public function validarUsuario()
{
$obj = new LoginHelper();
$login = $_POST['login'];
$senha = $_POST['senha'];
$dados = array('login' => $login, 'senha' => $senha);
$obj->open();
$this->view('Painel/validarUsuario', false);
if ($obj->login($login, $senha)) {
$this->block("BLOCK_LOGIN_MSG");
}
$obj->close();
$this->show();
}
function registreerNieuweUser($login, $pasw)
{
$_SESSION["msg"] = "Registratie niet gelukt. Probeer later opnieuw.";
//default message
//controleren of de login reeds gebruikt is....
$connection = new W_DatabaseHelper("cms");
$querystring = "SELECT * \n\t\t\t\t\t\t FROM users \n\t\t\t\t\t\t WHERE naam LIKE :login \n\t\t\t\t\t\t";
$bindValues = [":login" => $login];
$resultset = $connection->query($querystring, $bindValues);
//$resultset = $connection->query($querystring);
//var_dump($resultset);
if (sizeof($resultset) > 0) {
$_SESSION["msg"] = "Deze naam is reeds in gebruik. Gelieve een andere login te kiezen.";
} else {
$querystring = "INSERT INTO users(naam, paswoord, salt) \n\t\t\t\t\t\t\tVALUES (:login, :pasw, :newsalt) \n\t\t\t\t\t\t\t";
///// SECURITY voor paswoord...
//salt aanmaken
$newsalt = generateSalt();
//parameter 5 in onderstaande lijn betekent dat we kiezen voor algoritme SHA256...
$pasw = hash("sha256", $pasw . $newsalt);
//var_dump($pasw);
$bindValues = [":login" => $login, ":pasw" => $pasw, ":newsalt" => $newsalt];
$resultset = $connection->query($querystring, $bindValues);
$validatedUser = LoginHelper::checklogin($login, $pasw);
$_SESSION["msg"] = "Proficiat met uw registratie. U bent meteen ook ingelogd met uw nieuwe login en paswoord.";
/// get the new user's userid...
$querystring = "SELECT userid FROM users\n\t\t\t\t\t\t\tWHERE naam LIKE :login \n\t\t\t\t\t\t\tAND paswoord LIKE :pasw \n\t\t\t\t\t\t\tAND salt LIKE :newsalt\n\t\t\t\t\t\t\t";
$bindValues = [":login" => $login, ":pasw" => $pasw, ":newsalt" => $newsalt];
$resultset = $connection->query($querystring, $bindValues);
//var_dump($resultset);
$_SESSION["user"] = $resultset[0]["userid"];
$_SESSION["username"] = $login;
}
//return $resultmessage;
}
/**
* Constructor
* Checks if we have a valid session and then calls the super constructor.
*/
function __construct($request)
{
// Check if session is valid
if (LoginHelper::checkSession() == true) {
parent::__construct($request);
} else {
// Session is not valid
$genericResult = new GenericResult(ERROR_SESSION_INVALID);
$view = new SimpleView($genericResult);
$view->render();
session_destroy();
die;
}
}
/**
* Redirect to Special:Userlogin if the specified message is compatible. Otherwise,
* show an error page as usual.
*/
public function report()
{
// If an unsupported message is used, don't try redirecting to Special:Userlogin,
// since the message may not be compatible.
if (!in_array($this->msg, LoginHelper::getValidErrorMessages())) {
parent::report();
}
// Message is valid. Redirec to Special:Userlogin
$context = RequestContext::getMain();
$output = $context->getOutput();
$query = $context->getRequest()->getValues();
// Title will be overridden by returnto
unset($query['title']);
// Redirect to Special:Userlogin
$output->redirect(SpecialPage::getTitleFor('Userlogin')->getFullURL(['returnto' => $context->getTitle()->getFullText(), 'returntoquery' => wfArrayToCgi($query), 'warning' => $this->msg]));
$output->output();
}
/**
* Handles the Logins and renders the view.
*/
protected function login($request)
{
$pass = $request->getValue(CONTROLLER_LOGIN_PASS);
// We encode the entered Password in md5. Make sure the password in the configuration is also md5 encoded
$pass = md5($pass);
if ($pass == USER_PASS && LoginHelper::isLocked() == false) {
// Cookie (valid for session)
$token = LoginHelper::getToken();
$_SESSION[SESSION_TOKEN] = $token;
$genericResult = new GenericResult(STATUS_OK);
// Reset the login counter
LoginHelper::updateLoginInfo($request, true);
} else {
$genericResult = new GenericResult(ERROR_LOGIN_INVALID);
LoginHelper::updateLoginInfo($request, false);
session_destroy();
}
$view = new SimpleView($genericResult);
$view->render();
}
/*
This page receives the sign up information (Sign up using Treasherlocked i.e Oauth_Default)
via an AJAX request. The page validates and completes the Oauth registration.
*/
require $_SERVER['DOCUMENT_ROOT'] . '/ts2/config/consts.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['spoof_proof']) && $_POST['spoof_proof'] == $_SESSION['spoof_proof']) {
require_once DOCUMENT_ROOT . 'classes/LoginHelper.php';
require_once DOCUMENT_ROOT . 'classes/Registrar.php';
require_once DOCUMENT_ROOT . 'config/db.php';
$name = $db->escape($_POST['username']);
$password = sha1($_POST['password']);
$remember = isset($_POST['remember']) ? true : false;
$result = $db->rawQuery("SELECT id\n\t\t\t\t\t\t\tFROM users \n\t\t\t\t\t\t\tWHERE \n\t\t\t\t\t\t\t\t( email = ? OR username = ? ) \n\t\t\t\t\t\t\t\tAND oauth_type = ? \n\t\t\t\t\t\t\t\tAND password = ?\n\t\t\t\t\t\t\t\tAND verified = ?\n\t\t\t\t\t\t\t", array($name, $name, OAUTH_DEFAULT, $password, 1));
if ($db->count > 0) {
$user = $result[0];
// Valid credentials
$loginHelper = new LoginHelper($db);
$redirect_uri = $loginHelper->Login($user['id'], OAUTH_DEFAULT, null, $remember);
$result = array('success' => true, 'redirect_uri' => $redirect_uri);
} else {
// invalid credentails
$result = array('success' => false);
}
header('Content-Type: application/json');
echo json_encode($result);
exit;
} else {
header('HTTP/1.1 404 Not Found');
}
<?php
require $_SERVER['DOCUMENT_ROOT'] . '/ts2/config/consts.php';
require DOCUMENT_ROOT . 'classes/LoginHelper.php';
session_start();
$loginHelper = new LoginHelper();
if ($loginHelper->IsLoggedIn()) {
header('Location: ' . SITE_URL);
exit;
}
$loginHelper->suppressRegistration(OAUTH_GOOGLE);
require 'config/client.php';
require 'config/login.php';
require 'Google/Google.php';
$google = new Google(APP_NAME, CLIENT_ID, CLIENT_SECRET, unserialize(SCOPES), REDIRECT_URI);
header("Location: " . $google->getLoginURL());
exit;
protected function isLogged()
{
parent::setUrl();
parent::setExplode();
parent::setController();
$module = parent::getModule();
if ($module == "admin") {
$obj = new LoginHelper();
if ($obj->isLogged()) {
if ($this->tp->exists('S_USERNAME')) {
$this->tp->S_USERNAME = $_SESSION['usuario_nome'];
}
if ($this->tp->exists('S_EMAIL')) {
$this->tp->S_EMAIL = $_SESSION['usuario_email'];
}
if ($this->tp->exists('S_LOGIN')) {
$this->tp->S_LOGIN = $_SESSION['usuario_login'];
}
} else {
throw new Exception_Login();
}
}
}
require_once 'Google/Service/Oauth2.php';
require 'Google/Google.php';
$google = new Google(APP_NAME, CLIENT_ID, CLIENT_SECRET, unserialize(SCOPES), REDIRECT_URI);
if (isset($_GET['code'])) {
// Exchange the code for access token
$google->authenticate($_GET['code']);
$_SESSION['access_token'] = $google->getAccessToken();
$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
exit;
}
if ($google->IsAuthenticated()) {
// Google User is authenticated and authorized
// Login/Registration can be proceeded
$gUser = $google->getUserProfile();
$loginHelper = new LoginHelper($db);
$user_id = $loginHelper->IsRegistered(OAUTH_GOOGLE, $gUser['id']);
if ($user_id) {
// User is already registered - Log in the user
$redicrect_uri = $loginHelper->Login($user_id, OAUTH_GOOGLE, $gUser['id']);
header("Location: {$redirect_uri}");
exit;
} else {
// User is not registerd
// Email may be registered already
$rUser = $loginHelper->IsEmailRegistered($gUser['email']);
if ($rUser) {
// Email is already registered - Login the user
$redirect_uri = $loginHelper->Login($rUser['id'], $rUser['oauth_type'], $rUser['oauth_id']);
header("Location: {$redirect_uri}");
exit;
account (trial to create multiple accounts) */
$db->where('email', $user['email'])->where('verified', '1');
$db->getOne('users');
if ($db->count > 0) {
// Email is already associated to another account
$verified = false;
// Record is no more usable. User will be asked to register using different email
$db->where('id', $user_id);
$db->delete('users');
} else {
$db->where('id', $user_id);
if ($db->update('users', array('verified' => '1', 'auth_code' => ''))) {
$verified = true;
/* Login the user */
require DOCUMENT_ROOT . 'classes/LoginHelper.php';
$loginHelper = new LoginHelper($db);
$loginHelper->Login($user_id);
}
}
} else {
/* Spoof request */
$invalid_request = true;
}
} else {
/* Spoof Request */
$invalid_request = true;
}
?>
<!DOCTYPE html>
<html>
<head>
unset($_REQUEST["signin"]);
}
// signout
if (isset($_REQUEST["signout"])) {
LoginHelper::logout(true);
} else {
if (isset($_REQUEST["signin"]) && !opt("httpAuthLogin")) {
LoginHelper::logout(false);
}
}
// signin
if (opt("httpAuthLogin")) {
LoginHelper::check_http_auth();
} else {
if (isset($_REQUEST["signin"])) {
LoginHelper::check_login();
} else {
if ((isset($_REQUEST["signin"]) || isset($_REQUEST["signout"])) && isset($_REQUEST["post"])) {
redirectSelf();
}
}
}
// set interesting user
$User = null;
if (isset($_REQUEST["u"]) && !($User = ContactView::prepare_user($_REQUEST["u"]))) {
redirectSelf(array("u" => null));
}
if (!$Me->isPC || !$User) {
$User = $Me;
}
// check problem set openness
<?php
include_once 'phpcode/config.php';
include_once 'phpcode/helperclasses/loginHelper.php';
include_once 'phpcode/secureSession.php';
sec_session_start();
$user = R::dispense('user');
$user = R::load('user', 1);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!empty($_POST['email']) && !empty($_POST['password'])) {
if (LoginHelper::login($user, $_POST['email'], $_POST['password'])) {
//then save user to the session and redirect to admin page
$_SESSION['username'] = $user->userName;
$_SESSION['userEmail'] = $user->email;
redirect('admin.php');
}
}
}
include "header.php";
?>
<div class="section" id="loginForm">
<div class="container" >
<div class="row">
<div class="col-md-12">
<h1 class="headerfont text-center">LOGIN HERE</h1>
<form role="form" id="LoginForm" action="login.php" method="post" class="albDesc">
<div class="form-group">
<label class="control-label" for="exampleInputEmail1">Email address</label>
<input class="form-control" id="exampleInputEmail1"
placeholder="Enter email" type="email" name="email">
exit;
}
// If user doesn't grant the access, redirect to the login page
if (isset($_GET['denied'])) {
header("Location: " . SITE_URL . "login/?access_denied");
exit;
}
require 'config/consumer.php';
require 'config/login.php';
require 'Twitter/Twitter.php';
$twitter = new Twitter(CONSUMER_KEY, CONSUMER_SECRET, REDIRECT_URI);
if ($twitter->IsAuthenticated()) {
// Twitter user is authenticated and authorized
// Login/Registration can be proceeded
$twitter_user = $twitter->getUserProfile();
$loginHelper = new LoginHelper($db);
$user_id = $loginHelper->IsRegistered(OAUTH_TWITTER, $twitter_user->id);
if ($user_id) {
// User is registered
// TWITTER user needs to have their email verfieid
if ($loginHelper->IsVerified($user_id)) {
$redirect_uri = $loginHelper->Login($user_id, OAUTH_TWITTER, $twitter_user->id);
header("Location: {$redirect_uri}");
} else {
$not_verified = true;
/* Keeping `access token` alive generates login URL with invalid Oauth token if
user goes to `oauth\twitter\index.php`
*/
// TBD: clearTwitterCredentials
if (isset($_SESSION['access_token'])) {
unset($_SESSION['access_token']);
$user['username'] = $username;
$user['institute'] = $institute;
if (isset($location)) {
$user['location'] = $location;
}
// Add user's record to the database
$registrar = new Registrar($db);
$id = $registrar->registerUser($user);
if ($id) {
// Delete tempUser record
$db->where('id', $_SESSION['temp_user_id']);
$db->delete('users_temp');
unset($_SESSION['registration_pending']);
unset($_SESSION['temp_user_id']);
// Now that the registration is complete, log in the user
$loginHelper = new LoginHelper();
$loginHelper->Login($id, $user['oauth_type'], $user['oauth_id']);
exit;
// END OF SCRIPT //
}
} else {
$registrar = new Registrar($db);
echo $registrar->getHTML($error);
// Get error HTML
var_dump($error);
exit;
}
}
/* No any data POSTed but registration is pending - show Additional Information page */
if (isset($_SESSION['registration_pending'])) {
require_once DOCUMENT_ROOT . 'classes/Registrar.php';
}
}
for ($i = 0; $i <= 1; ++$i) {
if (!$kiosk_keys[$i]) {
$key = hotcrp_random_password();
$kiosks[$key] = (object) array("update_at" => $Now, "show_papers" => !!$i);
$kiosk_keys[$i] = $kchange = $key;
}
}
// save kiosks
if ($kchange) {
$Conf->save_setting("__tracker_kiosk", 1, $kiosks);
}
}
if ($Me->privChair && isset($_POST["signout_to_kiosk"]) && check_post()) {
LoginHelper::logout(false);
$Me->change_capability("tracker_kiosk", $kiosk_keys[@$_POST["buzzer_showpapers"] ? 1 : 0]);
redirectSelf();
}
function kiosk_lookup($key)
{
global $Conf, $Now;
$kiosks = (array) ($Conf->setting_json("__tracker_kiosk") ?: array());
if (@$kiosks[$key] && $kiosks[$key]->update_at >= $Now - 604800) {
return $kiosks[$key];
}
return null;
}
$kiosk = null;
if (!$Me->has_email() && !$Me->capability("tracker_kiosk") && ($key = Navigation::path_component(0)) && ($kiosk = kiosk_lookup($key))) {
$Me->change_capability("tracker_kiosk", $key);
/**
* Run any hooks registered for logins, then HTTP redirect to
* $this->mReturnTo (or Main Page if that's undefined). Formerly we had a
* nice message here, but that's really not as useful as just being sent to
* wherever you logged in from. It should be clear that the action was
* successful, given the lack of error messages plus the appearance of your
* name in the upper right.
* @param bool $direct True if the action was successful just now; false if that happened
* pre-redirection (so this handler was called already)
* @param StatusValue|null $extraMessages
*/
protected function successfulAction($direct = false, $extraMessages = null)
{
global $wgSecureLogin;
$user = $this->targetUser ?: $this->getUser();
$session = $this->getRequest()->getSession();
if ($direct) {
$user->touch();
$this->clearToken();
if ($user->requiresHTTPS()) {
$this->mStickHTTPS = true;
}
$session->setForceHTTPS($wgSecureLogin && $this->mStickHTTPS);
// If the user does not have a session cookie at this point, they probably need to
// do something to their browser.
if (!$this->hasSessionCookie()) {
$this->mainLoginForm([], $session->getProvider()->whyNoSession());
// TODO something more specific? This used to use nocookieslogin
return;
}
}
# Run any hooks; display injected HTML if any, else redirect
$injected_html = '';
Hooks::run('UserLoginComplete', [&$user, &$injected_html]);
if ($injected_html !== '' || $extraMessages) {
$this->showSuccessPage('success', $this->msg('loginsuccesstitle'), 'loginsuccess', $injected_html, $extraMessages);
} else {
$helper = new LoginHelper($this->getContext());
$helper->showReturnToPage('successredirect', $this->mReturnTo, $this->mReturnToQuery, $this->mStickHTTPS);
}
}
<?php
require $_SERVER['DOCUMENT_ROOT'] . '/ts2/config/consts.php';
require DOCUMENT_ROOT . 'classes/LoginHelper.php';
session_start();
$loginHelper = new LoginHelper();
if ($loginHelper->IsLoggedIn()) {
header('Location: ' . SITE_URL);
exit;
}
$loginHelper->suppressRegistration(OAUTH_FACEBOOK);
require 'config/app.php';
require 'config/login.php';
require 'Facebook/Facebook.php';
$facebook = new Facebook(APP_ID, APP_SECRET, REDIRECT_URI);
$facebook->setScopes(unserialize(SCOPES));
$loginURL = $facebook->getLoginURL();
header("Location: {$loginURL}");
exit;
// LOACTION <<<<
// >>>> EMAIL
if (!preg_match('/^([\\w-\\.]+@([\\w-]+\\.)+[\\w-]{2,4})?$/', $email)) {
$error['email'] = '<span>Email</span> must be in the form <em>someone@somewhere.tld</em>.';
} else {
$loginHelper = new LoginHelper($db);
if ($loginHelper->IsEmailRegistered($email)) {
$error['email'] = '<span>Email</span> address is already registered.';
}
}
// EMAIL <<<<
// >>>> USERNAME
if (!preg_match('/^[a-z0-9_!@#$%^&*]{3,25}$/i', $username)) {
$error['username'] = '******';
} else {
$loginHelper = new LoginHelper($db);
if (!$loginHelper->IsUsernameAvailable($username)) {
$error['username'] = '******';
}
}
// USERNAME <<<<
// >>>> PASSWORD
if (strlen($password) < 6) {
$error['password'] = '******';
} else {
if ($password != $password2) {
$error['password'] = '******'t match.';
}
}
// PASSWORD <<<<
/* ----- VALIDATION */
<?php require 'config/consts.php'; $page = HOW_TO_PLAY; session_start(); require_once DOCUMENT_ROOT . 'classes/LoginHelper.php'; require_once DOCUMENT_ROOT . 'config/db.php'; /* Check if the user is logged in/Login the user if presence cookie is present */ $loginHelper = new LoginHelper($db); $loggedIn = $loginHelper->IsLoggedIn(); ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" /> <link rel="shortcut icon" href="favicon.png" type="image/png"> <link rel="icon" href="<?php echo SSTATIC; ?> favicon.png" type="image/png"> <title>How to play Treasherlocked? - Treasherlocked 2.0</title> <meta name="description" content="Tutorial on how to play Treasherlocked." /> <meta name="keywords" content="how to play treasherlocked, how to play treasure hunt, treasherlocked tutorial" /> <link href="<?php echo SSTATIC; ?>
<?php
require $_SERVER['DOCUMENT_ROOT'] . '/ts2/config/consts.php';
require DOCUMENT_ROOT . 'classes/LoginHelper.php';
session_start();
$loginHelper = new LoginHelper();
if ($loginHelper->IsLoggedIn()) {
header('Location: ' . SITE_URL);
exit;
}
$loginHelper->suppressRegistration(OAUTH_TWITTER);
require 'config/consumer.php';
require 'config/login.php';
require 'Twitter/Twitter.php';
$twitter = new Twitter(CONSUMER_KEY, CONSUMER_SECRET, REDIRECT_URI);
header("Location: " . $twitter->getLoginURL());
exit;
/*
$temp_credentials = $connection->getRequestToken( REDIRECT_URI );
$_SESSION['oauth_token'] = $token = $temp_credentials['oauth_token'];
$_SESSION['oauth_token_secret'] = $temp_credentials['oauth_token_secret'];
header( "Location: " . $connection->getAuthorizeURL($token) );
exit;
*/
/**
* @deprecated since 1.27 - call LoginHelper::getValidErrorMessages instead.
*/
public static function getValidErrorMessages()
{
return LoginHelper::getValidErrorMessages();
}
require 'Facebook/Facebook.php';
require 'config/app.php';
require 'config/login.php';
$facebook = new Facebook(APP_ID, APP_SECRET, REDIRECT_URI);
if ($facebook->IsAuthenticated()) {
/* Verify that all of the required scopes have been granted */
if (!$facebook->verifyScopes(unserialize(SCOPES))) {
//var_dump($facebook); exit;
header("Location: " . $facebook->getLoginURL($facebook->denied_scopes, REREQUEST));
exit;
}
// All scopes have been granted
// Login/Registration can be proceeded
$fb_user = $facebook->getUserProfile();
// Check if the facebook user is already registered
$loginHelper = new LoginHelper($db);
$user_id = $loginHelper->IsRegistered(OAUTH_FACEBOOK, $fb_user['id']);
if ($user_id) {
// Facebook user is already registered - Login the user
$redirect_uri = $loginHelper->Login($user_id, OAUTH_FACEBOOK, $fb_user['id']);
header("Location: {$redirect_uri}");
exit;
} else {
// User is not registered - Register the user
// Check if the email is already registered
if (isset($fb_user['email'])) {
$registeredUser = $loginHelper->IsEmailRegistered($fb_user['email']);
if ($registeredUser) {
// Email is already registered
$redirect_uri = $loginHelper->Login($registeredUser['id'], $registeredUser['oauth_type'], $registeredUser['oauth_id']);
header("Location: {$redirect_uri}");
<?php
require 'config/consts.php';
$page = NON_NAV;
session_start();
require_once DOCUMENT_ROOT . 'classes/LoginHelper.php';
require_once DOCUMENT_ROOT . 'config/db.php';
$loginHelper = new LoginHelper($db);
if ($loginHelper->IsLoggedIn()) {
header('Location: ' . SITE_URL);
exit;
}
/* Prevent form spoofing */
$spoof_proof = sha1(time() . chr(mt_rand(97, 122)));
$_SESSION['spoof_proof'] = $spoof_proof;
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<link rel="shortcut icon" href="<?php
echo SSTATIC;
?>
favicon.png" type="image/png">
<link rel="icon" href="<?php
echo SSTATIC;
?>
favicon.png" type="image/png">
$db->where('id', $_SESSION['temp_user_id']);
$db->delete('users_temp');
unset($_SESSION['registration_pending']);
unset($_SESSION['temp_user_id']);
unset($_SESSION['spoof_proof']);
/* If email has been manually provided, it needs to be verified. */
if (isset($email)) {
$registrar->sendVerificationEmail($id, $user['email']);
// Show verification page link
$result = array('success' => true, 'verify' => true);
header('Content-Type: application/json');
echo json_encode($result);
exit;
}
// Now that the registration is complete, login the user
$loginHelper = new LoginHelper();
$redirect_uri = $loginHelper->Login($id, $user['oauth_type'], $user['oauth_id']);
// Return the success information
$result = array('success' => true, 'redirect_uri' => $redirect_uri);
header('Content-Type: application/json');
echo json_encode($result);
exit;
} else {
$result = array('success' => false, 'error' => 'Unexpected error!');
header('Content-Type: application/json');
echo json_encode($result);
exit;
}
} else {
$result = array('success' => false, 'error' => implode("<br/>", $error));
header('Content-Type: application/json');
