Exemplo n.º 1
0
function sessionstart($nuserID)
{
    // session times out after x seconds, eg 30 minutes = 1800 seconds
    global $global_sessionexpiry;
    // session can at most last x seconds, eg 1 week = 604800 seconds
    global $global_sessionmaxtime;
    // create 2 16 digit random tokens
    $sessiontoken1 = makepassword(16);
    $sessiontoken2 = makepassword(16);
    // get ip address and user agent
    $ipaddress = $_SERVER['REMOTE_ADDR'];
    $useragent = substr($_SERVER['HTTP_USER_AGENT'], 0, 64);
    // cookie 1 holds ipaddress, sessiontoken1 and userid
    $cookie1 = $ipaddress . "|||" . $sessiontoken1 . "|||" . $nuserID;
    // cookie 2 holds sessiontoken2 and useragent
    $cookie2 = $sessiontoken2 . "&&&" . $useragent;
    // encrypt the cookies
    $cookie1 = aes_encrypt($cookie1);
    $cookie2 = aes_encrypt($cookie2);
    // send 2 cookies
    setcookie("TOKEN1", $cookie1, time() + $global_sessionmaxtime, "/");
    setcookie("TOKEN2", $cookie2, time() + $global_sessionmaxtime, "/");
    // update COOKIE globals
    $_COOKIE['TOKEN1'] = $cookie1;
    $_COOKIE['TOKEN2'] = $cookie2;
    // save data to the database
    $result = doSQL("update users set sessiontoken1=?, sessiontoken2=?, sessionipaddress=?, sessionuseragent=?, sessionlastdateSQL=now() where userID=?;", $sessiontoken1, $sessiontoken2, $ipaddress, $useragent, $nuserID) or die("ERR");
}
Exemplo n.º 2
0
    die("hacking attempt");
}
$oldSession = isset($_SESSION["login_rand"]) ? $_SESSION["login_rand"] : '';
$_SESSION["login_rand"] = mt_rand();
unset($_SESSION["idhost"]);
require_once "php/password.php";
if (isset($_GET["logout"])) {
    redirect(BASEDIR);
}
if (isset($_POST["login"]) && $_POST["login"] == $oldSession && isset($_POST["hostname"]) && isset($_POST["password"])) {
    $stmt = $mysqli->prepare('SELECT * FROM `hosts` WHERE `hostname` = ?') or die('query failed');
    $stmt->bind_param('s', $_POST["hostname"]);
    $stmt->execute() or die('query failed');
    $result = $stmt->get_result();
    $row = $result->fetch_assoc();
    if ($result->num_rows == 0 || makepassword($_POST["password"], $row["password"]) != $row["password"]) {
        echo "<p>User does not exist or wrong password!</p>";
    } else {
        $_SESSION["idhost"] = $row["idhost"];
        redirect(BASEDIR . "admin/compo");
    }
    $result->free();
    $stmt->close();
}
?>
          <h2>
            Login
          </h2>

          <form action="{{BASE}}login" method="post">
          
Exemplo n.º 3
0
             $response["uid"] = $user["unique_id"];
             $response["user"]["name"] = $user["name"];
             $response["user"]["email"] = $user["email"];
             $response["user"]["plate"] = $user["plate"];
             $response["user"]["bank"] = $user["bank"];
             $response["user"]["tel"] = $user["tel"];
             $response["user"]["created_at"] = $user["created_at"];
             $response["user"]["updated_at"] = $user["updated_at"];
             echo json_encode($response);
         }
     }
 } else {
     if ($tag == 'forget') {
         $email = $_POST['email'];
         if (isUserExisted($email, $db)) {
             $new_password = makepassword(10);
             $is_stored = saveNewPassword($email, $new_password, $db);
             if ($is_stored != false) {
                 $response["error"] = FALSE;
                 $response["password"] = $new_password;
                 echo json_encode($response);
             } else {
                 $response["error"] = TRUE;
                 $response["error_msg"] = "Error occured in Operation, Try again";
                 echo json_encode($response);
             }
         } else {
             // user is NOT existed - error response
             $response["error"] = TRUE;
             $response["error_msg"] = "User does NOT exist!";
             echo json_encode($response);
Exemplo n.º 4
0
function updateUser()
{
    global $mysqli;
    $user = intval($_POST["which"]);
    $result = $mysqli->query("SELECT * FROM `hosts` WHERE `idhost` = {$user}") or die('query failed');
    $row = $result->fetch_assoc();
    $result->free();
    if (!canEditUser($row)) {
        redirect(BASEDIR);
    }
    if (!canAddRole($_POST["role"]) && $_POST["role"] != $row["access_level"]) {
        echo "<p>Invalid role specified!</p>";
        editUser($user);
        return;
    }
    if ($_POST["password"] != $_POST["password_rep"]) {
        echo "<p>Passwords did not match!</p>";
        editUser($user);
        return;
    }
    $stmt = $mysqli->prepare("SELECT * FROM `hosts` WHERE (`idhost` != ?) AND (`hostname` = ?)") or die('query failed');
    $stmt->bind_param('is', $user, $_POST["hostname"]);
    $stmt->execute() or die('query failed');
    $result = $stmt->get_result();
    $userExists = $result->num_rows > 0;
    $result->free();
    $stmt->close();
    if ($userExists) {
        echo "<p>User name is already taken!</p>";
        editUser($user);
        return;
    }
    if (isset($_POST["password"]) && $_POST["password"] != '') {
        $password = makepassword($_POST["password"]);
    } else {
        $password = $row['password'];
    }
    $stmt = $mysqli->prepare('UPDATE `hosts` SET
        `hostname` = ?,
        `password` =  ?,
        `access_level` = ?
        WHERE `idhost` = ?') or die('query failed');
    $stmt->bind_param('ssii', $_POST["hostname"], $password, intval($_POST["role"]), $user);
    $stmt->execute() or die('query failed');
    $stmt->close();
    if ($_POST["which"] == $_SESSION["idhost"]) {
        redirect(BASEDIR . "admin/mydetails");
    } else {
        redirect(BASEDIR . "admin/users");
    }
}