function protectPage()
{
if (!isset($_SESSION['userId']) or !isset($_SESSION['userName'])) {
getOut();
} elseif (!validateUser($_SESSION['userLogin'], $_SESSION['userPassword'])) {
getOut();
}
}
function performDelete()
{
validateUser();
withStatement("DELETE FROM DATA WHERE id=?", function ($statement) {
$id = getParameter(PARAMETER_ID, PARAMETER_REQUIRED);
$statement->bind_param("s", $id);
executeStatement($statement);
});
}
function authenticate_user($username, $password)
{
//Returns whether the account is valid or not
$validated = validateUser($username, $password);
// This means the entered details have been validated and are correct
if ($validated == 1) {
$returned_values = give_key($username);
// Debug by checking whats been returned print_r($returned_values);
return $returned_values;
} else {
if ($validated == 2) {
return "Your username or password may have been incorrect!";
} else {
return 'This account does not exists';
}
}
}
function isLoggedIn($dbHandle, $dbHost, $dbUser, $dbPass, $dbName)
{
$dbHandle = dbConnect($dbHandle, $dbHost, $dbUser, $dbPass, $dbName);
if ($_SESSION['valid']) {
return true;
} else {
if (checkCookie($dbHandle, $dbHost, $dbUser, $dbPass, $dbName)) {
validateUser(true);
//Set user info in session
$_SESSION['user_id'] = $_COOKIE['user_id'];
$userInfo = getUserInfo($dbHandle, $_COOKIE['user_id']);
$_SESSION['username'] = $userInfo['username'];
$_SESSION['imageUrl'] = $userInfo['image_url'];
$_SESSION['accLevel'] = $userInfo['acc_level'];
return true;
}
}
return false;
}
<?php
include 'include_config.php';
if (isset($_GET['r']) || isset($_SESSION['ERROR'])) {
$strInfo = $_SESSION['ERROR'];
unset($_SESSION['ERROR']);
}
if (isset($_GET['r'])) {
if ($_GET['r'] == 'req') {
$strWarning = 'Login required to access ' . SITE_TITLE;
}
}
if (isset($_POST['txtUser']) && isset($_POST['txtPassword'])) {
$strResponse = validateUser($_POST['txtUser'], $_POST['txtPassword']);
if ($strResponse != '1') {
$strError = 'Odd. For some reason I had a difficult time validating your login.<br>Please try again, and good luck!';
} else {
$strSuccess = 'Congrats, you\'ve been authenticated!<br>What would you like to do today?';
if (isset($_SESSION['REQUEST_URI']) && $_SESSION['REQUEST_URI'] != '') {
header("Location: http://" . $_SERVER['HTTP_HOST'] . $_SESSION['REQUEST_URI']);
} else {
header("Location: http://" . $_SERVER['HTTP_HOST']);
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<?php
include 'include_head.php';
function login($username, $password)
{
$result = validateUser($username, $password);
if ($result['UserName'] === $username) {
$_SESSION["UserName"] = $result['UserName'];
$_SESSION["UserID"] = $result['UserID'];
return true;
}
return false;
}
<?php
session_start();
if (isset($_SESSION['username'])) {
header('Location: profile.php');
}
if(strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
$username = isset($_POST['username']) ? $_POST['username'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
$user = getUser($username);
if ($user && validateUser($user, $password)) {
$_SESSION['username'] = $username;
setcookie('firstName', $user['firstName'], time() + 60*60);
setcookie('lastName', $user['lastName'], time() + 60*60);
header('Location: profile.php');
} else {
$error = 'Could not log user in';
}
}
?>
<? if(isset($error)) { ?>
<p><?= $error ?></p>
<? } ?>
<form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="Submit" />
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$userData2 = mysql_fetch_array($result2, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password));
$hash2 = hash('sha256', $userData2['salt'] . hash('sha256', $password));
//check if passwords match
if ($hash != $userData['password'] && $hash2 != $userData2['password']) {
$passwords_match = FALSE;
} else {
if ($hash == $userData2['password']) {
$username = $userData2['username'];
}
}
if ($username_not_empty == TRUE && $username_valid == TRUE && $password_not_empty == TRUE && $passwords_match == TRUE) {
$_SESSION['username'] = $username;
$md5pass = md5($hash);
validateUser();
//sets the session data for this user
// set user level
$query = "SELECT membership_status_id\n FROM {$usertable}\n WHERE username = '******';";
$result = mysql_query($query);
$result_arr = mysql_fetch_array($result);
$_SESSION['userlevel'] = $result_arr[0];
$isAdmin = $result_arr[0] == $mem_status_admin;
//set remember me cookie for 30 days
if (isset($_POST["remember"])) {
setcookie("clearview_user", $_SESSION['username'], time() + 60 * 60 * 24 * 30, "/");
setcookie("clearview_pass", "{$md5pass}", time() + 60 * 60 * 24 * 30, "/");
}
}
header('Location: ' . htmlentities($_SERVER['PHP_SELF']));
}
$ret = json_decode($ret);
$ret->mail = false;
if ($ret->response) {
$ret->mail = Util::send_mail($data['email_id'], "Registration Confirmation", "Thank you for registering with the isUD website. Please login to visit the inclusive design solutions.");
}
} else {
$ret->response = false;
$ret->message = "Recaptcha verification failed.";
}
//$ret->m = $captchaResponse['challenge_ts']." ".$captchaResponse['success'];
print json_encode($ret);
}
if ($columns === "LOGIN") {
$username = $_POST['username'];
$password = $_POST['password'];
print validateUser($username, $password);
}
if ($columns === "EDIT_PROFILE_RETRIEVE") {
$ret["response"] = isLoggedIn();
$ret["data"] = getPublicUserData($_SESSION["user"]);
print json_encode($ret);
}
if ($columns === "EDIT_PROFILE_SAVE") {
$data = json_decode(stripslashes($_POST['data']), true);
$ret = UpdateUser($data['email_id'], $data['password'], $data['first_name'], $data['middle_name'], $data['last_name'], $data['organization_id'], $data['authtype_id'], $data['securityquestion_id'], $data['securityquestion_ans'], $data['phone'], $data['country_name'], $data['country_code']);
print $ret;
}
if ($columns === "LOGOUT") {
logoutUser();
}
if ($columns === "RESET_PASSWORD_PREP") {
require "../models/usuarios.php";
$user = new Usuario();
if ($cantidad = $user->getCantidad()) {
sendRensponse(array("error" => false, "mensaje" => "", "data" => $cantidad));
} else {
sendRensponse(array("error" => true, "mensaje" => "¡Error al obtener cantidad de Usuarios!"));
}
}
$request = new Request();
$action = $request->action;
switch ($action) {
case "nuevoUser":
nuevoUser($request);
break;
case "validar":
validateUser($request);
break;
case "validarMail":
validateMail($request);
break;
case "validarUserName":
validateUserName($request);
break;
case "obtener":
getUser($request);
break;
case "obtenerCantidad":
getCantidad($request);
break;
default:
sendRensponse(array("error" => "true", "mensaje" => "request mal formado"));
<?php
session_start();
error_reporting(E_ALL);
require_once 'constants.php';
ini_set('display_errors', 1);
$user_in = filter_input(INPUT_POST, "user", FILTER_SANITIZE_STRING);
$pw_in = filter_input(INPUT_POST, "pw", FILTER_SANITIZE_STRING);
$user = validateUser($user_in);
$pw = validatePassword($pw_in);
validateLogin($user, $pw);
//=========================================================
// Functions used to validate login credentials.
//---------------------------------------------------------
function validateLogin($user, $pw)
{
global $url;
if (doesUserDirectoryExist($user)) {
// User Exists
$pwFile = $GLOBALS['directory'] . "users/" . $user . "/pw.txt";
if (file_get_contents($pwFile) === $pw) {
$_SESSION['logged_on'] = 1;
$_SESSION['user'] = $user;
header('Location: ' . $GLOBALS['url']);
} else {
echo "<font color=\"red\"><b>ERROR: Input did not match a registed username & password combination.</b></font><br>";
echo "(Main page will reload shortly...)\n";
echo "<script type=\"text/javascript\">\nreload_page=function() {\n\tlocation.replace(\"{$url}\");\n}\n";
echo "var intervalID = window.setInterval(reload_page, 5000);\n</script>\n";
}
} else {
<h1>My Cart</h1>
<table border="1" style="width: 46%">
<thead style="height:50px">
<th style="width:200px">Company Name</th>
<th style="width:150px">Job ID</th>
<th style="width:200px">Location</th>
<th style="width:150px">Salary</th>
</thead>
<tbody id="cartBody">
<?php
if (isset($_POST["login"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$file_open = openFile("usr.txt", 'r');
if (!validateUser($file_open, $username, $password)) {
echo "<script> alert('Failed to login. Invalid username or password'); </script>";
exit;
}
$file_usr = openFile("usr_cart/usr_{$username}.txt", 'r');
$user_jobs = readFileFromData($file_usr);
drawTableWithoutAdd($user_jobs);
$file_pointer = openFile('status.txt', 'w+');
$line = trim("true") . "\n";
$line = $line . trim($username);
writeFileFromBegin($file_pointer, $line);
} else {
if (isset($_POST["register"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$username = trim($username);
function editFolder($name, $id)
{
global $connection;
$name = $connection->escape_string($name);
$request = "SELECT * FROM notes_vfs WHERE id = '{$id}'";
$result = $connection->query($request);
$line = $result->fetch_assoc();
//Permission check (frontend based on js: VERY WEAK)
$permissions = validatePermissions(validateUser());
if ($permissions == $line["container"] || ($permissions = "all")) {
$request = "UPDATE notes_vfs SET name='{$name}' WHERE id = '{$id}'";
$connection->query($request);
echo $connection->error;
echo "success";
} else {
echo "403: Not authorized";
}
}
include_once "request-config.php";
include_once $requestService . 'displayLinkWithJavaScript.php';
//validate user prior to access on this page
include_once "{$validation}" . "user_validation.php";
include_once $utilities . "utility.php";
$pageUrl = urlencode($port . "{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}");
$validateUser = true;
$canModify = false;
if (isset($_GET['p1']) && validatePassThrough($_GET['p1'])) {
$validateUser = false;
$log->debug("request.php - Print operation invoked and login is being bypassed");
}
if ($validateUser) {
$log->debug("Now validate if Plugin: (" . $onRequestPlugin . ") is installed");
//validate user then check if plugin license if active to access on this page
validateUser($site_prefix, $pageUrl, $siteSection, $onRequestModify, $onRequestPlugin);
$canModify = userCanModifyRequest($okModify);
}
//User is now validated so lets start the $_SESSION[] to use the properties on this page
//depending onm the user path through the system we need to ensure that the session was started
if (!session_id()) {
session_start();
}
$log->debug("Start including constants, request connection, and other files");
include_once $requestInclude . 'constants.php';
include_once $requestInclude . 'requestConnection.php';
include_once $requestService . 'requestFieldBuilder.php';
include_once $utilities . 'utility.php';
include_once $errors . 'errorProcessing.php';
include_once $fmfiles . "order.db.php";
include_once $requestService . "loadRequestSessionData.php";
$messageType = "d";
$errorTitle = "Serious Error";
$log->error("Serious Error: PK Missing at save time User " . $_SESSION['userName']);
$message = "A serious error has occurred and you should immediately contact Thought-Development Support for assistance.";
processError("Missing Primary Key", $message, "spotViewerResponse.php", "", $errorTitle);
exit;
}
if (!session_id()) {
session_start();
}
//reset the session timeout before saving the data. This will avoid data loss due to session timeout
resetSessionTimeout();
//validate the user prior to save operation do avoid anyone attempting to load data to database without using the form
//if this user was not logged in at save time the redirect them to index page.
$pageUrl = $site_prefix . "/onspot/index.php";
validateUser($site_prefix, $pageUrl, $siteSection, $onSpotView, $OnSpotPluginToValidate);
//Globals used by process notes or approval block information
$spotViewerLayout = "[WEB] cwp_spotviewer_browse";
$userNotesLayout = "[WEB] UserNotes";
$noteType = "Approval Notes";
//Process the Approval information only as a user selected a Approval Radio button
//Since the calling page is now a dual form this code accepts a click event occurred so the data should be
// persisted to FileMaker for each section
if (isset($_POST['userApprover'])) {
$log->debug("Processing approver selection");
$spotViewerFind = $fmWorkDB->newFindCommand($spotViewerLayout);
$spotViewerFind->addFindCriterion('__pk_ID', '==' . $pkId);
$spotResult = $spotViewerFind->execute();
if (FileMaker::isError($spotResult)) {
$errorTitle = "FileMaker Error";
$log->error("Search of Spot Viewer record failed on PKID: " . $pkId . " Error: " . $spotResult->getMessage() . " User: " . $_SESSION['userName']);
$slogan = getOption($db, 'slogan');
$scripts = getJs($allScripts, ['liveChange' => 1, 'maps' => 1, 'search' => 1], true);
$categories = getAllCategories($db);
// controller
require_once APP_PATH . 'control/searchController.php';
// view zusammenbauen
$sidebar = APP_PATH . 'view/template/searchSidebar.php';
require_once APP_PATH . 'view/template/header.php';
require_once APP_PATH . 'view/site/search.php';
require_once APP_PATH . 'view/template/footer.php';
break;
case 'validation':
$token = $_GET['do'];
if (strlen($token) === 128) {
require_once APP_PATH . 'model/validateUser.php';
if (validateUser($db, $token)) {
$_SESSION['validation'] = 'Sie haben Ihre E-Mail Adresse erfolgreich bestätigt.';
$_SESSION['valstatus'] = 1;
$_SESSION['user_status'] = 'confirmed';
} else {
$_SESSION['validation'] = 'Sie haben versucht Ihre E-Mail Adresse zu bestätigen. Leider ist die Überprüfung fehlgeschlagen. Wenn Sie eigenes Verschulden ausschließen können, melden Sie sich bitte per E-Mail bei uns.';
$_SESSION['valstatus'] = 0;
}
header('Location: /haendlerkonto');
} else {
header('Location: /fehler');
}
break;
case 'fehler':
require_once APP_PATH . 'model/getJs.php';
require_once APP_PATH . 'model/getAllCategories.php';
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
session_start();
require_once "../includes/config.php";
require_once "../includes/connect.php";
require_once "helpers.php";
$username = $_POST['username'];
$password = $_POST['password'];
//connect to the database here
$st = $db->prepare("SELECT password, salt FROM users WHERE username = :username");
$st->execute(array('username' => $username));
if ($st->rowCount() < 1) {
header('Location: ../../frontend/');
die;
}
$userData = $st->fetchAll();
$userData = $userData[0];
$hash = hash('sha256', $userData['salt'] . hash('sha256', $password));
if ($hash != $userData['password']) {
header('Location: ../../frontend/');
die;
} else {
validateUser($userData['username']);
//sets the session data for this user
}
//redirect to another page or display "login success" message
header('Location: ../../frontend/');
if (!empty($altinfo) && !isset($_SERVER['PHP_AUTH_USER'])) {
$val = $altinfo;
$pieces = explode(' ', $val);
// bad.
if ($pieces[0] == 'Basic') {
$chunk = $pieces[1];
$decoded = base64_decode($chunk);
$credential_info = explode(':', $decoded);
if (count($credential_info) == 2) {
$_SERVER['PHP_AUTH_USER'] = $credential_info[0];
$_SERVER['PHP_AUTH_PW'] = $credential_info[1];
$_SERVER["AUTH_TYPE"] = 'Basic';
}
}
}
if (!validateUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="KnowledgeTree DMS"');
header('HTTP/1.0 401 Unauthorized');
echo 'This RSS feed requires authentication. Please enter your username and password.';
exit;
} else {
$user = DBAuthenticator::getUser($_SERVER['PHP_AUTH_USER'], array('id' => 'id'));
$id = $user[$_SERVER['PHP_AUTH_USER']]['id'];
if (OS_WINDOWS) {
$sReferrer = $_SERVER['HTTP_USER_AGENT'];
// Check if this is IE 6
if (strstr($sReferrer, 'MSIE 6.0')) {
header('Content-Type: application/rss+xml; charset=utf-8;');
header('Content-Disposition: inline; filename="rss.xml"');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
<?php
require '../functions.inc.php';
if ($_POST['submit']) {
// if they are the master, redirect them to the create new calendar page
if ($_POST['login'] == 'master') {
header('Location: ./new_calendar.php');
} else {
if ($calendar = validateUser($_POST['login'], $_POST['password'])) {
echo "login success";
echo '<p><a href="../?cal=' . $calendar . '&admin=weak">cool</a></p>';
// this is a lazy hack here.
exit;
//header('Location: ./?cal=$calendar&admin=weak');
}
}
// if they have hit here something must have gone wrong. tell them that.
$message = "something went wrong. try again.";
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>CS Office Hours - Admin</title>
<link rel="stylesheet" type="text/css" href="../style.css" />
</head>
<body>
<?php
echo "<h2>May the 4th be with you</h2>";
<?php
include "class/class.Security.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$userLogin = isset($_POST['userLogin']) ? $_POST['userLogin'] : '';
$userPassword = isset($_POST['userPassword']) ? $_POST['userPassword'] : '';
$userPassword = md5($userPassword);
$date = date("d/m/Y");
$hour = date("H:i");
if (validateUser($userLogin, $userPassword) == true) {
$query = mysql_query("SELECT `userChangePassword` FROM users WHERE `userLogin` = '" . $userLogin . "' AND `userPassword` = '" . $userPassword . "'");
$changePassword = mysql_fetch_assoc($query);
if ($changePassword['userChangePassword'] == 1) {
header("Location: ../login.php?action=changePassword");
exit;
} else {
$query = mysql_query("INSERT INTO login_log (`loginLogUser`, `loginLogDate`, `loginLogHour`) VALUES ('{$userLogin}', '{$date}', '{$hour}')");
header("Location: ../index.php");
exit;
}
} else {
unset($_SESSION['userId'], $_SESSION['userName'], $_SESSION['userLogin'], $_SESSION['userPassword']);
header("Location: ../login.php?error=1");
exit;
}
}
header('Location: index.php');
die;
} else {
//Need to put this into validate user so that the database pool can be used
//otherwise the username and id will not get stored when the session closes
//$_SESSION['username'] = $username;
//if user wants to be remembered
if ($_SESSION['rememberUser'] == true) {
createCookie($dbHandle, $username, $hash);
validateUser(true);
//Set user info in SESSION
$_SESSION['user_id'] = $userInfo['user_id'];
$_SESSION['username'] = $userInfo['username'];
$_SESSION['imageUrl'] = $userInfo['image_url'];
$_SESSION['accLevel'] = $userInfo['acc_level'];
} else {
//set SESSION validity to 1 but do not set to remember,
//this stops cookie destruction at a later stage
validateUser(NULL);
//Set user info in SESSION
$_SESSION['user_id'] = $userInfo['user_id'];
$_SESSION['username'] = $userInfo['username'];
$_SESSION['imageUrl'] = $userInfo['image_url'];
$_SESSION['accLevel'] = $userInfo['acc_level'];
}
}
$_SESSION['error'] = false;
$_SESSION['errorMess'] = "";
header('Location: index.php');
ob_flush();
//GREAT SUCCESS
<?php
include '../../../config.php';
if (!class_exists("SQLManager")) {
require_once $FANNIE_ROOT . "src/SQLManager.php";
}
include $FANNIE_ROOT . 'src/Credentials/projects.wfc.php';
require $FANNIE_ROOT . 'auth/login.php';
if (!validateUser('projects')) {
return;
}
if (isset($_POST['projDesc'])) {
$projDesc = $_POST['projDesc'];
$link = $_POST['link'];
$priority = $_POST['priority'];
$projID = $_POST['projID'];
$emaillist = $_POST['emaillist'];
$notes = preg_replace('/\\n/', '<br />', $_POST['notes']);
$q = $sql->prepare("update projects set\n projDesc = ?\n link = ?\n priority = ?\n notes = ?\n where projID=?");
$r = $sql->execute($q, array($projDesc, $link, $priority, $notes, $projID));
$mails = explode(",", $emaillist);
$q = $sql->prepare("delete from project_parties where projID=?");
$r = $sql->execute($q, array($projID));
$q = $sql->prepare("insert into project_parties values (?,?)");
foreach ($mails as $m) {
$m = trim($m);
if ($m != '') {
$r = $sql->execute($q, array($projID, $m));
}
}
header("Location: project.php?projID={$projID}");
<?php
/**
* User authentication is done here.
* This is a super-simple auth method
* that tries to be secure enough.
*/
// if the user is NOT logged in already
if (!validateUser()) {
// attempted login
if (isset($_POST['proxy-login'])) {
loginUser();
}
// no attempted login = show login page
die(file_get_contents('login/login.html'));
}
/**
* validate user cookie with database.
* note that base64 is an extra-step
* when storing the cookie on the user client
* and not an attempt to encrypt passwords.
*
* @return bool
*/
function validateUser()
{
// compare saved cookie with the actual credentials from the db.
if (getUser()['email'] && base64_decode(getUser(true)[1]) === getUser()['pass']) {
return true;
}
return false;
} else {
if (strcmp($pass, $row['password']) === 0) {
echo 2;
//Password matchs db.. redirect to mail page
} else {
echo 3;
//Entered wrong password...
}
}
mysql_free_result($result);
} else {
if ($action == 'signup') {
$user = $_POST['username'];
$pass = $_POST['password'];
$pass_confirm = $_POST['password_confirm'];
$choice = validateUser($user, $pass, $pass_confirm);
switch ($choice) {
//Username already exists
case 1:
echo 1;
//means username already exists;
break;
//Everything good, we can register the user
//Everything good, we can register the user
case 2:
$sqlQuery = "INSERT INTO users (username, password) VALUES ( '{$user}', '{$pass}' )";
mysqli_query($connection, $sqlQuery);
echo 2;
break;
//Problem with username
//Problem with username
<?php
include '../../../config.php';
if (!class_exists("SQLManager")) {
require_once $FANNIE_ROOT . "src/SQLManager.php";
}
include $FANNIE_ROOT . 'src/Credentials/projects.wfc.php';
require $FANNIE_ROOT . 'auth/login.php';
if (!validateUser('admin')) {
return;
}
$projID = $_GET['projID'];
$date = date("Y-m-d");
$q = $sql->prepare("update projects set status=2,completeDate=? where projID=?");
$r = $sql->execute($q, array($date, $projID));
// build email 'to' all interested parties
$q = $sql->prepare("select email from project_parties where projID = ?");
$r = $sql->execute($q, array($projID));
$to_string = '*****@*****.**';
if ($sql->num_rows($r) > 0) {
while ($row = $sql->fetch_array($r)) {
$to_string .= ", " . $row[0] . "@wholefoods.coop";
}
}
$descQ = $sql->prepare("select projDesc from projects where projID=?");
$descR = $sql->execute($descQ, array($projID));
$descW = $sql->fetch_array($descR);
$projDesc = $descW[0];
// mail notification
$subject = "Completed project: {$projDesc}";
$message = wordwrap("The project {$projDesc} has been marked completed. http://key/it/projects/project.php?projID={$projID}", 70);
function validateSession()
{
// 3/6/2010 Current Server does not allow for Server side detection. Now using forceSSL() in functions.js
// see function isSSL() above.
if (!isSSL()) {
header("Location: logout.php");
}
slashAllInputs();
connectDatabase();
validateUser();
// if they are not valid, they don't come back from here.
}
<?php
$token = $_GET['do'];
if (strlen($token) === 128) {
$success = validateUser($db, $token);
if ($success) {
$success = 1;
} else {
$success = 0;
}
} else {
$success = 0;
}
<?php
// Start the session
session_start();
require_once "./includes/connection.php";
?>
<br />
In login.php
<br />
<?php
$uname = $_POST["uname"];
$password = $_POST["password"];
if (!empty($uname) && !empty($password)) {
validateUser($uname, $password);
}
function validateUser($uname, $password)
{
global $connection;
$query = "SELECT uid, uname, password FROM user WHERE ";
$query .= "uname = '{$uname}' AND password = '******'";
echo $query;
$result = mysqli_query($connection, $query);
confirm_query($result);
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['login_user'] = $uname;
while ($row = mysqli_fetch_assoc($result)) {
$_SESSION['login_user_uid'] = $row["uid"];
}
header("location: home.php");
} else {
<?php
require "config.php";
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST["username"];
$password = $_POST["password"];
if (!validateUser($_POST['username'], $_POST['password'])) {
echo $_SESSION['error'] = "Username or Password is incorrect!";
// unset($_GET['action']);
} else {
echo $_SESSION['id'];
}
}
<?php
global $wpdb;
$textdomain = 'contact-form-pro';
$cfp_forms = $wpdb->prefix . "cfp_forms";
$path = plugin_dir_url(__FILE__);
$f_name = $_REQUEST['function'];
switch ($f_name) {
case 'validateUser':
echo validateUser($_REQUEST['name']);
break;
case 'validateEmail':
echo validateEmail($_REQUEST['email']);
}
/*Cross checks if the username already exists during registration process*/
function validateUser($name)
{
return username_exists($name) > 0 ? "true" : "false";
}
/*Cross checks if the email already exists during registration process*/
function validateEmail($email)
{
return email_exists($email) > 0 ? "true" : "false";
}
die;
