<h1>Moje rozwiązania</h1>
<?php
$database = connectDatabase();
if (!$database)
{ include('php/database_fail.php'); }
else if (!isset($_SESSION['userId']))
{ loginForm($category, $authStatus); }
else
{
$limitSize = 100;
$result = $database->query("SELECT COUNT(id) AS 'pages' FROM solutions;");
$row = $result->fetch_assoc();
$page_count = intval($row['pages'] / $limitSize);
if ($row['pages'] % $limitSize)
{ $page_count = $page_count + 1; }
if (!empty($_GET["page"]) && is_numeric($_GET["page"]) && $_GET["page"] > 0 && $_GET["page"] <= $page_count)
{
$page = ' LIMIT '.$limitSize.' OFFSET '.(($_GET["page"]-1)*$limitSize);
$actual_page = $_GET["page"];
}
else
{
$page = ' LIMIT '.$limitSize.' OFFSET 0';
$actual_page = 1;
}
$result = $database->query("SELECT solutions.id, solutions.task_id, solutions.make_date, solutions.lang_id,
solutions.points, solutions.error, solutions.error_str, taskList.title AS 'task_title',
languages.language_name AS 'lang_name', languages.compiler_system_name AS 'compiler'
FROM solutions LEFT JOIN taskList ON solutions.task_id = taskList.id
$authuser = $user::authenticate($username, $password);
if ($authuser) {
$session->LogIn($authuser);
redirectTo("../admin/");
//echo "you are now logged in";
} else {
$msg = "Username and Password combination is not correct";
}
} else {
$email = "";
$password = "";
}
//login form
$form = new Form("login", filter_var($_SERVER['PHP_SELF']), "post", "enctype=\"application/x-www-form-urlencoded\"\n");
$form->startForm();
$form->setFormField("", $form->addFormInfo("<p style=\"text-align:center;\">Enter your username and password to access admin dashboard<br>\n<img src=\"../" . TEMPLATE_DIR . SITE_TEMPLATE . "/_images/login_icon.png\" /></p>"));
if (isset($msg) && strlen($msg) > 0) {
$form->setFormField("", $form->addFormInfo("<p class=\"error\">{$msg}</p>"));
}
//Username
$form->setFormField($form->inputLabel("username", "Username"), $form->inputField("text", "username", "", 'autocomplete="on"'));
$form->setFormField($form->inputLabel("username", "Password"), $form->inputField("password", "password", ""));
$form->setFormField("", $form->inputField("submit", "login", "Login") . " or " . GenerateUrl::buildLink("../auth", "register.php", "Register"));
return $form->DisplayFields($GLOBALS["form_labling"]);
$form->endForm();
}
//Desplaying output to page
$template->setPage("Title", "Admin::Login");
$template->setPage("Content", loginForm());
$template->setPage("Footer", ADMIN_FOOTER);
include_once "../" . TEMPLATE_DIR . SITE_TEMPLATE . ADMIN_LAYOUT;
</form>
</div>
';
}
if (isset($_POST['enter'])) {
if ($_POST['name'] != "") {
$_SESSION['name'] = stripslashes(htmlspecialchars($_POST['name']));
} else {
echo '<span class="error">Please type in a name</span>';
}
}
?>
<?php
if (!isset($_SESSION['name'])) {
loginForm();
} else {
?>
<div id="wrapper">
<div id="menu">
<p class="welcome">Welcome, <b><?php
echo $_SESSION['name'];
?>
</b></p>
<p class="logout"><a id="exit" href="#">Exit Chat</a></p>
<div style="clear:both"></div>
</div>
<div id="chatbox"></div>
<form name="message" action="">
<input name="usermsg" type="text" id="usermsg" size="63" />
_syslog(LOG_WARNING, 'Unauthorized login attempt!');
}
loginForm($config['error']['invalid'], $_POST['username'], '?' . $query);
}
modLog("Logged in.");
// Login successful
// Set cookies
setCookies();
// Redirect
if (isset($_POST['redirect'])) {
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
} else {
header('Location: ?' . $config['mod']['default'], true, $config['redirect_http']);
}
} else {
loginForm(false, false, '?' . $query);
}
} else {
// Redirect (for index pages)
if (count($_GET) == 2 && isset($_GET['status']) && isset($_GET['r'])) {
header('Location: ' . $_GET['r'], true, $_GET['status']);
exit;
}
// A sort of "cache"
// Stops calling preg_quote and str_replace when not needed; only does it once
$regex = array('board' => str_replace('%s', '(\\w{1,8})', preg_quote($config['board_path'], '/')), 'page' => str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '/')), 'img' => preg_quote($config['dir']['img'], '/'), 'thumb' => preg_quote($config['dir']['thumb'], '/'), 'res' => preg_quote($config['dir']['res'], '/'), 'index' => preg_quote($config['file_index'], '/'));
if (preg_match('/^\\/?$/', $query)) {
// Dashboard
$fieldset = array('Boards' => '', 'Noticeboard' => '', 'Administration' => '', 'Themes' => '', 'Search' => '', 'Update' => '', 'Logout' => '');
// Boards
$fieldset['Boards'] .= ulBoards();
}
///Gets the content according to the user's permissions
$CONTENT = getContent($pageId, $action, $userId, $permission);
///Gets the inherited code (if any) from the parent page
$INHERITEDINFO = inheritedinfo($pageIdArray);
///Gets the breadcrumb
$BREADCRUMB = breadcrumbs($pageIdArray, " » ");
//Gets the searchbar
$SEARCHBAR = getSearchbar($userId, $pageId);
//Gets the page-speciit keywords
$PAGEKEYWORDS = getPagetags($pageId);
///Gets the menubar consisting of the child pages from the current location upto a certain depth
$MENUBAR = getMenu($userId, $pageIdArray);
///The Login form to be displayed from login.lib.php
if ($userId == 0) {
$LOGINFORM = loginForm();
} else {
$userNameFromId = getUserName($userId);
$LOGINFORM = "Welcome {$userNameFromId}.";
}
///Gets the list of allowed actions for the current page
$ACTIONBARPAGE = getActionbarPage($userId, $pageId);
///Gets the list of allowed actions for the current module on the page
$ACTIONBARMODULE = getActionbarModule($userId, $pageId);
///Initializes the widgets in the page
populateWidgetVariables($pageId);
///If its disabled, then all the links in the generated page are converted into non-pretty URLs using regex
if ($rewriteEngineEnabled == 'false') {
$TITLE = convertUri($TITLE);
$MENUBAR = convertUri($MENUBAR);
$CONTENT = convertUri($CONTENT);
/** Undocumented Function.
* Basically performs the whole login routine
* @todo Document it
*/
function login()
{
$allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
$allow_login_result = mysql_query($allow_login_query);
$allow_login_result = mysql_fetch_array($allow_login_result);
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "resetPasswd") {
return resetPasswd($allow_login_result[0]);
}
if ($allow_login_result[0]) {
if ($_GET['subaction'] == "register") {
require_once "registration.lib.php";
return register();
}
}
global $openid_enabled;
if ($openid_enabled == 'true' && $allow_login_result[0]) {
if ($_GET['subaction'] == "openid_login") {
if (isset($_POST['process'])) {
$openid_url = trim($_POST['openid_identifier']);
openid_endpoint($openid_url);
}
}
if ($_GET['subaction'] == "openid_verify") {
if ($_GET['openid_mode'] != "cancel") {
$openid_url = $_GET['openid_identity'];
// Get the user's OpenID Identity as returned to us from the OpenID Provider
$openid = new Dope_OpenID($openid_url);
//Create a new Dope_OpenID object.
$validate_result = $openid->validateWithServer();
//validate to see if everything was recieved properly
if ($validate_result === TRUE) {
$userinfo = $openid->filterUserInfo($_GET);
return openid_login($userinfo);
} else {
if ($openid->isError() === TRUE) {
// Else if you're here, there was some sort of error during processing.
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
} else {
//Else validation with the server failed for some reason.
$error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
}
}
} else {
displayerror("User cancelled the OpenID authorization");
}
}
if ($_GET['subaction'] == "openid_pass") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_password'])) {
displayerror("Empty Passwords not allowed");
return;
}
$user_passwd = $_POST['user_password'];
$info = getUserInfo($openid_email);
if (!$info) {
displayerror("No user with Email {$openid_email}");
} else {
$check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
if ($check) {
//Password was correct. Link the account
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully Linked. Log In one more time to continue.");
}
} else {
displayerror("The password you specified was incorrect");
}
}
}
}
if ($_GET['subaction'] == "quick_openid_reg") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
return;
}
$openid_fname = escape($_POST['user_name']);
//Now let's start making the dummy user
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
if ($result) {
$id = mysql_insert_id();
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
}
}
return "";
}
}
}
}
if (!isset($_POST['user_email'])) {
return loginForm($allow_login_result[0]);
} else {
/*if it is,
then userLDAPVerify($user_email,$user_passwd);
if the password is correct, update his password in DB
else $dontloginLDAP = true;
}
else {
if(userLDAPVerify($user_email,$user_passwd)) {
create his row in DB with loginmethod = ldap and user_activated = 1
(for this, use the createUser funciton in common.lib.php)
}
}*/
global $cookieSupported;
$login_status = false;
if ($cookieSupported == true) {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
return loginForm($allow_login_result[0]);
} else {
$user_email = escape($_POST['user_email']);
$user_passwd = escape($_POST['user_password']);
$login_method = '';
if (!check_email($user_email)) {
displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
return loginForm($allow_login_result[0]);
}
if ($temp = getUserInfo($user_email)) {
// check if exists in DB
$login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
// This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
if ($login_status) {
updateUserPassword($user_email, $user_passwd);
}
//update passwd in db
} else {
//if user is not in db
global $authmethods;
if (strpos($user_email, '@') > -1) {
$tmp = explode('@', $user_email);
$user_name = $tmp[0];
$user_domain = strtolower($tmp[1]);
} else {
$user_name = $user_email;
}
if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
$login_method = 'imap';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
$login_method = 'ads';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
$login_method = 'ldap';
}
}
if ($login_status) {
//create new user in db and activate the user (only if user's login is valid)
$user_fullname = strtoupper($user_name);
$user_md5passwd = md5($user_passwd);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
mysql_query($query) or die(mysql_error() . " creating new user !");
} else {
displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
}
}
if ($login_status) {
$temp = getUserInfo($user_email);
if (!$temp['user_activated']) {
displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
// if user exists in db and admin has set user_activated = false delibrately
// then it means that the user has been denied access !!!
} else {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
$_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
setAuth($temp['user_id']);
//exit();
//displayinfo("Welcome " . $temp['user_name'] . "!");
return $temp['user_id'];
}
} else {
displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
return loginForm($allow_login_result[0]);
}
}
return 0;
} else {
showCookieWarning();
return 0;
}
}
}
function content($in)
{
if (!$in) {
loginForm();
}
}
return "<form class=\"login\" method=\"post\"> \n\t\t\t\t\t\tUsername: <input type=\"text\" name=\"username\">\n\t\t\t\t\t\tPassword: <input type=\"password\" name=\"password\">\n\t\t\t\t\t\t<input type=\"submit\" value=\"Login\" name=\"login\">\n\t\t\t\t\t</form>";
}
?>
<div>
<p id="loginp">
<?php
if (isset($_POST['login'])) {
$result = login($_POST["username"], $_POST["password"]);
if ($result == "Invalid Login") {
echo "<span style=\"color:#990000;float:right;\">Invalid Login</span>" . "<br>" . loginForm();
} else {
echo $result;
}
} else {
echo loginForm();
}
?>
</p>
</div>
<div class="header">
<img src="Header2.png" alt="Battle Bros" id="BBtitle"></img>
</div>
<div class="createaccount">
<a href="createAccount.php">
<img src="NewAccount.png" alt="Create Account" id="BBcreate"></img>
</a>
</div>
