function validate_form(&$frm, &$errors, $session) { /* validate the signup form, and return the error messages in a string. if * the string is empty, then there are no errors */ $errors = new Object(); $msg = ""; $tmp = verify_login($session['username'], $frm["oldpassword"]); if (empty($frm["oldpassword"])) { $errors->oldpassword = true; $msg .= "<li>Sie müssen Ihr altes Passwort eingeben"; } elseif (!$tmp) { $errors->oldpassword = true; $msg .= "<li>Ihr altes Passwort ist nicht richtig"; } if (empty($frm["password"])) { $errors->password = true; $msg .= "<li>Sie haben kein neues Passwort angegeben"; } elseif (empty($frm["password_check"])) { $errors->password_check = true; $msg .= "<li>Sie haben vergessen, Ihr neues Passwort zu wiederholen"; } elseif ($frm["password"] != $frm["password_check"]) { $errors->password_check = true; $errors->password = true; $msg .= "<li>Die Neuen Passwörter stimmen nicht überein"; } return $msg; }
<?php session_start(); include 'utilities.php'; use Airavata\Model\Workspace\Experiment\ExperimentState; use Airavata\API\Error\InvalidRequestException; use Airavata\API\Error\AiravataClientException; use Airavata\API\Error\AiravataSystemException; use Airavata\API\Error\ExperimentNotFoundException; use Thrift\Exception\TTransportException; create_http_header(); connect_to_id_store(); verify_login(); $airavataclient = get_airavata_client(); ?> <html> <?php create_html_head(); ?> <body> <?php create_nav_bar(); ?> <div class="container" style="max-width: 750px;"> <h1>Search for Experiments</h1>
<?php header('Content-Type: text/xml'); include 'login_functions.php'; echo '<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>'; echo '<Errors>'; $connection = connectDB(); $login = $_POST['login']; $v_log = verify_login($connection, $login); echo '<errorLogin>'; if ($v_log === 1) { echo 'images/yes1.png'; } else { echo 'images/no1.png'; } echo '</errorLogin>'; echo '<errorPassword>'; if (isset($_POST['password'])) { $password = $_POST['password']; $login = $_POST['login2']; if (verify_password($connection, $login, $password) === 1) { echo 'images/yes1.png'; } else { echo 'images/no1.png'; } } echo '</errorPassword>'; echo '</Errors>';
<?php /* * $Source: /home/xubuntu/berlios_backup/github/tmp-cvs/otmp/Repository/Release1/user/login.php,v $ * $Revision: 1.5 $ * $Id: login.php,v 1.5 2001/12/15 17:33:18 hifix Exp $ */ include "../application.php"; $DOC_TITLE = "Login"; if (isset($HTTP_POST_VARS) && $REQUEST_METHOD == "POST") { $frm = $HTTP_POST_VARS; /* form has been submitted, check if it the user login information is correct */ if (isset($frm['login'])) { $user = verify_login($frm["username"], $frm["password"]); /* set all user's sessionvariables */ if ($user) { unset($session); $session['username'] = $user['Name']; $session['userid'] = $user['usrID']; $session['adminlevel'] = $user['AdminLevel']; $session['translator'] = $user['Translator']; /* if wantsurl is set, that means we came from a page that required * log in, so let's go back there. otherwise go back to the main page */ $goto = empty($session["wantsurl"]) ? "{$CFG->wwwroot}/main.php" : $session["wantsurl"]; header("Location: {$goto}"); die; } else { $errormsg = "Invalid login, please try again"; } // endif user }
function login($forms) { $error = ""; $username = $forms["username"]; $password = $forms["password"]; if (!$password) { $password = "******"; } // die("$password"); if ($forms["authtype"] == "ldap") { //define an appropriate ldap search filter to find your users, and filter out accounts such as administrator(administrator should be renamed anyway!). $filter = "(&(|(!(displayname=Administrator*))(!(displayname=Admin*)))(" . LDAP_CN . "={$username}))"; $dn = LDAP_CN . "={$username}, "; if (!($connect = @ldap_connect(LDAP_SRV))) { $error .= "Could not connect to LDAP server:" . LDAP_SRV; } switch (LDAP_MSAD) { case "YES": ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); if (!($bind = @ldap_bind($connect, "{$username}@" . LDAP_DOMAIN, $password))) { $error .= " Unable to bind to LDAP Server: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>"; } break; default: if (!($bind = @ldap_bind($connect, "{$dn}" . LDAP_BASE_DN, $password))) { $error .= " Unable to bind to LDAP Server: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>"; } } if (!($sr = @ldap_search($connect, LDAP_BASE_DN, $filter))) { #search for user $error .= " Unable to search: <b>" . LDAP_SRV . "</b><br> <li>DN: {$dn}<br> <li>BaseDN: " . LDAP_BASE_DN . "<br>"; } $info = @ldap_get_entries($connect, $sr); // print "Number of entries returned is " .ldap_count_entries($connect, $sr)."<p>"; if (LDAP_USEPRIV == "ON") { if (in_array(LDAP_RW_GROUP, $info[0]["groupmembership"])) { $_SESSION["userpriv"] = "rw"; } elseif (in_array(LDAP_RO_GROUP, $info[0]["groupmembership"])) { $_SESSION["userpriv"] = "ro"; } else { $_SESSION["userpriv"] = "disabled"; // echo "User privileges are " . $_SESSION["userpriv"] . "<br>"; } } if (trim($error) != "") { return $error; } else { $fullname = $info[0]["cn"][0]; $fqdn = $info[0]["dn"]; $_SESSION["username"] = $username; $_SESSION["groups"] = $info[0]["groupmembership"]; $_SESSION["token"] = $password; $_SESSION["fullname"] = $fullname; $_SESSION["fqdn"] = $fqdn; $flname = explode(" ", $fullname); $_SESSION["firstname"] = $flname[0]; $_SESSION["lastname"] = $flname[1]; $_SESSION["pageId"] = "searchform"; // die(phpinfo()); // die(print_r($info[0])); // die(print_r($_SESSION)); } /* from here, do your sql query to query the database to search for existing record with correct username and password */ } elseif ($forms["authtype"] == "basic") { // Using Web basic authentication. Check to see if $_SERVER['REMOTE_USER'] has access, and act accordingly. $username = $_SERVER['REMOTE_USER']; if ($username == "") { $username = "******"; } $dbLink = db_connect_syslog(DBUSER, DBUSERPW); if ($username && verify_user($username, $dbLink)) { $sessionId = md5(mt_rand()); $_SESSION["pageId"] = "searchform"; $expTime = time() + SESSION_EXP_TIME; $expTimeDB = date('Y-m-d H:i:s', $expTime); // Update sessionId and exptime in database $query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n\t\t\t\texptime='" . $expTimeDB . "' WHERE username='******'"; $result = perform_query($query, $dbLink); } else { $error .= " Sorry, {$username} does not have access to this service."; $_SESSION["error"] = "{$error}"; } } elseif ($forms["authtype"] == "cert") { // Using Cert basic authentication.Check certificate SerialNumber first, Subject DN if SerialNumber fails $dbLink = db_connect_syslog(DBUSER, DBUSERPW); if (verify_user($_SERVER['SSL_CLIENT_M_SERIAL'], $dbLink) || verify_user($_SERVER['SSL_CLIENT_S_DN'], $dbLink)) { $sessionId = md5(mt_rand()); $_SESSION["pageId"] = "searchform"; $expTime = time() + SESSION_EXP_TIME; $expTimeDB = date('Y-m-d H:i:s', $expTime); // Update sessionId and exptime in database $query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n exptime='" . $expTimeDB . "' WHERE username='******'"; $result = perform_query($query, $dbLink); } else { $error .= " Sorry, {$username} does not have access to this service."; $_SESSION["error"] = "{$error}"; } } else { // Not using LDAP or WebBasic, revert to local db authentication if ($_POST["username"]) { $username = $_POST["username"]; $password = $_POST["password"]; // die("Info: $username, $password"); $dbLink = db_connect_syslog(DBUSER, DBUSERPW); if ($username && $password && verify_login($username, $password, $dbLink)) { $sessionId = md5(mt_rand()); $_SESSION["pageId"] = "searchform"; // Calculate the expiration time $expTime = time() + SESSION_EXP_TIME; $expTimeDB = date('Y-m-d H:i:s', $expTime); // Update sessionId and exptime in database $query = "UPDATE " . AUTHTABLENAME . " SET sessionid='" . $sessionId . "', \n\t\t\t\t\texptime='" . $expTimeDB . "' WHERE username='******'"; $result = perform_query($query, $dbLink); } else { $error .= " Invalid password for user {$username}"; $_SESSION["error"] = "{$error}"; } } else { $error .= " Missing POST variables"; $_SESSION["error"] = "{$error}"; } } if (trim($error) != "") { return $error; } else { $_SESSION["username"] = $username; return $username; } }
<p id="message"> <?php // si l'utilisateur a cliqué sur submit, $_POST est créé. // $_POST["submit"] existe donc est n'est pas NULL // On peut faire nos verif if (isset($_POST["submit"])) { // Si l'utilisateur n'a pas rentré de login OU de password if ($_POST["login"] == "" || $_POST["password"] == "") { // Affichage erreur echo "Les champs ne doivent pas être vides"; } else { // Sinon, on verifie si le login existe et si le password est OK // Comme on veut afficher les eventuelles erreurs ici, dans le <p> // on affiche le résultat renvoyé par la fonction verify_login // On lui passe en paramètre le login et password entrés par l'utilsiateur echo verify_login($_POST["login"], $_POST["password"]); } } ?> </p> <!-- Formulaire logn/pass --> <label for="login">Login: <input type="text" id="login" name="login"/> </label> <label for="password">Password: <input type="password" id="password" name="password"/> </label> <input type="submit" id="submit" name="submit" value="Connexion"/> </form> </body> </html>
// 支付接口请求cookie参数,org_loc这里传空,org_loc值会在类中更新 // IOS平台 $cookie = array('session_id' => 'hy_gameid', 'session_type' => 'st_dummy', 'org_loc' => ''); // 安卓平台 //$cookie = array( // 'session_id' => 'openid', // 'session_type' => 'kp_actoken', // 'org_loc' => '' //); $fun = 'get_balance_m'; if ($fun == 'help') { echo_help(); } if ($fun == 'verify_login') { $params = array('appid' => $appid, 'openid' => $openid, 'openkey' => $openkey, 'userip' => $userip); $ret = verify_login($sdk, $params, $qs); print_r("============== verify_login ================\n"); print_r($ret); } elseif ($fun == 'load_vip') { $params = array('appid' => $appid, 'openid' => $openid, 'login' => 2, 'uin' => 0, 'vip' => $vip, 'accessToken' => $openkey); $ret = load_vip($sdk, $params, $qs); print_r("============== load_vip ================\n"); print_r($ret); } elseif ($fun == 'qqprofile') { $params = array('appid' => $appid, 'openid' => $openid, 'accessToken' => $openkey); $ret = qqprofile($sdk, $params, $qs); print_r("============== qqprofile ================\n"); print_r($ret); } elseif ($fun == 'qqfriends_detail') { $params = array('appid' => $appid, 'openid' => $openid, 'accessToken' => $openkey, 'flag' => $flag); $ret = qqfriends_detail($sdk, $params, $qs);
function auth ($postvars) { //Start security update v0.1 global $appConfig; if($appConfig['ban_ip'] == "on" && $appConfig['max_login_tries']<=$_SESSION['num_login_tries']) { //insert ip into banned table $expdate = time()+$appConfig['ban_time']*60; mysql_query("INSERT INTO banned_ips(bannedIp,expirationDate) VALUES('{$_SERVER['REMOTE_ADDR']}','".date("Y-m-d h:m:s",$expdate)."')"); } if($appConfig['captcha']=='on' && $appConfig['num_login_tries']<=$_SESSION['num_login_tries']) { require_once('includes/modules/recaptchalib.php'); $resp = recaptcha_check_answer ($appConfig['captcha_private_key'], $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { return $_SESSION["error"] = "The CAPTCHA wasn't entered correctly. Go back and try it again." . "(CAPTCHA said: " . $resp->error . ")"; } } //End security update v0.1 $error = ""; $username = stripslashes($postvars["username"]); $password = stripslashes($postvars["password"]); if (validate_input($username, 'username') && (validate_input($password, 'password'))) { switch ($postvars['authtype']) { case "local": if ($username && $username !== "local_noauth") { $dbLink = db_connect_syslog(DBADMIN, DBADMINPW); if ($username && $password && verify_login($username, $password, $dbLink)) { $error =""; } else { $error .= " Invalid password for user $username"; } } else { if (trim($username) == "") $error .= "Your username is empty.<br>"; if (trim($password) == "") $error .= "Your password is empty."; } if (trim($error)!="") { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { $sql = "SELECT rbac_key FROM ".$_SESSION["TBL_AUTH"]." WHERE username='******'"; $result = perform_query($sql, $dbLink, $_SERVER['PHP_SELF']); $row = fetch_array($result); $_SESSION["rbac"] = $row[0]; return $_SESSION["username"] = $username; } break; case "ldap": $dbLink = db_connect_syslog(DBADMIN, DBADMINPW); $sql = "SELECT name,value FROM settings WHERE name like 'LDAP%'"; $result = perform_query($sql, $dbLink, "authentication.php - LDAP Auth"); while($row = fetch_array($result)) { if ($row['name'] == 'LDAP_BASE_DN') { $basedn = $row['value']; } if ($row['name'] == 'LDAP_CN') { $cn = $row['value']; } if ($row['name'] == 'LDAP_DOMAIN') { $domain = $row['value']; } if ($row['name'] == 'LDAP_MS') { $ms = $row['value']; } if ($row['name'] == 'LDAP_PRIV') { $priv = $row['value']; } if ($row['name'] == 'LDAP_RO_FILTERS') { $ro_filter = $row['value']; } if ($row['name'] == 'LDAP_RO_GRP') { $ro_grp = $row['value']; } if ($row['name'] == 'LDAP_RW_GRP') { $rw_grp = $row['value']; } if ($row['name'] == 'LDAP_SRV') { $srv = $row['value']; } if ($row['name'] == 'LDAP_DNU_GRP') { $nuser_grp = $row['value']; } if ($row['name'] == 'LDAP_USERS_RO' ){ $list_of_ldapusers_ro = $row['value']; } if ($row['name'] == 'LDAP_USERS_RW' ){ $list_of_ldapusers_rw = $row['value']; } } //define an appropriate ldap search filter to find your users, and filter out accounts such as administrator(administrator should be renamed anyway!). $filter="(&(|(!(displayname=Administrator*))(!(displayname=Admin*)))(" .$cn. "=$username))"; $dn = $cn . "=$username, "; if (!($connect = @ldap_connect($srv))) { $error .= "Could not connect to LDAP server:" . $srv; } switch ($ms) { case "1": ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION,3); ldap_set_option($connect, LDAP_OPT_REFERRALS,0); if (!($bind = @ldap_bind($connect, "$username@" . $domain, $password))) { $error .= " Unable to bind to LDAP Server: <b>" . $srv . "</b><br> <li>DN: $dn<br> <li>BaseDN: " . $basedn . "<br>"; } break; default: if (!($bind = @ldap_bind($connect, "$dn" . $basedn, $password))) { $error .= " Unable to bind to LDAP Server: <b>" . $srv . "</b><br> <li>DN: $dn<br> <li>BaseDN: " . $basedn . "<br>"; } } if (!($sr = @ldap_search($connect, $basedn, $filter))) { #search for user $error .= " Unable to search: <b>" . $srv . "</b><br> <li>DN: $dn<br> <li>BaseDN: " . $basedn . "<br>"; } $info = @ldap_get_entries($connect, $sr); // print "Number of entries returned is " .ldap_count_entries($connect, $sr)."<p>"; if ($priv == "1") { if (in_array($rw_grp, $info[0]["groupmembership"])) { $_SESSION["userpriv"] = "rw"; } elseif (in_array($ro_grp, $info[0]["groupmembership"])) { $_SESSION["userpriv"] = "ro"; } else { $_SESSION["userpriv"] = "disabled"; } if ( strlen($list_of_ldapusers_ro) > 0 ){ $tmp_miami = explode(',', $list_of_ldapusers_ro); if ( in_array ($username, $tmp_miami ) ){ $_SESSION['userpriv'] = 'ro'; } } if ( strlen($list_of_ldapusers_rw) > 0 ){ $tmp_miami = explode(',', $list_of_ldapusers_rw); if ( in_array ($username, $tmp_miami ) ){ $_SESSION['userpriv'] = 'rw'; } } if ( $_SESSION['userpriv'] == 'disabled' ){ $error.='User not authorized'; } } if ( trim($error) != "" ) { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { $fullname=$info[0]["cn"][0]; $fqdn=$info[0]["dn"]; $_SESSION["username"] = $username; $_SESSION["groups"] = $info[0]["groupmembership"]; $_SESSION["token"] = $password; $_SESSION["fullname"] = $fullname; $_SESSION["fqdn"] = $fqdn; $flname = explode(" ", $fullname); $_SESSION["firstname"] = $flname[0]; $_SESSION["lastname"] = $flname[1]; $_SESSION["pageId"] = "searchform" ; // die(phpinfo()); // die(print_r($info[0])); // die(print_r($_SESSION)); // Create user locally // Add user (if they don't exist) $sql = "SELECT username from users where username='******'"; $result = perform_query($sql, $dbLink, "authentication.php - LDAP"); $row = fetch_array($result); if ($row['username'] !== "$username") { $sql = "INSERT IGNORE INTO ".$_SESSION['TBL_AUTH']." (username,pwhash) VALUES ('$username',MD5('$password'))"; $result = perform_query($sql, $dbLink, "authentication.php - LDAP"); if(mysql_affected_rows() !== 1) { $error .= "Unable to add $username to local system"; } else { $sql = "REPLACE INTO groups (userid, groupname) SELECT (SELECT id FROM users WHERE username='******'),'$nuser_grp'"; perform_query($sql, $dbLink, "authentication.php - LDAP"); $sql = "REPLACE INTO ui_layout (userid, pagename, col, rowindex, header, content, group_access) SELECT (SELECT id FROM users WHERE username='******'),pagename,col,rowindex,header,content, group_access FROM ui_layout WHERE userid=0"; perform_query($sql, $dbLink, "authentication.php - LDAP"); } } } /* from here, do your sql query to query the database to search for existing record with correct username and password */ if (trim($error)!="") { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { $sessionId = session_id(); $expTime = time()+$_SESSION["SESS_EXP"]; $expTimeDB = date('Y-m-d H:i:s', $expTime); $query = "UPDATE ".$_SESSION["TBL_AUTH"]." SET sessionid='".$sessionId."', exptime='".$expTimeDB."' WHERE username='******'"; $result = perform_query($query, $dbLink, $_SERVER['PHP_SELF']); $sql = "SELECT rbac_key FROM ".$_SESSION["TBL_AUTH"]." WHERE username='******'"; $result = perform_query($sql, $dbLink, $_SERVER['PHP_SELF']); $row = fetch_array($result); $_SESSION["rbac"] = $row[0]; return $_SESSION["username"] = $username; } break; case "webbasic": $error .= "Web Basic not implemented yet"; if (trim($error)!="") { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { return $_SESSION["username"] = $username; } break; case "msad": $error .= "Microsoft Authentication not implemented yet"; if (trim($error)!="") { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { return $_SESSION["username"] = $username; } break; case "cert": $error .= "SSL Certificate Authentication not implemented yet"; if (trim($error)!="") { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { return $_SESSION["username"] = $username; } break; case "tacacs": $error .= "Tacacs Authentication not implemented yet"; if (trim($error)!="") { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { return $_SESSION["username"] = $username; } break; case "radius": $error .= "Radius Authentication not implemented yet"; if (trim($error)!="") { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = $error; } else { return $_SESSION["username"] = $username; } break; } } else { //Start security update v0.1 $_SESSION['num_login_tries']+=1; //End security update v0.1 return $_SESSION["error"] = "Invalid Username or Password"; } }
require '../../include/global_functions.php'; function verify_login($username, $password) { $dao = new AdministratorDAO(); if ($dao->verifyLogin($username, $password)) { $_SESSION['logged_in'] = true; die(header('Location: index.php')); } } startSession(); if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true) { die(header('Location: /admin')); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { verify_login($_POST['username'], $_POST['password']); } $page['title'] = 'Login'; require '../../include/header.inc'; ?> <link rel="stylesheet" type="text/css" href="//static.project645.tk/css/login.css"> <form action="?" method="POST" class="form-signin"> <h2 class="form-signin-heading"><?php echo t('Please sign in'); ?> </h2> <label for="inputUsername" class="sr-only"><?php echo t('Username'); ?> </label> <input type="text" name="username" id="inputUsername" class="form-control" placeholder="<?php