private function _handleLogin() { $errors = array(); if (empty($_POST['username'])) { $errors['username'] = '******'; } if (empty($_POST['password'])) { $errors['password'] = '******'; } if (empty($errors)) { $existing = $this->userDAO->selectByUsername($_POST['username']); if (!empty($existing)) { $hasher = new \Phpass\Hash(); if ($hasher->checkPassword($_POST['password'], $existing['password'])) { $_SESSION['user'] = $existing; $this->redirect('backbone.html'); } else { $_SESSION['error'] = 'Unknown username / password'; } } else { $_SESSION['error'] = 'Unknown username / password'; } } else { $_SESSION['error'] = 'Unknown username / password'; } $this->set('errors', $errors); }
use Michelf\Markdown; use Dropplets\Actions; use Dropplets\Settings; use Dropplets\Layout; use Dropplets\PostHelper; /*-----------------------------------------------------------------------------------*/ /* User Machine /*-----------------------------------------------------------------------------------*/ $login_error = null; if (isset($_GET['action'])) { $action = $_GET['action']; switch ($action) { // Logging in. case 'login': // Password hashing via phpass. $hasher = new \Phpass\Hash(); $settings = Settings::instance(); $password = $settings->get('password'); if (isset($_POST['password']) && $hasher->CheckPassword($_POST['password'], $password)) { $_SESSION['user'] = true; // Redirect if authenticated. header('Location: ' . './'); } else { // Display error if not authenticated. $login_error = 'Nope, try again!'; } break; // Logging out. // Logging out. case 'logout': session_unset();
/** * Check Password * * Check that the password supplied to this method equates to the same password hash that is stored in the * database for the user identified by the current (this) model instance. * * @access public * @param string $password * @return boolean */ public function password($password) { $phpass = new \Phpass\Hash(); return $phpass->checkPassword($password, $this->password); }
/** * Migrate Up * * @access public * @return void */ public function up() { // Create a user. $phpass = new \Phpass\Hash(); $this->insert('{{user}}', array('username' => 'admin', 'password' => $phpass->hashPassword('admin'), 'firstname' => 'System', 'nickname' => 'Sysadmin', 'lastname' => 'Administrator', 'created' => microtime(true))); }
<?php $userDAO = new UserDAO(); $app->post('/login/?', function () use($app, $userDAO) { header("Content-Type: application/json"); $post = $app->request->post(); if (empty($post)) { $post = (array) json_decode($app->request()->getBody()); } if (!empty($post['email']) && !empty($post['password'])) { $user = $userDAO->selectByEmail($post['email']); if (!empty($user)) { $hasher = new \Phpass\Hash(); if ($hasher->checkPassword($post['password'], $user['password'])) { $user = $userDAO->selectById($user['id']); $user["loggedIn"] = true; $_SESSION['user'] = $user; echo json_encode($user, JSON_NUMERIC_CHECK); } else { echo '{"error":"Fout wachtwoord."}'; } } else { echo '{"error":"Foute gebruiker."}'; } } else { echo '{"error":"Vul alles in..."}'; } });
$post = $app->request->post(); if (empty($post)) { $post = (array) json_decode($app->request()->getBody()); } if (!empty($post['name']) && !empty($post['email']) && !empty($post['password'])) { $errors = array(); $words = explode(' ', $post['name']); if (count($words) < 2) { array_push($errors, "Voor -en achternaam."); } $pattern = "/^[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,4}\$/"; if (preg_match($pattern, $post['email']) == 0) { array_push($errors, "Foute email..."); } if (count($errors) == 1) { echo '{"error": "' . $errors[0] . '"}'; } if (count($errors) == 2) { echo '{"error": "Foute naam en email."}'; } else { if (count($errors) == 0) { $hasher = new \Phpass\Hash(); $passwordHash = $hasher->hashPassword($post["password"]); $post["password"] = $passwordHash; echo json_encode($userDAO->insert($post), JSON_NUMERIC_CHECK); } } } else { echo '{"error": "Vul alles in..."}'; } });
public function save() { if ($_POST["submit"] == "submit" && (!file_exists($this->settings_file) || isset($_SESSION['user']))) { $hasher = new \Phpass\Hash(); $settings = Settings::instance(); $blog_email = $settings->get('blog_email'); $blog_twitter = $settings->get('blog_twitter'); $blog_url = $settings->get('blog_url'); $blog_title = $settings->get('blog_title'); $meta_description = $settings->get('meta_description'); $intro_title = $settings->get('intro_title'); $intro_text = $settings->get('intro_text'); $template = $settings->get('template'); $password = $settings->get('password'); $header_inject = $settings->get('header_inject'); $footer_inject = $settings->get('footer_inject'); // Get submitted setup values. if (isset($_POST["blog_email"])) { $blog_email = $_POST["blog_email"]; } if (isset($_POST["blog_twitter"])) { $blog_twitter = $_POST["blog_twitter"]; } if (isset($_POST["blog_url"])) { $blog_url = $_POST["blog_url"]; } if (isset($_POST["blog_title"])) { $blog_title = $_POST["blog_title"]; } if (isset($_POST["meta_description"])) { $meta_description = $_POST["meta_description"]; } if (isset($_POST["intro_title"])) { $intro_title = $_POST["intro_title"]; } if (isset($_POST["intro_text"])) { $intro_text = $_POST["intro_text"]; } if (isset($_POST["template"])) { $template = $_POST["template"]; } // There must always be a $password, but it can be changed optionally in the // settings, so you might not always get it in $_POST. if (!isset($password) || !empty($_POST["password"])) { $password = $hasher->HashPassword($_POST["password"]); } if (!isset($header_inject)) { $header_inject = ""; } if (isset($_POST["header_inject"])) { $header_inject = addslashes($_POST["header_inject"]); } if (!isset($footer_inject)) { $footer_inject = ""; } if (isset($_POST["footer_inject"])) { $footer_inject = addslashes($_POST["footer_inject"]); } // Get subdirectory $this->dir .= str_replace('dropplets/save.php', '', $_SERVER["REQUEST_URI"]); // Output submitted setup values. $config[] = $this->settings_format("blog_email", $blog_email); $config[] = $this->settings_format("blog_twitter", $blog_twitter); $config[] = $this->settings_format("blog_url", $blog_url); $config[] = $this->settings_format("blog_title", $blog_title); $config[] = $this->settings_format("meta_description", $meta_description); $config[] = $this->settings_format("intro_title", $intro_title); $config[] = $this->settings_format("intro_text", $intro_text); $config[] = "password = '******'"; $config[] = $this->settings_format("header_inject", $header_inject); $config[] = $this->settings_format("footer_inject", $footer_inject); $config[] = $this->settings_format("template", $template); // Create the settings file. file_put_contents($this->settings_file, implode("\n", $config)); // Generate the .htaccess file on initial setup only. if (!file_exists($this->htaccess_file)) { // Parameters for the htaccess file. $htaccess[] = "# Pretty Permalinks"; $htaccess[] = "RewriteRule ^(images)(\$|/) - [L]"; $htaccess[] = "RewriteCond %{REQUEST_URI} !^action=logout [NC]"; $htaccess[] = "RewriteCond %{REQUEST_URI} !^action=login [NC]"; $htaccess[] = "Options +FollowSymLinks -MultiViews"; $htaccess[] = "RewriteEngine on"; $htaccess[] = "RewriteBase " . $this->dir; $htaccess[] = "RewriteCond %{REQUEST_URI} !index\\.php"; $htaccess[] = "RewriteCond %{REQUEST_FILENAME} !-f"; $htaccess[] = "RewriteRule ^(.*)\$ index.php?filename=\$1 [NC,QSA,L]"; // Generate the .htaccess file. file_put_contents($this->htaccess_file, implode("\n", $htaccess)); } // Redirect header("Location: " . $blog_url); } }
public function save() { if ($_POST["submit"] == "submit" && (!file_exists($this->settings_file) || isset($_SESSION['user']))) { $hasher = new \Phpass\Hash(); $settings = Settings::instance(); $blog_email = $settings->get('blog_email'); $blog_twitter = $settings->get('blog_twitter'); $blog_url = $settings->get('blog_url'); $blog_title = $settings->get('blog_title'); $meta_description = $settings->get('meta_description'); $intro_title = $settings->get('intro_title'); $intro_text = $settings->get('intro_text'); $template = $settings->get('template'); $password = $settings->get('password'); $header_inject = $settings->get('header_inject'); $footer_inject = $settings->get('footer_inject'); // Get submitted setup values. if (isset($_POST["blog_email"])) { $blog_email = $_POST["blog_email"]; } if (isset($_POST["blog_twitter"])) { $blog_twitter = $_POST["blog_twitter"]; } if (isset($_POST["blog_url"])) { $blog_url = $_POST["blog_url"]; } if (isset($_POST["blog_title"])) { $blog_title = $_POST["blog_title"]; } if (isset($_POST["meta_description"])) { $meta_description = $_POST["meta_description"]; } if (isset($_POST["intro_title"])) { $intro_title = $_POST["intro_title"]; } if (isset($_POST["intro_text"])) { $intro_text = $_POST["intro_text"]; } if (isset($_POST["template"])) { $template = $_POST["template"]; } if (isset($_POST["file_ext"])) { $file_ext = $_POST["file_ext"]; } // There must always be a $password, but it can be changed optionally in the // settings, so you might not always get it in $_POST. if (!isset($password) || !empty($_POST["password"])) { $password = $hasher->HashPassword($_POST["password"]); } if (!isset($header_inject)) { $header_inject = ""; } if (isset($_POST["header_inject"])) { $header_inject = addslashes($_POST["header_inject"]); } if (!isset($footer_inject)) { $footer_inject = ""; } if (isset($_POST["footer_inject"])) { $footer_inject = addslashes($_POST["footer_inject"]); } // Output submitted setup values. $config[] = $this->settings_format("blog_email", $blog_email); $config[] = $this->settings_format("blog_twitter", $blog_twitter); $config[] = $this->settings_format("blog_url", $blog_url); $config[] = $this->settings_format("blog_title", $blog_title); $config[] = $this->settings_format("meta_description", $meta_description); $config[] = $this->settings_format("intro_title", $intro_title); $config[] = $this->settings_format("intro_text", $intro_text); $config[] = "password = '******'"; $config[] = $this->settings_format("header_inject", $header_inject); $config[] = $this->settings_format("footer_inject", $footer_inject); $config[] = $this->settings_format("template", $template); $config[] = $this->settings_format("file_ext", $file_ext); // Create the settings file. file_put_contents($this->settings_file, implode("\n", $config)); // Redirect header("Location: " . $blog_url); } }