function clearUser() { if (isset($_POST['user']) && $_POST['user'] !== null && $_POST['user'] !== '') { $username = $_POST['user']; // lookup userid from db //echo "received Username: "******"") { // if user/password exists, check it, otherwise add new user if (usernameExists($username)) { $userId = getUserId($username); $pass = getPass($userId); // get pass from db if ($_POST['pass'] === $pass) { return "user cleared."; } else { return "invalid combination."; } } else { if (addUser($username, $_POST['pass'])) { return "user cleared."; } else { return "error creating new user."; } } } else { return "password cannot be empty."; } } else { return "username cannot be empty."; } }
function __construct($user, $display, $pass, $email, $colist, $contact) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->colist_agent = $colist; $this->contact_person = $contact; if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
function login($username, $password, $ref) { //A function that attempts to login the user (set the session variables), and if it fails, it'll //throw errors as an echo; global $root; $responseArray = array("ref" => $ref, "userErrorMsg" => "", "loginStatus" => false); $userData = fetchJSON($root . "/users.json"); if (usernameExists($username)) { for ($i = 0; $i < count($userData); $i++) { if ($userData[$i]->username === $username && $userData[$i]->password === $password) { $_SESSION["loggedIn"] = true; $_SESSION["username"] = $username; $_SESSION["userID"] = $userData[$i]->id; $responseArray["loginStatus"] = true; break; } if ($i === count($userData) - 1) { $responseArray["userErrorMsg"] = "Incorrect password!"; $responseArray["loginStatus"] = false; break; } } } else { $responseArray["userErrorMsg"] = "That username doesn't exist!"; $responseArray["loginStatus"] = false; } return $responseArray; }
function __construct($user, $display, $pass, $email, $pin, $location, $about) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->clean_pin = trim($pin); $this->location = trim($location); $this->about = trim($about); if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
function __construct($user, $display, $pass, $email, $country, $state, $city, $address, $zip, $phone) { //Used for display only $this->displayname = $display; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->username = sanitize($user); $this->user_country = sanitize($country); $this->user_state = sanitize($state); $this->user_city = sanitize($city); $this->user_address = sanitize($address); $this->user_zip = sanitize($zip); $this->user_phone = sanitize($phone); if (usernameExists($this->username)) { $this->username_taken = true; } else { if (displayNameExists($this->displayname)) { $this->displayname_taken = true; } else { if (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } } } }
public function validate_username($value) { if (minMaxRange(4, 16, $value)) { $this->set_specific_error('username', lang("ACCOUNT_USER_CHAR_LIMIT", array(4, 16))); } else { if (usernameExists($value)) { $this->set_specific_error('username', lang("ACCOUNT_USERNAME_IN_USE", array($value))); } } }
function validateUserName($username, $conn) { $erroList = []; if (usernameExists($username, $conn)) { array_push($erroList, "Username already exists"); } if (strlen($username) == 0) { array_push($erroList, "Please supply username"); } return $erroList; }
function __construct($user, $pass, $email, $group_id = 2) { //Used for display only $this->unclean_username = $user; //Sanitize $this->clean_email = sanitize($email); $this->clean_password = trim($pass); $this->group_id = trim($group_id); $this->clean_username = sanitize($user); if (usernameExists($this->clean_username)) { $this->username_taken = true; } elseif (emailExists($this->clean_email)) { $this->email_taken = true; } else { //No problems have been found. $this->status = true; } }
function CorrectUserInputs($userDetails) { $nameRegex = '/^[a-z]+[a-z ]*$/i'; $usernameRegex = '/^[A-Z0-9_]+$/i'; $passwordRegex = '/^[^ ]*$/'; if (usernameExists($userDetails['username'])) { return false; } if (!preg_match($nameRegex, $userDetails['firstname']) || !preg_match($nameRegex, $userDetails['lastname']) || !preg_match($usernameRegex, $userDetails['username']) || !preg_match($passwordRegex, $userDetails['password'])) { return false; } if (!($userDetails['gender'] == 'Female' && in_array($userDetails['salutation'], ['Miss', 'Ms', 'Mrs', 'Madame', 'Majesty', 'Seniora'])) && !($userDetails['gender'] == 'Male' && in_array($userDetails['salutation'], ['Mr', 'Sir', 'Senior', 'Count']))) { return false; } if (strtotime($userDetails['birthdate']) > strtotime('-18 years')) { return false; } return true; }
/** * Ban user * @param $input */ function shoutboxBanUser($input) { global $lang, $db, $mybb, $cache; $lang->load('dvz_reports'); //Validate XSRF token if (verify_post_check($input['my_post_key'])) { //Validate if weve got a username if (!$input['username']) { redirect('modcp.php?action=shoutbox_ban', $lang->invalid_username); } //Validate existance if (!($uid = (int) usernameExists($input['username']))) { redirect('modcp.php?action=shoutbox_ban', $lang->invalid_username); } //User already banned if (isBanned($uid)) { redirect('modcp.php?action=shoutbox_ban', $lang->already_banned); } if ($input['reason'] == 'different') { if (!$input['reason_input']) { redirect('modcp.php?action=shoutbox_ban', $lang->no_reason); } else { $reason = $input['reason_input']; } } else { $reason = $input['reason']; } $data = array('uid' => $db->escape_string($uid), 'reason' => $db->escape_string($reason), 'unbantime' => getUnban($input['length']), 'banned_by' => $db->escape_string($mybb->user['uid'])); //Insert new ban $db->insert_query('dvz_reports_banned', $data); //Log action $logdata = array('uid' => $uid, 'username' => $mybb->input['username']); log_moderator_action($logdata, $lang->banned_user); //Redirect redirect('modcp.php?action=shoutbox_ban', $lang->ban_succesfull); } }
if (!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Forms posted if (!empty($_POST) && $emailActivation) { $email = $_POST["email"]; $username = $_POST["username"]; //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activation if ($userdetails["active"] == 1) { $errors[] = lang("ACCOUNT_ALREADY_ACTIVE"); } else { if ($resend_activation_threshold == 0) { $hours_diff = 0; } else { $last_request = $userdetails["last_activation_request"]; $hours_diff = round((time() - $last_request) / (3600 * $resend_activation_threshold), 0); } if ($resend_activation_threshold != 0 && $hours_diff <= $resend_activation_threshold) { $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT", array($resend_activation_threshold)); } else { //For security create a new activation url; $new_activation_token = generateActivationToken(); if (!updateLastActivationRequest($new_activation_token, $username, $email)) { $errors[] = lang("SQL_ERROR"); } else { $mail = new userCakeMail(); $activation_url = $websiteUrl . "activate-account.php?token=" . $new_activation_token; //Setup our custom hooks $hooks = array("searchStrs" => array("#ACTIVATION-URL", "#USERNAME#"), "subjectStrs" => array($activation_url, $userdetails["display_name"])); if (!$mail->newTemplateMsg("resend-activation.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Activate your " . $websiteName . " Account")) { $errors[] = lang("MAIL_ERROR"); } else { //Success, user details have been updated in the db now mail this information out. $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); } } } } } } } } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } $this->load->view('resend_activation'); }
ini_set('display_errors', 1); error_reporting(E_ALL | E_STRICT); include '/home/jayme/firephp-core/lib/FirePHPCore/fb.php'; require 'scripts/dbConnect.php'; require 'scripts/selectQueries.php'; include 'scripts/sessions.php'; // Validate the fields upon submission. if ($_POST) { $loginUsername = trim($_POST["loginUsername"], " \t\n\r\v"); // Remove trailing whitespace from the field. $loginPassword = $_POST["loginPassword"]; $errorMsg = ""; // OPENING DATABASE CONNECTION. $dbConn = dbConnect(); // Check that the username exists in the database. $userFound = usernameExists($dbConn, strtolower($loginUsername)); FB::log('User found status: ' . ($userFound ? 'True' : 'False')); if ($userFound) { // Check that the password is correct for the user. $isValid = passwordExists($dbConn, $loginUsername, $loginPassword); FB::log('Login valid? ' . ($isValid ? 'True' : 'False')); if ($isValid) { //TODO Creating PHP sessions for managing user login. FB::log('Login success! Setting session variables...'); $_SESSION['LoggedIn'] = true; $_SESSION['Username'] = $loginUsername; $_SESSION['UserId'] = getUserId($dbConn, $loginUsername); FB::info('LoggedIn: ' . $_SESSION['LoggedIn'] . ', Username: '******'Username'] . ', UserId: ' . $_SESSION['UserId']); } else { $errorMsg = "<b>Your password is incorrect. Please try again.</b>"; }
function flagLostPasswordRequest($user_name, $value) { if (!usernameExists($user_name)) { addAlert("danger", "Invalid username specified."); return false; } try { global $db_table_prefix; $db = pdoConnect(); $sqlVars = array(); $query = "UPDATE " . $db_table_prefix . "users\n\t\tSET lost_password_request = :value\n\t\tWHERE\n\t\tuser_name = :user_name\n\t\tLIMIT 1"; $stmt = $db->prepare($query); $sqlVars['value'] = $value; $sqlVars['user_name'] = $user_name; if (!$stmt->execute($sqlVars)) { // Error: column does not exist return false; } return true; } catch (PDOException $e) { addAlert("danger", "Oops, looks like our database encountered an error."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } catch (ErrorException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); return false; } catch (RuntimeException $e) { addAlert("danger", "Oops, looks like our server might have goofed. If you're an admin, please check the PHP error logs."); error_log("Error in " . $e->getFile() . " on line " . $e->getLine() . ": " . $e->getMessage()); return false; } }
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } } else { if ($username == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } } if ($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } if (count($errors) == 0) { //A security note here, never tell the user which credential was incorrect if ($email == 1) { $existsVar = !emailExists($email_address); } else { $existsVar = !usernameExists($username); } if ($existsVar) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { if ($email == 1) { $userdetails = fetchUserAuthByEmail($email_address); } elseif ($email == 0) { $userdetails = fetchUserAuthByUserName($username); } //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { if ($userdetails["enabled"] == 0) { $errors[] = lang("ACCOUNT_DISABLED");
/** * Create a user with the specified fields. * @param string $user_name the validated $_POST['user_name'] variable * @param string $display_name the validated $_POST['display_name'] variable * @param string $email the validated $_POST['email'] variable * @param string $title the validated $_POST['title'] variable * @param string $password the validated $_POST['password'] variable * @param string $passwordc the validated $_POST['passwordc'] variable * @param boolean $require_activation value of global $emailActivation when $admin is false * @param boolean $admin True if admin is creating user, False if not admin creating user. * @return int $inserted_id */ function createUser($user_name, $display_name, $email, $title, $password, $passwordc, $require_activation, $admin) { // if we're in admin mode, then the user must be logged in and have appropriate permissions if ($admin == "true") { // This block automatically checks this action against the permissions database before running. if (!checkActionPermissionSelf(__FUNCTION__, func_get_args())) { addAlert("danger", "Sorry, you do not have permission to access this resource."); return false; } } $error_count = 0; // Check values if (minMaxRange(1, 25, $user_name)) { addAlert("danger", lang("ACCOUNT_USER_CHAR_LIMIT", array(1, 25))); $error_count++; } if (!ctype_alnum($user_name)) { addAlert("danger", lang("ACCOUNT_USER_INVALID_CHARACTERS")); $error_count++; } if (minMaxRange(1, 50, $display_name)) { addAlert("danger", lang("ACCOUNT_DISPLAY_CHAR_LIMIT", array(1, 50))); $error_count++; } if (!isValidName($display_name)) { addAlert("danger", lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS")); $error_count++; } if (!isValidEmail($email)) { addAlert("danger", lang("ACCOUNT_INVALID_EMAIL")); $error_count++; } if (minMaxRange(1, 150, $title)) { addAlert("danger", lang("ACCOUNT_TITLE_CHAR_LIMIT", array(1, 150))); $error_count++; } if (minMaxRange(8, 50, $password) && minMaxRange(8, 50, $passwordc)) { addAlert("danger", lang("ACCOUNT_PASS_CHAR_LIMIT", array(8, 50))); $error_count++; } else { if ($password != $passwordc) { addAlert("danger", lang("ACCOUNT_PASS_MISMATCH")); $error_count++; } } if (usernameExists($user_name)) { addAlert("danger", lang("ACCOUNT_USERNAME_IN_USE", array($user_name))); $error_count++; } if (displayNameExists($display_name)) { addAlert("danger", lang("ACCOUNT_DISPLAYNAME_IN_USE", array($display_name))); $error_count++; } if (emailExists($email)) { addAlert("danger", lang("ACCOUNT_EMAIL_IN_USE", array($email))); $error_count++; } //Construct a secure hash for the plain text password $password_hash = passwordHashUF($password); if ($password_hash === null) { addAlert("danger", lang("PASSWORD_HASH_FAILED")); $error_count++; } // Exit on any invalid parameters if ($error_count != 0) { return false; } //Construct a unique activation token (even if activation is not required) $activation_token = generateActivationToken(); $active = 1; //Do we need to require that the user activate their account first? if ($require_activation) { //User must activate their account first $active = 0; $mailSender = new userCakeMail(); //Build the activation message $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array(SITE_ROOT . "api/", $activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $activation_token, $display_name)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ // If there is a mail failure, fatal error if (!$mailSender->newTemplateMsg("new-registration.txt", $hooks)) { addAlert("danger", lang("MAIL_ERROR")); return false; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third paremeter for message if you do not wish to build a template. if (!$mailSender->sendMail($email, "Please activate your account")) { addAlert("danger", lang("MAIL_ERROR")); return false; } } } // Insert the user into the database and return the new user's id return addUser($user_name, $display_name, $title, $password_hash, $email, $active, $activation_token); }
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; $baseURL = getcwd(); require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //User has confirmed they want their password changed if (!empty($_GET["confirm"])) { $token = trim($_GET["confirm"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $rand_pass = getUniqueCode(15); //Get unique code $secure_pass = generateHash($rand_pass); //Generate random hash $userdetails = fetchUserDetails(NULL, $token); //Fetchs user details $mail = new userCakeMail(); //Setup our custom hooks $hooks = array("searchStrs" => array("#GENERATED-PASS#", "#USERNAME#"), "subjectStrs" => array($rand_pass, $userdetails["display_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/your-lost-password.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Your new password")) { $errors[] = lang("MAIL_ERROR"); } else { if (!updatePasswordFromToken($secure_pass, $token)) { $errors[] = lang("SQL_ERROR"); } else { if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_NEW_PASS_EMAIL"); } } } } } } //User has denied this request if (!empty($_GET["deny"])) { $token = trim($_GET["deny"]); if ($token == "" || !validateActivationToken($token, TRUE)) { $errors[] = lang("FORGOTPASS_INVALID_TOKEN"); } else { $userdetails = fetchUserDetails(NULL, $token); if (!flagLostPasswordRequest($userdetails["user_name"], 0)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_CANNED"); } } } //Forms posted if (!empty($_POST)) { $email = $_POST["email"]; $username = sanitize($_POST["username"]); //Perform some validation //Feel free to edit / change as required if (trim($email) == "") { $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); } else { if (!isValidEmail($email) || !emailExists($email)) { $errors[] = lang("ACCOUNT_INVALID_EMAIL"); } } if (trim($username) == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } else { if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_INVALID_USERNAME"); } } if (count($errors) == 0) { //Check that the username / email are associated to the same account if (!emailUsernameLinked($email, $username)) { $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID"); } else { //Check if the user has any outstanding lost password requests $userdetails = fetchUserDetails($username); if ($userdetails["lost_password_request"] == 1) { $errors[] = lang("FORGOTPASS_REQUEST_EXISTS"); } else { //Email the user asking to confirm this change password request //We can use the template builder here //We use the activation token again for the url key it gets regenerated everytime it's used. $mail = new userCakeMail(); $confirm_url = lang("CONFIRM") . "\n" . $websiteUrl . "forgot-password.php?confirm=" . $userdetails["activation_token"]; $deny_url = lang("DENY") . "\n" . $websiteUrl . "forgot-password.php?deny=" . $userdetails["activation_token"]; //Setup our custom hooks $hooks = array("searchStrs" => array("#CONFIRM-URL#", "#DENY-URL#", "#USERNAME#"), "subjectStrs" => array($confirm_url, $deny_url, $userdetails["user_name"])); if (!$mail->newTemplateMsg("{$baseURL}/application/third_party/user_cake/mail-templates/lost-password-request.txt", $hooks)) { $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); } else { if (!$mail->sendMail($userdetails["email"], "Lost password request")) { $errors[] = lang("MAIL_ERROR"); } else { //Update the DB to show this account has an outstanding request if (!flagLostPasswordRequest($userdetails["user_name"], 1)) { $errors[] = lang("SQL_ERROR"); } else { $successes[] = lang("FORGOTPASS_REQUEST_SUCCESS"); } } } } } } } $this->load->view('forgot_password'); }
$display_type = 'SignIn'; // If anyone of them is missing, then redisplay the StartPage with the 'SignIn' form having error messages. include 'views/StartPage.php'; // ViewStart } exit; // exit // exit case 'Join': $display_type = 'Join'; // Get username if (empty($_POST['username'])) { // If username is empty $error_msg_username = '******'; } else { if (usernameExists($_POST['username'])) { $error_msg_username = '******'; } else { // username $username = $_POST['username']; // in order to redisplay } } //get name if (empty($_POST['name'])) { // If username is empty $error_msg_name = '*required'; } else { // username $name = $_POST['name']; }
$deleteID = "delete" . $row['User_ID']; $delete = $_POST[$deleteID] ? "Yes" : "No"; $usernameID = "username" . $row['User_ID']; $newusername = $_POST[$usernameID]; $emailID = "email" . $row['User_ID']; $newemail = $_POST[$emailID]; $groupID = "group_id" . $row['User_ID']; $newgroup = $_POST[$groupID]; if ($delete == "Yes") { $sql = "DELETE from " . $db_table_prefix . "Users WHERE User_ID = '" . $row['User_ID'] . "'"; $db->sql_query($sql); } else { if ($newusername != $row['Username']) { if (minMaxRange(5, 25, $newusername)) { $errors[] = "Unable to update " . $row['Username'] . "'s username because selected name is not between 5 and 25 characters."; } elseif (usernameExists($newusername)) { $errors[] = "Unable to change " . $row['Username'] . "'s name because selected username is already in use."; } else { $sql = "UPDATE " . $db_table_prefix . "Users SET Username = '******', Username_clean = '" . sanitize($newusername) . "' WHERE User_ID='" . $row['User_ID'] . "'"; $db->sql_query($sql); } } if ($row['Email'] != $newemail) { if (trim($newemail) == "") { $errors[] = "Unable to update " . $row['Username'] . "'s email because no address was entered."; } else { if (!isValidEmail($newemail)) { $errors[] = "Unable to update " . $row['Username'] . "'s email because address is invalid."; } else { if (emailExists($newemail)) { $errors[] = "Unable to update " . $row['Username'] . "'s email because address is already in use.";
public function index() { /* UserCake (Via CupCake) Version: 2.0.2 http://usercake.com */ global $baseURL; require_once "{$baseURL}/application/third_party/user_cake/models/config.php"; if (!securePage($_SERVER['PHP_SELF'])) { die; } //Prevent the user visiting the logged in page if he/she is already logged in if (isUserLoggedIn()) { header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } //Forms posted if (!empty($_POST)) { global $errors; $errors = array(); $username = sanitize(trim($_POST["username"])); $password = trim($_POST["password"]); //Perform some validation //Feel free to edit / change as required if ($username == "") { $errors[] = lang("ACCOUNT_SPECIFY_USERNAME"); } if ($password == "") { $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); } if (count($errors) == 0) { //A security note here, never tell the user which credential was incorrect if (!usernameExists($username)) { $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { $userdetails = fetchUserDetails($username); //See if the user's account is activated if ($userdetails["active"] == 0) { $errors[] = lang("ACCOUNT_INACTIVE"); } else { //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password, $userdetails["password"]); if ($entered_pass != $userdetails["password"]) { //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID"); } else { //Passwords match! we're good to go' //Construct a new logged in user object //Transfer some db data to the session object $loggedInUser = new loggedInUser(); $loggedInUser->email = $userdetails["email"]; $loggedInUser->user_id = $userdetails["id"]; $loggedInUser->hash_pw = $userdetails["password"]; $loggedInUser->title = $userdetails["title"]; $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; //Update last sign in $loggedInUser->updateLastSignIn(); $this->session->set_userdata('userCakeUser', $loggedInUser); // $_SESSION["userCakeUser"] = $loggedInUser; //Redirect to user account page header("Location: " . str_replace('index.php/', '', site_url('account'))); die; } } } } } $this->load->view('login'); }