<title>Logout</title>
<meta charset="utf-8">
</head>
<body>
<h1>Log Out</h1>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<p>
<input type="submit" name="single" value="Don't remember me in this browser/computer">
<input type="submit" name="all" value="Don't remember me on any computer">
</p>
<p>
<input type="submit" name="cancel" value="Cancel">
</p>
</form>
</body>
</html>
<?php
} elseif (isset($_POST['single']) || isset($_POST['all'])) {
$autologin = new AutoLogin($db);
if (isset($_POST['single'])) {
$autologin->logout(false);
} else {
$autologin->logout(true);
}
logout_sess();
} elseif (isset($_POST['logout'])) {
logout_sess();
}
include "init.php";
include "header.php";
if (isset($_POST['login'])) {
$username = trim($_POST['username']);
$pwd = trim($_POST['pwd']);
$stmt = $db->prepare('SELECT pwd FROM users WHERE username = :username');
$stmt->bindParam(':username', $username);
$stmt->execute();
$stored = $stmt->fetchColumn();
if (password_verify($pwd, $stored)) {
session_regenerate_id(true);
$_SESSION['username'] = $username;
$_SESSION['authenticated'] = true;
if (isset($_POST['remember'])) {
// create persistent login
$autologin = new AutoLogin($db);
$autologin->persistentLogin();
}
//find the difference between current Date and last_login date
$stmt = $db->prepare('SELECT DATEDIFF(NOW(),last_login) FROM users WHERE username=:username');
$stmt->bindParam(':username', $username);
$stmt->execute();
$stored = $stmt->fetchColumn();
//check the number of days
if ($stored > 0) {
$sql = 'UPDATE users SET chipamount=chipamount+100 WHERE username=:username';
$stmt = $db->prepare($sql);
$stmt->bindParam(':username', $username);
$stmt->execute();
}
//update users current date
*
* @copyright 2004-2015 The Admidio Team
* @see http://www.admidio.org/
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License v2.0 only
***********************************************************************************************
*/
require_once 'common.php';
// remove user from session
$gCurrentSession->setValue('ses_usr_id', '');
$gCurrentSession->save();
// delete content of cookie
$domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
// remove auto login
if (isset($_COOKIE[$gCookiePraefix . '_DATA'])) {
setcookie($gCookiePraefix . '_DATA', '', time() - 1000, '/', $domain, 0);
$autoLogin = new AutoLogin($gDb, $gSessionId);
$autoLogin->delete();
}
// if login organization is different to organization of config file then create new session variables
if ($g_organization !== $gCurrentOrganization->getValue('org_shortname')) {
// read organization of config file with their preferences
$gCurrentOrganization->readDataByColumns(array('org_shortname' => $g_organization));
$gPreferences = $gCurrentOrganization->getPreferences();
// read new profile field structure for this organization
$gProfileFields->readProfileFields($gCurrentOrganization->getValue('org_id'));
}
// clear data from object of current user
$gCurrentUser->clear();
// set homepage to logout page
$gHomepage = $g_root_path . '/' . $gPreferences['homepage_logout'];
$message_code = 'SYS_LOGOUT_SUCCESSFUL';
$stmt = $db->prepare('SELECT pwd FROM users WHERE username = :username');
$stmt->bindParam(':username', $username);
$stmt->execute();
$stored = $stmt->fetchColumn();
if (password_verify($pwd, $stored)) {
session_regenerate_id(true);
$_SESSION['revalidated'] = true;
unset($_SESSION['invalid']);
header('Location: ' . $_SESSION['return_to']);
exit;
} else {
$error = 'Incorrect username or password';
$_SESSION['invalid']++;
if ($_SESSION['invalid'] == $max_attempts) {
if (isset($_SESSION['remember']) || isset($_SESSION['lynda_auth'])) {
$autologin = new AutoLogin($db);
$autologin->logout();
}
logout_sess();
}
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Revalidation</title>
<link href="css/styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php
require_once "init.php";
require_once "AutoLogin.php";
//use Foundationphp\Sessions\AutoLogin;
if (isset($_SESSION['authenticated']) || isset($_SESSION['lynda_auth'])) {
// we're OK
} else {
$autologin = new AutoLogin($db);
$autologin->checkCredentials();
if (!isset($_SESSION['lynda_auth'])) {
header('Location: login.php');
exit;
}
}
$autoLogin->setValidLogin($gCurrentSession, $_COOKIE[$gCookiePraefix . '_DATA']);
$userIdAutoLogin = $autoLogin->getValue('atl_usr_id');
}
} else {
// create new session object and store it in PHP session
$gCurrentSession = new Session($gDb, $gSessionId);
$_SESSION['gCurrentSession'] = $gCurrentSession;
// create system component
$gSystemComponent = new Component($gDb);
$gSystemComponent->readDataByColumns(array('com_type' => 'SYSTEM', 'com_name_intern' => 'CORE'));
$gCurrentSession->addObject('gSystemComponent', $gSystemComponent);
// if cookie ADMIDIO_DATA is set then there could be an auto login
// the auto login must be done here because after that the corresponding organization must be set
if (array_key_exists($gCookiePraefix . '_DATA', $_COOKIE)) {
// restore user from auto login session
$autoLogin = new AutoLogin($gDb, $gSessionId);
$autoLogin->setValidLogin($gCurrentSession, $_COOKIE[$gCookiePraefix . '_DATA']);
$userIdAutoLogin = $autoLogin->getValue('atl_usr_id');
// create object of the organization of config file with their preferences
if ($autoLogin->getValue('atl_org_id') > 0) {
$gCurrentOrganization = new Organization($gDb, $autoLogin->getValue('atl_org_id'));
} else {
$gCurrentOrganization = new Organization($gDb, $g_organization);
}
} else {
// create object of the organization of config file with their preferences
$gCurrentOrganization = new Organization($gDb, $g_organization);
}
if ($gCurrentOrganization->getValue('org_id') === 0) {
// organization not found
exit('<div style="color: #cc0000;">Error: The organization of the config.php could not be found in the database!</div>');
/**
* Check if a valid password is set for the user and return true if the correct password
* was set. Optional the current session could be updated to a valid login session.
* @param string $password The password for the current user. This should not be encoded.
* @param bool $setAutoLogin If set to true then this login will be stored in AutoLogin table
* and the user doesn't need to login another time with this browser.
* To use this functionality @b $updateSessionCookies must be set to true.
* @param bool $updateSessionCookies The current session will be updated to a valid login.
* If set to false then the login is only valid for the current script.
* @return true Return true if the correct password for this user was given to this method.
* @throws AdmException SYS_LOGIN_FAILED
* SYS_LOGIN_FAILED
* SYS_PASSWORD_UNKNOWN
*/
public function checkLogin($password, $setAutoLogin = false, $updateSessionCookies = true)
{
global $gPreferences, $gCookiePraefix, $gCurrentSession, $gSessionId;
if ($this->getValue('usr_number_invalid') >= 3) {
// if within 15 minutes 3 wrong login took place -> block user account for 15 minutes
if (time() - strtotime($this->getValue('usr_date_invalid', 'Y-m-d H:i:s')) < 900) {
$this->clear();
throw new AdmException('SYS_LOGIN_FAILED');
}
}
if ($this->checkPassword($password)) {
if ($updateSessionCookies) {
$gCurrentSession->setValue('ses_usr_id', $this->getValue('usr_id'));
$gCurrentSession->save();
}
// soll der Besucher automatisch eingeloggt bleiben, dann verfaellt das Cookie erst nach einem Jahr
if ($setAutoLogin && $gPreferences['enable_auto_login'] == 1) {
$timestamp_expired = time() + 60 * 60 * 24 * 365;
$autoLogin = new AutoLogin($this->db, $gSessionId);
// falls bereits ein Autologin existiert (Doppelanmeldung an 1 Browser),
// dann kein Neues anlegen, da dies zu 'Duplicate Key' fuehrt
if ($autoLogin->getValue('atl_usr_id') === '') {
$autoLogin->setValue('atl_session_id', $gSessionId);
$autoLogin->setValue('atl_usr_id', $this->getValue('usr_id'));
$autoLogin->save();
}
} else {
$timestamp_expired = 0;
$this->setValue('usr_last_session_id', null);
}
if ($updateSessionCookies) {
// Cookies fuer die Anmeldung setzen und evtl. Ports entfernen
$domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
setcookie($gCookiePraefix . '_ID', $gSessionId, $timestamp_expired, '/', $domain, 0);
// User-Id und Autologin auch noch als Cookie speichern
// vorher allerdings noch serialisieren, damit der Inhalt nicht so einfach ausgelesen werden kann
setcookie($gCookiePraefix . '_DATA', $setAutoLogin . ';' . $this->getValue('usr_id'), $timestamp_expired, '/', $domain, 0);
// count logins and update login dates
$this->saveChangesWithoutRights();
$this->updateLoginData();
}
return true;
} else {
// log invalid logins
if ($this->getValue('usr_number_invalid') >= 3) {
$this->setValue('usr_number_invalid', 1);
} else {
$this->setValue('usr_number_invalid', $this->getValue('usr_number_invalid') + 1);
}
$this->setValue('usr_date_invalid', DATETIME_NOW);
$this->save(false);
// don't update timestamp
$this->clear();
if ($this->getValue('usr_number_invalid') >= 3) {
throw new AdmException('SYS_LOGIN_FAILED');
} else {
throw new AdmException('SYS_PASSWORD_UNKNOWN');
}
}
}
