function check_initial_login()
{
if (!isset($_SESSION['user'])) {
if (!empty($_POST['user_name'])) {
if (attempt_login($_POST['user_name'], $_POST['password'])) {
header('Location:?action=admin&subaction=dashboard');
} else {
header('Location:?action=admin&failed=true');
}
}
}
}
include "includes/session.php";
include "includes/functions.php";
include "includes/validation_functions.php";
require_once "includes/db_connection.php";
?>
<?php
$username = "";
if (isset($_POST['username'])) {
// validation
$required_fields = array("username", "password");
validate_presences($required_fields);
if (empty($errors)) {
$username = $_POST["username"];
$password = $_POST["password"];
$found_admin = attempt_login($username, $password);
}
if ($found_admin) {
// Success
$_SESSION["admin_id"] = $found_admin["id"];
$_SESSION["username"] = $found_admin["username"];
redirect_to("vault.php");
} else {
// Failure
$_SESSION["message"] = "Username/password not found.";
}
} else {
$_SESSION["message"] = "No Post SubmitteD";
}
?>
<div>
function attempt_login_failure()
{
global $connection;
$email = "*****@*****.**";
$password = "******";
assert(!attempt_login($email, $password));
}
if (empty($_POST["password"])) {
$errors["passwordErr"] = "Password is required";
} else {
$password = test_input($_POST["password"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*\$/", $password)) {
$passwordErr = "Only letters and white space allowed";
}
}
}
if (isset($_POST["submit"])) {
if (empty($errors)) {
$username = $_POST['username_email'];
$email = $_POST['username_email'];
$password = $_POST['password'];
$found_user = attempt_login($username, $password, $email);
if ($found_user) {
$user_id = $_SESSION["user_id"];
if ($_SESSION["user_type"] === "Admin" && $_SESSION["user_status"] === "Activated") {
redirect("admin.php?id={$user_id}");
} else {
$error_msg = "Sorry " . ucname($username) . ", your account is temporarily deactivated by the admin.<br>";
}
if ($_SESSION["user_type"] === "Member" && $_SESSION["user_status"] === "Activated") {
redirect("member.php?id={$user_id}");
} else {
$error_msg = "Sorry " . ucname($username) . ", your account is temporarily deactivated by the admin.<br>";
}
} else {
if (!$found_user) {
$error_msg = $_SESSION["error_msg"];
if ($result && mysqli_affected_rows($conn) == 1) {
redirect_to("buzz.php");
} else {
$_SESSION["message"] = "Updation failed.";
}
} else {
$_SESSION["message"] = "Incorrect old password";
}
}
} elseif ($pass_check == "yes" && $propic_check == "no" && empty($_POST['branch']) && empty($_POST['club'])) {
$required_fields = array("new_password", "password");
validate_presence($required_fields);
if (empty($errors)) {
$username = $_SESSION["username"];
$password = $_POST["password"];
$found_user = attempt_login($username, $password);
if ($found_user) {
$_SESSION["user_id"] = $found_user["id"];
$_SESSION["username"] = $found_user["username"];
$sname = $_POST['sname'];
$email = $_POST['email'];
$hashed_password = password_encrypt($_POST["new_password"]);
$query = "UPDATE users SET sname = '{$sname}', email = '{$email}', hashed_password = '******' WHERE username = '******' LIMIT 1";
$result = mysqli_query($conn, $query);
if ($result && mysqli_affected_rows($conn) == 1) {
redirect_to("buzz.php");
} else {
$_SESSION["message"] = "Updation failed.";
}
} else {
$_SESSION["message"] = "Incorrect old password";
<div id="login-container" class="center">
<form id="login-form" action="login.php" method="POST">
<label for="username-text">Username</label>
<input type="text" id="username-text" name="username" required></input>
<label for="password-text">Password</label>
<input type="password" id="password-text" name="password" required></input>
<input type="submit" class="center" />
<div id="need-to-register">Need to <a href="register.php">Register?</a></div>
</form>
</div>
<?php
} else {
// FORM WAS POSTED, YO
// Only checking for those web browsers that do not support the required attribute or for users attempting to bot the form
if (!isset($_POST["username"]) || !isset($_POST["password"])) {
echo "Form not completely filled out. <a href=\"register.php\">Please try again<a/>";
die;
}
// We have all our input
if (attempt_login($_POST["username"], $_POST["password"])) {
echo "Successfully logged in!";
$_SESSION["username"] = $_POST["username"];
$_SESSION["loggedin"] = true;
}
}
?>
</body>
</html>
attempt_connection("nits_recruitment_admin");
function text($data)
{
$data = trim($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
return $data;
}
function attempt_login($username, $password)
{
$username = text($username);
$password = md5(SHA1(text($password)));
$query = "SELECT * FROM admin WHERE username='******' AND password='******' ";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result)) {
return 1;
} else {
return 0;
}
}
if (isset($_POST['a']) && isset($_POST['e'])) {
if (attempt_login($_POST['a'], $_POST['e'])) {
session_start();
$_SESSION['nits_rec_admin'] = 'nits_rec_admin';
die("Login successful");
} else {
die("Invalid Username and Password combination");
}
} else {
die("Username or Password field is empty");
}
require_once '../includes/form_processing.php';
require_once "../includes/output.php";
// Process form from signup.php:
if (isset($_POST['submit'])) {
//Processes form content and redirects with error feedback if needed
process_first_form();
// Process form from address.php
} elseif (isset($_POST['second_submit']) && isset($_SESSION['user_details'])) {
process_second_form();
// Double check for success of previous form submission before prcoeeding
// to send data to the database
if (isset($_SESSION['user_details']) && isset($_SESSION['address_details'])) {
if (create_new_user()) {
//must attempt login in order to get the userId generated from the
//database logic
$user = attempt_login($_SESSION['email'], $_SESSION['password']);
if ($user) {
//login successful
//restart the session
clear_session();
//$_SESSION['logged_in'] = 1;
$_SESSION['role'] = $user['role'];
$_SESSION['userId'] = $user['userId'];
$_SESSION['email'] = $user['email'];
$_SESSION['firstName'] = $user['firstName'];
$_SESSION['lastName'] = $user['lastName'];
//add address details
$_SESSION['street'] = $user['street'];
$_SESSION['zip'] = $user['zip'];
$_SESSION['city'] = $user['city'];
$_SESSION['country'] = $user['country'];
setcookie("test", 45, time() + 60 * 60 * 24 * 7);
require_once '../includes/dbconnection.php';
require_once '../includes/session.php';
require_once '../includes/form_processing.php';
//if user is logged in, log out first:
if (is_buyer() || is_seller()) {
clear_session();
}
if (isset($_POST['submit'])) {
//store form data to display back to the user:
$email = $_POST['email'];
// Process form from login.php
process_login_form();
if ($_POST['login_details']) {
$user = attempt_login($_POST['email'], $_POST['password']);
if ($user) {
//login successful
//restart the session
clear_session();
//$_SESSION['logged_in'] = 1;
$_SESSION['role'] = $user['role'];
$_SESSION['userId'] = $user['userId'];
$_SESSION['email'] = $user['email'];
$_SESSION['firstName'] = $user['firstName'];
$_SESSION['lastName'] = $user['lastName'];
//add address details
$_SESSION['street'] = $user['street'];
$_SESSION['number'] = $user['number'];
$_SESSION['zip'] = $user['zip'];
$_SESSION['city'] = $user['city'];
?>
<?php
if (isset($_POST["submit"])) {
/* process the form */
$user_name = $_POST["user_name"];
$user_pass = $_POST["user_pass"];
/* validations */
$required_fields = array("user_name", "user_pass");
validate_presences($required_fields);
if (!empty($errors)) {
$_SESSION["errors"] = $errors;
redirect_to("login.php");
}
/* attempt login */
$found_user = attempt_login($user_name, $user_pass);
/* test if query succeeded */
if ($found_user) {
/* success, mark user as logged in */
$_SESSION["user_id"] = $found_user["id"];
$_SESSION["user_name"] = $found_user["user_name"];
$_SESSION["user_type"] = $found_user["user_type"];
$_SESSION["message"] = "{$_SESSION["user_name"]}: {$_SESSION["user_type"]} access granted.";
/* direct user to proper menu */
if ($_SESSION["user_type"] == "user") {
redirect_to("index_user.php");
} else {
redirect_to("index_admin.php");
}
} else {
/* failure . . . */
// Maqui-wifi TODO:
// - Display a map with spots on login/signup/about/pricing page(s)
// - Make a trial account generation system (2 minutes timeout)
// - "Please enter your email address and receive a free trial login code"
// -
# UAM Configuration
$uamsecret = "wasa";
# Uncomment the following line if you want to use ordinary user-password
# for radius authentication. Must be used together with $uamsecret.
#$userpassword=1;
## Controller
# 0: Login attempt (if all mandatory authentication parameters are set)
$login_mandatory_params = array('chal', 'uamip', 'uamport', 'username', 'password');
$login_params = array_intersect(array_keys($_GET), $login_mandatory_params);
if (!array_diff($login_mandatory_params, $login_params)) {
attempt_login();
}
# 1: Not logged in yet
if ($_GET['res'] == 'notyet') {
display_notyet();
}
# 2: Login failed
if ($_GET['res'] == 'failed') {
display_failed();
}
# 1: Login successful
if ($_GET['res'] == 'success') {
display_success();
}
# 3: Logged out (TODO: Display a timeout message, and options)
if ($_GET['res'] == 'logoff') {
require_once "../include/db_connection.php";
require_once "../include/functions.php";
include "../include/repeats/header.php";
?>
<?php
$email = "";
if (isset($_POST['submit'])) {
$required_fields = array("Email", "Password");
validate_presences($required_fields);
if (empty($errors)) {
// Attempt Login
$email = $_POST["Email"];
$user = $_POST["Email"];
$password = $_POST["Password"];
$found_user = attempt_login($email, $password);
$found_employee = attempt_employee_login($user, $password);
if ($found_user) {
// Success
// Mark user as logged in
$_SESSION["user_id"] = $found_user["CustomerID"];
$_SESSION["firstname"] = $found_user["Firstname"];
$_SESSION["email"] = $found_user["Email"];
redirect_to("user.php");
} elseif ($found_employee) {
$_SESSION["employee_id"] = $found_employee["EmployeeID"];
$_SESSION["firstname"] = $found_employee["Firstname"];
$_SESSION["user"] = $found_employee["User"];
redirect_to("employee.php");
} else {
$_SESSION["message"] = "Onjuist gebruikersnaam en/of wachtwoord.";
$stmt = $db->prepare('SELECT COUNT(1) AS cnt FROM login_log WHERE user_id = :user_id AND :id < id');
$stmt->bindValue(':user_id', $row['user_id']);
$stmt->bindValue(':id', $row['last_login_id']);
$stmt->execute();
$count = $stmt->fetch(PDO::FETCH_ASSOC)['cnt'];
if ($threshold <= $count) {
array_push($user_ids, $row['login']);
}
}
return $user_ids;
}
dispatch_get('/', function () {
return html('index.html.php');
});
dispatch_post('/login', function () {
$result = attempt_login($_POST['login'], $_POST['password']);
if (!empty($result['user'])) {
session_regenerate_id(true);
$_SESSION['user_id'] = $result['user']['id'];
return redirect_to('/mypage');
} else {
switch ($result['error']) {
case 'locked':
flash('notice', 'This account is locked.');
break;
case 'banned':
flash('notice', "You're banned.");
break;
default:
flash('notice', 'Wrong username or password');
break;
