function auth_attempt_login($username = "", $password = "")
{
    $login_method = LOGIN_METHOD;
    if ($login_method == 'LDAP') {
        if (ldap_authenticate($username, $password)) {
            #user successfully authenticated, proceed with login
            auth_login($username);
        }
    } else {
        if (auth_does_password_match($username, $password)) {
            #user successfully authenticated, proceed with login
            auth_login($username);
        }
    }
    # check if user logged in
    $logged_in = session_getLogged_in();
    # if user not logged in, login failed, redirect back to the page where the user
    # tried to login
    if (!$logged_in) {
        $switch_project = $_POST['login']['switch_project'];
        $redirect_page = $_POST['login']['page'];
        $redirect_page_get = $_POST['login']['get'];
        # redirect to the appropriate page
        if (empty($redirect_page)) {
            error_report_show("home_page.php?", INVALID_LOGIN);
        } else {
            error_report_show($redirect_page . "?" . $redirect_page_get, INVALID_LOGIN);
        }
    }
}
Esempio n. 2
0
 function settings_plugin_siteexport_settings($functions)
 {
     global $ID;
     $functions->debug->setDebugLevel($this->getConf('debugLevel'));
     $functions->debug->setDebugFile($this->getConf('debugFile'));
     if (empty($_REQUEST['pattern'])) {
         $params = $_REQUEST;
         $this->pattern = $functions->requestParametersToCacheHash($params);
     } else {
         // Set the pattern
         $this->pattern = $_REQUEST['pattern'];
     }
     $this->isCLI = !$_SERVER['REMOTE_ADDR'] && 'cli' == php_sapi_name();
     $this->cachetime = $this->getConf('cachetime');
     if (!empty($_REQUEST['disableCache'])) {
         $this->cachetime = intval($_REQUEST['disableCache']) == 1 ? 0 : $this->cachetime;
     }
     // Load Variables
     $this->origZipFile = $this->getConf('zipfilename');
     $this->ignoreNon200 = $this->getConf('ignoreNon200');
     // ID
     $this->downloadZipFile = $functions->getSpecialExportFileName($this->origZipFile, $this->pattern);
     //        $this->eclipseZipFile = $functions->getSpecialExportFileName(getNS($this->origZipFile) . ':' . $this->origEclipseZipFile, $this->pattern);
     $this->zipFile = mediaFN($this->downloadZipFile);
     $this->tmpDir = mediaFN(getNS($this->origZipFile));
     $this->exportLinkedPages = intval($_REQUEST['exportLinkedPages']) == 1 ? true : false;
     $this->namespace = $functions->getNamespaceFromID($_REQUEST['ns'], $PAGE);
     $this->addParams = !empty($_REQUEST['addParams']);
     $this->useTOCFile = !empty($_REQUEST['useTocFile']);
     // set export Namespace - which is a virtual Root
     $pg = noNS($ID);
     if (empty($this->namespace)) {
         $this->namespace = $functions->getNamespaceFromID(getNS($ID), $pg);
     }
     $this->exportNamespace = !empty($_REQUEST['ens']) && preg_match("%^" . $functions->getNamespaceFromID($_REQUEST['ens'], $pg) . "%", $this->namespace) ? $functions->getNamespaceFromID($_REQUEST['ens'], $pg) : $this->namespace;
     $this->TOCMapWithoutTranslation = intval($_REQUEST['TOCMapWithoutTranslation']) == 1 ? true : false;
     // Strip params that should be forwarded
     $this->additionalParameters = $_REQUEST;
     $functions->removeWikiVariables($this->additionalParameters, true);
     $tmpID = $ID;
     $ID = $this->origZipFile;
     $INFO = pageinfo();
     if (!$this->isCLI) {
         // Workaround for the cron which cannot authenticate but has access to everything.
         if ($INFO['perm'] < AUTH_DELETE) {
             list($USER, $PASS) = $functions->basic_authentication();
             auth_login($USER, $PASS);
         }
     }
     $ID = $tmpID;
 }
Esempio n. 3
0
<?php

try {
    require_once 'phpincludes/init.inc.php';
    // hvis bruger er logget ind, send videre til index.php
    if (auth_is_logged_in()) {
        header('location: index.php');
    }
    // hvis formular udfyldt
    if (isset($_POST['brugernavn'])) {
        $input = array('brugernavn' => $_POST['brugernavn'], 'password' => $_POST['password']);
        if (auth_login($input['brugernavn'], $input['password'])) {
            // hvis login success, send brugere videre til index.php
            header('location: index.php');
        } else {
            $smarty->assign('error', 'Wrong username or password');
        }
        $smarty->assign('input', $input);
    }
    $smarty->assign('set_focus', 'true');
    $smarty->assign('contenttemplate', 'login.tpl');
} catch (Exception $e) {
    fatal_error($e);
}
$smarty->display(WEBFRONTEND_MAINTEMPLATE);
Esempio n. 4
0
<?php

include "rdfl_connect.inc";
global $default_dbname, $pooling_pt_table, $pooling_mem_table;
if (isset($_POST['posted'])) {
    $admin_id = $_POST['admin_id'];
    $admin_passwd = $_POST['admin_passwd'];
    if (!isset($admin_id)) {
        echo "<script language=\"javascript\">javascript:window.alert(\"Enter Valid Login-ID ?\");history.go(-1);</script>";
    } else {
        session_start();
        @session_register('$admin_id', '$admin_passwd');
        $name = auth_login($admin_id, $admin_passwd);
        if (!$name) {
            //$PHP_SELF=$_SERVER['PHP_SELF'];
            @session_unregister('$admin_id');
            @session_unregister('$admin_passwd');
            //echo "Authorization Failed ?.You Must Enter Valid Login-ID and Password<br>\n";
            //echo "<a href=\"$PHP_SELF\">Click Here To Try Again</a>";
            echo "<script language=\"javascript\">javascript:window.alert(\"Admin Not Found ? Try Again......\");history.go(-1);</script>";
        } else {
            //echo "Login Successfully !";
            //echo "<script language=\"javascript\">javascript:window.location.href='rdfl_home.php';</script>";
            ?>
<html>
<head>
<title>RDFL Home</title>
<link rel="stylesheet" type="text/css" href="styles/mainnav.css" media="screen, projection, print"/>
<script type="text/javascript">

function startTime()
 /**
  * Handle the login
  *
  * This either trusts the session data (if any), processes the second oAuth step or simply
  * executes a normal plugin against local users.
  *
  * @param string $user
  * @param string $pass
  * @param bool   $sticky
  * @return bool
  */
 function trustExternal($user, $pass, $sticky = false)
 {
     global $USERINFO;
     // check session for existing oAuth login data
     $session = $_SESSION[DOKU_COOKIE]['auth'];
     if (isset($session['oauth'])) {
         $servicename = $session['oauth'];
         // check if session data is still considered valid
         if ($this->isSessionValid($session)) {
             $_SERVER['REMOTE_USER'] = $session['user'];
             $USERINFO = $session['info'];
             return true;
         }
     }
     $existingLoginProcess = false;
     // are we in login progress?
     if (isset($_SESSION[DOKU_COOKIE]['oauth-inprogress'])) {
         $servicename = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['service'];
         $page = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['id'];
         unset($_SESSION[DOKU_COOKIE]['oauth-inprogress']);
         $existingLoginProcess = true;
     }
     // either we're in oauth login or a previous log needs to be rechecked
     if (isset($servicename)) {
         /** @var helper_plugin_oauth $hlp */
         $hlp = plugin_load('helper', 'oauth');
         /** @var OAuth\Plugin\AbstractAdapter $service */
         $service = $hlp->loadService($servicename);
         if (is_null($service)) {
             $this->cleanLogout();
             return false;
         }
         if ($service->checkToken()) {
             $ok = $this->processLogin($sticky, $service, $servicename, $page);
             if (!$ok) {
                 $this->cleanLogout();
                 return false;
             }
             return true;
         } else {
             if ($existingLoginProcess) {
                 msg($this->getLang('oauth login failed'), 0);
                 $this->cleanLogout();
                 return false;
             } else {
                 // first time here
                 $this->relogin($servicename);
             }
         }
         $this->cleanLogout();
         return false;
         // something went wrong during oAuth login
     } elseif (isset($_COOKIE[DOKU_COOKIE])) {
         global $INPUT;
         //try cookie
         list($cookieuser, $cookiesticky, $auth, $servicename) = explode('|', $_COOKIE[DOKU_COOKIE]);
         $cookieuser = base64_decode($cookieuser, true);
         $auth = base64_decode($auth, true);
         $servicename = base64_decode($servicename, true);
         if ($auth === 'oauth') {
             $this->relogin($servicename);
         }
     }
     // do the "normal" plain auth login via form
     return auth_login($user, $pass, $sticky);
 }
Esempio n. 6
0
/* Step 2.2: Add per-page bits in the header */
function core_addScriptFile($type, $url)
{
    global $extraHeaders;
    $extraHeaders += '<script type="' . $type . '" src="' . $url . '"></script>' . "\n";
}
function core_addScriptCode($type, $codeString)
{
    global $extraHeaders;
    $extraHeaders += '<script type="' . $type . '">' . "\n" . $codeString . "\n" . '</script>';
}
/* Step 3: Authentication handling */
require_once "library/core/util-auth.php";
switch ($_REQUEST['auth-action']) {
    case 'logout':
        auth_logout();
        break;
    case 'login':
        auth_login();
        break;
    default:
        auth_validate();
        break;
}
/* Step 4: Gather/store skin information */
require_once "library/core/util-skin.php";
skin_storeName();
skin_include("parameters.php");
/* Step 5: Import commonly used classes */
require_once "library/core/class-block.php";
require_once "library/core/class-story.php";
Esempio n. 7
0
                background-attachment:fixed;
            }
    </style>
</head>
<body>
<?php 
if (isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = md5($_POST['password']);
    try {
        $conn = connect();
    } catch (Exception $error) {
        display_message($error->getMessage(), "", "error");
        exit;
    }
    if (auth_login($conn, $username, $password)) {
        $_SESSION['islogin'] = true;
        header("location:./admin.php");
    } else {
        $_SESSION['islogin'] = false;
        display_message("登陆失败", "用户名或密码错误", "error");
    }
}
?>
    <div class="top-content">
        <div class="inner-bg">
            <div class="container">
                <div class="row">
                    <div class="col-sm-6 col-sm-offset-3 form-box">
                        <div class="form-top">
                            <div class="form-top-left">
Esempio n. 8
0
         exit;
     }
 }
 //set up the template replacements
 tpl_set_var('username', '');
 tpl_set_var('target', $target);
 //already logged in?
 if ($usr == false) {
     //set login template
     $tplname = 'login';
     //get the login email address and password
     $usr['email'] = isset($_POST['email']) ? $_POST['email'] : '';
     $usr['password'] = isset($_POST['password']) ? $_POST['password'] : '';
     if ($usr['email'] != '' && $usr['password'] != '') {
         //try to log in
         $retval = auth_login($usr['email'], $usr['password']);
         //delete password
         unset($usr['password']);
         if ($retval == false) {
             //login not ok
             switch ($autherr) {
                 case AUTHERR_TOOMUCHLOGINS:
                     $message = $error_toomuchlogins;
                     break;
                 case AUTHERR_INVALIDEMAIL:
                     $message = $error_invalidemail;
                     break;
                 case AUTHERR_WRONGAUTHINFO:
                     $message = $error_wrongauthinfo;
                     break;
                 case AUTHERR_USERNOTACTIVE:
Esempio n. 9
0
 * @author Isa Worcs
 * @link http://www.getpixie.co.uk
 * @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3
 *
 */
if (isset($login_submit) && $login_submit) {
    if (!isset($username)) {
        $username = NULL;
    }
    if (!isset($password)) {
        $password = NULL;
    }
    if (!isset($remember)) {
        $remember = NULL;
    }
    $log_in = auth_login($username, $password, $remember);
    if (!$log_in) {
        $s = 'myaccount';
        logme($lang['ok_login'], 'no', 'user');
    } else {
        $s = 'login';
        $message = $log_in;
        logme($lang['failed_login'], 'yes', 'error');
    }
} else {
    if (isset($s) && $s == 'logout') {
        setcookie('pixie_login', ' ', time() - 3600, '/');
        $s = 'login';
        if (isset($tool) && $tool == 'home') {
            header('Location: ../');
            exit;
Esempio n. 10
0
/**
 * This tries to login the user based on the sent auth credentials
 *
 * The authentication works like this: if a username was given
 * a new login is assumed and user/password are checked. If they
 * are correct the password is encrypted with blowfish and stored
 * together with the username in a cookie - the same info is stored
 * in the session, too. Additonally a browserID is stored in the
 * session.
 *
 * If no username was given the cookie is checked: if the username,
 * crypted password and browserID match between session and cookie
 * no further testing is done and the user is accepted
 *
 * If a cookie was found but no session info was availabe the
 * blowfish encrypted password from the cookie is decrypted and
 * together with username rechecked by calling this function again.
 *
 * On a successful login $_SERVER[REMOTE_USER] and $USERINFO
 * are set.
 *
 * @author  Andreas Gohr <*****@*****.**>
 *
 * @param   string  $user    Username
 * @param   string  $pass    Cleartext Password
 * @param   bool    $sticky  Cookie should not expire
 * @param   bool    $silent  Don't show error on bad auth
 * @return  bool             true on successful auth
*/
function auth_login($user, $pass, $sticky = false, $silent = false)
{
    global $USERINFO;
    global $conf;
    global $lang;
    global $auth;
    $sticky ? $sticky = true : ($sticky = false);
    //sanity check
    if (!empty($user)) {
        //usual login
        if ($auth->checkPass($user, $pass)) {
            // make logininfo globally available
            $_SERVER['REMOTE_USER'] = $user;
            $USERINFO = $auth->getUserData($user);
            // set cookie
            $pass = PMA_blowfish_encrypt($pass, auth_cookiesalt());
            $cookie = base64_encode("{$user}|{$sticky}|{$pass}");
            if ($sticky) {
                $time = time() + 60 * 60 * 24 * 365;
            }
            //one year
            setcookie(DOKU_COOKIE, $cookie, $time, DOKU_REL);
            // set session
            $_SESSION[DOKU_COOKIE]['auth']['user'] = $user;
            $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass;
            $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid();
            $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO;
            $_SESSION[DOKU_COOKIE]['auth']['time'] = time();
            return true;
        } else {
            //invalid credentials - log off
            if (!$silent) {
                msg($lang['badlogin'], -1);
            }
            auth_logoff();
            return false;
        }
    } else {
        // read cookie information
        $cookie = base64_decode($_COOKIE[DOKU_COOKIE]);
        list($user, $sticky, $pass) = split('\\|', $cookie, 3);
        // get session info
        $session = $_SESSION[DOKU_COOKIE]['auth'];
        if ($user && $pass) {
            // we got a cookie - see if we can trust it
            if (isset($session) && $auth->useSessionCache($user) && $session['time'] >= time() - $conf['auth_security_timeout'] && $session['user'] == $user && $session['pass'] == $pass && $session['buid'] == auth_browseruid()) {
                // he has session, cookie and browser right - let him in
                $_SERVER['REMOTE_USER'] = $user;
                $USERINFO = $session['info'];
                //FIXME move all references to session
                return true;
            }
            // no we don't trust it yet - recheck pass but silent
            $pass = PMA_blowfish_decrypt($pass, auth_cookiesalt());
            return auth_login($user, $pass, $sticky, true);
        }
    }
    //just to be sure
    auth_logoff();
    return false;
}
Esempio n. 11
0
                        // Good code, enable the account and login...
                        db_query("UPDATE users SET is_published = 1 WHERE name='{$name}'");
                        if (auth_login($username, $password) == "") {
                            db_query("UPDATE users SET is_published = 0 WHERE name='{$name}'");
                            $usererror = "Login failed!";
                        }
                    } else {
                        $usererror = "Bad registration code!";
                    }
                } else {
                    $usererror = "Username not found!";
                }
                db_free($result);
            } else {
                if ($argc == 0 && $username != "" && $password != "") {
                    if (auth_login($username, $password) == "") {
                        $usererror = "Login failed!";
                    }
                }
            }
        }
    }
} else {
    $username = "";
    $password = "";
    $password2 = "";
    $email = "";
    $register = "";
}
if ($LOGIN_USER != "") {
    header("Location: {$page}");
Esempio n. 12
0
 /**
  * Handle the login
  *
  * This either trusts the session data (if any), processes the second oAuth step or simply
  * executes a normal plugin against local users.
  *
  * @param string $user
  * @param string $pass
  * @param bool   $sticky
  * @return bool
  */
 function trustExternal($user, $pass, $sticky = false)
 {
     global $conf;
     global $USERINFO;
     // are we in login progress?
     if (isset($_SESSION[DOKU_COOKIE]['oauth-inprogress'])) {
         $servicename = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['service'];
         $page = $_SESSION[DOKU_COOKIE]['oauth-inprogress']['id'];
         unset($_SESSION[DOKU_COOKIE]['oauth-inprogress']);
     }
     // check session for existing oAuth login data
     $session = $_SESSION[DOKU_COOKIE]['auth'];
     if (!isset($servicename) && isset($session['oauth'])) {
         $servicename = $session['oauth'];
         // check if session data is still considered valid
         if ($session['time'] >= time() - $conf['auth_security_timeout'] && $session['buid'] == auth_browseruid()) {
             $_SERVER['REMOTE_USER'] = $session['user'];
             $USERINFO = $session['info'];
             return true;
         }
     }
     // either we're in oauth login or a previous log needs to be rechecked
     if (isset($servicename)) {
         /** @var helper_plugin_oauth $hlp */
         $hlp = plugin_load('helper', 'oauth');
         $service = $hlp->loadService($servicename);
         if (is_null($service)) {
             return false;
         }
         if ($service->checkToken()) {
             $uinfo = $service->getUser();
             $uinfo['user'] = $this->cleanUser((string) $uinfo['user']);
             if (!$uinfo['name']) {
                 $uinfo['name'] = $uinfo['user'];
             }
             if (!$uinfo['user'] || !$uinfo['mail']) {
                 msg("{$servicename} did not provide the needed user info. Can't log you in", -1);
                 return false;
             }
             // see if the user is known already
             $user = $this->getUserByEmail($uinfo['mail']);
             if ($user) {
                 $sinfo = $this->getUserData($user);
                 // check if the user allowed access via this service
                 if (!in_array($this->cleanGroup($servicename), $sinfo['grps'])) {
                     msg(sprintf($this->getLang('authnotenabled'), $servicename), -1);
                     return false;
                 }
                 $uinfo['user'] = $user;
                 $uinfo['name'] = $sinfo['name'];
                 $uinfo['grps'] = array_merge((array) $uinfo['grps'], $sinfo['grps']);
             } else {
                 // new user, create him - making sure the login is unique by adding a number if needed
                 $user = $uinfo['user'];
                 $count = '';
                 while ($this->getUserData($user . $count)) {
                     if ($count) {
                         $count++;
                     } else {
                         $count = 1;
                     }
                 }
                 $user = $user . $count;
                 $uinfo['user'] = $user;
                 $groups_on_creation = array();
                 $groups_on_creation[] = $conf['defaultgroup'];
                 $groups_on_creation[] = $this->cleanGroup($servicename);
                 // add service as group
                 $uinfo['grps'] = array_merge((array) $uinfo['grps'], $groups_on_creation);
                 $ok = $this->triggerUserMod('create', array($user, auth_pwgen($user), $uinfo['name'], $uinfo['mail'], $groups_on_creation));
                 if (!$ok) {
                     msg('something went wrong creating your user account. please try again later.', -1);
                     return false;
                 }
                 // send notification about the new user
                 $subscription = new Subscription();
                 $subscription->send_register($user, $uinfo['name'], $uinfo['mail']);
             }
             // set user session
             $this->setUserSession($uinfo, $servicename);
             $cookie = base64_encode($user) . '|' . (int) $sticky . '|' . base64_encode('oauth') . '|' . base64_encode($servicename);
             $cookieDir = empty($conf['cookiedir']) ? DOKU_REL : $conf['cookiedir'];
             $time = $sticky ? time() + 60 * 60 * 24 * 365 : 0;
             setcookie(DOKU_COOKIE, $cookie, $time, $cookieDir, '', $conf['securecookie'] && is_ssl(), true);
             if (isset($page)) {
                 send_redirect(wl($page));
             }
             return true;
         } else {
             $this->relogin($servicename);
         }
         unset($_SESSION[DOKU_COOKIE]['auth']);
         return false;
         // something went wrong during oAuth login
     } elseif (isset($_COOKIE[DOKU_COOKIE])) {
         global $INPUT;
         //try cookie
         list($cookieuser, $cookiesticky, $auth, $servicename) = explode('|', $_COOKIE[DOKU_COOKIE]);
         $cookieuser = base64_decode($cookieuser, true);
         $auth = base64_decode($auth, true);
         $servicename = base64_decode($servicename, true);
         if ($auth === 'oauth') {
             $this->relogin($servicename);
         }
     }
     // do the "normal" plain auth login via form
     return auth_login($user, $pass, $sticky);
 }
Esempio n. 13
0
 private function check_doku_auth($doku_server, $consumer_key)
 {
     /*{{{*/
     $acllimit = $doku_server->get_consumer_acl($consumer_key);
     $user = NULL;
     if ($_SERVER['REMOTE_USER']) {
         $user = $_SERVER['REMOTE_USER'];
         $this->_debug("dokuwiki already authenticated user: {$user}");
     } else {
         if (auth_login("", "", false, true)) {
             #          auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],false,true); # workaround for workaround above ;)
             $this->_debug("user logged-in via COOKIE: {$user}");
             global $USERINFO;
             $user = $_SERVER['REMOTE_USER'];
         }
     }
     // TODO: check group(s), not is_admin, etc.
     if (is_array($acllimit['users']) && !in_array($user, $acllimit['users'])) {
         $this->_debug("denied user '{$user}' for this consumer.");
         msg("Consumer is not allowed access to this user.", -1);
         #auth_logoff();
         $user = NULL;
     }
     return $user;
 }
Esempio n. 14
0
 /**
  * remove an old zip file
  **/
 function __removeOldZip($FILENAMEID = null, $checkForMore = true)
 {
     global $INFO;
     global $conf;
     $returnValue = true;
     if (empty($FILENAMEID)) {
         $FILENAMEID = $this->functions->settings->origZipFile;
     }
     if (!$this->functions->settings->isCLI) {
         $INFO = pageinfo();
         if ($INFO['perm'] < AUTH_DELETE && !$this->functions->settings->isAuthed) {
             list($USER, $PASS) = $this->functions->basic_authentication();
             $this->functions->settings->isAuthed = auth_login($USER, $PASS);
             $this->functions->debug->message("Login With:", array('User' => $USER, 'Password' => '*****', 'isAuthed' => $this->functions->settings->isAuthed));
             $INFO = pageinfo();
         }
     }
     if (!file_exists(mediaFN($FILENAMEID))) {
         $returnValue = true;
     } else {
         require_once DOKU_INC . 'inc/media.php';
         if (!media_delete($FILENAMEID, $INFO['perm'])) {
             $returnValue = false;
         }
     }
     if ($checkForMore) {
         // Try to remove more files.
         $ns = getNS($FILENAMEID);
         $fn = $this->functions->getSpecialExportFileName(noNS($FILENAMEID), '.+');
         $data = array();
         search($data, $conf['mediadir'], 'search_media', array('pattern' => "/{$fn}\$/i"), $ns);
         if (count($data > 0)) {
             // 30 Minuten Cache Zeit
             $cache = $this->functions->settings->cachetime;
             foreach ($data as $media) {
                 //decide if has to be deleted needed:
                 if ($media['mtime'] < time() - $cache) {
                     $this->__removeOldZip($media['id'], false);
                 }
             }
         }
     }
     return $returnValue;
 }
Esempio n. 15
0
 function login($user, $pass)
 {
     global $conf;
     global $auth;
     if (!$conf['useacl']) {
         return 0;
     }
     if (!$auth) {
         return 0;
     }
     if ($auth->canDo('external')) {
         return $auth->trustExternal($user, $pass, false);
     } else {
         return auth_login($user, $pass, false, true);
     }
 }
Esempio n. 16
0
        // parse dic file
        // ...
    }
    echo "error - {$error} id is {$id} " . var_dump($_FILES);
    if (!$error) {
        echo var_dump($files);
    }
}
//
//  New case block
//
if ($cmd == "logout") {
    $return = auth_logout();
}
if ($cmd == "auth") {
    $return = auth_login();
}
//
if ($auth) {
    $subcmd = substr($cmd, strlen($cmd) - 4);
    if ($subcmd == "_lst" || $subcmd == "_str" || $subcmd == "_upd" || $subcmd == "_del" || $subcmd == "_new") {
        $return = process_table();
    } else {
        if ($cmd == "text_anl") {
            $return = text_analyser();
        }
        if ($cmd == "dic_upl") {
            $return = dic_upload();
        }
    }
}
Esempio n. 17
0
#
# phpcrawl testinterface
# requires class phpcrawler (at least version 0.7)
#
# Part of the package phpcrawl
#
# Copyright (C) 2004 Uwe Hunfeld (phpcrawl@cuab.de)
#
# A visual HTML-interface for setting up an testing the phpcrawler-class.
#
# GNU General Public License
########################################################################
include "phpcrawl_testinterface.func.php";
include "phpcrawl_testinterface.conf.php";
// Login (http-auth)
auth_login($cfg_authUsername, $cfg_authPassword);
set_time_limit(0);
if (get_magic_quotes_gpc() == true) {
    stripSlashesRec($_POST);
}
// Workaround, convert array $_POST["val"] to "plain" array $val
// Same with output-array ans misc-array
$val =& $_POST["val"];
$output =& $_POST["output"];
$misc =& $_POST["misc"];
// Save current setup (array $val)
if (isset($_POST["action"]) && $_POST["action"] == "save_setup") {
    // Convert the setup-coment
    $misc["comment"] = htmlentities($misc["comment"], ENT_QUOTES);
    $setuparray_combined["setup"] =& $val;
    $setuparray_combined["output"] =& $output;
Esempio n. 18
0
function login_display($task)
{
    global $db, $cfg;
    if ($task == NULL) {
        if (auth_logged_in()) {
            $task = 'profile';
        } else {
            $task = 'login';
        }
    }
    switch ($task) {
        case "register":
            $form = new HTML_QuickForm('regForm', 'post', 'index.php?view=login&task=register');
            $form->addElement('header', null, 'Register');
            $form->addElement('text', 'handle', 'Handle:');
            $form->addElement('password', 'password', 'Password:'******'password', 'password2', 'Retype Password:'******'text', 'email', 'Email:');
            $form->addElement('header', null, 'Personal Information');
            $form->addElement('text', 'first_name', 'First Name:');
            $form->addElement('text', 'last_name', 'Last Name:');
            $date = getdate();
            $form->addElement('date', 'birth_date', 'Date of Birth:', array('minYear' => $date['year'] - 100, 'maxYear' => $date['year']));
            $form->addElement('text', 'address', 'Street Address:');
            $form->addElement('text', 'city', 'City:');
            $form->addElement('text', 'state', 'State:');
            $form->addElement('text', 'zip', 'Zip:');
            $form->addElement('select', 'division', 'Division:', $cfg["tcl"]["divisions"]);
            $form->addElement('text', 'phone', 'Phone:');
            $form->addElement('textarea', 'quote', 'Quote:', array('rows' => 3));
            $form->addElement('header', null, 'For Password Recovery');
            $form->addElement('text', 'question', 'Secret Question:');
            $form->addElement('text', 'secret', 'Secret Answer:');
            $form->addElement('submit', null, 'Submit');
            $form->applyFilter('handle', 'trim');
            $form->applyFilter('handle', 'strtolower');
            $form->applyFilter('email', 'trim');
            $form->applyFilter('first_name', 'trim');
            $form->applyFilter('last_name', 'trim');
            $form->applyFilter('address', 'trim');
            $form->applyFilter('state', 'trim');
            $form->applyFilter('city', 'trim');
            $form->applyFilter('zip', 'trim');
            $form->applyFilter('phone', 'trim');
            $form->applyFilter('question', 'trim');
            $form->applyFilter('secret', 'trim');
            $form->addRule('handle', 'Handle is required.', 'required', null, 'client');
            $form->addRule('handle', 'Handle can only contain alphabets, numbers. and/or undescores.', 'alphanumericscore', null, 'client');
            $form->addRule('password', 'Password is required.', 'required', null, 'client');
            $form->addRule('password2', 'Retyped password is required.', 'required', null, 'client');
            $form->addRule('email', 'Email is required.', 'required', null, 'client');
            $form->addRule('division', 'Division is required.', 'required', null, 'client');
            $form->addRule('first_name', 'First name is required.', 'required', null, 'client');
            $form->addRule('last_name', 'Last name is required.', 'required', null, 'client');
            $form->addRule('question', 'Secret question is required.', 'required', null, 'client');
            $form->addRule('secret', 'Secret answer is required.', 'required', null, 'client');
            $form->addRule('handle', 'Login handle must be between 4 and 15 characters.', 'rangelength', array(4, 15), 'client');
            $form->addRule('password', 'Password must be between 6 and 15 characters.', 'rangelength', array(4, 15), 'client');
            $form->addRule('email', 'Email is invalid.', 'email', null, 'client');
            $form->addRule(array('password', 'password2'), 'Passwords much match.', 'compare', null, 'client');
            $show_form = true;
            if ($form->validate()) {
                $data = $form->getSubmitValues();
                unset($data['password2']);
                // Verify that email is unique
                $res =& db_query('user_by_email', $data['email']);
                if ($res->numRows() != 0) {
                    $res->fetchInto($user);
                    $res->free();
                    ?>
				<p><b>Email already registered to an existing user!</b><br />
				User <?php 
                    echo '<b>' . $user['handle'] . '</b>';
                    ?>
 owns that email address. Maybe you've already registered and forgotten about it?
				Try <a href="index.php?view=login&amp;task=login">logging in</a> if that is the case.</p>
				<?php 
                } else {
                    // Format the birth date correctly
                    $data['birth_date'] = form2sql_date($data['birth_date']);
                    $user = auth_register($data);
                    if ($user == null) {
                        $show_form = false;
                        ?>
	<p><strong>Thanks for registering!</strong><br /> Please proceed to <a href="index.php?view=login&amp;task=login">login</a> into your new account.</p>
	<?php 
                    } else {
                        ?>
	<p><b>That user-handle has already been taken!</b><br/> It belongs to an user registered with the name <?php 
                        echo $user['first_name'] . ' ' . $user['last_name'];
                        ?>
. Please try again with another handle.</p>
	<?php 
                    }
                }
            }
            if ($show_form) {
                ?>
<p><strong>Please fill in your details below.</strong><br /> 
Please choose your <strong>handle</strong> and <strong>division</strong> carefully. Once chosen, they cannot be changed. Moreover, choosing an inappropriate division will lead to disqualification.
<br> 
<br>Any doubts and problems should find their way to the <? echo '<a href="mailto:'.$cfg["site"]["email"].'">admins</a>'; ?>.
</p>
<?php 
                $form->display();
            }
            break;
        case 'logout':
            auth_logout();
            redirect('index.php');
            break;
        case 'login':
            $form = new HTML_QuickForm('loginForm', 'post', 'index.php?view=login&task=login');
            $form->addElement('header', null, 'Login');
            $form->addElement('text', 'handle', 'Handle:');
            $form->addElement('password', 'password', 'Password:'******'submit', null, 'Submit');
            $form->applyFilter('handle', 'trim');
            $form->applyFilter('handle', 'strtolower');
            if ($form->validate()) {
                if (auth_login($form->getSubmitValue('handle'), $form->getSubmitValue('password'))) {
                    redirect('index.php');
                } else {
                    echo "<p>Invalid handle or password! Please try again.</p>\n";
                }
            } else {
                $signature = '<i>' . $_SERVER['SERVER_SOFTWARE'] . ' Server at ' . $_SERVER['SERVER_NAME'] . ', port ' . $_SERVER['SERVER_PORT'] . '</i>';
                ?>
<p><strong>Welcome!</strong><br />
Please login to proceed, or <a href="index.php?view=login&amp;task=register">register</a>
 with us if you're new here.</p>
<?php 
            }
            $form->display();
            ?>
<p class="system_info">This is <b>OGS 2</b> running on <? echo $signature ?>.<br />
<b>Server System:</b> <?php 
            system("uname -srmp");
            ?>
</p>
<hr />
<div id="javascript_warn"><p><strong>Warning!</strong> Javascript is not enabled on your browser. Many features will not work without it.</p></div>
<script type="text/javascript">
getObj('javascript_warn').style.display = "none";
</script>
<p><strong>Before you login.</strong> This website makes heavy use of modern web technologies such as CSS
and Javascript, to enjoy which, you'll need a modern browser. Below is a list of browsers along with their
earliest versions which are guaranteed to work with this website. For best results, we recommend a resolution higher than 800x600 with True Color (32-bit).</p>
<table class="browsers">
<tr>
    <td><img width="32" height="32" src="images/firefox-icon.png" /></td>
    <td><img width="32" height="32" src="images/opera_icon.gif" /></td>
    <td><img width="32" height="32" src="images/internet-explorer-icon.png" /></td>
    <td><img width="32" height="32" src="images/mozilla-icon.png" /></td>
    <td><img width="32" height="32" src="images/safari-icon.png" /></td>
    <td><img width="32" height="32" src="images/icon-konqueror.jpg" /></td>
    <td><img width="32" height="32" src="images/netscape-icon.png" /></td>
</tr>
<tr>
    <td><a href="http://www.getfirefox.com/">Firefox</a><br />1.0+</td>
    <td><a href="http://www.opera.com/">Opera</a><br />7+</td>
    <td><a href="http://www.microsoft.com/windows/ie/">Internet<br />Explorer</a> 6.0+<a></a></td>
    <td><a href="http://www.mozilla.org/products/mozilla1.x/">Mozilla</a><br />1.3+</td>
    <td><a href="http://www.apple.com/safari/">Safari</a><br />1.2+</td>
    <td><a href="http://www.konqueror.org/">Konqueror</a><br />3+</td>
    <td><a href="http://browser.netscape.com">Netscape</a><br />6+</td>
</tr>
</table>
<p>If you experience any problems while browsing this website using one of the above browsers,
then you're welcome to <a href="mailto:de.arijit@gmail.com">email the webmaster</a>. We hope you'll
enjoy your stay here.</p>
        <?php 
            break;
        case 'forgot':
            ?>
<p><strong>Lost your password?</strong><br />Follow these steps to generate a new password for your account.
You will be mailed the new password once you're done.</p>
<?php 
            $form1 = new HTML_QuickForm('forgotForm1', 'post', 'index.php?view=login&task=forgot');
            $form1->addElement('header', null, 'Password Recovery: Step 1');
            $form1->addElement('text', 'handle', 'Enter your login handle:');
            $form1->addElement('submit', null, 'Next');
            $form1->applyFilter('handle', 'trim');
            $form1->applyFilter('handle', 'strtolower');
            $form1->addRule('handle', 'Your login handle is required.', 'required', null, 'client');
            if ($form1->validate()) {
                redirect('index.php?view=login&task=forgot2&handle=' . $form1->getSubmitValue('handle'));
            } else {
                $form1->display();
                ?>
<p><strong>Please note:</strong> Due to the lack of emailing support on our server (Yes! We require better servers!), you'll have to wait a few
hours before we can mail you your new password manually.</p> 
<?php 
            }
            break;
        case 'forgot2':
            $res =& db_query('user_by_handle', $_GET['handle']);
            if ($res->numRows() == 0) {
                $res->free();
                ?>
<p>The given login handle does not exist!</p>
<?php 
            } else {
                $res->fetchInto($row);
                $res->free();
                if ($row['question'][strlen($row['question']) - 1] != '?') {
                    $row['question'] .= '?';
                }
                $form2 = new HTML_QuickForm('forgotForm2', 'post', 'index.php?view=login&task=forgot2&handle=' . $_GET['handle']);
                $form2->addElement('header', null, 'Password Recovery: Step 2');
                $form2->addElement('static', null, 'Secret Question:', $row['question']);
                $form2->addElement('text', 'secret', 'Secret Answer:');
                $form2->addElement('submit', null, 'Next');
                $form2->applyFilter('secret', 'trim');
                $form2->addRule('secret', 'Answer is required for verification.', 'required', null, 'client');
                if ($form2->validate()) {
                    if ($form2->getSubmitValue('secret') == $row['secret']) {
                        $res =& db_query('clean_forgot', $row['user_id']);
                        $new_pass = Text_Password::create(10);
                        $res =& $db->autoExecute('users', array('password' => crypt($new_pass)), DB_AUTOQUERY_UPDATE, 'user_id=' . $row['user_id']);
                        if (PEAR::isError($res)) {
                            error($res->toString());
                        }
                        $res =& $db->autoExecute('forgot', array('user_id' => $row['user_id'], 'password' => $new_pass), DB_AUTOQUERY_INSERT);
                        if (PEAR::isError($res)) {
                            error($res->toString());
                        }
                        ?>
<p>Due to lack of emailing support on our server (Yes! We require better servers!), your password will
have to be emailed to you manually. You should receive your newly generated password within 12 hours.</p>
<?php 
                    } else {
                        ?>
<p><strong>Incorrect answer!</strong><br /> We need to verify your identity before we can proceed. Please try again.</p> 
<?php 
                        $form2->display();
                    }
                } else {
                    $form2->display();
                }
            }
            break;
        case 'profile':
            ?>
<p>You can view or edit your personal information here. 
Any fields that you leave blank will <i>remain unchanged</i>.</p>
<?php 
            $form = new HTML_QuickForm('profileForm', 'post', 'index.php?view=login&task=profile');
            $res =& db_query('user_by_id', $_SESSION['user_id']);
            $res->fetchInto($row);
            $res->free();
            $form->addElement('header', null, 'Edit Your Profile');
            $form->addElement('static', 'handle', 'Handle:');
            $form->addElement('password', 'password', 'Change Password:'******'password', 'password2', 'Retype Password:'******'text', 'email', 'Email:');
            $form->addElement('header', null, 'Personal Information');
            $form->addElement('text', 'first_name', 'First Name:');
            $form->addElement('text', 'last_name', 'Last Name:');
            $date = getdate();
            $form->addElement('date', 'birth_date', 'Date of Birth:', array('minYear' => $date['year'] - 100, 'maxYear' => $date['year']));
            $form->addElement('text', 'address', 'Street Address:');
            $form->addElement('text', 'city', 'City:');
            $form->addElement('text', 'state', 'State:');
            $form->addElement('text', 'zip', 'Zip:');
            $form->addElement('static', null, 'Division:', $cfg['tcl']['divisions'][$row['division']]);
            $form->addElement('text', 'phone', 'Phone:');
            $form->addElement('textarea', 'quote', 'Quote:');
            $form->addElement('submit', null, 'Save Changes');
            unset($row['password']);
            // Format the birth date
            $row['birth_date'] = sql2form_date($row['birth_date']);
            $form->setDefaults($row);
            $form->applyFilter('email', 'trim');
            $form->applyFilter('first_name', 'trim');
            $form->applyFilter('last_name', 'trim');
            $form->applyFilter('address', 'trim');
            $form->applyFilter('state', 'trim');
            $form->applyFilter('city', 'trim');
            $form->applyFilter('zip', 'trim');
            $form->applyFilter('phone', 'trim');
            $form->addRule('password', 'Password must be between 6 and 15 characters.', 'rangelength', array(4, 15), 'client');
            $form->addRule('email', 'Email is invalid.', 'email', null, 'client');
            $form->addRule(array('password', 'password2'), 'Passwords much match.', 'compare', null, 'client');
            if ($form->validate()) {
                $data = $form->getSubmitValues();
                unset($data['password2']);
                // Format the birth date correctly
                $data['birth_date'] = form2sql_date($data['birth_date']);
                foreach ($data as $key => $value) {
                    if ($value == $row['value'] || strlen($value) == 0) {
                        unset($data[$key]);
                    }
                }
                //print_r($data);
                auth_update($data);
                redirect('index.php?view=login&task=profile&updated=1');
            } else {
                $form->display();
            }
            if ($_GET['updated'] == '1') {
                ?>
                <p><b>Note:</b> Your profile has been updated.</p>
            <?php 
            }
            break;
    }
}
Esempio n. 19
0
/**
 * This tries to login the user based on the sent auth credentials
 *
 * The authentication works like this: if a username was given
 * a new login is assumed and user/password are checked. If they
 * are correct the password is encrypted with blowfish and stored
 * together with the username in a cookie - the same info is stored
 * in the session, too. Additonally a browserID is stored in the
 * session.
 *
 * If no username was given the cookie is checked: if the username,
 * crypted password and browserID match between session and cookie
 * no further testing is done and the user is accepted
 *
 * If a cookie was found but no session info was availabe the
 * blowfish encrypted password from the cookie is decrypted and
 * together with username rechecked by calling this function again.
 *
 * On a successful login $_SERVER[REMOTE_USER] and $USERINFO
 * are set.
 *
 * @author  Andreas Gohr <*****@*****.**>
 *
 * @param   string  $user    Username
 * @param   string  $pass    Cleartext Password
 * @param   bool    $sticky  Cookie should not expire
 * @param   bool    $silent  Don't show error on bad auth
 * @return  bool             true on successful auth
 */
function auth_login($user, $pass, $sticky = false, $silent = false)
{
    global $USERINFO;
    global $conf;
    global $lang;
    /* @var auth_basic $auth */
    global $auth;
    $sticky ? $sticky = true : ($sticky = false);
    //sanity check
    if (!$auth) {
        return false;
    }
    if (!empty($user)) {
        //usual login
        if ($auth->checkPass($user, $pass)) {
            // make logininfo globally available
            $_SERVER['REMOTE_USER'] = $user;
            $secret = auth_cookiesalt(!$sticky);
            //bind non-sticky to session
            auth_setCookie($user, PMA_blowfish_encrypt($pass, $secret), $sticky);
            return true;
        } else {
            //invalid credentials - log off
            if (!$silent) {
                msg($lang['badlogin'], -1);
            }
            auth_logoff();
            return false;
        }
    } else {
        // read cookie information
        list($user, $sticky, $pass) = auth_getCookie();
        if ($user && $pass) {
            // we got a cookie - see if we can trust it
            // get session info
            $session = $_SESSION[DOKU_COOKIE]['auth'];
            if (isset($session) && $auth->useSessionCache($user) && $session['time'] >= time() - $conf['auth_security_timeout'] && $session['user'] == $user && $session['pass'] == sha1($pass) && $session['buid'] == auth_browseruid()) {
                // he has session, cookie and browser right - let him in
                $_SERVER['REMOTE_USER'] = $user;
                $USERINFO = $session['info'];
                //FIXME move all references to session
                return true;
            }
            // no we don't trust it yet - recheck pass but silent
            $secret = auth_cookiesalt(!$sticky);
            //bind non-sticky to session
            $pass = PMA_blowfish_decrypt($pass, $secret);
            return auth_login($user, $pass, $sticky, true);
        }
    }
    //just to be sure
    auth_logoff(true);
    return false;
}
Esempio n. 20
0
session_name($PBSWEBNAME);
session_set_cookie_params($PBSWEBEXPTIME, $PBSWEBPATH);
if (isset($_POST['loginnow']) && $_POST['loginnow'] == "true") {
    # from the login page, renew the session; i.e. logout!
    session_start();
    setcookie($PBSWEBNAME, '', time() - 86400, $PBSWEBPATH);
    unset($_COOKIE[session_name()]);
    $_SESSION = array();
    session_destroy();
}
session_start();
setcookie(session_name(), session_id(), time() + $PBSWEBEXPTIME, $PBSWEBPATH);
include_once "auth.php";
if (!session_is_vaild()) {
    // login!
    auth_login($_POST['username'], $_POST['password']);
} else {
    $username = $_SESSION['username'];
}
$isAdmin = $_SESSION['isadmin'];
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
	<head>
		<title><?php 
echo $TITLE_MAINMENU;
?>
</title>
	</head>
	<body bgcolor="white">