public function _index($url) { $id = $url[0]; if (!empty($url[0])) { $data = DB::fetch('post', array('unique_id' => $id)); if (empty($data)) { echo 'Not Found'; die; } else { if (!empty($url[1])) { switch ($url[1]) { case 'comment': $post = Input::post(); if (!empty($post)) { if (Token::check($post['token'])) { User::comment($url[0], $post['comment']); echo 'Commented'; } else { echo 'Security token missing'; } } else { Redirect::to('/post/' . $url[0]); } break; default: break; } } else { self::init('PostModel', 'post', $url); } } } else { Redirect::to('/'); } }
public function RequesracallAction() { if (Input::exists() && Token::check(Input::get('token'))) { $this->_DB->insert('phones', array('id' => 0, 'name' => Input::get('name'), 'number' => Input::get('number'))); $this->registerAction(); } ?> <form action="" method="post"> <div class="field"> <LABEL for="name">Name: </LABEL> <input type="text" name="name" id="name" /> </div> <div class="field"> <label for="number">Number: </label> <input type="tel" name="number" id="number" /> </div> <input type="hidden" name="token" value="<?php echo Token::generate(); ?> " /> <input type="submit" value="Save"/> </form> <?php }
public function login($id = null) { $user = $this->user; $this->data['user']['name'] = $user->data()->user; Config::set('html.title', 'Авторизация'); Config::set('html.description.val', 'На этой странице можно залогиниться'); //$user = new User(); $salt = uniqid(); if (!Session::exists(Config::get('session.token_name'))) { Token::generate(); } if (Input::exists()) { if (Token::check(Input::get('token'))) { $validate = new VALIDATE(); $validation = $validate->check($_POST, array('user' => array('required' => true), 'password' => array('required' => true))); if ($validate->passed()) { $remember = Input::get('remember') === 'on' ? true : false; $login = $user->login(Input::get('user'), Input::get('password'), null); if ($login) { Redirect::to('/'); } else { echo '<p>Sorry, logging in failed</p>'; } } else { foreach ($validation->errors() as $error) { //echo $error, '<br/>'; $this->data['validate_errors'][] = $error; } } } } //$this->data['id']=$id; //$this->data['name']=Input::get('name'); $this->view('user/login'); }
public function _index() { // Deny access if not logged in new Protect('ajax'); $post = Input::post(); $token = Token::check($post['token']); if (!empty($post['username']) && !empty($post['type']) && $token === TRUE) { $request = User::request($post); if ($request === TRUE) { $data['success'][] = TRUE; } else { $data['errors'][] = $request; } } else { if (!$token) { $data['errors'][] = 'Security Token Missing'; } else { $data['errors'][] = 'Username & Type Required'; } } if (!empty($data)) { return $data; } else { return FALSE; } }
public function _index() { $post = Input::post(); if (!empty($post)) { $validate = Validate::register($post); $token = Token::check($post['token']); if ($validate === TRUE && $token === TRUE) { User::addUser($post); echo 'Registered'; } else { if (!$token) { echo 'Security Token is missing'; } echo '<pre>'; print_r($validate); echo '</pre>'; } } else { if (Session::exists('user_id')) { header('Location: /'); exit; } self::init('RegisterModel', 'register', $arg); } }
public function create() { new Protect(); $post = Input::post(); echo '<pre>'; if (!empty($post)) { if (Token::check($post['token'])) { Question::postQuestion($post); echo 'Posted'; } else { echo 'Security token missing.'; } } else { echo ' <form method="post" action=""> <input type="text" name="title" placeholder="Title"> <input type="hidden" name="token" value="' . Token::generate() . '"> <br> <textarea placeholder="Description" type="text" name="content"></textarea> <br> <input type="submit"> </form> '; } }
public function _index() { $token = $token = Token::check(Input::post('token')); if ($token) { // Destroy Session session_destroy(); // Redirect to index Redirect::to('/'); } else { echo 'Security Token Missing'; } }
public function run() { if (Input::exists('post')) { //check if form loaded propely if (Token::check(Input::get('token'))) { echo $this->model->process(); } else { return miscellaneous::Error(); } } else { return miscellaneous::Error(); } }
public function accept() { $post = Input::post(); if (!empty($post['username'])) { if (Token::check($post['token']) === TRUE) { User::accept(Input::post()); } else { echo 'Security Token Missing'; } } else { echo 'username required'; } }
/** * Registra um usuário com dados recebidos do formulário * */ public function salvarUsuario($id = null) { if (Input::exists()) { if (Token::check(Input::get('token'))) { $usuario = $this->setDados(); if ($this->getModel()->findByLogin($usuario)) { $this->atualizar = true; } $msg = $this->getModel()->gravar($usuario, $this->atualizar); Session::flash('msg', $msg['fc_criar_usuario'], 'success'); } } }
public function validateInput($Input = array()) { $validater = new \Validation(); if (\Token::check($Input["token"])) { $valid = $validater->Validate($Input, array('Username' => array('required' => true, 'min' => 3, 'max' => 35, 'exists' => array("Value" => 'Users', 'CustomError' => "{Value} is not a registered User")), 'Password' => array('required' => true, 'min' => 5, 'differs' => 'Username'))); if ($valid === true) { //Attempt to Authenticate $this->User = new \User(); try { $this->Authenticated = $this->User->Authenticate(escape($Input["Username"]), escape($Input["Password"]), $Input["remember"]); } catch (\Exception $e) { $this->Errors = array($e->getMessage()); } } else { $this->Errors = $valid; } } }
static function authAPICall($dbh, $output_on_error = true, $output_type = "json") { require_once "Token.php"; $token_data = Token::check($dbh, Token::getToken()); if (isset($token_data["organization_user_id"])) { $user = $dbh->query("SELECT * FROM organization_user WHERE id = ?", array($token_data["organization_user_id"])); if (count($user)) { $user = $user[0]; $user["token_data"] = $token_data; return $user; } } if ($output_on_error) { $status = "401 Unauthorized"; output($output_type, array("status" => $status, "success" => false, "error" => array("Invalid token")), $status); exit; } }
public function create() { if (isset($_POST['token'])) { if (Token::check($_POST['token'])) { $title = $_POST['title']; //dodawanie pauzy w mijsce spacji i astapywanie pauz tyldami $title = Shift::add($title); $article = $_POST['article']; $DB = new DB(); $DB->insert("INSERT INTO article VALUES(NULL,'{$title}','{$article}',NOW(),0)"); $this->index(null); } else { $this->view('pages/Portfolio/create'); } } else { $this->view('pages/Portfolio/create'); } }
public function register() { $Token = new Token(); if (!$Token->check($_POST['token'])) { $_SESSION['alert'] = 'Error, please try again.'; } else { $Verify = new Verify(); $username = trim(strip_tags($_POST['username'])); $password = trim(strip_tags($_POST['password'])); $repassword = trim(strip_tags($_POST['repassword'])); $email = trim(strip_tags($_POST['email'])); $email = explode('@', $email); if (!isset($username) && !isset($password) && !isset($repassword) && !isset($email)) { $_SESSION['alert'] = 'Not all fields have been completed.'; } elseif (!$Verify->length($username, 255)) { $_SESSION['alert'] = 'The username is too long.'; } elseif (!$Verify->same($password, $repassword)) { $_SESSION['alert'] = 'The passwords entered are not the same.'; } elseif (!$Verify->length($email[0], 255)) { $_SESSION['alert'] = 'The email entered is too long.'; } elseif (!$Verify->length($email[1], 255)) { $_SESSION['alert'] = 'The email entered is too long.'; } else { $Db = new Db(); $query = $Db->query('user', array(array('username', '=', $username, ''))); $numrows = mysqli_num_rows($query); if ($numrows > 0) { $_SESSION['alert'] = 'Error, please try again.'; } else { $salt = base64_encode(mcrypt_create_iv(128, MCRYPT_DEV_URANDOM)); $crypt = hash('sha512', $username . $salt . $password); $datetime = date('Y-m-d H:i:s'); $rank = 0; $insert = $Db->insert('user', array('', $username, $crypt, $email[0], $email[1], $salt, $datetime, $rank)); if (!$insert) { $_SESSION['alert'] = 'User could not be registered.'; } else { $_SESSION['alert'] = 'Successfully registered, you can now login with your credentials.'; header('Location: login.php'); } } } } }
public function index() { //add params $user = new User(); if ($user->isLoggedIn()) { Redirect::to('account'); //$this->view('user/index', ['flash' => '', 'name' => $user->data()->name]); } else { if (Input::exists()) { if (Token::check(Input::get('token'))) { $validate = new Validation(); $validation = $validate->check($_POST, array('username' => array('required' => true), 'password' => array('required' => true))); if ($validation->passed()) { $user = new User(); $remember = Input::get('remember') === 'on' ? true : false; $login = $user->login(Input::get('username'), Input::get('password'), $remember); if ($login) { //login success Session::flash('account', 'You are now logged in'); Redirect::to('account'); } else { //login failed $error_string = 'Username or passowrd incorrect<br>'; $this->view('login/failed', ['loggedIn' => 2, 'page_heading' => 'Login', 'errors' => $error_string]); } } else { $error_string = ''; //there were errors //Create a file that prints errors foreach ($validation->errors() as $error) { $error_string .= $error . '<br>'; } $this->view('login/failed', ['loggedIn' => 0, 'page_name' => 'Login', 'errors' => $error_string]); } } else { //token did not match so go back to login page $this->view('login/index', ['loggedIn' => 2, 'page_name' => 'Login']); } } else { $this->view('login/index', ['loggedIn' => 2, 'page_name' => 'Login']); } } }
public function run() { //check if the run request from submition form if (Input::exists('post')) { //check if form loaded propely if (Token::check(Input::get('token'))) { if ($this->model->process()) { header("Location: " . SITE_URL); } else { Session::flush('error-login', 'Username or password is incorrrect!'); header("Location: " . SITE_URL . "/login"); } } else { return miscellaneous::Error(); } } else { return miscellaneous::Error(); } }
public function loginProcess() { //check if the run request from submition form if (Input::exists('post')) { //check if form loaded propely if (Token::check(Input::get('token'))) { if ($this->model->login()) { header("Location: " . SITE_URL . '/admin'); } else { Session::flush('error-login', Messages::login_unsuccess()); header("Location: " . SITE_URL . "/admin/login"); } } else { return miscellaneous::Error(); } } else { return miscellaneous::Error(); } }
public function create() { // TODO: Validate $post = Input::post(); $token = Token::check($post['token']); if (!empty($post['name']) && $token === TRUE) { $data = NULL; $data['group_id'] = md5(uniqid()); $data['group_name'] = $post['name']; $data['desp'] = $post['desp']; $data['status'] = 1; $data['time'] = time(); DB::insert('group', $data); DB::insert('group_user', array('user_id' => Session::get('user_id'), 'group_id' => $data['group_id'], 'type' => 'A', 'time' => time(), 'status' => '1')); echo 'Group Created'; } else { echo 'Empty or security token missing'; } }
public function run() { //check if the run request from submition form if (Input::exists('post')) { //check if form loaded propely if (Token::check(Input::get('token'))) { //processing resistration and catch exception if ($this->model->process()) { Session::flush('resSuccess', Messages::res_success()); header("Location: " . SITE_URL . "/login"); } else { echo Messages::res_unsuccess(); } } else { return miscellaneous::Error(); } } else { return miscellaneous::Error(); } }
public function validateInput($Input = array()) { $validater = new \Validation(); if (\Token::check($Input["token"])) { $valid = $validater->Validate($_POST, array('Username' => array('required' => true, 'min' => 3, 'max' => 35, 'unique' => 'Users'), 'Password' => array('required' => true, 'min' => 5, 'differs' => 'Username'), 'Password2' => array('required' => true, 'matches' => 'Password'))); if ($valid === true) { //Register the User $salt = \Hash::salt(); $hashed = \Hash::make($Input["Password"], $salt); $this->User = new \User(); try { $newUser = $this->User->Create(array('Username' => escape($Input["Username"]), 'Password' => $hashed, 'Salt' => $salt)); $this->Registered = $newUser; } catch (\Exception $e) { $this->Errors = array($e->getMessage()); } } else { $this->Errors = $valid; } } }
function changePassword() { $input = Input::parse(); if (Token::check($input['token'])) { $validate = new Validate(); $validate->check($input, array('password_current' => ['required' => true, 'min' => 6], 'password' => ['required' => true, 'min' => 6], 'password_repeat' => ['required' => true, 'min' => 6, 'matches' => 'password'])); if ($validate->passed()) { $user = new User(); if (Hash::make($input['password_current'], config::get('encryption/salt')) !== $user->data()->password) { echo "incorrent password"; } else { $user->update(array('password' => Hash::make($input['password'], config::get('ecryption/salt')))); Session::flash('success', 'Successfully changed password'); Redirect::to('changepassword'); } } else { Session::flash('error', $validate->errors()); Redirect::to('changepassword'); } } }
public function create() { $Token = new Token(); if (!$Token->check($_POST['token'])) { $_SESSION['alert'] = 'Error, please try again.'; } else { $Verify = new Verify(); $username = trim(strip_tags($_POST['username'])); $email = trim(strip_tags($_POST['email'])); $password = trim(strip_tags($_POST['password'])); $rank = $_POST['rank']; $email = explode('@', $email); if (!isset($username) && !isset($email) && !isset($password) && !isset($rank)) { $_SESSION['alert'] = 'Not all fields have been completed.'; } elseif (!$Verify->length($username, 255)) { $_SESSION['alert'] = 'The username is too long.'; } elseif (!$Verify->length($email[0], 255)) { $_SESSION['alert'] = 'The email entered is too long.'; } elseif (!$Verify->length($email[1], 255)) { $_SESSION['alert'] = 'The email entered is too long.'; } else { $Db = new Db(); $query = $Db->query('user', array(array('username', '=', $username, ''))); $numrows = mysqli_num_rows($query); if ($numrows > 0) { $_SESSION['alert'] = 'Error, please try again.'; } else { $salt = base64_encode(mcrypt_create_iv(128, MCRYPT_DEV_URANDOM)); $crypt = hash('sha512', $username . $salt . $password); $datetime = date('Y-m-d H:i:s'); $insert = $Db->insert('user', array('', $username, $crypt, $email[0], $email[1], $salt, $datetime, $rank)); if (!$insert) { $_SESSION['alert'] = 'User could not be created.'; } else { $_SESSION['alert'] = 'The user "' . $username . '" was created.'; } } } } }
/** * authenticate api鉴权方法 */ public function authenticate() { $data = $_SERVER['REQUEST_METHOD'] == 'GET' ? $_GET : $_POST; $type = $_SERVER['REQUEST_METHOD'] == 'GET' ? 'read' : 'write'; $param = new WF_Parameter(); $token = $param->query('token', ''); $ts = $param->query('ts', 0); $ua = $param->query('ua', ''); if (!WF_Config::get("auth.{$type}", false)) { return true; } if (!$token || !$ts || !$ua) { throw new LogicException('授权参数缺失', 403); } if (abs(time() - $ts) > 300) { throw new LogicException('鉴权超时', 403); } $tokenizer = new Token(); if (!$tokenizer->check($token, $ua, $ts, $data)) { throw new LogicException('未授权的访问', 403); } }
public function index() { $user1 = new User(); if ($user1->isLoggedIn()) { //would you like to register a new user } else { if (Input::exists()) { if (Token::check(Input::get('token'))) { $validate = new Validation(); $validate->check($_POST, array('username' => array('min' => 2, 'max' => 20, 'required' => true, 'unique' => true), 'name' => array('min' => 2, 'max' => 50, 'required' => true), 'sirname' => array('min' => 2, 'max' => 50, 'required' => true), 'email' => array('min' => 5, 'max' => 64, 'email' => true, 'required' => true, 'unique' => true), 'date_of_birth' => array('min' => 6, 'max' => 10, 'date' => true, 'required' => true), 'password' => array('min' => 6, 'required' => true), 'password_again' => array('min' => 6, 'matches' => 'password', 'required' => true))); if ($validate->passed()) { $user = new User(); $salt = Hash::salt(32); $date_of_birth = new Date(Input::get('date_of_birth')); try { $user->create(array('username' => Input::get('username'), 'name' => Input::get('name'), 'sirname' => Input::get('sirname'), 'email' => Input::get('email'), 'dateofbirth' => $date_of_birth->format('Y-m-d H:i:s'), 'password' => Hash::make(Input::get('password'), $salt), 'salt' => $salt, 'joined' => date('Y-m-d H:i:s'), 'group' => 1)); Session::flash('success', 'You have been registered'); Redirect::to('home'); } catch (Exception $e) { die($e->getMessage()); } } else { $error_string = ''; //there were errors //Create a file that prints errors foreach ($validate->errors() as $error) { $error_string .= $error . '<br>'; } $this->view('register/failed', ['loggedIn' => 0, 'page_name' => 'Login Failed', 'errors' => $error_string]); } } } else { //display form page $this->view('register/register', ['register' => true, 'page_name' => 'Register', 'loggedIn' => 0]); } } }
public function _index() { $post = Input::post(); if (empty($post)) { header('Location: /'); exit; } $validation = Validate::login($post); $token = Token::check($post['token']); $errors = NULL; if ($validation === TRUE && $token === TRUE) { if (!User::login($post['username'], $post['password'])) { $errors = 'Username or Password is Incorrect'; } } else { $errors = $validation; if (!$token) { $errors = 'Security Token Missing'; } } if (!empty($errors)) { Session::errors($errors, '/'); } }
function signup() { $input = Input::parse(); if (Token::check($input['token'])) { $validate = new Validate(); $validate->check($input, array('username' => ['required' => true, 'min' => 5, 'max' => 20, 'unique' => 'users'], 'name' => ['required' => true, 'max' => 50], 'password' => ['required' => true, 'min' => 6])); if ($validate->passed()) { $user = new User(); $salt = config::get("encription/hash"); try { $user->create(array('username' => $input['username'], 'password' => Hash::make($input['password']), 'name' => $input['name'], 'joined' => date('Y-m-d H:i:s'), 'group_id' => 1)); } catch (Exception $e) { die($e->getMessage()); } Session::flash('login', 'You registered successfully! Please login!'); Redirect::to('login'); } else { Session::flash('error', $validate->errors()); Redirect::to('signup'); } } else { echo "Invalid token"; } }
Redirect::to('/'); die; } /* * Check if page is enabled */ $staff_applications = $queries->getWhere('core_modules', array('name', '=', 'Staff_Applications')); if ($staff_applications[0]->enabled == 0) { Redirect::to('/'); die; } /* * Handle input */ if (Input::exists()) { if (Token::check(Input::get('token'))) { // Get all answers into one string unset($_POST['token']); $content = array(); foreach ($_POST as $key => $item) { $content[] = array($key, htmlspecialchars($item)); } $content = json_encode($content); $queries->create('staff_apps_replies', array('uid' => $user->data()->id, 'time' => date('U'), 'content' => $content)); $app_id = $queries->getLastId(); // Moderator alerts $mod_groups = $queries->getWhere('groups', array('staff_apps', '=', 1)); foreach ($mod_groups as $mod_group) { $mod_users = $queries->getWhere('users', array('group_id', '=', $mod_group->id)); foreach ($mod_users as $individual) { $queries->create('alerts', array('user_id' => $individual->id, 'type' => $user_language['staff_application'], 'url' => '/mod/applications/?app=' . $app_id, 'content' => str_replace('{x}', htmlspecialchars($user->data()->username), $mod_language['new_app_submitted_alert']), 'created' => date('U')));
echo '<center><p>Insufficient privileges</p></center>'; include FOOTER; exit; } // Ensure user being removed belongs to group: if (!$group_manager->is_user_active_member($user_to_remove, $group)) { echo '<center><p>' . $user_to_remove->name() . ' is not a member of ' . $group->name() . '</p></center>'; include FOOTER; exit; } // Display the confirmation form: $remove_conf_msg = "Are you sure you want to remove <span class=\"dark-grey\">{$user_to_remove->name()}</span> from <span class=\"dark-grey\">{$group->name()}</span>?"; include FORMS . 'remove_user_from_group_form.inc.php'; } elseif (isset($_POST['submitted'])) { // Check valid token exists: if (isset($_POST['token']) && Token::check($_POST['token'])) { // Create user to be removed: $user_to_remove = new User($_POST['user']); // Create group to be modified: $group = new Group($_POST['group']); // If user confirmed deletion of member: if ($_POST['delete'] === 'yes') { $status = $group_manager->remove_user_from_group($user_to_remove, $group); if ($status['status'] === true) { echo '<center><p>' . $status['msg'] . '</p></center>'; } else { echo '<center><p>' . $status['msg'] . '</p></center>'; } } else { $url = $group->exists() ? 'edit_group.php?grp=' . $group->profile_link() : 'manage_groups.php'; echo $url;
// Name of DB table holding all groups: define('GROUPS_TABLE', 'groups'); // Name of DB table holding all user to group relations: define('USERS_TO_GROUPS_INTERMEDIARY', 'users_artist_music'); // Constants for users group status define('NO_PERMISSIONS', 1); define('ADMIN', 2); define('OWNER', 3); require '../../classes/DB.php'; require '../../classes/Base_Account.php'; require '../../classes/User.php'; require '../../classes/Post_Manager.php'; require '../../classes/Session.php'; require '../../classes/Token.php'; if (isset($_POST['task']) && $_POST['task'] == 'post-submit') { if (Token::check($_POST['token'])) { // data to be encoded as JSON and passed back to client: $data = []; // need to generate new session token as we've just consumed the previous one: $new_token = Token::generate(); // get instance of the post_manager: $pm = Post_Manager::getInstance(); // user submitting the post: $user = new User($_POST['user']); // target of the post: // @TODO: switch target_type to instantiate the target as the appropriate type $target = new User($_POST['target']); // The target type (user, music, dance, comedy): // @TODO: this will be used to properly instantiate the target object $target_type = $_POST['target_type']; // The actual post with line breaks preserved:
} } else { // Not valid login Session::destroy(); $validate->addError('Wrong Username or Password'); } } } else { $validate->addError('Wrong Captcha'); } } } if (Input::get('otpsubmit') != '') { $otp_validate = new Validate(); $otp_validation = $otp_validate->check($_POST, array('OTP' => array('required' => true, 'min' => 8, 'max' => 8))); if ($otp_validate->passed() && Token::check(Input::get('token'))) { $otp = new OTP(); if ($otp->verifyOTP(Input::get('OTP'))) { //$otp->verifyOTP(Input::get('OTP')) Session::deleteloginAttempt('OTP'); Session::put('loggedIn', 1); $log = new Log(); $log->loginLog('success'); if (Input::get('nootp') == 1) { $cookiename = 'sisnootp' . Session::get('mobile'); Cookie::put($cookiename, true, 15); unset($cookiename); } Redirect::to('home.php'); } else { $log = new Log();