/**
* url: /?p=api_key
* Returns api_key for user by basic authentication
* {
* api_token: "TOKEN"
* }
*/
function getAPIKey()
{
header("Content-Type: application/json; charset=utf-8");
$user = $_SERVER["PHP_AUTH_USER"];
$password = $_SERVER["PHP_AUTH_PW"];
if ($user == "" || $password == "") {
// user is not authenticated
header("WWW-Authenticate: Basic realm=Authorization Required");
header("HTTP/1.1 401 unauthorized");
echo "{\"error\": \"please send basic auth header\"}";
die;
} else {
// check user
$foundUser = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($user) . "'");
// find user by username
if (count($foundUser) == 1) {
$user = $foundUser[0];
if (verify_password($password, $user['Passwort'], $user['UID'])) {
echo "{\"api_token\": \"" . $user["api_key"] . "\"}";
}
} else {
// TODO: handle wrong auth
header("HTTP/1.1 403 Forbidden");
echo "{\"error\": \"forbidden\"}";
}
die;
}
}
/**
* Delete a user, requires to enter own password for reasons.
*/
function user_delete_controller()
{
global $privileges, $user;
if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']);
} else {
$user_source = $user;
}
if (!in_array('admin_user', $privileges)) {
redirect(page_link_to(''));
}
// You cannot delete yourself
if ($user['UID'] == $user_source['UID']) {
error(_("You cannot delete yourself."));
redirect(user_link($user));
}
if (isset($_REQUEST['submit'])) {
$ok = true;
if (!(isset($_REQUEST['password']) && verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))) {
$ok = false;
error(_("Your password is incorrect. Please try it again."));
}
if ($ok) {
$result = User_delete($user_source['UID']);
if ($result === false) {
engelsystem_error('Unable to delete user.');
}
mail_user_delete($user_source);
success(_("User deleted."));
engelsystem_log(sprintf("Deleted %s", User_Nick_render($user_source)));
redirect(users_link());
}
}
return array(sprintf(_("Delete %s"), $user_source['Nick']), User_delete_view($user_source));
}
function change_password($users, $passwords, $user, $old, $new)
{
if (verify_password($users, $passwords, $user, $old)) {
$new_salt = generate_random_string(20);
$passwords[array_keys($users, $user)][0] = hash_password($new, $new_salt);
$passwords[array_keys($users, $user)][1] = $new_salt;
logout();
}
}
private function checkPassword($form)
{
$pass = $form->getValue('password');
$user = $this->getDataSource()->getCustomerByEmail($form->getValue('username'));
if ($user && verify_password($pass, $user->customer_pw)) {
$this->userCache = $user;
return;
}
return 'Wrong username or password';
}
function verify($pseudo, $password)
{
//verification pseudo
$pseudo_verification = verify_pseudo($pseudo);
//verification mots de passe
if ($pseudo_verification) {
$password_verification = verify_password($pseudo, $password);
}
return $pseudo_verification and $password_verification;
}
public function user_login()
{
$user_name = $this->input->post('user_name');
$query = $this->db->get_where($this->table_users, array('user_name' => $user_name));
if ($query->num_rows() == 1) {
$user = $query->row();
$hash = $user->user_password;
$pass = $this->input->post('user_password');
if (verify_password($pass, $hash)) {
$this->session->set_userdata('logged_in', 1);
$this->session->set_userdata('user_id', $user->user_id);
$this->session->set_userdata('user_name', $user->user_name);
$this->session->set_userdata('user_display_name', $user->user_display_name);
return TRUE;
} else {
return FALSE;
}
} else {
return FALSE;
}
}
function validate_registration_form($form)
{
$errors = [];
$firstName = $form["firstName"];
$lastName = $form["lastName"];
$userName = $form["userName"];
$password = $form["password"];
if (!$firstName) {
$errors["firstName"] = "First name is required";
}
if (!$lastName) {
$errors["lastName"] = "Last name is required";
}
$userNameValid = filter_var($form["userName"], FILTER_VALIDATE_EMAIL);
if (!$userNameValid) {
$errors["userName"] = "******";
}
$passwordValid = verify_password($password);
if (!$passwordValid) {
$errors["password"] = "******";
}
return $errors;
}
function validate_registration_form($form)
{
$errors = [];
$firstName = $form["firstName"];
$lastName = $form["lastName"];
$userName = $form["userName"];
$password = $form["password"];
if (!$firstName) {
$errors["firstName"] = "First name is required";
}
if (!$lastName) {
$errors["lastName"] = "Last name is required";
}
$userNameValid = filter_var($form["userName"], FILTER_VALIDATE_EMAIL);
if (!$userNameValid) {
$errors["userName"] = "******";
}
$passwordValid = verify_password($password);
//Validate
if (!$passwordValid) {
$errors["password"] = "******";
}
return $errors;
}
unset($_SESSION['error_msg']);
unset($_SESSION['info']);
// Get new user information.
$_SESSION['raw_password'] = $_POST['password'];
$_SESSION['raw_pseudo'] = $_POST['pseudo'];
$password = filter_input(INPUT_POST, 'password', FILTER_VALIDATE_REGEXP, $password_pattern);
$username = trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING));
$user = getUserByUsernameOrEmail($username);
if ($user == NULL) {
$_SESSION['error_msg'] = "Incorrect username or email.";
$_SESSION['wrong_username'] = true;
header('location: /app/admin/login/');
exit;
}
// Check if the password matches the one in the database.
$valid = verify_password($password, $user['password']);
if (!$valid) {
$_SESSION['error_msg'] = "Incorrect password.";
$_SESSION['wrong_password'] = true;
header('location: /app/admin/login/');
exit;
}
// The operation is a success, clear error states.
unset($_SESSION['wrong_username']);
unset($_SESSION['wrong_password']);
unset($_SESSION['raw_username']);
unset($_SESSION['raw_password']);
unset($_SESSION['error_msg']);
$_SESSION['loggedin'] = true;
$_SESSION['email'] = $user['email'];
$_SESSION['user_ID'] = $user['user_ID'];
$sex_list = 'M|F|N';
$sex = check_action($sex_list, $sex, 'N');
$member['sex'] = $sex;
}
if ($level_id > 0) {
$member['level_id'] = $level_id;
}
if ($status > 0) {
$member['status'] = $status;
}
if (!empty($password)) {
$member['password'] = md5($password . PASSWORD_END);
if (empty($old_password)) {
$response['errcontent']['old_password'] = '******';
} else {
if (!verify_password($account, $old_password)) {
$response['errcontent']['old_password'] = '******';
}
}
}
if (!empty($super_password)) {
$member['super_password'] = md5($super_password . PASSWORD_END);
if (empty($old_password)) {
$response['errcontent']['old_password'] = '******';
} else {
if (!verify_super_password($account, $old_password)) {
$response['errcontent']['old_password'] = '******';
}
}
}
if (count($response['errcontent']) == 0 && $response['errmsg'] == '') {
function user_settings()
{
global $enable_tshirt_size, $tshirt_sizes, $themes, $locales;
global $user;
$msg = "";
$nick = $user['Nick'];
$lastname = $user['Name'];
$prename = $user['Vorname'];
$age = $user['Alter'];
$tel = $user['Telefon'];
$dect = $user['DECT'];
$mobile = $user['Handy'];
$mail = $user['email'];
$email_shiftinfo = $user['email_shiftinfo'];
$jabber = $user['jabber'];
$hometown = $user['Hometown'];
$tshirt_size = $user['Size'];
$password_hash = "";
$selected_theme = $user['color'];
$selected_language = $user['Sprache'];
$planned_arrival_date = $user['planned_arrival_date'];
$planned_departure_date = $user['planned_departure_date'];
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
$mail = strip_request_item('mail');
if (!check_email($mail)) {
$ok = false;
$msg .= error(_("E-mail address is not correct."), true);
}
} else {
$ok = false;
$msg .= error(_("Please enter your e-mail."), true);
}
$email_shiftinfo = isset($_REQUEST['email_shiftinfo']);
if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
$jabber = strip_request_item('jabber');
if (!check_email($jabber)) {
$ok = false;
$msg .= error(_("Please check your jabber account information."), true);
}
}
if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) {
$tshirt_size = $_REQUEST['tshirt_size'];
} elseif ($enable_tshirt_size) {
$ok = false;
}
if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) {
$planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter your planned date of arrival."), true);
}
if (isset($_REQUEST['planned_departure_date']) && $_REQUEST['planned_departure_date'] != '') {
if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))) {
$planned_departure_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))->getTimestamp();
} else {
$ok = false;
$msg .= error(_("Please enter your planned date of departure."), true);
}
} else {
$planned_departure_date = null;
}
// Trivia
if (isset($_REQUEST['lastname'])) {
$lastname = strip_request_item('lastname');
}
if (isset($_REQUEST['prename'])) {
$prename = strip_request_item('prename');
}
if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
$age = strip_request_item('age');
}
if (isset($_REQUEST['tel'])) {
$tel = strip_request_item('tel');
}
if (isset($_REQUEST['dect'])) {
$dect = strip_request_item('dect');
}
if (isset($_REQUEST['mobile'])) {
$mobile = strip_request_item('mobile');
}
if (isset($_REQUEST['hometown'])) {
$hometown = strip_request_item('hometown');
}
if ($ok) {
sql_query("\n UPDATE `User` SET\n `Nick`='" . sql_escape($nick) . "',\n `Vorname`='" . sql_escape($prename) . "',\n `Name`='" . sql_escape($lastname) . "',\n `Alter`='" . sql_escape($age) . "',\n `Telefon`='" . sql_escape($tel) . "',\n `DECT`='" . sql_escape($dect) . "',\n `Handy`='" . sql_escape($mobile) . "',\n `email`='" . sql_escape($mail) . "',\n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ",\n `jabber`='" . sql_escape($jabber) . "',\n `Size`='" . sql_escape($tshirt_size) . "',\n `Hometown`='" . sql_escape($hometown) . "',\n `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "',\n `planned_departure_date`=" . sql_null($planned_departure_date) . "\n WHERE `UID`='" . sql_escape($user['UID']) . "'");
success(_("Settings saved."));
redirect(page_link_to('user_settings'));
}
} elseif (isset($_REQUEST['submit_password'])) {
$ok = true;
if (!isset($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) {
$msg .= error(_("-> not OK. Please try again."), true);
} elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) {
$msg .= error(_("Your password is to short (please use at least 6 characters)."), true);
} elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) {
$msg .= error(_("Your passwords don't match."), true);
} elseif (set_password($user['UID'], $_REQUEST['new_password'])) {
success(_("Password saved."));
} else {
error(_("Failed setting password."));
}
redirect(page_link_to('user_settings'));
} elseif (isset($_REQUEST['submit_theme'])) {
$ok = true;
if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) {
$selected_theme = $_REQUEST['theme'];
} else {
$ok = false;
}
if ($ok) {
sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
success(_("Theme changed."));
redirect(page_link_to('user_settings'));
}
} elseif (isset($_REQUEST['submit_language'])) {
$ok = true;
if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) {
$selected_language = $_REQUEST['language'];
} else {
$ok = false;
}
if ($ok) {
sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
$_SESSION['locale'] = $selected_language;
success("Language changed.");
redirect(page_link_to('user_settings'));
}
}
return page_with_title(settings_title(), array($msg, msg(), div('row', array(div('col-md-6', array(form(array(form_info('', _("Here you can change your user details.")), form_info(entry_required() . ' = ' . _("Entry required!")), form_text('nick', _("Nick"), $nick, true), form_text('lastname', _("Last name"), $lastname), form_text('prename', _("First name"), $prename), form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()), form_date('planned_departure_date', _("Planned date of departure"), $planned_departure_date, time()), form_text('age', _("Age"), $age), form_text('tel', _("Phone"), $tel), form_text('dect', _("DECT"), $dect), form_text('mobile', _("Mobile"), $mobile), form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo), form_text('jabber', _("Jabber"), $jabber), form_text('hometown', _("Hometown"), $hometown), $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size"), $tshirt_sizes, $tshirt_size) : '', form_info('', _('Please visit the angeltypes page to manage your angeltypes.')), form_submit('submit', _("Save")))))), div('col-md-6', array(form(array(form_info(_("Here you can change your password.")), form_password('password', _("Old password:"******"New password:"******"Password confirmation:")), form_submit('submit_password', _("Save")))), form(array(form_info(_("Here you can choose your color settings:")), form_select('theme', _("Color settings:"), $themes, $selected_theme), form_submit('submit_theme', _("Save")))), form(array(form_info(_("Here you can choose your language:")), form_select('language', _("Language:"), $locales, $selected_language), form_submit('submit_language', _("Save"))))))))));
}
<?php
header('Content-Type: text/xml');
include 'login_functions.php';
echo '<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>';
echo '<Errors>';
$connection = connectDB();
$login = $_POST['login'];
$v_log = verify_login($connection, $login);
echo '<errorLogin>';
if ($v_log === 1) {
echo 'images/yes1.png';
} else {
echo 'images/no1.png';
}
echo '</errorLogin>';
echo '<errorPassword>';
if (isset($_POST['password'])) {
$password = $_POST['password'];
$login = $_POST['login2'];
if (verify_password($connection, $login, $password) === 1) {
echo 'images/yes1.png';
} else {
echo 'images/no1.png';
}
}
echo '</errorPassword>';
echo '</Errors>';
function main_validation($email, $password1, $password2, $fname, $lname, $sex)
{
if (verify_email($email) == true and verify_password($password1, $password2, $lname) == true and validate_sex($sex) == true) {
//$username = validate_username($username);
$password = sha1($password1);
$cxn = $GLOBALS['cxn'];
$last_ip = $_SERVER['REMOTE_ADDR'];
$priv = "user";
$query = "INSERT INTO user_list (email, password, first_name, last_name, date_added, last_login, last_ip, privlege_level, sex) \n\t\t\t\tVALUES(?, ?, ?, ?, NOW(), NOW(), ?, ?, ?)";
$stm2 = $cxn->prepare($query);
if ($GLOBALS['$debug'] == true) {
echo $email . "..." . $password . "..." . $fname . "..." . $lname . "..." . $last_ip . "..." . $priv . "..." . $sex;
}
$stm2->bind_param("sssssss", $email, $password, $fname, $lname, $last_ip, $priv, $sex);
$stm2->execute();
$stm2->close();
// pull user ID for session data
$uid = get_user_id($email);
//// set session infos
$_SESSION['signed_in'] = true;
$_SESSION['fname'] = $fname;
$_SESSION['email'] = $email;
$_SESSION['user_id'] = $uid;
$_SESSION['privleges'] = "user";
//$_SESSION['city'] = $city;
//$_SESSION['state'] = $state;
return true;
} else {
$_SESSION['signed_in'] = false;
return false;
}
}
if ($user != NULL) {
$_SESSION['error_msg'] = "This username already exists.";
$_SESSION['wrong_username'] = true;
header('location: /content/signin_assignment/?action=signup');
exit;
}
// Check if the password meets the requirements.
if (!$password) {
$_SESSION['error_msg'] = "Your password must contain at least 8 characters and be composed of at least 1 number, 1 uppercase letter and 1 lowercase letter.";
$_SESSION['wrong_password'] = true;
header('location: /content/signin_assignment/?action=signup');
exit;
}
// Check if password and verifiy match>
$hashed_password = hash_password($password);
$verified = verify_password($verify, $hashed_password);
if (!$verified) {
$_SESSION['error_msg'] = "The password doesn't match.";
$_SESSION['wrong_verify'] = true;
header('location: /content/signin_assignment/?action=signup');
exit;
}
// Insert new user.
$user['username'] = $username;
$user['password'] = $hashed_password;
$result = add_user($user);
if ($result != 1) {
$_SESSION['info'] = 'The registration failed with a result of ' . $result . ' record(s) added';
header('location: /content/signin_assignment/?action=signup');
exit;
}
function main_validation($email, $password)
{
$errors = $GLOBALS['errors'];
$email2 = verify_email($email);
if ($email2 != false) {
if (verify_password($password, $email2)) {
$cxn = $GLOBALS['cxn'];
$query_email = "SELECT user_id, first_name, privlege_level FROM user_list WHERE email=?";
$stm2 = $cxn->prepare($query_email);
$stm2->bind_param("s", $email2);
$stm2->execute();
$stm2->bind_result($user_id, $first_name, $privleges);
$stm2->fetch();
$stm2->close();
$last_ip = $_SERVER['REMOTE_ADDR'];
//pulled out the one in the table, so we don't need to use prepareds again.
$query_login_time = "UPDATE user_list SET last_login=NOW(), last_ip='{$last_ip}' WHERE user_id='{$user_id}' ";
$res = mysqli_query($cxn, $query_login_time) or die("error: " . mysqli_error($cxn));
/// set session infos
$_SESSION['signed_in'] = true;
$_SESSION['email'] = $email2;
$_SESSION['fname'] = $first_name;
$_SESSION['user_id'] = $user_id;
$_SESSION['privleges'] = $privleges;
//$_SESSION['city'] = $city;
//$_SESSION['state'] = $state;
$arr = array("user_id" => $user_id, "name" => $first_name);
return $arr;
} else {
$errors .= "password did not match our records";
$GLOBALS['errors'] = $errors;
$_SESSION['signed_in'] = false;
return array("user_id" => 0, "name" => "failure");
}
} else {
$errors .= "email was not found";
$GLOBALS['errors'] = $errors;
$_SESSION['signed_in'] = false;
return array("user_id" => 0, "name" => "failure");
}
}
function guest_login()
{
global $user, $privileges;
$nick = "";
unset($_SESSION['uid']);
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) {
$nick = User_validate_Nick($_REQUEST['nick']);
$login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
if (count($login_user) > 0) {
$login_user = $login_user[0];
if (isset($_REQUEST['password'])) {
if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) {
$ok = false;
error(_("Your password is incorrect. Please try it again."));
} else {
//password is okay, check confirmaiton
if ($login_user['user_account_approved'] !== '1') {
$ok = false;
error(_("Your account is not confirmed yet. Please click the link in the mail we sent you. If you didn't get an eMail, ask a dispatcher."));
}
}
} else {
$ok = false;
error(_("Please enter a password."));
}
} else {
$ok = false;
error(_("No user was found with that Nickname. Please try again. If you are still having problems, ask an Dispatcher."));
}
} else {
$ok = false;
error(_("Please enter a nickname."));
}
if ($ok) {
$_SESSION['uid'] = $login_user['UID'];
$_SESSION['locale'] = $login_user['Sprache'];
redirect(page_link_to('shifts'));
}
}
if (in_array('register', $privileges)) {
$register_hint = join('', array('<p>' . _("Please sign up, if you want to help us!") . '</p>', buttons(array(button(page_link_to('register'), register_title() . ' »')))));
} else {
$register_hint = join('', array(error(_('Registration is disabled.'), true)));
}
return page_with_title(login_title(), array(msg(), '<div class="row"><div class="col-md-6">', form(array(form_text('nick', _("Nick"), $nick), form_password('password', _("Password")), form_submit('submit', _("Login")), buttons(array(button(page_link_to('user_password_recovery'), _("I forgot my password")))), info(_("Please note: You have to activate cookies!"), true))), '</div></div>'));
}
<?php
// rather than have login pages spread throughout the site let's have one place for logging in
// that's easy to remember
require_once 'cvs-auth.inc';
commonHeader("Administration Login");
print "<br />\n";
if (!get_user()) {
if (isset($_POST['submit']) && isset($_POST['pass'])) {
$user = verify_password(htmlentities($_POST['user']), htmlentities($_POST['pass']), $_SERVER['PHP_SELF']);
} else {
$user = null;
?>
<h1>Administration Login</h1>
<form action = "<?php
echo $_SERVER['PHP_SELF'];
?>
" method = 'POST'>
<table border='0' cellpadding='3' bgcolor='#e0e0e0' width=<?php
echo isset($SIDEBAR_DATA) ? '50%' : '40%';
?>
>
<tr>
<td><br />User name:</td>
<td><br /><input type = 'text' name = 'user' value = "<?php
echo $user;
?>
"><br /></td>
<tr>
<td>Password:</td>
<td><input type = 'password' name = 'pass' value = '' size = '12'><br /></td>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
$errorMessage = rawurlencode("Your username and password could not be authenticated.");
$username = $_POST["username"];
$password = $_POST["password"];
if (trim($username) != "" && trim($password) != "") {
$usernameArray = explode("@", $username);
$userQuery = db_query("SELECT id,accessLevel,displayListSize FROM user WHERE active=1 AND username="******"Location: /index.php?errorMessage={$errorMessage}");
exit;
}
/* Count the number of workgroups this user is a member of. */
$workgroupQuery = db_query("SELECT workgroupId FROM workgroupUser WHERE userId=" . $userResult["id"]);
$numWorkgroups = db_numrows($workgroupQuery);
$workgroupResult = @db_fetch($workgroupQuery);
/* Update the session table. */
db_query("UPDATE session SET timeout=" . (date("U") + 14400) . ",userId=" . $userResult["id"] . ",accessLevel=" . $userResult["accessLevel"] . ",displayListSize=" . $userResult["displayListSize"] . ",numWorkgroups={$numWorkgroups}" . ",currentWorkgroup=" . $workgroupResult["workgroupId"] . " WHERE id=" . escapeQuote($dss_sessionCookie));
/* User the last login date. */
db_query("UPDATE user SET lastLoginDate=" . date("U") . " WHERE id=" . $userResult["id"]);
header("Location: /index.php");
} else {
header("Location: /index.php?errorMessage={$errorMessage}");
}
function guest_login()
{
global $user, $privileges;
$nick = "";
unset($_SESSION['uid']);
if (isset($_REQUEST['submit'])) {
$ok = true;
if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) {
$nick = User_validate_Nick($_REQUEST['nick']);
$login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
if (count($login_user) > 0) {
$login_user = $login_user[0];
if (isset($_REQUEST['password'])) {
if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) {
$ok = false;
error(_("Your password is incorrect. Please try it again."));
}
} else {
$ok = false;
error(_("Please enter a password."));
}
} else {
$ok = false;
error(_("No user was found with that Nickname. Please try again. If you are still having problems, ask an Dispatcher."));
}
} else {
$ok = false;
error(_("Please enter a nickname."));
}
if ($ok) {
$_SESSION['uid'] = $login_user['UID'];
$_SESSION['locale'] = $login_user['Sprache'];
redirect(page_link_to('news'));
}
}
if (in_array('register', $privileges)) {
$register_hint = join('', array('<p>' . _("Please sign up, if you want to help us!") . '</p>', buttons(array(button(page_link_to('register'), register_title() . ' »')))));
} else {
$register_hint = join('', array(error(_('Registration is disabled.'), true)));
}
return page_with_title(login_title(), array(msg(), '<div class="row"><div class="col-md-6">', form(array(form_text('nick', _("Nick"), $nick), form_password('password', _("Password")), form_submit('submit', _("Login")), buttons(array(button(page_link_to('user_password_recovery'), _("I forgot my password")))), info(_("Please note: You have to activate cookies!"), true))), '</div>', '<div class="col-md-6">', '<h2>' . register_title() . '</h2>', $register_hint, '<h2>' . _("What can I do?") . '</h2>', '<p>' . _("Please read about the jobs you can do to help us.") . '</p>', buttons(array(button(page_link_to('angeltypes') . '&action=about', _("Teams/Job description") . ' »'))), '</div></div>'));
}
<?php
if (isset($_POST['save'])) {
echo ' checked="checked"';
}
?>
/>
</td>
</tr>
</table>
</div>
<?php
}
} else {
if ($user && $pw && verify_password($user, $pw)) {
///FIXME make sure this works for the reporter that doesn't have an account
if ((!isset($_POST['in']) || !is_array($_POST['in'])) && !$auth_user) {
?>
<div class="explain">
Welcome back, <?php
echo $user;
?>
! (Not <?php
echo $user;
?>
?
<a href="?logout=1&id=<?php
echo $id;
?>
$bank_account = $db->escape($bank_account);
}
if ($bank_card == '') {
$response['msg'] .= '-请填写银行卡号<br/>';
} else {
$bank_card = $db->escape($bank_card);
}
if ($mobile == '') {
$response['msg'] .= '-请填写手机号码<br/>';
} else {
$mobile = $db->escape($mobile);
}
if ($password == '') {
$response['msg'] .= '-请填写账户密码<br/>';
} else {
if (!verify_password($_SESSION['account'], $password)) {
$response['msg'] .= '-账户密码错误<br/>';
}
}
if ($response['msg'] == '') {
$bank_card_data = array('account' => $_SESSION['account'], 'bank' => $bank, 'bank_card' => $bank_card, 'bank_account' => $bank_account, 'mobile' => $mobile);
if ($db->autoInsert('bank_card', array($bank_card_data))) {
$response['error'] = 0;
$response['msg'] = '添加银行卡成功';
} else {
$response['msg'] = '001:系统繁忙,请稍后再试';
}
}
echo json_encode($response);
exit;
}
function modifier_password()
{
global $page;
global $url;
global $administration;
global $message;
$page['gabarit'] = "administration";
if (isset($_SESSION['role_user']) && droit_acces($administration['modifier_password'], $_SESSION['role_user'])) {
$page['vue'] = "utilisateurs/change_pwd.vue.php";
if (isset($_POST['change_pwd']) && !isset($_GET['id'])) {
if (strlen($_POST['mdp_user']) < 8) {
$page['message'] = $message['erreur_password_2'];
} elseif ($_POST['mdp_user'] == $_POST['mdp2_user']) {
if (verify_password($_POST['mdp_user'])) {
//verification des regles de gestion
modification_mdp($_POST['id_user'], $_POST['mdp_user']);
header('Location: index.php');
} else {
$page['message'] = $message['erreur_password_2'];
}
} else {
$page['message'] = $message['erreur_password'];
}
} else {
$page['user'] = detail_user($_GET['id']);
$page['user'] = $page['user'][0];
}
} else {
$page['vue'] = "erreur_droit.vue.php";
}
}
function bugs_authenticate(&$user, &$pw, &$logged_in, &$user_flags)
{
global $auth_user, $ROOT_DIR;
// Default values
$user = '';
$pw = '';
$logged_in = false;
$user_flags = BUGS_NORMAL_USER;
// Set username and password
if (!empty($_POST['pw'])) {
if (empty($_POST['user'])) {
$user = '';
} else {
$user = htmlspecialchars($_POST['user']);
}
$user = strtolower($user);
$pw = $_POST['pw'];
} elseif (isset($auth_user) && is_object($auth_user) && $auth_user->handle) {
$user = $auth_user->handle;
$pw = $auth_user->password;
}
// Authentication and user level check
// User levels are: reader (0), commenter/patcher/etc. (edit = 3), submitter (edit = 2), developer (edit = 1)
if (!empty($_SESSION["user"])) {
$user = $_SESSION["user"];
$user_flags = BUGS_DEV_USER;
$logged_in = 'developer';
$auth_user = new stdClass();
$auth_user->handle = $user;
$auth_user->email = "{$user}@php.net";
$auth_user->name = $user;
} elseif ($user != '' && $pw != '' && verify_password($user, $pw)) {
$user_flags = BUGS_DEV_USER;
$logged_in = 'developer';
$auth_user = new stdClass();
$auth_user->handle = $user;
$auth_user->email = "{$user}@php.net";
$auth_user->name = $user;
} else {
$auth_user = new stdClass();
$auth_user->email = isset($_POST['in']['email']) ? $_POST['in']['email'] : '';
$auth_user->handle = '';
$auth_user->name = '';
}
// Check if developer is trusted
if ($logged_in == 'developer') {
require_once "{$ROOT_DIR}/include/trusted-devs.php";
if (in_array(strtolower($user), $trusted_developers)) {
$user_flags |= BUGS_TRUSTED_DEV;
}
if (in_array(strtolower($user), $security_developers)) {
$user_flags |= BUGS_SECURITY_DEV;
}
}
}
$comment = $_POST["comment"];
$adminPassword = $_POST["adminPassword"];
$itemId = $_POST["itemId"];
if (trim($_REQUEST["cancel_button"]) != "") {
header("Location: item_detail.php?search=" . $_POST["search"] . "&itemId={$itemId}");
exit;
}
$itemQuery = db_query("SELECT * FROM item WHERE id=" . escapeValue($itemId));
if (db_numrows($itemQuery) == 1) {
$itemResult = db_fetch($itemQuery);
} else {
header("Location: /index.php");
exit;
}
/* Verify the password entered. */
$userResult = db_fetch(db_query("SELECT username FROM user WHERE id={$dss_userId}"));
if (!verify_password($userResult["username"], $adminPassword)) {
header("Location: /item_detail.php?itemId=" . escapeValue($itemId) . "&errorMessage=" . rawurlencode("The password entered was incorrect."));
exit;
}
/* Get the project and workgroup for this item. */
$projectResult = db_fetch(db_query("SELECT workgroupId,name FROM project WHERE id=" . $itemResult["projectId"]));
$workgroupResult = db_fetch(db_query("SELECT name FROM workgroup WHERE id=" . $projectResult["workgroupId"]));
/* Log this action in the auditlog. */
$logId = db_insert("auditlog");
db_query("UPDATE auditlog SET action='DELETE'" . ",actionByUserId={$dss_userId}" . ",actionDate=" . date("U") . ",actionComment=" . escapeQuote($comment) . ",workgroupName=" . escapeQuote($workgroupResult["name"]) . ",projectName=" . escapeQuote($projectResult["name"]) . ",retentionGroup=" . escapeQuote($itemResult["retentionGroup"]) . ",filetype=" . escapeQuote($itemResult["filetype"]) . ",filesize=" . escapeValue($itemResult["filesize"]) . ",filename=" . escapeQuote($itemResult["filename"]) . ",expirationDate=" . escapeValue($itemResult["expirationDate"]) . ",addedByUserId=" . escapeValue($itemResult["addedByUserId"]) . ",addedDate=" . escapeValue($itemResult["addedDate"]) . ",lastUpdatedByUserId=" . escapeValue($itemResult["lastUpdatedByUserId"]) . ",lastUpdatedDate=" . escapeValue($itemResult["lastUpdatedDate"]) . ",significant=" . escapeValue($itemResult["significant"]) . ",title=" . escapeQuote($itemResult["title"]) . ",description=" . escapeQuote($itemResult["description"]) . ",creator=" . escapeQuote($itemResult["creator"]) . ",creationDate=" . escapeQuote($itemResult["creationDate"]) . ",location=" . escapeQuote($itemResult["location"]) . " WHERE id={$logId}");
/* Remove the item and its thumbnail and delete the item record from the database. */
unlink("{$dss_fileshare}/" . $itemResult["projectId"] . "/" . $itemResult["filename"]);
unlink("{$dss_docRoot}/thumbnail/" . md5($itemResult["id"]) . ".jpg");
db_query("DELETE FROM item WHERE id=" . escapeValue($itemId));
header("Location: item_list.php?search=" . $_POST["search"] . "&projectId=" . $itemResult["projectId"] . "&infoMessage=" . rawurlencode("The item has been deleted."));
