protected function _run($request) { if ($this->requestMethod == 'POST' && count($request) == 0) { // User tries to login Authentication::login($_POST['username'], $_POST['password']); if (!Authentication::authenticated()) { Headers::sendStatusUnauthorized(); return; } else { Headers::sendStatusOk(); echo "login succeeded<br>"; return; } } else { Authentication::authenticate(); if (!Authentication::authenticated()) { Headers::sendStatusUnauthorized(); return; } if ($this->requestMethod == 'GET' && count($request) > 0) { // User info requested echo "requesting userinfo of user " . $request[0]; } else { // Bad request Headers::sendStatusMethodNotAllowed(); echo "Method not allowed<br>"; print_r($request); } } }
public function __construct($request) { $this->_setRequestMethod(); Authentication::authenticate(); if (!Authentication::authenticated()) { // Return unauthorised response Headers::sendStatusUnauthorised(); echo "Unauthorised<br>"; return; } $this->_run($request); }
protected function authenticate() { $auth = new Authentication(); if (($user = $auth->authenticate($_POST['Login']['Username'], hash('sha512', $_POST['Login']['Password']))) !== false) { if (!isset($_SESSION['Authenticated'])) { $_SESSION['Authentication'] = array(); } $_SESSION['Authentication']['User'] = $user; $_SESSION['Authentication']['LoggedIn'] = true; } else { $GLOBALS['Smarty']->assign('errormessage', 'Login fehlgeschlagen'); } }
public function loginSubmit($credentials = []) { if (isset($credentials)) { if ($credentials['userid'] != '') { if ($credentials['password'] != '') { if (Authentication::authenticate($credentials)) { $_SESSION['userid'] = $credentials['userid']; $_SESSION['isLogin'] = true; header("Location: ../welcome/"); } else { $this->flushOutput('Login failed.'); } } else { $this->flushOutput('Please fill Password.'); } } else { $this->flushOutput('Please fill ID No.'); } } }
* * The second part of the query is provided by AJAX in the form of the -query- variable, containing * whatever terms the user enters in the autocomplete field. */ /** * allow for testing */ $debug = false; /** * includes */ require_once dirname(dirname(dirname(__FILE__))) . "/redcap_connect.php"; /** * restricted use */ $userAuthenticated = Authentication::authenticate(); if ($userAuthenticated) { /** * get text entered by user. This is appended to query string by jquery autocomplete */ $full_query = $_GET['q']; $term = prep($_GET['term']); /** * get field name, used to make session unique */ $field_name = $_GET['f']; $query_field = $_GET['a']; /** * get query fragment, passed in session variable to keep prying eyes away * results should be limited by adding LIMIT 0,n to query after $term enclosure * if no session variable, return an appropriate error value