function Handle($Request) { try { if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['verification']) && $_GET['verification'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) { if (phpsec\AdvancedPasswordManagement::tempPassword($_GET['user'], $_GET['verification'])) { if ($_GET['mode'] === 'temppass') { $userSession = new phpsec\Session(); $userSessionID = $userSession->newSession($_GET['user']); $nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/requestnewpassword"; header("Location: {$nextLocation}"); } else { if ($_GET['mode'] === 'activation') { \phpsec\User::activateAccount($_GET['user']); $this->info .= "Your account <b>" . $_GET['user'] . "</b> is now activated." . "<BR>"; require_once __DIR__ . "/../../view/default/user/temppass.php"; } } } else { $this->error .= "ERROR: This validation token does not match our records!!!" . "<BR>"; return require_once __DIR__ . "/../../view/default/user/temppass.php"; } } else { if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['email']) && $_GET['email'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) { $tempPass = phpsec\AdvancedPasswordManagement::tempPassword($_GET['user']); $message = "Please open the following link in order to complete the process:\n"; $message .= \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=" . $_GET['mode'] . "&verification=" . $tempPass . "\n\n\n"; $message .= "Sometimes the email ends up in the Spam folder. So also please check your spam folder in case you didn't receive the email.\n\n"; $message .= "If you did nothing to get this email, just ignore it.\n"; $message = wordwrap($message, 70, "\r\n"); $send = \mail($_GET['email'], "Authentication Email", $message, "FROM: " . "*****@*****.**"); if (!$send) { $this->error .= "ERROR: Mail was not send!" . "<BR>"; } return require_once __DIR__ . "/../../view/default/user/temppass.php"; } else { return require_once __DIR__ . "/../../view/default/404.php"; } } } catch (Exception $e) { $this->error .= $e->getMessage() . "<BR>"; return require_once __DIR__ . "/../../view/default/user/temppass.php"; } }
function Handle($Request) { try { $config = (require_once __DIR__ . "/../../config/config.php"); $userID = \phpsec\User::checkRememberMe(); if (!$userID) { if (isset($_POST['submit'])) { if (isset($_POST['user']) && $_POST['user'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") { try { $userID = $_POST['user']; $userObj = phpsec\UserManagement::logIn($_POST['user'], $_POST['pass']); } catch (phpsec\WrongPasswordException $e) { if ($config['BRUTE_FORCE_DETECTION'] === "ON") { try { new phpsec\AdvancedPasswordManagement($_POST['user'], $_POST['pass'], TRUE); } catch (phpsec\BruteForceAttackDetectedException $ex) { \phpsec\User::lockAccount($_POST['user']); $this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>"; } } $this->error .= "Incorrect Username/Password combination!" . "<BR>"; return require_once __DIR__ . "/../../view/default/user/login.php"; } catch (phpsec\UserAccountInactive $e) { $userEmail = phpsec\User::getPrimaryEmail($_POST['user']); $activationLink = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $userEmail; $this->error .= "ERROR: The account is inactive. Please activate your account by clicking <a href=\"{$activationLink}\">here</a>." . "<BR>"; return require_once __DIR__ . "/../../view/default/user/login.php"; } if (isset($_POST['remember-me']) && $_POST['remember-me'] == "on") { if (phpsec\HttpRequest::isHTTPS()) { phpsec\User::enableRememberMe($_POST['user']); } else { phpsec\User::enableRememberMe($_POST['user'], FALSE, TRUE); } } } else { $this->error .= "Empty fields are not allowed. Please fill the required areas." . "<BR>"; } } else { return require_once __DIR__ . "/../../view/default/user/login.php"; } } $userSession = new phpsec\Session(); try { $sessionID = $userSession->existingSession(); if ($sessionID) { $userSessionID = $userSession->rollSession(); } else { $userSessionID = $userSession->newSession($userID); } $userObj = phpsec\UserManagement::forceLogIn($userID); if ($userObj->isPasswordExpired()) { $this->info .= "Its been too long since you have changed your password. For security reasons, please change your password." . "<BR>"; } $url_to_redirect = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/user/index"; header("HTTP/1.1 302 Found"); header('Location: ' . $url_to_redirect); } catch (\phpsec\SessionExpired $e) { $this->error .= $e->getMessage() . "<BR>"; phpsec\User::deleteAuthenticationToken(); } } catch (Exception $e) { $this->error .= $e->getMessage() . "<BR>"; } return require_once __DIR__ . "/../../view/default/user/login.php"; }