/** * authenticate a username and password * * This function takes the given <var>$username</var> and <var>$password</var> and authenticates * them against the database. The passwords are encrypted using the crypt() function. * The username is stored in the <var>$_SESSION["pgv_user"]</var> session variable. * @param string $user_name the username for the user attempting to login * @param string $password the plain text password to test * @param boolean $basic true if the userName and password were retrived via Basic HTTP authentication. Defaults to false. At this point, this is only used for logging * @return the user_id if sucessful, false otherwise */ function authenticateUser($user_name, $password, $basic = false) { // If we were already logged in, log out first if (PGV_USER_ID) { userLogout(PGV_USER_ID); } if ($user_id = get_user_id($user_name)) { $dbpassword = get_user_password($user_id); if (crypt($password, $dbpassword) == $dbpassword) { if (get_user_setting($user_id, 'verified') == 'yes' && get_user_setting($user_id, 'verified_by_admin') == 'yes' || get_user_setting($user_id, 'canadmin') == 'Y') { set_user_setting($user_id, 'loggedin', 'Y'); //-- reset the user's session $_SESSION = array(); $_SESSION['pgv_user'] = $user_id; // show that they have logged in with their password $_SESSION['cookie_login'] = false; AddToLog(($basic ? "Basic HTTP Authentication" : "Login") . " Successful"); return $user_id; } } } AddToLog(($basic ? "Basic HTTP Authentication" : "Login") . " Failed ->" . $user_name . "<-"); return false; }
// MAIN if (isset($_POST['mode'])) { $mode = $_POST['mode']; } elseif (isset($_GET['mode'])) { $mode = $_GET['mode']; } else { $mode = ''; } $display = ''; $pageBody = ''; if (isset($_POST['cancel'])) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } switch ($mode) { case 'logout': $pageBody = userLogout(); break; case 'profile': case 'user': $pageBody .= userprofile(); break; case 'create': $pageBody .= createuser(); break; case 'getpassword': $pageBody .= _userGetpassword(); break; case 'newpwd': $pageBody .= _userNewpwd(); break; case 'setnewpwd':
dbQuery("UPDATE Groups SET Name=?, MonitorIds=? WHERE Id=?", array($_POST['newGroup']['Name'], $monitors, $_POST['gid'])); } else { dbQuery("INSERT INTO Groups SET Name=?, MonitorIds=?", array($_POST['newGroup']['Name'], $monitors)); } $refreshParent = true; $view = 'none'; } elseif ($action == "delete") { if (isset($_REQUEST['runState'])) { dbQuery("delete from States where Name=?", array($_REQUEST['runState'])); } if (isset($_REQUEST['markUids'])) { foreach ($_REQUEST['markUids'] as $markUid) { dbQuery("delete from Users where Id = ?", array($markUid)); } if ($markUid == $user['Id']) { userLogout(); } } if (!empty($_REQUEST['gid'])) { dbQuery("delete from Groups where Id = ?", array($_REQUEST['gid'])); if (isset($_COOKIE['zmGroup'])) { if ($_REQUEST['gid'] == $_COOKIE['zmGroup']) { unset($_COOKIE['zmGroup']); setcookie("zmGroup", "", time() - 3600 * 24 * 2); $refreshParent = true; } } } } } else { if (ZM_USER_SELF_EDIT && $action == "user") {
header("Content-type: text/html"); } else { header("Content-type: text/xml"); } $connection = connectDb(); $response = ""; logUserAction(); switch ($_REQUEST['command']) { case "check_login_status": $response = checkLoginStatus(); break; case "user_login": $response = userLogin($_REQUEST['user_name'], $_REQUEST['password']); break; case "user_logout": $response = userLogout(); break; case "get_comments": $response = getComments($_REQUEST['url']); break; case "new_comment": $response = newComment($_REQUEST['url'], $_REQUEST['content'], $_REQUEST['parent_id']); break; case "rate_comment": $response = rateComment($_REQUEST['comment_id'], $_REQUEST['up']); break; case "register_new_user": $response = registerNewUser($_REQUEST['user'], $_REQUEST['password'], $_REQUEST['email']); break; case "update_page_rating": $response = updatePageRating($_REQUEST['url'], $_REQUEST['url_parameter'], $_REQUEST['username'], $_REQUEST['title'], $_REQUEST['rating']);
} //controllers start here if (isset($_POST['sig_response'])) { if (function_exists('verifyDuoSign')) { if (!verifyDuoSign($_POST)) { $_GET['errorMsg'] = "duoFailed"; } } } elseif (!empty($_GET['passlink'])) { verifyPasscode($_GET['passlink'], 'link'); } elseif (!empty($_POST['passcode'])) { verifyPasscode($_POST); } elseif (!empty($_POST['email']) && !empty($_POST['password'])) { userLogin($_POST); } elseif (!empty($_GET['logout'])) { userLogout(true); } elseif (!empty($_POST['action']) && ($_POST['action'] == 'resetPasswordSendMail' || $_POST['action'] == 'resetPasswordChange')) { userLoginResetPassword($_POST); } elseif (!empty($_GET['view']) && $_GET['view'] == 'resetPasswordChange') { userLoginResetPassword($_GET); } //controllers ends here $min = '.min'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="robots" content="noindex"> <title>InfiniteWP</title> <link href='https://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
function checkUserLoggedIn() { $return = false; $userCookie = manageCookies::cookieGet('userCookie'); if ($userCookie != '') { list($userEmail, $userSlat) = explode('||', $userCookie); $userEmail = filterParameters($userEmail); if ($userEmail != '' && $userSlat != '') { $userInfo = DB::getRow("?:users", "userID,email,password", "email = '" . trim($userEmail) . "'"); $GLOBALS['userID'] = $userInfo['userID']; $GLOBALS['email'] = strtolower($userInfo['email']); $dbSlat = md5($GLOBALS['email'] . $userInfo['password']); if ($userSlat == $dbSlat) { $return = true; } } } if ($return == false) { userLogout(); } return $return; }
/** * logged in users * * prints a list of other users who are logged in */ function print_logged_in_users($block = true, $config = "", $side, $index) { global $pgv_lang, $PGV_SESSION_TIME, $TEXT_DIRECTION; $block = true; // Always restrict this block's height // Log out inactive users foreach (get_idle_users(time() - $PGV_SESSION_TIME) as $user_id => $user_name) { if ($user_id != PGV_USER_ID) { userLogout($user_id); } } // List active users $NumAnonymous = 0; $loggedusers = array(); foreach (get_logged_in_users() as $user_id => $user_name) { if (PGV_USER_IS_ADMIN || get_user_setting($user_id, 'visibleonline') == 'Y') { $loggedusers[$user_id] = $user_name; } else { $NumAnonymous++; } } $id = "logged_in_users"; $title = print_help_link("index_loggedin_help", "qm", "", false, true); $title .= $pgv_lang["users_logged_in"]; $content = "<table width=\"90%\">"; $LoginUsers = count($loggedusers); if ($LoginUsers == 0 and $NumAnonymous == 0) { $content .= "<tr><td><b>" . $pgv_lang["no_login_users"] . "</b></td></tr>"; } $Advisory = "anon_user"; if ($NumAnonymous > 1) { $Advisory .= "s"; } if ($NumAnonymous > 0) { $pgv_lang["global_num1"] = $NumAnonymous; // Make it visible $content .= "<tr><td><b>" . print_text($Advisory, 0, 1) . "</b></td></tr>"; } $Advisory = "login_user"; if ($LoginUsers > 1) { $Advisory .= "s"; } if ($LoginUsers > 0) { $pgv_lang["global_num1"] = $LoginUsers; // Make it visible $content .= "<tr><td><b>" . print_text($Advisory, 0, 1) . "</b></td></tr>"; } if (PGV_USER_ID) { foreach ($loggedusers as $user_id => $user_name) { $content .= "<tr><td><br />" . PrintReady(getUserFullName($user_id)) . " - " . $user_name; if (PGV_USER_ID != $user_id && get_user_setting($user_id, 'contactmethod') != "none") { $content .= "<br /><a href=\"javascript:;\" onclick=\"return message('" . $user_id . "');\">" . $pgv_lang["message"] . "</a>"; } $content .= "</td></tr>"; } } $content .= "</table>"; global $THEME_DIR; if ($block) { require $THEME_DIR . 'templates/block_small_temp.php'; } else { require $THEME_DIR . 'templates/block_main_temp.php'; } }
static function _usersLoggedInTotal($type = 'all') { global $PGV_SESSION_TIME; foreach (get_idle_users(time() - $PGV_SESSION_TIME) as $user_id => $user_name) { if ($user_id != PGV_USER_ID) { userLogout($user_id); } } $anon = 0; $visible = 0; $x = get_logged_in_users(); foreach ($x as $user_id => $user_name) { if (PGV_USER_IS_ADMIN || get_user_setting($user_id, 'visibleonline') == 'Y') { $visible++; } else { $anon++; } } if ($type == 'anon') { return $anon; } elseif ($type == 'visible') { return $visible; } else { return $visible + $anon; } }
$pageId = "login"; // Check if the url contains a querystring with a page-part. $p = null; if (isset($_GET["p"])) { $p = $_GET["p"]; } // Is the action a known action? $content = null; $output = null; if ($p == "login") { $title = "Logga in"; $content = userLogin(); } else { if ($p == "logout") { $title = "Logga ut"; $content = userLogout(); } else { $title = "Status login / logout"; } } ?> <?php include "incl/header.php"; ?> <div id="content"> <div class="left borderRight width80""> <?php if (isset($content)) {