<title>Logout</title> <meta charset="utf-8"> </head> <body> <h1>Log Out</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?> " method="post"> <p> <input type="submit" name="single" value="Don't remember me in this browser/computer"> <input type="submit" name="all" value="Don't remember me on any computer"> </p> <p> <input type="submit" name="cancel" value="Cancel"> </p> </form> </body> </html> <?php } elseif (isset($_POST['single']) || isset($_POST['all'])) { $autologin = new AutoLogin($db); if (isset($_POST['single'])) { $autologin->logout(false); } else { $autologin->logout(true); } logout_sess(); } elseif (isset($_POST['logout'])) { logout_sess(); }
include "init.php"; include "header.php"; if (isset($_POST['login'])) { $username = trim($_POST['username']); $pwd = trim($_POST['pwd']); $stmt = $db->prepare('SELECT pwd FROM users WHERE username = :username'); $stmt->bindParam(':username', $username); $stmt->execute(); $stored = $stmt->fetchColumn(); if (password_verify($pwd, $stored)) { session_regenerate_id(true); $_SESSION['username'] = $username; $_SESSION['authenticated'] = true; if (isset($_POST['remember'])) { // create persistent login $autologin = new AutoLogin($db); $autologin->persistentLogin(); } //find the difference between current Date and last_login date $stmt = $db->prepare('SELECT DATEDIFF(NOW(),last_login) FROM users WHERE username=:username'); $stmt->bindParam(':username', $username); $stmt->execute(); $stored = $stmt->fetchColumn(); //check the number of days if ($stored > 0) { $sql = 'UPDATE users SET chipamount=chipamount+100 WHERE username=:username'; $stmt = $db->prepare($sql); $stmt->bindParam(':username', $username); $stmt->execute(); } //update users current date
* * @copyright 2004-2015 The Admidio Team * @see http://www.admidio.org/ * @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License v2.0 only *********************************************************************************************** */ require_once 'common.php'; // remove user from session $gCurrentSession->setValue('ses_usr_id', ''); $gCurrentSession->save(); // delete content of cookie $domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':')); // remove auto login if (isset($_COOKIE[$gCookiePraefix . '_DATA'])) { setcookie($gCookiePraefix . '_DATA', '', time() - 1000, '/', $domain, 0); $autoLogin = new AutoLogin($gDb, $gSessionId); $autoLogin->delete(); } // if login organization is different to organization of config file then create new session variables if ($g_organization !== $gCurrentOrganization->getValue('org_shortname')) { // read organization of config file with their preferences $gCurrentOrganization->readDataByColumns(array('org_shortname' => $g_organization)); $gPreferences = $gCurrentOrganization->getPreferences(); // read new profile field structure for this organization $gProfileFields->readProfileFields($gCurrentOrganization->getValue('org_id')); } // clear data from object of current user $gCurrentUser->clear(); // set homepage to logout page $gHomepage = $g_root_path . '/' . $gPreferences['homepage_logout']; $message_code = 'SYS_LOGOUT_SUCCESSFUL';
$stmt = $db->prepare('SELECT pwd FROM users WHERE username = :username'); $stmt->bindParam(':username', $username); $stmt->execute(); $stored = $stmt->fetchColumn(); if (password_verify($pwd, $stored)) { session_regenerate_id(true); $_SESSION['revalidated'] = true; unset($_SESSION['invalid']); header('Location: ' . $_SESSION['return_to']); exit; } else { $error = 'Incorrect username or password'; $_SESSION['invalid']++; if ($_SESSION['invalid'] == $max_attempts) { if (isset($_SESSION['remember']) || isset($_SESSION['lynda_auth'])) { $autologin = new AutoLogin($db); $autologin->logout(); } logout_sess(); } } } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Revalidation</title> <link href="css/styles.css" rel="stylesheet" type="text/css"> </head> <body>
<?php require_once "init.php"; require_once "AutoLogin.php"; //use Foundationphp\Sessions\AutoLogin; if (isset($_SESSION['authenticated']) || isset($_SESSION['lynda_auth'])) { // we're OK } else { $autologin = new AutoLogin($db); $autologin->checkCredentials(); if (!isset($_SESSION['lynda_auth'])) { header('Location: login.php'); exit; } }
$autoLogin->setValidLogin($gCurrentSession, $_COOKIE[$gCookiePraefix . '_DATA']); $userIdAutoLogin = $autoLogin->getValue('atl_usr_id'); } } else { // create new session object and store it in PHP session $gCurrentSession = new Session($gDb, $gSessionId); $_SESSION['gCurrentSession'] = $gCurrentSession; // create system component $gSystemComponent = new Component($gDb); $gSystemComponent->readDataByColumns(array('com_type' => 'SYSTEM', 'com_name_intern' => 'CORE')); $gCurrentSession->addObject('gSystemComponent', $gSystemComponent); // if cookie ADMIDIO_DATA is set then there could be an auto login // the auto login must be done here because after that the corresponding organization must be set if (array_key_exists($gCookiePraefix . '_DATA', $_COOKIE)) { // restore user from auto login session $autoLogin = new AutoLogin($gDb, $gSessionId); $autoLogin->setValidLogin($gCurrentSession, $_COOKIE[$gCookiePraefix . '_DATA']); $userIdAutoLogin = $autoLogin->getValue('atl_usr_id'); // create object of the organization of config file with their preferences if ($autoLogin->getValue('atl_org_id') > 0) { $gCurrentOrganization = new Organization($gDb, $autoLogin->getValue('atl_org_id')); } else { $gCurrentOrganization = new Organization($gDb, $g_organization); } } else { // create object of the organization of config file with their preferences $gCurrentOrganization = new Organization($gDb, $g_organization); } if ($gCurrentOrganization->getValue('org_id') === 0) { // organization not found exit('<div style="color: #cc0000;">Error: The organization of the config.php could not be found in the database!</div>');
/** * Check if a valid password is set for the user and return true if the correct password * was set. Optional the current session could be updated to a valid login session. * @param string $password The password for the current user. This should not be encoded. * @param bool $setAutoLogin If set to true then this login will be stored in AutoLogin table * and the user doesn't need to login another time with this browser. * To use this functionality @b $updateSessionCookies must be set to true. * @param bool $updateSessionCookies The current session will be updated to a valid login. * If set to false then the login is only valid for the current script. * @return true Return true if the correct password for this user was given to this method. * @throws AdmException SYS_LOGIN_FAILED * SYS_LOGIN_FAILED * SYS_PASSWORD_UNKNOWN */ public function checkLogin($password, $setAutoLogin = false, $updateSessionCookies = true) { global $gPreferences, $gCookiePraefix, $gCurrentSession, $gSessionId; if ($this->getValue('usr_number_invalid') >= 3) { // if within 15 minutes 3 wrong login took place -> block user account for 15 minutes if (time() - strtotime($this->getValue('usr_date_invalid', 'Y-m-d H:i:s')) < 900) { $this->clear(); throw new AdmException('SYS_LOGIN_FAILED'); } } if ($this->checkPassword($password)) { if ($updateSessionCookies) { $gCurrentSession->setValue('ses_usr_id', $this->getValue('usr_id')); $gCurrentSession->save(); } // soll der Besucher automatisch eingeloggt bleiben, dann verfaellt das Cookie erst nach einem Jahr if ($setAutoLogin && $gPreferences['enable_auto_login'] == 1) { $timestamp_expired = time() + 60 * 60 * 24 * 365; $autoLogin = new AutoLogin($this->db, $gSessionId); // falls bereits ein Autologin existiert (Doppelanmeldung an 1 Browser), // dann kein Neues anlegen, da dies zu 'Duplicate Key' fuehrt if ($autoLogin->getValue('atl_usr_id') === '') { $autoLogin->setValue('atl_session_id', $gSessionId); $autoLogin->setValue('atl_usr_id', $this->getValue('usr_id')); $autoLogin->save(); } } else { $timestamp_expired = 0; $this->setValue('usr_last_session_id', null); } if ($updateSessionCookies) { // Cookies fuer die Anmeldung setzen und evtl. Ports entfernen $domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':')); setcookie($gCookiePraefix . '_ID', $gSessionId, $timestamp_expired, '/', $domain, 0); // User-Id und Autologin auch noch als Cookie speichern // vorher allerdings noch serialisieren, damit der Inhalt nicht so einfach ausgelesen werden kann setcookie($gCookiePraefix . '_DATA', $setAutoLogin . ';' . $this->getValue('usr_id'), $timestamp_expired, '/', $domain, 0); // count logins and update login dates $this->saveChangesWithoutRights(); $this->updateLoginData(); } return true; } else { // log invalid logins if ($this->getValue('usr_number_invalid') >= 3) { $this->setValue('usr_number_invalid', 1); } else { $this->setValue('usr_number_invalid', $this->getValue('usr_number_invalid') + 1); } $this->setValue('usr_date_invalid', DATETIME_NOW); $this->save(false); // don't update timestamp $this->clear(); if ($this->getValue('usr_number_invalid') >= 3) { throw new AdmException('SYS_LOGIN_FAILED'); } else { throw new AdmException('SYS_PASSWORD_UNKNOWN'); } } }