public function control() { $this->setPageTitle('Log in'); $this->setViewTemplate('session.login.tpl'); $this->view_mgr->addHelp('login', 'userguide/accounts/index'); $this->disableCaching(); //don't show login form if already logged in if ($this->isLoggedIn()) { $controller = new DashboardController(true); return $controller->go(); } else { $owner_dao = DAOFactory::getDAO('OwnerDAO'); if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) { if ($_POST['email'] == '' || $_POST['pwd'] == '') { if ($_POST['email'] == '') { $this->addErrorMessage("Email must not be empty"); return $this->generateView(); } else { $this->addErrorMessage("Password must not be empty"); return $this->generateView(); } } else { $session = new Session(); $user_email = $_POST['email']; if (get_magic_quotes_gpc()) { $user_email = stripslashes($user_email); } $this->addToView('email', $user_email); $owner = $owner_dao->getByEmail($user_email); if (!$owner) { $this->addErrorMessage("Incorrect email"); return $this->generateView(); } elseif (!$owner->is_activated) { $this->addErrorMessage("Inactive account. " . $owner->account_status . ". " . '<a href="forgot.php">Reset your password.</a>'); return $this->generateView(); } elseif (!$session->pwdCheck($_POST['pwd'], $owner_dao->getPass($user_email))) { //failed login if ($owner->failed_logins >= 10) { $owner_dao->deactivateOwner($user_email); $owner_dao->setAccountStatus($user_email, "Account deactivated due to too many failed logins"); } $owner_dao->incrementFailedLogins($user_email); $this->addErrorMessage("Incorrect password"); return $this->generateView(); } else { // this sets variables in the session $session->completeLogin($owner); $owner_dao->updateLastLogin($user_email); $owner_dao->resetFailedLogins($user_email); $owner_dao->clearAccountStatus(''); $controller = new DashboardController(true); return $controller->control(); } } } else { return $this->generateView(); } } }
/** * @return string */ public function control() { $output = ""; $authorized = false; if (isset($this->argc) && $this->argc > 2) { // check for CLI credentials $session = new Session(); $streamer_method = $this->argv[1]; $username = $this->argv[2]; if ($this->argc > 3) { $pw = $this->argv[3]; } else { $pw = getenv('THINKUP_PASSWORD'); } $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($username); $passcheck = $owner_dao->getPass($username); if ($session->pwdCheck($pw, $passcheck)) { $authorized = true; Session::completeLogin($owner); } else { $output = "ERROR: Incorrect username and password."; } } else { // check user is logged in on the web if ($this->isLoggedIn()) { $authorized = true; } else { $output = "ERROR: Invalid or missing stream method, username, and password."; } } if ($authorized) { $streamer = Streamer::getInstance(); // print "have streamer method: $streamer_method\n"; switch ($streamer_method) { case 'stream': $streamer->stream(); break; case 'streamProcess': $streamer->streamProcess(); break; case 'shutdownStreams': $streamer->shutdownStreams(); break; default: $output = "Error: could not identify stream method to run."; } } return $output; }
public function control() { $this->setPageTitle('Log in'); $this->setViewTemplate('session.login.tpl'); $this->disableCaching(); //don't show login form if already logged in if ($this->isLoggedIn()) { $controller = new DashboardController(true); return $controller->go(); } else { $od = DAOFactory::getDAO('OwnerDAO'); if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) { if ($_POST['email'] == '' || $_POST['pwd'] == '') { if ($_POST['email'] == '') { $this->addErrorMessage("Email must not be empty"); return $this->generateView(); } else { $this->addErrorMessage("Password must not be empty"); return $this->generateView(); } } else { $session = new Session(); $user_email = $_POST['email']; $this->addToView('email', $user_email); $owner = $od->getByEmail($user_email); if (!$owner) { $this->addErrorMessage("Incorrect email"); return $this->generateView(); } elseif (!$session->pwdCheck($_POST['pwd'], $od->getPass($user_email))) { $this->addErrorMessage("Incorrect password"); return $this->generateView(); } else { // this sets variables in the session $session->completeLogin($owner); $od->updateLastLogin($user_email); $controller = new DashboardController(true); return $controller->control(); } } } else { return $this->generateView(); } } }
public function go() { $this->setViewTemplate('admin_login.tpl'); $this->addPageTitle('Log in'); if ($this->isLoggedIn()) { header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/dashboard.php"); } else { if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) { if ($_POST['username'] == '' || $_POST['pwd'] == '') { if ($_POST['username'] == '') { $this->addErrorMessage("Username must not be empty"); return $this->generateView(); } else { $this->addErrorMessage("Password must not be empty"); return $this->generateView(); } } else { $session = new Session(); $username = $_POST['username']; $this->addToView('username', $username); $user = User::findByUsername($username); if (!$user) { $this->addErrorMessage("Incorrect username"); return $this->generateView(); } elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) { $this->addErrorMessage("Incorrect password"); return $this->generateView(); } elseif (!$user->type) { $this->addErrorMessage("You are not an administrator"); return $this->generateView(); } else { // this sets variables in the session $session->completeLogin($user); header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/login.php"); } } } else { $this->addPageTitle('Log in'); return $this->generateView(); } } }
public function go() { $this->setViewTemplate('landingpage.tpl'); $this->addPageTitle('Log in'); if ($this->isLoggedIn()) { $controller = new LandingPageController(); return $controller->go(); } else { if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) { if ($_POST['username'] == '' || $_POST['pwd'] == '') { if ($_POST['username'] == '') { $this->addErrorMessage("Username must not be empty"); return $this->generateView(); } else { $this->addErrorMessage("Password must not be empty"); return $this->generateView(); } } else { $session = new Session(); $username = $_POST['username']; $this->addToView('username', $username); $user = User::findByUsername($username); if (!$user) { header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=username"); //return $this->generateView(); } elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) { header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=password"); return $this->generateView(); } else { // this sets variables in the session $session->completeLogin($user); header('Location:' . SOURCE_ROOT_PATH . "pages/home.php"); } } } else { $this->addPageTitle('Log in'); return $this->generateView(); } } }
public function control() { $output = ""; $authorized = false; if (isset($this->argc) && $this->argc > 1) { // check for CLI credentials $session = new Session(); $username = $this->argv[1]; if ($this->argc > 2) { $pw = $this->argv[2]; } else { $pw = getenv('THINKUP_PASSWORD'); } $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($username); $passcheck = $owner_dao->getPass($username); if ($session->pwdCheck($pw, $passcheck)) { $authorized = true; Session::completeLogin($owner); } else { $output = "ERROR: Incorrect username and password."; } } else { // check user is logged in on the web if ( $this->isLoggedIn() ) { $authorized = true; } else { $output = "ERROR: Invalid or missing username and password."; } } if ($authorized) { $crawler = Crawler::getInstance(); $crawler->crawl(); } return $output; }
public function testOfControllerGoodTokenMatchedNewPassword() { $time = strtotime('-1 hour'); $q = <<<SQL UPDATE #prefix#owners SET password_token = '{$this->token}_{$time}' WHERE id = 1; SQL; $this->db->exec($q); $_POST['password'] = '******'; $_POST['password_confirm'] = 'the same'; $_GET['token'] = $this->token; $controller = new PasswordResetController(true); $result = $controller->go(); $dao = DAOFactory::getDAO('OwnerDAO'); $session = new Session(); $this->assertTrue($session->pwdCheck($_POST['password'], $dao->getPass('*****@*****.**'))); }
public function testOfControllerGoodTokenMatchedNewPassword() { $dao = DAOFactory::getDAO('OwnerDAO'); $dao->setAccountStatus("*****@*****.**", "Deactivated account"); $time = strtotime('-1 hour'); $q = <<<SQL UPDATE #prefix#owners SET password_token = '{$this->token}_{$time}' WHERE id = 1; SQL; $this->testdb_helper->runSQL($q); $_POST['password'] = '******'; $_POST['password_confirm'] = 'the same'; $_GET['token'] = $this->token; $controller = new PasswordResetController(true); $result = $controller->go(); $session = new Session(); $this->assertTrue($session->pwdCheck($_POST['password'], $dao->getPass('*****@*****.**'))); $owner = $dao->getByEmail('*****@*****.**'); $this->assertEqual($owner->account_status, ''); }
require_once "init.php"; $session = new Session(); if ($session->isLoggedIn()) { header("Location: ../index.php"); } $db = new Database($THINKTANK_CFG); $conn = $db->getConnection(); $od = new OwnerDAO($db); $user_email = mysql_real_escape_string($_POST['email']); $s = new SmartyThinkTank(); $s->caching = false; if ($_POST['Submit'] == 'Login') { $result = $od->getForLogin($user_email); if (!$result) { header("Location: login.php?emsg=Invalid+email+or+password"); } elseif (!$session->pwdCheck($_POST['pwd'], $result['pwd'])) { header("Location: login.php?emsg=Incorrect+email+or+password"); } else { // this sets variables in the session $session->completeLogin($result); $od->updateLastLogin($user_email); if (isset($_GET['ret']) && !empty($_GET['ret'])) { header("Location: {$_GET['ret']}"); } else { header("Location: " . $THINKTANK_CFG['site_root_path']); } exit; } } if (isset($_GET["emsg"])) { $emsg = $_GET["emsg"];
chdir(".."); require_once 'config.webapp.inc.php'; ini_set("include_path", ini_get("include_path") . PATH_SEPARATOR . $INCLUDE_PATH); require_once "init.php"; session_start(); $session = new Session(); if (!$session->isLoggedIn()) { header("Location: ../index.php"); } $db = new Database($THINKTANK_CFG); $conn = $db->getConnection(); $od = new OwnerDAO($db); if ($_POST['changepass'] == 'Change Password') { $originalpass = $od->getPass($_SESSION['user']); $origpass = $originalpass['pwd']; if (!$session->pwdCheck($_POST['oldpass'], $origpass)) { $errormsg = "Old password does not match or empty."; } elseif ($_POST['pass1'] != $_POST['pass2']) { $errormsg = "New passwords did not match. Your password has not been changed."; } elseif (strlen($_POST['pass1']) < 5) { $errormsg = "New password must be at least 5 characters. Your password has not been changed."; } else { $cryptpass = $session->pwdcrypt($_POST['pass1']); $od->updatePassword($_SESSION['user'], $cryptpass); $successmsg = "Your password has been updated."; } } $id = new InstanceDAO($db); $od = new OwnerDAO($db); $cfg = new Config(); $s = new SmartyThinkTank();
<?php chdir(".."); require_once "common/init.php"; $authorized = false; if (isset($argc) && $argc > 1) { // check for CLI credentials $session = new Session(); $username = $argv[1]; $pw = $argv[2]; $od = new OwnerDAO($db); $result = $od->getForLogin($username); if ($session->pwdCheck($pw, $result['pwd'])) { $authorized = true; echo "Authorized to run crawler."; } else { echo "Incorrect username and password."; } } else { // check user is logged in on the web session_start(); $session = new Session(); if ($session->isLoggedIn()) { $authorized = true; } } if ($authorized) { $crawler->crawl(); if (isset($conn)) { $db->closeConnection($conn); // Clean up