public function login()
{
if (current_user() == null) {
$provider = new \BDE42\OAuth2\Client\Provider\Marvin(['clientId' => env('42_ID'), 'clientSecret' => env('42_SECRET'), 'redirectUri' => env('42_REDIRECT', 'http://localhost:8000/auth/login')]);
// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {
$authUrl = $provider->getAuthorizationUrl();
session(['oauth2state' => $provider->getState()]);
return redirect($authUrl);
// Check given state against previously stored one to mitigate CSRF attack
} else {
if (empty($_GET['state']) || $_GET['state'] !== session('oauth2state')) {
session()->forget('oauth2state');
exit('Invalid state');
}
}
session()->forget('oauth2state');
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', ['code' => $_GET['code']]);
// Try to get an access token (using the authorization code grant)
try {
$user = $provider->getResourceOwner($token);
setLogin($user->getUserInfos());
//Basic informations (uid, email, name and login)
//$user->toArray() //Get all user informations whose you have the access authorization
} catch (Exception $e) {
exit('Oh dear...');
}
}
//return redirect::route('clubs');
return redirect::route('clubs');
}
$stmt->bindParam(":UserName", $username);
$stmt->execute();
$results = $stmt->fetch(PDO::FETCH_ASSOC);
if (count($results) > 0 && $password === $results['UPassword']) {
$userid = $results['UserID'];
print "<H2>Login Completed</H2><p>Thanks {$username}, you have been logged in</p>";
print "<form method='post' name='getList' action='home.php?{$userid}' autocomplete='on'>";
print "<input type='hidden' name='userid' value='{$userid}' />";
print "<input type='submit' value='Request Services'/>";
print "</form>";
attemptedLoginSuccess($userid);
} else {
die("<p class='error'>Password does not match file " . mysql_error() . "</p></body></html>");
attemptedLoginFailure();
}
setLogin($userid);
function setLogin($userid)
{
include_once './panels/dbConnect.php';
$dbh = OpenConn();
$stmt = $dbh->prepare("UPDATE tUser Set LastLogin=getDate() WHERE UserID=:UserID");
$stmt->bindParam(":UserID", $userid);
$stmt->execute();
$dbh = null;
}
function attemptedLoginSuccess($userid)
{
include_once './panels/dbConnect.php';
$dbh = OpenConn();
$stmt = $dbh->prepare("INSERT INTO tLoginAttempt (UserID,Success,ApplicationID,IP,AttemptedDateTime) VALUES(:UserID,1,0,:ip,getDate())");
$stmt->bindParam(":UserID", $userid);
/**
* Создаёт исполнителя по данным из mysql
*
* @param array $data данные из mysql
*
* @return &array объект исполнителя
*/
function &unserializeFromMysql(array $data)
{
$Executor =& construct();
setId($Executor, $data['id']);
setFio($Executor, $data['fio']);
setSalary($Executor, $data['salary']);
setLogin($Executor, $data['login']);
return $Executor;
}
loginForm($category, $authStatus);
} else {
echo "<h2>Ustawienie loginu</h2>";
if (isset($_POST['setlogin'])) {
$newLogin = clearVariable($_POST['newlogin']);
$repeatLogin = clearVariable($_POST['repeatlogin']);
$changeStatus;
if (empty($newLogin) || empty($repeatLogin)) {
// zwrócenie błędu jeżeli któreś pole jest puste
$changeStatus = "<p>Musisz wypełnić oba pola.</p>";
} else if ($newLogin != $repeatLogin) {
$changeStatus = "<p>Oba wpisane loginy są różne.</p>";
} else {
include('php/setlogin.php');
$changeStatus = setLogin($newLogin);
}
echo $changeStatus;
}
// jeśli jest, to wyświetlenie prawidłowej zawartości strony
if ($_SESSION['userLogin']) {
echo "<p>Posiadasz już ustawiony login.</p>";
} else {
// jeżeli wcisnięty został przycisk "zmień"
echo "<p>Twoje konto nie posiada jeszcze ustalonego loginu. Logowanie poprzez numer indeksu jest niebezpieczne. Aby móc korzystać ze swojego konta należy teraz ustawić swój login, który będzie służył do logowania.</p>";
?>
<form action="?category=user/setlogin" method="post">
<table>
<?php
session_start();
require_once dirname(__FILE__) . "/lib/header.php";
if (isset($_SESSION['loginID'])) {
locate($URLPv . "index.php");
} else {
if (isset($_POST['stuID']) && isset($_POST['stuPW'])) {
if (CheckPOP3($_POST['mailserver'] . ".ndhu.edu.tw", $_POST['stuID'], $_POST['stuPW'])) {
$_SESSION['loginID'] = $_POST['stuID'];
$_SESSION['loginToken'] = genToken($DBmain, $_SESSION['loginID']);
setLogin($DBmain, $_SESSION['loginID'], $_SESSION['loginToken']);
if (checkAdmin($DBmain, $_SESSION['loginID'])) {
setLog($DBmain, "info", "Admin Login", $_SESSION['loginID']);
}
if (checkReg($DBmain, $_SESSION['loginID'])) {
locate($URLPv . "index.php");
} else {
locate($URLPv . "regist.php");
}
} else {
alert("Login Failed! Please try again. ");
locate($URLPv . "login.php");
}
} else {
?>
<div class="login">
<form action="login.php" method="post">
<div class="form-horizontal">
<div class="form-group">
<label class="control-label col-sm-2">Email: </label>
<?php
require_once 'conf.php';
require_once 'lib.php';
$error = "";
if (getField('submit') == "Login") {
if (isValidUser()) {
setLogin();
header("Location: index.php");
} else {
$error = "Invalid Username or Password!";
}
}
$conf['pageTitle'] .= " | SignUp";
$data['menu'] = getTopMenu();
$data['bodyContent'] = getLoginForm($error);
require_once TEMPLATE;
function getLoginForm($error)
{
$temp = '<div class="title">User Login</div>
<div class="form login-form">
<div class="errors">' . $error . '</div>
<form action="login.php" method="post" id="login_form">
<div class="field">
<label for="username">Username</label><br/>
<input type="text" name="username" id="username"/>
</div>
<div class="field">
<label for="password">Password</label><br/>
<input type="password" name="password" id="password"/>
</div>
