function login($data, $ip) { //separate data if ($obs = json_decode($data, true)) { //sanitization $user = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['n']), ENT_QUOTES, "utf-8"); $pw = htmlentities(preg_replace("/[^a-zA-Z ]*/", "", $obs['p']), ENT_QUOTES, "utf-8"); //retrieve pass and id from DB $res = json_decode(processLogin($user), true); $dbPass = $res[0]['password']; $id = $res[0]['userId']; //hash entered password $cPass = hashPass($pw); //compare hashed pws if ($cPass == $dbPass) { //generate token $token = createToken($ip, $id); //set cookie to token value $time = time() + 86400 / 2; setcookie("token", $token, $time, "/"); session_start(); setLoginData($_SESSION['user_id'], $user); return 1; } else { setcookie("token", " ", time() - 1); return -1; } } else { return -1; } }
function processInput() { // Checking if any iput was made if (isset($_POST['inputType'])) { // Copying to better vars $inputType = $_POST['inputType']; // Taking action based on input type switch ($inputType) { case 'privateresource': processPrivateResource(); break; case 'login': processLogin(); break; case 'editprivateresource': processEditPrivateResource(); break; default: $errors[] = "Stop messing with the HTML!"; break; } } }
<?php ini_set('display_errors', 'On'); session_start(); require "./db_connect.php"; if (array_key_exists("email_address", $_POST) && array_key_exists("password", $_POST)) { if (isset($_POST['email_address']) && isset($_POST['password'])) { echo processLogin($_POST['email_address'], $_POST['password'], $mysqli); } } else { echo "didnt work<br>"; } function processLogin($input_email, $input_pwd, $mysqli) { $retval = NULL; $result = 0; $email_address_clean = mysqli_real_escape_string($mysqli, $input_email); $password_clean = mysqli_real_escape_string($mysqli, $input_pwd); $dbquery = "\n\t\tSELECT email_address, first_name, last_name, balance\n\t\tFROM usr_db\n\t\tWHERE email_address='" . $email_address_clean . "' \n \t\tAND pass='******'"; //prepare if (!($stmt = $mysqli->prepare($dbquery))) { echo "Falied to prepare query (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } //execute if (!$stmt->execute()) { echo "Falied to execute query (" . $mysqli->connect_errno . ") " . $mysqli->connect_error; } //bind if (!$stmt->bind_result($db_email, $db_fname, $db_lname, $db_balance)) { echo "Falied to bind parameters (" . $mysqli->connect_errno . ") </p>" . $mysqli->connect_error; }
reorganization... */ session_start(); //error_reporting(E_ALL); //ini_set('display_errors', '2'); require './lib/constants.php'; require 'functions.php'; $resid = 0; $page = ""; $errormessage = ""; $message = ""; if (isset($_POST['page']) && $_POST['page'] == "login") { $id = $_POST['id']; $password = $_POST['pass']; $resid = $_POST['resid']; $userq = processLogin($id, $password); $error = 0; if (getConfigVar("use_ldap")) { if (mysql_num_rows($userq) == 0) { $error = RES_ERROR_LOGIN_USER_PASS; $errormessage = "Incorrect user name or password<br><br>"; } } else { if (mysql_num_rows($userq) == 0) { $error = RES_ERROR_LOGIN_NO_USER; $errormessage = "No such user id<br><br>"; } else { $row = mysql_fetch_assoc($userq); if ($row['password'] != encrypt($password)) { $error = RES_ERROR_LOGIN_USER_PASS; $errormessage = "Incorrect user name or password<br><br>";
<li><a href="UserData.php">User Data</a></li> <li><a href="FriendData.php">Friend Data</a></li--> </ul> </div> </div> <hr> <h2>Login</h2> <br> <?php //connect to kate and database. $err = ""; if (isset($_POST['submitLogin'])) { processLogin($connection); } else { showLogin($err, $connection); } function showLogin($err, $connection) { echo "<form action = 'Login.php' method='POST'>\n \n <legend><p><b>Sign in</b></p></legend>\n <p>{$err}</p>\n <p>Username: <input type = 'text' name ='username'></p>\n\n <p>Password: <input type = 'password' name ='password'><br></p>\n\n \n\n <input type='submit' name='submitLogin' value = 'Login'>\n \n </form>"; } function processLogin($connection) { $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); $checkUsername = "******"; $result = mysqli_query($connection, $checkUsername); if (mysqli_num_rows($result) != 0) { $checkPassword = "******";
pwOutPut(); exit; } $userId = $weiboLoginService->fetchBoundUser($sessionInfo['sessiondata']['platformSessionId']); if (!$userId) { Showmsg('使用' . $loginWay['accountTitle'] . '自动登录失败,请重试'); } $userService = L::loadClass('UserService', 'user'); /* @var $userService PW_UserService */ if (!$userService->get($userId)) { $userBindService = L::loadClass('WeiboUserBindService', 'sns/weibotoplatform/service'); /* @var $userBindService PW_WeiboUserBindService */ $userBindService->unbind($userId, $type); Showmsg('用户在站点已删除,请重试'); } list($winduid, $groupid, $windpwd, $showmsginfo) = processLogin($userId); require_once file_exists(D_P . "data/groupdb/group_{$groupid}.php") ? Pcv(D_P . "data/groupdb/group_{$groupid}.php") : D_P . "data/groupdb/group_1.php"; Loginipwrite($winduid); if (GetCookie('o_invite') && $db_modes['o']['ifopen'] == 1) { list($o_u, $hash, $app) = explode("\t", GetCookie('o_invite')); if (is_numeric($o_u) && strlen($hash) == 18) { require_once R_P . 'require/o_invite.php'; } } $jumpurl = isset($sessionInfo['sessiondata']['httpReferer']) ? $sessionInfo['sessiondata']['httpReferer'] : $db_bfn; //passport if ($db_pptifopen && $db_ppttype == 'server' && ($db_ppturls || $forward)) { $tmp = $jumpurl; $jumpurl = $forward ? $forward : $db_ppturls; $forward = $tmp; //TODO 这里面有obheader,用到$action
<?php require_once 'header.php'; require_once '../classes/User.php'; session_start(); if (isset($_SESSION['email'])) { header("Location: welcome.php"); } if (!isset($_POST['login'])) { outputLoginForm(""); } else { $errorMessage = processLogin(); if ($errorMessage) { outputLoginForm($errorMessage); } else { header("Location: welcome.php"); } } function processLogin() { if (empty($_POST['email']) || empty($_POST['passwd'])) { return "fill all the values"; //return errormessage } else { $user = User::getUserFromDatabase($_POST['email'], $_POST['passwd']); if ($user) { $_SESSION['userId'] = $user->mId; $_SESSION['email'] = $user->mEmail; $_SESSION['firstName'] = $user->mFirstName; return; } else {
require './lib/constants.php'; require 'functions.php'; $resid = 0; $page = ""; $errormessage = ""; $message = ""; if(isset($_POST['page']) && $_POST['page'] == "login"){ $id = $_POST['id']; $password = $_POST['pass']; $resid = $_POST['resid']; $userq = processLogin($id); $error = 0; if(mysql_num_rows($userq)==0){ $error = RES_ERROR_LOGIN_NO_USER; $errormessage = "No such user id<br><br>"; }else{ $row = mysql_fetch_assoc($userq); if($row['password'] != encrypt($password)){ $error = RES_ERROR_LOGIN_USER_PASS;
<?php require_once 'header.php'; require_once 'menubar.php'; require_once 'connection.php'; require_once 'classes/User.php'; session_start(); if (isset($_SESSION['email'])) { header("Location: start.php"); } if (!isset($_POST['login'])) { outputLoginForm(""); } else { $errorMessage = processLogin($conn); if ($errorMessage) { outputLoginForm($errorMessage); } else { header("Location: start.php"); } } function processLogin($connection) { if (empty($_POST['email']) || empty($_POST['passwd'])) { return "fill all the values"; //return errormessage } else { $user = User::getUserFromDatabase($_POST['email'], $_POST['passwd']); if ($user) { $_SESSION['email'] = $user->mEmail; $_SESSION['firstName'] = $user->mFirstName; return; } else {
/*************************************************************** * Check to see if users IP is authorized to view the ASP ***************************************************************/ if (!checkIpAuth($cfg->get('admin_hosts'))) { die("<font color='red'>ERROR:</font> You are NOT Authorised to access this Page!"); } /*************************************************************** * Import database class ***************************************************************/ include 'includes/db/class.database.php'; $DB = new Database($cfg->get('db_host'), $cfg->get('db_port'), $cfg->get('db_user'), $cfg->get('db_pass'), $cfg->get('db_name')); /*************************************************************** * Check for login / logout requests ***************************************************************/ if ($_POST['action'] == 'login') { processLogin(); } elseif ($_POST['action'] == 'logout' || $_GET['action'] == 'logout') { processLogout(); } /*************************************************************** * Check database version ***************************************************************/ $dbver = getDbVer(); if ($cfg->get('db_expected_ver') == $dbver) { $dbver_txt = $dbver; } else { $dbver_txt = "<font color=\"red\"><b>" . $dbver . "</b></font>"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
function processSignup($request, $provider) { //don't attempt to signup already logged in users if (MM_Utils::isLoggedIn()) { $loggedInUser = MM_Utils::getCurrentUser(); $redirectUrl = isset($request['redirect_url']) ? $request['redirect_url'] : MM_CorePageEngine::getUrl(MM_CorePageType::$MEMBER_HOME_PAGE, null, $loggedInUser); wp_redirect($redirectUrl); exit; } if (!$provider->allowsSignups()) { //configuration does not allow signups throw new Exception("Signups not allowed", "1001007"); } if (isset($request['membership_level'])) { $membershipLevel = trim($request['membership_level']); $membershipLevel = htmlentities($membershipLevel); if (!is_numeric($membershipLevel)) { //membership level was not passed as a valid id throw new Exception("Invalid Membership Level", "1001008"); } } else { $membershipLevel = $provider->getSignupMembershipLevel(); if (!is_numeric($membershipLevel) || $membershipLevel == 0) { //should never happen - default signup membership level is invalid throw new Exception("Invalid Default Membership Level", "1001009"); } } //ensure that if the chosen provider doesnt allow access to the email, and the provider is configured not to generate one, that one was supplied if ($provider->getEmailHandlingStrategy() == MM_AbstractSocialLoginExtension::$EMAIL_RETRIEVED_BY_POPUP && empty($request['email'])) { //email required but not supplied throw new Exception("No email supplied", "1001010"); } //Authenticate with the provider, and retrieve the remote user profile $authResponse = $provider->authenticate(); if (!MM_Response::isSuccess($authResponse)) { //error authenticating throw new Exception("Error authenticating with social network", "1001016"); } $profileResponse = $provider->getUserProfile(); if (!MM_Response::isSuccess($profileResponse)) { //retrievng profile failed throw new Exception("Unable to retrieve profile from social network", "1001011"); } $profile = $profileResponse->message; if (!isset($profile->identifier) || empty($profile->identifier)) { //invalid social network identifier returned throw new Exception("Invalid social network identifier", "1001012"); } //Populate memberinfo with the necessary member information, in the expected format $memberInfo = array(); $memberInfo["membership_level"] = $membershipLevel; if (isset($profile->firstName) && !empty($profile->firstName)) { $memberInfo['first_name'] = $profile->firstName; } if (isset($profile->lastName) && !empty($profile->lastName)) { $memberInfo['last_name'] = $profile->lastName; } $emailHandlingStrategy = $provider->getEmailHandlingStrategy(); if ($emailHandlingStrategy == MM_AbstractSocialLoginExtension::$EMAIL_RETRIEVED_BY_POPUP) { //TODO: sanitize email $memberInfo['email'] = $request['email']; } else { if ($emailHandlingStrategy == MM_AbstractSocialLoginExtension::$EMAIL_PROVIDED) { if (isset($profile->emailVerified) && !empty($profile->emailVerified)) { $memberInfo['email'] = $profile->emailVerified; } else { if (isset($profile->email) && !empty($profile->email)) { $memberInfo['email'] = $profile->email; } else { throw new Exception("Social Network provider was supposed to supply user email, but did not", "1001013"); } } } else { if ($emailHandlingStrategy == MM_AbstractSocialLoginExtension::$EMAIL_GENERATE_BOGUS_EMAIL) { $bogusUser = MM_Utils::createRandomString(8, true) . MM_Utils::createRandomString(24); //TODO: tag user portion of email with social network identifier $bogusDomain = "example.com"; $memberInfo['email'] = "{$bogusUser}@{$bogusDomain}"; } } } $socialSignupRequest = new MM_SocialLoginRequest($memberInfo); $response = $socialSignupRequest->submitRequest(); if (MM_Response::isSuccess($response)) { $newUser = $socialSignupRequest->getNewUser(); $provider->linkUserToSocialMediaAccount($newUser, $profile->identifier); $socialSignupRequest->completeSignup(); exit; } else { if (strpos($response->message, "already exists") !== false) { //the member signing up already exists, send them to login instead processLogin($request, $provider); exit; } throw new Exception($response->message, "1001014"); } //end signup block exit; }