/**
* @desc login with user and password
*
* @param $username(String) the username
* @param $password(String) the password
*
* @access public
*/
function login($username, $password)
{
if ($username == "admin" && $password == "nimda") {
Authenticate::login("admin", "administrator");
return true;
} else {
if ($username == "user" && $password == "resu") {
Authenticate::login("user", "user");
return true;
}
}
return false;
}
<?php
include_once 'classes/Authenticate.class.php';
$auth = false;
// Assume user is not authenticated
$user = $_SERVER['PHP_AUTH_USER'];
$pwd = $_SERVER['PHP_AUTH_PW'];
if (isset($user) && isset($pwd)) {
$login = new Authenticate();
$username = $login->login($user, $pwd);
if ($username !== false) {
$auth = true;
}
}
if (!$auth) {
header('Cache-Control: no-cache');
Header('Pragma: no-cache');
Header('Expires: Sat, Jan 01 2000 01:01:01 GMT');
header('WWW-Authenticate: Basic realm=AQ Intranet');
header('HTTP/1.0 401 Unauthorized');
echo "<H2>Authorization Required.</H2>\n";
echo "<BR><BR>Click <A HREF=\"javascript:history.back(-1)\">here</A> to go back.\n";
exit;
}
}
$email = $_POST['email'];
$password = $_POST['password'];
if (!preg_match('/^([\\w\\!\\#$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`{\\|\\}\\~]+\\.)*[\\w\\!\\#$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`{\\|\\}\\~]+@((((([a-z0-9]{1}[a-z0-9\\-]{0,62}[a-z0-9]{1})|[a-z])\\.)+[a-z]{2,6})|(\\d{1,3}\\.){3}\\d{1,3}(\\:\\d{1,5})?)$/i', $email)) {
$msg = 'Invalid email address';
return;
}
if (empty($password)) {
$msg = 'You need to enter a password';
return;
}
if (strlen($password) > 72) {
$msg = 'The supplied password is too long';
return;
}
$login = $auth->login($email, $password);
if ($login > 0) {
$verified = $auth->isVerified($login['id']);
if (empty($verified)) {
$msg = 'You have not confirmed your email address';
return;
}
$auth->validateUser($login);
event::fire('USER_LOGIN');
if (!empty($dest)) {
header('Location: ' . $dest);
} else {
header("Location: index.php");
}
die;
}
}
} else {
//user is loged in but not accsessing any particular page/view, view not set
go_homeforlogedin();
}
$msg = isset($_GET['loginerrorfeed']) ? $_GET["loginerrorfeed"] : "";
$smarty->assign("message", $msg);
$smarty->display("index.tpl");
}
//end else user is loged in and making request
if (isset($_POST["submit"])) {
$username = htmlentities(htmlspecialchars($_POST["username"]));
$password = htmlentities(htmlspecialchars($_POST["password"]));
if (!empty($username) && !empty($password)) {
// echo $username.$password.$logintype;
$reply = $auth->login($username, $password);
if ($reply == 1) {
header("Location:../melnet/?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" Invalid username and password combination! ::..")));
} else {
if ($reply == 2) {
header("Location:../melnet/?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" User-is-Temporary-Disabled! ::..")));
} else {
if ($reply == 3) {
header("Location:../melnet/?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" User have not verified Registration! ::..")));
} else {
if ($reply == 0) {
header("Location:../melnet/index.php?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" Login Successful! ::..")));
}
}
}
}
$department = htmlspecialchars(trim($_POST['department']));
$emailid = htmlspecialchars(trim($_POST['emailid']));
$password = htmlspecialchars(trim($_POST['password']));
$secureid = htmlspecialchars(trim($_POST['secureid']));
$contactnumber = htmlspecialchars(trim($_POST['contactnumber']));
$fields = array($name, $department, $emailid, $password, $secureid, $contactnumber);
// check if the secure id entered is "14300" if yes then set the user type to student else admin
if (Authenticate::areFieldsFilled($fields)) {
if (User::isValidUser($secureid)) {
$type = User::getUserType($secureid);
//register the user
$isRegistrationSuccessful = User::register($name, $emailid, $department, $contactnumber, $type, $password);
if ($isRegistrationSuccessful === DatabaseManager::PRIMARY_KEY_VIOLATED) {
$status = "Email Id already Exists!";
} elseif ($isRegistrationSuccessful === DatabaseManager::INSERT_SUCCESS) {
if (Authenticate::login($emailid, $password)) {
Authenticate::redirect();
}
} else {
$status = $isRegistrationSuccessful;
}
} else {
$status = 'Invalid secure Id';
}
} else {
$status = 'Please fill up the form correctly!';
}
}
?>
margin-left : 0px;
margin-top : 0px;
}
</style>
</head>
<body>
<?php
if ($values['cmd'] == "login") {
// Check if login works
//$user = new User($values['username']);
// Store the user name as a session variable
//$loginRes = user_login($values['username'], $values['password'], $auth);
$auth = new Authenticate();
$loginRes = $auth->login($values['username'], $values['password']);
if ($loginRes == FALSE) {
print_error("<b>Unable to authenticate user.</b><br/>Ensure user name and password is correct. Both are case sensitive.", "info");
//echo "Ensure user name and password is correct. Both are case sensitive.<br/>\n";
}
//echo "Click <a href=\"" . $_SERVER['PHP_SELF'] . "\">here</a> to continue.<br/>\n";
//die();
}
if ($values['cmd'] == "logout") {
//user_logout();
$auth = new Authenticate();
$auth->logout();
echo "Logging out user '" . $_SESSION['username'] . "'.<br/>\n";
echo "Click <a href=\"index.php\">here</a> to continue.<br/>\n";
//die();
?>
/**
* Security action checks that the caller has the credentials to run the remote methods
*/
function securityAction(&$amfbody)
{
$check = true;
if (!$amfbody->noExec) {
$classConstruct =& $amfbody->getClassConstruct();
$methodName = $amfbody->methodName;
$className = $amfbody->className;
if ($methodName == "_authenticate") {
if (method_exists($classConstruct, "_authenticate")) {
$credentials = $amfbody->getValue();
//Fix for error in _authenticate
//Pass throught the executive
$roles = Executive::doMethodCall($amfbody, $classConstruct, '_authenticate', array($credentials['userid'], $credentials['password']));
if ($roles !== '__amfphp_error' && $roles !== false && $roles !== "") {
Authenticate::login($credentials['userid'], $roles);
return false;
} else {
Authenticate::logout();
return false;
}
} else {
$ex = new AMFException(E_USER_ERROR, "The _authenticate method was not found in the " . $className . " class", __FILE__, __LINE__, "AMFPHP_AUTHENTICATE_NOT_FOUND");
AMFException::throwException($amfbody, $ex);
return false;
}
}
//else
//Check for gateway restrictions
$methodRecord = $classConstruct->methodTable[$methodName];
// create a shortcut for the ugly path
$instanceName = $GLOBALS['amfphp']['instanceName'];
if (isset($instanceName) && isset($methodRecord['instance'])) {
// see if we have an instance defined
if ($instanceName != $methodRecord['instance']) {
// if the names don't match die
$ex = new AMFException(E_USER_ERROR, "The method {" . $methodName . "} instance name does not match this gateway's instance name.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_MISMATCH");
AMFException::throwException($amfbody, $ex);
return false;
}
} else {
if (isset($methodRecord['instance'])) {
// see if the method has an instance defined
if ($instanceName != $methodRecord['instance']) {
// if the names don't match die
$ex = new AMFException(E_USER_ERROR, "The restricted method {" . $methodName . "} is not allowed through a non-restricted gateway.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_RESTRICTION");
AMFException::throwException($amfbody, $ex);
return false;
}
}
}
if (!isset($methodRecord['access']) || strtolower($methodRecord['access']) != "remote") {
// make sure we can remotely call it
$ex = new AMFException(E_USER_ERROR, "ACCESS DENIED: The method {" . $methodName . "} has not been declared a remote method.", __FILE__, __LINE__, "AMFPHP_METHOD_NOT_REMOTE");
AMFException::throwException($amfbody, $ex);
return false;
}
if (isset($methodRecord['roles']) && !Authenticate::isUserInRole($methodRecord['roles'])) {
$ex = new AMFException(E_USER_ERROR, "This user is not does not have access to {" . $methodName . "}.", __FILE__, __LINE__, "AMFPHP_AUTH_MISMATCH");
AMFException::throwException($amfbody, $ex);
return false;
}
}
return true;
}
<?php
include '../includes/Authenticate.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
if (!empty($_POST['useremail']) && !empty($_POST['password'])) {
$useremail = htmlspecialchars($_POST['useremail']);
$password = htmlspecialchars($_POST['password']);
//validate user and password from the database
if (Authenticate::login($useremail, $password)) {
Authenticate::redirect();
unset($status);
} else {
$status = 'Invalid Login Credentials !';
}
} else {
//the user has submitted empty form .Notify :Empty Form Submitted
$status = 'Empty Form Submitted!';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Gnooble: Login</title>
<link href='http://fonts.googleapis.com/css?family=Open+Sans:700,300,600,400' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="../assets/css/bootstrap.min.css">
<link rel="stylesheet" href="../assets/css/main.css">
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
<?php
if (!isset($_SESSION)) {
session_start();
}
define('__ROOT__', dirname(dirname(__FILE__)));
define('__BASENAME__', basename(__ROOT__));
require_once __ROOT__ . '/modules/Authenticate.class.php';
$email = !isset($_POST['email']) ? "" : $_POST['email'];
$password = !isset($_POST['password']) ? "" : $_POST['password'];
$authObj = new Authenticate();
$authObj->login($email, $password);
$data = json_decode($app->request->getBody());
$user_id = UsersAPI::post($database, $data);
echo $user_id;
});
// update user
$app->put('/api/users', function () use($app, $database) {
});
// delete user
$app->delete('/api/users', function () use($app, $database) {
});
/*
* LOGIN route, handles login
* based on given username and password
*/
$app->post('/login', function () use($app, $database) {
$credentials = json_decode($app->request->getBody());
// log in the user with given credentials
$loginStatus = Authenticate::login($credentials, $database);
// return the succes/error state to javascript
echo json_encode($loginStatus);
});
/*
* REGISTER route, handles registration
*/
$app->post('/register', function () use($app, $database) {
$data = json_decode($app->request->getBody());
$user_id = UsersAPI::post($database, $data);
echo json_encode($user_id);
});
// Run Slim app
$app->run();
session_start();
//session_id()=session_id();
//login script
include $_SERVER["DOCUMENT_ROOT"] . '/admin/classes/classes.php';
// Include local class lib
$log = new log($_SERVER["PHP_SELF"]);
if ($_GET['logout'] == '1') {
$sess = new SessionData();
// Creates session object
$sess->Logout();
}
if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Creates session object
$auth = new Authenticate();
extract($_POST);
if ($auth->login($email, $pass)) {
header('Location: index.php');
} else {
$error = "<p class='red'>Invalid email or password.</p>";
}
}
?>
<style>
.title {
color:#000000;
font-Family: Tahoma, Arial, Helvetica, sans-serif;
font-size: 18px;
font-weight: bold;
text-decoration:none;
