incl('confirm_code');
confirm_code(Flight::request());
});
Flight::route('/confirmations', function () {
method_not_allowed();
});
Flight::route('POST /confirmations/new', function () {
incl('new_confirm_code');
new_confirm_code(Flight::request());
});
Flight::route('/confirmations/new', function () {
method_not_allowed();
});
Flight::route('POST /sessions', function () {
incl('create_session');
create_session(Flight::request());
});
Flight::route('DELETE /sessions', function () {
incl('delete_session');
delete_session(Flight::request());
});
Flight::route('/sessions', function () {
method_not_allowed();
});
Flight::route('POST /programming_languages', function () {
incl('create_programming_language');
create_programming_language(Flight::request());
});
Flight::route('GET /programming_languages', function () {
incl('get_programming_languages');
get_programming_languages(Flight::request());
function login($users, $passwords, $user, $password)
{
if (verify_password($users, $passwords, $user, $password)) {
create_session();
$login_log[count($login_log)] = [date("Y-m-d H-i-s")];
}
}
function login($email, $password)
{
if (check_password($email, $password)) {
return create_session(user_id($email));
} else {
return false;
}
}
/**
* Get the ID of the currently active member.
* It see's if the session exists / cookie is valid -- and gets the member id accordingly
*
* @param boolean Whether to just do a quick check, don't establish new sessions
* @return MEMBER The member requesting this web page (possibly the guest member - which strictly speaking, is not a member)
*/
function get_member($quick_only = false)
{
global $SESSION_CACHE, $MEMBER_CACHED, $GETTING_MEMBER, $SITE_INFO;
if ($MEMBER_CACHED !== NULL) {
$GETTING_MEMBER = false;
return $MEMBER_CACHED;
}
// If lots of aging sessions, clean out
reset($SESSION_CACHE);
if (count($SESSION_CACHE) > 50 && $SESSION_CACHE[key($SESSION_CACHE)]['last_activity'] < time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
delete_expired_sessions_or_recover();
}
// Try via backdoor that someone with full server access can place
$backdoor_ip_address = mixed();
// Enable to a real IP address to force login from FTP access (if lost admin password)
if (array_key_exists('backdoor_ip', $SITE_INFO)) {
$backdoor_ip_address = $SITE_INFO['backdoor_ip'];
}
if (is_string($backdoor_ip_address) && get_ip_address() == $backdoor_ip_address) {
require_code('users_active_actions');
$MEMBER_CACHED = restricted_manually_enabled_backdoor();
// Will have created a session in here already
return $MEMBER_CACHED;
}
if ($GETTING_MEMBER) {
if (!isset($GLOBALS['FORUM_DRIVER'])) {
return db_get_first_id();
}
// :S
return $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
$GETTING_MEMBER = true;
global $FORCE_INVISIBLE_GUEST;
if ($FORCE_INVISIBLE_GUEST) {
$GETTING_MEMBER = false;
if (!isset($GLOBALS['FORUM_DRIVER'])) {
fatal_exit(do_lang_tempcode('INTERNAL_ERROR'));
}
$MEMBER_CACHED = $GLOBALS['FORUM_DRIVER']->get_guest_id();
return $MEMBER_CACHED;
}
$member = NULL;
$cookie_bits = explode(':', str_replace('|', ':', get_member_cookie()));
$base = $cookie_bits[0];
// Try by session
$session = get_session_id();
if ($session != -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
$ip = get_ip_address(3);
// I hope AOL can cope with this
$allow_unbound_guest = true;
// Note: Guest sessions are not IP bound
$member_row = NULL;
if ($SESSION_CACHE !== NULL && array_key_exists($session, $SESSION_CACHE) && $SESSION_CACHE[$session] !== NULL && array_key_exists('the_user', $SESSION_CACHE[$session]) && (get_option('ip_strict_for_sessions') == '0' || $SESSION_CACHE[$session]['ip'] == $ip || is_guest($SESSION_CACHE[$session]['the_user']) && $allow_unbound_guest || $SESSION_CACHE[$session]['session_confirmed'] == 0 && !is_guest($SESSION_CACHE[$session]['the_user'])) && $SESSION_CACHE[$session]['last_activity'] > time() - 60 * 60 * max(1, intval(get_option('session_expiry_time')))) {
$member_row = $SESSION_CACHE[$session];
}
if ($member_row !== NULL && (!array_key_exists($base, $_COOKIE) || !is_guest($member_row['the_user']))) {
$member = $member_row['the_user'];
if ($member !== NULL && time() - $member_row['last_activity'] > 10) {
//$GLOBALS['SITE_DB']->query_update('sessions',array('last_activity'=>time(),'the_zone'=>get_zone_name(),'the_page'=>get_page_name()),array('the_session'=>$session),'',1); Done in get_page_title now
$SESSION_CACHE[$session]['last_activity'] = time();
if (get_value('session_prudence') !== '1') {
persistant_cache_set('SESSION_CACHE', $SESSION_CACHE);
}
}
global $SESSION_CONFIRMED;
$SESSION_CONFIRMED = $member_row['session_confirmed'];
if (get_forum_type() == 'ocf') {
$GLOBALS['FORUM_DRIVER']->ocf_flood_control($member);
}
if (!is_guest($member) && $GLOBALS['FORUM_DRIVER']->is_banned($member)) {
warn_exit(do_lang_tempcode('USER_BANNED'));
}
// Test this member still exists
if ($GLOBALS['FORUM_DRIVER']->get_username($member) === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
}
if (array_key_exists($base, $_COOKIE)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
}
} else {
require_code('users_inactive_occasionals');
set_session_id(-1);
}
}
if ($member === NULL && get_session_id() == -1 && get_param_integer('keep_force_htaccess', 0) == 0) {
// Try by cookie (will defer to forum driver to authorise against detected cookie)
require_code('users_inactive_occasionals');
$member = try_cookie_login();
// Can forum driver help more directly?
if (method_exists($GLOBALS['FORUM_DRIVER'], 'get_member')) {
$member = $GLOBALS['FORUM_DRIVER']->get_member();
}
}
// Try via additional login providers. They can choose whether to respect existing $member of get_session_id() settings. Some may do an account linkage, so we need to let them decide what to do.
$hooks = find_all_hooks('systems', 'login_providers');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/login_providers/' . $hook);
$ob = object_factory('Hook_login_provider_' . $hook);
$member = $ob->try_login($member);
}
// Guest or banned
if ($member === NULL) {
$member = $GLOBALS['FORUM_DRIVER']->get_guest_id();
$is_guest = true;
} else {
$is_guest = is_guest($member);
}
// If we are doing a very quick init, bomb out now - no need to establish session etc
global $SITE_INFO;
if ($quick_only) {
$GETTING_MEMBER = false;
return $member;
}
// If one of the try_* functions hasn't actually created the session, call it here
$session = get_session_id();
if ($session == -1) {
require_code('users_inactive_occasionals');
create_session($member);
}
// If we are logged in, maybe do some further processing
if (!$is_guest) {
// Is there a su operation?
$ks = get_param('keep_su', '');
if ($ks != '') {
require_code('users_inactive_occasionals');
$member = try_su_login($member);
}
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if ($ob === NULL) {
continue;
}
$ob->run(false, NULL, $member);
// false means "not a new login attempt"
}
}
// Ok we have our answer
$MEMBER_CACHED = $member;
$GETTING_MEMBER = false;
// We call this to ensure any HTTP-auth specific code has a chance to run
is_httpauth_login();
return $member;
}
<?php
require_once "libraries/lib.php";
$uname = esc($_POST['uname']);
$upass = esc($_POST['upass']);
if (strlen(trim($uname)) > 0 && strlen(trim($upass)) > 0) {
$user_id = validate_credentials();
if ($user_id > 0) {
create_session($user_id);
}
header("Location: index.php?op=dashboard");
}
function handle_facebook_connection_login($current_logged_in_member)
{
if (!class_exists('ocp_tempcode')) {
return NULL;
}
if (is_guest($current_logged_in_member)) {
$current_logged_in_member = NULL;
// We are not a normal cookie login so ocPortal has loaded up a Guest session already in the expectation of keeping it. Unsetting it will force a rebind (existing session may be reused though)
require_code('users_inactive_occasionals');
set_session_id(-1);
}
// If already session-logged-in onto a Facebook account, don't bother doing anything
if (!is_null($current_logged_in_member) && $GLOBALS['FORUM_DRIVER']->get_member_row_field($current_logged_in_member, 'm_password_compat_scheme') == 'facebook') {
return $current_logged_in_member;
}
// Who is this user, from Facebook's point of view?
global $FACEBOOK_CONNECT;
$facebook_uid = $FACEBOOK_CONNECT->getUser();
if (is_null($facebook_uid)) {
return $current_logged_in_member;
}
try {
$details = $FACEBOOK_CONNECT->api('/me');
} catch (Exception $e) {
return $current_logged_in_member;
}
$details2 = $FACEBOOK_CONNECT->api('/me', array('fields' => 'picture', 'type' => 'normal'));
if (!is_array($details) || !is_array($details2)) {
return $current_logged_in_member;
}
$details = array_merge($details, $details2);
if (!isset($details['name'])) {
return $current_logged_in_member;
}
$username = $details['name'];
$photo_url = array_key_exists('picture', $details) ? $details['picture'] : '';
if (is_array($photo_url)) {
$photo_url = $photo_url['data']['url'];
}
if ($photo_url != '') {
$photo_url = 'http://graph.facebook.com/' . strval($facebook_uid) . '/picture?type=large';
// In case URL changes
}
$avatar_url = $photo_url == '' ? mixed() : $photo_url;
$photo_thumb_url = '';
if ($photo_url != '') {
$photo_thumb_url = $photo_url;
}
$email_address = array_key_exists('email', $details) ? $details['email'] : '';
$timezone = mixed();
if (isset($details['timezone'])) {
require_code('temporal');
$timezone = convert_timezone_offset_to_formal_timezone($details['timezone']);
}
$language = mixed();
if (isset($details['locale'])) {
$language = strtoupper($details['locale']);
}
if ($language !== NULL) {
if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
$language = preg_replace('#\\_.*$#', '', $language);
if (!file_exists(get_custom_file_base() . '/lang_custom/' . $language)) {
$language = '';
}
}
}
$dob = array_key_exists('birthday', $details) ? $details['birthday'] : '';
$dob_day = mixed();
$dob_month = mixed();
$dob_year = mixed();
if ($dob != '') {
$_dob = explode('/', $dob);
$dob_day = intval($_dob[1]);
$dob_month = intval($_dob[0]);
$dob_year = intval($_dob[2]);
}
// See if they have logged in before - i.e. have a synched account
$member_row = $GLOBALS['FORUM_DB']->query_select('f_members', array('*'), array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), 'ORDER BY id DESC', 1);
$member = array_key_exists(0, $member_row) ? $member_row[0]['id'] : NULL;
if (is_guest($member)) {
$member = NULL;
}
/*if (!is_null($member)) // Useful for debugging
{
require_code('ocf_members_action2');
ocf_delete_member($member);
$member=NULL;
}*/
// If logged in before using Facebook, see if they've changed their name or email or timezone on Facebook -- if so, try and update locally to match
if (!is_null($member)) {
if (!is_null($current_logged_in_member) && $current_logged_in_member !== NULL && !is_guest($current_logged_in_member) && $current_logged_in_member != $member) {
return $current_logged_in_member;
}
// User has an active login, and the Facebook account is bound to a DIFFERENT login. Take precedence to the other login that is active on top of this
$last_visit_time = $member[0]['m_last_visit_time'];
if ($timezone !== NULL) {
if (tz_time(time(), $timezone) == tz_time(time(), $member[0]['m_timezone_offset'])) {
$timezone = $member[0]['m_timezone_offset'];
}
// If equivalent, don't change
}
$test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $username));
if (!is_null($test)) {
$update_map = array('m_username' => $username, 'm_dob_day' => $dob_day, 'm_dob_month' => $dob_month, 'm_dob_year' => $dob_year);
if ($email_address != '') {
$update_map['m_email_address'] = $email_address;
}
if ($avatar_url !== NULL && ($test == '' || strpos($test, 'facebook') !== false || strpos($test, 'fbcdn') !== false)) {
if ($timezone !== NULL) {
$update_map['m_timezone_offset'] = $timezone;
}
$update_map['m_avatar_url'] = $avatar_url;
$update_map['m_photo_url'] = $photo_url;
$update_map['m_photo_thumb_url'] = $photo_thumb_url;
}
$GLOBALS['FORUM_DB']->query_update('f_members', $update_map, array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => strval($facebook_uid)), '', 1);
if ($username != $member[0]['m_username']) {
// Fix cacheing for usernames
$to_fix = array('f_forums/f_cache_last_username', 'f_posts/p_poster_name_if_guest', 'f_topics/t_cache_first_username', 'f_topics/t_cache_last_username');
foreach ($to_fix as $fix) {
list($table, $field) = explode('/', $fix);
$GLOBALS['FORUM_DB']->query_update($table, array($field => $username), array($field => $member[0]['m_username']));
}
}
}
}
// Not logged in before using Facebook, so we need to create an account, or bind to the active ocPortal login if there is one
$in_a_sane_place = get_page_name() != 'login' && (running_script('index') || running_script('execute_temp'));
// If we're in some weird script, or the login module UI, it's not a sane place, don't be doing account creation yet
if (is_null($member) && $in_a_sane_place) {
// Bind to existing ocPortal login?
if (!is_null($current_logged_in_member)) {
/*if (post_param_integer('associated_confirm',0)==0) Won't work because Facebook is currently done in JS and cookies force this. If user wishes to cancel they must go to http://www.facebook.com/settings?tab=applications and remove the app, then run a lost password reset.
{
$title=get_page_title('LOGIN_FACEBOOK_HEADER');
$message=do_lang_tempcode('LOGGED_IN_SURE_FACEBOOK',escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)));
$middle=do_template('YESNO_SCREEN',array('TITLE'=>$title,'TEXT'=>$message,'HIDDEN'=>form_input_hidden('associated_confirm','1'),'URL'=>get_self_url_easy()));
$tpl=globalise($middle,NULL,'',true);
$tpl->evaluate_echo();
exit();
}*/
$GLOBALS['FORUM_DB']->query_update('f_members', array('m_password_compat_scheme' => 'facebook', 'm_pass_hash_salted' => $facebook_uid), array('id' => $current_logged_in_member), '', 1);
require_code('site');
require_lang('facebook');
attach_message(do_lang_tempcode('FACEBOOK_ACCOUNT_CONNECTED', escape_html(get_site_name()), escape_html($GLOBALS['FORUM_DRIVER']->get_username($current_logged_in_member)), array(escape_html($username))), 'inform');
return $current_logged_in_member;
}
// If we're still here, we have to create a new account...
// -------------------------------------------------------
$completion_form_submitted = post_param('email_address', '') != '';
// If there's a conflicting username, we may need to change it (suffix a number)
require_code('ocf_members_action2');
$username = get_username_from_human_name($username);
// Ask ocP to finish off the profile from the information presented in the POST environment (a standard mechanism in ocPortal, for third party logins of various kinds)
require_lang('ocf');
require_code('ocf_members');
require_code('ocf_groups');
require_code('ocf_members2');
require_code('ocf_members_action');
$_custom_fields = ocf_get_all_custom_fields_match(ocf_get_all_default_groups(true), NULL, NULL, NULL, 1);
if (!$completion_form_submitted && count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
$GLOBALS['FACEBOOK_FINISHING_PROFILE'] = true;
$middle = ocf_member_external_linker_ask($username, 'facebook', $email_address, $dob_day, $dob_month, $dob_year);
$tpl = globalise($middle, NULL, '', true);
$tpl->evaluate_echo();
exit;
} else {
$username = post_param('username', $username);
if (count($_custom_fields) != 0 && get_value('no_finish_profile') !== '1') {
// Was not auto-generated, so needs to be checked
ocf_check_name_valid($username, NULL, NULL);
}
$member = ocf_member_external_linker($username, $facebook_uid, 'facebook', false, $email_address, $dob_day, $dob_month, $dob_year, $timezone, $language, $avatar_url, $photo_url, $photo_thumb_url);
}
}
if (!is_null($member)) {
require_code('users_inactive_occasionals');
create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
// This will mark it as confirmed
}
return $member;
}
$username = from($_REQUEST, 'username');
$email = from($_REQUEST, 'email');
$password = from($_REQUEST, 'password');
if (account_exists($email)) {
redirect('/register?error=Account already exists');
}
account_create($email, $username, $password);
redirect('/login?success=Account created, you can now login');
});
get('/logout', function () {
destroy_session();
redirect();
});
get('/regenerate', function () {
if (logged_in()) {
create_session(user_email());
}
redirect();
});
// Apply
// --------------------------------------------------------------------------------
get('/apply', function () {
redirect();
});
get('/apply/:position', function ($position) {
$p = p_item($position, true);
if (isset($p)) {
render('apply', array('head_title' => 'Apply', 'p' => $p));
} else {
render('err404', null, false);
}
function login()
{
//login
$url = "http://ec2-52-32-172-4.us-west-2.compute.amazonaws.com/Token";
$fields = array('grant_type' => "password", 'username' => $_POST["form-email"], 'password' => $_POST["pswd"]);
$fields_string = "";
foreach ($fields as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
rtrim($fields_string, '&');
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, count($fields));
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
//echo $result;
//exit();
$msg = json_decode($result);
//login the user
if ($code == "200") {
$response = array($code, $result, $msg->accountType);
//custom_handler_init();
//return $status;
session_start();
session_set_cookie_params(3600 * 24 * 365);
create_session($msg);
return $response;
} else {
$response = array($code, $msg->error_description);
echo $msg->error_description . " " . $code;
//exit;
header("Location: login.php?login=true&error=" . urlencode($msg->error_description . " Error code" . $code));
}
}
#
#} else {
$conn = connect();
$user = $_POST['USER'];
// make the string safe
$pass = md5($_POST['PASS']);
#$pass = $_POST['PASS'];
$result = select($conn, "*", "users", "username='******' AND password='******'");
mysql_close($conn);
while ($row = mysql_fetch_assoc($result)) {
// User provided proper credentials
echo "<pre>";
print_r($row);
echo "</pre>";
if ($row['username'] == $user) {
destroy_session($user);
// if user is logging in twice w/o logging out
create_session($user, $row['user_type'], $row['last_name'], $row['uid']);
if ($row['user_type'] == 1) {
header('Location: pages/dr_participants.php');
} else {
if ($row['user_type'] == 0) {
header('Location: pages/p_day.php');
}
}
exit;
}
}
// user failed to log in
echo "\n<DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 3.2//EN\">\n<HEAD>\n<TITLE>fb4ho</TITLE>\n</HEAD>\t\n<BODY BGCOLOR=WHITE>\n<TABLE ALIGN=\"CENTER\">\n<TR><TD>\n<IMG SRC='title.gif' WIDTH=500px HEIGHT=100px/>\n</TD></TR>\n<TR><TD>\n<H2> Login Failed! </H2>\n<a href=\"index.php\">Back</a>\n</TD></TR>\n</TABLE>\n</BODY>";
exit;
<?php
include "opentape_common.php";
check_cookie();
if (is_logged_in()) {
header("Location: " . $REL_PATH . "code/edit.php");
}
if (!empty($_POST['pass'])) {
$res = check_password($_POST['pass']);
if ($res === true) {
error_log("Password OK, creating session...");
$res = create_session();
if ($res === true) {
header("Location: " . $REL_PATH . "code/edit.php");
} elseif ($res == -1) {
// failed to check password due to some filesystem issue
header("Location: " . $REL_PATH . "code/warning.php");
}
} elseif ($res === false) {
$status_msg = 'Bad Password :(';
} elseif ($res == -1) {
// failed to check password due to some filesystem issue
header("Location: " . $REL_PATH . "code/warning.php");
}
}
// check for new versions once a week
$prefs_struct = get_opentape_prefs();
// 604800 = week in seconds
if ((!isset($prefs_struct['check_updates']) || $prefs_struct['check_updates'] == 1) && (!isset($prefs_struct['last_update_check']) || time() - $prefs_struct['last_update_check'] > 604800)) {
$prefs_struct = check_for_update();
if ($prefs_struct === false) {
/**
* Standard login provider hook.
*
* @param ?MEMBER Member ID already detected as logged in (NULL: none). May be a guest ID.
* @return ?MEMBER Member ID now detected as logged in (NULL: none). May be a guest ID.
*/
function try_login($member)
{
// Some kind of OpenID provider
try {
require_code('openid');
require_code('developer_tools');
if (!isset($_REQUEST['openid_mode'])) {
if (array_key_exists('openid_identifier', $_POST)) {
destrictify();
$openid = new LightOpenID();
$openid->identity = $_POST['openid_identifier'];
$openid->required = array('namePerson/friendly', 'namePerson', 'contact/email', 'birthDate', 'pref/language', 'media/image/default');
header('Location: ' . $openid->authUrl());
exit;
}
} elseif ($_GET['openid_mode'] == 'cancel') {
destrictify();
require_code('site');
require_code('site2');
attach_message('You cancelled your OpenID login, so you are not logged into the site.', 'inform');
} else {
destrictify();
$openid = new LightOpenID();
if ($openid->validate()) {
$attributes = $openid->getAttributes();
// If member already existed, no action needed - just create a session to existing record
$member = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_password_compat_scheme' => 'openid', 'm_pass_hash_salted' => $openid->identity));
if (!is_null($member)) {
require_code('users_inactive_occasionals');
create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
// This will mark it as confirmed
return $member;
}
require_code('ocf_members');
require_code('ocf_groups');
require_lang('ocf');
if (running_script('index') || running_script('execute_temp')) {
require_code('ocf_members_action');
require_code('ocf_members_action2');
$email = '';
if (array_key_exists('contact/email', $attributes)) {
$email = $attributes['contact/email'];
}
$username = $openid->identity;
// Yuck, we'll try and build on this
if (array_key_exists('namePerson/friendly', $attributes)) {
$username = $attributes['namePerson/friendly'];
} elseif (array_key_exists('namePerson', $attributes)) {
$username = $attributes['namePerson'];
} elseif ($email != '') {
$username = substr($email, 0, strpos($email, '@'));
}
if ($username != '') {
$_username = $username;
$i = 1;
do {
$test = $GLOBALS['FORUM_DB']->query_value_null_ok('f_members', 'id', array('m_username' => $_username));
if (!is_null($test)) {
$i++;
$_username = $username . ' (' . strval($i) . ')';
}
} while (!is_null($test));
$username = $_username;
}
$dob = '';
if (array_key_exists('birthDate', $attributes)) {
$dob = $attributes['birthDate'];
}
$dob_day = mixed();
$dob_month = mixed();
$dob_year = mixed();
if ($dob != '') {
$dob_bits = explode('-', $dob);
$dob_day = intval($dob_bits[2]);
$dob_month = intval($dob_bits[1]);
$dob_year = intval($dob_bits[0]);
}
$language = mixed();
if (array_key_exists('pref/language', $attributes)) {
if (file_exists(get_file_base() . '/lang_custom/' . $attributes['pref/language'])) {
$language = $attributes['pref/language'];
}
}
require_code('config2');
set_option('maximum_password_length', '1000');
$member = ocf_member_external_linker($username, $openid->identity, 'openid', false, $email, $dob_day, $dob_month, $dob_year, NULL, $language);
$avatar = '';
if (array_key_exists('media/image/default', $attributes)) {
$avatar = $attributes['media/image/default'];
}
ocf_member_choose_avatar($avatar, $member);
}
if (!is_null($member)) {
require_code('users_inactive_occasionals');
create_session($member, 1, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
// This will mark it as confirmed
}
} else {
require_code('site');
require_code('site2');
attach_message('An unknown error occurred during OpenID login.', 'warn');
}
}
} catch (ErrorException $e) {
require_code('site');
require_code('site2');
attach_message($e->getMessage(), 'warn');
}
return $member;
}
/**
* Process a login.
*
* @param ID_TEXT Username
*/
function handle_active_login($username)
{
global $SESSION_CACHE;
$result = array();
$member_cookie_name = get_member_cookie();
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$serialized = true;
} else {
$real_member_cookie = get_member_cookie();
$base = $real_member_cookie;
$real_pass_cookie = get_pass_cookie();
$serialized = false;
}
$password = trim(post_param('password'));
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login($username, NULL, apply_forum_driver_md5_variant($password, $username), $password);
$member = $login_array['id'];
// Run hooks, if any exist
$hooks = find_all_hooks('systems', 'upon_login');
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/upon_login/' . filter_naughty($hook));
$ob = object_factory('upon_login' . filter_naughty($hook), true);
if (is_null($ob)) {
continue;
}
$ob->run(true, $username, $member);
// true means "a new login attempt"
}
if (!is_null($member)) {
$remember = post_param_integer('remember', 0);
// Create invisibility cookie
if (array_key_exists(get_member_cookie() . '_invisible', $_COOKIE) || $remember == 1) {
$invisible = post_param_integer('login_invisible', 0);
ocp_setcookie(get_member_cookie() . '_invisible', strval($invisible));
$_COOKIE[get_member_cookie() . '_invisible'] = strval($invisible);
}
// Store the cookies
if ($remember == 1) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
// Create user cookie
if (method_exists($GLOBALS['FORUM_DRIVER'], 'forum_create_cookie')) {
$GLOBALS['FORUM_DRIVER']->forum_create_cookie($member, NULL, $password);
} else {
if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
$name = $GLOBALS['FORUM_DRIVER']->get_username($member);
if ($serialized) {
$result[$real_member_cookie] = $name;
} else {
ocp_setcookie(get_member_cookie(), $name, false, true);
$_COOKIE[get_member_cookie()] = $name;
}
} else {
if ($serialized) {
$result[$real_member_cookie] = $member;
} else {
ocp_setcookie(get_member_cookie(), strval($member), false, true);
$_COOKIE[get_member_cookie()] = strval($member);
}
}
// Create password cookie
if (!$serialized) {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
ocp_setcookie(get_pass_cookie(), apply_forum_driver_md5_variant($password, $username), false, true);
} else {
ocp_setcookie(get_pass_cookie(), $password, false, true);
}
} else {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
$result[$real_pass_cookie] = apply_forum_driver_md5_variant($password, $username);
} else {
$result[$real_pass_cookie] = $password;
}
$_result = serialize($result);
ocp_setcookie($base, $_result, false, true);
}
}
}
// Create session
require_code('users_inactive_occasionals');
create_session($member, 1, post_param_integer('login_invisible', 0) == 1);
} else {
$GLOBALS['SITE_DB']->query_insert('failedlogins', array('failed_account' => substr(trim(post_param('login_username')), 0, 80), 'date_and_time' => time(), 'ip' => get_ip_address()));
$count = $GLOBALS['SITE_DB']->query_value_null_ok_full('SELECT COUNT(*) FROM ' . get_table_prefix() . 'failedlogins WHERE date_and_time>' . strval(time() - 60 * 15) . ' AND ' . db_string_equal_to('ip', get_ip_address()));
if ($count > 30) {
log_hack_attack_and_exit('BRUTEFORCE_LOGIN_HACK');
}
}
}
ini_set('session.cookie_lifetime', 0);
// ini_set('session.cookie_secure', 1); only on https
ini_set('session.cookie_httponly', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cache_expire', 30);
ini_set('default_socket_timeout', 60);
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', 256);
ini_set('session.gc_maxlifetime', 2678400);
session_set_cookie_params(0);
session_start();
// Reset session variables in case stuff changed
if (logged_in()) {
if (account_exists(user_email())) {
create_session(user_email(), false);
} else {
destroy_session();
}
}
function destroy_session()
{
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
if (isset($_COOKIE['login'])) {
unset($_COOKIE['login']);
setcookie('login', '', time() - 3600, '/');
}
session_unset();
echo '{"status":false,"command":"' . $command . '","debug":"You must authenticate."}';
exit;
}
//error_log ("$command - " . print_r($args,1));
if (isset($args['password1']) && !strcmp($args['password1'], $args['password2']) && !strcmp($command, "create_password")) {
// don't allow people to set password using this method once the file exists
if (is_password_set()) {
echo '{"status":false,"command":"' . $command . '","debug":"The password is already configured, login to change it."}';
}
if (set_password($args['password1'])) {
// proceed to next step, nothing here really...
} else {
echo '{"status":false,"command":"' . $command . '","debug":""}';
exit;
}
if (create_session()) {
echo '{"status":true,"command":"create_password","debug":""}';
} else {
echo '{"status":false,"command":"' . $command . '","debug":""}';
}
} elseif (isset($args['password1']) && !strcmp($args['password1'], $args['password2']) && !strcmp($command, "change_password")) {
if (set_password($args['password1'])) {
echo '{"status":true,"command":"' . $command . '","debug":""}';
} else {
echo '{"status":false,"command":"' . $command . '","debug":""}';
}
} elseif (!strcmp($command, "rename")) {
if (get_magic_quotes_gpc()) {
$_POST['artist'] = stripslashes($_POST['artist']);
$_POST['title'] = stripslashes($_POST['title']);
}
function foreignagent_handler($path_tail, $data)
{
log_message('info', "[hypergrid] foreignagent_handler called");
$data = decodedata($data);
$config =& get_config();
$userid = $path_tail[0];
log_message('info', "foreign_agent called for {$userid} with {$data}");
$osd = decode_recursive_json($data);
if ($osd == null) {
log_message('error', sprintf('[hypergrid] failed to decode foreignagent json string %s', $data));
sendresponse(false, 'failed to decode foreignagent string');
}
$dest_x = $osd['destination_x'];
$dest_y = $osd['destination_y'];
if ($dest_x == null) {
$dest_x = 0;
}
if ($dest_y == null) {
$dest_y = 0;
}
$caps_path = $osd['caps_path'];
$username = $osd['first_name'] . ' ' . $osd['last_name'];
$circuit_code = $osd['circuit_code'];
$session_id = $osd['session_id'];
$secure_session_id = $osd['secure_session_id'];
$service_session_id = $osd['service_session_id'];
$start_pos = $osd['start_pos'];
$appearance = $osd['packed_appearance'];
//$service_urls['HomeURI'] = $osd['service_urls'][1];
//$service_urls['GatekeeperURI'] = $osd['service_urls'][3];
//$service_urls['InventoryServerURI'] = $osd['service_urls'][5];
//$service_urls['AssetServerURI'] = $osd['service_urls'][7];
if (isset($osd['client_ip'])) {
$client_ip = $osd['client_ip'];
} else {
log_message('info', '[hypergrid] no client ip specified in foreignagent request');
$client_ip = null;
}
if (empty($osd['destination_uuid'])) {
header("HTTP/1.1 400 Bad Request");
echo "missing destination_uuid";
exit;
}
$dest_uuid = $osd['destination_uuid'];
$scene = lookup_scene_by_id($dest_uuid);
if ($scene == null) {
header("HTTP/1.1 400 Bad Request");
echo "invalid destination uuid";
exit;
}
$dest_name = $scene->Name;
$homeuri = $osd['serviceurls']['HomeURI'];
// $username = $osd['first_name'] . ' ' . $osd['last_name'] . '@' . $service_urls['HomeURI'];
$username = $osd['first_name'] . ' ' . $osd['last_name'];
log_message('info', "[hypergrid] check user name {$username} with homeuri {$homeuri}");
if ($homeuri != $config['hypergrid_uri']) {
$username = $username . '@' . $homeuri;
hg_register_user($userid, $username, $homeuri);
}
$extradata = null;
if ($client_ip != null) {
$extradata = array('ClientIP' => $client_ip);
}
log_message('info', "[hypergrid] create session for {$username}");
create_session($userid, $session_id, $secure_session_id, $extradata);
$result = create_opensim_presence_full($scene->Address, $dest_name, $dest_uuid, $dest_x, $dest_y, $userid, $circuit_code, $username, $appearance, $session_id, $secure_session_id, $start_pos, $caps_path, $client_ip, $osd['serviceurls'], 1073741824, $service_session_id, $seedCaps);
sendresponse($result, 'no reason given');
}
function foreignagent_handler($path_tail, $data)
{
log_message('debug', "server method is " . $_SERVER['REQUEST_METHOD']);
$userid = $path_tail[0];
log_message('info', "foreign_agent called for {$userid} with {$data}");
$osd = decode_recursive_json($data);
$dest_x = $osd['destination_x'];
$dest_y = $osd['destination_y'];
if ($dest_x == null) {
$dest_x = 0;
}
if ($dest_y == null) {
$dest_y = 0;
}
$caps_path = $osd['caps_path'];
$username = $osd['first_name'] . ' ' . $osd['last_name'];
$circuit_code = $osd['circuit_code'];
$session_id = $osd['session_id'];
$secure_session_id = $osd['secure_session_id'];
$service_session_id = $osd['service_session_id'];
$start_pos = $osd['start_pos'];
$appearance = $osd['wearables'];
if (isset($osd['attachments'])) {
$attachments = $osd['attachments'];
} else {
$attachments = array();
}
$service_urls['HomeURI'] = $osd['service_urls'][1];
$service_urls['GatekeeperURI'] = $osd['service_urls'][3];
$service_urls['InventoryServerURI'] = $osd['service_urls'][5];
$service_urls['AssetServerURI'] = $osd['service_urls'][7];
$client_ip = $osd['client_ip'];
$dest_uuid = $osd['destination_uuid'];
$dest_name = $osd['destination_name'];
if ($dest_uuid == null || $dest_name == null) {
header("HTTP/1.1 400 Bad Request");
echo "missing destination_name and/or destination_uuid";
exit;
}
$scene = lookup_scene_by_id($dest_uuid);
$username = $osd['first_name'] . ' ' . $osd['last_name'] . '@' . $service_urls['HomeURI'];
bump_user($userid, $username, "{$username}@HG LOLOL");
create_session($userid, $session_id, $secure_session_id);
$result = create_opensim_presence_full($scene->Address, $dest_name, $dest_uuid, $dest_x, $dest_y, $userid, $circuit_code, $username, $appearance, $attachments, $session_id, $secure_session_id, $start_pos, $caps_path, $client_ip, $service_urls, 1073741824, $service_session_id);
echo "{'success': {$result}, 'reason': 'no reason set lol', 'your_ip': '" . $_SERVER['REMOTE_ADDR'] . "'}";
exit;
}
/**
* Do a cookie login.
*
* @return MEMBER Logged in member (NULL: no login happened)
*/
function try_cookie_login()
{
$member = NULL;
// Preprocess if this is a serialized cookie
$member_cookie_name = get_member_cookie();
$bar_pos = strpos($member_cookie_name, '|');
$colon_pos = strpos($member_cookie_name, ':');
if ($colon_pos !== false) {
$base = substr($member_cookie_name, 0, $colon_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $colon_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $colon_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
secure_serialized_data($the_cookie, array());
$unserialize = @unserialize($the_cookie);
if (is_array($unserialize)) {
if (array_key_exists($real_member_cookie, $unserialize)) {
$the_member = $unserialize[$real_member_cookie];
if (get_magic_quotes_gpc()) {
$the_member = addslashes(@strval($the_member));
}
$_COOKIE[get_member_cookie()] = $the_member;
}
if (array_key_exists($real_pass_cookie, $unserialize)) {
$the_pass = $unserialize[$real_pass_cookie];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
}
} elseif ($bar_pos !== false) {
$base = substr($member_cookie_name, 0, $bar_pos);
if (array_key_exists($base, $_COOKIE) && $_COOKIE[$base] != '') {
$real_member_cookie = substr($member_cookie_name, $bar_pos + 1);
$real_pass_cookie = substr(get_pass_cookie(), $bar_pos + 1);
$the_cookie = $_COOKIE[$base];
if (get_magic_quotes_gpc()) {
$the_cookie = stripslashes($_COOKIE[$base]);
}
$cookie_contents = explode('||', $the_cookie);
$the_member = $cookie_contents[intval($real_member_cookie)];
if (get_magic_quotes_gpc()) {
$the_member = addslashes($the_member);
}
$_COOKIE[get_member_cookie()] = $the_member;
$the_pass = $cookie_contents[intval($real_pass_cookie)];
if (get_magic_quotes_gpc()) {
$the_pass = addslashes($the_pass);
}
$_COOKIE[get_pass_cookie()] = $the_pass;
}
}
if (array_key_exists(get_member_cookie(), $_COOKIE) && array_key_exists(get_pass_cookie(), $_COOKIE)) {
$store = $_COOKIE[get_member_cookie()];
$pass = $_COOKIE[get_pass_cookie()];
if (get_magic_quotes_gpc()) {
$store = stripslashes($store);
$pass = stripslashes($pass);
}
if ($GLOBALS['FORUM_DRIVER']->is_cookie_login_name()) {
$username = $store;
$store = strval($GLOBALS['FORUM_DRIVER']->get_member_from_username($store));
} else {
$username = $GLOBALS['FORUM_DRIVER']->get_username(intval($store));
}
$member = intval($store);
if (!is_guest($member)) {
if ($GLOBALS['FORUM_DRIVER']->is_hashed()) {
// Test password hash
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, $pass, $pass, true);
$member = $login_array['id'];
} else {
// Test password plain
$login_array = $GLOBALS['FORUM_DRIVER']->forum_authorise_login(NULL, $member, apply_forum_driver_md5_variant($pass, $username), $pass, true);
$member = $login_array['id'];
}
if (!is_null($member)) {
global $IS_A_COOKIE_LOGIN;
$IS_A_COOKIE_LOGIN = true;
create_session($member, 0, isset($_COOKIE[get_member_cookie() . '_invisible']) && $_COOKIE[get_member_cookie() . '_invisible'] == '1');
}
}
}
return $member;
}
</style>
</head>
<body>
<div class="container">
<?php
if (session("login") && session("yetki") == 1) {
require_once "nav.php";
} else {
if ($_POST) {
$username = post("username");
$password = md5(post("password"));
if (checkLogin($username, $password)) {
$session = array("login" => true, "yetki" => 1);
create_session($session);
echo '<div class="alert alert-success" role="alert">Login success...</div>';
go(ADMIN_URL);
} else {
echo '<div class="alert alert-danger" role="alert">Wrong username or password!</div>';
}
}
?>
<div class="row" style="padding-top: 15%;">
<!-- Login -->
<div class="col-md-8">
</div>
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h4>Management Login</h4>
function control_access($nom_script, $infos_login, $id_session, $bd)
{
//recherche la session
$session_courante = get_session($id_session, $bd);
//cas 1: la session existe, on verifie sa validite
if (is_object($session_courante)) {
// la session existe, est-elle valide?
if (is_valid_session($session_courante, $bd)) {
// on renvoie l'objet session
return $session_courante;
} else {
echo "<B> Your session is not (or no longer) valid.<P></B>\n";
}
}
// Cas 2.a: La session n'existe pas mais un login et pwd ont ete fournis
if (isset($infos_login['visitor_login']) & isset($infos_login['visitor_pwd'])) {
// Les login/pwd sont-ils corrects?
if (create_session($bd, $infos_login['visitor_login'], $infos_login['visitor_pwd'], $id_session)) {
// on renvoie l'object session
return get_session($id_session, $bd);
} else {
echo "<B> Identification failed.<P></B>\n";
}
}
// Cas 2.b: La session n'existe pas
// et il faut afficher le formulaire d'identification
LoginForm($nom_script);
}
function valid_admin()
{
global $U;
if (isset($_REQUEST['session'])) {
check_session();
} elseif (isset($_REQUEST['nick']) && isset($_REQUEST['pass'])) {
create_session(true);
}
if (isset($U['status'])) {
if ($U['status'] >= 7) {
return true;
}
send_access_denied();
}
return false;
}
<?php
/***********************************************
DAVE PHP API
https://github.com/evantahler/PHP-DAVE-API
Evan Tahler | 2011
I am an example function to view a user.
If "this" user is viewing (indicated by propper password hash along with another key, all data is shown), otherwise, just basic info is returned.
I contain example useage of the session functions
***********************************************/
if ($ERROR == 100) {
$AuthResp = AuthenticateUser();
if ($AuthResp[0] !== true) {
$ERROR = $AuthResp[1];
$OUTPUT['LOGIN'] = "******";
} else {
$ReturnedUser = $AuthResp[1];
$OUTPUT['LOGIN'] = "******";
$OUTPUT['SessionKey'] = create_session();
$SessionData = array();
$SessionData["login_time"] = time();
$userData = $ReturnedUser;
foreach ($userData as $k => $v) {
$SessionData[$k] = $v;
}
update_session($OUTPUT['SessionKey'], $SessionData);
$OUTPUT['SESSION'] = get_session_data($OUTPUT['SessionKey']);
}
}
mcrypt_module_close($mc);
$debugtrace .= '<br>check2 hash';
$hash = hash_hmac($hmac_algo, session_id() . $_SESSION['expires'] . $data, $k);
if ($_SESSION['expires'] < time() || $_SESSION['hash'] != $hash) {
$debugdata .= '<br>>>cs2 expire=' . ($_SESSION['expires'] < time() ? 't' : 'f') . ' hash=' . ($_SESSION['hash'] != $hash ? 't' : 'f') . '(expirecomp=' . $_SESSION['expires'] . ' vs ' . time() . ' | hashcomp=' . $_SESSION['hash'] . ' vs ' . $hash . ' )';
$debugtrace .= '<br>check2 createonfail';
create_session();
} else {
$debugtrace .= '<br>check2 success';
$session_data = json_decode($data, true);
}
}
if ($session_data['ip'] != $_SERVER['REMOTE_ADDR'] || $session_data['ua'] != substr($_SERVER['HTTP_USER_AGENT'], 0, 64)) {
$debugdata .= '<br>>>cs3 ip=' . ($session_data['ip'] != $_SERVER['REMOTE_ADDR'] ? 't' : 'f') . ' ua=' . ($session_data['ua'] != substr($_SERVER['HTTP_USER_AGENT'], 0, 64) ? 't' : 'f') . '(ipcomp=' . $session_data['ip'] . ' vs ' . $_SERVER['REMOTE_ADDR'] . ' | uacomp=' . $session_data['ua'] . ' vs ' . substr($_SERVER['HTTP_USER_AGENT'], 0, 64) . ' )';
$debugtrace .= '<br>check3 createonfail';
create_session();
} else {
$debugtrace .= '<br>check3 success';
save_session();
}
if (strlen($debugdata) > 0) {
$debugdata = '>>>Session Debug Start<<<<br><br>sessionname=' . $session_name . '<br>lifetime=' . $lifetime . '<br>path=' . $path . '<br>domain=' . $domain . '<br>secure=' . ($secure ? 't' : 'f') . '<br>httponly=' . ($httponly ? 't' : 'f') . '<br>hmacalgo=' . $hmac_algo . '<br>expire=' . $expire_time . '<br>sk=' . $sk . '<br>loginurl=' . $login_uri . '<br>uri=' . full_url($_SERVER) . '<br>sid=' . session_id() . '<br><br><pre>session=' . print_r($_SESSION, true) . '</pre><br><br><pre>sessiondata=' . print_r($session_data, true) . '</pre><br>' . $debugdata;
}
$debugtrace .= '<br>>>>TRACE END<<<';
if (!isset($session_data['loggedin'])) {
$debugdata .= '<br>>>notloggedin';
$session_data['loggedin'] = false;
}
if ($session_data['loggedin'] == false && substr($_SERVER['REQUEST_URI'], 0, strlen($login_uri)) != $login_uri) {
$debugdata .= '<br>>>redirect (uricomp=' . substr($_SERVER['REQUEST_URI'], 0, strlen($login_uri)) . ' vs ' . $login_uri . ')';
if ($session_debug === true) {
function do_login($username = NULL, $password = NULL, $force_login = FALSE)
{
global $auth_settings;
destroy_expired_sessions();
$session_key = $_COOKIE[$auth_settings['cookie_name']];
$username = trim($username);
// Check for session if forced login not specified
if ($force_login != TRUE) {
$login_id = session_key_to_login_id($session_key);
if ($login_id !== FALSE) {
//echo "Session detected!\n<br>";
return $login_id;
}
} else {
// Destroy any prior session on a forced login
destroy_session($session_key);
}
if (is_null($username)) {
$username = $_POST['username'];
}
if (is_null($password)) {
$password = $_POST['password'];
}
// Don't allow logins for locked out accounts
$lo = check_lockout($username);
if ($lo != 0) {
auth_lockout(NULL, NULL, $username);
return -1;
}
// Authenticate credentials and take lockout actions as required
$login_id = authenticate_user($username, $password);
if ($login_id > 0) {
create_session(NULL, $login_id);
return $login_id;
} else {
destroy_session($session_key);
// Good user name, bad password
if ($login_id == -1) {
auth_lockout(NULL, NULL, $username);
}
// Bad user name
if ($login_id == -2) {
auth_lockout();
}
return -2;
}
return -255;
}
