function validateUser($username, $password, $db)
{
$query = $db->query("SELECT * FROM users WHERE `username`='{$username}'");
if ($query->num_rows != 1) {
echo 'invalid';
} else {
$array = $query->fetch_assoc();
if ($password == $array['password']) {
$auth = $array['authorization'];
logUserIn($username, $auth);
echo "valid";
//header("Location: /employee/");
} else {
echo 'notFound';
}
}
}
function registerUser($name, $password)
{
if (isStringEmpty($name) || isStringEmpty($password)) {
return 3;
}
$name = secureString($name);
$salt = uniqid();
$passwordHash = hashPassword(secureString($password), $salt);
$query = 'SELECT id FROM ' . DB_PREFIX . DB_USERS . ' WHERE LOWER(name)=\'' . strtolower($name) . '\';';
$nameOccupied = queryMySQLData($query)->fetch_array();
if (!$nameOccupied) {
$query = 'INSERT INTO ' . DB_PREFIX . DB_USERS . ' (name, password, salt) VALUES (\'' . $name . '\', \'' . $passwordHash . '\', \'' . $salt . '\');';
$result = queryMySQLData($query);
if ($result) {
logUserIn($name, $password);
return 1;
}
return 0;
} else {
return 2;
}
}
}
$code = $_GET['code'];
$loginResult = twitchGetAccessToken($code);
if (!$loginResult) {
die("Twitch is down, or authentication failed for some other reason.");
}
$twitchAccessToken = $loginResult->access_token;
$userData = twitchGetUser($twitchAccessToken);
if (!$userData) {
die("Twitch is down, or user retrieval failed for some other reason.");
}
$uid = dbSetUser($userData->name, true, $twitchAccessToken);
if ($uid === false) {
throw500("Database error, contact site administrator");
}
logUserIn($userData->name, $uid);
header('Location: ' . getUrlToChannel($_SESSION['channel']));
$_SESSION['showLoggedIn'] = true;
die('logged in');
/*
printHead("Logged in");
printNav();
?>
<div class="container">
<div class="row">
<div class="col-md-12">
<h2>Welcome <?php echo $_SESSION['channel']; ?>!</h2>
<p class="lead">This is still super buggy and new and doesn't do much yet. I'm working on it!!</p>
</div>
</div>
</div>
$param['mensaje'] = "El usuario no existe en el sistema.";
$param['retry'] = true;
break;
case USER_UNKNOWN_ERROR:
$param['mensaje'] = "";
$param['retry'] = false;
$param['debug'] = true;
break;
case USER_OPERATION_NOT_ALLOWED:
$param['mensaje'] = "El usuario anonimo no requiere entrar al sistema.";
break;
}
render($param);
die;
}
logUserIn($uname);
header("Location: index.php");
die;
break;
case "logout":
logUserOut();
header("Location: index.php");
die;
break;
case "registro":
$param["ruta"] = "{$actor}/registro";
render($param);
die;
break;
case "validaregistro":
$param["ruta"] = "{$actor}/validaregistro";
function verifyKMLI()
{
global $db;
$cookie = isset($_COOKIE['rememberme']) ? $_COOKIE['rememberme'] : '';
if ($cookie) {
list($user, $token, $mac) = explode(':', $cookie);
$usertoken = $db->getKMLIToken($user);
if (timingSafeCompare($usertoken, $token)) {
$hashedPassword = $db->getPasswordByEmail($user);
logUserIn($user, $hashedPassword);
if (isset($_POST["hash"]) && $_POST["hash"] != "") {
header("Location: ./#" . $_POST["hash"]);
} else {
header("Location: ./");
}
return TRUE;
}
}
return FALSE;
}
<div class="login-form">
<?php
if (isset($_GET['action']) && $_GET['action'] == "login") {
if ($_POST['username'] != "" && $_POST['password'] != "") {
$username = $_POST['username'];
$password = $_POST['password'];
if (userExists($username)) {
if (!userIsDisabled($username)) {
$email_status = getUserInfo($_POST['username'], 'email-status');
if ($email_status == 'verified') {
if (checkUserPassword($username, $password)) {
echo '<p>Username and password correct!</p>';
logUserIn($username, $password);
header('Location: ./');
} else {
echo '<p>Incorrect username or password.</p>';
}
} else {
echo '<p>Please verify your account to login.<br/>Check your email.</p>';
}
} else {
echo '<p>Your account has been disabled.</p>';
}
} else {
echo '<p>Incorrect username or password.</p>';
}
} else {
echo '<p>Please enter your username & password.</p>';
}
?>
<a href="./?page=login">Go Back</a> <?php
