function checkLogin($referer, $post) { if (isset($_SESSION['username'])) { return 1; } return doLogin($referer, $post); }
function requestProcessor($request) { echo "received request" . PHP_EOL; var_dump($request); if (!isset($request['type'])) { return "ERROR: unsupported message type"; } switch ($request['type']) { case "login": $authentication = doLogin($request['username'], $request['password']); if ($authentication == true) { return array("returnCode" => '0', 'message' => "Login Successful."); } else { return array("returnCode" => '1', 'message' => "Login Unsuccessful."); } case "register": $registerUser = doRegister($request['username'], $request['password'], $request['email']); if ($registerUser == true) { return array("returnCode" => '2', 'message' => "Register Successful."); } else { return array("returnCode" => '3', 'message' => "Register Unsuccessful."); } case "validate_session": return doValidate($request['sessionId']); } //return array("returnCode" => '0', 'message'=>"Server received request and processed"); }
function setupSession() { session_start(); if (!isset($_SERVER["PHP_AUTH_USER"])) { die("Not authorized by HTTP server"); } doLogin($_SERVER["PHP_AUTH_USER"]); }
function requestProcessor($request) { echo "received request" . PHP_EOL; var_dump($request); switch ($request['type']) { case "login": return doLogin($request['username'], $request['password']); case "validate_session": return doValidate($request['sessionId']); } return "received request"; }
function requestProcessor($request) { echo "received request" . PHP_EOL; var_dump($request); if (!isset($request['type'])) { return "ERROR: unsupported message type"; } switch ($request['type']) { case "login": return doLogin($request['username'], $request['password']); case "validate_session": return doValidate($request['sessionId']); } return "Server received request and processed"; }
function login() { if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn']) { header("location:/"); } $username = ''; $password = ''; if (isset($_POST['username'])) { $username = $_POST['username']; } if (isset($_POST['password'])) { $password = $_POST['password']; } if ($username == '' || $password == '') { return; } else { if (doLogin($username, $password)) { header("location:/"); } else { $GLOBALS['flashData'] = "Username or password incorect"; } } }
<?php date_default_timezone_set('Europe/Bucharest'); require_once __DIR__ . '/vendor/autoload.php'; require_once __DIR__ . '/config.php'; use GuzzleHttp\Client; use Symfony\Component\DomCrawler\Crawler; echo "Starting...\n"; sleep(rand(30, 100)); $headers = array('Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8', 'Accept-Encoding' => 'gzip, deflate', 'Accept-Language' => 'en-US,en;q=0.8,ro;q=0.6,pl;q=0.4,de;q=0.2,ru;q=0.2,fr;q=0.2', 'Cache-Control' => 'max-age=0', 'Connection' => 'keep-alive', 'User-Agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36'); foreach ($config['accounts'] as $account) { $client = new Client(['base_uri' => 'http://' . $account['server'], 'cookies' => true]); // Login doLogin($client, $headers, $account['username'], $account['password']); sleep(rand(2, 4)); $farmsList = getFarmsList($client, $headers); sleep(rand(2, 5)); $attackFarmsIds = array(); $lastTime = time() - 30 * 60; foreach ($farmsList['farms'] as $farm) { if (!$farm['isAttacked'] && $farm['prevAttack'] < 3 && $farm['prevAttackTime'] < $lastTime) { echo "Attacking " . $farm['name'] . " (" . $farm['id'] . ").\n"; $attackFarmsIds[] = $farm['id']; } } doAttackFarms($client, $headers, $farmsList['lid'], $farmsList['a'], $attackFarmsIds); } echo "Finished.\n"; // Requests function doLogin($client, $headers, $username, $password) {
<?php session_start(); include 'helpers/error_messages.php'; // Incluye las variables tipo Array para el manejo de errores. include 'functions/login.php'; // Incluye las funciones para el login. if (isset($_POST['login_submitted'])) { if (isset($_POST['InputEmail'])) { $username = $_POST['InputEmail']; } if (isset($_POST['InputPassword'])) { $password = $_POST['InputPassword']; } if (!empty($username) and !empty($password)) { doLogin($username, $password); $LoginExitoso = doCheckLoginStatus(); if ($LoginExitoso) { $Login_ErrorMsg = 0; // Sin mensaje de error. } else { $Login_ErrorMsg = 2; } // En caso que no sea exitoso el login. } else { $Login_ErrorMsg = 1; } // En caso que User o Pass estén vacios. if (isset($_POST['recovering_password'])) { // En caso que se haya pedido recordar password if (!empty($_POST['InputEmail'])) {
<?php function doLogin($uid, $pwd) { $fp = fopen("passwd", "r"); while (!feof($fp)) { $line = chop(fgets($fp)); $a = split(":", $line); if ($uid == $a[0] && $pwd == $a[1]) { fclose($fp); return true; } } fclose($fp); return false; } $user_name = $_REQUEST['user_id']; $user_password = $_REQUEST['user_pwd']; if (doLogin($user_name, $user_password)) { echo "<b>登入成功</b>"; } else { echo "<font color=\"red\"><b>登入失敗,請輸入正確的帳號密碼</b></font>"; }
<?php require 'api/user.php'; // Variables $user_id = $_GET['user_id']; $user_pass = $_GET['user_pass']; $retVal['session_uuid'] = doLogin($user_id, $user_pass); echo json_encode($retVal);
if (preg_match("/^[a-zA-Z0-9-_]{1,50}+\$/", $_POST["password"])) { include "../a/include/mysql.connect.php"; // get user from db $sql = "SELECT * FROM user_about WHERE username='******' AND active = 1"; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); // encrypt the entered password $secret_salt = "InQefAJ6iD"; $password = $_POST['password']; $salted_password = $secret_salt . $password; $password_hash = hash('sha256', $salted_password); // check password if ($row['password'] == $password_hash) { // sets 3 cookies (LoggedInNavbar, LoggedInUsername, LoggedInPassword) // and starts session doLogin($_POST["username"], $_POST["password"], $password_hash); // redirect header('Location: http://roondoo.com/s/set-general.php'); } mysql_close($db); } } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>roondoo | Log In</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href="../a/css/bootstrap.min.css" rel="stylesheet">
public function auth() { $title = 'Администраторская панель'; if (isset($_GET['logout']) and $_GET['logout'] == 'Y') { if (isAdmin()) { doLogout(); } $is_auth_complete = $this::ADMIN_AUTH_LOGOUT; $auth_message = 'Вы не авторизованы'; $showAuthForm = true; } else { if (isAdmin()) { $auth_message = 'Уже авторизован'; $is_auth_complete = $this::ADMIN_AUTH_ALREADY; } else { if (empty($_POST['login']) or empty($_POST['password'])) { $auth_message = 'Необходима авторизация'; $is_auth_complete = $this::ADMIN_AUTH_EMPTY; } else { $login = $_POST['login']; $password = $_POST['password']; if ($login == Settings::admin_login and $password == Settings::admin_password) { $auth_message = 'Авторизация успешна'; $is_auth_complete = $this::ADMIN_AUTH_SUCCESS; } else { $auth_message = 'Неверные данные'; $is_auth_complete = $this::ADMIN_AUTH_WRONG; } } if ($is_auth_complete == $this::ADMIN_AUTH_SUCCESS) { doLogin(); } } if ($is_auth_complete == $this::ADMIN_AUTH_ALREADY or $is_auth_complete == $this::ADMIN_AUTH_SUCCESS) { $showAuthForm = false; } else { $showAuthForm = true; } } $this->data['admin-auth-result'] = array('status' => $is_auth_complete, 'message' => $auth_message, 'showAuthForm' => $showAuthForm); $this->render('templates/admin-auth.phtml', $title); }
if (!is_readable($path)) { echo 'path (' . $pathHTML . ') can\'t be read'; } } /** * perform requested action */ if ($do) { if (isset($_GET['subject']) && !isNull($_GET['subject'])) { $subject = str_replace('/', null, $_GET['subject']); $subjectURL = escape($subject); $subjectHTML = htmlspecialchars($subject); } switch ($do) { case 'login': exit(doLogin()); case 'logout': exit(doLogout()); case 'shell': nonce_check(); exit(shell_exec($_POST['cmd'])); case 'create': nonce_check(); exit(doCreate($_POST['f_name'], $_GET['f_type'], $path)); case 'upload': nonce_check(); exit(doUpload($path)); case 'chmod': nonce_check(); exit(doChmod($subject, $path, $_POST['mod'])); case 'extract':
<?php include 'login_functions.php'; doLogin($_POST["uname"], $_POST["pass"]);
/** clean variables **/ if (!isNull($_GET['subject'])) { $subject = str_replace('/', null, $_GET['subject']); $subjectURL = escape($subject); $subjectHTML = htmlspecialchars($subject); } if (!isNull($_GET['to'])) { $to = preg_match($pathRegEx, $_GET['to']) ? null : $_GET['to']; $toHTML = htmlspecialchars($to); $toURL = escape($to); } /** perform requested action **/ if ($do) { switch ($do) { case 'login': exit(doLogin($_POST['pwd'])); case 'logout': exit(doLogout()); case 'create': token_check(); exit(doCreate($_POST['file'], $_POST['folder'], $path)); case 'upload': token_check(); exit(doUpload($path)); case 'chmod': token_check(); exit(doChmod($subject, $path, $_POST['mod'])); case 'extract': token_check(); exit(doExtract($subject, $path)); case 'readFile':
function pose($username) { if (filter_input(INPUT_COOKIE, 'session_data') === null) { return false; } if (!isAlphanumeric($username)) { return false; } doLogin($username); return true; }
/** * This function runs the specified test. * * @param $test Associative array with the test parameters. * @return TRUE on success, FALSE on failure. */ function doTest($test) { $curl = curlCreate(); $res = TRUE; /* Initialize SSO. */ do { $loginPage = initSSO($test, $curl); if ($loginPage === FALSE) { $res = FALSE; break; } echo 'Logging in.' . "\n"; $result = doLogin($test, $curl, $loginPage); if ($result !== "OK") { if (is_string($result)) { echo 'Failed to log in. Result from SP: ' . $result . "\n"; } else { echo 'Failed to log in.' . "\n"; } $res = FALSE; break; } echo 'Logged in, attributes OK' . "\n"; if (array_key_exists('protocol', $test) && $test['protocol'] === 'shib13') { echo 'Shib13: Logout not implemented.' . "\n"; break; } echo 'Logging out.' . "\n"; $result = doLogout($test, $curl); if ($result !== "OK") { if (is_string($result)) { echo 'Failed to log out. Result from SP: ' . $result . "\n"; } else { echo 'Failed to log out.' . "\n"; } $res = FALSE; break; } echo 'Logged out.' . "\n"; } while (0); curl_close($curl); return $res; }
<?php if (!isset($_SESSION)) { session_start(); } require_once 'Connections/church.php'; require_once 'functions.php'; $errorMessage = ''; if (isset($_POST['login'])) { $errorMessage = ' '; $username = $_POST['name']; $password = $_POST['password']; $result = doLogin($username, $password); if ($result != '') { $errorMessage = $result; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <script src="SpryAssets/SpryValidationTextField.js" type="text/javascript"></script> <link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" /> <link href="/st_peters/tms.css" rel="stylesheet" type="text/css" /> </head> <body> <form id="form1" name="form1" method="post" action="">
// Logout and clear auth cookie setcookie($cookiename, json_encode($_SESSION['daloauth']), time() - 10, '/'); $utils->redirect($exturl); break; case 4: // Already logged in // Already logged in case 12: $utils->redirect($postloginurl); break; case 5: // Nothing tried yet // Process standard form actions switch ($form['action']) { case 'login': doLogin($form); break; case "register": registerNewUser(); break; case "getsecurityquestion": $question = getSecurityQuestion($form['username']); if ($question === false) { sendJSONError($lang['forgot_password_no_question']); } else { sendJSONResponse(array("question" => $question)); } break; case "fetchpassword": $form['answer'] = $utils->getRequestVar('answer'); $form['answer'] = $db->escape($form['answer']);
error_reporting(E_ALL); // start the session managment session_start(); // INCLUDE FILES include_once 'functions.php'; if (isset($_POST['submit'])) { // get credentials to login $user = htmlspecialchars($_POST['username']); $password = htmlspecialchars($_POST['password']); $user = '******'; $password = '******'; // setup the soap client $forge_soap_url = "https://forge.ctrip.ufl.edu:443/soap/index.php?wsdl"; $soapClient = new SoapClient($forge_soap_url); // check to see if we can login $sessionKey = doLogin($soapClient, $user, $password); if ($sessionKey != null) { $_SESSION['sessionId'] = $sessionKey; } //print "isLoggedIn?: ".isLoggedIn($_SESSION['sessionId'])."<br>"; print "Forge API Version: " . $soapClient->version() . "<br>"; // Init variables $intGroupId = 0; $intGroupProjectId = 0; $strSummary = ""; $strDetails = ""; $intPriority = 0; $intHours = 0; $intStartDate = 0; $intEndDate = 0; $intCategoryId = 0;
$ad->key = "ARC_USER_AD"; $ad->value = true; $ad->userid = $user->id; $ad->update(); doLogin($user); return; } } else { Log::createLog("danger", "ldap", "LDAP lookup failed."); } } // end ldap $user = \User::getByEmail($_POST["email"]); if ($user->verifyPassword($_POST["password"])) { if ($user->enabled) { doLogin($user); return; } else { system\Helper::arcAddMessage("danger", "Account disabled"); Log::createLog("danger", "user", "Attempt to access disabled account: " . $_POST["email"]); return; } } system\Helper::arcAddMessage("danger", "Invalid username and/or password"); Log::createLog("warning", "user", "Incorrect password: "******"email"]); } else { return system\Helper::arcAddFooter("js", system\Helper::arcGetModulePath() . "js/login.js"); } function doLogin($user) { system\Helper::arcSetUser($user);
/***************************************** // // signin page template for my.Contacts // Author: Keran McKenzie // Date: 18 Jan 2013 // // Provided as sample only, not intended for production // This page manages the signin process // In production you wouldn't handle it this way // *******************************************/ // do we have form data? if (isset($_POST['username'])) { // yes, so lets process it // first up doLogin (in production always clean up what's posted in the form!! - never submit user supplied data raw!) if (doLogin($_POST['username'], $_POST['password'])) { // login worked - lets now push the user through to the customer details // first lets write the username & password to session vars as we'll need them again in the future $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $_POST['password']; // lets make sure we RIGHT the session so Chrome behaves nicely session_write_close(); // lets move the user on now header('Location: ' . $pageURL . 'customers/'); exit; // stop anything else running - probably redundant really } else { // login failed - reload the form (in production don't stick the form in twice - write better code ;) he he he) $_SESSION['username'] = ''; $_SESSION['password'] = ''; // lets make sure we RIGHT the session so Chrome behaves nicely
/** * Actually logs you in. * * What it does: * - checks credentials and checks that login was successful. * - it employs protection against a specific IP or user trying to brute force * a login to an account. * - upgrades password encryption on login, if necessary. * - after successful login, redirects you to $_SESSION['login_url']. * - accessed from ?action=login2, by forms. * * On error, uses the same templates action_login() uses. */ public function action_login2() { global $txt, $scripturl, $user_info, $user_settings, $modSettings, $context, $sc; // Load cookie authentication and all stuff. require_once SUBSDIR . '/Auth.subs.php'; // Beyond this point you are assumed to be a guest trying to login. if (!$user_info['is_guest']) { redirectexit(); } // Are you guessing with a script? checkSession('post'); validateToken('login'); spamProtection('login'); // Set the login_url if it's not already set (but careful not to send us to an attachment). if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0 || isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false) { $_SESSION['login_url'] = $_SESSION['old_url']; } // Been guessing a lot, haven't we? if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) { fatal_lang_error('login_threshold_fail', 'critical'); } // Set up the cookie length. (if it's invalid, just fall through and use the default.) if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) { $modSettings['cookieTime'] = 3153600; } elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) { $modSettings['cookieTime'] = (int) $_POST['cookielength']; } loadLanguage('Login'); // Load the template stuff loadTemplate('Login'); loadJavascriptFile('sha256.js', array('defer' => true)); $context['sub_template'] = 'login'; // Set up the default/fallback stuff. $context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'], ENT_COMPAT, 'UTF-8')) : ''; $context['default_password'] = ''; $context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600; $context['login_errors'] = array($txt['error_occurred']); $context['page_title'] = $txt['login']; // Add the login chain to the link tree. $context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']); // This is an OpenID login. Let's validate... if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID'])) { require_once SUBSDIR . '/OpenID.subs.php'; $open_id = new OpenID(); if ($open_id->validate($_POST['openid_identifier']) !== 'no_data') { return $open_id; } else { $context['login_errors'] = array($txt['openid_not_found']); return; } } // You forgot to type your username, dummy! if (!isset($_POST['user']) || $_POST['user'] == '') { $context['login_errors'] = array($txt['need_username']); return; } // No one needs a username that long, plus we only support 80 chars in the db if (Util::strlen($_POST['user']) > 80) { $_POST['user'] = Util::substr($_POST['user'], 0, 80); } // Can't use a password > 64 characters sorry, to long and only good for a DoS attack // Plus we expect a 64 character one from SHA-256 if (isset($_POST['passwrd']) && strlen($_POST['passwrd']) > 64 || isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) > 64) { $context['login_errors'] = array($txt['improper_password']); return; } // Hmm... maybe 'admin' will login with no password. Uhh... NO! if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 64)) { $context['login_errors'] = array($txt['no_password']); return; } // No funky symbols either. if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0) { $context['login_errors'] = array($txt['error_invalid_characters_username']); return; } // Are we using any sort of integration to validate the login? if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true)) { $context['login_errors'] = array($txt['login_hash_error']); $context['disable_login_hashing'] = true; return; } // Find them... if we can $user_settings = loadExistingMember($_POST['user']); // Let them try again, it didn't match anything... if (empty($user_settings)) { $context['login_errors'] = array($txt['username_no_exist']); return; } // Figure out if the password is using Elk's encryption - if what they typed is right. if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) === 64) { // Challenge what was passed $valid_password = validateLoginPassword($_POST['hash_passwrd'], $user_settings['passwd']); // Let them in if ($valid_password) { $sha_passwd = $_POST['hash_passwrd']; $valid_password = true; } elseif (preg_match('/^[0-9a-f]{40}$/i', $user_settings['passwd']) && isset($_POST['old_hash_passwrd']) && $_POST['old_hash_passwrd'] === hash('sha1', $user_settings['passwd'] . $sc)) { // Old password passed, turn off hashing and ask for it again so we can update the db to something more secure. $context['login_errors'] = array($txt['login_hash_error']); $context['disable_login_hashing'] = true; unset($user_settings); return; } else { // Don't allow this! validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']); $_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1; // To many tries, maybe they need a reminder if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user'); // Wrong password, lets enable plain text responses in case form hashing is causing problems $context['disable_login_hashing'] = true; $context['login_errors'] = array($txt['incorrect_password']); unset($user_settings); return; } } } else { // validateLoginPassword will hash this like the form normally would and check its valid $sha_passwd = $_POST['passwrd']; $valid_password = validateLoginPassword($sha_passwd, $user_settings['passwd'], $user_settings['member_name']); } // Bad password! Thought you could fool the database?! if ($valid_password === false) { // Let's be cautious, no hacking please. thanx. validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']); // Maybe we were too hasty... let's try some other authentication methods. $other_passwords = $this->_other_passwords($user_settings); // Whichever encryption it was using, let's make it use ElkArte's now ;). if (in_array($user_settings['passwd'], $other_passwords)) { $user_settings['passwd'] = validateLoginPassword($sha_passwd, '', '', true); $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); // Update the password hash and set up the salt. updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'], 'passwd_flood' => '')); } else { // They've messed up again - keep a count to see if they need a hand. $_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1; // Hmm... don't remember it, do you? Here, try the password reminder ;). if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) { redirectexit('action=reminder'); } else { // Log an error so we know that it didn't go well in the error log. log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user'); $context['login_errors'] = array($txt['incorrect_password']); return; } } } elseif (!empty($user_settings['passwd_flood'])) { // Let's be sure they weren't a little hacker. validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true); // If we got here then we can reset the flood counter. updateMemberData($user_settings['id_member'], array('passwd_flood' => '')); } // Correct password, but they've got no salt; fix it! if ($user_settings['password_salt'] == '') { $user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4); updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt'])); } // Check their activation status. if (!checkActivation()) { return; } doLogin(); }
$cfg['mysql_linkid'] = @mysql_connect($cfg['mysql_server'], $cfg['mysql_user'], $cfg['mysql_pass']); if (!$cfg['mysql_linkid']) { die('Failed to connect to MySQL.'); } if (!@mysql_select_db($cfg['mysql_dbname'])) { die('Failed to connect MySQL database'); } /* includes */ require_once PATH . './class.template.php'; require_once PATH . './functions.php'; /* load template class */ $template = new Template(); /* doLogin aSync request */ /* print @ login-response innerHTML */ if (!empty($_REQUEST['doLogin'])) { doLogin($_POST['login_user_name'], $_POST['login_user_password']); exit; } /* get pages */ $pagesArray = array(); if (is_dir(PATH . './pages/')) { if ($dh = opendir(PATH . './pages/')) { while (($file = readdir($dh)) !== false) { $ext = substr($file, strlen($file) - 3, strlen($file)); $name = substr($file, 0, strlen($file) - 4); if ($ext == 'php') { $pagesArray[$name] = $name; } } } }
<?php include "../config/settings.php"; include "db_connect.php"; include "utils.php"; $login = doLogin($_POST['username'], $_POST['password']); $mysqli->close(); if ($login['success']) { if (!empty($_SESSION["deniedURL"])) { $url = $_SESSION["deniedURL"]; unset($_SESSION["deniedURL"]); header("Location:" . $url); } else { header("Location:../"); } //Default destination } else { header("Location:../login_page.php?msg=" . $login['msgId']); } //Back to login page with error
$db->executa($db->getJoinRecord("funcionarios", "fun_nome='{$usu_login}' and fun_senha='{$usu_senha}'", '', 0), true, "user"); if ($db->num_rows == 1) { $id = $db->user["usu_id"]; $login = $db->user["usu_login"]; $itens = array("usu_id" => $id, "usu_login" => $login, "status" => 1); $str = $json->encode($itens); session_register("usu_nome"); session_register("usu_id"); $_SESSION["usu_modulo"] = 0; $_SESSION["usu_nome"] = $db->user["fun_nome"]; $_SESSION["usu_id"] = $db->user["fun_id"]; $_SESSION["sis_exerc"] = $exercicio; $_SESSION["usu_grpid"] = $grp_id; $_SESSION["bgcolor"] = "#EAE5DA"; $_SESSION["dtatend"] = date("d/m/Y"); if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; } else { $ip = $HTTP_SERVER_VARS['REMOTE_ADDR']; } } else { $itens = array("usu_id" => '', "usu_login" => $_GET["usu_login"], "status" => 2); $str = $json->encode($itens); } return $str; } switch ($_GET["fc"]) { case 'doLogin': echo doLogin($_GET["usu_login"], $_GET["usu_senha"]); break; }
<?php session_start(); require 'include/config.php'; require 'functions/functions_checkuser.php'; $errorMessage = "กรุณาเข้าสู่ระบบ เพื่อใช้งาน"; if (isset($_POST['txtUserName'])) { $result = doLogin(); if ($result != '') { $errorMessage = $result; } } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Admin KPI | Log in</title> <!-- Tell the browser to be responsive to screen width --> <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport"> <!-- Bootstrap 3.3.5 --> <link rel="stylesheet" href="@assets/bootstrap/css/bootstrap.min.css"> <!-- Font Awesome --> <link rel="stylesheet" href="@assets/bootstrap/font-awesome/css/font-awesome.min.css"> <!-- Ionicons --> <link rel="stylesheet" href="@assets/bootstrap/ionicons.min.css"> <!-- Theme style --> <link rel="stylesheet" href="@assets/dist/css/AdminLTE.min.css"> <!-- iCheck --> <link rel="stylesheet" href="@assets/plugins/iCheck/square/blue.css">
$res = doReg($username, md5($password), 1); if ($res[0] == 1) { header("location:index.php?ac=login"); } else { exit($res[1]); } } } } else { if ($ac == 'doLogin') { $username = trim($_POST['username']); $password = trim($_POST['password']); if (empty($username) || empty($password)) { exit('用户名或者密码不能为空!'); } else { $res = doLogin($username, md5($password)); if ($res[0] == 1) { $_SESSION['userinfo'] = $res[2]; header("location:index.php"); } else { exit($res[1]); } } } else { if ($ac == 'logout') { session_destroy(); header("location:index.php"); } else { if ($ac == 'ask') { include 'tpl/addquestion.php'; } else {
<?php require_once realpath(dirname(__FILE__) . '/../../..') . '/enviroment.php'; require_once APPPATH . 'modules/mod_discount/admin.php'; doLogin(); /** * Generated by PHPUnit_SkeletonGenerator 1.2.1 on 2013-07-03 at 13:11:06. */ class AdminTest extends \PHPUnit_Framework_TestCase { /** * @var Admin */ protected $object; /** * Sets up the fixture, for example, opens a network connection. * This method is called before a test is executed. */ protected function setUp() { $this->object = new Admin(); } /** * Tears down the fixture, for example, closes a network connection. * This method is called after a test is executed. */ protected function tearDown() { } /** * Prepare test data
function requestProcessor($request) { echo "received request" . PHP_EOL; var_dump($request); if (!isset($request['type'])) { return "ERROR: unsupported message type"; } switch ($request['type']) { case "login": //return doLogin($request['username'],$request['password']); $auth = doLogin($request['username'], $request['password']); if ($auth == true) { return array('hello' => 'world'); } case "validate_session": return doValidate($request['sessionId']); //in case friends this will return a list of friends from //the the steam user, and send it in an array to the client. //in case friends this will return a list of friends from //the the steam user, and send it in an array to the client. case "showFriends": return showFriends($request['steamid']); case "popFri": addFriendsToUsers($request['steamid']); case "add": retrieveUserInfo($request['steamid']); //return array("returnCode" => '0', 'message'=>"Server received request and processed"); } //return array("returnCode" => '0', 'message'=>"Server received request and processed"); }