public function processApi() { global $loggedInUser; // Extract requested API $func = isset($_REQUEST['action']) ? strtolower(trim(str_replace("/", "", $_REQUEST['action']))) : null; if (!$func && isset($_POST['action'])) { $func = $_POST['action']; } // Extract API key if (isUserLoggedIn() && $loggedInUser != NULL) { // if logged in, we get it from current cookie $key = $loggedInUser->activationtoken(); } else { $key = strtolower(trim(str_replace("/", "", $_REQUEST['token']))); if (!$key && isset($_POST['token'])) { $key = $_POST['token']; } } // Verify API key/ Save user id in REQUEST array $is_api_valid = loggedInUser::checkapikey($key); $user = loggedInUser::getuserbyapikey($key); if ($user != null) { $_REQUEST["user"] = $user; } // Go to selected route if (!$is_api_valid) { $this->response('', 401); } else { if ((int) method_exists($this, $func) > 0) { $this->{$func}(); } else { if ($this->get_request_method() == "DELETE" || isset($_REQUEST) && isset($_REQUEST['_method']) && $_REQUEST['_method'] == 'DELETE') { $this->deletefile(); } else { if (isset($_REQUEST) && isset($_REQUEST['download'])) { $this->downloadfile(); } else { $this->response('', 404); } } } } }
} else { $userdetails = fetchUserDetails($username); //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; //Update last sign in $loggedInUser->updateLastSignIn(); $_SESSION["userCakeUser"] = $loggedInUser; //Redirect to user account page header("Location: account.php"); die; } } }
} else { $userdetails = fetchUserDetails($username); //See if the user's account is activation if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["user_id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->display_username = $userdetails["username"]; $loggedInUser->clean_username = $userdetails["username_clean"]; $loggedInUser->remember_me = $remember_choice; $loggedInUser->remember_me_sessid = generateHash(uniqid(rand(), true)); //Update last sign in $loggedInUser->updatelast_sign_in(); if ($loggedInUser->remember_me == 0) { $_SESSION["userPieUser"] = $loggedInUser; } else { if ($loggedInUser->remember_me == 1) { $db->sql_query("INSERT INTO " . $db_table_prefix . "sessions VALUES('" . time() . "', '" . serialize($loggedInUser) . "', '" . $loggedInUser->remember_me_sessid . "')"); setcookie("userPieUser", $loggedInUser->remember_me_sessid, time() + parseLength($remember_me_length));
//See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { if ($userdetails["enabled"] == 0) { $errors[] = lang("ACCOUNT_DISABLED"); } else { // Validate the password if (!passwordVerifyUF($password, $userdetails["password"])) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; $loggedInUser->alerts = array(); //Update last sign in $loggedInUser->updateLastSignIn(); // Update password if we had encountered an outdated hash if (getPasswordHashTypeUF($userdetails["password"]) != "modern") { // Hash the user's password and update $password_hash = passwordHashUF($password); if ($password_hash === null) { error_log("Notice: outdated password hash could not be updated because new hashing algorithm is not supported. Are you running PHP >= 5.3.7?");
} else { $userdetails = fetchUserDetails($username); //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->currency = $userdetails["currency"]; $loggedInUser->remember_me = $remember_choice; $loggedInUser->remember_me_sessid = generateHash(uniqid(rand(), true)); $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; $loggedInUser->dogeaddress = $userdetails["dogeaddress"]; $loggedInUser->autodoge = $userdetails["autodoge"]; $loggedInUser->btcaddress = $userdetails["btcaddress"]; $loggedInUser->autobtc = $userdetails["autobtc"]; //Update last sign in $loggedInUser->updateLastSignIn();
} else { $userdetails = fetchUserDetails($username); //See if the user's account is activated if ($userdetails["active"] == 0) { $loginErrors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($pass, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $loginErrors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; //Update last sign in $loggedInUser->updateLastSignIn(); $_SESSION["userCakeUser"] = $loggedInUser; //Redirect to homepage header("Location: ../../#/index"); die; } } }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } //Forms posted if (!empty($_POST)) { global $errors; $errors = array(); $username = sanitize(trim($_POST["username"])); $password = trim($_POST["password"]); //Perform some validation //Feel free to edit / change as required if ($username == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } if ($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } if (count($errors) == 0) { //A security note here, never tell the user which credential was incorrect if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; //Update last sign in $loggedInUser->updateLastSignIn(); $this->session->set_userdata('userCakeUser', $loggedInUser); // $_SESSION["userCakeUser"] = $loggedInUser; //Redirect to user account page header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } } } } } $this->load->view('login'); }
<?php error_reporting(E_ALL); $root = "../"; ini_set("date.timezone", "America/Los_Angeles"); require_once "classes.php"; require_once "search.php"; $db = ["people" => new DataBase($root . "data/people.db"), "archives" => new DataBase($root . "data/archives.db")]; $current_year = 1516; if (isset($_GET["wwuid"], $_GET["token"]) && $_GET["wwuid"] != "" && $_GET["token"] != "") { $user = new loggedInUser(json_decode(json_encode(["wwuid" => $_GET["wwuid"], "token" => $_GET["token"]]))); if (!$user->verify()) { $errors[] = "invalid login"; } if (isset($_GET["verify"])) { echo !isset($errors) ? json_encode($user) : "{}"; die; } } if (isset($_GET["q"])) { if (isset($_GET["limits"])) { $limits = explode(",", $_GET["limits"]); } else { $limits = []; } $s = new Search($_GET["q"], $limits); $data["results"] = $s->fetch(); unset($s); } else { if (isset($_GET['cmd']) && !isset($errors)) { include_once $_GET['cmd'] . ".php";
$loggedInUser->candidateid = $userdetails["candidateid"]; $_SESSION["userCakeUser"] = serialize($loggedInUser); session_write_close(); header("Location:account.php"); exit; } } if (employeeExists($username)) { $userdetails = fetchEmployeeDetails($username); $entered_pass = generateHash($password, $userdetails["password"]); if (!isset($userdetails["empid"])) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } elseif ($entered_pass != $userdetails["password"]) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; $loggedInUser->candidate = "N"; $loggedInUser->employee = "Y"; $loggedInUser->candidateid = 0; $loggedInUser->employeeid = $userdetails["empid"]; $loggedInUser->managerid = $userdetails["mgrid"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->permissionid = $userdetails["permissionid"]; $loggedInUser->permissionname = $userdetails["permissionname"]; $loggedInUser->updateLastSignIn(); $_SESSION["userCakeUser"] = serialize($loggedInUser); session_write_close();
function IterateFiles($filters) { if (isset($_GET["date"])) { $filters->timestamp = $_GET["date"]; } if (isset($_GET["hash"])) { $filters->md5 = $_GET["hash"]; } if (isset($_GET["vendor"])) { $filters->vendor = $_GET["vendor"]; } if (isset($_GET["name"])) { $filters->filename = $_GET["name"]; } if (isset($_GET["page"])) { $filters->page = $_GET["page"]; } if (isset($_GET["size"])) { $filters->size = $_GET["size"]; } if (isset($_GET["virustotal"])) { $filters->virustotal = $_GET["virustotal"]; } if (isset($_GET["cuckoo"])) { $filters->cuckoo = $_GET["cuckoo"]; } if (isset($_GET["user"])) { $filters->user = loggedInUser::getusersbyname($_GET["user"]); } if (isset($_GET["comment"])) { $filters->comment = $_GET["comment"]; } if (isset($_GET["favorite"])) { $filters->favorite = $_GET["favorite"]; } if (isset($_GET["tags"])) { $filters->tags = $_GET["tags"]; } $results = GetFilesFromDatabase($filters, isset($_REQUEST["user"]) ? $_REQUEST["user"] : null); $files = array(); for ($i = 0; $i < count($results); ++$i) { array_push($files, $results[$i]['md5']); } return $files; }