<h1>Moje rozwiązania</h1> <?php $database = connectDatabase(); if (!$database) { include('php/database_fail.php'); } else if (!isset($_SESSION['userId'])) { loginForm($category, $authStatus); } else { $limitSize = 100; $result = $database->query("SELECT COUNT(id) AS 'pages' FROM solutions;"); $row = $result->fetch_assoc(); $page_count = intval($row['pages'] / $limitSize); if ($row['pages'] % $limitSize) { $page_count = $page_count + 1; } if (!empty($_GET["page"]) && is_numeric($_GET["page"]) && $_GET["page"] > 0 && $_GET["page"] <= $page_count) { $page = ' LIMIT '.$limitSize.' OFFSET '.(($_GET["page"]-1)*$limitSize); $actual_page = $_GET["page"]; } else { $page = ' LIMIT '.$limitSize.' OFFSET 0'; $actual_page = 1; } $result = $database->query("SELECT solutions.id, solutions.task_id, solutions.make_date, solutions.lang_id, solutions.points, solutions.error, solutions.error_str, taskList.title AS 'task_title', languages.language_name AS 'lang_name', languages.compiler_system_name AS 'compiler' FROM solutions LEFT JOIN taskList ON solutions.task_id = taskList.id
$authuser = $user::authenticate($username, $password); if ($authuser) { $session->LogIn($authuser); redirectTo("../admin/"); //echo "you are now logged in"; } else { $msg = "Username and Password combination is not correct"; } } else { $email = ""; $password = ""; } //login form $form = new Form("login", filter_var($_SERVER['PHP_SELF']), "post", "enctype=\"application/x-www-form-urlencoded\"\n"); $form->startForm(); $form->setFormField("", $form->addFormInfo("<p style=\"text-align:center;\">Enter your username and password to access admin dashboard<br>\n<img src=\"../" . TEMPLATE_DIR . SITE_TEMPLATE . "/_images/login_icon.png\" /></p>")); if (isset($msg) && strlen($msg) > 0) { $form->setFormField("", $form->addFormInfo("<p class=\"error\">{$msg}</p>")); } //Username $form->setFormField($form->inputLabel("username", "Username"), $form->inputField("text", "username", "", 'autocomplete="on"')); $form->setFormField($form->inputLabel("username", "Password"), $form->inputField("password", "password", "")); $form->setFormField("", $form->inputField("submit", "login", "Login") . " or " . GenerateUrl::buildLink("../auth", "register.php", "Register")); return $form->DisplayFields($GLOBALS["form_labling"]); $form->endForm(); } //Desplaying output to page $template->setPage("Title", "Admin::Login"); $template->setPage("Content", loginForm()); $template->setPage("Footer", ADMIN_FOOTER); include_once "../" . TEMPLATE_DIR . SITE_TEMPLATE . ADMIN_LAYOUT;
</form> </div> '; } if (isset($_POST['enter'])) { if ($_POST['name'] != "") { $_SESSION['name'] = stripslashes(htmlspecialchars($_POST['name'])); } else { echo '<span class="error">Please type in a name</span>'; } } ?> <?php if (!isset($_SESSION['name'])) { loginForm(); } else { ?> <div id="wrapper"> <div id="menu"> <p class="welcome">Welcome, <b><?php echo $_SESSION['name']; ?> </b></p> <p class="logout"><a id="exit" href="#">Exit Chat</a></p> <div style="clear:both"></div> </div> <div id="chatbox"></div> <form name="message" action=""> <input name="usermsg" type="text" id="usermsg" size="63" />
_syslog(LOG_WARNING, 'Unauthorized login attempt!'); } loginForm($config['error']['invalid'], $_POST['username'], '?' . $query); } modLog("Logged in."); // Login successful // Set cookies setCookies(); // Redirect if (isset($_POST['redirect'])) { header('Location: ' . $_POST['redirect'], true, $config['redirect_http']); } else { header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']); } } else { loginForm(false, false, '?' . $query); } } else { // Redirect (for index pages) if (count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r'])) { header('Location: ' . $_GET['r'], true, $_GET['status']); exit; } // A sort of "cache" // Stops calling preg_quote and str_replace when not needed; only does it once $regex = array('board' => str_replace('%s', '(\\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '/')), 'img' => preg_quote($config['dir']['img'], '/'), 'thumb' => preg_quote($config['dir']['thumb'], '/'), 'res' => preg_quote($config['dir']['res'], '/'), 'index' => preg_quote($config['file_index'], '/')); if (preg_match('/^\\/?$/', $query)) { // Dashboard $fieldset = array('Boards' => '', 'Noticeboard' => '', 'Administration' => '', 'Themes' => '', 'Search' => '', 'Update' => '', 'Logout' => ''); // Boards $fieldset['Boards'] .= ulBoards();
} ///Gets the content according to the user's permissions $CONTENT = getContent($pageId, $action, $userId, $permission); ///Gets the inherited code (if any) from the parent page $INHERITEDINFO = inheritedinfo($pageIdArray); ///Gets the breadcrumb $BREADCRUMB = breadcrumbs($pageIdArray, " » "); //Gets the searchbar $SEARCHBAR = getSearchbar($userId, $pageId); //Gets the page-speciit keywords $PAGEKEYWORDS = getPagetags($pageId); ///Gets the menubar consisting of the child pages from the current location upto a certain depth $MENUBAR = getMenu($userId, $pageIdArray); ///The Login form to be displayed from login.lib.php if ($userId == 0) { $LOGINFORM = loginForm(); } else { $userNameFromId = getUserName($userId); $LOGINFORM = "Welcome {$userNameFromId}."; } ///Gets the list of allowed actions for the current page $ACTIONBARPAGE = getActionbarPage($userId, $pageId); ///Gets the list of allowed actions for the current module on the page $ACTIONBARMODULE = getActionbarModule($userId, $pageId); ///Initializes the widgets in the page populateWidgetVariables($pageId); ///If its disabled, then all the links in the generated page are converted into non-pretty URLs using regex if ($rewriteEngineEnabled == 'false') { $TITLE = convertUri($TITLE); $MENUBAR = convertUri($MENUBAR); $CONTENT = convertUri($CONTENT);
/** Undocumented Function. * Basically performs the whole login routine * @todo Document it */ function login() { $allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'"; $allow_login_result = mysql_query($allow_login_query); $allow_login_result = mysql_fetch_array($allow_login_result); if (isset($_GET['subaction'])) { if ($_GET['subaction'] == "resetPasswd") { return resetPasswd($allow_login_result[0]); } if ($allow_login_result[0]) { if ($_GET['subaction'] == "register") { require_once "registration.lib.php"; return register(); } } global $openid_enabled; if ($openid_enabled == 'true' && $allow_login_result[0]) { if ($_GET['subaction'] == "openid_login") { if (isset($_POST['process'])) { $openid_url = trim($_POST['openid_identifier']); openid_endpoint($openid_url); } } if ($_GET['subaction'] == "openid_verify") { if ($_GET['openid_mode'] != "cancel") { $openid_url = $_GET['openid_identity']; // Get the user's OpenID Identity as returned to us from the OpenID Provider $openid = new Dope_OpenID($openid_url); //Create a new Dope_OpenID object. $validate_result = $openid->validateWithServer(); //validate to see if everything was recieved properly if ($validate_result === TRUE) { $userinfo = $openid->filterUserInfo($_GET); return openid_login($userinfo); } else { if ($openid->isError() === TRUE) { // Else if you're here, there was some sort of error during processing. $the_error = $openid->getError(); $error = "Error Code: {$the_error['code']}<br />"; $error .= "Error Description: {$the_error['description']}<br />"; } else { //Else validation with the server failed for some reason. $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}"; } } } else { displayerror("User cancelled the OpenID authorization"); } } if ($_GET['subaction'] == "openid_pass") { if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) { displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first."); return; } else { $openid_url = $_SESSION['openid_url']; $openid_email = $_SESSION['openid_email']; unset($_SESSION['openid_url']); unset($_SESSION['openid_email']); if (!isset($_POST['user_password'])) { displayerror("Empty Passwords not allowed"); return; } $user_passwd = $_POST['user_password']; $info = getUserInfo($openid_email); if (!$info) { displayerror("No user with Email {$openid_email}"); } else { $check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd); if ($check) { //Password was correct. Link the account $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")"; $result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account"); if ($result) { displayinfo("Account successfully Linked. Log In one more time to continue."); } } else { displayerror("The password you specified was incorrect"); } } } } if ($_GET['subaction'] == "quick_openid_reg") { if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) { displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first."); return; } else { $openid_url = $_SESSION['openid_url']; $openid_email = $_SESSION['openid_email']; unset($_SESSION['openid_url']); unset($_SESSION['openid_email']); if (!isset($_POST['user_name']) || $_POST['user_name'] == "") { displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again."); return; } $openid_fname = escape($_POST['user_name']); //Now let's start making the dummy user $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');"; $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account"); if ($result) { $id = mysql_insert_id(); $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")"; $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account"); if ($result) { displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in."); } } return ""; } } } } if (!isset($_POST['user_email'])) { return loginForm($allow_login_result[0]); } else { /*if it is, then userLDAPVerify($user_email,$user_passwd); if the password is correct, update his password in DB else $dontloginLDAP = true; } else { if(userLDAPVerify($user_email,$user_passwd)) { create his row in DB with loginmethod = ldap and user_activated = 1 (for this, use the createUser funciton in common.lib.php) } }*/ global $cookieSupported; $login_status = false; if ($cookieSupported == true) { if ($_POST['user_email'] == "" || $_POST['user_password'] == "") { displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />"); return loginForm($allow_login_result[0]); } else { $user_email = escape($_POST['user_email']); $user_passwd = escape($_POST['user_password']); $login_method = ''; if (!check_email($user_email)) { displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator"); return loginForm($allow_login_result[0]); } if ($temp = getUserInfo($user_email)) { // check if exists in DB $login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd); // This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old. if ($login_status) { updateUserPassword($user_email, $user_passwd); } //update passwd in db } else { //if user is not in db global $authmethods; if (strpos($user_email, '@') > -1) { $tmp = explode('@', $user_email); $user_name = $tmp[0]; $user_domain = strtolower($tmp[1]); } else { $user_name = $user_email; } if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) { if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) { $login_method = 'imap'; } } elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) { if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) { $login_method = 'ads'; } } elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) { if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) { $login_method = 'ldap'; } } if ($login_status) { //create new user in db and activate the user (only if user's login is valid) $user_fullname = strtoupper($user_name); $user_md5passwd = md5($user_passwd); $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')"; mysql_query($query) or die(mysql_error() . " creating new user !"); } else { displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user")); } } if ($login_status) { $temp = getUserInfo($user_email); if (!$temp['user_activated']) { displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />"); // if user exists in db and admin has set user_activated = false delibrately // then it means that the user has been denied access !!! } else { $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'"; mysql_query($query) or die(mysql_error() . " in login.lib.L:111"); $_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin']; setAuth($temp['user_id']); //exit(); //displayinfo("Welcome " . $temp['user_name'] . "!"); return $temp['user_id']; } } else { displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />"); return loginForm($allow_login_result[0]); } } return 0; } else { showCookieWarning(); return 0; } } }
function content($in) { if (!$in) { loginForm(); } }
return "<form class=\"login\" method=\"post\"> \n\t\t\t\t\t\tUsername: <input type=\"text\" name=\"username\">\n\t\t\t\t\t\tPassword: <input type=\"password\" name=\"password\">\n\t\t\t\t\t\t<input type=\"submit\" value=\"Login\" name=\"login\">\n\t\t\t\t\t</form>"; } ?> <div> <p id="loginp"> <?php if (isset($_POST['login'])) { $result = login($_POST["username"], $_POST["password"]); if ($result == "Invalid Login") { echo "<span style=\"color:#990000;float:right;\">Invalid Login</span>" . "<br>" . loginForm(); } else { echo $result; } } else { echo loginForm(); } ?> </p> </div> <div class="header"> <img src="Header2.png" alt="Battle Bros" id="BBtitle"></img> </div> <div class="createaccount"> <a href="createAccount.php"> <img src="NewAccount.png" alt="Create Account" id="BBcreate"></img> </a> </div>