public function postAuthenticate() { $login = $_REQUEST['user_email']; $pass = $_REQUEST['user_password']; $Validate = new Validate(); $rules = array('user_email' => array('reqd' => 'Please provide a user name'), 'user_password' => array('reqd' => 'Please provide a password')); $validation = $Validate->run($_REQUEST, $rules); if (is_array($validation)) { return Redirect::route('login')->with('validation', $validation); } $md5pass = md5($pass); $authed = User::authenticateUser($login, $md5pass); if (is_object($authed)) { if (isset($_REQUEST['remember'])) { Cookie::queue('_user_remember', Crypt::encrypt($login . ':' . $md5pass), 9999999); } Session::put('user', $authed); return Redirect::action('PortalController@getIndex'); } else { logr(array('data' => $_REQUEST, 'time' => date('Y-m-d H:i:s')), 'failed-logins'); return Redirect::route('login')->with('validation', array('authentication' => 'There seems to be a problem with your email or password')); } }
/** * @brief Delete a Mozilla Sync user. * * DELETE https://server/pathname/version/username * * Deletes the user account. * NOTE: Requires simple authentication with the username and password associated with the account. * * Return value: * 0 on success * * Possible errors: * 503: there was an error removing the user * 404: the user does not exist in the database * 401: authentication failed * * @param string $syncHash Mozilla Sync user hash of the user to be deleted. */ private function deleteUser($syncHash) { if (User::isAutoCreateUser()) { //auto create accounts only Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); Utils::writeLog("Failed to delete user " . $syncHash . ". Delete disabled"); } if (User::syncUserExists($syncHash) === false) { Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); Utils::writeLog("Failed to delete user " . $syncHash . ". User does not exist."); } if (User::authenticateUser($syncHash) === false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); Utils::writeLog("Authentication for deleting user " . $syncHash . " failed."); } $syncId = User::syncHashToSyncId($syncHash); if ($syncId === false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); Utils::writeLog("Failed to convert user " . $syncHash . " to Sync ID."); } if (Storage::deleteStorage($syncId) === false) { Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE); Utils::writeLog("Failed to delete storage for user " . $syncId . "."); } if (User::deleteUser($syncId) === false) { Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE); Utils::writeLog("Failed to delete user " . $syncId . "."); } OutputData::write('0'); }
// process the posted form if ($_SERVER['REQUEST_METHOD'] == "POST") { // did we get valid values if (empty($_POST['password']) || empty($_POST['username'])) { echo "<div class='err'>You must enter a user name and password.</div>"; } else { // include the user stuff include_once 'User.php'; // create a new user object $user = new User(); // save the username $username = $_POST['username']; // save the password $password = $_POST['password']; // validate the user $retVal = $user->authenticateUser($username, $password); // did the user authenticate if (!$retVal) { $msg = "<div class='err'>Invalid username or password.</div>"; } else { // save the user object $_SESSION['UserObj'] = $user; // save the user info for display $_SESSION['loginInfo'] = '<div class="userInfo">Good day, ' . displayUserNameByID($user->getID()) . '</div>'; // redirect to the dashboard page header('Location: ../DashBoard/DashBoard.php'); // terminate page processing die; } } }
/** * @brief Run service */ public function run() { // // Check if given url is valid // if (!$this->urlParser->isValid()) { Utils::changeHttpStatus(Utils::STATUS_INVALID_DATA); return false; } $syncUserHash = $this->urlParser->getUserName(); if (User::authenticateUser($syncUserHash) == false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); return false; } $userId = User::userHashToId($syncUserHash); if ($userId == false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); return false; } Storage::deleteOldWbo(); // // Map request to functions // // Info case: https://server/pathname/version/username/info/ if ($this->urlParser->commandCount() == 2 && $this->urlParser->getCommand(0) == 'info') { if (Utils::getRequestMethod() != 'GET') { Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); return false; } switch ($this->urlParser->getCommand(1)) { case 'collections': $this->getInfoCollections($userId); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); } } else { if ($this->urlParser->commandCount() == 1 && $this->urlParser->getCommand(0) == 'storage') { switch (Utils::getRequestMethod()) { case 'DELETE': $this->deleteStorage($userId); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); } } else { if ($this->urlParser->commandCount() == 2 && $this->urlParser->getCommand(0) == 'storage') { $collectionName = $this->urlParser->getCommand(1); $modifiers = $this->urlParser->getCommandModifiers(1); $collectionId = Storage::collectionNameToIndex($userId, $collectionName); switch (Utils::getRequestMethod()) { case 'GET': $this->getCollection($userId, $collectionId, $modifiers); break; case 'POST': $this->postCollection($userId, $collectionId); break; case 'DELETE': $this->deleteCollection($userId, $collectionId, $modifiers); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); } } else { if ($this->urlParser->commandCount() == 3 && $this->urlParser->getCommand(0) == 'storage') { $collectionName = $this->urlParser->getCommand(1); $wboId = $this->urlParser->getCommand(2); $collectionId = Storage::collectionNameToIndex($userId, $collectionName); switch (Utils::getRequestMethod()) { case 'GET': $this->getWBO($userId, $collectionId, $wboId); break; case 'PUT': $this->putWBO($userId, $collectionId, $wboId); break; case 'DELETE': $this->deleteWBO($userId, $collectionId, $wboId); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); } } else { Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); } } } } return true; }
/** * @brief Detete user * * DELETE https://server/pathname/version/username * * Deletes the user account. * NOTE: Requires simple authentication with the username and password associated with the account. * * Return value: * 0 on success * * Possible errors: * 503: there was an error removing the user * 404: the user does not exist in the database * 401: authentication failed * * @param string $userName */ private function deleteUser($syncUserHash) { if (User::syncUserExists($syncUserHash) == false) { Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); return true; } if (User::authenticateUser($syncUserHash) == false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); return true; } $userId = User::userHashToId($syncUserHash); if ($userId == false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); return true; } if (Storage::deleteStorage($userId) == false) { Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE); return true; } if (User::deleteUser($userId) == false) { Utils::changeHttpStatus(Utils::STATUS_MAINTENANCE); return true; } OutputData::write('0'); return true; }
* Created by PhpStorm. * User: Dushyant * Date: 2015-04-29 * Time: 4:00 PM */ session_destroy(); include_once '../Local/Classes/class.User.inc'; include_once '../Local/Classes/class.SessionManager.inc'; session_start(); extract($_POST); if (isset($btnSubmit)) { //user object $user = new User(); //session object $session = new SessionManager(); $loginUser = $user->authenticateUser(trim($txtEmail), trim($txtPassword)); //redirecting user to dashboard logic if ($loginUser['user_role'] == 'Doctor') { //Set login user session if ($session->createUserSession($loginUser['user_id'], $loginUser['first_name'], $loginUser['user_role'])) { //todo redirect doctors to Doctor's dashboard header('Location: Doctor/dashboard.php'); } } elseif ($loginUser['user_role'] == 'Admin') { //Set login user session if ($session->createUserSession($loginUser['user_id'], $loginUser['first_name'], $loginUser['user_role'])) { //todo redirect doctors to Doctor's dashboard header('Location: Admin/locationList.php'); } } else { $errors['authentication'] = $loginUser;
/** * @brief Run storage service. * * @return True on successful command parsing, false otherwise. */ public function run() { // Check if given url is valid if (!$this->urlParser->isValid()) { Utils::changeHttpStatus(Utils::STATUS_INVALID_DATA); Utils::writeLog("URL: Invalid URL."); return false; } // Get Mozilla Sync user hash and authenticate user $syncHash = $this->urlParser->getSyncHash(); if (User::isAutoCreateUser() && !User::hasSyncAccount($syncHash)) { if (User::authenticateUser($syncHash, false) === false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); Utils::writeLog("Couldn't autocreate account for user " . $syncHash . " authentication failed."); return false; } //auto create account User::autoCreateUser($syncHash); } if (User::authenticateUser($syncHash) === false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); Utils::writeLog("Could not authenticate user " . $syncHash . "."); return false; } // Convert Sync hash to Sync ID $syncId = User::syncHashToSyncId($syncHash); if ($syncId === false) { Utils::changeHttpStatus(Utils::STATUS_INVALID_USER); Utils::writeLog("Could not convert user " . $syncHash . " to Sync ID."); return false; } // Delete old WBO on every run of storage service Storage::deleteOldWbo(); // Map request to functions // Info case: https://server/pathname/version/username/info/ if ($this->urlParser->commandCount() === 2 && $this->urlParser->getCommand(0) === 'info') { if (Utils::getRequestMethod() != 'GET') { Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); Utils::writeLog("URL: Invalid HTTP method " . Utils::getRequestMethod() . " for info."); return false; } switch ($this->urlParser->getCommand(1)) { case 'collections': $this->getInfoCollections($syncId); break; case 'collection_usage': $this->getInfoCollectionUsage($syncId); break; case 'collection_counts': $this->getInfoCollectionCounts($syncId); break; case 'quota': $this->getInfoQuota($syncId); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); Utils::writeLog("URL: Invalid command " . $this->urlParser->getCommand(1) . " for info."); return false; } } else { if ($this->urlParser->commandCount() === 1 && $this->urlParser->getCommand(0) === 'storage') { switch (Utils::getRequestMethod()) { case 'DELETE': $this->deleteStorage($syncId); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); Utils::writeLog("URL: Invalid request method " . Utils::getRequestMethod() . " for storage."); return false; } } else { if ($this->urlParser->commandCount() === 2 && $this->urlParser->getCommand(0) === 'storage') { $collectionName = $this->urlParser->getCommand(1); $modifiers = $this->urlParser->getCommandModifiers(); $collectionId = Storage::collectionNameToIndex($syncId, $collectionName); switch (Utils::getRequestMethod()) { case 'GET': $this->getCollection($syncId, $collectionId, $modifiers); break; case 'POST': $this->postCollection($syncId, $collectionId); break; case 'DELETE': $this->deleteCollection($syncId, $collectionId, $modifiers); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); Utils::writeLog("URL: Invalid request method" . Utils::getRequestMethod() . " for collection."); return false; } } else { if ($this->urlParser->commandCount() === 3 && $this->urlParser->getCommand(0) === 'storage') { $collectionName = $this->urlParser->getCommand(1); $wboId = $this->urlParser->getCommand(2); $collectionId = Storage::collectionNameToIndex($syncId, $collectionName); switch (Utils::getRequestMethod()) { case 'GET': $this->getWBO($syncId, $collectionId, $wboId); break; case 'PUT': $this->putWBO($syncId, $collectionId, $wboId); break; case 'DELETE': $this->deleteWBO($syncId, $collectionId, $wboId); break; default: Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); Utils::writeLog("URL: Invalid request method" . Utils::getRequestMethod() . " for WBO."); return false; } } else { Utils::changeHttpStatus(Utils::STATUS_NOT_FOUND); Utils::writeLog("URL: Invalid storage service request. Sent " . (string) $this->urlParser->commandCount() . " commands in URL\t" . Utils::getSyncUrl() . ": " . var_export($this->urlParser->getCommands(), true)); return false; } } } } return true; }