public function control() { $session = new Session(); $dao = DAOFactory::getDAO('OwnerDAO'); $this->setViewTemplate('session.resetpassword.tpl'); $this->disableCaching(); if (!isset($_GET['token']) || !preg_match('/^[\\da-f]{32}$/', $_GET['token']) || !($user = $dao->getByPasswordToken($_GET['token']))) { // token is nonexistant or bad $this->addErrorMessage('You have reached this page in error.'); return $this->generateView(); } if (!$user->validateRecoveryToken($_GET['token'])) { $this->addErrorMessage('Your token is expired.'); return $this->generateView(); } if (isset($_POST['password'])) { if ($_POST['password'] == $_POST['password_confirm']) { if ($dao->updatePassword($user->email, $session->pwdcrypt($_POST['password'])) < 1) { echo "not updated"; } $login_controller = new LoginController(true); $login_controller->addSuccessMessage('You have changed your password.'); return $login_controller->go(); } else { $this->addErrorMessage("Passwords didn't match."); } } else { if (isset($_POST['Submit'])) { $this->addErrorMessage('Please enter a new password.'); } } return $this->generateView(); }
public function control() { $controller = new LoginController(true); if ($this->is_missing_param) { $controller->addErrorMessage('Invalid account activation credentials.'); } else { $owner_dao = DAOFactory::getDAO('OwnerDAO'); $acode = $owner_dao->getActivationCode($_GET['usr']); if ($_GET['code'] == $acode['activation_code']) { $owner = $owner_dao->getByEmail($_GET['usr']); if (isset($owner) && isset($owner->is_activated)) { if ($owner->is_activated == 1) { $controller->addSuccessMessage("You have already activated your account. Please log in."); } else { $owner_dao->activateOwner($_GET['usr']); $controller->addSuccessMessage("Success! Your account has been activated. Please log in."); } } else { $controller->addErrorMessage('Houston, we have a problem: Account activation failed.'); } } else { $controller->addErrorMessage('Houston, we have a problem: Account activation failed.'); } } return $controller->go(); }
public function control() { $config = Config::getInstance(); $this->setViewTemplate('insights.tpl'); $this->addToView('enable_bootstrap', true); $this->addToView('developer_log', $config->getValue('is_log_verbose')); if ($this->shouldRefreshCache()) { if (isset($_GET['u']) && isset($_GET['n']) && isset($_GET['d']) && isset($_GET['s'])) { $this->displayIndividualInsight(); } else { if (!$this->displayPageOfInsights()) { $controller = new LoginController(); return $controller->go(); } } if ($this->isLoggedIn()) { //Populate search dropdown with service users $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $this->addToView('instances', $instance_dao->getByOwner($owner)); } } $this->addToView('tpl_path', THINKUP_WEBAPP_PATH . 'plugins/insightsgenerator/view/'); return $this->generateView(); }
/** * Attempt to log in user via private API key and redirect to specified success or failure URLs based on result * with msg parameter set. * Expected $_GET parameters: * u: email address * k: private API key * failure_redir: failure redirect URL * success_redir: success redirect URL */ public function control() { $this->disableCaching(); if (!isset($_GET['success_redir']) || !isset($_GET['failure_redir']) || $_GET['success_redir'] == "" || $_GET['failure_redir'] == "") { if (!isset($_GET['success_redir']) || $_GET['success_redir'] == "") { $controller = new LoginController(true); $controller->addErrorMessage('No success redirect specified'); return $controller->go(); } if (!isset($_GET['failure_redir']) || $_GET['failure_redir'] == "") { $controller = new LoginController(true); $controller->addErrorMessage('No failure redirect specified'); return $controller->go(); } } else { $this->success_redir = $_GET['success_redir']; $this->failure_redir = $_GET['failure_redir']; if (!isset($_GET['u'])) { $this->fail('User is not set.'); } if (!isset($_GET['k'])) { $this->fail('API key is not set.'); } if ($this->isLoggedIn()) { Session::logout(); } $owner_dao = DAOFactory::getDAO('OwnerDAO'); if ($_GET['u'] == '' || $_GET['k'] == '') { if ($_GET['u'] == '') { $this->fail("Email must not be empty."); } else { $this->fail("API key must not be empty."); } } else { $user_email = $_GET['u']; if (get_magic_quotes_gpc()) { $user_email = stripslashes($user_email); } $owner = $owner_dao->getByEmail($user_email); if (!$owner) { $this->fail("Invalid email."); } elseif (!$owner->is_activated) { $error_msg = 'Inactive account.'; $this->fail($error_msg); // If the credentials supplied by the user are incorrect } elseif (!$owner_dao->isOwnerAuthorizedViaPrivateAPIKey($user_email, $_GET['k'])) { $error_msg = 'Invalid API key.'; $this->fail($error_msg); } else { // user has logged in sucessfully this sets variables in the session Session::completeLogin($owner); $owner_dao->updateLastLogin($user_email); $owner_dao->resetFailedLogins($user_email); $owner_dao->clearAccountStatus($user_email); $this->succeed("Logged in successfully."); } } } }
public function control() { $config = Config::getInstance(); $this->setViewTemplate($this->tpl_name); $this->addToView('enable_bootstrap', true); $this->addToView('developer_log', $config->getValue('is_log_verbose')); $this->addToView('thinkup_application_url', Utils::getApplicationURL()); if ($this->shouldRefreshCache()) { if (isset($_GET['u']) && isset($_GET['n']) && isset($_GET['d']) && isset($_GET['s'])) { $this->displayIndividualInsight(); if (isset($_GET['share'])) { $this->addToView('share_mode', true); } } else { if (!$this->displayPageOfInsights()) { $controller = new LoginController(true); return $controller->go(); } } if ($this->isLoggedIn()) { //Populate search dropdown with service users and add thinkup_api_key for desktop notifications. $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $this->addToView('thinkup_api_key', $owner->api_key); $this->addHeaderJavaScript('assets/js/notify-insights.js'); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instances = $instance_dao->getByOwnerWithStatus($owner); $this->addToView('instances', $instances); $saved_searches = array(); if (sizeof($instances) > 0) { $instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO'); $saved_searches = $instancehashtag_dao->getHashtagsByInstances($instances); } $this->addToView('saved_searches', $saved_searches); //Start off assuming connection doesn't exist $connection_status = array('facebook' => 'inactive', 'twitter' => 'inactive', 'instagram' => 'inactive'); foreach ($instances as $instance) { if ($instance->auth_error != '') { $connection_status[$instance->network] = 'error'; } else { //connection exists, so it's active $connection_status[$instance->network] = 'active'; } } $this->addToView('facebook_connection_status', $connection_status['facebook']); $this->addToView('twitter_connection_status', $connection_status['twitter']); $this->addToView('instagram_connection_status', $connection_status['instagram']); } } if (Utils::isTest() || date("Y-m-d") == '2015-11-26') { $this->addInfoMessage("Happy Thanksgiving! We're thankful you're using ThinkUp."); } $this->addToView('tpl_path', THINKUP_WEBAPP_PATH . 'plugins/insightsgenerator/view/'); if ($config->getValue('image_proxy_enabled') == true) { $this->addToView('image_proxy_sig', $config->getValue('image_proxy_sig')); } return $this->generateView(); }
public function go() { if ($this->isLoggedIn()) { // If logged in, we go to DashboardController $controller = new DashboardController(); echo $controller->go(); } else { // If is not logged in, we go to LoginController $controller = new LoginController(); echo $controller->go(); } }
public function control() { if ($this->isLoggedIn()) { switch ($_GET['action']) { case 'add': if ($this->checkPermission('add_process')) { return $this->addProcess(); } else { // send response as you don't have permission to do the same. } break; case 'view': if ($this->checkPermission('view_process')) { return $this->viewProcess(); } else { // send response as you don't have permission to do the same. } break; case 'modify': if ($this->checkPermission('modify_process')) { return $this->modifyProcess(); } else { echo "not permitted"; exit; // send response as you don't have permission to do the same. } break; case 'delete': if ($this->checkPermission('delete_process')) { return $this->deleteProcess(); } else { // send response as you don't have permission to do the same. } break; case 'map': if ($this->checkPermission('map_process')) { return $this->mapProcess(); } else { // send response as you don't have permission to do the same. } break; default: //Some error like url is not ok. } } else { $controller = new LoginController(true); echo $controller->go(); } }
public function control() { if ($this->isLoggedIn()) { $config = Config::getInstance(); $this->setViewTemplate($this->tpl_name); $first_name = SessionCache::get('first_name'); //$first_name = 'Session'; $this->addToView('first_name', $first_name); //flush(); return $this->generateView(); } else { $controller = new LoginController(true); return $controller->go(); } }
public function control() { $response = $this->preAuthControl(); if (!$response) { return $this->authControl(); if ($this->isLoggedIn()) { return $this->authControl(); } else { $controller = new LoginController(); return $controller->go(); //return $this->bounce(); } } else { return $response; } }
public function control() { $session = new Session(); $owner_dao = DAOFactory::getDAO('OwnerDAO'); $this->view_mgr->addHelp('reset', 'userguide/accounts/index'); $this->setViewTemplate('session.resetpassword.tpl'); $this->addHeaderJavaScript('assets/js/jqBootstrapValidation.js'); $this->addHeaderJavaScript('assets/js/validate-fields.js'); $this->disableCaching(); $config = Config::getInstance(); $this->addToView('is_registration_open', $config->getValue('is_registration_open')); if (!isset($_GET['token']) || !preg_match('/^[\\da-f]{32}$/', $_GET['token']) || !($user = $owner_dao->getByPasswordToken($_GET['token']))) { // token is nonexistant or bad $this->addErrorMessage('You have reached this page in error.'); return $this->generateView(); } if (!$user->validateRecoveryToken($_GET['token'])) { $this->addErrorMessage('Your token is expired.'); return $this->generateView(); } if (isset($_POST['password'])) { if ($_POST['password'] == $_POST['password_confirm']) { $login_controller = new LoginController(true); // Try to update the password if ($owner_dao->updatePassword($user->email, $_POST['password']) < 1) { $login_controller->addErrorMessage('Problem changing your password!'); } else { $owner_dao->activateOwner($user->email); $owner_dao->clearAccountStatus($user->email); $owner_dao->resetFailedLogins($user->email); $owner_dao->updatePasswordToken($user->email, ''); $login_controller->addSuccessMessage('You have changed your password.'); } return $login_controller->go(); } else { $this->addErrorMessage("Passwords didn't match."); } } else { if (isset($_POST['Submit'])) { $this->addErrorMessage('Please enter a new password.'); } } return $this->generateView(); }
public function authControl() { $user_logon = DAOFactory::getDAO('UserLogonDAO'); if (isset($_GET['reason'])) { $reason = 2; } else { $reason = 1; } $user_logon->userLogoutUpdate($reason); Session::logout(); if (!$this->redirectToSternIndiaEndpoint('logout.php')) { $controller = new LoginController(true); if ($reason) { $controller->reason = $reason; } $controller->addSuccessMessage("You have successfully logged out."); return $controller->go(); } }
public function control() { $this->redirectToEmpoddyLabsEndPoint(); $config = Config::getInstance(); if ($this->isLoggedIn()) { //$user_dao = DAOFactory::getDAO('UserDAO'); foreach ($PROCESS_MAP as $key => $value) { if ($_GET['action'] == $key) { if ($this->checkPermission($value['checkPermission'])) { return $this->{$value['function']}(); } else { //@TODO set error response denied permission } } } //@TODO : error response action was not there $user_dao = DAOFactory::getDAO('UserDAO'); //return $this->addUser($user_dao); if ($_GET['action'] == 'setup') { if ($this->checkPermission('client_setup')) { return $this->clientSetup(); } else { #code for error message } } else { if ($_GET['action'] == 'add') { if ($this->checkPermission('client_add')) { return $this->addClient($user_dao); } else { #code for error message } } } } else { //return "Here comes the control"; $controller = new LoginController(true); return $controller->go(); //return $this->addUser($user_dao); } }
public function control() { $config = Config::getInstance(); $this->setViewTemplate('insights.tpl'); $this->addToView('enable_bootstrap', true); $this->addToView('developer_log', $config->getValue('is_log_verbose')); $this->addHeaderJavaScript('assets/js/d3.min.js'); if ($this->shouldRefreshCache()) { if (isset($_GET['u']) && isset($_GET['n']) && isset($_GET['d']) && isset($_GET['s'])) { $this->displayIndividualInsight(); } else { if (!$this->displayPageOfInsights()) { $controller = new LoginController(); return $controller->go(); } } if ($this->isLoggedIn()) { //Populate search dropdown with service users and add thinkup_api_key for desktop notifications. $owner_dao = DAOFactory::getDAO('OwnerDAO'); $owner = $owner_dao->getByEmail($this->getLoggedInUser()); $this->addToView('thinkup_api_key', $owner->api_key); $this->addHeaderJavaScript('assets/js/notify-insights.js'); $instance_dao = DAOFactory::getDAO('InstanceDAO'); $instances = $instance_dao->getByOwner($owner); $this->addToView('instances', $instances); $saved_searches = array(); if (sizeof($instances) > 0) { $instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO'); $saved_searches = $instancehashtag_dao->getHashtagsByInstances($instances); } $this->addToView('saved_searches', $saved_searches); } } $this->addToView('tpl_path', THINKUP_WEBAPP_PATH . 'plugins/insightsgenerator/view/'); return $this->generateView(); }
public function control() { if ($this->isLoggedIn()) { $location_dao = DAOFactory::getDAO('LocationDAO'); if ($_GET['action'] == 'add') { if ($this->checkPermission('add_location')) { return $this->addLocation($location_dao); } else { //error response } } if ($_GET['action'] == 'location_suggest') { return $this->suggestLocation($location_dao); } if ($_GET['action'] == 'view') { return $this->viewLocation($location_dao); } if ($_GET['action'] == 'modify') { if ($this->checkPermission('mod_location')) { return $this->modifyLocation($location_dao); } else { // error response } } if ($_GET['action'] == 'delete') { if ($this->checkPermission('del_location')) { return $this->deleteLocation($location_dao); } else { // error response } } } else { $controller = new LoginController(true); return $controller->go(); } }
public function testAlreadyLoggedIn() { $this->simulateLogin('*****@*****.**'); $controller = new LoginController(true); $results = $controller->go(); $this->assertPattern('/Logged in as: me@example.com/', $results); }
public function testValidLoginWithCustomRedirect() { $_POST['Submit'] = 'Log In'; $_POST['email'] = '*****@*****.**'; $_POST['pwd'] = 'secretpassword'; $_POST['redirect'] = 'http://example.com/redirect/'; $controller = new LoginController(true); $results = $controller->go(); $this->debug($controller->redirect_destination); $this->assertPattern('/example\\.com\\/redirect/', $controller->redirect_destination); }
public function testOfControllerWithRegistrationClosed() { // make sure registration is closed $bvalues = array('namespace' => OptionDAO::APP_OPTIONS, 'option_name' => 'is_registration_open', 'option_value' => 'false'); $bdata = FixtureBuilder::build('options', $bvalues); $controller = new LoginController(true); $result = $controller->go(); $v_mgr = $controller->getViewManager(); $this->assertEqual($v_mgr->getTemplateDataItem('is_registration_open'), false); $this->assertNoPattern('/Register/', $result); }
public function testFailedLoginLockout() { $hashed_pass = ThinkUpTestLoginHelper::hashPasswordUsingDeprecatedMethod("blah"); $owner = array('id' => 2, 'email' => '*****@*****.**', 'pwd' => $hashed_pass, 'is_activated' => 1); $builder = FixtureBuilder::build('owners', $owner); //force login lockout by providing the wrong password more than 10 times $i = 1; while ($i <= 11) { $_POST['Submit'] = 'Log In'; $_POST['email'] = '*****@*****.**'; $_POST['pwd'] = 'blah1'; $controller = new LoginController(true); $results = $controller->go(); $v_mgr = $controller->getViewManager(); $this->assertEqual($v_mgr->getTemplateDataItem('controller_title'), 'Log in'); $owner = $this->DAO->getByEmail('*****@*****.**'); if ($i < 10) { $this->assertPattern("/Incorrect password/", $v_mgr->getTemplateDataItem('error_msg')); $this->assertEqual($owner->failed_logins, $i); } else { $this->assertEqual("Inactive account. Account deactivated due to too many failed logins. " . '<a href="forgot.php">Reset your password.</a>', $v_mgr->getTemplateDataItem('error_msg')); $this->assertEqual($owner->account_status, "Account deactivated due to too many failed logins"); } $i = $i + 1; } }
public function control() { $this->redirectToEmpoddyLabsEndPoint(); $config = Config::getInstance(); if ($this->isLoggedIn()) { //$user_dao = DAOFactory::getDAO('UserDAO'); $user_dao = DAOFactory::getDAO('UserDAO'); switch ($_GET['action']) { case 'add': if ($this->checkPermission('add_user')) { return $this->addUser($user_dao); } else { //@TODO: handle not permitted case } break; case 'view': if ($this->checkPermission('view_user')) { return $this->viewUser($user_dao); } else { //@TODO: handle not permitted case } break; case 'modify': if ($this->checkPermission('modify_user')) { return $this->modifyUser($user_dao); } else { //@TODO: handle not permitted case } break; case 'delete': if ($this->checkPermission('delete_user')) { return $this->deleteUser($user_dao); } else { //@TODO: handle not permitted case } break; default: //@TODO : A error page to be shown return "You don't have permission to do the same."; } } else { $controller = new LoginController(true); return $controller->go(); } }
* The page for calling the Hackademic Login Controller * * Copyright (c) 2012 OWASP * * LICENSE: * * This file is part of Hackademic CMS (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project). * * Hackademic CMS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public * License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any * later version. * * Hackademic CMS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with Hackademic CMS. If not, see * <http://www.gnu.org/licenses/>. * * * @author Pragya Gupta <pragya18nsit[at]gmail[dot]com> * @author Konstantinos Papapanagiotou <conpap[at]gmail[dot]com> * @license http://www.gnu.org/licenses/gpl.html * @copyright 2012 OWASP * */ require_once "../init.php"; require_once HACKADEMIC_PATH . "controller/class.LoginController.php"; $controller = new LoginController(); echo $controller->go();
public function testOfThinkUpLLCRedirect() { $config = Config::getInstance(); $config->setValue('thinkupllc_endpoint', 'http://example.com/user/'); $controller = new LoginController(true); $result = $controller->go(); $this->assertEqual($controller->redirect_destination, 'http://example.com/user/'); }
public function testAlreadyLoggedIn() { $this->simulateLogin('*****@*****.**'); $controller = new LoginController(true); $results = $controller->go(); $this->assertTrue(strpos($results, 'Logged in as: me@example.com') > 0); }
<?php /* * Copyright 2014 Empodex PHP Framework. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @copyright 2014-2015 Empoddy Labs. * @author Prabhat Shankar <prabhat.singh88[at]gmail.com> */ chdir('..'); require_once 'init.php'; $controller = new LoginController(); $result = $controller->go(); //var_dump(Utils::convert($controller->baseMem)); //Profiler::debugPoint(true,__METHOD__, __FILE__, __LINE__, Utils::convert(memory_get_usage(true))); echo $result;