Esempio n. 1
0
 public function testLogin()
 {
     $this->assertFalse($this->object->login('', ''));
     $this->assertFalse($this->object->login('a', 'b'));
     $this->assertFalse($this->object->isLogged());
     //Criando um novo usuario
     $user = createRandomUser();
     $grupo = createRandomGroup();
     $dao = Factory::DAO('usuario');
     /* @var $dao UsuarioDAO */
     $this->assertEquals(1, $dao->UsuarioGrupo()->novo($user['id'], $grupo['id']));
     $this->assertFalse($this->object->login($user['email'], $user['email']));
     $this->assertTrue($this->object->login($user['email'], hashit($user['email'])));
     $this->assertTrue($this->object->isLogged());
     //Conferindo os dados
     $this->assertEquals($user['id'], $this->object->getUserId());
     $this->assertEquals($user['nome'], $this->object->getUserName());
     $this->assertEquals($user['email'], $this->object->getData('email'));
     $this->assertEquals(array($grupo['id'] => $grupo['nome']), $this->object->getGroups());
     $this->assertTrue($this->object->isMemberOf($grupo['nome']));
     $this->assertFalse($this->object->isAdmin());
     $this->object->logout();
     $this->assertFalse($this->object->isLogged());
     //Excluindo o usuário
     $dao->delete($user['id']);
     $this->assertFalse($this->object->login($user['email'], hashit($user['email'])));
     $this->assertFalse($this->object->isLogged());
 }
Esempio n. 2
0
/**
 * Cria um novo usuário
 * @return array
 */
function createRandomUser()
{
    $name = 'Name' . rand(1, 100000);
    $email = 'emailuser' . $name . '@test.com';
    $dao = Factory::DAO('usuario');
    /* @var $dao UsuarioDAO */
    $dao->novo($name, $email, hashit($email));
    return $dao->getByEmail($email);
}
Esempio n. 3
0
function login($username, $password)
{
    global $db;
    $username = mysqli_real_escape_string($username);
    $result = $db->query('SELECT * FROM simpleauth_players WHERE name = "' . $username . '"');
    $row = $result->fetch_assoc();
    if ($row['hash'] == hashit(strtolower($username), $password)) {
        return true;
    } else {
        return false;
    }
}
 public function testGetByEmail()
 {
     $data = $this->object->getByEmail('*****@*****.**');
     $this->assertNotEmpty($data);
     $this->assertEquals('*****@*****.**', $data['email']);
     $email = 'randname' . rand() . '@test.com';
     $this->assertEmpty($this->object->getByEmail($email));
     $this->assertEquals(1, $this->object->novo($email, $email, hashit('password')));
     $user = $this->object->getByEmail($email);
     $this->assertNotEmpty($user);
     $this->object->delete($user['id']);
     $this->assertEmpty($this->object->getByEmail($email));
 }
Esempio n. 5
0
function createDefaultUser()
{
    echo '<li>CreateDefaultUser</li>';
    $dao = Factory::DAO('usuario');
    /* @var $dao UsuarioDAO */
    $email = '*****@*****.**';
    $user = $dao->getByEmail($email);
    if (empty($user)) {
        assert($dao->novo('Administrator', $email, hashit('admin')));
        $dao = Factory::DAO('usuarioGrupo');
        /* @var $dao UsuarioGrupoDAO */
        assert($dao->novo($email, 'admin'));
    }
}
Esempio n. 6
0
 public function _entrar()
 {
     $this->addParameter('usuario', 'string', array(Flag::REQUIRED));
     $this->addParameter('senha', 'string', array(Flag::REQUIRED));
     $this->addParameter('redirect', 'string', array(Flag::DEFAULT_VALUE => '/'));
     $this->pagedata["method"] = $this->getMethod();
     if ($this->isValidParameters()) {
         $user = $this->getParameter('usuario');
         $pass = hashit($this->getParameter('senha'));
         if (Session::singleton()->login($user, $pass)) {
             redirect($this->getParameter('redirect'));
         }
     } else {
         echo "invalid parameters";
     }
     $this->pagedata['erro'] = $_SESSION["logginError"];
     $this->pagedata['vemail'] = $this->getParameter('usuario');
     $this->pagedata['vredirect'] = $this->getParameter('redirect');
     return $this->_main();
 }
Esempio n. 7
0
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
{
    set_mycookie("uid", $id, $expires);
    set_mycookie("pass", $passhash, $expires);
    set_mycookie("hashv", hashit($id, $passhash), $expires);
    if ($updatedb) {
        @sql_query("UPDATE users SET last_login = "******" WHERE id = {$id}");
    }
}
Esempio n. 8
0
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
{
    setcookie("uid", $id, $expires, "/");
    setcookie("pass", $passhash, $expires, "/");
    setcookie("hashv", hashit($id, $passhash), $expires, "/");
    if ($updatedb) {
        sql_query("UPDATE users SET last_login = NOW() WHERE id = {$id}");
    }
}
Esempio n. 9
0
function Login_response()
{
    //**************************************************
    global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $USERNAME, $HASHWORD;
    $_SESSION = array();
    //make sure it's empty
    $_SESSION['valid'] = 0;
    //Default to failed login.
    $attempts = 0;
    $elapsed = 0;
    //Check for prior login attempts (but don't increment count just yet)
    if (is_file($LOGIN_ATTEMPTS)) {
        $attempts = (int) file_get_contents($LOGIN_ATTEMPTS);
        $elapsed = time() - filemtime($LOGIN_ATTEMPTS);
    }
    if ($attempts > 0) {
        $message .= '<b>' . hsc($_['login_msg_01a']) . ' ' . $attempts . ' ' . hsc($_['login_msg_01b']) . '</b><br>';
    }
    if ($attempts >= $MAX_ATTEMPTS && $elapsed < $LOGIN_DELAY) {
        $message .= hsc($_['login_msg_02a']) . ' ';
        $message .= Timeout_Timer($LOGIN_DELAY - $elapsed, 'timer0');
        $message .= ' ' . hsc($_['login_msg_02b']);
        return;
    }
    //Trim any incidental whitespace before validating.
    $_POST['password'] = trim($_POST['password']);
    $_POST['username'] = trim($_POST['username']);
    //validate login.
    if ($_POST['password'] == "" || $_POST['username'] == "") {
        return;
        //Ignore login attempt if either username or password is blank.
    } elseif (hashit($_POST['password']) == $HASHWORD && $_POST['username'] == $USERNAME) {
        session_regenerate_id(true);
        $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
        //for user consistancy check.
        $_SESSION['valid'] = 1;
        $page = "index";
        if (is_file($LOGIN_ATTEMPTS)) {
            unlink($LOGIN_ATTEMPTS);
        }
        //delete invalid attempts count file
    } else {
        file_put_contents($LOGIN_ATTEMPTS, ++$attempts);
        //increment attempts
        $message = $EX . '<b>' . hsc($_['login_msg_03']) . $attempts . '</b><br>';
        if ($attempts >= $MAX_ATTEMPTS) {
            $message .= hsc($_['login_msg_02a']) . ' ';
            $message .= Timeout_Timer($LOGIN_DELAY, 'timer0', '', '');
            $message .= ' ' . hsc($_['login_msg_02b']);
        }
    }
}
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
{
    set_mycookie("uid", $id, $expires);
    set_mycookie("pass", $passhash, $expires);
    set_mycookie("hashv", hashit($id, $passhash), $expires);
    if ($updatedb) {
        sql_query("UPDATE users SET last_login = "******" WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__);
    }
}
Esempio n. 11
0
function passhash($password)
{
    $hash = config('password.hash');
    $salt = config('password.salt');
    switch ($hash) {
        case 'md5':
            $password = md5($password);
            break;
        case 'hash':
            $password = md5($salt . sha1(md5($password)));
            break;
            //	md5ed with a salt of an sha1 of an md5..
        //	md5ed with a salt of an sha1 of an md5..
        case 'hash2':
            $password = hashit($password);
        default:
            $password = $password;
            break;
    }
    return $password;
}
Esempio n. 12
0
function logincookie($id, $passhash, $expires = 0x7fffffff)
{
    Cookie::set('uid', $id, $expires, '/');
    Cookie::set('pass', $passhash, $expires, '/');
    Cookie::set('hashx', hashit($id, $passhash), $expires, '/');
}
Esempio n. 13
0
            $current = $page;
        }
        // sinon la page courante est bien celle indiquée dans l'URL
    }
    /* $start est la valeur de départ du LIMIT dans notre requête SQL (est fonction de la page courante) */
    $start = $current * $epp - $epp;
    /* Récupération des données à afficher pour la page courante */
    $qry = "select * from `notes` where `note` LIKE '%{$q}%' and `type`='1' LIMIT {$start}, {$epp}";
    $res = @mysql_query($qry);
    $num = mysql_num_rows($res);
    if ($num == 0) {
        echo "<div id='wrong'>No Results</div>";
    }
    if ($res) {
        while ($row = mysql_fetch_array($res)) {
            $user = $row['user'];
            $userN = nameUser($user);
            $pic = loadpic($user);
            $timestamp = Timesince($row['date']);
            $note = stripslashes(nl2br($row['note']));
            $noteID = hashit($row['notes_id']);
            echo "\n\n\t\t\t\t\t\t\t\t\t\t\t\t<table width='765' border='0'>\n\t\t\t\t\t\t\t\t\t\t\t\t  <tr>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<td width='10' height='21' valign='top'><a href='user/{$userN}'>{$pic}</a></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<td width='745' valign='top'><a href='user/{$userN}'><font color='blue'>{$userN} \t     \t\t\t\t\t\t\t\t\t\t</font></a> <a href='note/{$noteID}'>" . $note . "</a><br /><em><font color='grey'>Posted       \t\t\t\t\t\t\t\t\t\t{$timestamp} ago</font></em>  \t\t\t</td>\n\t\t\t\t\t\t\t\t\t\t\t\t  </tr>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t  \n\t\t\t\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t\t\t\t\t<hr />\n\n\t\t\t\n\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t";
        }
    }
    /* Libération du résultat */
    mysql_free_result($res);
    //else echo mysqli_error($dbc);
    /* Appel de la fonction */
    echo paginate("search2.php?q={$q}", '&p=', $countp, $current);
}
//else error
Esempio n. 14
0
    ?>
<br />
<form method='post' action='./new_announcement.php'>
<table border='1' cellpadding='5' cellspacing='0'>
<tr>
<td>
<div align='center'>
<input name='n_pms' type='hidden' value='<?php 
    echo $count;
    ?>
' />
<input name='ann_query' type='hidden' value='<?php 
    echo $announcement_query;
    ?>
' />
<input name='ann_hash' type='hidden' value ='<?php 
    echo hashit($announcement_query, $count);
    ?>
' />
<button type='submit'>Create New Announcement</button>
</div></td>
</tr>
</table>
</form>
<?php 
}
if (isset($pagemenu)) {
    echo "<p>{$pagemenu}<br />{$browsemenu}</p>";
}
echo stdfoot();
die;
Esempio n. 15
0
            $pdl = $array['pdl'];
            if ($pdl > 0) {
                $partial = ratios($pul, $pdl) . " (" . mksize($pul) . "/" . mksize($pdl) . ")";
            } else {
                if ($pul > 0) {
                    $partial = "Inf. " . mksize($pul) . "/" . mksize($pdl) . ")";
                } else {
                    $partial = "---";
                }
            }
            $auxres = sql_query("SELECT COUNT(DISTINCT p.id)\n      FROM posts AS p LEFT JOIN topics as t ON p.topic_id = t.id\n      LEFT JOIN forums AS f ON t.forum_id = f.id\n      WHERE p.user_id = " . sqlesc($user['id']) . " AND f.min_class_read <= " . sqlesc($CURUSER['class'])) or sqlerr(__FILE__, __LINE__);
            $n = mysqli_fetch_row($auxres);
            $n_posts = $n[0];
            $auxres = sql_query("SELECT COUNT(id) FROM comments WHERE user = "******"<tr><td><b><a href='userdetails.php?id=" . (int) $user['id'] . "'>" . htmlsafechars($user['username']) . "</a></b>" . ($user["donor"] == "yes" ? "<img src='pic/star.gif' alt=\"{$lang['usersearch_donor']}\" />" : "") . ($user["warned"] == "yes" ? "<img src=\"pic/warned.gif\" alt=\"{$lang['usersearch_warned']}\" />" : "") . "</td>\n          <td>" . ratios($user['uploaded'], $user['downloaded']) . "</td>\n          <td>" . $ipstr . "</td><td>" . htmlsafechars($user['email']) . "</td>\n          <td><div align='center'>" . get_date($user['added'], '') . "</div></td>\n          <td><div align='center'>" . get_date($user['last_access'], '', 0, 1) . "</div></td>\n          <td><div align='center'>" . htmlsafechars($user['status']) . "</div></td>\n          <td><div align='center'>" . htmlsafechars($user['enabled']) . "</div></td>\n          <td><div align='center'>" . ratios($pul, $pdl) . "</div></td>\n          <td><div align='right'>" . number_format($pul / 1048576) . "</div></td>\n          <td><div align='right'>" . number_format($pdl / 1048576) . "</div></td>\n          <td><div align='center'>" . ($n_posts ? "<a href='userhistory.php?action=viewposts&amp;id=" . (int) $user['id'] . "'>{$n_posts}</a>" : $n_posts) . "|" . ($n_comments ? "<a href='userhistory.php?action=viewcomments&amp;id=" . (int) $user['id'] . "'>{$n_comments}</a>" : $n_comments) . "</div></td></tr>\n";
        }
        $HTMLOUT .= "</table>";
        if ($count > $perpage) {
            $HTMLOUT .= $pager['pagerbottom'];
        }
        $HTMLOUT .= "\n<br />\n\n<form method='post' action='./new_announcement.php'>\n<table class='table table-bordered'>\n<tr>\n<td>\n<div align='center'>\n<input name='n_pms' type='hidden' value='" . $count . "' />\n<input name='ann_query' type='hidden' value='" . rawurlencode($announcement_query) . "' />\n<input name='ann_hash' type='hidden' value ='" . hashit($announcement_query, $count) . "' />\n<button type='submit'>{$lang['usersearch_create_ann']}</button>\n</div></td>\n</tr>\n</table>\n</form><br>";
    }
}
if (isset($pagemenu)) {
    $HTMLOUT .= "<p>{$pagemenu}<br />{$browsemenu}</p>";
}
echo $HTMLOUT . stdfoot();
die;
Esempio n. 16
0
        }
        ?>
<br><br>
<form method=post action=/new_announcement.php>
<table border="1" cellpadding="5" cellspacing="0">
<tr>
<td>
<div align="center">
<input name="n_pms" type="hidden" value="<?php 
        print $count;
        ?>
">
<input name="ann_query" type="hidden" value="<?php 
        print $announcement_query;
        ?>
">
<input name="ann_hash" type="hidden" value ="<?php 
        print hashit($announcement_query, $count);
        ?>
">
<BUTTON TYPE=SUBMIT>Create New Announcement</BUTTON>
</div></td>
</tr>
</table>
</form>
<?php 
    }
}
print "<p>{$pagemenu}<br>{$browsemenu}</p>";
stdfoot();
die;
Esempio n. 17
0
    }
    //else echo mysqli_error($dbc);
}
//while of friends
/* Appel de la fonction */
echo @paginate("welcome.php", '?p=', $countp, $current);
////////////////////////////////////////////////////////////////////////
?>
      </p>
    <p>&nbsp;</p>
    <p>&nbsp;</p></td>
    <td width="515" valign="top"><p><strong>YOUR NOTES</strong></p>
    <p>
    <div id="putnote"></div>
    <?php 
//MY NOTES
$get_notes = mysql_query("select * from `notes` where `user`='" . $uid . "' and `note`!='0' order by notes_id desc") or die(mysql_error());
while ($note_row = mysql_fetch_array($get_notes)) {
    $note = stripslashes(nl2br($note_row['note']));
    $time = $note_row['date'];
    $title = $note_row['title'];
    $ida = $note_row['notes_id'];
    $id = hashit($ida);
    echo "<a href='note/{$id}'>" . $title . "...</a> &nbsp;" . date("M j'G", $time) . "<br />";
}
?>
    
    
    </p></td>
  </tr>
</table>
Esempio n. 18
0
function logincookie($id, $passhash, $expires = 0x7fffffff)
{
    Cookie::set("uid", $id, $expires, "/");
    Cookie::set("pass", $passhash, $expires, "/");
    Cookie::set("hashx", hashit($id, $passhash), $expires, "/");
}
Esempio n. 19
0
function Login_response()
{
    //***************************************************
    global $_, $EX, $ONESCRIPT_file, $message, $page, $USERNAME, $HASHWORD, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOGIN_DELAYED, $LOG_LOGINS, $LOGIN_LOG_file;
    $_SESSION = array();
    //make sure it's empty
    $_SESSION['valid'] = 0;
    //Default to failed login.
    $attempts = 0;
    $elapsed = 0;
    $LOGIN_ATTEMPTS = Convert_encoding($LOGIN_ATTEMPTS);
    //$LOGIN_ATTEMPTS only used for filesystem access.
    $LOGIN_DELAYED = 0;
    //used to start Countdown at end of file
    //Check for prior login attempts (but don't increment count just yet)
    if (is_file($LOGIN_ATTEMPTS)) {
        $attempts = (int) file_get_contents($LOGIN_ATTEMPTS);
        $elapsed = time() - filemtime($LOGIN_ATTEMPTS);
    }
    if ($attempts > 0) {
        $message .= '<b>' . hsc($_['login_msg_01a']) . ' ' . $attempts . ' ' . hsc($_['login_msg_01b']) . '</b><br>';
    }
    if ($attempts >= $MAX_ATTEMPTS && $elapsed < $LOGIN_DELAY) {
        $LOGIN_DELAYED = $LOGIN_DELAY - $elapsed;
        $message .= hsc($_['login_msg_02a']) . ' <span id=timer0></span> ' . hsc($_['login_msg_02b']);
        return;
    }
    //Trim any incidental whitespace before validating.
    $_POST['password'] = trim($_POST['password']);
    $_POST['username'] = trim($_POST['username']);
    //validate login.
    if ($_POST['password'] == "" || $_POST['username'] == "") {
        return;
        //Ignore login attempt if either username or password is blank.
    } elseif (hashit($_POST['password']) == $HASHWORD && $_POST['username'] == $USERNAME) {
        session_regenerate_id(true);
        $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
        //for user consistancy check.
        $_SESSION['valid'] = 1;
        $page = "index";
        if (is_file($LOGIN_ATTEMPTS)) {
            unlink($LOGIN_ATTEMPTS);
        }
        //delete count/file of $LOGIN_ATTEMPTS
    } else {
        file_put_contents($LOGIN_ATTEMPTS, ++$attempts);
        //increment attempts
        $message = $EX . '<b>' . hsc($_['login_msg_03']) . $attempts . '</b><br>';
        if ($attempts >= $MAX_ATTEMPTS) {
            $LOGIN_DELAYED = $LOGIN_DELAY;
            $message .= hsc($_['login_msg_02a']) . ' <span id=timer0></span> ' . hsc($_['login_msg_02b']);
        }
    }
    //Log login attempts
    if ($LOG_LOGINS) {
        $log_file = Convert_encoding($LOGIN_LOG_file);
        $pass_fail = $_SESSION['valid'] . ' ';
        $timestamp = date("Y-m-d H:i:s") . ' ';
        $client_IP = $_SERVER['REMOTE_ADDR'] . ' ';
        $client_port = $_SERVER['REMOTE_PORT'] . ' ';
        $client = '"' . $_SERVER['HTTP_USER_AGENT'] . '"';
        file_put_contents($log_file, $pass_fail . $timestamp . $client_IP . $client_port . $client . "\n", FILE_APPEND);
    }
    //
}
Esempio n. 20
0
<?php

session_start();
include 'config.php';
include 'functions.php';
@($uid = $_SESSION['user_id']);
@($user = $_SESSION['user']);
$date = time();
if ((!isset($uid) || empty($uid) || !is_numeric($uid)) && isset($user)) {
    echo "ERROR 404";
} else {
    $sql = mysql_query("select * from notification where user_id='{$uid}'");
    while ($row = mysql_fetch_array($sql)) {
        $id = hashit($row['note_id']);
        $fromID = $row['from_id'];
        echo "<p><a href='profile.php?id={$fromID}'>" . nameUser($row['from_id']) . "</a> <em>posted a comment about this <a href='note.php/{$id}'>Note</a></em></p>";
        //update all UNREAD messages
        $up = mysql_query("UPDATE notification set unread='0' where user_id='{$uid}' and unread='1'");
    }
}
Esempio n. 21
0
require_once INCL_DIR . 'bbcode_functions.php';
dbconn(false);
loggedinorreturn();
$lang = array_merge(load_language('global'));
if ($CURUSER['class'] < UC_ADMINISTRATOR) {
    stderr('Error', 'Your not authorised');
}
$stdfoot = array('js' => array('shout'));
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    //== The expiry days.
    $days = array(array(7, '7 Days'), array(14, '14 Days'), array(21, '21 Days'), array(28, '28 Days'), array(56, '2 Months'));
    //== Usersearch POST data...
    $n_pms = isset($_POST['n_pms']) ? (int) $_POST['n_pms'] : 0;
    $ann_query = isset($_POST['ann_query']) ? trim($_POST['ann_query']) : '';
    $ann_hash = isset($_POST['ann_hash']) ? trim($_POST['ann_hash']) : '';
    if (hashit($ann_query, $n_pms) != $ann_hash) {
        die;
    }
    // Validate POST...
    if (!preg_match('/\\ASELECT.+?FROM.+?WHERE.+?\\z/', $ann_query)) {
        stderr('Error', 'Misformed Query');
    }
    if (!$n_pms) {
        stderr('Error', 'No recipients');
    }
    //== Preview POST data ...
    $body = trim(isset($_POST['msg']) ? $_POST['msg'] : '');
    $subject = trim(isset($_POST['subject']) ? $_POST['subject'] : '');
    $expiry = 0 + (isset($_POST['expiry']) ? $_POST['expiry'] : 0);
    if (isset($_POST['buttonval']) and $_POST['buttonval'] == 'Submit') {
        //== Check values before inserting into row...
Esempio n. 22
0
     }
     // sinon la page courante est bien celle indiquée dans l'URL
 }
 /* $start est la valeur de départ du LIMIT dans notre requête SQL (est fonction de la page courante) */
 $start = $current * $epp - $epp;
 /* Récupération des données à afficher pour la page courante */
 $qry = "SELECT * FROM notes where user='******' LIMIT {$start}, {$epp}";
 $res = @mysql_query($qry);
 if ($res) {
     /* Affichage des données */
     echo "<ul>\n";
     while ($item = mysql_fetch_array($res)) {
         $noteP = substr($item['note'], 0, 40);
         $noteidi = $item['notes_id'];
         $title = $item['title'];
         $idtohash = hashit($noteidi);
         $strike = $item['strike'];
         if ($strike == 1) {
             $d = "strike";
         } else {
             $d = "u";
         }
         echo "<{$d}><li><a id='titlee' class='{$noteidi}' href='note.php?q={$idtohash}'>" . $title . "</a></{$d}> ";
         if ($user_sess == $user && $strike == 0) {
             echo " <a id='{$noteidi}' href='#' class='deleteButton' > [ Delete ] </a><div id='deliiii'></div>";
         }
         echo "</li>\n";
     }
     echo "</ul>\n";
     /* Libération du résultat */
     mysql_free_result($res);