function validateUser($username, $password, $db) { $query = $db->query("SELECT * FROM users WHERE `username`='{$username}'"); if ($query->num_rows != 1) { echo 'invalid'; } else { $array = $query->fetch_assoc(); if ($password == $array['password']) { $auth = $array['authorization']; logUserIn($username, $auth); echo "valid"; //header("Location: /employee/"); } else { echo 'notFound'; } } }
function registerUser($name, $password) { if (isStringEmpty($name) || isStringEmpty($password)) { return 3; } $name = secureString($name); $salt = uniqid(); $passwordHash = hashPassword(secureString($password), $salt); $query = 'SELECT id FROM ' . DB_PREFIX . DB_USERS . ' WHERE LOWER(name)=\'' . strtolower($name) . '\';'; $nameOccupied = queryMySQLData($query)->fetch_array(); if (!$nameOccupied) { $query = 'INSERT INTO ' . DB_PREFIX . DB_USERS . ' (name, password, salt) VALUES (\'' . $name . '\', \'' . $passwordHash . '\', \'' . $salt . '\');'; $result = queryMySQLData($query); if ($result) { logUserIn($name, $password); return 1; } return 0; } else { return 2; } }
} $code = $_GET['code']; $loginResult = twitchGetAccessToken($code); if (!$loginResult) { die("Twitch is down, or authentication failed for some other reason."); } $twitchAccessToken = $loginResult->access_token; $userData = twitchGetUser($twitchAccessToken); if (!$userData) { die("Twitch is down, or user retrieval failed for some other reason."); } $uid = dbSetUser($userData->name, true, $twitchAccessToken); if ($uid === false) { throw500("Database error, contact site administrator"); } logUserIn($userData->name, $uid); header('Location: ' . getUrlToChannel($_SESSION['channel'])); $_SESSION['showLoggedIn'] = true; die('logged in'); /* printHead("Logged in"); printNav(); ?> <div class="container"> <div class="row"> <div class="col-md-12"> <h2>Welcome <?php echo $_SESSION['channel']; ?>!</h2> <p class="lead">This is still super buggy and new and doesn't do much yet. I'm working on it!!</p> </div> </div> </div>
$param['mensaje'] = "El usuario no existe en el sistema."; $param['retry'] = true; break; case USER_UNKNOWN_ERROR: $param['mensaje'] = ""; $param['retry'] = false; $param['debug'] = true; break; case USER_OPERATION_NOT_ALLOWED: $param['mensaje'] = "El usuario anonimo no requiere entrar al sistema."; break; } render($param); die; } logUserIn($uname); header("Location: index.php"); die; break; case "logout": logUserOut(); header("Location: index.php"); die; break; case "registro": $param["ruta"] = "{$actor}/registro"; render($param); die; break; case "validaregistro": $param["ruta"] = "{$actor}/validaregistro";
function verifyKMLI() { global $db; $cookie = isset($_COOKIE['rememberme']) ? $_COOKIE['rememberme'] : ''; if ($cookie) { list($user, $token, $mac) = explode(':', $cookie); $usertoken = $db->getKMLIToken($user); if (timingSafeCompare($usertoken, $token)) { $hashedPassword = $db->getPasswordByEmail($user); logUserIn($user, $hashedPassword); if (isset($_POST["hash"]) && $_POST["hash"] != "") { header("Location: ./#" . $_POST["hash"]); } else { header("Location: ./"); } return TRUE; } } return FALSE; }
<div class="login-form"> <?php if (isset($_GET['action']) && $_GET['action'] == "login") { if ($_POST['username'] != "" && $_POST['password'] != "") { $username = $_POST['username']; $password = $_POST['password']; if (userExists($username)) { if (!userIsDisabled($username)) { $email_status = getUserInfo($_POST['username'], 'email-status'); if ($email_status == 'verified') { if (checkUserPassword($username, $password)) { echo '<p>Username and password correct!</p>'; logUserIn($username, $password); header('Location: ./'); } else { echo '<p>Incorrect username or password.</p>'; } } else { echo '<p>Please verify your account to login.<br/>Check your email.</p>'; } } else { echo '<p>Your account has been disabled.</p>'; } } else { echo '<p>Incorrect username or password.</p>'; } } else { echo '<p>Please enter your username & password.</p>'; } ?> <a href="./?page=login">Go Back</a> <?php