public function testUser() { $this->startCodeCoverage(); $user = new User(); $user->Id = 'non_numeric'; if (!($user->SetPassword('blah') === false)) { $this->fail("User::SetPassword didn't return false for non-numeric user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::IsAdmin didn't return false for non-numeric user id"); return 1; } $user->Id = ''; $user->Email = ''; if (!($user->GetName() === false)) { $this->fail("User::GetName didn't return false when given no user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::Exists didn't return false for no user id and no email"); return 1; } $user->Email = 'simpletest@localhost'; if ($user->Exists() === false) { $this->fail('User::Exists returned false even though user exists'); return 1; } $id = $user->GetIdFromEmail('simpletest@localhost'); if ($id === false) { $this->fail('User::GetIdFromEmail returned false for a valid user'); return 1; } $user->Id = $id; $user->Admin = '1'; $user->FirstName = 'administrator'; $user->Institution = 'Kitware Inc.'; if ($user->Exists() != true) { $this->fail('User::Exists failed given a valid user id'); return 1; } $user->Password = md5('simpletest'); // Coverage for update save $user->Save(); // Coverage for SetPassword $user->SetPassword(md5('simpletest')); $this->stopCodeCoverage(); return 0; }
function testUser() { $this->startCodeCoverage(); $user = new User(); $user->Id = "non_numeric"; if (!($user->SetPassword("blah") === false)) { $this->fail("User::SetPassword didn't return false for non-numeric user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::IsAdmin didn't return false for non-numeric user id"); return 1; } $user->Id = ""; $user->Email = ""; if (!($user->GetName() === false)) { $this->fail("User::GetName didn't return false when given no user id"); return 1; } if (!($user->IsAdmin() === false)) { $this->fail("User::Exists didn't return false for no user id and no email"); return 1; } $user->Email = "simpletest@localhost"; if ($user->Exists() === false) { $this->fail("User::Exists returned false even though user exists"); return 1; } $id = $user->GetIdFromEmail("simpletest@localhost"); if ($id === false) { $this->fail("User::GetIdFromEmail returned false for a valid user"); return 1; } $user->Id = $id; $user->Admin = "1"; $user->FirstName = "administrator"; $user->Institution = "Kitware Inc."; if ($user->Exists() != true) { $this->fail("User::Exists failed given a valid user id"); return 1; } $user->Password = md5("simpletest"); // Coverage for update save $user->Save(); // Coverage for SetPassword $user->SetPassword(md5("simpletest")); $this->stopCodeCoverage(); return 0; }
function Login($id, $username, $password) { $active = false; $user = new User(); $user->SetDatabase($this->database); $user->SetUsername($username); $user->SetPassword($password); if ($id == "") { $user->Encrypt($password); } else { $user->SetEncryptedPassword($password); } $this->logged_in = false; if ($user->UserExists()) { if ($user->CheckPassword()) { $this->logged_in = true; $user->SelectByName(); } } if ($this->logged_in) { if ($user->GetUsername() == "guest") { $this->logged_in = false; } if ($id != "") { $this->SetId($id); $this->SelectById(); $this->SetUser($user->GetId()); if ($this->Update()) { $this->UnsetCookie(); $this->SetCookie($user->GetUsername()); } if ($this->GetActive()) { $active = true; } } if (!$active) { $this->SetDateStart(date('Y-m-d H:i:s')); $this->SetDateLast(date('Y-m-d H:i:s')); $this->SetActive(1); $this->SetIp($_SERVER['REMOTE_ADDR']); $this->SetUser($user->GetId()); if ($this->Insert()) { $this->UnsetCookie(); $this->SetCookie($user->GetUsername()); return $this->id; } } else { $this->SetDateLast(date('Y-m-d H:i:s', time())); $this->Update(); return $this->id; } } $this->logged_in = false; return false; }
/** * @return void * @desc Re-build from data posted by this control the data object this control is editing */ function BuildPostedDataObject() { $o_person = new User(); if (isset($_POST['known_as'])) { $o_person->SetName($_POST['known_as']); } if (isset($_POST['email'])) { $o_person->SetEmail($_POST['email']); } if (isset($_POST['password1'])) { $o_person->SetPassword($_POST['password1']); } if (isset($_POST['password2'])) { $o_person->SetPasswordConfirmation($_POST['password2']); } $this->SetDataObject($o_person); }
/** LDAP authentication */ function ldapAuthenticate($email, $password, $SessionCachePolicy, $rememberme) { global $loginerror; $loginerror = ''; include dirname(__DIR__) . '/config/config.php'; include_once 'models/user.php'; $ldap = ldap_connect($CDASH_LDAP_HOSTNAME); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $CDASH_LDAP_PROTOCOL_VERSION); ldap_set_option($ldap, LDAP_OPT_REFERRALS, $CDASH_LDAP_OPT_REFERRALS); // Bind as the LDAP user if authenticated ldap is enabled if ($CDASH_LDAP_AUTHENTICATED) { ldap_bind($ldap, $CDASH_LDAP_BIND_DN, $CDASH_LDAP_BIND_PASSWORD); } if (isset($ldap) && $ldap != '') { /* search for pid dn */ $result = ldap_search($ldap, $CDASH_LDAP_BASEDN, '(&(mail=' . $email . ')' . $CDASH_LDAP_FILTER . ')', array('dn', 'cn')); if ($result != 0) { $entries = ldap_get_entries($ldap, $result); @($principal = $entries[0]['dn']); if (isset($principal)) { // bind as this user if (@ldap_bind($ldap, $principal, $password) and strlen(trim($password)) != 0) { $sql = 'SELECT id,password FROM ' . qid('user') . " WHERE email='" . pdo_real_escape_string($email) . "'"; $result = pdo_query("{$sql}"); // If the user doesn't exist we add it if (pdo_num_rows($result) == 0) { @($givenname = $entries[0]['cn'][0]); if (!isset($givenname)) { $loginerror = 'No givenname (cn) set in LDAP, cannot register user into CDash'; return false; } $names = explode(' ', $givenname); $User = new User(); if (count($names) > 1) { $User->FirstName = $names[0]; $User->LastName = $names[1]; for ($i = 2; $i < count($names); $i++) { $User->LastName .= ' ' . $names[$i]; } } else { $User->LastName = $names[0]; } // Add the user in the database $storedPassword = md5($password); $User->Email = $email; $User->Password = $storedPassword; $User->Save(); $userid = $User->Id; } else { $user_array = pdo_fetch_array($result); $storedPassword = $user_array['password']; $userid = $user_array['id']; // If the password has changed we update if ($storedPassword != md5($password)) { $User = new User(); $User->Id = $userid; $User->SetPassword(md5($password)); } } if ($rememberme) { $cookiename = 'CDash-' . $_SERVER['SERVER_NAME']; $time = time() + 60 * 60 * 24 * 30; // 30 days; // Create a new password $keychars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; $length = 32; $key = ''; $max = strlen($keychars) - 1; for ($i = 0; $i <= $length; $i++) { // random_int is available in PHP 7 and the random_compat PHP 5.x // polyfill included in the Composer package.json dependencies. $key .= substr($keychars, random_int(0, $max), 1); } $value = $userid . $key; setcookie($cookiename, $value, $time); // Update the user key pdo_query('UPDATE ' . qid('user') . " SET cookiekey='" . $key . "' WHERE id=" . qnum($userid)); } session_name('CDash'); session_cache_limiter($SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); // create the session array if (isset($_SESSION['cdash']['password'])) { $password = $_SESSION['cdash']['password']; } $sessionArray = array('login' => $email, 'passwd' => $storedPassword, 'ID' => session_id(), 'valid' => 1, 'loginid' => $userid); $_SESSION['cdash'] = $sessionArray; return true; } else { $loginerror = 'Wrong email or password.'; return false; } } else { $loginerror = 'User not found in LDAP'; } ldap_free_result($result); } else { $loginerror = 'Error occured searching the LDAP'; } ldap_close($ldap); } else { $loginerror = 'Could not connect to LDAP at ' . $CDASH_LDAP_HOSTNAME; } return false; }
} else { if ($usif_email == "") { $message_position = 4; $message = "O e-mail do usuário não pode ser nulo."; } else { if ($usif_first_name == "") { $message_position = 1; $message = "O primeiro nome do usuário não pode ser nulo."; } else { if ($usif_nick == "") { $usif_nick = $usif_first_name; } $user = new User(); $user->SetDatabase($database); $user->SetUsername($user_username); $user->SetPassword($user_password1); $user->SetActive(0); $user->Insert(); $user->SelectByName(); $user_info = new UserInfo(); $user_info->SetDatabase($database); $user_info->SetFirstName($usif_first_name); $user_info->SetLastName($usif_last_name); $user_info->SetNick($usif_nick); $user_info->SetEmail($usif_email); $user_info->SetUser($user->GetId()); if ($user_info->Insert()) { $message_position = 8; $message = $screen_module_name . " incluídas com sucesso. Aguarde a ativação do usuário pelo administrador."; $usif_id = ""; $usif_first_name = "";
function GetUserId() { $user = new User(); $user->SetDatabase($this->database); $user->SetUsername($this->username); $user->SetPassword($this->password); $user->Encrypt(); if ($user->SelectByName()) { return $user->GetId(); } else { return 0; } }
<?php /* Page setup ------------------------------*/ $PHPZevelop->OverrideObjectData("CFG", array("PageTitle" => "Edit")); ?> <h2>Generate a password for the user system</h2> <p>This will produce a hashed password and salt based on the origional visible password.<br /><br /></p> <?php $FormGen = new FormGen(); $FormGen->AddElement(array("type" => "text", "name" => "password", "placeholder" => "Password"), array("title" => "Password")); $FormGen->AddElement(array("type" => "submit", "value" => "Submit")); echo $FormGen->Build(array("ColNum" => 3, "data" => $_POST)); ?> <?php if (count($_POST) > 0) { $TempUser = new User(); $TempUser->SetPassword($_POST["password"]); echo "<p>Origional password: <b>" . $_POST["password"] . "</b></p>"; echo "<p>Hashed password: <b>" . $TempUser->Data["password"] . "</b></p>"; echo "<p>Generated salt: <b>" . $TempUser->Data["salt"] . "</b></p>"; unset($TempUser); }
<?php /* * doLogin.php * * The login action. * * Written by: Bruno Schifer Bernardi * Last Updated: August 01, 2007 */ require '../../schifers/constants/cdConstants.php'; require '../../' . $WEB_SITE . 'src/cdDatabase.php'; require '../../' . $WEB_SITE . 'src/cdUser.php'; require '../../' . $WEB_SITE . 'src/cdSession.php'; $username = $_POST["p_username"]; $password = $_POST["p_password"]; $id = $_POST["p_session_id"]; $user = new User(); $user->SetDatabase($database); $user->SetUsername($username); $user->SetPassword($password); $user->Encrypt(); $session = new Session(); $session->SetDatabase($database); $session->SetUser($user); $session->Login($id, $username, $user->GetEncryptedPassword()); if ($session->IsLoggedIn()) { echo "<script language='Javascript'> window.location = \"/" . $WEB_SITE . "pages/pgRestricted.php\" </script>"; } else { echo "<script language='Javascript'> window.location = \"/index.php?error_message=Login Inválido!\" </script>"; }
#We don't want to see this if no password was given $validinfo = false; $error .= "<li>" . lang('nopasswordmatch') . "</li>"; } } if (!empty($email) && !is_email($email)) { $validinfo = false; $error .= '<li>' . lang('invalidemail') . '</li>'; } if ($validinfo) { #$new_user_id = $db->GenID(cms_db_prefix()."users_seq"); #$query = "INSERT INTO ".cms_db_prefix()."users (user_id, username, password, active, create_date, modified_date) VALUES ($new_user_id, ".$db->qstr($user).", ".$db->qstr(md5($password)).", $active, '".$db->DBTimeStamp(time())."', '".$db->DBTimeStamp(time())."')"; #$result = $db->Execute($query); $newuser = new User(); $newuser->username = $user; $newuser->SetPassword($password); $newuser->active = $active; $newuser->firstname = $firstname; $newuser->lastname = $lastname; $newuser->email = $email; $newuser->adminaccess = $adminaccess; $newuser->SetPassword($password); #Perform the adduser_pre callback foreach ($gCms->modules as $key => $value) { if ($gCms->modules[$key]['installed'] == true && $gCms->modules[$key]['active'] == true) { $gCms->modules[$key]['object']->AddUserPre($newuser); } } Events::SendEvent('Core', 'AddUserPre', array('user' => &$newuser)); $result = $newuser->save(); if ($result) {
if (!$application == NULL) { if ($application->IsConfigured()) { redirect("login.php", 301); exit; } else { if (isset($_POST['USERNAME']) && isset($_POST['PWD']) && isset($_POST['PWDR'])) { //TODO Clear Input if ($_POST['USERNAME'] == "" || $_POST['PWD'] == "" || $_POST['PWDR'] == "") { throw new Exception("Fields cannot be empty"); } if ($_POST['PWD'] != $_POST['PWDR']) { throw new Exception("Two passwords are different"); } $new = new User(); $new->SetID($_POST['USERNAME']); $new->SetPassword($_POST['PWD']); $new->SetAdmin(TRUE); $new->SetValid(TRUE); $new->Save(); $msg = "User added successfully"; } } } } catch (Exception $e) { $error = $e->getMessage(); } ?> <html> <head> <title>RaspiControl</title>
<?php /* * doCloseSession.php * * The close session action. * * Written by: Bruno Schifer Bernardi * Last Updated: September 18, 2007 */ require '../constants/cdConstants.php'; require '../src/cdDatabase.php'; require '../src/cdUser.php'; require '../src/cdSession.php'; if (isset($_POST["p_close_session"])) { $action = $_POST["p_close_session"]; $id = $_COOKIE["cookie_userid"]; if ($action == 1) { $user = new User(); $user->SetDatabase($database); $user->SetUsername("guest"); $user->SetPassword("guest"); $user->Encrypt(); $session = new Session(); $session->SetDatabase($database); $session->TerminateSession($id); echo "<script language='Javascript'>window.location = \"../pages/pgExit.php\";</script>"; } }