function performLogin($credentials, $mysql) { $JSONerror->state = 0; $JSONerror->message = 'Success'; //Connect to MySQL DB $MySQLConnection = new Mysql($mysql['host'], $mysql['port'], $mysql['user'], $mysql['password'], $mysql['database']); $MySQLConnection->connect(); if (verifyCredentials($credentials, $MySQLConnection)) { $userObject = getUserInfo($credentials, $MySQLConnection); if ($userObject->userValid) { sessionInit($userObject, false); echo json_encode($userObject); } else { $JSONerror->state = 1; $JSONerror->message = 'User blocked!'; print_r(json_encode($JSONerror)); } } else { $JSONerror->state = 1; $JSONerror->message = 'Your Password and Username combination does not Match our databse, Sorry'; print_r(json_encode($JSONerror)); } }
<?php $conn = null; require_once '../connections/Connection.php'; echo "<br> <br>"; echo "UserName :"******"NAME"]; echo "<br> <br>"; echo "Password:"******"PASSWORD"]; echo "<br> <br>"; echo "TYPE OF USER:"******"USER"]; echo "<br> <br>"; require_once '../connections/VerifyCredentials.php'; if (verifyCredentials($conn, $_REQUEST["NAME"], $_REQUEST["PASSWORD"])) { // if credentials are okay then. session_start(); $_SESSION['NAME'] = $_REQUEST["NAME"]; $_SESSION['USER'] = $_REQUEST["USER"]; if ($_SESSION['USER'] == "Student") { header('Location: student/index.php'); } else { header('Location: faculty/index.php'); } } else { // if credentials fails => header('Location: index.php'); }
if (isset($_POST['action'])) { /** * --- Installation --- * Request to install the nimbusec plugin */ if ($_POST['action'] === "installation") { // -- Continue only if credentials were passed --- if (isset($_POST['apiKey'], $_POST['apiSecret'])) { // -- Declare response array -- $resp = array('status' => 0); $apiKey = htmlentities($_POST['apiKey'], ENT_QUOTES); $apiSecret = htmlentities($_POST['apiSecret'], ENT_QUOTES); // -- If $_POST ['apiServer'] then validate for url pattern -- if (verifyString($apiKey) && verifyString($apiSecret)) { if (!isNimbusecInstalled()) { if (verifyCredentials($apiKey, $apiSecret)) { // -- Get access data for WHM API -- $hash = file_get_contents("/root/.accesshash"); $host = gethostname(); $serverAddr = gethostbyname($host); $whmApi = new WHMAPIClient($hash, $serverAddr); // -- Install Nimbusec (trigger installation file) -- $res = (require_once "/usr/local/nimbusec/nimbusec/install.php"); if ($res['status']) { // Set installation flag $whmApi->setNVData(array(array("NIMBUSEC_INSTALLED", "1"))); // Set credentials $whmApi->setNVData(array(array("NIMBUSEC_APIKEY", $apiKey), array("NIMBUSEC_APISECRET", $apiSecret))); array_push($res['content'], "The installation of the nimbusec cPanel / WHM has been finished successfully."); } else { array_push($res['content'], "The installation of the nimbusec cPanel / WHM plugin has been aborted suddenly. It is advised to review the nimbusec logs files to find possible causes.");
$htmloutput = false; header("Content-type: text/plain"); } else { $htmloutput = true; } if ($user !== NULL) { if ($htmloutput) { $db = getAuthDb(); showSuccessScreen($db, $user); } else { echo "login:{$user}\n"; } } elseif (isset($_REQUEST['username']) && isset($_REQUEST['password'])) { if ($db = getAuthDb()) { error_log(__FILE__ . ": Got a database connection"); if (verifyCredentials($db, $_REQUEST['username'], $_REQUEST['password']) === True) { error_log(__FILE__ . ": verified credentials"); $authtoken = getauthtoken($db, $_REQUEST['username'], $_SERVER["REMOTE_ADDR"]); $cookieexpire = time() + $MAXTOKENLIFETIME; if (isset($_SERVER['HTTP_HOST'])) { $host = $_SERVER['HTTP_HOST']; $secure = $host != 'localhost'; if (!$secure) { $host = NULL; } } else { $host = 'darwin.bournemouth.ac.uk'; $secure = TRUE; } error_log(__FILE__ . ": The host for the cookie has been determined as '{$host}'"); setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', $host, $secure);
error_reporting(E_ALL); ini_set('display_errors', 'On'); require_once '../lib/common.php'; require_once '../lib/authadmin.php'; $AUTHONLY = !isset($_POST["pubkey"]); if (!(isset($_POST["username"]) && isset($_POST["password"]))) { handleError("insufficient credentials", 403, "Forbidden"); } $USERNAME = $_POST["username"]; $PASSWORD = $_POST["password"]; $DB = getAuthDb(); if ($DB === NULL) { handleError("Database connection error", 500); } $DB->autocommit(FALSE); if (verifyCredentials($DB, $USERNAME, $PASSWORD) !== True) { handleError("Invalid credentials", 403, "Forbidden"); exit; // Exit just for certainty. HandleError should have exited already. } if ($AUTHONLY) { header("HTTP/1.1 200 Created"); header("Content-type: text/plain"); print "authenticated {$USERNAME}\n"; exit; } // Now we are authenticated. Now add the key if (isset($_POST["id"])) { $REQUESTKEYID = $_POST["id"]; } $PUBKEY = normalizebase64($_POST["pubkey"]);
} $db = getAuthDb(); if ($db === NULL) { handleError("Could not connect to the database"); } if (isset($resettoken) && isset($requestuser)) { if (verifyResetToken($db, $requestuser, $resettoken)) { $user = $requestuser; } else { handleError("The given reset token is invalid or expired"); exit; } } elseif (is_admin() && isset($requestuser)) { $user = $actualuser; } else { if (verifyCredentials($db, $user, $password) !== True) { showChangeScreen("Your password is incorrect"); exit; } } if ($newpassword !== $newpassword2) { showChangeScreen("The new passwords do not match"); exit; } if (strlen($newpassword) < 6) { showChangeScreen("The new passwords must be at least 6 characters long"); exit; } $db->autocommit(FALSE); updateCredentials($db, $user, $newpassword); $db->close();
$dbRoleId = $users->Role_ID; $dbCostumerId = $users->Costumer_ID; $user = new User($dbUsername); $user->setPassword($dbPassword); $user->setRoleId($dbRoleId); $user->setCostumerId($dbCostumerId); } if ($user != null) { if (strtolower($user->getUsername()) == strtolower($username) && $user->getPassword() == $password) { $_SESSION["user"] = $user; header("Location: ../index.php"); } } } if (isset($_POST["username"]) && isset($_POST["password"])) { if ($_POST["username"] == "Username" && $_POST["password"] == "Password") { echo "hello"; exit; } require_once "../DBInterface/loginDB.php"; require_once "./user.inc.php"; $username = $_POST["username"]; $password = $_POST["password"]; verifyCredentials($username, $password); } if (!isset($_SESSION["user"])) { echo "<html><body>Wrong credentials provided<br />"; echo "<a href='../index.php'>Back to Login</a>"; echo "</body></html>"; exit; }