function __construct($username, $password)
{
//if user is authenticated successfully, sets the session to username
if (authenticateUser($username, $password)) {
$_SESSION["username"] = $username;
} else {
throw new Exception("Login Failed!");
}
}
function checkLogin($loginUsername, $loginPassword, $connection)
{
if (authenticateUser($loginUsername, $loginPassword, $connection)) {
registerLogin($loginUsername);
// Clear the formVars so a future <form> is blank
unset($_SESSION["loginFormVars"]);
unset($_SESSION["loginErrors"]);
header("Location: " . S_MAIN);
exit;
} else {
// Register an error message
$_SESSION["message"] = "Username or password incorrect. Login failed.";
header("Location: " . S_LOGIN);
exit;
}
}
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
Header("WWW-Authenticate: Basic realm=\"You must Log In!\"");
Header("HTTP/1.0 401 Unauthorized");
exit;
}
include_once "include_db.php";
include_once "include_functions.php";
$USERNAME = $_SERVER["PHP_AUTH_USER"];
$USERPASS = $_SERVER["PHP_AUTH_PW"];
if (authenticateUser($USERNAME, $USERPASS)) {
$_SESSION["uname"] = $USERNAME;
} else {
echo "Invalid Username or Password!";
unset($_SERVER);
exit;
}
$GLOBAL_VAR_SUBDOMAIN = $_SESSION["subdomain"];
$GLOBAL_VAR_SUBDOMAINUSER = $_SESSION["uname"];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>
<?php
$CLIENTNAME = getVariableFromMasterSubdomainRow('clientName');
echo $CLIENTNAME . " - " . APPNAME;
// <meta name="apple-touch-fullscreen" content="YES" />
?>
</title>
/**
* authenticate a username and password using Basic HTTP Authentication
*
* This function uses authenticateUser(), for authentication, but retrives the userName and password provided via basic auth.
* @return bool return true if the user is already logged in or the basic HTTP auth username and password credentials match a user in the database return false if they don't
* @TODO Security audit for this functionality
* @TODO Do we really need a return value here?
* @TODO should we reauthenticate the user even if already logged in?
* @TODO do we need to set the user language and other jobs done in login.php? Should that loading be moved to a function called from the authenticateUser function?
*/
function basicHTTPAuthenticateUser()
{
global $pgv_lang;
$user_id = getUserId();
if (empty($user_id)) {
//not logged in.
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !authenticateUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], true)) {
header('WWW-Authenticate: Basic realm="' . $pgv_lang["basic_realm"] . '"');
header('HTTP/1.0 401 Unauthorized');
echo $pgv_lang["basic_auth_failure"];
exit;
}
} else {
//already logged in or successful basic authentication
return true;
//probably not needed
}
}
}
if (checkMandatory("newPassword1", "first new password", "pwdErrors", "pwdFormVars")) {
checkMinAndMaxLength("newPassword1", 6, 8, "first new password", "pwdErrors", "pwdFormVars");
}
if (checkMandatory("newPassword2", "second new password", "pwdErrors", "pwdFormVars")) {
checkMinAndMaxLength("newPassword2", 6, 8, "second new password", "pwdErrors", "pwdFormVars");
}
// Did we find no errors? Ok, check the new passwords are the
// same, and that the current password is different.
// Then, check the current password.
if (count($_SESSION["pwdErrors"]) == 0) {
if ($_SESSION["pwdFormVars"]["newPassword1"] != $_SESSION["pwdFormVars"]["newPassword2"]) {
$_SESSION["pwdErrors"]["newPassword1"] = "The new passwords must match.";
} elseif ($_SESSION["pwdFormVars"]["newPassword1"] == $_SESSION["pwdFormVars"]["currentPassword"]) {
$_SESSION["pwdErrors"]["newPassword1"] = "The password must change.";
} elseif (!authenticateUser($_SESSION["loginUsername"], $_SESSION["pwdFormVars"]["currentPassword"], $connection)) {
$_SESSION["pwdErrors"]["currentPassword"] = "******";
}
}
// Now the script has finished the validation,
// check if there were any errors
if (count($_SESSION["pwdErrors"]) > 0) {
// There are errors. Relocate back to the password form
header("Location: " . S_PASSWORD);
exit;
}
// Create the encrypted password
$stored_password = md5(trim($_SESSION["pwdFormVars"]["newPassword1"]));
// Update the user row
$query = "UPDATE users SET password = '******'\n WHERE user_name = '{$_SESSION["loginUsername"]}'";
$result = $connection->query($query);
}
} else {
$out = FAILED;
}
} else {
$out = FAILED;
}
} else {
$out = FAILED;
}
} else {
$out = FAILED;
}
break;
case "responseOfDeviceReqs":
$userId = authenticateUser($db, $username, $password);
if ($userId != NULL) {
$sqlApprove = NULL;
$sqlDiscard = NULL;
if (isset($_REQUEST['approvedDevices'])) {
$deviceNames = split(",", $_REQUEST['approvedDevices']);
$deviceCount = count($deviceNames);
$deviceNamesQueryPart = NULL;
for ($i = 0; $i < $deviceCount; $i++) {
if (strlen($deviceNames[$i]) > 0) {
if ($i > 0) {
$deviceNamesQueryPart .= ",";
}
$deviceNamesQueryPart .= "'" . $deviceNames[$i] . "'";
}
}
<?php
error_reporting(E_ALL);
ini_set('include_path', '.:/Library/WebServer/Documents/gloasis');
session_start();
if (isset($_REQUEST['username'])) {
include "login/user_auth.php";
$login = authenticateUser($_POST['username'], $_POST['password']);
}
if (isset($_SESSION['user_id'])) {
$loggedIn = 1;
} else {
$loggedIn = 0;
}
include "controllers/home.php";
?>
<!DOCTYPE html>
<html>
<head>
<script type="text/javascript" src="jQuery/jquery-2.1.0.min.js"></script>
<title>Gloasis</title>
<link rel="stylesheet" href="styles/stylesheet.css" />
<script type="text/javascript">
logout = function() {
window.location.href = "http://localhost/gloasis/modules/home/logout.php";
}
</script>
<script type="text/javascript" src="feed/submit_new_word.js"></script>
</head>
<body>
<div class="header">
$action = safe_REQUEST($_REQUEST, 'action');
// The following actions can be performed without being connected.
switch ($action) {
case '':
addDebugLog("ERROR 1: No action specified.");
print "ERROR 1: No action specified.\n";
exit;
case 'version':
addDebugLog($action . " SUCCESS\n" . PGV_VERSION_TEXT . "\n");
print "SUCCESS\n" . PGV_VERSION_TEXT . "\n";
exit;
case 'connect':
$username = safe_REQUEST($_REQUEST, 'username');
if ($username) {
$password = safe_REQUEST($_REQUEST, 'password');
$user_id = authenticateUser($username, $password);
if ($user_id) {
$stat = newConnection();
if ($stat !== false) {
addDebugLog($action . " username={$username} SUCCESS\n" . $stat);
print "SUCCESS\n" . $stat;
}
$_SESSION['connected'] = $user_id;
} else {
addDebugLog($action . " username={$username} ERROR 10: Username and password key failed to authenticate.");
print "ERROR 10: Username and password key failed to authenticate.\n";
}
} else {
$stat = newConnection();
if ($stat !== false) {
addDebugLog($action . " SUCCESS\n" . $stat);
$filename = "top10-temps-longitude-moscow " . date("Y-m-d");
exportCSV($query, $headerArray, $filename);
} else {
$statement->execute();
$results = $statement->fetchAll(PDO::FETCH_ASSOC);
$app->response->headers->set('Content-Type', 'application/json');
$json = json_encode($results);
echo $json;
}
});
/*
Third:
Rainfall in the world of any weatherstation of the current day
(from the current time till 00:00, going back)
*/
$app->get('/rainfall/:station', authenticateUser(), function ($station) use($app) {
$export = isset($_GET['export']) ? $_GET['export'] : false;
$conn = Connection::getInstance();
$query = "\n SELECT time, prcp\n FROM measurements\n WHERE stn = {$station}\n AND date = '" . date("Y-m-d") . "'\n ORDER BY time ASC";
if ($export == "true") {
$stmt = $conn->db->prepare("Select name from stations where stn = :stn");
$stmt->execute([':stn' => $station]);
$res = $stmt->fetchAll();
$name = $station;
if (count($res) > 0) {
$name = $res[0]['name'];
}
$headerArray = array('time', 'Prcp');
$filename = "Rainfall_{$name}_" . date("Y-m-d");
exportCSV($query, $headerArray, $filename);
} else {
if ($login_wordpress == TRUE) {
if (WordpressAuthenticateUser()) {
wp_get_current_user();
$user_id = $current_user->ID;
$username = $current_user->user_login;
$rand_cookie = rand(1, 99999);
$enc_cookie = md5($rand_cookie);
$usercookie = $user_id . "." . $enc_cookie;
setcookie("usercookie", $usercookie, time() + 3600 * 24 * 30, $app_dir);
setcookie("username", $username, time() + 3600 * 24 * 30, $app_dir);
// Relocate back to where you came from
header("Location: {$where_to}");
die;
}
} else {
if (authenticateUser($connection, $username, $password)) {
// Record each time the user logs in
$IP = $_SERVER["REMOTE_ADDR"];
$query = "SELECT UserID as user_id FROM Users WHERE UserName = '******'";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
$row = mysqli_fetch_array($result, MYSQL_ASSOC);
extract($row);
//Set cookie and session
$rand_cookie = rand(1, 99999);
$enc_cookie = md5($rand_cookie);
$usercookie = $user_id . "." . $enc_cookie;
setcookie("usercookie", $usercookie, time() + 3600 * 24 * 30, $app_dir);
setcookie("username", $username, time() + 3600 * 24 * 30, $app_dir);
//Insert cookie to database
$remote_host = $_SERVER['REMOTE_ADDR'];
$query = "INSERT INTO Cookies (`user_id` ,`cookie`, `hostname`, `TimeStamp`) VALUES \n\t\t\t\t('{$user_id}', '{$enc_cookie}', '{$remote_host}', NOW())";
Updated:
*/
require_once "includes/authentication.inc";
require_once "includes/db.inc";
// Get a connection to the database.
if (!($connection = @mysql_connect($hostName, $username, $password))) {
die("Could not connect to database");
}
// Now that we are connected, select the correct database.
if (!mysql_select_db($databaseName, $connection)) {
showerror();
}
$user_name = mysqlclean($_POST, "username", 25, $connection);
$pass1 = mysqlclean($_POST, "password", 16, $connection);
session_start();
// Authenticate the user.
if (authenticateUser($connection, $user_name, $pass1)) {
//Register the username
$_SESSION["loggedinUserName"] = $user_name;
//Register the current IP address of the user.
$_SESSION["loginIP"] = $_SERVER["REMOTE_ADDR"];
// Send the user to the Dashboard.
header("Location: dashboard.php");
exit;
} else {
//Authentication failed, setup a logout message
$_SESSION["message"] = "Could not login as '{$user_name}'";
// Send user to the logout page.
header("Location: logout.php");
exit;
}
<?php
require 'config/initialize.php';
mustBeGuest();
if (isset($_POST['authForm'])) {
$username = sanitizeString($_POST['username'], $connection);
$password = sanitizeString($_POST['password'], $connection);
if ($username == "" || $password == "") {
header("location: index.php");
} else {
authenticateUser($username, $password, $connection);
}
}
view('auth/auth');
/**
* Handles the login process: Verifies, then logs in, a valid user, or throws an
* error if login credentials are faulty.
*
* TODO: handle the error situations in the else clauses.
*
* PHP version 5.3.28
*
* @category Web_App
* @package Web_App
* @author Roy Vanegas <*****@*****.**>
* @license https://gnu.org/licenses/gpl.html GNU General Public License
* @link https://bitbucket.org/code-warrior/web-app/
*/
session_start();
require_once "includes/main.php";
if (isset($_POST["submitted"])) {
if (1 == $_POST["submitted"]) {
if (0 < strlen($_POST['email']) && 0 < strlen($_POST['password'])) {
$email = trim($_POST['email']);
$password = trim($_POST['password']);
if (authenticateUser($email, $password)) {
$_SESSION['valid'] = true;
$_SESSION['email'] = $email;
header("Location: home.php");
} else {
header("Location: error.php?message_type=login_error");
}
}
}
}
/**
* @Author: PI704 (Alexander Awitin)
* @Date: 2015-12-04 12:46:00
* @Last Modified by: Alexander
* @Last Modified time: 2016-03-11 17:20:17
*/
session_start();
$root = '../';
require_once $root . 'functions.php';
if (isset($_SESSION['username']) && userExists($_SESSION['username'])) {
header("Location: {$root}");
exit;
} else {
if (isset($_POST['submit'])) {
// Loop through each redentials saved on 'users.php'
$authResult = authenticateUser($_POST['username'], $_POST['password']);
if ($authResult['result']) {
/*
* Do something if credentials MATCHES ...
*
*/
// Unset any login messages if exists... (Message is used in login alerts. e.g. Login failed)
unset($_SESSION['LoginMessage']);
// Store the username in the cookie
$_SESSION['username'] = $_POST['username'];
// Enter the main site
header("Location: {$root}");
// Exit this script
exit;
}
/*
/*************************************************************************
*
* EHACKB RFID SYSTEM
* __________________
*
* [2014] - [2015] Arnaud Coel
* All Rights Reserved.
*
*/
define("main", true);
session_start();
include "lib/db.php";
include "lib/user.php";
include "lib/pos.php";
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['rfid'])) {
authenticateUser($_POST['username'], $_POST['password'], $_POST['rfid'], $db);
}
if (!isset($_GET['page'])) {
$_GET['page'] = "";
}
if ($_GET['page'] == "logout") {
session_destroy();
header("Location: index.php?page=login");
}
if ($_GET['page'] == "authenticate" && isset($_SESSION['authenticated'])) {
header("Location: ?page=home");
}
if (!isset($_SESSION['authenticated']) && $_GET['page'] != "authenticate") {
header("Location: ?page=authenticate");
}
/*
function changePassword($old, $new, $rep)
{
$foundError = FALSE;
$errors = array();
if (!$old) {
$foundError = TRUE;
$errors['oldpass'] = '******';
}
if (!$new) {
$foundError = TRUE;
$errors['newpass'] = '******';
}
if (!$rep) {
$foundError = TRUE;
$errors['repnewpass'] = '******';
}
if ($foundError) {
print json_encode(array('success' => false, 'errors' => $errors));
return;
}
$user = $_SESSION['user'];
$userId = $user['user_id'];
$testauth = authenticateUser($user['email'], $old);
if (!$testauth) {
print json_encode(array('success' => false, 'errors' => array('oldpass' => 'Incorrect password')));
return;
}
if ($new != $rep) {
print json_encode(array('success' => false, 'errors' => array('repnewpass' => 'Passwords do not match')));
return;
}
if (strlen($new) < 8) {
print json_encode(array('success' => false, 'errors' => array('newpass' => 'Password must be at least 8 characters long')));
return;
}
// TODO add password complexity requirements here
$rs = db_do('UPDATE virtual_users SET password = CRYPT(?, GEN_SALT(\'bf\', 8)) WHERE user_id = ?', array($new, $userId));
if ($rs) {
print json_encode(array('success' => true));
return;
}
print json_encode(array('success' => false, 'errors' => array('newpass' => 'Unknown Error')));
}
<?php
include_once '../lib/session.inc.php';
include_once '../lib/user.inc.php';
$user = $_POST['user'];
$pass = $_POST['pass'];
$userId = authenticateUser($user, $pass);
if ($userId) {
$_SESSION['user'] = loadUser($userId);
print json_encode(array('success' => true, 'pass' => encryptPass($pass)));
} else {
print json_encode(array('success' => false));
}
$action_value = "./login.php?action=login";
$subheading = $button_value = "Login";
} else {
if ("register" == $_GET['action']) {
$action_value = "./register.php?action=register";
$subheading = $button_value = "Register";
}
}
}
if (isset($_POST["submitted"])) {
if (1 == $_POST["submitted"]) {
if (whiteList()) {
if (0 < strlen($_POST['username']) && 0 < strlen($_POST['password'])) {
$username = htmlentities(trim($_POST['username']), ENT_QUOTES | 'ENT_HTML5', "UTF-8");
$password = trim($_POST['password']);
if (authenticateUser($username, $password)) {
$_SESSION['valid'] = true;
$_SESSION['username'] = $username;
header("Location: home.php");
} else {
header("Location: error.php?message_type=login_error");
}
}
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
$app_admin_email = "unknown";
}
$pumilio_version = trim(file_get_contents($absolute_dir . '/include/version.txt', true));
echo "<pumilio_title>{$app_custom_name}</pumilio_title>\n\t<pumilio_description>{$app_custom_text}</pumilio_description>\n\t<pumilio_administrator_email>{$app_admin_email}</pumilio_administrator_email>\n\t<pumilio_logo>{$app_url}/{$app_logo}</pumilio_logo>\n\t<pumilio_url>{$app_url}</pumilio_url>\n\t<pumilio_version>{$pumilio_version}</pumilio_version>\n";
#Check if allowed
if ($use_xml == "") {
$use_xml = "0";
}
#Allowed?
if ($use_xml == 0) {
echo "<pumilio_xml_access>FALSE</pumilio_xml_access>\n";
} elseif ($use_xml == 1) {
if ($xml_access == "0") {
$login = filter_var($_GET["login"], FILTER_SANITIZE_STRING);
$login_exp = explode(":", $login);
if (!authenticateUser($connection, $login_exp[0], $login_exp[1])) {
echo "<pumilio_xml_access>FALSE</pumilio_xml_access>\n";
echo "</pumilio>";
die;
}
}
echo "<pumilio_xml_access>TRUE</pumilio_xml_access>\n";
$type = filter_var($_GET["type"], FILTER_SANITIZE_STRING);
if ($type == "") {
$query = "SELECT DISTINCT SiteID from Sounds WHERE Sounds.SoundStatus!='9'";
$result = mysqli_query($connection, $query) or die(mysqli_error($connection));
$nrows = mysqli_num_rows($result);
if ($nrows > 0) {
echo "<Sites>";
for ($q = 0; $q < $nrows; $q++) {
$row = mysqli_fetch_array($result);
$sterilize = stripcslashes($sterilize);
$sterilize = stripslashes($sterilize);
$sterilize = addslashes($sterilize);
return $sterilize;
}
$loginUsername = sterilize($_POST['loginUsername']);
$loginPassword = sterilize($_POST['loginPassword']);
//if ($source != "calc") {
$aValid = array('-', '_', '.', '*', '@', '!', '#', '$', '%', '^', '&', '+', '=');
if (ctype_alnum(str_replace($aValid, '', $loginUsername))) {
if (!mysql_selectdb($database_brewing, $connection)) {
showerror();
}
session_start();
// Authenticate the user
if (authenticateUser($connection, $loginUsername, $loginPassword)) {
// Register the loginUsername
$_SESSION["loginUsername"] = $loginUsername;
// If the username/password combo is OK, relocate to the "protected" content index page
header("Location: ../admin/index.php");
exit;
} else {
// If the username/password combo is incorrect or not found, relocate to the login error page
header("Location: ../index.php?page=login§ion=loginError");
session_destroy();
exit;
}
} else {
// If the username/password combo is incorrect or not found, relocate to the login error page
header("Location: ../index.php?page=login§ion=loginError");
session_destroy();
addFriend($apikeyvalue, $userid, $friends);
break;
case 'removefriend':
removeFriend($apikeyvalue, $userid, $friends);
break;
case 'getfriend':
getfriend($apikeyvalue, $userid);
break;
case 'checkAPIKEY':
checkAPIKEY($apikeyvalue);
break;
case 'checkpassword':
checkpassword($apikeyvalue, $password);
break;
case 'authenticateUser':
authenticateUser($apikeyvalue, $username, $password);
break;
case 'removeuser':
removeuser($apikeyvalue, $userid);
default:
echo 'Invalid Action';
exit;
break;
}
}
/* FUNCTIONS */
function checkAPIKEY($keyvalue)
{
global $apikey;
if (!empty($keyvalue) && !empty($apikey)) {
if ($apikey == $keyvalue) {
<?php
//type of request
//1: get description of product
//2: delete product
//3: edit price
if (isset($_REQUEST['cmd'])) {
$cmd = $_REQUEST['cmd'];
function authenticateUser()
{
include "adb.php";
$user_email = $_REQUEST['usermail'];
$user_pass = $_REQUEST['userpass'];
$obj = new adb();
$sql_users = "select * from users where email='{$user_email}'\n\tand password='******'";
if ($obj->query($sql_users)) {
$dataset = $obj->fetch();
if (empty($dataset['email']) or empty($dataset['password'])) {
echo '{"result":2}';
} else {
echo '{"result":1}';
}
}
}
switch ($cmd) {
case 1:
authenticateUser();
break;
default:
}
}
// Process Login.php values and authenticates user against database
// Creates session and allows the user to proceed to the program
//
// (C)2010 Noel Espinales All Rights Reserved.
//Starts the Session
session_start();
//DB Connection Strings
include 'globals.php';
//Grab values from Login.php
$name = $_POST['name'];
$pwd = $_POST['pwd'];
$ip = $_POST['ip'];
//SHA1 encryption for password
$pwd = sha1($pwd);
//Authenticates the user against the database with the given credentials
$validated = authenticateUser($name, $pwd);
if ($validated == TRUE) {
//SQL statement to grab user's permission from the databse and store them in $permission
$sql2 = "SELECT * FROM users WHERE username = '******' AND password ='******'";
$resultName = mysql_query($sql2) or die(mysql_error());
//Grab field and store them in an array
while ($cName = mysql_fetch_array($resultName)) {
$permission = $cName[3];
}
$_SESSION['loggedin'] = 1;
// store session data
$_SESSION['username'] = $name;
// set username
$_SESSION['access'] = $permission;
// Grab permissions
$time = date("F j, Y, g:i a");
