function Handle($Request)
{
try {
if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['verification']) && $_GET['verification'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) {
if (phpsec\AdvancedPasswordManagement::tempPassword($_GET['user'], $_GET['verification'])) {
if ($_GET['mode'] === 'temppass') {
$userSession = new phpsec\Session();
$userSessionID = $userSession->newSession($_GET['user']);
$nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/requestnewpassword";
header("Location: {$nextLocation}");
} else {
if ($_GET['mode'] === 'activation') {
\phpsec\User::activateAccount($_GET['user']);
$this->info .= "Your account <b>" . $_GET['user'] . "</b> is now activated." . "<BR>";
require_once __DIR__ . "/../../view/default/user/temppass.php";
}
}
} else {
$this->error .= "ERROR: This validation token does not match our records!!!" . "<BR>";
return require_once __DIR__ . "/../../view/default/user/temppass.php";
}
} else {
if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['email']) && $_GET['email'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) {
$tempPass = phpsec\AdvancedPasswordManagement::tempPassword($_GET['user']);
$message = "Please open the following link in order to complete the process:\n";
$message .= \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=" . $_GET['mode'] . "&verification=" . $tempPass . "\n\n\n";
$message .= "Sometimes the email ends up in the Spam folder. So also please check your spam folder in case you didn't receive the email.\n\n";
$message .= "If you did nothing to get this email, just ignore it.\n";
$message = wordwrap($message, 70, "\r\n");
$send = \mail($_GET['email'], "Authentication Email", $message, "FROM: " . "*****@*****.**");
if (!$send) {
$this->error .= "ERROR: Mail was not send!" . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/temppass.php";
} else {
return require_once __DIR__ . "/../../view/default/404.php";
}
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
return require_once __DIR__ . "/../../view/default/user/temppass.php";
}
}
function Handle($Request)
{
try {
$config = (require_once __DIR__ . "/../../config/config.php");
$userID = \phpsec\User::checkRememberMe();
if (!$userID) {
if (isset($_POST['submit'])) {
if (isset($_POST['user']) && $_POST['user'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") {
try {
$userID = $_POST['user'];
$userObj = phpsec\UserManagement::logIn($_POST['user'], $_POST['pass']);
} catch (phpsec\WrongPasswordException $e) {
if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
try {
new phpsec\AdvancedPasswordManagement($_POST['user'], $_POST['pass'], TRUE);
} catch (phpsec\BruteForceAttackDetectedException $ex) {
\phpsec\User::lockAccount($_POST['user']);
$this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
}
}
$this->error .= "Incorrect Username/Password combination!" . "<BR>";
return require_once __DIR__ . "/../../view/default/user/login.php";
} catch (phpsec\UserAccountInactive $e) {
$userEmail = phpsec\User::getPrimaryEmail($_POST['user']);
$activationLink = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $userEmail;
$this->error .= "ERROR: The account is inactive. Please activate your account by clicking <a href=\"{$activationLink}\">here</a>." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/login.php";
}
if (isset($_POST['remember-me']) && $_POST['remember-me'] == "on") {
if (phpsec\HttpRequest::isHTTPS()) {
phpsec\User::enableRememberMe($_POST['user']);
} else {
phpsec\User::enableRememberMe($_POST['user'], FALSE, TRUE);
}
}
} else {
$this->error .= "Empty fields are not allowed. Please fill the required areas." . "<BR>";
}
} else {
return require_once __DIR__ . "/../../view/default/user/login.php";
}
}
$userSession = new phpsec\Session();
try {
$sessionID = $userSession->existingSession();
if ($sessionID) {
$userSessionID = $userSession->rollSession();
} else {
$userSessionID = $userSession->newSession($userID);
}
$userObj = phpsec\UserManagement::forceLogIn($userID);
if ($userObj->isPasswordExpired()) {
$this->info .= "Its been too long since you have changed your password. For security reasons, please change your password." . "<BR>";
}
$url_to_redirect = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/user/index";
header("HTTP/1.1 302 Found");
header('Location: ' . $url_to_redirect);
} catch (\phpsec\SessionExpired $e) {
$this->error .= $e->getMessage() . "<BR>";
phpsec\User::deleteAuthenticationToken();
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/login.php";
}
