function content($page, $count = 0) { global $langmessage, $menu, $message, $prefix, $out; $out = ""; if ($message != "") { $out .= "<div class=\"LNE_message\">" . $message . "</div>\n"; } switch ($_GET['do']) { case "search": $out .= "<h2 class=\"LNE_title\">{$langmessage['66']}</h2>\n"; search(true); break; case "profile": $out .= profile(); break; case "sitemap": $out .= showsitemap($langmessage, 1); break; case "login": $out .= loginform(); break; default: $result = dbquery('SELECT * FROM ' . $prefix . 'paginas WHERE page="' . $page . '"'); $row = fetch_array($result); if ($row['restricted'] != 0 && $row['restricted'] > $_SESSION['adminlevel']) { $out .= restrictedpage($row['restricted']); } else { $out .= markers(stripslashes(html_entity_decode($row['content']))); } } print $out; }
function getgroupdevice($login,$pass,$typedata) { if (($login!='') and ($pass!='') and ($typedata!='')) { include("support.php"); $id_user = loginform($login,$pass); if ($id_user!='') { switch ($typedata) { case 'all': //get all user group $sql = "SELECT * FROM groupdevice WHERE id_user_group='$id_user_group'"; $result = mysql_query($sql,$db); break; case 'one': //get user group by id if ($id_group!='') { $sql = "SELECT * FROM groupdevice WHERE id_user_group='$id_user_group' and id_group='$id_group'"; $result = mysql_query($sql,$db); } break; } } } return $result; }
function getuserdevice($login,$pass,$typedata) { if (($login!='') and ($pass!='') and ($typedata!='')) { include("support.php"); $id_user = loginform($login,$pass); if ($id_user!='') { switch ($typedata) { case 'all': //get all user device $sql = "SELECT * FROM lightpoint_device WHERE id_user='******'"; $result = mysql_query($sql,$db); break; case 'group': //get user device by group if ($id_group!='') { $sql = "SELECT * FROM lightpoint_device WHERE id_user="******" and id_group_device=".$id_group.""; $result = mysql_query($sql,$db); } break; case 'bygroup': //get all group by user $sql = "SELECT * FROM lightpoint_device WHERE id_user="******" ORDER BY id_group_device"; $result = mysql_query($sql,$db); break; } } } return $result; }
function senddata($data, $loginform = false) { ?> <html> <head> <link rel="stylesheet" type="text/css" href="../style.css"> <title>YaCE 3 - User Control Panel</title> </head> <body> <div id="login"> <?php echo $data; if ($loginform) { echo loginform(); } ?> </div></body></html> <?php flush(); }
<? include("bd.php"); $login = trim(htmlspecialchars(stripslashes($_GET['log']))); $pass = trim(htmlspecialchars(stripslashes($_GET['pass']))); $id_group = trim(htmlspecialchars(stripslashes($_GET['id_group']))); $typedata = trim(htmlspecialchars(stripslashes($_GET['typedata']))); $data = trim(htmlspecialchars(stripslashes($_GET['data']))); if (($login!='') and ($pass!='') and ($typedata!='') and ($data!='') and ($id_group!='')) { include("support.php"); $id_user_group = loginform($login,$pass); if ($id_user_group !='') { $sql = ""; switch($typedata) { case 'azimut': $sql = "UPDATE groupdevice SET azimut='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'"; break; case 'photosensor': $sql = "UPDATE groupdevice SET photosensor='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'"; break; case 'bright_white': $sql = "UPDATE groupdevice SET bright_white='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'"; break; case 'bright_red': $sql = "UPDATE groupdevice SET bright_red='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'";
function handle_auth() { if (isset($_REQUEST['rtcsdp'])) { webrtc_handle_auth(); exit; } $state = isset($_REQUEST['state']) ? $_REQUEST['state'] : NULL; $error_page = OP_INDEX_PAGE; $response_mode = 'query'; try { if (!isset($_REQUEST['client_id'])) { throw new OidcException('invalid_request', 'no client'); } // check client id $client = db_get_client($_REQUEST['client_id']); if (!$client) { throw new OidcException('unauthorized_client', 'Client ID not found'); } if (isset($_REQUEST['redirect_uri'])) { if (!is_valid_registered_redirect_uri($client['redirect_uris'], $_REQUEST['redirect_uri'])) { throw new OidcException('invalid_request', 'no matching redirect_uri'); } } else { throw new OidcException('invalid_request', 'no redirect_uri in request'); } $error_page = $_REQUEST['redirect_uri']; $response_mode = get_response_mode($_REQUEST); if (!isset($_REQUEST['response_type'])) { throw new OidcException('invalid_request', 'no response_type'); } $response_types = explode(' ', $_REQUEST['response_type']); $known_response_types = array('code', 'token', 'id_token'); if (count(array_diff($response_types, $known_response_types))) { throw new OidcException('invalid_response_type', "Unknown response_type {$_REQUEST['response_type']}"); } if (ENABLE_PKCE) { if (in_array('code', $response_types)) { if (!isset($_REQUEST['code_challenge'])) { throw new OidcException('invalid_request', 'code challenge required'); } if (isset($_REQUEST['code_challenge_method'])) { if (!in_array($_REQUEST['code_challenge_method'], array('plain', 'S256'))) { throw new OidcException('invalid_request', "unsupported code challenge method {$_REQUEST['code_challenge_method']}"); } } } } if (!isset($_REQUEST['scope'])) { throw new OidcException('invalid_request', 'no scope'); } $scopes = explode(' ', $_REQUEST['scope']); if (!in_array('openid', $scopes)) { throw new OidcException('invalid_scope', 'no openid scope'); } if (in_array('token', $response_types) || in_array('id_token', $response_types)) { if (!isset($_REQUEST['nonce'])) { throw new OidcException('invalid_request', 'no nonce'); } } $_SESSION['get'] = $_GET; $request_uri = isset($_REQUEST['request_uri']) ? $_REQUEST['request_uri'] : NULL; $requested_userid = NULL; $requested_userid_display = NULL; $request_object = NULL; if ($request_uri) { $request_object = get_url($request_uri); if (!$request_object) { throw new OidcException('invalid_request', "Unable to fetch request file {$request_uri}"); } } elseif (isset($_REQUEST['request'])) { $request_object = $_REQUEST['request']; } if (isset($_GET['claims'])) { $_GET['claims'] = json_decode($_GET['claims'], true); $_REQUEST['claims'] = $_GET['claims']; } if (isset($request_object)) { $cryptoError = ''; $payload = decrypt_verify_jwt($request_object, $client, $cryptoError); if (!isset($payload)) { if ($cryptoError == 'error_decrypt') { throw new OidcException('invalid_request', 'Unable to decrypt request object'); } elseif ($cryptoError == 'error_sig') { throw new OidcException('invalid_request', 'Unable to verify request object signature'); } } else { if (isset($payload['claims']['id_token'])) { if (array_key_exists('sub', $payload['claims']['id_token']) && isset($payload['claims']['id_token']['sub']['value'])) { $requested_userid_display = $payload['claims']['id_token']['sub']['value']; $requested_userid = unwrap_userid($payload['claims']['id_token']['sub']['value']); if (!db_get_user($requested_userid)) { throw new OidcException('invalid_request', 'Unrecognized userid in request'); } } } $merged_req = array_merge($_GET, $payload); if (!array_key_exists('max_age', $merged_req) && $client['default_max_age']) { $merged_req['max_age'] = $client['default_max_age']; } if ($merged_req['max_age']) { $merged_req['claims']['id_token']['auth_time'] = array('essential' => true); } if ((!$merged_req['claims']['id_token'] || !array_key_exists('auth_time', $merged_req['claims']['id_token'])) && $client['require_auth_time']) { $merged_req['claims']['id_token']['auth_time'] = array('essential' => true); } if (!$merged_req['claims']['id_token'] || !array_key_exists('acr', $merged_req['claims']['id_token'])) { if ($merged_req['acr_values']) { $merged_req['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode(' ', $merged_req['acr_values'])); } elseif ($client['default_acr_values']) { $merged_req['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode('|', $client['default_acr_values'])); } } $_SESSION['rpfA'] = $merged_req; log_debug("rpfA = %s", print_r($_SESSION['rpfA'], true)); foreach (array('client_id', 'response_type', 'scope', 'nonce', 'redirect_uri') as $key) { if (!isset($payload[$key])) { log_error("missing %s in payload => %s", $key, print_r($payload, true)); } // throw new OidcException('invalid_request', 'Request Object missing required parameters'); } log_debug("payload => %s", print_r($payload, true)); foreach ($payload as $key => $value) { if (isset($_REQUEST[$key]) && strcmp($_REQUEST[$key], $value)) { log_debug("key : %s value:%s", $key, print_r($value, true)); throw new OidcException('invalid_request', "Request Object Param Values do not match request '{$key}' '{$_REQUEST[$key]}' != '{$value}'"); } } } } else { if (isset($_GET['id_token_hint'])) { $cryptoError = ''; $payload = decrypt_verify_jwt($_REQUEST['id_token_hint'], $client, $cryptoError); if (!isset($payload)) { if ($cryptoError == 'error_decrypt') { throw new OidcException('invalid_request', 'Unable to decrypt request object'); } elseif ($cryptoError == 'error_sig') { throw new OidcException('invalid_request', 'Unable to verify request object signature'); } } else { $requested_userid_display = $payload['sub']; $requested_userid = unwrap_userid($payload['sub']); if (!db_get_user($requested_userid)) { throw new OidcException('invalid_request', 'Unrecognized userid in ID Token'); } } } else { if (isset($_GET['claims']['id_token']['sub']['value'])) { $requested_userid_display = $_GET['claims']['id_token']['sub']['value']; $requested_userid = unwrap_userid($_GET['claims']['id_token']['sub']['value']); if (!db_get_user($requested_userid)) { throw new OidcException('invalid_request', "Unrecognized userid in ID Token"); } } else { if (isset($_GET['login_hint'])) { $principal = $_GET['login_hint']; $at = strpos($principal, '@'); if ($at !== false) { error_log("EMAIL\n"); if ($at != 0) { // XRI // process email address list($principal, $domain) = explode('@', $principal); error_log("==> principal = {$principal} domain = {$domain}"); $port_pos = strpos($domain, ':'); if ($port_pos !== false) { $domain = substr($domain, 0, $port_pos); } $domain_parts = explode('.', $domain); $server_parts = explode('.', OP_SERVER_NAME); // check to see domain matches $domain_start = count($domain_parts) - 1; $server_start = count($server_parts) - 1; $domain_match = true; for ($i = $domain_start, $j = $server_start; $i >= 0 && $j >= 0; $i--, $j--) { if (strcasecmp($domain_parts[$i], $server_parts[$j]) != 0) { $domain_match = false; } } if ($domain_match) { $requested_userid_display = $principal; $requested_userid = unwrap_userid($requested_userid_display); if (!db_get_user($requested_userid)) { $requested_userid_display = NULL; $requested_userid = NULL; } } else { throw new OidcException('invalid_request', 'Unrecognized email domain'); } } } else { // name only $requested_userid_display = $_GET['login_hint']; $requested_userid = unwrap_userid($requested_userid_display); if (!db_get_user($requested_userid)) { $requested_userid_display = NULL; $requested_userid = NULL; } } } } } if (!array_key_exists('max_age', $_REQUEST) && $client['default_max_age']) { $_REQUEST['max_age'] = $client['default_max_age']; } if ($_REQUEST['max_age']) { $_REQUEST['claims']['id_token']['auth_time'] = array('essential' => true); } if ((!$_REQUEST['claims']['id_token'] || !array_key_exists('auth_time', $_REQUEST['claims']['id_token'])) && $client['require_auth_time']) { $_REQUEST['claims']['id_token']['auth_time'] = array('essential' => true); } if (!$_REQUEST['claims']['id_token'] || !array_key_exists('acr', $_REQUEST['claims']['id_token'])) { if ($_REQUEST['acr_values']) { $_REQUEST['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode(' ', $_REQUEST['acr_values'])); } elseif ($client['default_acr_values']) { $_REQUEST['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode('|', $client['default_acr_values'])); } } $_SESSION['rpfA'] = $_REQUEST; } log_debug("prompt = %s", $_SESSION['rpfA']['prompt']); $prompt = $_SESSION['rpfA']['prompt'] ? explode(' ', $_SESSION['rpfA']['prompt']) : array(); $num_prompts = count($prompt); if ($num_prompts > 1 && in_array('none', $prompt)) { throw new OidcException('interaction_required', "conflicting prompt parameters {$_SESSION['rpfA']['prompt']}"); } if (in_array('none', $prompt)) { $showUI = false; } else { $showUI = true; } log_debug("num prompt = %d %s", $num_prompts, print_r($prompt, true)); if ($_SESSION['username']) { if (in_array('login', $prompt)) { echo loginform($requested_userid_display, $requested_userid, $client); exit; } if (isset($_SESSION['rpfA']['max_age'])) { if (time() - $_SESSION['auth_time'] > $_SESSION['rpfA']['max_age']) { if (!$showUI) { throw new OidcException('interaction_required', 'max_age exceeded and prompt set to none'); } echo loginform($requested_userid_display, $requested_userid, $client); exit; } } if ($requested_userid) { if ($_SESSION['username'] != $requested_userid) { if (!$showUI) { throw new OidcException('interaction_required', 'requested account is different from logged in account, no UI requested'); } else { echo loginform($requested_userid_display, $requested_userid, $client); exit; } } } if (in_array('consent', $prompt)) { echo confirm_userinfo(); exit; } if (!db_get_user_trusted_client($_SESSION['username'], $_REQUEST['client_id'])) { if (!$showUI) { throw new OidcException('interaction_required', 'consent needed and prompt set to none'); } echo confirm_userinfo(); } else { send_response($_SESSION['username'], true); } } else { if (!$showUI) { throw new OidcException('interaction_required', 'unauthenticated and prompt set to none'); } echo custom_loginform($requested_userid_display, $requested_userid, $client); } } catch (OidcException $e) { log_debug("handle_auth exception : %s", $e->getTraceAsString()); send_error($error_page, $e->error_code, $e->desc, NULL, $state, $response_mode); } catch (Exception $e) { log_debug("handle_auth exception : %s", $e->getTraceAsString()); send_error($error_page, 'invalid_request', $e->getMessage(), NULL, $state, $response_mode); } }
print_secure_content(); } else { if (!$_SESSION["logging"]) { $_SESSION["logging"] = true; loginform(); } else { if ($_SESSION["logging"]) { $number_of_rows = checkpass(); if ($number_of_rows == 1) { $_SESSION[user] = $_POST[userlogin]; $_SESSION[logged] = true; echo "<h1>you have loged in successfully</h1>"; print_secure_content(); } else { echo "wrong pawssword or username, please try again"; loginform(); } } } } function loginform() { echo "please enter your login information to proceed with our site"; echo "<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>"; echo "<input type='submit' >"; echo "<h3><a href='registerform.php'>register now!</a></h3>"; } function checkpass() { $dbHost = getenv('OPENSHIFT_MYSQL_DB_HOST'); //Get host from OpenShift
/** * Account does not exist - show both the login and register forms * * @param string $msg message to display if one is needed * @return string HTML for form * */ function defaultform($msg) { global $LANG04, $_CONF; $retval = ''; if (!empty($msg)) { $retval .= COM_showMessageText($msg, $LANG04[21], false, 'info'); } $retval .= loginform(true); if ($_CONF['disable_new_user_registration'] == FALSE) { $retval .= newuserform(); } $retval .= getpasswordform(); return $retval; }
function content() { global $pagenum, $selected, $message, $menu, $set, $langmessage, $LNEversion, $out, $prefix; if ($message != "") { $out .= "<div class=\"LNE_message\">" . $message . "</div>\n"; } if ($_SESSION['adminlevel'] > 3) { $out .= adminmenu(); } switch ($_GET['do']) { case "search": $out .= "<h2 class=\"LNE_title\">{$langmessage['66']}</h2>\n"; $out .= search(); break; case "register": if ($set['gzip']) { $out .= register(); } break; case "addons": $out .= addons(); break; case "create": $out .= create_page(); break; case "database": $out .= query(); break; case "delete": delete_page(); break; case "edit": print $out; $out = ""; editpage(); break; case "editextra": print $out; $out = ""; extras(); break; case "editmenu": $out .= editmenu(); break; case "login": $out .= loginform(); break; case "plugins": $out .= plugins(); break; case "profile": if ($_SESSION[$set['password']] == "1") { $out .= profile(); } break; case "query": $out .= query(); break; case "settings": $out .= settings(); break; case "setup": $out .= setup(); break; case "sitemap": $out .= showsitemap($langmessage, 0); break; case "users": $out .= users(); break; default: $addons = fetch_all(dbquery("SELECT * FROM " . $prefix . "addons WHERE active=1")); $found = false; foreach ($addons as $addon) { if ($_GET['do'] == $addon['name'] && $_SESSION['adminlevel'] >= $addon['adminlevel']) { require_once "addons/" . $addon['name'] . "/admin.php"; $out .= $addon['aname'](); $found = true; break; } } if (!$found) { $result = dbquery("SELECT * FROM " . $prefix . "paginas WHERE page=\"" . $pagenum . "\""); if ($row = fetch_array($result)) { if ($row['restricted'] != 0 && $row['restricted'] > $_SESSION['adminlevel']) { $out .= restrictedpage($row['restricted']); } else { $contnt = html_entity_decode(stripslashes($row['content'])); showcontent($contnt); } } else { $result = dbquery("SELECT * FROM " . $prefix . "paginas WHERE page=\"index\""); if ($row = fetch_array($result)) { $contnt = html_entity_decode(stripslashes($row['content'])); showcontent($contnt); } else { $out .= "<h2>{$langmessage['116']}</h2>\n"; } } foreach ($addons as $addon) { if (strpos($contnt, "%!\$" . $addon['name']) && $addon['header'] == 1) { require_once "addons/" . $addon['name'] . "/header.php"; } } } } }
?> <?php if (isset($_SESSION["logging"]) && isset($_SESSION["logged"])) { print_secure_content($pdo); } else { if (!isset($_SESSION["logging"])) { $_SESSION["logging"] = true; loginform($pdo); } else { if (isset($_SESSION["logging"])) { $number_of_rows = checkpass($pdo); if ($number_of_rows >= 1) { @($_SESSION[user] = @$_POST[userlogin]); @($_SESSION[logged] = true); print_secure_content($pdo); } else { loginform($pdo); if ($number_of_rows == 0 && isset($_POST["userlogin"]) && isset($_POST["password"])) { echo "wrong password or username, please try again<br>"; } } } } } ?> <?php include_once 'footer.php';
generatetabform("index.php", "Main"); generatetabform("index.php", "ViewCoursebudgets"); generatetabform("index.php", "personalView"); generatetabform("index.php", "ManageUsers"); generatetabform("index.php", "ManageCourses"); generatetabform("index.php", "ManageCoursesPerPeriod"); generatetabform("index.php", "ladokView"); } else { // // Login // echo '<header>'; echo "<div id='bgDiv'><img id='background-img' class='bg' src='./images/Sven_Logo_192.png' alt=''></div>"; echo "<a href='index.php' title='Start' class='logoLink'></a>"; echo '</header>'; echo '<div id="content">'; echo '<div class="clearfix"></div>'; if (isset($_COOKIE['theme'])) { //Cookies are enabled loginform("index.php", "Login är signatur", "Login"); //Login form if (isset($_POST['loginFail'])) { echo "<h2>Fel signatur eller lösenord.</h2>"; } } echo '</div>'; } echo '<footer>'; echo "</footer>"; echo "</body>"; echo "</html>";
/*$page = $_SERVER['HTTP_REFERER']; $sec = "0.1"; header("Refresh: $sec; url=$page");*/ define('LOGINED', "1"); define('LEVEL', $seldataArray['level']); define_array($seldataArray['level'], json_decode($seldataArray['allow'], true), "ALLOW"); define('ADMINLOGIN', $seldataArray['login']); define('ADMINID', $seldataArray['id']); $Ilog = array('login' => ADMINLOGIN, 'type' => 'authorize', 'action' => 'authorize', 'message' => "Авторизация " . ADMINLOGIN . " c IP:" . $_SERVER["REMOTE_ADDR"] . " BROWSER:" . $_SERVER['HTTP_USER_AGENT']); $dataMySQL->Insert($Ilog, DB_PREFIX . "logs"); } else { $content .= loginform($_POST, "<h3 style='color:red;'>Неверный логин или пароль</h3>"); define('LOGINED', "0"); $Ilog = array('login' => $_POST['user'], 'type' => 'authorize', 'action' => 'unauthorize', 'message' => "Неудачная попытка авторизации " . $_POST['user'] . " c паролем " . $_POST['pass'] . " IP:" . $_SERVER["REMOTE_ADDR"] . " BROWSER:" . $_SERVER['HTTP_USER_AGENT']); $dataMySQL->Insert($Ilog, DB_PREFIX . "logs"); } } else { $content .= loginform($_POST); define('LOGINED', "0"); } } if ($_GET['page'] == 'logout') { setcookie("user", "", time() - 360000, "/"); setcookie("bypass", "", time() - 360000, "/"); $sec = "0.1"; header("Refresh: {$sec}; url=/admin.php"); } if (!LOGINED) { define('LOGINED', "0"); } unset($seldataArray);