コード例 #1
1
ファイル: user_auth_fns.php プロジェクト: dev-lav/htdocs
function login($username, $passwd)
{
    global $db_link;
    // check if username is unique
    $result = wrap_db_query("SELECT user_id, passwd FROM " . BOOKING_USER_TABLE . " \r\n\t\t\t\t\t\tWHERE username = '******'");
    if (!$result) {
        return false;
    }
    $fields = wrap_db_fetch_array($result);
    # check to see if username was found
    # also to prevent username = "" sql default
    if (empty($fields)) {
        return false;
    }
    # check for admin login, passwd = NULL
    if ($passwd == "" && $result && $fields[1] == NULL) {
        $passwd = NULL;
    }
    //echo "username: $username<br />";
    //echo "password: $passwd<br />";
    //echo "db field: ".$fields['passwd']."<br />";
    if ($fields['passwd'] == NULL) {
        echo "NULL db passwd<br />";
    }
    if (validate_password($passwd, $fields['passwd'])) {
        return true;
    }
    return false;
}
コード例 #2
0
 public function index()
 {
     checkIE();
     if (IS_POST) {
         $username = I('username', null);
         $password = I('password', null);
         $code = I('code', null);
         $check_verify = $this->_check_verify($code);
         if ($check_verify) {
             $user = D('Member')->getUsersByUsername($username);
             $auth_success = false;
             if ($user) {
                 $auth_success = validate_password($password, $user[0]['salted_hash']);
             }
             if ($auth_success) {
                 $result['code'] = self::SUCCESS_CODE;
                 session('username', $user[0]['username']);
                 session('uid', $user[0]['uid']);
                 session('email', $user[0]['email']);
                 session('groupid', $user[0]['groupid']);
                 session('gender', $user[0]['gender']);
                 session('avatar', $user[0]['avatar']);
             } else {
                 $result['code'] = self::AUTH_FAILED_CODE;
                 $result['error'] = self::AUTH_FAILED_TIP;
             }
         } else {
             $result['code'] = self::VERIFY_FAILED_CODE;
             $result['error'] = self::VERIFY_FAILED_TIP;
         }
         $this->ajaxReturn($result);
     }
     $this->display();
 }
コード例 #3
0
function login($dirty_email, $dirty_password)
{
    $email = escape($dirty_email);
    $password = escape($dirty_password);
    if (!validate_email($email)) {
        echo "login-invalid-email";
        return;
    }
    if (!validate_password($password)) {
        echo "login-invalid-password";
        return;
    }
    $account_id = account_id_from_email($email);
    if ($account_id == -1) {
        echo "DEBUG: email or password invalid";
        return;
    }
    if (correct_password($account_id, $password) == false) {
        echo "DEBUG: email or password invalid";
        return;
    }
    session_regenerate_id();
    fresh_logon($account_id);
    $username = username_from_account_id($account_id);
    setcookie('LOGGED_IN', $username, time() + 3600);
    echo "login-success";
}
コード例 #4
0
ファイル: user_auth_fns.php プロジェクト: haganbt/N27-Booking
function login($username, $passwd)
{
    // check if username is unique
    $result = wrap_db_query("SELECT user_id, passwd FROM " . BOOKING_USER_TABLE . "\n\t\t\t\t\t\tWHERE username = '******' AND login_enabled = '1'");
    if (!$result) {
        return false;
    }
    $fields = wrap_db_fetch_array($result);
    # check to see if username was found
    # also to prevent username = "" sql default
    if ($fields[0] == "") {
        return false;
    }
    # check for admin login, passwd = NULL
    if ($passwd == "" && $result && $fields[1] == NULL) {
        $passwd = NULL;
    }
    #echo "username: $username<br />";
    #echo "password: $passwd<br />";
    #echo "db field: $fields[1]<br />";
    #if ($fields[1] == NULL) { echo "NULL db passwd<br />"; }
    if (validate_password($passwd, $fields[1])) {
        return true;
    }
    return false;
}
コード例 #5
0
ファイル: CaUsers.php プロジェクト: kai-iak/pawtucket2
 public static function authenticate($ps_username, $ps_password = '', $pa_options = null)
 {
     $t_user = new ca_users();
     $t_user->load($ps_username);
     if ($t_user->getPrimaryKey() > 0) {
         $vs_hash = $t_user->get('password');
         if (preg_match('/^[a-f0-9]{32}$/', $vs_hash)) {
             // old-style md5 passwords
             //throw new CaUsersException(_t('The stored password for this user seems to be in legacy format. Please update the user account by resetting the password.'));
             if (md5($ps_password) == $vs_hash) {
                 // if the md5 hash matches, authenticate successfully and move the user over to pbkdf2 key
                 $t_user->setMode(ACCESS_WRITE);
                 // ca_users::update takes care of the hashing by calling AuthenticationManager::updatePassword()
                 $t_user->set('password', $ps_password);
                 $t_user->update();
                 return true;
             } else {
                 return false;
             }
         }
         return validate_password($ps_password, $vs_hash);
     } else {
         return false;
     }
 }
コード例 #6
0
ファイル: login.php プロジェクト: nperez0111/Pizza
function checkUser($userName, $password)
{
    if (!isset($userName) && !isset($password)) {
        return false;
    }
    include '../../includes/database.php';
    // Retrieve username and password from database according to user's input
    $stmt = $db->prepare("SELECT * FROM " . "users" . " WHERE (`Email` = :Email)");
    $resul = $stmt->execute(array(':Email' => $userName));
    $result = $stmt->fetch();
    $num_rows = $stmt->rowCount();
    // Check username and password match
    //echo $num_rows > 0 &&validate_password($password,$result['password'])?"pasword is real...\n":"not the right pass?\n";
    if ($num_rows > 0 && validate_password($password, $result['password'])) {
        // Set username session variable
        $_SESSION['Email'] = $userName;
        $_SESSION['loggedin'] = true;
        $_SESSION['FName'] = $result['FName'];
        $_SESSION['LName'] = $result['LName'];
        $_SESSION['Index'] = $result['Index'];
        $_SESSION['verified'] = @$result['verified'];
        return true;
    } else {
        return false;
    }
}
コード例 #7
0
/**
 * Set a user's password
 * 
 * @return bool
 * @since 1.8.0
 * @access private
 */
function elgg_set_user_password()
{
    $current_password = get_input('current_password', null, false);
    $password = get_input('password', null, false);
    $password2 = get_input('password2', null, false);
    $user_guid = get_input('guid');
    if (!$user_guid) {
        $user = elgg_get_logged_in_user_entity();
    } else {
        $user = get_entity($user_guid);
    }
    if ($user && $password) {
        // let admin user change anyone's password without knowing it except his own.
        if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
            $credentials = array('username' => $user->username, 'password' => $current_password);
            try {
                pam_auth_userpass($credentials);
            } catch (LoginException $e) {
                register_error(elgg_echo('LoginException:ChangePasswordFailure'));
                return false;
            }
        }
        try {
            $result = validate_password($password);
        } catch (RegistrationException $e) {
            register_error($e->getMessage());
            return false;
        }
        if ($result) {
            if ($password == $password2) {
                $user->salt = _elgg_generate_password_salt();
                $user->password = generate_user_password($user, $password);
                $user->code = '';
                if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) {
                    // regenerate remember me code so no other user could
                    // use it to authenticate later
                    $code = _elgg_generate_remember_me_token();
                    $_SESSION['code'] = $code;
                    $user->code = md5($code);
                    setcookie("elggperm", $code, time() + 86400 * 30, "/");
                }
                if ($user->save()) {
                    system_message(elgg_echo('user:password:success'));
                    return true;
                } else {
                    register_error(elgg_echo('user:password:fail'));
                }
            } else {
                register_error(elgg_echo('user:password:fail:notsame'));
            }
        } else {
            register_error(elgg_echo('user:password:fail:tooshort'));
        }
    } else {
        // no change
        return null;
    }
    return false;
}
コード例 #8
0
ファイル: receive_login_form.php プロジェクト: vilsu/codes
/** Tarkasta sisaankirjautumislomake
 * @param $email string
 * @param $password string
 * @return boolean
 */
function validate($email, $password)
{
    if (validate_email($email) && validate_password($password)) {
        return true;
    } else {
        return false;
    }
}
コード例 #9
0
 /**
  *
  * @param string $username
  * @param string $password
  * @return Users 
  */
 public function getCredentials($username, $password)
 {
     $query = Doctrine_Query::create()->from('SystemUser')->where('user_name = ?', $username)->andWhere('deleted = 0');
     $user = $query->fetchOne();
     if (validate_password($password, $user->get('user_password'))) {
         return $user;
     }
     return null;
 }
コード例 #10
0
ファイル: DB.php プロジェクト: x86asm/ws1
 public function login($username, $password)
 {
     $stmt = $this->dbh->prepare('SELECT * FROM accounts WHERE username = ?');
     $stmt->bindParam(1, $username);
     $stmt->execute();
     $row = $stmt->fetch(PDO::FETCH_ASSOC);
     if (validate_password($password, $row['password'])) {
         return $row;
     }
     return '';
 }
コード例 #11
0
function validate_credentials($form)
{
    $errors = [];
    $userNameValid = validate_username($form);
    if (!$userNameValid) {
        $errors["validation.userName"] = "******";
    }
    $passwordValid = validate_password($form);
    if (!$passwordValid) {
        $errors["validation.password"] = "******";
    }
    return $errors;
}
コード例 #12
0
ファイル: model_note_view.php プロジェクト: gmolveau/minote
/**
 * check if password entered matches DB
 * @param string $url 
 * @param string $pwd 
 * @return boolean true, if password matches
 * @return error message if exception catched during PDO
 */
function verifyPassword($url, $password, $pdo)
{
    try {
        require 'password_hash.php';
        $stmt = $pdo->prepare("SELECT pwdView from note where id = :url");
        $stmt->bindValue(':url', $url, PDO::PARAM_STR);
        $stmt->execute();
        $result = $stmt->fetch(PDO::FETCH_ASSOC);
        return validate_password($password, $result['pwdView']);
    } catch (PDOException $e) {
        throw $e;
    }
}
コード例 #13
0
ファイル: test.php プロジェクト: emnik/tuitioninfo
 public function index()
 {
     $this->load->helper('pbkdf2_helper');
     $pass = create_hash('usr#6379');
     echo $pass;
     echo "<p>" . strlen($pass) . "</p>";
     echo "<p>result:</p>";
     if (validate_password('usr#6379', $pass) == true) {
         echo "validation passed";
     } else {
         echo "didn't pass!";
     }
 }
コード例 #14
0
ファイル: user_settings.php プロジェクト: nachopavon/Elgg
/**
 * Set a user's password
 * 
 * @return bool
 * @since 1.8.0
 * @access private
 */
function elgg_set_user_password()
{
    $current_password = get_input('current_password');
    $password = get_input('password');
    $password2 = get_input('password2');
    $user_guid = get_input('guid');
    if (!$user_guid) {
        $user = elgg_get_logged_in_user_entity();
    } else {
        $user = get_entity($user_guid);
    }
    if ($user && $password) {
        // let admin user change anyone's password without knowing it except his own.
        if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) {
            $credentials = array('username' => $user->username, 'password' => $current_password);
            try {
                pam_auth_userpass($credentials);
            } catch (LoginException $e) {
                register_error(elgg_echo('LoginException:ChangePasswordFailure'));
                return false;
            }
        }
        try {
            $result = validate_password($password);
        } catch (RegistrationException $e) {
            register_error($e->getMessage());
            return false;
        }
        if ($result) {
            if ($password == $password2) {
                $user->salt = generate_random_cleartext_password();
                // Reset the salt
                $user->password = generate_user_password($user, $password);
                if ($user->save()) {
                    system_message(elgg_echo('user:password:success'));
                    return true;
                } else {
                    register_error(elgg_echo('user:password:fail'));
                }
            } else {
                register_error(elgg_echo('user:password:fail:notsame'));
            }
        } else {
            register_error(elgg_echo('user:password:fail:tooshort'));
        }
    } else {
        // no change
        return null;
    }
    return false;
}
コード例 #15
0
function verify_account($dirty_username, $dirty_password, $dirty_activation_code)
{
    $username = escape($dirty_username);
    $password = escape($dirty_password);
    $code = escape($dirty_activation_code);
    $validateUsrMsg = validate_username($username);
    if ($validateUsrMsg != "valid-username") {
        return;
    }
    $validatePwdMsg = validate_password($password);
    if ($validatePwdMsg != "valid-password") {
        return;
    }
    $account_id = account_id_from_code($code);
    $sql1 = "SELECT * FROM account_signup WHERE code='{$code}'";
    $result = query($sql1);
    if (mysqli_num_rows($result) == 1) {
        $row = mysqli_fetch_assoc($result);
        $date_requested = $row["date_requested"];
        $expires = $date_requested + 86400;
        if (time() > $expires) {
            echo "validation-expired";
            return;
        }
        $encrypted_password = encrypt_password($password);
        $sql2 = "UPDATE account_head SET status='logged-out' WHERE account={$account_id};";
        query($sql2);
        if (user_has_status($account_id, 'logged-out') == false) {
            echo 'verify-error';
            return;
        }
        $sql3 = "INSERT INTO account_credentials (account, username, password)";
        $sql3 .= " VALUES ({$account_id}, '{$username}', '{$encrypted_password}');";
        query($sql3);
        if (user_has_credentials($account_id, $username, $encrypted_password) == false) {
            echo 'verify-error';
            return;
        }
        $sql4 = "DELETE FROM account_signup WHERE account={$account_id};";
        query($sql4);
        if (user_has_signup_pending($account_id)) {
            echo 'verify-error';
            return;
        }
        echo "verify-success";
        return;
    }
    echo 'verify-error';
}
コード例 #16
0
ファイル: auth.inc.php プロジェクト: smdern/IRRemote
function auth_username_password($db, $username, $password)
{
    $st = $db->prepare("SELECT access_token, password FROM users WHERE username=? LIMIT 1");
    $st->bind_param("s", $username);
    $st->execute();
    $st->bind_result($token, $hash);
    $st->fetch();
    $st->close();
    hj_log("auth_token_db", $token);
    require_once __DIR__ . '/crypto.inc.php';
    if (validate_password($password, $hash)) {
        hj_log("auth_token_db", $token);
        return $token;
    }
    return NULL;
}
コード例 #17
0
ファイル: main.php プロジェクト: phpbb-es/regcheck
 /**
  * Check password
  *
  * @return object
  */
 public function password()
 {
     $password = utf8_normalize_nfc(request_var('password', '', true));
     if (strlen($password) > $this->config['max_pass_chars']) {
         $return = $this->user->lang('TOO_LONG_USER_PASSWORD');
     } else {
         if (strlen($password) < $this->config['min_pass_chars']) {
             $return = $this->user->lang('TOO_SHORT_USER_PASSWORD');
         } else {
             if ($return = validate_password($password)) {
                 $return = $this->user->lang($return . '_NEW_PASSWORD');
             } else {
                 $return = 0;
             }
         }
     }
     return new Response($return);
 }
コード例 #18
0
 /**
  * Authenticates a user by username/password credentials. Uses the 'users' DB table.
  * @uses User_Model
  * @access public
  * @param string $username
  * @param string $password
  * @return bool
  */
 function auth_user($username, $password)
 {
     $this->load->helper('secure_hash');
     $params = array('username' => $username, 'status' => 'Active');
     if ($user = $this->user_model->get($params, true)) {
         if (validate_password($password, $user->password)) {
             log_message('info', 'User ' . $this->user_model->get_name($user->id) . ' has just logged in!');
             reload_session_caps($user->id);
             return true;
         } else {
             add_message('Incorrect username or password, please verify your details and try again.', 'danger');
             return false;
         }
     } else {
         add_message('Incorrect username or password, please verify your details and try again.', 'danger');
         return false;
     }
 }
コード例 #19
0
ファイル: login_model.php プロジェクト: emnik/tuitionweb
 public function verify_user($username, $password)
 {
     //previously sha1
     //$this->load->helper('security');
     //$password_sha1 = do_hash($password, TRUE);
     //Currently pbkdf2
     $this->load->helper('pbkdf2_helper');
     $this->load->helper('date');
     $q = $this->db->where('username', $username)->bracket('open')->where('expires >', date('Y-m-d', now()))->or_where('expires', '0000-00-00')->bracket('close')->limit(1)->get('user');
     if ($q->num_rows > 0) {
         //for pbkdf2
         $good_hash = $q->row()->password;
         if (validate_password($password, $good_hash) === true) {
             return $q->row();
         }
         //for sha1 just return $q->row();
     }
     return false;
 }
コード例 #20
0
/** Tarkasta rekister\"{o}intilomake
 * @param $email string 
 * @param $password string 
 * @param $username string 
 * @return boolean
 */
function validate($email, $password, $username)
{
    if (!validate_email($email)) {
        echo "email wrong";
        return false;
    } else {
        if (!validate_password($password)) {
            echo "password wrong";
            return false;
        } else {
            if (!validate_username($username)) {
                echo "username wrong";
                return false;
            } else {
                echo "correct validation";
                return true;
            }
        }
    }
}
コード例 #21
0
function form_validation($uname, $pwd, $email, $dob, $sex, $state, $city, $news)
{
    $error_message = "";
    $error_message = validate_username($uname, $error_message);
    $error_message = validate_password($pwd, $error_message);
    $error_message = validate_email($email, $error_message);
    $error_message = validate_dob($dob, $error_message);
    $error_message = validate_sex($sex, $error_message);
    $error_message = validate_state($state, $error_message);
    $error_message = validate_city($city, $error_message);
    $error_message = validate_newsletter($news, $error_message);
    if ($error_message) {
        echo "<br>I am sorry, but you haven't filled the form correctly. Please check the following.<br><br>" . $error_message;
        // echo "I am now redirecting you to the previous page. Please fill it correctly this time.";
        // header ( "Location: ../Client/signup.html" );
        return 0;
    } else {
        return 1;
    }
}
コード例 #22
0
ファイル: security.php プロジェクト: loucilvr/MySocial
function database_user_login($username, $password)
{
    global $mysqli;
    $username = sanitize_input($username);
    $password = sanitize_input($password);
    $userID = database_get_userID($username);
    $q = "SELECT password FROM users WHERE userID='{$userID}'";
    $result = mysqli_query($mysqli, $q);
    $row = mysqli_fetch_array($result);
    $datapass = $row['password'];
    // If the database password and the passed in password are the same
    // the user is verified.  Otherwise, return 0.
    if (validate_password($password, $datapass)) {
        set_user_logged_in($userID);
    } else {
        set_user_logged_out();
        $userID = 0;
    }
    return $userID;
}
コード例 #23
0
ファイル: class.pengguna.php プロジェクト: xkillx/anime
 public function valid_pengguna($post)
 {
     if ($this->cek_pengguna($post) <= 0) {
         header("Location:{$this->site_url()}register");
     } else {
         $username = $post['username'];
         $password = $post['password'];
         $query = "SELECT * FROM `pengguna` WHERE `username` = :username";
         $this->obj->query($query);
         $this->obj->bind(':username', $username);
         $this->obj->execute();
         $datas = $this->obj->single();
         $hash = validate_password($password, $datas->password);
         if ($hash == 1) {
             $_SESSION['group'] = $datas->group;
             $_SESSION['pengguna_id'] = $datas->id;
             header("Location: {$this->site_url()}profile");
         } else {
             echo "\n\t\t\t\t\t<div class=\"alert alert-warning\"> Username/Password yang anda masukan salah. silakan <a href=\"./?halaman=login\">login</a> kembali</div>\n\t\t\t\t";
         }
     }
 }
コード例 #24
0
function db_check_credential($username, $password)
{
    //    $q = Doctrine_Query::create()
    //            ->from('Account a')
    //            ->where('a.login = ? and crypted_password = ? and enabled = 1', array($username, sha1($password)));
    ////    printf("%s\n", $q->getSqlQuery());
    //    return ($q->execute()->count() == 1);
    $account = db_get_account($username);
    if ($account && $account['enabled']) {
        if (strstr($account['crypted_password'], ':') !== false) {
            return validate_password($password, $account['crypted_password']);
        } else {
            // check and migrate sha1 password to pbkdf2
            if (sha1($password) == $account['crypted_password']) {
                $values = array('crypted_password' => create_hash($password));
                db_save_account($username, $values);
                return true;
            }
        }
    }
    return false;
}
コード例 #25
0
ファイル: auth.php プロジェクト: elturner/samanderic_website
 function login($username, $password)
 {
     $this->isLoggedIn = false;
     $cleanUsername = $this->db->escape_string($username);
     $cleanPassword = $this->db->escape_string($password);
     // Evaluate credentials, either yea or nay
     $query = "SELECT * from console_users WHERE username = '******' LIMIT 1";
     $result = $this->db->query($query);
     $foundUser = $this->db->num_rows($result) == 1;
     if ($foundUser) {
         $row = $this->db->read_row($result);
         $hashedPassword = $row["password"];
         if (validate_password($password, $hashedPassword)) {
             // If logged in, reveal your secrets
             $this->isLoggedIn = true;
             // Get user_id from user record
             $this->regionID = $row["console_user_id"];
             // Save session cookie
             $_SESSION["sessionUser"] = $cleanUsername;
             $_SESSION["sessionPass"] = $cleanPassword;
         }
     }
     return $this->isLoggedIn;
 }
コード例 #26
0
<?php

require_once '../../_config/dbinfo.inc.php';
require_once '../../_config/misc.func.php';
require_once '../../_config/hash.pwd.php';
session_start();
$conn = oci_connect(ORA_CON_UN, ORA_CON_PW, ORA_CON_DB) or die;
$pass = $_POST['password'];
$username = $_POST['username'];
oci_set_client_identifier($conn, 'admin');
$sql = oci_parse($conn, "SELECT WMU.MART_PASS HASHPASS,\r\n                            WMU.MART_FULL_NAME FULLNAME,\r\n                            WMR.MART_ROLE_DESC COMP_ROLE_COMPLETE\r\n                       FROM MART_USER WMU\r\n                            INNER JOIN MART_ROLE WMR\r\n                               ON WMR.MART_ROLE_ID = WMU.MART_ROLE_ID\r\n                      WHERE WMU.MART_FULL_NAME = :finemail");
oci_bind_by_name($sql, ":finemail", $username);
oci_define_by_name($sql, "COMP_ROLE_COMPLETE", $role);
oci_define_by_name($sql, "HASHPASS", $hashpass);
oci_execute($sql);
$r = oci_fetch_array($sql, OCI_ASSOC);
$passMatchInt = validate_password($pass, $hashpass);
if ($passMatchInt == 1) {
    $_SESSION['userlogin'] = $username;
    $_SESSION['rolelogin'] = $role;
    echo '<script>location.href="../main.php"</script>';
} else {
    echo '<script>alert("LOGIN FAILED !!! \\nPLEASE ENTER APPROPRIATE USER NAME AND PASSWORD")</script>';
    echo '<script>location.href="../../index.php"</script>';
}
$globalName = SingleQryFld("SELECT WMS.SETTING_VALUE_STRING FROM MART_SETTINGS WMS WHERE WMS.SETTING_DESC = 'GLOBAL_NAME'", $conn);
$_SESSION['globalname'] = $globalName;
コード例 #27
0
ファイル: adminuserchangesubmit.php プロジェクト: xoyteam/src
$query = "SELECT maildir FROM domains WHERE domain_id=:domain_id";
$sth = $dbh->prepare($query);
$sth->execute(array(':domain_id' => $_SESSION['domain_id']));
$row = $sth->fetch();
if ($_POST['on_piped'] == 1 && $_POST['smtp'] != "") {
    $smtphomepath = $_POST['smtp'];
    $pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
    $_POST['type'] = "piped";
} else {
    $smtphomepath = "{$row['maildir']}/{$_POST['localpart']}/Maildir";
    $pophomepath = "{$row['maildir']}/{$_POST['localpart']}";
    $_POST['type'] = "local";
}
# Update the password, if the password was given
if (isset($_POST['clear']) && $_POST['clear'] !== '') {
    if (validate_password($_POST['clear'], $_POST['vclear'])) {
        $cryptedpassword = crypt_password($_POST['clear']);
        $query = "UPDATE users\n        SET crypt=:crypt WHERE localpart=:localpart\n        AND domain_id=:domain_id";
        $sth = $dbh->prepare($query);
        $success = $sth->execute(array(':crypt' => $cryptedpassword, ':localpart' => $_POST['localpart'], ':domain_id' => $_SESSION['domain_id']));
        if ($success) {
            if ($_POST['localpart'] == $_SESSION['localpart']) {
                $_SESSION['crypt'] = $cryptedpassword;
            }
        } else {
            header("Location: adminuser.php?failupdated={$_POST['localpart']}");
            die;
        }
    } else {
        header("Location: adminuser.php?badpass={$_POST['localpart']}");
        die;
コード例 #28
0
ファイル: login.php プロジェクト: rongandat/ookcart-project
 if (!empty($error_log_login) && $error_log_login > 3) {
     if ($security_code != $secure_image_hash_string) {
         $validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG);
     }
 }
 $smarty->assign('error_log_login', $error_log_login);
 $validator->validateGeneral('Account Number', $account_number, _ERROR_FIELD_EMPTY);
 $validator->validateGeneral('Password', $login_password, _ERROR_FIELD_EMPTY);
 if (count($validator->errors) == 0) {
     $sql_user = "******" . _TABLE_USERS . " WHERE account_number='" . $account_number . "' AND status=1";
     $user_query = db_query($sql_user);
     if (db_num_rows($user_query) > 0) {
         // email passed
         // check password
         $user_info = db_fetch_array($user_query);
         if (!validate_password($login_password, $user_info['password'])) {
             // wrong password
             $validator->addError('Account Number/Password', ERROR_INVALID_ACCOUNT);
         } else {
             // password passed ==> correct account
             $login_userid = $user_info['user_id'];
             $login_account_number = $account_number;
             $login_useremail = $user_info['email'];
             tep_session_register('login_userid');
             tep_session_register('login_account_number');
             tep_session_register('login_useremail');
             // set cookies for autologin
             if ($_POST['remember_me']) {
                 tep_setcookie("account_number", $account_number, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN);
                 tep_setcookie("password", $login_password, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN);
             }
コード例 #29
0
ファイル: general.php プロジェクト: rongandat/ookcart-project
function confirmUser($login_email, $login_password)
{
    global $login_userid, $login_username;
    $user_query = db_query("SELECT user_id, user_username, user_password FROM " . _TABLE_USERS . " WHERE member_email='" . $login_email . "'");
    if (db_num_rows($user_query) > 0) {
        // email passed
        // check password
        $user_info = db_fetch_array($user_query);
        if (!validate_password($login_password, $user_info['user_password'])) {
            // wrong password
            return false;
        } else {
            // password passed ==> correct account
            $login_userid = $member_info['user_id'];
            $login_username = $member_info['user_username'];
            tep_session_register('login_userid');
            tep_session_register('login_username');
            return true;
        }
    } else {
        return false;
    }
}
コード例 #30
0
ファイル: login.php プロジェクト: jlgaffney/Group14
			<?php 
require $relative . 'data/php/site/header-menu.inc';
?>
			
			<!-- MAIN CONTENT STARTS -->
			<div id="centredDiv">
				<h1>Login</h1>
				<?php 
// Check if user is already logged in
if (!isset($_SESSION['user']) || $_SESSION['user'] == "") {
    $errors = array();
    // Check if login values are set. If false, user has opened page the first time
    if (isset($_POST["email"]) && isset($_POST["pass"])) {
        require $relative . 'data/php/user/validate.inc';
        validate_email($errors, $_POST['email']);
        validate_password($errors, $_POST["pass"]);
        if (!isset($errors['email']) && !isset($errors['pass'])) {
            // form is valid
            // Check if email exists in user table
            require $relative . 'data/php/database/pdo.inc';
            $email = $_POST["email"];
            $password = $_POST["pass"];
            // query to check if email exists and password matches
            $query = "SELECT email, userType, fname FROM user WHERE email = ? AND password = SHA2(CONCAT(?, salt), 0)";
            // Execute query and get results
            $result = select($query, array($email, $password), false);
            if ($result != false) {
                // Email exists in database and password matches
                // Store User Session Data
                $_SESSION['user'] = $email;
                $_SESSION['type'] = $result[1];