function _edit(&$vars) { extract($vars); $password = $Setting->find_by(array('name' => 'aktt_identica_password', 'profile_id' => get_profile_id())); if (!$password) { $password = $Setting->base(); $password->set_value('profile_id', get_profile_id()); $password->set_value('person_id', get_person_id()); $password->set_value('name', 'aktt_identica_password'); $password->save_changes(); $password->set_etag(); $password = $Setting->find($password->id); $pword = ""; } if (!empty($password->value)) { $pword = "******"; } // get the one-to-one-related child-record from "entries" $pEntry =& $password->FirstChild('entries'); $passurl = $request->url_for(array('resource' => 'settings', 'id' => $password->id, 'action' => 'put')); $username = $Setting->find_by(array('name' => 'aktt_identica_username', 'profile_id' => get_profile_id())); if (!$username) { $username = $Setting->base(); $username->set_value('profile_id', get_profile_id()); $username->set_value('person_id', get_person_id()); $username->set_value('name', 'aktt_identica_username'); $username->save_changes(); $username->set_etag(); $username = $Setting->find($username->id); } // get the one-to-one-related child-record from "entries" $uEntry =& $username->FirstChild('entries'); $userurl = $request->url_for(array('resource' => 'settings', 'id' => $username->id, 'action' => 'put')); $stat = $Setting->find_by(array('name' => 'identica_status', 'profile_id' => get_profile_id())); if (!$stat) { $stat = $Setting->base(); $stat->set_value('profile_id', get_profile_id()); $stat->set_value('person_id', get_person_id()); $stat->set_value('name', 'identica_status'); $stat->set_value('value', 'enabled'); $stat->save_changes(); $stat->set_etag(); $stat = $Setting->find($stat->id); } // get the one-to-one-related child-record from "entries" $sEntry =& $stat->FirstChild('entries'); $staturl = $request->url_for(array('resource' => 'settings', 'id' => $stat->id, 'action' => 'put')); $status = $stat->value; $akidentica_tw_text_options = array('disabled' => 'disabled', 'enabled' => 'enabled'); $RemoteServer =& $db->model('RemoteServer'); $RemoteServer->find(); $servers = array(); while ($r = $RemoteServer->MoveNext()) { $servers[] = $r; } return vars(array(&$servers, &$akidentica_tw_text_options, &$status, &$staturl, &$pword, &$userurl, &$passurl, &$password, &$sEntry, &$username, &$uEntry, &$pEntry, &$profile), get_defined_vars()); }
public function Create($r_Auth) { plog("Session::Create for User ID: " . $r_Auth); $now = strtotime('now'); $data = array("login" => $now, "REFERRER" => getenv('HTTP_REFERER'), "IP" => getenv('REMOTE_ADDR'), "BROWSER" => getenv('HTTP_USER_AGENT'), "r_Auth" => $r_Auth, "status" => 1, "refreshed" => $now, "last_refreshed" => $now); global $session_id, $auth; $session_id = $this->Insert($data); plog('New session ID: ' . vars($session_id)); cook("username", $auth['username'], timeout); cook("session", $session_id, timeout); return $session_id; }
function _sources(&$vars) { extract($vars); if (!member_of('administrators')) { trigger_error('sorry you must be an administrator to do that', E_USER_ERROR); } $aktwitter_tw_text_options = array('0' => 'false', '1' => 'true'); $Setting =& $db->model('Setting'); $returnvars = array(); $TwitterUser =& $db->model('TwitterUser'); $TwitterUser->find_by(array('eq' => 'not like', 'oauth_key' => ''), 1); $i = 1; while ($tu = $TwitterUser->MoveNext()) { $modevar = 'n' . $i . 'mode'; $urlvar = 'n' . $i . 'url'; $entryvar = 'n' . $i . 'entry'; $nickvar = 'n' . $i . 'nick'; $i++; ${$nickvar} = $tu->screen_name; ${$modevar} = $Setting->find_by('name', 'config.env.importtwitter_' . $tu->id); if (!${$modevar}) { ${$modevar} = $Setting->base(); ${$modevar}->set_value('profile_id', get_profile_id()); ${$modevar}->set_value('person_id', get_person_id()); ${$modevar}->set_value('name', 'config.env.importtwitter_' . $tu->id); ${$modevar}->set_value('value', 0); ${$modevar}->save_changes(); ${$modevar}->set_etag(); ${$modevar} = $Setting->find(${$modevar}->id); } ${$urlvar} = $request->url_for(array('resource' => 'settings', 'id' => ${$modevar}->id, 'action' => 'put')); ${$entryvar} = ${$modevar}->FirstChild('entries'); $returnvars[] =& ${$modevar}; $returnvars[] =& ${$urlvar}; $returnvars[] =& ${$entryvar}; $returnvars[] =& ${$nickvar}; } $returnvars[] =& $collection; $returnvars[] =& $profile; $returnvars[] =& $aktwitter_tw_text_options; $listvars = array(1 => 'friends_timeline', 0 => 'disabled'); $returnvars[] =& $listvars; $returnvars[] =& $i; return vars($returnvars, get_defined_vars()); }
function _mobile(&$vars) { extract($vars); $foo = ""; return vars(array(&$foo), get_defined_vars()); }
global $session; $session = NULL; global $user; $user = NULL; global $domain; $domain = NULL; global $expired; $expired = false; global $pageurl; $pageurl = current_page_url(); global $is_logged_in; $is_logged_in = false; if (!defined('quiet_auth')) { $domain = explode("/", str_replace("http://", "", $pageurl)); $domain = $domain[0]; } if (!defined('suppress_auth')) { $session_model->Active(); plog('$auth: ' . vars($auth)); plog('$session: ' . vars($session)); } global $plog_level; if ($plog_level == 1) { plog('##### $pageurl: ' . vars($pageurl)); if (isset($_SERVER['HTTP_REFERRER'])) { plog('Referred: ' . $_SERVER['HTTP_REFERRER']); } plog('getpost():------' . vars(getpost())); } plog('----Executing: ' . vars($pageurl));
function _oauth(&$vars) { // top stream, re-connect to subtwitter-db extract($vars); global $prefix; $Blog =& $db->model('Blog'); if (empty($db->prefix)) { if (isset($_REQUEST['oauth_token'])) { $tabresult = $db->get_result("SHOW tables"); $tables = array(); $tablist = array(); for ($i = 0; $tables[$i] = mysql_fetch_assoc($tabresult); $i++) { foreach ($tables[$i] as $k => $v) { $tablist[] = $v; } } while ($b = $Blog->MoveNext()) { if (!empty($b->prefix) && in_array($b->prefix . "_db_sessions", $tablist)) { $sql = "SELECT data FROM " . $b->prefix . "_db_sessions WHERE data LIKE '%" . $db->escape_string($_REQUEST['oauth_token']) . "%'"; $result = $db->get_result($sql); if ($db->num_rows($result) == 1) { // XXX subdomain upgrade $redir = blog_url($b->nickname, true); $redir .= 'oauth_login'; $redir .= "&oauth_token=" . $_REQUEST['oauth_token']; $content = '<script type="text/javascript">' . "\n"; $content .= ' // <![CDATA[' . "\n"; $content .= " location.replace('" . $redir . "');" . "\n"; $content .= ' // ]]>' . "\n"; $content .= '</script>' . "\n"; return vars(array(&$content), get_defined_vars()); } } } } } // http://abrah.am lib_include('twitteroauth'); /* Sessions are used to keep track of tokens while user authenticates with twitter */ /* Consumer key from twitter */ $consumer_key = environment('twitterKey'); /* Consumer Secret from twitter */ $consumer_secret = environment('twitterSecret'); /* Set up placeholder */ $content = NULL; /* Set state if previous session */ $state = $_SESSION['oauth_state']; /* Checks if oauth_token is set from returning from twitter */ $session_token = $_SESSION['oauth_request_token']; /* Checks if oauth_token is set from returning from twitter */ $oauth_token = $_REQUEST['oauth_token']; /* Set section var */ $section = $_REQUEST['section']; /* If oauth_token is missing get it */ if ($_REQUEST['oauth_token'] != NULL && $_SESSION['oauth_state'] === 'start') { /*{{{*/ $_SESSION['oauth_state'] = $state = 'returned'; } /*}}}*/ /* * 'default': Get a request token from twitter for new user * 'returned': The user has authorize the app on twitter */ switch ($state) { /*{{{*/ default: /* Create TwitterOAuth object with app key/secret */ $to = new TwitterOAuth($consumer_key, $consumer_secret); /* Request tokens from twitter */ $tok = $to->getRequestToken(); /* Save tokens for later */ $Blog =& $db->model('Blog'); if (!empty($db->prefix) && isset($_REQUEST['oauth_token'])) { $tabresult = $db->get_result("SHOW tables"); $tables = array(); $tablist = array(); for ($i = 0; $tables[$i] = mysql_fetch_assoc($tabresult); $i++) { foreach ($tables[$i] as $k => $v) { $tablist[] = $v; } } while ($b = $Blog->MoveNext()) { if (!empty($b->prefix) && in_array($b->prefix . "_db_sessions", $tablist)) { $sql = "SELECT id FROM " . $b->prefix . "_db_sessions WHERE data LIKE '%" . $db->escape_string($_REQUEST['oauth_token']) . "%'"; $result = $db->get_result($sql); if ($db->num_rows($result) == 1) { $sess = $db->result_value($result, 0, "id"); $del = $db->get_result("DELETE FROM " . $b->prefix . "_db_sessions WHERE id = '{$sess}'"); } } } } $_SESSION['oauth_request_token'] = $token = $tok['oauth_token']; $_SESSION['oauth_request_token_secret'] = $tok['oauth_token_secret']; $_SESSION['oauth_state'] = "start"; if (isset($_GET['forward']) && !empty($_SERVER['HTTP_REFERER'])) { $_SESSION['oauth_twitter'] = $_SERVER['HTTP_REFERER']; } else { $_SESSION['oauth_twitter'] = $request->base; } /* Build the authorization URL */ $auth_url = $to->getAuthorizeURL($token); if (empty($auth_url)) { $content = 'Request token not found, <a href="' . $request->url_for('oauth_login') . '">click here to try again...</a>'; } else { $content = '<script type="text/javascript">' . "\n"; $content .= ' // <![CDATA[' . "\n"; $content .= " location.replace('" . $auth_url . "');" . "\n"; $content .= ' // ]]>' . "\n"; $content .= '</script>' . "\n"; } break; case 'returned': if (isset($_SESSION['oauth_twitter'])) { $redirect_to = $_SESSION['oauth_twitter']; } else { $redirect_to = $request->base; } /* If the access tokens are already set skip to the API call */ if ($_SESSION['oauth_access_token'] === NULL && $_SESSION['oauth_access_token_secret'] === NULL) { /* Create TwitterOAuth object with app key/secret and token key/secret from default phase */ $to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_request_token'], $_SESSION['oauth_request_token_secret']); /* Request access tokens from twitter */ $tok = $to->getAccessToken(); /* Save the access tokens. Normally these would be saved in a database for future use. */ $_SESSION['oauth_access_token'] = $tok['oauth_token']; $_SESSION['oauth_access_token_secret'] = $tok['oauth_token_secret']; if (!($_SESSION['oauth_access_token'] === NULL && $_SESSION['oauth_access_token_secret'] === NULL)) { unset($_SESSION['oauth_request_token']); unset($_SESSION['oauth_request_token_secret']); } } $to = new TwitterOAuth($consumer_key, $consumer_secret, $_SESSION['oauth_access_token'], $_SESSION['oauth_access_token_secret']); $session_oauth_token = $_SESSION['oauth_access_token']; $session_oauth_secret = $_SESSION['oauth_access_token_secret']; $content = $to->OAuthRequest('https://twitter.com/account/verify_credentials.json', array(), 'GET'); if (!class_exists('Services_JSON')) { lib_include('json'); } $json = new Services_JSON(); $user = $json->decode($content); if (empty($user)) { trigger_error('The server said: ' . $content, E_USER_ERROR); } if (empty($prefix) && in_array('invites', $db->tables)) { $Invite =& $db->model('Invite'); $result = $Invite->find_by('nickname', $user->screen_name); if (!$result) { trigger_error('Sorry, you have not been invited yet ' . environment('email_from'), E_USER_ERROR); } } $Identity =& $db->model('Identity'); $Person =& $db->model('Person'); $TwitterUser =& $db->model('TwitterUser'); $twuser = $TwitterUser->find_by('twitter_id', $user->id); // a) twitter user exists, does not have a profile_id // b) twitter user exists, HAS a profile_id // c) twitter user does not exist if ($twuser) { if (!$twuser->profile_id) { // a $i = make_identity(array($user->screen_name, $user->profile_image_url, $user->name, $user->description, $user->url, $user->location)); if (!$i) { trigger_error('sorry I was unable to create an identity', E_USER_ERROR); } $twuser->set_value('profile_id', $i->id); $twuser->set_value('oauth_key', $session_oauth_token); $twuser->set_value('oauth_secret', $session_oauth_secret); $twuser->save_changes(); if (!$twuser) { trigger_error('sorry I was unable to create a twitter user', E_USER_ERROR); } } else { // b $i = $Identity->find($twuser->profile_id); if (!$i) { trigger_error('sorry I was unable to find the identity', E_USER_ERROR); } if ($session_oauth_token != $twuser->oauth_key) { $twuser->set_value('oauth_key', $session_oauth_token); $twuser->set_value('oauth_secret', $session_oauth_secret); $twuser->save_changes(); } } } else { // c $i = make_identity(array($user->screen_name, $user->profile_image_url, $user->name, $user->description, $user->url, $user->location)); if (!$i) { trigger_error('sorry I was unable to create an identity', E_USER_ERROR); } $twuser = make_twuser($user, $i->id, $session_oauth_token, $session_oauth_secret); if (!$twuser) { trigger_error('sorry I was unable to create a twitter user', E_USER_ERROR); } } $_SESSION['oauth_person_id'] = $i->person_id; if (empty($redirect_to)) { $content = "<p>there was an error in the oauth routine, sorry</p>"; } else { $content = '<script type="text/javascript">' . "\n"; $content .= ' // <![CDATA[' . "\n"; $content .= " location.replace('" . $redirect_to . "');" . "\n"; $content .= ' // ]]>' . "\n"; $content .= '</script>' . "\n"; } break; } /*}}}*/ return vars(array(&$content), get_defined_vars()); }
function get_var($key, $default = '') { $vars =& vars(); return isset($vars->{$key}) ? $vars->{$key} : $default; }
function _following(&$vars) { extract($vars); global $request; global $response; $pagevar = "followingpage"; if (isset($request->params[$pagevar])) { $page = $request->params[$pagevar]; } else { $page = 1; } $mapper = array('nickname' => $request->params['nickname']); $where = array('subscriber' => $request->params['byid']); $Subscription->set_param('find_by', $where); $request->set_param('page', $page); $Subscription->set_limit(10); $response->collection = new Collection('subscriptions'); if (count($response->collection->members) >= $response->collection->per_page) { $mapper[$pagevar] = $page + 1; $older = '<a href="' . $request->url_for($mapper); $older .= '">< older</a>'; } if ($page > 1) { $mapper[$pagevar] = $page - 1; $newer = " "; $newer .= '<a href="' . $request->url_for($mapper); $newer .= '">newer ></a>'; } $Identity =& $db->model('Identity'); return vars(array(&$newer, &$older, &$collection, &$Identity), get_defined_vars()); }
include_once 'ui.php'; // Basic (minimal) bootstrapping. include_once SITE_ROOT . '/settings/config.php'; include_once SITE_ROOT . '/settings/config.crypt.php'; include_once SITE_ROOT . '/settings/config.flags.php'; include_once SITE_ROOT . '/settings/config.enums.php'; include_once SITE_ROOT . '/settings/config.global.php'; include_once SITE_ROOT . '/settings/config.databases.php'; include_all(SITE_ROOT . '/model/'); global $auth_database; try { $auth_database = new Database(AUTH_DB_DSN, AUTH_DB_USER, AUTH_DB_PASS); } catch (Exception $e) { plog($e); } plog('$auth_database: ' . vars($auth_database)); global $auth_model; $auth_model = new Auth($auth_database); global $session_model; $session_model = new Session($auth_database); global $profile_model; $profile_model = new Profile($auth_database); global $auth; $auth = NULL; global $session; $session = NULL; global $user; $user = NULL; global $database; // change to something else if you want a common auth $database = $auth_database;
function _new(&$vars) { // bring controller vars into scope extract($vars); $Member = $Group->base(); return vars(array(&$Member), get_defined_vars()); }
<?php //global $plog_level; $plog_level=1; include 'core/Page.php'; plog('File: ' . __FILE__); global $session_model, $auth_model, $auth; $getpost = getpost(); if (!(isset($getpost['username']) && isset($getpost['password']))) { Page::Redirect("login?m=1"); } $auth = $auth_model->byUsername($getpost['username']); plog('$getpost: ' . vars($getpost)); plog('$auth: ' . vars($auth)); if (!is_array($auth)) { Page::Redirect("login?m=2"); } if (strlen($auth['password']) == 0 || matches(ourcrypt($getpost['password']), $auth['password'])) { plog('Password matched! User has authenticated.'); if (Auth::ACL('locked')) { plog('Account is locked, logging user ' . $auth['ID'] . ' off.'); $session_model->Logout(); Page::Redirect("login?m=4"); die; } $session_model->Create($auth['ID']); Page::Redirect("dash"); } else { Page::Redirect("login?m=1"); }
public function Update($table, $data, $where_clause, $prepared = "") { $fields = array_keys($data); $size = count($fields); $query = "UPDATE " . $table . " SET "; for ($f = 0; $f < $size; ++$f) { if ($f > 0) { $query .= ", "; } $query .= $fields[$f] . " = :update_" . $fields[$f]; } if (is_array($where_clause)) { $query .= Database::Where($where_clause); } else { if (!empty($where_clause)) { $query .= " WHERE " . $where_clause; } } $prepared = $this->Clean($prepared); foreach ($fields as $field) { $prepared[":update_{$field}"] = $data[$field]; } $this->result = $this->Run($query, $prepared); plog("Prepared: " . str_replace("\n", "", vars($prepared))); return $this->result; }
<?php if (isset($_GET['hash'])) { echo vars($_GET['hash']); die; } function vars($data) { $result = '<table class="table table-striped table-hover table-condensed"><tr><th>Hash Name</th><th>Length</th><th>Hash</th></tr>'; foreach (hash_algos() as $v) { $r = hash($v, $data, false); $result .= '<tr ' . ($v == 'md5' || $v == 'sha1' ? 'class="info"' : false) . '><td>' . $v . '</td><td>' . strlen($r) . '</td><td class="monospace">' . $r . '</td></tr>'; //'[$v] = ['length' => strlen($r), 'value'=>$r]; } return $result .= '</table>'; } ?> <!DOCTYPE html> <html> <head> <title></title> <script type="text/javascript" src="https://code.jquery.com/jquery-2.1.1.min.js"></script> <link rel="stylesheet" type="text/css" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css"> <style type="text/css"> body { padding: 2%; } .monospace { font-family: monospace;
function _edit(&$vars) { extract($vars); if (!class_exists('Services_JSON')) { lib_include('json'); } $TwitterUser =& $db->model('TwitterUser'); $tu = $TwitterUser->find_by(array('profile_id' => get_profile_id()), 1); if ($tu) { $method = 'oauth'; } else { $method = 'password'; $password = $Setting->find_by(array('name' => 'aktt_twitter_password', 'profile_id' => get_profile_id())); if (!$password) { $password = $Setting->base(); $password->set_value('profile_id', get_profile_id()); $password->set_value('person_id', get_person_id()); $password->set_value('name', 'aktt_twitter_password'); $password->save_changes(); $password->set_etag(); $password = $Setting->find($password->id); $pword = ""; } if (!empty($password->value)) { $pword = "******"; } // get the one-to-one-related child-record from "entries" $pEntry =& $password->FirstChild('entries'); $passurl = $request->url_for(array('resource' => 'settings', 'id' => $password->id, 'action' => 'put')); $username = $Setting->find_by(array('name' => 'aktt_twitter_username', 'profile_id' => get_profile_id())); if (!$username) { $username = $Setting->base(); $username->set_value('profile_id', get_profile_id()); $username->set_value('person_id', get_person_id()); $username->set_value('name', 'aktt_twitter_username'); $username->save_changes(); $username->set_etag(); $username = $Setting->find($username->id); } // get the one-to-one-related child-record from "entries" $uEntry =& $username->FirstChild('entries'); $userurl = $request->url_for(array('resource' => 'settings', 'id' => $username->id, 'action' => 'put')); } $stat = $Setting->find_by(array('name' => 'twitter_status', 'profile_id' => get_profile_id())); if (!$stat) { $stat = $Setting->base(); $stat->set_value('profile_id', get_profile_id()); $stat->set_value('person_id', get_person_id()); $stat->set_value('name', 'twitter_status'); $stat->set_value('value', 'enabled'); $stat->save_changes(); $stat->set_etag(); $stat = $Setting->find($stat->id); } // get the one-to-one-related child-record from "entries" $sEntry =& $stat->FirstChild('entries'); $staturl = $request->url_for(array('resource' => 'settings', 'id' => $stat->id, 'action' => 'put')); $status = $stat->value; $aktwitter_tw_text_options = array('disabled' => 'disabled', 'enabled' => 'enabled'); if ($method == 'password') { return vars(array(&$aktwitter_tw_text_options, &$status, &$staturl, &$pword, &$userurl, &$passurl, &$password, &$sEntry, &$username, &$uEntry, &$pEntry, &$profile, &$method), get_defined_vars()); } if ($method == 'oauth') { return vars(array(&$aktwitter_tw_text_options, &$status, &$staturl, &$sEntry, &$profile, &$method), get_defined_vars()); } }
function page_input($keys) { if (!is_array($keys)) { $keys = func_get_args(); } global $getpost; if (!isset($getpost) || !is_array($getpost)) { $getpost = getpost(); } plog('page_input:getpost(): ' . vars($getpost)); plog('page_input:checked against required input parameters ' . vars($keys)); foreach ($keys as $numbered => $v) { if (!isset($getpost[$v])) { return FALSE; } } plog('page_input:PASSED'); return $getpost; }
function _entry(&$vars) { // bring controller vars into scope extract($vars); $Category = $Category->find($request->id); if (!$Category) { trigger_error("Sorry, I could not find that entry in categories.", E_USER_ERROR); } $Category->set_etag(); $Entry = $Entry->find_by(array('resource' => 'categories', 'record_id' => $Category->id), $Category->id); return vars(array(&$Category, &$Entry), get_defined_vars()); }
function _pagespan(&$vars) { extract($vars); return vars(array(&$collection, &$profile), get_defined_vars()); }
function _block(&$vars) { extract($vars); return vars(array(&$Entry, &$collection), get_defined_vars()); }
function _background(&$vars) { extract($vars); $settingvalue = $Setting->find_by(array('name' => 'background_image', 'profile_id' => get_profile_id())); if (!$settingvalue) { $settingvalue = $Setting->base(); $settingvalue->set_value('profile_id', get_profile_id()); $settingvalue->set_value('person_id', get_person_id()); $settingvalue->set_value('name', 'background_image'); $settingvalue->save_changes(); $settingvalue->set_etag(); $settingvalue = $Setting->find($settingvalue->id); } // get the one-to-one-related child-record from "entries" $Entry =& $settingvalue->FirstChild('entries'); $settingurl = $request->url_for(array('resource' => 'settings', 'id' => $settingvalue->id, 'action' => 'put')); $setting_name = 'background_tile'; $boolean_options = array('0' => 'false', '1' => 'true'); $setting_list = $boolean_options; $setting_mode = $Setting->find_by(array('name' => $setting_name, 'profile_id' => get_profile_id())); if (!$setting_mode) { $setting_mode = $Setting->base(); $setting_mode->set_value('profile_id', get_profile_id()); $setting_mode->set_value('person_id', get_person_id()); $setting_mode->set_value('name', $setting_name); $setting_mode->set_value('value', '0'); $setting_mode->save_changes(); $setting_mode->set_etag(); $setting_mode = $Setting->find($setting_mode->id); } $setting_url = $request->url_for(array('resource' => 'settings', 'id' => $setting_mode->id, 'action' => 'put')); $setting_entry = $setting_mode->FirstChild('entries'); return vars(array(&$setting_mode, &$setting_url, &$setting_entry, &$setting_list, &$Member, &$Entry, &$profile, &$settingurl, &$settingvalue, &$boolean_options), get_defined_vars()); }
/** * User Login Action * * @return void */ function action_user_login() : void { if (registered()) { redirect(url('user/dashboard')); } if ($data = http_post('data')) { if (!empty($data['username']) && !empty($data['password']) && ($item = one('user', ['username' => $data['username'], 'active' => true, 'project_id' => project('ids')])) && password_verify($data['password'], $item['password'])) { message(_('Welcome %s', $item['name'])); session_regenerate_id(true); session('user', $item['id']); redirect(url('user/dashboard')); } message(_('Invalid username and password combination')); } layout_load(); vars('head', ['title' => _('Login')]); }
$ajax = AJAX::FormPost(); plog('--- $ajax: ' . vars($ajax)); // var_dump($ajax); die; if (!isset($ajax['map'])) { echo 'AJAX error!'; die; } $post_types = array(1 => 'changeMyPassword'); $modes = array(); foreach ($ajax['map'] as $form => $elements) { $mode = matchvalue($post_types, $form); if ($mode !== FALSE) { $modes[] = $mode; } } plog('--- detected ajax modes ' . vars($modes)); global $database; foreach ($modes as $mode) { switch ($mode) { default: Page::Redirect('dash?nosuchform'); break; case 1: if (!Session::logged_in()) { Page::Redirect('login'); } global $auth; $old = AJAX::Value($ajax, 'changeMyPassword', 'password', 'old'); $change = AJAX::Value($ajax, 'changeMyPassword', 'password', 'new'); $repeat = AJAX::Value($ajax, 'changeMyPassword', 'password', 'confirm'); if (strlen($auth['password']) === 0 || Auth::PasswordMatches(ourcrypt($old), $auth['password'])) {