credentials"];
    } elseif ($action === "create") {
        $msg = validateCreateUser($accountsDb, $email, $password, $confirm, $inviteCode, $securityMsgs);
    } else {
        $msg = "Invalid request.";
    }
    $success = is_null($msg);
    logEvent("security-request", $action, $success, $email, $msg);
    return array("authenticated" => $success, "email" => $email, "message" => $success ? "Success." : $msg);
}