function verify_admin($userArray)
{
$is_admin = verifyUserIsAdmin($userArray['username']);
if (!$is_admin) {
throw new Exception('User is not admin!');
}
$result = verify_user($userArray);
return $result;
}
function handle_verify_user_request()
{
if (isset($_POST['unverify_user'])) {
echo "<div class='content_box'>\n";
echo " <h3>" . _("Results") . "</h3>\n";
$uid = post('uid');
try {
$verified = get_verified_for_user($uid);
if (!$verified) {
echo "<p>User {$uid} was not already verified. Any more?</p>\n";
} else {
if (unverify_user($uid) == 1) {
echo "<p>Unverified user {$uid}. Any more?</p>\n";
} else {
throw new Error("Unknown Error", "This shouldn't happen. Please report it.");
}
}
} catch (Exception $e) {
echo "<p>{$e->getMessage()}. Try again?</p>\n";
}
} else {
if (isset($_POST['verify_user'])) {
echo "<div class='content_box'>\n";
echo " <h3>" . _("Results") . "</h3>\n";
$uid = post('uid');
try {
$verified = get_verified_for_user($uid);
if ($verified) {
echo "<p>User {$uid} was already verified. Any more?</p>\n";
} else {
if (verify_user($uid) == 1) {
echo "<p>Verified user {$uid}. Any more?</p>\n";
} else {
throw new Error("Unknown Error", "This shouldn't happen. Please report it.");
}
}
} catch (Exception $e) {
echo "<p>{$e->getMessage()}. Try again?</p>\n";
}
}
}
}
// Just start syncsvn
// Just start syncsvn
case "syncsvn":
if ($is_svn_node) {
syncsvn($username);
}
break;
// Same for all users
// Same for all users
case "verify-all-users":
foreach ($users as $username => $options) {
if ($options['status'] != "active") {
continue;
}
print "verify {$username}\n";
verify_user($username);
}
break;
// List currently logged-in users
// List currently logged-in users
case "list-active":
foreach ($users as $username => $options) {
if ($options['status'] != "active") {
continue;
}
$nice_period = round((time() - last_access($username)) / 60, 2);
print "{$username}\t{$nice_period}\n";
}
break;
// Logout all users and kill all processes that look related
// Logout all users and kill all processes that look related
report_problem(WEAVE_ERROR_INVALID_COLLECTION, 400);
}
} else {
if ($_SERVER['REQUEST_METHOD'] != 'DELETE') {
report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 400);
}
}
#quick check to make sure that any non-storage function calls are just using GET
if ($function != 'storage' && $_SERVER['REQUEST_METHOD'] != 'GET') {
report_problem(WEAVE_ERROR_INVALID_PROTOCOL, 400);
}
#user passes preliminaries, connections made, onto actually getting the data
try {
$db = new WeaveStorage($username);
#Auth the user
verify_user($username, $db);
#user passes preliminaries, connections made, onto actually getting the data
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
if ($function == 'info') {
switch ($collection) {
case 'quota':
exit(json_encode(array($db->get_storage_total())));
case 'collections':
exit(json_encode($db->get_collection_list_with_timestamps()));
case 'collection_counts':
exit(json_encode($db->get_collection_list_with_counts()));
case 'collection_usage':
$results = $db->get_collection_storage_totals();
foreach (array_keys($results) as $collection) {
$results[$collection] = ceil($results[$collection] / 1024);
#converting to k from bytes
_gaq.push(['_setAccount', 'UA-78945-24']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<?php
include_once "config.php";
include_once "functions.php";
#error_reporting(0);
verify_user();
print "<Table><tr><td valign=top>";
print "<center>";
show_gravitar_img();
print "<br>";
print "<a href='dashboard.php?c=logout' alt='log out'><img src='logout.png'></a><br>";
print "<br>";
# <!-- Twitter Button -->
print "<a href='https://twitter.com/rsshose' class='twitter-follow-button' data-show-count='false'>Follow @rsshose</a>";
print "<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src='//platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document,'script','twitter-wjs');</script><br>";
print "</center>";
print "</td><td valign=top>";
#$vhash_cookie = $_COOKIE['vhash'];
#print ("DASHBOARD HASH KEY: $vhash_cookie<br>");
print "<form action='upload_opml_file.php' method='post' enctype='multipart/form-data'>\n";
print "<label for='file'>Upload GReader OPML File:</label>\n";
function login($forms)
{
$error = "";
$username = $forms["username"];
$password = $forms["password"];
if (!$password) {
$password = "******";
}
// die("$password");
if ($forms["authtype"] == "ldap") {
//define an appropriate ldap search filter to find your users, and filter out accounts such as administrator(administrator should be renamed anyway!).
$filter = "(&(|(!(displayname=Administrator*))(!(displayname=Admin*)))(" . LDAP_CN . "={$username}))";
$dn = LDAP_CN . "={$username}, ";
if (!($connect = @ldap_connect(LDAP_SRV))) {
$error .= "Could not connect to LDAP server:" . LDAP_SRV;
}
switch (LDAP_MSAD) {
case "YES":
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if (!($bind = @ldap_bind($connect, "{$username}@" . LDAP_DOMAIN, $password))) {
$error .= " Unable to bind to LDAP Server: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>";
}
break;
default:
if (!($bind = @ldap_bind($connect, "{$dn}" . LDAP_BASE_DN, $password))) {
$error .= " Unable to bind to LDAP Server: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>";
}
}
if (!($sr = @ldap_search($connect, LDAP_BASE_DN, $filter))) {
#search for user
$error .= " Unable to search: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>";
}
$info = @ldap_get_entries($connect, $sr);
// print "Number of entries returned is " .ldap_count_entries($connect, $sr)."<p>";
if (LDAP_USEPRIV == "ON") {
if (in_array(LDAP_RW_GROUP, $info[0]["groupmembership"])) {
$_SESSION["userpriv"] = "rw";
} elseif (in_array(LDAP_RO_GROUP, $info[0]["groupmembership"])) {
$_SESSION["userpriv"] = "ro";
} else {
$_SESSION["userpriv"] = "disabled";
// echo "User privileges are " . $_SESSION["userpriv"] . "<br>";
}
}
if (trim($error) != "") {
return $error;
} else {
$fullname = $info[0]["cn"][0];
$fqdn = $info[0]["dn"];
$_SESSION["username"] = $username;
$_SESSION["groups"] = $info[0]["groupmembership"];
$_SESSION["token"] = $password;
$_SESSION["fullname"] = $fullname;
$_SESSION["fqdn"] = $fqdn;
$flname = explode(" ", $fullname);
$_SESSION["firstname"] = $flname[0];
$_SESSION["lastname"] = $flname[1];
$_SESSION["pageId"] = "searchform";
// die(phpinfo());
// die(print_r($info[0]));
// die(print_r($_SESSION));
}
/* from here, do your sql query to query the database to search for existing record with correct username and password */
} elseif ($forms["authtype"] == "basic") {
// Using Web basic authentication. Check to see if $_SERVER['REMOTE_USER'] has access, and act accordingly.
$username = $_SERVER['REMOTE_USER'];
if ($username == "") {
$username = "******";
}
$dbLink = db_connect_syslog(DBUSER, DBUSERPW);
if ($username && verify_user($username, $dbLink)) {
$sessionId = md5(mt_rand());
$_SESSION["pageId"] = "searchform";
$expTime = time() + SESSION_EXP_TIME;
$expTimeDB = date('Y-m-d H:i:s', $expTime);
// Update sessionId and exptime in database
$query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n\t\t\t\texptime='" . $expTimeDB . "' WHERE username='******'";
$result = perform_query($query, $dbLink);
} else {
$error .= " Sorry, {$username} does not have access to this service.";
$_SESSION["error"] = "{$error}";
}
} elseif ($forms["authtype"] == "cert") {
// Using Cert basic authentication.Check certificate SerialNumber first, Subject DN if SerialNumber fails
$dbLink = db_connect_syslog(DBUSER, DBUSERPW);
if (verify_user($_SERVER['SSL_CLIENT_M_SERIAL'], $dbLink) || verify_user($_SERVER['SSL_CLIENT_S_DN'], $dbLink)) {
$sessionId = md5(mt_rand());
$_SESSION["pageId"] = "searchform";
$expTime = time() + SESSION_EXP_TIME;
$expTimeDB = date('Y-m-d H:i:s', $expTime);
// Update sessionId and exptime in database
$query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n exptime='" . $expTimeDB . "' WHERE username='******'";
$result = perform_query($query, $dbLink);
} else {
$error .= " Sorry, {$username} does not have access to this service.";
$_SESSION["error"] = "{$error}";
}
} else {
// Not using LDAP or WebBasic, revert to local db authentication
if ($_POST["username"]) {
$username = $_POST["username"];
$password = $_POST["password"];
// die("Info: $username, $password");
$dbLink = db_connect_syslog(DBUSER, DBUSERPW);
if ($username && $password && verify_login($username, $password, $dbLink)) {
$sessionId = md5(mt_rand());
$_SESSION["pageId"] = "searchform";
// Calculate the expiration time
$expTime = time() + SESSION_EXP_TIME;
$expTimeDB = date('Y-m-d H:i:s', $expTime);
// Update sessionId and exptime in database
$query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n\t\t\t\t\texptime='" . $expTimeDB . "' WHERE username='******'";
$result = perform_query($query, $dbLink);
} else {
$error .= " Invalid password for user {$username}";
$_SESSION["error"] = "{$error}";
}
} else {
$error .= " Missing POST variables";
$_SESSION["error"] = "{$error}";
}
}
if (trim($error) != "") {
return $error;
} else {
$_SESSION["username"] = $username;
return $username;
}
}
<?php
#
# Author: Troy Riblett, troy.riblett@oit.edu
# Created: 1/16/2016
# Last Modified: 1/23/2016
#
# login_user
# This script is designed to be a wrapper around the verify user script
# to handle extra details and close the database connection.
try {
#Includes the code for verifying the user
require '/var/www/dboperations/verify_user.php';
#Retrieves a json object with the token for the user
$verification_json = verify_user($username, $password, true);
$verification_json['Operation'] = "Login";
#Encodes the object and returns it as a json object.
echo json_encode($verification_json);
#echo var_dump($verification_json);
$db_connection = null;
} catch (PDOException $except) {
echo $except->getMessage() . "\n";
} catch (InvalidArgumentException $arg_except) {
echo $arg_except->getMessage() . "\n";
}
case 'add_customer':
include_once __DIR__ . '/customers/add_customer.php';
$responseArray['response'] = add_customer($values);
$responseArray['message'] = 'Customer successfully added';
break;
case 'update_customer':
include_once __DIR__ . '/customers/update_customer.php';
$responseArray['response'] = update_customer($values);
$responseArray['message'] = 'Customer updated.';
break;
case 'get_customers':
include_once __DIR__ . '/customers/get_customers.php';
$responseArray['response'] = get_customers($values);
$responseArray['message'] = 'Customers successfully read';
break;
case 'verify_user':
include_once __DIR__ . '/customers/verify_user.php';
$responseArray['response'] = verify_user($values);
$responseArray['message'] = 'User verified';
break;
case "verify_admin":
include_once __DIR__ . '/customers/verify_admin.php';
$responseArray['response'] = verify_admin($values);
$responseArray['message'] = 'Admin verified';
break;
default:
throw new Exception("Unknown function: {$function}");
}
$responseArray['status'] = 'success';
echo json_encode($responseArray);
exit;
$rec = mysqli_query($con, $sql);
$count = 0;
while ($row = mysqli_fetch_object($rec)) {
$count++;
$result = $row;
}
if ($count == 1) {
return 1;
} else {
return 0;
}
}
/* Iniciar código para registrar un usario */
if (isset($_POST['register'])) {
//Se vaerifica si el botón register fue presionado
if (verify_user($_POST['user'], $result) == 1) {
/* aquí entra si ya existe el usuario*/
echo "<script>alert('El usuario que ingreso no esta disponible.<br> Por favor ingrese otro.')</script>";
} else {
/* aquí entra si el usuario no existe */
if (verify_email($_POST['email'], $result) == 1) {
/* aquí entra si ya existe el usuario*/
echo "<script>alert('Ya existe un usuario con este email.<br> Por favor ingrese otro o recupera tu cuenta.')</script>";
} else {
if ($_POST['pass'] == $_POST['pass2']) {
/* si las contraseñas coinciden */
if ($_FILES['picture']["error"] > 0) {
/* Cuando ocurre un error al guardar la imagen */
echo "<script>alert('Error al guardar imagen.');</script>";
} else {
$permitidos = array("image/jpg", "image/jpeg", "image/gif", "image/png");
function docs()
{
if (isset($_POST['action'])) {
$action = post('action');
if ($action == 'verify') {
verify_user(post('uid'));
} else {
if ($action == 'unverify') {
unverify_user(post('uid'));
} else {
throw new Error("unknown action", "unknown action: {$action}");
}
}
}
show_docs_form();
if (isset($_GET['uid'])) {
show_user_documents_for_user(get('uid'));
} else {
if (isset($_GET['verified_with_no_docs'])) {
show_user_verified_with_no_documents();
} else {
show_user_documents();
}
}
echo "<div class='content_box'>\n";
echo "<h3>Upload Docs for Users</h3>\n";
echo "<p><a href=\"?page=identity\">Upload more docs</a></p>\n";
echo "</div>\n";
}
<?php
require_once __DIR__ . "/libs/Event.php";
require_once __DIR__ . "/libs/functions.php";
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
if (isset($_GET["u"])) {
if (verify_user($_GET["u"]) == true) {
$json_string = file_get_contents("php://input");
Event::onMessage(json_decode($json_string, true), __DIR__ . "/libs/Services");
} else {
echo '{"code":33406, "msg":"invalid tdid or u"}';
}
} else {
echo '{"code":33407, "msg":"miss param tdid or u"}';
}
# Author: Troy Riblett, troy.riblett@oit.edu
# Created: 1/16/2016
# Last Modified: 1/23/2016
#
# del_user
# This php script removes the user from the database if their username
# and password are successfully verified
try {
#includes the script for getting the db connection
require '/var/www/dbconnection/Get_db_connection.php';
#Makes a call to a the get_db_connection that sets up the PDO connection
$db_connection = DbConnection::get_instance()->get_db_connection();
#includes the code that is used to verify the user
require 'verify_user';
#Gets the status of the attempt to verify the user
$verification_status = verify_user($username, $password);
$json_delete_status = array();
$json_delete_status['Operation'] = "Delete";
#If the verify_user function suceeded, remove the user
if ($verification_status['verified'] = true) {
#Creates the prepared statement to delete the user from the table
$stmt_handle = $db_connection->prepare('Delete Biometrix.dbo.LoginTable Where Username = :name');
#Binds the username to the prepared statement
$stmt_handle->bindValue(':name', $argv[1], PDO::PARAM_STR);
$stmt_handle->execute();
$json_delete_status['Deleted'] = true;
$json_delete_status['Verified'] = true;
} else {
$json_delete_status['Deleted'] = false;
$json_delete_status['Verified'] = false;
$json_delete_status['Error'] = "Account not found";
