/**
* Starts handling the application
* Uses HttpRequest::InternalPath as input
*/
public function Start()
{
$Request = HttpRequest::InternalPath();
if (substr($Request, 0, strlen(self::$StaticPrefix) + 1) == self::$StaticPrefix . "/") {
return $this->StaticContent(substr($Request, strlen(self::$StaticPrefix) + 1));
} else {
$file = $this->MatchRoutes($Request);
return $this->StartController($file);
}
}
function Handle($Request)
{
header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0");
header("Pragma: no-cache");
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
return require_once __DIR__ . "/../../view/default/user/index.php";
} else {
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
header("Location: {$newLocation}");
}
}
function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
if (isset($_POST['submit'])) {
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
if (isset($_POST['_x_oldpass']) && $_POST['_x_oldpass'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
try {
$userObj = phpsec\UserManagement::logIn($userID, $_POST['_x_oldpass']);
$userObj->resetPassword($_POST['_x_oldpass'], $_POST['pass']);
$this->info .= "Your password have been changed successfully." . "<BR>";
} catch (phpsec\WrongPasswordException $e) {
if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
try {
new phpsec\AdvancedPasswordManagement($userID, $_POST['pass'], TRUE);
} catch (phpsec\BruteForceAttackDetectedException $ex) {
\phpsec\User::lockAccount($userID);
$this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
}
}
$this->error .= "Your old password does not seems correct. Please enter your old password for verification." . "<BR>";
}
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
}
}
} else {
$this->error .= "You are not logged-in. Please login to complete the operation." . "<BR>";
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
header("Location: {$newLocation}");
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/passwordreset.php";
}
function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
if (isset($_POST['submit'])) {
if (isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
if ($userID !== FALSE) {
$userObj = phpsec\UserManagement::forceLogIn($userID);
if ($userObj->forceResetPassword($_POST['pass'])) {
$this->info .= "Your Password has been changed successfully." . "<BR>";
} else {
$this->error .= "We encountered an error. Please re-try later!" . "<BR>";
}
} else {
$userSession->destroySession();
$this->error .= "Your session seems to be invalid. Cannot proceed!!" . "<BR>";
}
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
}
}
} else {
$this->error .= "Seems you should not be accessing this page!" . "<BR>";
$newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login";
header("Location: {$newLocation}");
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/newpassword.php";
}
function Handle($Request)
{
try {
if (isset($_POST['submit'])) {
if (isset($_POST['user']) && isset($_POST['email']) && isset($_POST['pass']) && isset($_POST['repass'])) {
$config = (require_once __DIR__ . "/../../config/config.php");
if (phpsec\UserManagement::userExists($_POST['user'])) {
$this->error .= "ERROR: This username is not available. Please select a different one." . "<BR>";
if ($config['USERNAME_SUGGESTION'] === "ON") {
do {
$suggestedUsername = \phpsec\BasicPasswordManagement::generate(0.1);
} while (phpsec\UserManagement::userExists($suggestedUsername));
$this->info .= "This username is available: " . $suggestedUsername . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
if (!preg_match('/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,63})$/', $_POST['email'])) {
$this->error .= "Invalid email address." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
if ($_POST['pass'] !== $_POST['repass']) {
$this->error .= "ERROR: Password fields do not match!" . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) {
$this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>";
if ($config['PASSWORD_SUGGESTION'] === "ON") {
$this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
phpsec\UserManagement::createUser($_POST['user'], $_POST['pass'], $_POST['email']);
$nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $_POST['email'];
header("Location: {$nextLocation}");
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
return require_once __DIR__ . "/../../view/default/user/signup.php";
}
function Handle($Request)
{
try {
if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['verification']) && $_GET['verification'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) {
if (phpsec\AdvancedPasswordManagement::tempPassword($_GET['user'], $_GET['verification'])) {
if ($_GET['mode'] === 'temppass') {
$userSession = new phpsec\Session();
$userSessionID = $userSession->newSession($_GET['user']);
$nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/requestnewpassword";
header("Location: {$nextLocation}");
} else {
if ($_GET['mode'] === 'activation') {
\phpsec\User::activateAccount($_GET['user']);
$this->info .= "Your account <b>" . $_GET['user'] . "</b> is now activated." . "<BR>";
require_once __DIR__ . "/../../view/default/user/temppass.php";
}
}
} else {
$this->error .= "ERROR: This validation token does not match our records!!!" . "<BR>";
return require_once __DIR__ . "/../../view/default/user/temppass.php";
}
} else {
if (isset($_GET['user']) && $_GET['user'] != "" && isset($_GET['email']) && $_GET['email'] != "" && ($_GET['mode'] === 'temppass' || $_GET['mode'] === 'activation')) {
$tempPass = phpsec\AdvancedPasswordManagement::tempPassword($_GET['user']);
$message = "Please open the following link in order to complete the process:\n";
$message .= \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=" . $_GET['mode'] . "&verification=" . $tempPass . "\n\n\n";
$message .= "Sometimes the email ends up in the Spam folder. So also please check your spam folder in case you didn't receive the email.\n\n";
$message .= "If you did nothing to get this email, just ignore it.\n";
$message = wordwrap($message, 70, "\r\n");
$send = \mail($_GET['email'], "Authentication Email", $message, "FROM: " . "*****@*****.**");
if (!$send) {
$this->error .= "ERROR: Mail was not send!" . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/temppass.php";
} else {
return require_once __DIR__ . "/../../view/default/404.php";
}
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
return require_once __DIR__ . "/../../view/default/user/temppass.php";
}
}
function Handle($Request)
{
try {
if (isset($_POST['submit'])) {
if (isset($_POST['email']) && $_POST['email'] != "") {
$userID = phpsec\User::getUserIDFromEmail($_POST['email']);
if ($userID !== FALSE) {
$nextLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=temppass" . "&email=" . $_POST['email'];
header("Location: {$nextLocation}");
} else {
$this->error .= "This email ID is not registered in our DB. Please enter the email you provided at the time of sign-up. Alternatively it might happen that multiple accounts are associated with this Email ID. For the time being only 1 email account is supported per userID." . "<BR>";
}
} else {
$this->error .= "ERROR: Empty fields are not allowed." . "<BR>";
}
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/forgotpassword.php";
}
function Handle($Request)
{
try {
$userSession = new phpsec\Session();
$sessionID = $userSession->existingSession();
if ($sessionID != FALSE) {
$userID = \phpsec\Session::getUserIDFromSessionID($sessionID);
$userObj = phpsec\UserManagement::forceLogIn($userID);
phpsec\UserManagement::logOut($userObj);
} else {
phpsec\User::deleteAuthenticationToken();
}
$this->info .= "You are now logged out." . "<BR>";
$nextURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home";
header("Location: {$nextURL}");
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
$lastURL = $_SERVER['HTTP_REFERER'];
header("Location: {$lastURL}");
}
}
function Handle($Request)
{
try {
$config = (require_once __DIR__ . "/../../config/config.php");
$userID = \phpsec\User::checkRememberMe();
if (!$userID) {
if (isset($_POST['submit'])) {
if (isset($_POST['user']) && $_POST['user'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") {
try {
$userID = $_POST['user'];
$userObj = phpsec\UserManagement::logIn($_POST['user'], $_POST['pass']);
} catch (phpsec\WrongPasswordException $e) {
if ($config['BRUTE_FORCE_DETECTION'] === "ON") {
try {
new phpsec\AdvancedPasswordManagement($_POST['user'], $_POST['pass'], TRUE);
} catch (phpsec\BruteForceAttackDetectedException $ex) {
\phpsec\User::lockAccount($_POST['user']);
$this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>";
}
}
$this->error .= "Incorrect Username/Password combination!" . "<BR>";
return require_once __DIR__ . "/../../view/default/user/login.php";
} catch (phpsec\UserAccountInactive $e) {
$userEmail = phpsec\User::getPrimaryEmail($_POST['user']);
$activationLink = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $userEmail;
$this->error .= "ERROR: The account is inactive. Please activate your account by clicking <a href=\"{$activationLink}\">here</a>." . "<BR>";
return require_once __DIR__ . "/../../view/default/user/login.php";
}
if (isset($_POST['remember-me']) && $_POST['remember-me'] == "on") {
if (phpsec\HttpRequest::isHTTPS()) {
phpsec\User::enableRememberMe($_POST['user']);
} else {
phpsec\User::enableRememberMe($_POST['user'], FALSE, TRUE);
}
}
} else {
$this->error .= "Empty fields are not allowed. Please fill the required areas." . "<BR>";
}
} else {
return require_once __DIR__ . "/../../view/default/user/login.php";
}
}
$userSession = new phpsec\Session();
try {
$sessionID = $userSession->existingSession();
if ($sessionID) {
$userSessionID = $userSession->rollSession();
} else {
$userSessionID = $userSession->newSession($userID);
}
$userObj = phpsec\UserManagement::forceLogIn($userID);
if ($userObj->isPasswordExpired()) {
$this->info .= "Its been too long since you have changed your password. For security reasons, please change your password." . "<BR>";
}
$url_to_redirect = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/user/index";
header("HTTP/1.1 302 Found");
header('Location: ' . $url_to_redirect);
} catch (\phpsec\SessionExpired $e) {
$this->error .= $e->getMessage() . "<BR>";
phpsec\User::deleteAuthenticationToken();
}
} catch (Exception $e) {
$this->error .= $e->getMessage() . "<BR>";
}
return require_once __DIR__ . "/../../view/default/user/login.php";
}
<td><input type="text" name="user" id="user" maxlength="32"></td>
</tr>
<tr name="pass-field" id="pass-field">
<td><label>Password:</label></td>
<td><input type="password" name="pass" id="pass" maxlength="32"></td>
</tr>
<tr name="remember-me-field" id="remember-me-field">
<td><label>Remember Me:</label></td>
<td><input type="checkbox" name="remember-me" id="remember-me"></td>
</tr>
<tr name="checkout-field" id="checkout-field">
<td><input type="submit" name="submit" id="submit" value="Submit"></td>
<td><input type="reset" name="reset" id="reset" value="Reset"></td>
</tr>
</table>
</form>
</div>
<BR><a <?php
$forgotpasswordURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/forgotpassword";
echo "href='{$forgotpasswordURL}'";
?>
>Forgot Password</a> Click Here to recover your access to account in case you have forgot your password.
<script type="text/javascript" <?php
echo 'src="' . "http://localhost/rnj/framework/file/js/check.js" . '"';
?>
></script>
</body>
</html>
<html>
<head>
<title>RNJ - Temporary Password</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" <?php
echo 'href="' . "http://localhost/rnj/framework/file/css/style.css" . '"';
?>
/>
</head>
<body>
<?php
include __DIR__ . "/../../default/include.php";
?>
<div name="temp_pass-div" id="temp_pass-div">
<p><h2>An e-mail has been sent to the email address you provided. Click on the link inside the email to complete this process.</h2></p>
<p>If you have not received your email, please <a <?php
$link = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=" . $_GET['mode'] . "&email=" . $_GET['email'];
echo "href='{$link}'";
?>
>click this link</a> to resend the mail.</p>
</div>
</body>
</html>
* the front controller, it tries to set those properly even in CLI mode using
* some tricks.
*/
if (\phpsec\HttpRequest::isCLI()) {
//the request should be provided in CLI as:
#php front.php "folder/file?a=b&cd="
if ($argc == 1) {
\phpsec\HttpRequest::SetBaseURL("http://localhost/");
} else {
\phpsec\HttpRequest::SetBaseURL("http://localhost/" . $argv[1]);
if (strpos($argv[1], "?") !== false) {
$QueryString = substr($argv[1], strpos($argv[1], "?") + 1);
$Params = explode("&", $QueryString);
foreach ($Params as $p) {
if (strpos($p, "=") === false) {
$_GET[urldecode($p)] = "";
continue;
}
list($k, $v) = explode("=", $p);
$_GET[urldecode($k)] = urldecode($v);
}
}
}
} else {
$InternalRequest = $_GET['___r'];
unset($_GET['___r']);
unset($_REQUEST['___r']);
$URL = \phpsec\HttpRequest::URL(false);
\phpsec\HttpRequest::SetBaseURL(substr($URL, 0, strlen($URL) - strlen($InternalRequest)));
}
require_once __DIR__ . "/../config/routes.php";
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" <?php
echo 'href="' . "http://localhost/rnj/framework/file/css/style.css" . '"';
?>
/>
</head>
<body>
<?php
include __DIR__ . "/../include.php";
?>
Hello, <?php
echo $userID;
?>
.<BR>
This is the index page of the application. Once the user is logged in, this page is shown
Click <a <?php
$logoutURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/logout";
echo "href='{$logoutURL}'";
?>
>here</a> to logout.
<BR><BR><BR>
Click <a <?php
$passresetURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/passwordreset";
echo "href='{$passresetURL}'";
?>
>here</a> to reset your password.
</body>
</html>
