function secure_redirect($uri = '', $method = 'location', $http_response_code = 302) { switch ($method) { case 'refresh': header("Refresh:0;url=" . secure_site_url($uri)); break; default: header("Location: " . secure_site_url($uri), TRUE, $http_response_code); break; } exit; }
/** * List all the polls */ public function index() { if ($this->require_role('admin,super-agent')) { if ($this->is_role('agent')) { //if it's an agent so we redirect him redirect(secure_site_url('polls/select')); } $polls = array(); $polls_list = $this->main_model->getPollsWithSheetsNumber(); foreach ($polls_list as $poll) { $poll->sheets_count = $poll->sheets_number . '/' . $poll->max_surveys_number; $polls[] = $poll; } $data = array('content' => 'polls/index', 'title' => "Liste des sondages", 'js_to_load' => array('polls.js'), 'polls' => $polls); $this->load->view('global/layout', $data); } }
/** * Reset password * @return [type] [description] */ public function password() { if (!$this->auth_role) { // Load resources $this->load->model('examples_model'); /// If IP or posted email is on hold, display message if ($on_hold = $this->authentication->current_hold_status(TRUE)) { $view_data['disabled'] = 1; } else { // If the form post looks good if ($this->tokens->match && $this->input->post('user_email')) { if ($user_data = $this->examples_model->get_recovery_data($this->input->post('user_email'))) { // Check if user is banned if ($user_data->user_banned == '1') { // Log an error if banned $this->authentication->log_error($this->input->post('user_email', TRUE)); // Show special message for banned user $view_data['user_banned'] = 1; } else { /** * Use the string generator to create a random string * that will be hashed and stored as the password recovery key. */ $this->load->library('generate_string'); $recovery_code = $this->generate_string->set_options(array('exclude' => array('char')))->random_string(64)->show(); $hashed_recovery_code = $this->_hash_recovery_code($user_data->user_salt, $recovery_code); // Update user record with recovery code and time $this->examples_model->update_user_raw_data($user_data->user_id, array('passwd_recovery_code' => $hashed_recovery_code, 'passwd_recovery_date' => date('Y-m-d H:i:s'))); $view_data['special_link'] = secure_anchor('user/verification/' . $user_data->user_id . '/' . $recovery_code, secure_site_url('user/verification/' . $user_data->user_id . '/' . $recovery_code), 'target ="_blank"'); $view_data['confirmation'] = 1; } } else { // Log the error $this->authentication->log_error($this->input->post('user_email', TRUE)); $view_data['no_match'] = 1; } } } $data['title'] = "Forgot Password"; $data['content'] = $this->load->view('forgot', isset($view_data) ? $view_data : NULL, TRUE); $this->load->view('html_anon', $data); } else { //Render access denied page show_error('You are not authorized to view this page', '403'); } }
function secure_anchor_popup($uri = '', $title = '', $attributes = FALSE) { $title = (string) $title; $secure_site_url = !preg_match('!^\\w+://! i', $uri) ? secure_site_url($uri) : $uri; if ($title == '') { $title = $site_url; } if ($attributes === FALSE) { return "<a href='javascript:void(0);' onclick=\"window.open('" . $secure_site_url . "', '_blank');\">" . $title . "</a>"; } if (!is_array($attributes)) { $attributes = array(); } foreach (array('width' => '800', 'height' => '600', 'scrollbars' => 'yes', 'status' => 'yes', 'resizable' => 'yes', 'screenx' => '0', 'screeny' => '0') as $key => $val) { $atts[$key] = !isset($attributes[$key]) ? $val : $attributes[$key]; unset($attributes[$key]); } if ($attributes != '') { $attributes = _parse_attributes($attributes); } return "<a href='javascript:void(0);' onclick=\"window.open('" . $secure_site_url . "', '_blank', '" . _parse_attributes($atts, TRUE) . "');\"{$attributes}>" . $title . "</a>"; }
?> " /> <input type="hidden" id="allowed_types" value="<?php echo $upload_config['allowed_types']; ?> " /> <input type="hidden" id="ci_csrf_token_name" value="<?php echo config_item('csrf_token_name'); ?> " /> <input type="hidden" id="upload_url" value="<?php echo secure_site_url('uploads_manager/bridge_' . $upload_destination . '/profile_image'); ?> " /> <input type="hidden" id="delete_url" value="<?php echo secure_site_url('user/delete_profile_image'); ?> " /> </div> </fieldset> <div class="form-row"> <div id="submit_box"> <?php // SUBMIT BUTTON *********************** $input_data = array('name' => 'submit', 'id' => 'submit_button', 'value' => 'Update'); echo form_submit($input_data); ?> </div> </div>
/** * Delete a user * * @param int the user_id of the user to delete. * @param int the pagination page number to redirect back to. */ public function delete_user($user_to_delete = FALSE, $page = FALSE) { // Make sure admin or manager is logged in if ($this->require_role('admin,manager')) { // Load resources $this->load->model('user_model'); // Must not be a user trying to delete themeselves if (is_numeric($user_to_delete) && $user_to_delete != $this->auth_user_id) { // If an ajax request if ($this->input->is_ajax_request()) { // Must pass token match and delete_user must return TRUE if ($this->tokens->match && $this->user_model->delete_user($user_to_delete, $this->auth_level)) { // Send success message back $response = array('test' => 'success', 'token' => $this->tokens->token(), 'ci_csrf_token' => $this->security->get_csrf_hash()); } else { // CSRF token mismatch or delete_user was FALSE $response = array('test' => 'error', 'message' => 'No Token Match - Please Reload Page'); } echo json_encode($response); } else { $test = $this->user_model->delete_user($user_to_delete, $this->auth_level); $page = $page ? '/' . $page : ''; header("Location: " . secure_site_url('administration/manage_users' . $page)); exit; } } } }
<?php if (config_item('allow_remember_me')) { ?> <br /> <label for="remember_me" class="form_label">Remember Me</label> <input type="checkbox" id="remember_me" name="remember_me" value="yes" /> <?php } ?> <p> <a href="<?php echo secure_site_url('recover'); ?> "> Can't access your account? </a> </p> <input type="submit" name="submit" value="Login" id="submit_button" /> </div> </form> <?php } else { // EXCESSIVE LOGIN ATTEMPTS ERROR MESSAGE
?> " /> <input type="hidden" id="allowed_types" value="<?php echo $uploader_settings['allowed_types']; ?> " /> <input type="hidden" id="update_image_order_url" value="<?php echo secure_site_url('custom_uploader/update_image_order'); ?> " /> <input type="hidden" id="delete_image_url" value="<?php echo secure_site_url('custom_uploader/delete_image'); ?> " /> <input type="hidden" id="upload_image_url" value="<?php echo secure_site_url('uploads_manager/bridge_filesystem/custom_uploader'); ?> " /> </form> </p> <div id="status-bar"></div> </div> <div id="image-list"> <?php // If there are images if (!empty($images->images_data)) { // Unserialize the images $images = unserialize($images->images_data); // If the unserialized data is not empty if (!empty($images)) { // Start the image list
/** * Setup session, HTTP user cookie, and remember me cookie * during a successful login attempt. Redirect is specified here. * * @param obj the user record * @return void */ private function _maintain_state($auth_data) { // Redirect to specified page, or home page if none provided $redirect = $this->CI->input->get('redirect') ? urldecode($this->CI->input->get('redirect')) : ''; $url = USE_SSL === 1 ? secure_site_url($redirect) : site_url($redirect); header("Location: " . $url, TRUE, 302); // Store login time in database and cookie $login_time = time(); /** * Since the session cookie needs to be able to use * the secure flag, we want to hold some of the user's * data in another cookie. */ $http_user_cookie = array('name' => config_item('http_user_cookie_name'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE); // Initialize the HTTP user cookie data $http_user_cookie_data['_user_name'] = $auth_data->user_name; // Get the array of selected profile columns $selected_profile_columns = config_item('selected_profile_columns'); // If selected profile columns are to be added to the HTTP user cookie if (!empty($selected_profile_columns)) { // Loop through the auth data foreach ((array) $auth_data as $k => $v) { // If a selected profile column if (in_array($k, $selected_profile_columns)) { $http_user_cookie_data['_' . $k] = $v; } } } // Serialize the HTTP user cookie data $http_user_cookie['value'] = $this->CI->session->serialize_data($http_user_cookie_data); // Check if remember me requested, and set cookie if yes if (config_item('allow_remember_me') && $this->CI->input->post('remember_me')) { $remember_me_cookie = array('name' => config_item('remember_me_cookie_name'), 'value' => config_item('remember_me_expiration') + time(), 'expire' => config_item('remember_me_expiration'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE); $this->CI->input->set_cookie($remember_me_cookie); // Make sure the CI session cookie doesn't expire on close $this->CI->session->sess_expire_on_close = FALSE; $this->CI->session->sess_expiration = config_item('remember_me_expiration'); // Set the expiration of the http user cookie $http_user_cookie['expire'] = config_item('remember_me_expiration') + time(); } else { // Unless remember me is requested, the http user cookie expires when the browser closes. $http_user_cookie['expire'] = 0; } $this->CI->input->set_cookie($http_user_cookie); // Set CI session cookie $this->CI->session->set_userdata('auth_identifier', $this->create_auth_identifier($auth_data->user_id, $auth_data->user_modified, $login_time)); // For security, force regenerate the session ID $session_id = $this->CI->session->sess_update(TRUE); // Update user record in database $this->CI->auth_model->login_update($auth_data->user_id, $login_time, $session_id); }
function anchor($uri = '', $title = '', $attributes = '', $secure = FALSE) { $title = (string) $title; if (!is_array($uri)) { $site_url = !preg_match('!^\\w+://! i', $uri) ? $secure ? secure_site_url($uri) : site_url($uri) : $uri; } else { $site_url = $secure ? secure_site_url($uri) : site_url($uri); } if ($title == '') { $title = $site_url; } if ($attributes != '') { $attributes = _parse_attributes($attributes); } return "<a href=\"{$site_url}\"{$attributes}>{$title}</a>"; }
/** * Setup session, HTTP user cookie, and remember me cookie * during a successful login attempt. Redirect is specified here. * * @param obj the user record * @return void */ private function _maintain_state($auth_data) { // Redirect to specified page, or home page if none provided $redirect = $this->CI->input->get('redirect') ? urldecode($this->CI->input->get('redirect')) : ''; $url = secure_site_url($redirect); header("Location: " . $url, TRUE, 302); // Store login time in database and cookie $login_time = date('Y-m-d H:i:s'); /** * Since the session cookie needs to be able to use * the secure flag, we want to hold some of the user's * data in another cookie. */ $http_user_cookie = array('name' => config_item('http_user_cookie_name'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE); // Initialize the HTTP user cookie data $http_user_cookie_elements = config_item('http_user_cookie_elements'); if (is_array($http_user_cookie_elements) && !empty($http_user_cookie_elements)) { foreach ($http_user_cookie_elements as $element) { if (isset($auth_data->{$element})) { $http_user_cookie_data[$element] = $auth_data->{$element}; } } } // Serialize the HTTP user cookie data if (isset($http_user_cookie_data)) { $http_user_cookie['value'] = serialize_data($http_user_cookie_data); } // Check if remember me requested, and set cookie if yes if (config_item('allow_remember_me') && $this->CI->input->post('remember_me')) { $remember_me_cookie = array('name' => config_item('remember_me_cookie_name'), 'value' => config_item('remember_me_expiration') + time(), 'expire' => config_item('remember_me_expiration'), 'domain' => config_item('cookie_domain'), 'path' => config_item('cookie_path'), 'prefix' => config_item('cookie_prefix'), 'secure' => FALSE); $this->CI->input->set_cookie($remember_me_cookie); // Make sure the CI session cookie doesn't expire on close $this->CI->session->sess_expire_on_close = FALSE; $this->CI->session->sess_expiration = config_item('remember_me_expiration'); // Set the expiration of the http user cookie $http_user_cookie['expire'] = config_item('remember_me_expiration') + time(); } else { // Unless remember me is requested, the http user cookie expires when the browser closes. $http_user_cookie['expire'] = 0; } // Only set the HTTP user cookie is there is data to set. if (isset($http_user_cookie_data)) { $this->CI->input->set_cookie($http_user_cookie); } // Create the auth identifier $auth_identifiers = serialize(array('user_id' => $auth_data->user_id, 'login_time' => $login_time)); // Encrypt the auth identifier if necessary if (config_item('encrypt_auth_identifiers')) { $auth_identifiers = $this->CI->encryption->encrypt($auth_identifiers); } // Set CI session cookie $this->CI->session->set_userdata('auth_identifiers', $auth_identifiers); // For security, force regenerate the session ID $session_id = $this->CI->session->sess_regenerate(TRUE); // Update user record in database $this->CI->{$this->auth_model}->login_update($auth_data->user_id, $login_time, $session_id); }
<tr> <th class="icon-column delete-column"></th> <th class="icon-column"></th> <th>username</th> <th>email address</th> <th>role</th> </tr> </thead> <tbody> <?php echo $table_content; ?> </tbody> </table> </div> <?php echo form_open(); ?> <input type="hidden" id="ci_csrf_token_name" value="<?php echo config_item('csrf_token_name'); ?> " /> <input type="hidden" id="buttons_url" value="<?php echo secure_site_url('administration/manage_users'); ?> " /> </form> <?php /* End of file manage_users.php */ /* Location: /application/views/administration/manage_users.php */
<div><label for="login_string">Email address</label><br> <input type="text" id="login_string" name="login_string" size="60" /></div> <div><label for="login_pass">Password</label><br> <input type="password" id="login_pass" name="login_pass" maxlength="<?php echo config_item('max_chars_for_password'); ?> " /></div> <?php if (config_item('allow_remember_me')) { ?> <div></div><label for="remember_me" class="form_label">Remember Me</label><br> <input type="checkbox" id="remember_me" name="remember_me" value="yes" /></div> <?php } ?> <div><input type="submit" id="submit_button" name="submit" value="Login" /></div> </form> <p><a href="<?php echo secure_site_url('auth/recover'); ?> ">Can't access your account?</a><br> <a href="<?php echo site_url('welcome'); ?> ">Home</a></p> </div> </div> </section> <?php }
if (config_item('allow_remember_me')) { ?> <div class="form-row"> <label for="remember_me" class="form_label">Remember Me</label> <input type="checkbox" id="remember_me" name="remember_me" value="yes" /> </div> <?php } ?> <div class="form-row"> <p> <a href="<?php echo secure_site_url('user/recover'); ?> "> Can't access your account? </a> </p> </div> <div class="form-row"> <div id="submit_box"> <input type="submit" name="submit" value="Login" id="submit_button" /> </div> </div> </div> </form> <?php
/** * Secure Anchor Link * * Creates a secure anchor based on the local URL, and if USE_SSL is 'on'. * * @param string the URL * @param string the link title * @param mixed any attributes */ function secure_anchor($uri = '', $title = '', $attributes = '') { $title = (string) $title; if (!is_array($uri)) { $site_url = !preg_match('!^\\w+://! i', $uri) ? secure_site_url($uri) : $uri; } else { $site_url = secure_site_url($uri); } if ($title == '') { $title = $site_url; } if ($attributes != '') { $attributes = _parse_attributes($attributes); } return '<a href="' . $site_url . '"' . $attributes . '>' . $title . '</a>'; }
<?php if (config_item('allow_remember_me')) { ?> <br /> <label for="remember_me" class="form_label">Ghi nhớ phiên đăng nhập</label> <input type="checkbox" id="remember_me" name="remember_me" value="yes" /> <?php } ?> <p> <a href="<?php echo secure_site_url('examples/recover'); ?> "> Bạn đã quên mật khẩu? </a> </p> <div class="form-actions"> <!--<label class="checkbox"> <input type="checkbox" name="remember" value="1"/> Tự động đăng nhập lần sau </label>--> <button type="submit" name="submit" class="btn blue pull-right" id="submit_button"> Đăng nhập <i class="m-icon-swapright m-icon-white"></i> </button> </div> </div>
/** * Secure Anchor Link * * Creates a secure anchor based on the local URL, and if USE_SSL is 'on'. * * @param string the URL * @param string the link title * @param mixed any attributes */ function secure_anchor($uri = '', $title = '', $attributes = '') { $title = (string) $title; $site_url = is_array($uri) ? secure_site_url($uri) : preg_match('#^(\\w+:)?//#i', $uri) ? $uri : secure_site_url($uri); if ($title === '') { $title = $site_url; } if ($attributes !== '') { $attributes = _stringify_attributes($attributes); } return '<a href="' . $site_url . '"' . $attributes . '>' . $title . '</a>'; }
<?php defined('BASEPATH') or exit('No direct script access allowed'); ?> <div id="container"> <h1>Welcome to CodeIgniter!</h1> <div id="body"> <p>The page you are looking at is being generated dynamically by CodeIgniter.</p> <p>If you would like to edit this page you'll find it located at:</p> <code>application/views/welcome_message.php</code> <p>The corresponding controller for this page is found at:</p> <code>application/controllers/Welcome.php</code> <p>If you are exploring CodeIgniter for the very first time, you should start by reading the <a href="user_guide/">User Guide</a>.</p> <p><a href="<?php echo secure_site_url('login'); ?> ">Log In</a></p> </div> <p class="footer">Page rendered in <strong>{elapsed_time}</strong> seconds. <?php echo ENVIRONMENT === 'development' ? 'CodeIgniter Version <strong>' . CI_VERSION . '</strong>' : ''; ?> </p> </div>
/** * Force the request to be redirected to HTTPS, or optionally show 404. * A strong security policy does not allow for redirection. */ protected function force_ssl() { // Force SSL if available if (USE_SSL !== 0 && $this->protocol == 'http') { // Allow redirect to the HTTPS page if (REDIRECT_TO_HTTPS !== 0) { // Load string helper for trim_slashes function $this->load->helper('string'); // 301 Redirect to the secure page header("Location: " . secure_site_url(trim_slashes($this->uri->uri_string())), TRUE, 301); } else { show_404(); } exit; } }
<?php if (!defined('BASEPATH')) { exit('No direct script access allowed'); } /** * Community Auth - Pagination Config for User Management * * Community Auth is an open source authentication application for CodeIgniter 2.2.2 * * @package Community Auth * @author Robert B Gottier * @copyright Copyright (c) 2011 - 2015, Robert B Gottier. (http://brianswebdesign.com/) * @license BSD - http://www.opensource.org/licenses/BSD-3-Clause * @link http://community-auth.com */ $config['manage_users_pagination_settings'] = array('base_url' => secure_site_url('administration/manage_users'), 'per_page' => 8, 'use_page_numbers' => TRUE, 'anchor_class' => 'class="std-link" ', 'cur_tag_open' => ' <span id="active-set">', 'cur_tag_close' => '</span>', 'first_link' => FALSE, 'last_link' => FALSE, 'num_links' => 3); $config['manage_users_search_options'] = array('u.user_name' => 'username', 'u.user_email' => 'email address'); /* End of file manage_users_pagination.php */ /* Location: /application/config/pagination/administration/manage_users_pagination.php */
/** * User recovery form */ public function recover() { // Load resources $this->load->model('examples_model'); /// If IP or posted email is on hold, display message if ($on_hold = $this->authentication->current_hold_status(TRUE)) { $view_data['disabled'] = 1; } else { // If the form post looks good if ($this->tokens->match && $this->input->post('user_email')) { if ($user_data = $this->examples_model->get_recovery_data($this->input->post('user_email'))) { // Check if user is banned if ($user_data->user_banned == '1') { // Log an error if banned $this->authentication->log_error($this->input->post('user_email', TRUE)); // Show special message for banned user $view_data['user_banned'] = 1; } else { /** * Use the string generator to create a random string * that will be hashed and stored as the password recovery key. */ $this->load->library('generate_string'); $recovery_code = $this->generate_string->set_options(array('exclude' => array('char')))->random_string(64)->show(); // Update user record with recovery code and time $this->examples_model->update_user_raw_data($user_data->user_id, array('passwd_recovery_code' => $this->authentication->hash_passwd($recovery_code), 'passwd_recovery_date' => date('Y-m-d H:i:s'))); $view_data['special_link'] = secure_anchor('examples/recovery_verification/' . $user_data->user_id . '/' . $recovery_code, secure_site_url('examples/recovery_verification/' . $user_data->user_id . '/' . $recovery_code), 'target ="_blank"'); $view_data['confirmation'] = 1; } } else { // Log the error $this->authentication->log_error($this->input->post('user_email', TRUE)); $view_data['no_match'] = 1; } } } echo $this->load->view('examples/page_header', '', TRUE); echo $this->load->view('examples/recover_form', isset($view_data) ? $view_data : '', TRUE); echo $this->load->view('examples/page_footer', '', TRUE); }
/** * Log out */ public function logout() { $this->authentication->logout(); redirect(secure_site_url(LOGIN_PAGE . '?logout=1')); }
public function index() { if ($this->require_role('admin,super-agent,agent')) { $settings = array(); foreach ($this->settings_model->getDataList() as $setting) { $settings[$setting->key] = $setting->value; } if ($this->is_role('agent')) { //if it's an agent we redirect him to start creating a sheet redirect(secure_site_url('polls/select')); } elseif ($this->is_role('super-agent')) { //if it's an super-agent we redirect him to the Poll module redirect(secure_site_url('polls')); } $this->config->load('pms_config'); $polls = $this->polls_model->getActivePolls(false); foreach ($polls as $poll) { $poll->sheets_count = $this->polls_model->countSheets($poll); $color = $poll->sheets_count == $poll->max_surveys_number ? 'red' : 'green'; $poll->show_count = "<span style='color:{$color}'> (<span id='sheet_number_" . $poll->id . "'>" . $poll->sheets_count . '</span>/' . $poll->max_surveys_number . ')</span>'; } $data = array('title' => "Fiche du répondant", 'content' => 'dashboard/index', 'js_to_load' => array('tracking.js', 'map_utilities.js'), 'map_key' => $this->config->item('pms_google_map_key'), 'map_refresh' => $settings['map_update_interval'], 'idle_time' => $settings['map_idle_interval'], 'polls' => $polls, 'sheets' => $this->sheets_model->getSheetsWithPollAndUser(10), 'geolocations' => $this->geolocations_model->getErrors(10), 'data_url' => base_url("sheets/get_sheets/")); $this->load->view('global/layout', $data); } }