public static function updateAutoloaderDb() { if (defined('\\UPDATE_AUTOLOADER') === false || \UPDATE_AUTOLOADER === false) { $user = new UserAuth(); if ($user->isAdmin() === true) { unset($user); parent::classesScanner(); self::compareClasses(parent::getClassesStack(), false); } else { throw new \RuntimeException("Access Deny", 6029); } } else { parent::classesScanner(); self::compareClasses(parent::getClassesStack(), false); } }
function do_login() { global $current_user, $globals; $form_ip_check = check_form_auth_ip(); $previous_login_failed = log_get_date('login_failed', $globals['form_user_ip_int'], 0, 300); echo '<form action="' . get_auth_link() . 'login.php" id="xxxthisform" method="post">' . "\n"; if ($_POST["processlogin"] == 1) { // Check the IP, otherwise redirect if (!$form_ip_check) { header("Location: http://" . get_server_name() . $globals['base_url'] . "login.php"); die; } $username = clean_input_string(trim($_POST['username'])); $password = trim($_POST['password']); if ($_POST['persistent']) { $persistent = 3600000; // 1000 hours } else { $persistent = 0; } // Check form if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) { log_insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('el código de seguridad no es correcto')); } elseif ($current_user->Authenticate($username, md5($password), $persistent) == false) { log_insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta')); $previous_login_failed++; } else { UserAuth::check_clon_from_cookies(); if (!empty($_REQUEST['return'])) { header('Location: ' . $_REQUEST['return']); } else { header('Location: ./'); } die; } } echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n"; echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n"; echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n"; echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n"; echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n"; // Print captcha if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) { ts_print_form(); } get_form_auth_ip(); echo '<p><input type="submit" value="login" tabindex="4" />' . "\n"; echo '<input type="hidden" name="processlogin" value="1"/></p>' . "\n"; echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n"; echo '</form>' . "\n"; echo '<div><strong><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></strong></div>' . "\n"; echo '<div style="margin-top: 30px">'; print_oauth_icons($_REQUEST['return']); echo '</div>' . "\n"; }
/** * @return void */ public function initUser() { $UserAuth = new UserAuth(); /* * Auto login... if user during a previos * visit set AUTOLOGIN option */ if (!isset($_SESSION['user']) and isset($_COOKIE['autologin'])) { $UserAuth->autoLogin(); } /* * if user is autorizet set * last time visit * This information store in <DataBase>.users */ if (!empty($_SESSION['user'])) { $UserAuth->setTimeVisit(); } }
/** * Send Message */ public function sendMessage($h) { $result = $h->sendMessage($this->to, '', $this->subject, $this->body); if (is_array($result)) { // error array! $this->errors = $result; return false; } else { // must be the insert id: $this->id = $result; } // code here to call sendEmailNotification IF PERMITTED $recipient = new UserAuth(); $recipient_id = $h->getUserIdFromName($this->to); $recipient->getUserBasic($h, $recipient_id); $recipient_settings = $recipient->getProfileSettingsData($h, 'user_settings'); if ($recipient_settings['pm_notify']) { $this->sendEmailNotification($h); } return true; }
/** * Returns an instance of the enabled user auth class. * * @return UserAuth */ public static function getInstance() { if (self::$instance === null) { // call loadInstance event if (!defined('NO_IMPORTS')) { EventHandler::fireAction('UserAuth', 'loadInstance'); } if (self::$instance === null) { self::$instance = new UserAuthDefault(); } } return self::$instance; }
/** * @see SessionFactory::create() */ public function create() { // get spider information $spider = $this->isSpider(UserUtil::getUserAgent()); if ($spider) { if (($session = $this->getExistingSpiderSession($spider['spiderID'])) !== null) { if (!$session->isCorrupt()) { return $session; } } } // create new session hash $sessionID = StringUtil::getRandomID(); // check cookies for userID & password require_once WCF_DIR . 'lib/system/auth/UserAuth.class.php'; $user = UserAuth::getInstance()->loginAutomatically(true, $this->userClassName); if ($user === null) { // no valid user found // create guest user $user = new $this->guestClassName(); } // update user session $user->update(); if ($user->userID != 0) { // user is no guest // delete all other sessions of this user Session::deleteSessions($user->userID, true, false); } $requestMethod = !empty($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : ''; // insert session into database $sql = "INSERT INTO \twcf" . WCF_N . "_session\n\t\t\t\t\t(sessionID, packageID, userID, ipAddress, userAgent,\n\t\t\t\t\tlastActivityTime, requestURI, requestMethod,\n\t\t\t\t\tusername" . ($spider ? ", spiderID" : "") . ")\n\t\t\tVALUES\t\t('" . $sessionID . "',\n\t\t\t\t\t" . PACKAGE_ID . ",\n\t\t\t\t\t" . $user->userID . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getIpAddress()) . "',\n\t\t\t\t\t'" . escapeString(UserUtil::getUserAgent()) . "',\n\t\t\t\t\t" . TIME_NOW . ",\n\t\t\t\t\t'" . escapeString(UserUtil::getRequestURI()) . "',\n\t\t\t\t\t'" . escapeString($requestMethod) . "',\n\t\t\t\t\t'" . ($spider ? escapeString($spider['spiderName']) : escapeString($user->username)) . "'\n\t\t\t\t\t" . ($spider ? ", " . $spider['spiderID'] : "") . ")"; WCF::getDB()->sendQuery($sql); // save user data $serializedUserData = ''; if (ENABLE_SESSION_DATA_CACHE && get_class(WCF::getCache()->getCacheSource()) == 'MemcacheCacheSource') { require_once WCF_DIR . 'lib/system/cache/source/MemcacheAdapter.class.php'; MemcacheAdapter::getInstance()->getMemcache()->set('session_userdata_-' . $sessionID, $user); } else { $serializedUserData = serialize($user); try { $sql = "INSERT INTO \twcf" . WCF_N . "_session_data\n\t\t\t\t\t\t\t(sessionID, userData)\n\t\t\t\t\tVALUES \t\t('" . $sessionID . "',\n\t\t\t\t\t\t\t'" . escapeString($serializedUserData) . "')"; WCF::getDB()->sendQuery($sql); } catch (DatabaseException $e) { // horizon update workaround $sql = "UPDATE \twcf" . WCF_N . "_session\n\t\t\t\t\tSET\tuserData = '" . escapeString($serializedUserData) . "'\n\t\t\t\t\tWHERE\tsessionID = '" . $sessionID . "'"; WCF::getDB()->sendQuery($sql); } } // return new session object return new $this->sessionClassName(null, array('sessionID' => $sessionID, 'packageID' => PACKAGE_ID, 'userID' => $user->userID, 'ipAddress' => UserUtil::getIpAddress(), 'userAgent' => UserUtil::getUserAgent(), 'lastActivityTime' => TIME_NOW, 'requestURI' => UserUtil::getRequestURI(), 'requestMethod' => $requestMethod, 'userData' => $serializedUserData, 'sessionVariables' => '', 'username' => $spider ? $spider['spiderName'] : $user->username, 'spiderID' => $spider ? $spider['spiderID'] : 0, 'isNew' => true)); }
/** * Returns a given user's profile * * @param string $username Username's profile to return * @return array */ public static function getUserProfile($username) { if (!UserAuth::isUser($username)) { return null; } $content = substr(File::get(Config::getConfigPath() . "/users/" . $username . ".yaml"), 3); $divide = strpos($content, "\n---"); $front_matter = trim(substr($content, 0, $divide)); $content_raw = trim(substr($content, $divide + 4)); $profile = YAML::parse($front_matter); $profile['biography_raw'] = $content_raw; $profile['biography'] = Content::transform($content_raw); $profile['username'] = $username; return $profile; }
<?php $DBVAR = new DB(); /* Deklarasi class UserAuth * Class Name : UserAuth * Location :root_path/function/userAuth/user_func.php * Warning !!! Jangan buat nama variabel sama dengan nama variabel ini */ $USERAUTH = new UserAuth(); $SESSION = new Session(); /* Ambil session user */ $UserSession = $SESSION->get_session_user(); if (isset($_POST['login'])) { $dataVar = array ('username'=>$_POST['username'], 'password'=>md5($_POST['password']), 'token' => 0); $dataValid = $DBVAR->form_validation($dataVar); if (is_array($dataValid)) { $dataLogin = $USERAUTH->check_login_user($dataValid); if ($dataLogin == true) {
define('INSIDE', true); define('LOGIN', true); $ugamela_root_path = './'; include $ugamela_root_path . 'extension.inc'; include $ugamela_root_path . 'common.' . $phpEx; require_once WCF_DIR . 'lib/acp/form/LoginForm.class.php'; includeLang('login'); if ($_POST || isset($_GET['username']) && isset($_GET['password'])) { $login = WCF::getDB()->getFirstRow("SELECT * FROM ugml_users WHERE username = '******'username']) . "'"); if ($login) { /** * WCF Hack */ try { $wcfUser = UserAuth::getInstance()->loginManually($_REQUEST['username'], $_REQUEST['password']); UserAuth::getInstance()->storeAccessData($wcfUser, $_REQUEST['username'], $_REQUEST['password']); WCF::getSession()->changeUser($wcfUser); } catch (Exception $e) { message($lang['Login_FailPassword'], $lang['Login_Error']); exit; } $sql = "UPDATE ugml_users\r\n\t\t\t\tSET lastLoginTime = " . TIME_NOW . ",\r\n\t\t\t\t\tcurrent_planet = id_planet,\r\n\t\t\t\t\tplanetClassName = 'UserPlanet'\r\n\t\t\t\tWHERE id = " . $login['id']; WCF::getDB()->sendQuery($sql); // ugamela $expiretime = 0; $rememberme = 0; @(include 'config.php'); $cookie = $wcfUser->userID . ' ' . md5($_REQUEST['password'] . '--' . $dbsettings['secretword']) . " " . $rememberme; setcookie('LWGAME_REF_N', 1, time() + 24 * 60 * 60 * 365 * 10); setcookie($game_config['COOKIE_NAME'], $cookie, $expiretime); // dili link
function save_profile() { global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max; $errors = 0; // benjami: control added (2005-12-22) $new_pass = false; $messages = array(); $form_hash = md5($site_key . $user->id . $current_user->user_id); if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) { $old_user_login = $user->username; $old_user_id = $user->id; $user->disable(true); Log::insert('user_delete', $old_user_id, $old_user_id); syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} "); $current_user->Logout(get_user_uri($user->username)); die; } if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) { return; } if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) { array_push($messages, _('Falta la clave de control')); $errors++; } if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) { $newname = trim($_POST['username']); if (strlen($newname) < 3) { array_push($messages, _('nombre demasiado corto')); $errors++; } if (!check_username($newname)) { array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos')); $errors++; } elseif (user_exists($newname, $user->id)) { array_push($messages, _('el usuario ya existe')); $errors++; } else { $user->username = $newname; } } if (!empty($_POST['bio']) || $user->bio) { $bio = clean_text($_POST['bio'], 0, false, $bio_max); if ($bio != $user->bio) { $user->bio = $bio; } } if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) { array_push($messages, _('el correo electrónico no es correcto')); $errors++; } elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) { array_push($messages, _('ya existe otro usuario con esa dirección de correo')); $errors++; } else { $user->email = trim($_POST['email']); } $user->url = htmlspecialchars(clean_input_url($_POST['url'])); // Check IM address if (!empty($_POST['public_info'])) { $_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info'])); $public = $db->escape($_POST['public_info']); $im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'")); if ($im_count > 0) { array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado')); $_POST['public_info'] = ''; $errors++; } } $user->phone = $_POST['phone']; $user->public_info = htmlspecialchars(clean_input_url($_POST['public_info'])); // End check IM address if ($user->id == $current_user->user_id) { // Check phone number if (!empty($_POST['phone'])) { if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) { array_push($messages, _('número telefónico erróneo, no se ha grabado')); $_POST['phone'] = ''; $errors++; } else { $phone = $db->escape($_POST['phone']); $phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'")); if ($phone_count > 0) { array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado')); $_POST['phone'] = ''; $errors++; } } } $user->phone = $_POST['phone']; // End check phone number } // Verifies adsense code if ($globals['external_user_ads']) { $_POST['adcode'] = trim($_POST['adcode']); $_POST['adchannel'] = trim($_POST['adchannel']); if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) { if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) { array_push($messages, _('código AdSense incorrecto, no se ha grabado')); $_POST['adcode'] = ''; $errors++; } else { $adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'")); if ($adcode_count > 0) { array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado')); $_POST['adcode'] = ''; $errors++; } } } if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) { if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) { array_push($messages, _('canal AdSense incorrecto, no se ha grabado')); $_POST['adchannel'] = ''; $errors++; } } $user->adcode = $_POST['adcode']; $user->adchannel = $_POST['adchannel']; } $user->names = clean_text($_POST['names']); if (!empty($_POST['password']) || !empty($_POST['password2'])) { if (!check_password($_POST["password"])) { array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números')); $errors = 1; } else { if (trim($_POST['password']) !== trim($_POST['password2'])) { array_push($messages, _('las claves no son iguales, no se ha modificado')); $errors = 1; } else { $new_pass = trim($_POST['password']); $user->pass = UserAuth::hash($new_pass); array_push($messages, _('La clave se ha cambiado')); $pass_changed = true; } } } if ($admin_mode && !empty($_POST['user_level'])) { $user->level = $db->escape($_POST['user_level']); } if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) { $user->karma = $_POST['karma']; } $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4; // Manage avatars upload if (!empty($_FILES['image']['tmp_name'])) { if (avatars_check_upload_size('image')) { $avatar_mtime = avatars_manage_upload($user->id, 'image'); if (!$avatar_mtime) { array_push($messages, _('error guardando la imagen')); $errors = 1; $user->avatar = 0; } else { $user->avatar = $avatar_mtime; } } else { array_push($messages, _('el tamaño de la imagen excede el límite')); $errors = 1; $user->avatar = 0; } } elseif ($_POST['avatar_delete']) { $user->avatar = 0; avatars_remove($user->id); } // Reset avatar for the logged user if ($current_user->user_id == $user->id) { $current_user->user_avatar = $user->avatar; } if (!$errors) { if (empty($user->ip)) { $user->ip = $globals['user_ip']; } $user->store(); $user->read(); if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) { $current_user->Authenticate($user->username, $new_pass); } array_push($messages, _('datos actualizados')); } return $messages; }
$comment = new Comment(); $comment->id = $id; if (!$comment->read_basic()) { error(_('comentario inexistente')); } if ($comment->author == $current_user->user_id) { error(_('no puedes votar a tus comentarios')); } if ($comment->date < time() - $globals['time_enabled_comments']) { error(_('votos cerrados')); } // Check the user is not a clon by cookie of others that voted the same cooemnt if (UserAuth::check_clon_votes($current_user->user_id, $id, 5, 'comments') > 0) { error(_('no se puede votar con clones')); } if ($value > 0) { $votes_freq = intval($db->get_var("select count(*) from votes where vote_type='comments' and vote_user_id=$current_user->user_id and vote_date > subtime(now(), '0:0:30') and vote_value > 0 and vote_ip_int = ".$globals['user_ip_int'])); $freq = 10; } else { $votes_freq = intval($db->get_var("select count(*) from votes where vote_type='comments' and vote_user_id=$current_user->user_id and vote_date > subtime(now(), '0:0:30') and vote_value <= 0 and vote_ip_int = ".$globals['user_ip_int'])); $freq = 5; } if ($votes_freq > $freq) { if ($current_user->user_id > 0 && $current_user->user_karma > 4) { // Crazy votes attack, decrease karma
"username"=> "*****@*****.**", "password"=> "GmailPassword", "port" => 587, "secure"=>"tls" ], "cookies"=>[ "user"=>[ "lifetime"=>time()+60*60*24*7 ] ], "test"=>false, "onStartup"=>function($action){ if(!Auth::isAuth() && $action[0]!=="UserAuth" && @$action[1]!=="disconnect"){ if(array_key_exists("autoConnect", $_COOKIE)){ $_SESSION["action"]=$action; $ctrl=new UserAuth(); $ctrl->initialize(); $ctrl->signin_with_hybridauth(array($_COOKIE["autoConnect"])); $ctrl->finalize(); die(); }else if(array_key_exists("user", $_COOKIE)){ $user = DAO::getOne("User", $_COOKIE['user']); $_SESSION["user"] = $user; $_SESSION['KCFINDER'] = array( 'disabled' => true ); $_SESSION['logStatus'] = 'success'; } } },
static function check_clon_from_cookies() { global $current_user, $globals; // Check the cookies and store clones $clones = array_reverse($current_user->GetClones()); // First item is the current login, second is the previous if (count($clones) > 1 && $clones[0] != $clones[1]) { // Ignore if last two logins are the same user $visited = array(); foreach ($clones as $id) { if ($current_user->user_id != $id && !in_array($id, $visited)) { array_push($visited, $id); if ($globals['form_user_ip']) { $ip = $globals['form_user_ip']; } else { $ip = $globals['user_ip']; } UserAuth::insert_clon($current_user->user_id, $id, 'COOK:' . $ip); } } } }
/** * @see Form::save() */ public function save() { AbstractForm::save(); // save language id $this->additionalFields['languageID'] = $this->languageID; // save registration ip address $this->additionalFields['registrationIpAddress'] = WCF::getSession()->ipAddress; // generate activation code $addDefaultGroups = true; if (REGISTER_ACTIVATION_METHOD == 1 || REGISTER_ACTIVATION_METHOD == 2) { $activationCode = UserRegistrationUtil::getActivationCode(); $this->additionalFields['activationCode'] = $activationCode; $addDefaultGroups = false; $this->groupIDs = Group::getGroupIdsByType(array(Group::EVERYONE, Group::GUESTS)); } // create $this->user = UserEditor::create($this->username, $this->email, $this->password, $this->groupIDs, $this->activeOptions, $this->additionalFields, $this->visibleLanguages, $addDefaultGroups); // update session WCF::getSession()->changeUser($this->user); // activation management if (REGISTER_ACTIVATION_METHOD == 0) { $this->message = 'wcf.user.register.success'; } if (REGISTER_ACTIVATION_METHOD == 1) { $mail = new Mail(array($this->username => $this->email), WCF::getLanguage()->get('wcf.user.register.needActivation.mail.subject', array('PAGE_TITLE' => WCF::getLanguage()->get(PAGE_TITLE))), WCF::getLanguage()->get('wcf.user.register.needActivation.mail', array('PAGE_TITLE' => WCF::getLanguage()->get(PAGE_TITLE), '$username' => $this->username, '$userID' => $this->user->userID, '$activationCode' => $activationCode, 'PAGE_URL' => PAGE_URL, 'MAIL_ADMIN_ADDRESS' => MAIL_ADMIN_ADDRESS))); $mail->send(); $this->message = 'wcf.user.register.needActivation'; } if (REGISTER_ACTIVATION_METHOD == 2) { $this->message = 'wcf.user.register.awaitActivation'; } // notify admin if (REGISTER_ADMIN_NOTIFICATION) { // get default language $language = WCF::getLanguage()->getLanguageID() != Language::getDefaultLanguageID() ? new Language(Language::getDefaultLanguageID()) : WCF::getLanguage(); $language->setLocale(); // send mail $mail = new Mail(MAIL_ADMIN_ADDRESS, $language->get('wcf.user.register.notification.mail.subject', array('PAGE_TITLE' => $language->get(PAGE_TITLE))), $language->get('wcf.user.register.notification.mail', array('PAGE_TITLE' => $language->get(PAGE_TITLE), '$username' => $this->username))); $mail->send(); WCF::getLanguage()->setLocale(); } // delete captcha if (REGISTER_USE_CAPTCHA && !WCF::getSession()->getVar('captchaDone')) { $this->captcha->delete(); } WCF::getSession()->unregister('captchaDone'); // login user UserAuth::getInstance()->storeAccessData($this->user, $this->username, $this->password); $this->saved(); // forward to index page WCF::getTPL()->assign(array('url' => 'index.php' . SID_ARG_1ST, 'message' => WCF::getLanguage()->get($this->message, array('$username' => $this->username, '$email' => $this->email)))); WCF::getTPL()->display('redirect'); exit; }
function do_register2() { global $db, $current_user, $globals; if (!ts_is_human()) { register_error(_('el código de seguridad no es correcto')); return; } if (!check_user_fields()) { return; } $username = clean_input_string(trim($_POST['username'])); // sanity check $dbusername = $db->escape($username); // sanity check $password = UserAuth::hash(trim($_POST['password'])); $email = clean_input_string(trim($_POST['email'])); // sanity check $dbemail = $db->escape($email); // sanity check $user_ip = $globals['form_user_ip']; if (!user_exists($username)) { if ($db->query("INSERT INTO users (user_login, user_login_register, user_email, user_email_register, user_pass, user_date, user_ip) VALUES ('{$dbusername}', '{$dbusername}', '{$dbemail}', '{$dbemail}', '{$password}', now(), '{$user_ip}')")) { echo '<fieldset>' . "\n"; echo '<legend><span class="sign">' . _("registro de usuario") . '</span></legend>' . "\n"; $user = new User(); $user->username = $username; if (!$user->read()) { register_error(_('error insertando usuario en la base de datos')); } else { require_once mnminclude . 'mail.php'; $sent = send_recover_mail($user); $globals['user_ip'] = $user_ip; //we force to insert de log with the same IP as the form Log::insert('user_new', $user->id, $user->id); } echo '</fieldset>' . "\n"; } else { register_error(_("error insertando usuario en la base de datos")); } } else { register_error(_("el usuario ya existe")); } }
//Sign Up $app->post('/sign_up', function () use($app) { $params = $app->request->params(); $u = User::exists($params['email']); if ($u == 0) { //No Exsists // $params['password']= $params['password'];//sha1($params['password']);//Encrypt password $r = User::sign_up($params); $app->response->body($r); } else { $app->response->body(json_encode(["error" => "exists"])); } }); //User Jobs $app->get("/user/jobs/:user_id", function ($user_id) use($app) { UserAuth::new_key($user_id); $u = User::find($user_id); //Find User $u->jobs; $u->userToken; $app->response->body($u->toJson()); }); //Full User Details/Profile $app->post("/user/profile/", function () use($app) { $user_id = $app->request->params('user_id'); // $token = $app->request->params('token'); // UserAuth::authenticate($user_id,$token);//Authenticate or Fail $u = User::find($user_id); //Find User //$u->userToken; $app->response->body($u->toJson());
function save_profile() { global $db, $user, $current_user, $globals, $site_key; $errors = 0; // benjami: control added (2005-12-22) $new_pass = false; $messages = ''; $form_hash = md5($site_key . $user->id . mnminclude); if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) { return; } if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) { $messages .= '<p class="form-error">' . _('Falta la clave de control') . '</p>'; $errors++; } if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) { if (strlen(trim($_POST['username'])) < 3) { $messages .= '<p class="form-error">' . _('nombre demasiado corto') . '</p>'; $errors++; } if (!check_username($_POST['username'])) { $messages .= '<p class="form-error">' . _('nombre de usuario erróneo, caracteres no admitidos') . '</p>'; $errors++; } elseif (user_exists(trim($_POST['username']))) { $messages .= '<p class="form-error">' . _('el usuario ya existe') . '</p>'; $errors++; } else { $user->username = trim($_POST['username']); } } if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) { $messages .= '<p class="form-error">' . _('el correo electrónico no es correcto') . '</p>'; $errors++; } elseif (trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) { $messages .= '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>'; $errors++; } $user->url = htmlspecialchars(clean_input_url($_POST['url'])); $user->names = clean_text($_POST['names']); if (!empty($_POST['password']) || !empty($_POST['password2'])) { if (!check_password($_POST["password"])) { $messages .= '<p class="form-error">' . _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números') . '</p>'; $errors = 1; } else { if (trim($_POST['password']) !== trim($_POST['password2'])) { $messages .= '<p class="form-error">' . _('las claves no son iguales, no se ha modificado') . '</p>'; $errors = 1; } else { $new_pass = trim($_POST['password']); $user->pass = UserAuth::hash($new_pass); $messages .= '<p class="form-error">' . _('La clave se ha cambiado') . '</p>'; $new_pass = true; } } } $user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4; // Manage avatars upload if (!empty($_FILES['image']['tmp_name'])) { if (avatars_check_upload_size('image')) { $avatar_mtime = avatars_manage_upload($user->id, 'image'); if (!$avatar_mtime) { $messages .= '<p class="form-error">' . _('error guardando la imagen') . '</p>'; $errors = 1; $user->avatar = 0; } else { $user->avatar = $avatar_mtime; } } else { $messages .= '<p class="form-error">' . _('el tamaño de la imagen excede el límite') . '</p>'; $errors = 1; $user->avatar = 0; } } if (!$errors) { if (empty($user->ip)) { $user->ip = $globals['user_ip']; } $user->store(); $user->read(); if ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass) { $current_user->Authenticate($user->username, $new_pass); } $messages .= '<p class="form-error">' . _('datos actualizados') . '</p>'; } return $messages; }
/** * Check email confirmation code * * @return true; */ public function checkEmailConfirmation($h) { $user_id = $h->cage->get->getInt('id'); $conf = $h->cage->get->getAlnum('conf'); $user = new UserAuth(); $user->getUserBasic($h, $user_id); if (!$user_id || !$conf) { $h->messages[$h->lang['user_signin_register_emailconf_fail']] = 'red'; } $sql = "SELECT user_email_conf FROM " . TABLE_USERS . " WHERE user_id = %d"; $user_email_conf = $h->db->get_var($h->db->prepare($sql, $user_id)); if ($conf === $user_email_conf) { // update role: $user->role = $h->vars['regStatus']; $h->pluginHook('user_signin_email_conf_post_role'); // update user with new permissions: $new_perms = $user->getDefaultPermissions($h, $user->role); unset($new_perms['options']); // don't need this for individual users $user->setAllPermissions($new_perms); $user->updatePermissions($h); $user->updateUserBasic($h); // set email valid to 1: $sql = "UPDATE " . TABLE_USERS . " SET user_email_valid = %d WHERE user_id = %d"; $h->db->query($h->db->prepare($sql, 1, $user->id)); // notify chosen mods of new user by email: if ($h->vars['useEmailNotify'] == 'checked' && file_exists(PLUGINS . 'users/libs/UserFunctions.php')) { require_once PLUGINS . 'users/libs/UserFunctions.php'; $uf = new UserFunctions(); $uf->notifyMods($h, 'user', $user->role, $user->id); } $success_message = $h->lang['user_signin_register_emailconf_success'] . " <br /><b><a href='" . $h->url(array('page' => 'login')) . "'>" . $h->lang['user_signin_register_emailconf_success_login'] . "</a></b>"; $h->messages[$success_message] = 'green'; } else { $h->messages[$h->lang['user_signin_register_emailconf_fail']] = 'red'; } return true; }
function user_return() { global $globals; // syslog(LOG_INFO, "user_return: ". $this->return. " COOKIE: ".$_COOKIE['return']); setcookie('return', '', time() - 10000, $globals['base_url'], UserAuth::domain()); setcookie('return', '', time() - 10000, $globals['base_url']); if (!empty($this->return)) { header('Location: http://' . get_server_name() . $this->return); } else { header('Location: http://' . get_server_name() . $globals['base_url']); } exit; }
/** * Создание пользователя из соцсети */ public static function createAuthUser($attributes) { $user = new User(); $auth = new UserAuth(); $user->attributes = $attributes; $auth->attributes = $attributes; $user->setAttributes(array('created' => date('Y-m-d H:i:s'), 'changed' => date('Y-m-d H:i:s'), 'last_visit' => time(), 'registration_ip' => Yii::app()->request->userHostAddress, 'status' => self::STATUS_ACTIVE, 'is_social_user' => self::SOCIAL_USER_YES)); $auth->setAttributes(array('created' => date('Y-m-d H:i:s'), 'changed' => date('Y-m-d H:i:s'))); if ($attributes['photo']) { $photo = new Photo(); $photo->filename = String::randomString(12); $user->avatar = $photo->uploadImage($attributes['photo'], param('images/user')); $auth->service_user_pic = $attributes['photo']; } $user->auth = $auth; if ($user->withRelated->save(false, array('auth'))) { return $user; } else { throw new Exception('Пользователь не создался ... '); } }
<?php $USERAUTH = new UserAuth(); $SESSION = new Session(); $SessionUser = $SESSION->get_session_user(); $menuPath = $USERAUTH->FrontEnd_show_menu($SessionUser); // pr($menuPath); ?> <aside> <nav> <ul> <?php if (isset($_SESSION['ses_utoken'])) { ?> <li align="center"> <ul> <a href="<?php echo "{$url_rewrite}"; ?> " class="iconHOme"> <li class="icohome"><i class="fa fa-home fa-fw fa-3x"></i></li> </a> </ul> </li> <li align="center"> <ul> <li class="home"> <table border="0" width="100%"> <tr>
* ----Require semua configurasi APP yang digunakan---- * */ require "../../config/config.php"; $DBVAR = new DB(); /* Deklarasi class UserAuth * Class Name : UserAuth * Location :root_path/function/userAuth/user_func.php * Warning !!! Jangan buat nama variabel sama dengan nama variabel ini */ $USERAUTH = new UserAuth(); $SESSION = new Session(); /* Ambil session admin */ $UserSession = $SESSION->get_session_user(); if (isset($_POST['login'])) { $dataVar = array ('username'=>$_POST['username'], 'password'=>md5($_POST['password']), 'token' => 0); $dataValid = $DBVAR->form_validation($dataVar); if (is_array($dataValid)) {
/** * Send new password */ public function sendPassword($h) { // check username $username = $h->cage->post->testUsername('username'); $userAuth = new UserAuth(); $userAuth->getUserBasic($h, 0, $username); if ($userAuth->id) { // send password! $passconf = md5(crypt(md5($userAuth->email), md5($userAuth->email))); $userAuth->newRandomPassword($h, $userAuth->id, $passconf); $h->messages[$h->lang['user_man_new_password_sent']] = 'green'; } else { $h->vars['user_man_username_2'] = $username; // to fill the username field $h->messages[$h->lang['user_man_user_not_found']] = 'red'; } }
static function save_from_post($link, $redirect = true) { global $db, $current_user, $globals; require_once mnminclude . 'ban.php'; if (check_ban_proxy()) { return _('dirección IP no permitida'); } // Check if is a POST of a comment if (!($link->votes > 0 && $link->date > $globals['now'] - $globals['time_enabled_comments'] * 1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0)) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment(); $comment->link = $link->id; $comment->ip = $globals['user_ip']; $comment->randkey = intval($_POST['randkey']); $comment->author = intval($_POST['user_id']); $comment->karma = round($current_user->user_karma); $comment->content = clean_text_with_tags($_POST['comment_content'], 0, false, 10000); // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours + 1); if ($clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval {$hours} hour) and comment_user_id in ({$l})"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ({$current_user->user_login}, {$comment->ip}) in {$link->uri}"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ({$current_user->user_login}, {$link->ip}): " . $link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = {$link->id} and comment_ip='{$comment->ip}' and comment_user_id != {$comment->author}")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ({$current_user->user_login}, {$comment->ip})"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || !preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } if (!$current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ({$current_user->user_login})"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = {$current_user->user_id} and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) { $same_links_count *= 2; } $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma / 6, 2) * 2.5); $karma_penalty = 0; if ($comment_count > $comment_limit || $same_count > 2) { if ($comment_count > $comment_limit) { $karma_penalty += ($comment_count - 3) * 0.1; } if ($same_count > 1) { $karma_penalty += $same_count * 0.25; } } // Check image limits if (!empty($_FILES['image']['tmp_name'])) { $limit_exceded = Upload::current_user_limit_exceded($_FILES['image']['size']); if ($limit_exceded) { return $limit_exceded; } } $db->transaction(); // Check the comment wasn't already stored $r = intval($db->get_var("select count(*) from comments where comment_link_id = {$comment->link} and comment_user_id = {$comment->author} and comment_randkey = {$comment->randkey} FOR UPDATE")); $already_stored = intval($r); if ($already_stored) { $db->rollback(); return _('comentario duplicado'); } if ($karma_penalty > 0) { $db->rollback(); $user = new User($current_user->user_id); $user->add_karma(-$karma_penalty, _('texto repetido o abuso de enlaces en comentarios')); return _('penalización de karma por texto repetido o abuso de enlaces'); } if (!is_null($r) && $comment->store()) { $comment->insert_vote(); $link->update_comments(); $db->commit(); // Check image upload or delete if ($_POST['image_delete']) { $comment->delete_image(); } else { $comment->store_image_from_form('image'); } if ($redirect) { // Comment stored, just redirect to it page header('HTTP/1.1 303 Load'); header('Location: ' . $link->get_permalink() . '/c0' . $comment->order . '#c-' . $comment->order); die; } else { return $comment; } } $db->rollback(); return _('error insertando comentario'); //return $error; }
static function save_from_post($link) { global $db, $current_user, $globals; require_once(mnminclude.'ban.php'); $error = ''; if(check_ban_proxy() && !$globals['development']) return _('dirección IP no permitida'); // Check if is a POST of a comment if( ! ($link->votes > 0 && $link->date > $globals['now']-$globals['time_enabled_comments']*1.01 && $link->comments < $globals['max_comments'] && intval($_POST['link_id']) == $link->id && $current_user->authenticated && intval($_POST['user_id']) == $current_user->user_id && intval($_POST['randkey']) > 0 )) { return _('comentario o usuario incorrecto'); } if ($current_user->user_karma < $globals['min_karma_for_comments'] && $current_user->user_id != $link->author) { return _('karma demasiado bajo'); } $comment = new Comment; $comment->link=$link->id; $comment->ip = $db->escape($globals['user_ip']); $comment->randkey=intval($_POST['randkey']); $comment->author=intval($_POST['user_id']); $comment->karma=round($current_user->user_karma); $comment->content=clean_text_with_tags($_POST['comment_content'], 0, false, 10000); $comment->parent=intval($_POST['parent_id']); //get level $parentComment = new Comment(); $parentComment->id = intval($comment->parent); $parentComment->read_basic(); if ($parentComment->nested_level > $globals['NESTED_COMMENTS_MAX_LEVEL']) { return _('Chegache ao nivel límite de comentarios aniñados...'); } $comment->nested_level = $parentComment->nested_level + 1; // Check if is an admin comment if ($current_user->user_level == 'god' && $_POST['type'] == 'admin') { $comment->type = 'admin'; } // Don't allow to comment with a clone $hours = intval($globals['user_comments_clon_interval']); if ($hours > 0) { $clones = $current_user->get_clones($hours+1); if ( $clones) { $l = implode(',', $clones); $c = (int) $db->get_var("select count(*) from comments where comment_date > date_sub(now(), interval $hours hour) and comment_user_id in ($l)"); if ($c > 0) { syslog(LOG_NOTICE, "Meneame, clon comment ($current_user->user_login, $comment->ip) in $link->uri"); return _('ya hizo un comentario con usuarios clones'); } } } // Basic check to avoid abuses from same IP if (!$current_user->admin && $current_user->user_karma < 6.2) { // Don't check in case of admin comments or higher karma // Avoid astroturfing from the same link's author if ($link->status != 'published' && $link->ip == $globals['user_ip'] && $link->author != $comment->author) { UserAuth::insert_clon($comment->author, $link->author, $link->ip); syslog(LOG_NOTICE, "Meneame, comment-link astroturfing ($current_user->user_login, $link->ip): ".$link->get_permalink()); return _('no se puede comentar desde la misma IP del autor del envío'); } // Avoid floods with clones from the same IP if (intval($db->get_var("select count(*) from comments where comment_link_id = $link->id and comment_ip='$comment->ip' and comment_user_id != $comment->author")) > 1) { syslog(LOG_NOTICE, "Meneame, comment astroturfing ($current_user->user_login, $comment->ip)"); return _('demasiados comentarios desde la misma IP con usuarios diferentes'); } } if (mb_strlen($comment->content) < 5 || ! preg_match('/[a-zA-Z:-]/', $_POST['comment_content'])) { // Check there are at least a valid char return _('texto muy breve o caracteres no válidos'); } // Check the comment wasn't already stored $already_stored = intval($db->get_var("select count(*) from comments where comment_link_id = $comment->link and comment_user_id = $comment->author and comment_randkey = $comment->randkey")); if ($already_stored) { return _('comentario duplicado'); } if (! $current_user->admin) { $comment->get_links(); if ($comment->banned && $current_user->Date() > $globals['now'] - 86400) { syslog(LOG_NOTICE, "Meneame: comment not inserted, banned link ($current_user->user_login)"); return _('comentario no insertado, enlace a sitio deshabilitado (y usuario reciente)'); } // Lower karma to comments' spammers $comment_count = (int) $db->get_var("select count(*) from comments where comment_user_id = $current_user->user_id and comment_date > date_sub(now(), interval 3 minute)"); // Check the text is not the same $same_count = $comment->same_text_count(); $same_links_count = $comment->same_links_count(); if ($comment->banned) $same_links_count *= 2; $same_count += $same_links_count; } else { $comment_count = $same_count = 0; } $comment_limit = round(min($current_user->user_karma/6, 2) * 2.5); if ($comment_count > $comment_limit || $same_count > 2) { $reduction = 0; if ($comment_count > $comment_limit) { $reduction += ($comment_count-3) * 0.1; } if($same_count > 1) { $reduction += $same_count * 0.25; } if ($reduction > 0) { $user = new User; $user->id = $current_user->user_id; $user->read(); $user->karma = $user->karma - $reduction; syslog(LOG_NOTICE, "Meneame: story decreasing $reduction of karma to $current_user->user_login (now $user->karma)"); $user->store(); $annotation = new Annotation("karma-$user->id"); $annotation->append(_('texto repetido o abuso de enlaces en comentarios').": -$reduction, karma: $user->karma\n"); $error .= ' ' . ('penalización de karma por texto repetido o abuso de enlaces'); } } $db->transaction(); $comment->store(); $comment->insert_vote(); $link->update_comments(); $db->commit(); // Comment stored, just redirect to it page header('Location: '.$link->get_permalink() . '#c-'.$comment->order); die; //return $error; }
function do_login() { global $current_user, $globals; $form_ip_check = check_form_auth_ip(); $previous_login_failed = Log::get_date('login_failed', $globals['form_user_ip_int'], 0, 300); // Show menéame intro only if first try and the there were not previous logins if (!$globals['mobile'] && $previous_login_failed < 3 && empty($_POST["processlogin"]) && empty($_COOKIE['u'])) { echo '<div class="faq wideonly" style="float:right; width:55%; margin-top: 10px;">' . "\n"; // Only prints if the user was redirected from submit.php if (!empty($_REQUEST['return']) && preg_match('/submit\\.php/', $_REQUEST['return'])) { echo '<p style="border:1px solid #FF9400; font-size:1.3em; background:#FEFBEA; font-weight:bold; padding:0.5em 1em;">Para enviar una historia debes ser un usuario registrado</p>' . "\n"; } echo '<h3>' . _('¿Qué es menéame?') . '</h3>' . "\n"; echo '<p>' . _('Es un sitio que te permite enviar una historia que será revisada por todos y será promovida, o no, a la página principal. Cuando un usuario envía una historia ésta queda en la <a href="shakeit.php">cola de pendientes</a> hasta que reúne los votos suficientes para ser promovida a la página principal') . '.</p>' . "\n"; echo '<h3>' . _('¿Todavía no eres usuario de menéame?') . '</h3>' . "\n"; echo '<p>' . _('Como usuario registrado podrás, entre otras cosas') . ':</p>' . "\n"; echo '<ul style="margin-left: 1.5em">' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Enviar historias') . '</strong><br />' . "\n"; echo '<p>' . _('Una vez registrado puedes enviar las historias que consideres interesantes para la comunidad. Si tienes algún tipo de duda sobre que tipo de historias puedes enviar revisa nuestras <a href="faq-es.php">preguntas frecuentes sobre menéame</a>') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Escribir comentarios') . '</strong><br />' . "\n"; echo '<p>' . _('Puedes escribir tu opinión sobre las historias enviadas a menéame mediante comentarios de texto. También puedes votar positivamente aquellos comentarios ingeniosos, divertidos o interesantes y negativamente aquellos que consideres inoportunos') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Perfil de usuario') . '</strong><br />' . "\n"; echo '<p>' . _('Toda tu información como usuario está disponible desde la página de tu perfil. También puedes subir una imagen que representará a tu usuario en menéame. Incluso es posible compartir los ingresos publicitarios de Menéame, solo tienes que introducir el código de tu cuenta Google Adsense desde tu perfil') . '.</p>' . "\n"; echo '</li>' . "\n"; echo '<li>' . "\n"; echo '<strong>' . _('Chatear en tiempo real desde la fisgona') . '</strong><br />' . "\n"; echo '<p>' . _('Gracias a la <a href="sneak.php">fisgona</a> puedes ver en tiempo real toda la actividad de menéame. Además como usuario registrado podrás chatear con mucha más gente de la comunidad menéame') . '</p>' . "\n"; echo '</li>' . "\n"; echo '</ul>' . "\n"; echo '<h3><a href="register.php" style="color:#FF6400; text-decoration:underline; display:block; width:8em; text-align:center; margin:0 auto; padding:0.5em 1em; border:3px double #FFE2C5; background:#FFF3E8;">Regístrate ahora</a></h3>' . "\n"; echo '</div>' . "\n"; echo '<div class="genericform" style="float:left; width:40%; margin: 0">' . "\n"; } else { echo '<div class="genericform" style="float:auto;">' . "\n"; } echo '<form action="' . get_auth_link() . 'login.php" id="thisform" method="post">' . "\n"; if ($_POST["processlogin"] == 1) { // Check the IP, otherwise redirect if (!$form_ip_check) { header('HTTP/1.1 303 Load'); header("Location: http://" . $_COOKIE['return_site'] . $globals['base_url'] . "login.php"); die; } $username = clean_input_string(trim($_POST['username'])); $password = trim($_POST['password']); // Check form if (($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) && !ts_is_human()) { Log::insert('login_failed', $globals['form_user_ip_int'], 0); recover_error(_('el código de seguridad no es correcto') . " ({$previous_login_failed})"); } elseif (strlen($password) > 0 && $current_user->Authenticate($username, $password, $_POST['persistent']) == false) { Log::insert('login_failed', $globals['form_user_ip_int'], 0); $previous_login_failed++; recover_error(_('usuario o email inexistente, sin validar, o clave incorrecta') . " ({$previous_login_failed})"); } else { UserAuth::check_clon_from_cookies(); // If the user is authenticating from a mobile device, keep her in the standard version if ($globals['mobile']) { setcookie('nomobile', '1', 0, $globals['base_url'], UserAuth::domain()); } header('HTTP/1.1 303 Load'); if (!empty($_REQUEST['return'])) { header('Location: http://' . $_COOKIE['return_site'] . $_REQUEST['return']); } else { header('Location: http://' . $_COOKIE['return_site'] . $globals['base_url']); } die; } } echo '<fieldset>' . "\n"; echo '<legend><span class="sign">' . _('usuario y contraseña') . '</span></legend>' . "\n"; echo '<p><label for="name">' . _('usuario o email') . ':</label><br />' . "\n"; echo '<input type="text" name="username" size="25" tabindex="1" id="name" value="' . htmlentities($username) . '" /></p>' . "\n"; echo '<p><label for="password">' . _('clave') . ':</label><br />' . "\n"; echo '<input type="password" name="password" id="password" size="25" tabindex="2"/></p>' . "\n"; echo '<p><label for="remember">' . _('recuérdame') . ': </label><input type="checkbox" name="persistent" id="remember" tabindex="3"/></p>' . "\n"; // Print captcha if ($previous_login_failed > 2 || $globals['captcha_first_login'] == true && !UserAuth::user_cookie_data()) { ts_print_form(); } get_form_auth_ip(); echo '<p><input type="submit" value="login" class="button" tabindex="4" /></p>' . "\n"; print_oauth_icons($_REQUEST['return']); echo '<input type="hidden" name="processlogin" value="1"/>' . "\n"; echo '<input type="hidden" name="return" value="' . htmlspecialchars($_REQUEST['return']) . '"/>' . "\n"; echo '</fieldset>' . "\n"; echo '</form>' . "\n"; echo '<div class="recoverpass" style="text-align:center"><h4><a href="login.php?op=recover">' . _('¿has olvidado la contraseña?') . '</a></h4></div>' . "\n"; echo '</div>' . "\n"; echo '<br/> '; }
$match = new Match($id); if (!$match->read_basic()) { error(_('partido inexistente')); } if (!$match->is_votable()) { error(_('votos cerrados')); } if ($current_user->user_id == 0) { error(_('Los votos anónimos están deshabilitados')); } if ($current_user->user_id != $_REQUEST['user']) { error(_('usuario incorrecto')); } // Check the user is not a clon by cookie of others that voted the same link if ($current_user->user_id > 0 && $match->status != 'published') { if (UserAuth::check_clon_votes($current_user->user_id, $match->id, 5, 'links') > 0) { error(_('no se puede votar con clones')); } } try { $match->insert_vote($vote); } catch (Exception $e) { error($e->getMessage()); } echo $match->json_votes_info(intval($vote)); function error($mess) { $dict['error'] = $mess; echo json_encode($dict); die; }
/** * echoes css and html for sql log * @return void */ public function print_log() { if (!$this->enable_log || DEV && !DEBUG || !(UserAuth::is_local() || php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR']))) { return; } echo '<style>.query_log {margin:0px;padding:0px; width:100%; box-shadow: 10px 10px 5px #888888; border:1px solid #000000; -moz-border-radius-bottomleft:0px; -webkit-border-bottom-left-radius:0px; border-bottom-left-radius:0px; -moz-border-radius-bottomright:0px; -webkit-border-bottom-right-radius:0px; border-bottom-right-radius:0px; -moz-border-radius-topright:0px; -webkit-border-top-right-radius:0px; border-top-right-radius:0px; -moz-border-radius-topleft:0px; -webkit-border-top-left-radius:0px; border-top-left-radius:0px; }.query_log table{border-collapse: collapse; border-spacing: 0; width:100%; height:100%; margin:0px;padding:0px; }.query_log tr:last-child td:last-child {-moz-border-radius-bottomright:0px; -webkit-border-bottom-right-radius:0px; border-bottom-right-radius:0px; } .query_log table tr:first-child td:first-child {-moz-border-radius-topleft:0px; -webkit-border-top-left-radius:0px; border-top-left-radius:0px; } .query_log table tr:first-child td:last-child {-moz-border-radius-topright:0px; -webkit-border-top-right-radius:0px; border-top-right-radius:0px; }.query_log tr:last-child td:first-child{-moz-border-radius-bottomleft:0px; -webkit-border-bottom-left-radius:0px; border-bottom-left-radius:0px; }.query_log tr:hover td{} .query_log tr.master{ background-color:#ffaa56; } .query_log tr.slave { background-color:#ffffff; }.query_log td{vertical-align:middle; border:1px solid #000000; border-width:0px 1px 1px 0px; text-align:left; padding:7px; font-size:10px; font-family:Arial; font-weight:normal; color:#000000; }.query_log tr:last-child td{border-width:0px 1px 0px 0px; }.query_log tr td:last-child{border-width:0px 0px 1px 0px; }.query_log tr:last-child td:last-child{border-width:0px 0px 0px 0px; } .query_log tr:first-child td{background:-o-linear-gradient(bottom, #ff7f00 5%, #bf5f00 100%); background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #ff7f00), color-stop(1, #bf5f00) ); background:-moz-linear-gradient( center top, #ff7f00 5%, #bf5f00 100% ); filter:progid:DXImageTransform.Microsoft.gradient(startColorstr="#ff7f00", endColorstr="#bf5f00"); background: -o-linear-gradient(top,#ff7f00,bf5f00); background-color:#ff7f00; border:0px solid #000000; text-align:center; border-width:0px 0px 1px 1px; font-size:14px; font-family:Arial; font-weight:bold; color:#ffffff; } .query_log tr:first-child:hover td{background:-o-linear-gradient(bottom, #ff7f00 5%, #bf5f00 100%); background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #ff7f00), color-stop(1, #bf5f00) ); background:-moz-linear-gradient( center top, #ff7f00 5%, #bf5f00 100% ); filter:progid:DXImageTransform.Microsoft.gradient(startColorstr="#ff7f00", endColorstr="#bf5f00"); background: -o-linear-gradient(top,#ff7f00,bf5f00); background-color:#ff7f00; } .query_log tr:first-child td:first-child{border-width:0px 0px 1px 0px; } .query_log tr:first-child td:last-child{border-width:0px 0px 1px 1px; }.query_log table tr.error td{background-color:red;color:#fff;font-weight:bold;}</style>'; echo "<div class='query_log'>\n\t\t\t<table style='table-layout:fixed;'>\n\t\t\t\t<tr>\n\t\t\t\t\t<td>Start</td><td>Query</td><td>Records</td><td>Time Taken</td><td>Connection</td><td>Error</td>\n\t\t\t\t</tr>"; echo "<tr><td colspan='4'>Total Queries Executed: " . count($this->queries) . "</td></tr>"; foreach ((array) $this->queries as $key => $query) { $class = ""; if ($query["error"] || $query["time"] > 1) { $class = "error"; } echo "<tr class='{$class} {$query['connection']}'>\n\t\t\t\t<td>{$query['start']}</td><td>{$query['query']}</td><td>{$query['records']}</td><td>{$query['time']}</td><td>{$query['connection']}</td><td>{$query['error']}</td>\n\t\t\t</tr>"; } echo "</table>\n\t\t\t</div>"; }
<?php include "../../../config/config.php"; $USERAUTH = new UserAuth(); $SESSION = new Session(); $menu_id = 28; $SessionUser = $SESSION->get_session_user(); $USERAUTH->FrontEnd_check_akses_menu($menu_id, $SessionUser); ?> <?php ob_start(); ?> <html> <?php include "$path/header.php"; include "$path/title.php"; ?> <body> <?php include "$path/menu.php"; open_connection(); echo '<pre>'; //print_r($_POST); echo '</pre>'; echo '<pre>'; //print_r($dataArr); echo '</pre>';
/** * Bulk User Role Change * * @param string $from name of role to move from * @param string $to name of role to move to * @return bool */ public function bulkRoleChange($h, $from = '', $to = '') { if (!$from || !$to) { return false; } // check $from and $to exist $unique_roles = $this->getUniqueRoles($h); if (!in_array($from, $unique_roles)) { return false; } if (!in_array($to, $unique_roles)) { return false; } $sql = "SELECT user_id FROM " . TABLE_USERS . " WHERE user_role = %s"; $items = $h->db->get_results($h->db->prepare($sql, $from)); if ($items) { // Change role and permissions for each user being moved foreach ($items as $item) { $user = new UserAuth(); $user->getUser($h, $item->user_id); $user->role = $to; $new_perms = $user->getDefaultPermissions($h, $user->role); $user->setAllPermissions($new_perms); $user->updateUserBasic($h); } } return true; }