예제 #1
0
파일: password.php 프로젝트: sarahbx/moers 
function passwordFormSubmitted()
{
    if ($_POST['pass1'] != $_POST['pass2']) {
        dieError("ERROR: Passwords do not match");
        // has javascript checking, we should never hit this error.
    }
    if (!isValidUserPassword(getUsername(), $_POST['pass0'])) {
        echo "<h2>Incorrect Old password entered. Please try again.</h2>\n";
        echo file_get_contents("html/password.html");
        die(' ');
    }
    // now we insert it into the database
    if (setUserPassword($_POST['pass1'])) {
        echo "<h1>Password Changed</h1>\n";
        echo "<form><input type=\"button\" name=\"continue\" value=\"Continue\" onClick=\"parent.main_popupWindowCancel()\"></form>\n";
    } else {
        dieError("Password Change Failed. Please contact the administrator");
    }
}
예제 #2
0
    } else {
        if (isset($_POST['submit'])) {
            // Clean arrays to prevent injection attacks
            slashAllInputs();
            // Connects to your Database
            connectDatabase();
            // makes sure they filled it in
            if (!$_POST['username'] || !$_POST['password']) {
                echoMainHeader();
                echo "<h2>You did not fill in a required field.</h2>\n";
                displayLogin();
            } else {
                //Gives error if user dosen't exist
                if (!doesUserExist($_POST['username'])) {
                    echoMainHeader();
                    echo "<h2>That user does not exist in our database.</h2>\n";
                    displayLogin();
                } else {
                    if (isValidUserPassword($_POST['username'], $_POST['password'])) {
                        loginUser();
                    } else {
                        echoMainHeader();
                        echo "Incorrect password, please try again.\n";
                    }
                }
            }
            echoMainFooter();
        }
    }
}
die;
예제 #3
0
<?php

function isValidUserPassword($pUsername, $pPassword)
{
    $result = FALSE;
    if (strcmp($pUsername, "*****@*****.**") == 0 && strcmp($pPassword, "pass") == 0) {
        $result = TRUE;
        session_start();
        $_SESSION["username"] = $pUsername;
        $_SESSION["password"] = $pPassword;
        $_SESSION["rol"] = "Admin";
        header("Location:/proyectoingenieriasoftware-web/SADCA/home_administrator.php");
    } else {
        header("Location:/proyectoingenieriasoftware-web/SADCA/login.php");
    }
}
if (isset($_GET['controller']) and isset($_GET['action']) and isset($_GET['username']) and isset($_GET['password'])) {
    $controllername = $_GET['controller'];
    $action = $_GET['action'];
    $username = $_GET['username'];
    $password = $_GET['password'];
    isValidUserPassword($username, $password);
} else {
    header("Location:/proyectoingenieriasoftware-web/SADCA/login.php");
}