public function control()
{
$session = new Session();
$dao = DAOFactory::getDAO('OwnerDAO');
$this->setViewTemplate('session.resetpassword.tpl');
$this->disableCaching();
if (!isset($_GET['token']) || !preg_match('/^[\\da-f]{32}$/', $_GET['token']) || !($user = $dao->getByPasswordToken($_GET['token']))) {
// token is nonexistant or bad
$this->addErrorMessage('You have reached this page in error.');
return $this->generateView();
}
if (!$user->validateRecoveryToken($_GET['token'])) {
$this->addErrorMessage('Your token is expired.');
return $this->generateView();
}
if (isset($_POST['password'])) {
if ($_POST['password'] == $_POST['password_confirm']) {
if ($dao->updatePassword($user->email, $session->pwdcrypt($_POST['password'])) < 1) {
echo "not updated";
}
$login_controller = new LoginController(true);
$login_controller->addSuccessMessage('You have changed your password.');
return $login_controller->go();
} else {
$this->addErrorMessage("Passwords didn't match.");
}
} else {
if (isset($_POST['Submit'])) {
$this->addErrorMessage('Please enter a new password.');
}
}
return $this->generateView();
}
public function control()
{
$controller = new LoginController(true);
if ($this->is_missing_param) {
$controller->addErrorMessage('Invalid account activation credentials.');
} else {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$acode = $owner_dao->getActivationCode($_GET['usr']);
if ($_GET['code'] == $acode['activation_code']) {
$owner = $owner_dao->getByEmail($_GET['usr']);
if (isset($owner) && isset($owner->is_activated)) {
if ($owner->is_activated == 1) {
$controller->addSuccessMessage("You have already activated your account. Please log in.");
} else {
$owner_dao->activateOwner($_GET['usr']);
$controller->addSuccessMessage("Success! Your account has been activated. Please log in.");
}
} else {
$controller->addErrorMessage('Houston, we have a problem: Account activation failed.');
}
} else {
$controller->addErrorMessage('Houston, we have a problem: Account activation failed.');
}
}
return $controller->go();
}
public function control()
{
$config = Config::getInstance();
$this->setViewTemplate('insights.tpl');
$this->addToView('enable_bootstrap', true);
$this->addToView('developer_log', $config->getValue('is_log_verbose'));
if ($this->shouldRefreshCache()) {
if (isset($_GET['u']) && isset($_GET['n']) && isset($_GET['d']) && isset($_GET['s'])) {
$this->displayIndividualInsight();
} else {
if (!$this->displayPageOfInsights()) {
$controller = new LoginController();
return $controller->go();
}
}
if ($this->isLoggedIn()) {
//Populate search dropdown with service users
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$this->addToView('instances', $instance_dao->getByOwner($owner));
}
}
$this->addToView('tpl_path', THINKUP_WEBAPP_PATH . 'plugins/insightsgenerator/view/');
return $this->generateView();
}
/**
* Attempt to log in user via private API key and redirect to specified success or failure URLs based on result
* with msg parameter set.
* Expected $_GET parameters:
* u: email address
* k: private API key
* failure_redir: failure redirect URL
* success_redir: success redirect URL
*/
public function control()
{
$this->disableCaching();
if (!isset($_GET['success_redir']) || !isset($_GET['failure_redir']) || $_GET['success_redir'] == "" || $_GET['failure_redir'] == "") {
if (!isset($_GET['success_redir']) || $_GET['success_redir'] == "") {
$controller = new LoginController(true);
$controller->addErrorMessage('No success redirect specified');
return $controller->go();
}
if (!isset($_GET['failure_redir']) || $_GET['failure_redir'] == "") {
$controller = new LoginController(true);
$controller->addErrorMessage('No failure redirect specified');
return $controller->go();
}
} else {
$this->success_redir = $_GET['success_redir'];
$this->failure_redir = $_GET['failure_redir'];
if (!isset($_GET['u'])) {
$this->fail('User is not set.');
}
if (!isset($_GET['k'])) {
$this->fail('API key is not set.');
}
if ($this->isLoggedIn()) {
Session::logout();
}
$owner_dao = DAOFactory::getDAO('OwnerDAO');
if ($_GET['u'] == '' || $_GET['k'] == '') {
if ($_GET['u'] == '') {
$this->fail("Email must not be empty.");
} else {
$this->fail("API key must not be empty.");
}
} else {
$user_email = $_GET['u'];
if (get_magic_quotes_gpc()) {
$user_email = stripslashes($user_email);
}
$owner = $owner_dao->getByEmail($user_email);
if (!$owner) {
$this->fail("Invalid email.");
} elseif (!$owner->is_activated) {
$error_msg = 'Inactive account.';
$this->fail($error_msg);
// If the credentials supplied by the user are incorrect
} elseif (!$owner_dao->isOwnerAuthorizedViaPrivateAPIKey($user_email, $_GET['k'])) {
$error_msg = 'Invalid API key.';
$this->fail($error_msg);
} else {
// user has logged in sucessfully this sets variables in the session
Session::completeLogin($owner);
$owner_dao->updateLastLogin($user_email);
$owner_dao->resetFailedLogins($user_email);
$owner_dao->clearAccountStatus($user_email);
$this->succeed("Logged in successfully.");
}
}
}
}
public function control()
{
$config = Config::getInstance();
$this->setViewTemplate($this->tpl_name);
$this->addToView('enable_bootstrap', true);
$this->addToView('developer_log', $config->getValue('is_log_verbose'));
$this->addToView('thinkup_application_url', Utils::getApplicationURL());
if ($this->shouldRefreshCache()) {
if (isset($_GET['u']) && isset($_GET['n']) && isset($_GET['d']) && isset($_GET['s'])) {
$this->displayIndividualInsight();
if (isset($_GET['share'])) {
$this->addToView('share_mode', true);
}
} else {
if (!$this->displayPageOfInsights()) {
$controller = new LoginController(true);
return $controller->go();
}
}
if ($this->isLoggedIn()) {
//Populate search dropdown with service users and add thinkup_api_key for desktop notifications.
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('thinkup_api_key', $owner->api_key);
$this->addHeaderJavaScript('assets/js/notify-insights.js');
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instances = $instance_dao->getByOwnerWithStatus($owner);
$this->addToView('instances', $instances);
$saved_searches = array();
if (sizeof($instances) > 0) {
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$saved_searches = $instancehashtag_dao->getHashtagsByInstances($instances);
}
$this->addToView('saved_searches', $saved_searches);
//Start off assuming connection doesn't exist
$connection_status = array('facebook' => 'inactive', 'twitter' => 'inactive', 'instagram' => 'inactive');
foreach ($instances as $instance) {
if ($instance->auth_error != '') {
$connection_status[$instance->network] = 'error';
} else {
//connection exists, so it's active
$connection_status[$instance->network] = 'active';
}
}
$this->addToView('facebook_connection_status', $connection_status['facebook']);
$this->addToView('twitter_connection_status', $connection_status['twitter']);
$this->addToView('instagram_connection_status', $connection_status['instagram']);
}
}
if (Utils::isTest() || date("Y-m-d") == '2015-11-26') {
$this->addInfoMessage("Happy Thanksgiving! We're thankful you're using ThinkUp.");
}
$this->addToView('tpl_path', THINKUP_WEBAPP_PATH . 'plugins/insightsgenerator/view/');
if ($config->getValue('image_proxy_enabled') == true) {
$this->addToView('image_proxy_sig', $config->getValue('image_proxy_sig'));
}
return $this->generateView();
}
public function go()
{
if ($this->isLoggedIn()) {
// If logged in, we go to DashboardController
$controller = new DashboardController();
echo $controller->go();
} else {
// If is not logged in, we go to LoginController
$controller = new LoginController();
echo $controller->go();
}
}
public function control()
{
if ($this->isLoggedIn()) {
switch ($_GET['action']) {
case 'add':
if ($this->checkPermission('add_process')) {
return $this->addProcess();
} else {
// send response as you don't have permission to do the same.
}
break;
case 'view':
if ($this->checkPermission('view_process')) {
return $this->viewProcess();
} else {
// send response as you don't have permission to do the same.
}
break;
case 'modify':
if ($this->checkPermission('modify_process')) {
return $this->modifyProcess();
} else {
echo "not permitted";
exit;
// send response as you don't have permission to do the same.
}
break;
case 'delete':
if ($this->checkPermission('delete_process')) {
return $this->deleteProcess();
} else {
// send response as you don't have permission to do the same.
}
break;
case 'map':
if ($this->checkPermission('map_process')) {
return $this->mapProcess();
} else {
// send response as you don't have permission to do the same.
}
break;
default:
//Some error like url is not ok.
}
} else {
$controller = new LoginController(true);
echo $controller->go();
}
}
public function control()
{
if ($this->isLoggedIn()) {
$config = Config::getInstance();
$this->setViewTemplate($this->tpl_name);
$first_name = SessionCache::get('first_name');
//$first_name = 'Session';
$this->addToView('first_name', $first_name);
//flush();
return $this->generateView();
} else {
$controller = new LoginController(true);
return $controller->go();
}
}
public function control()
{
$response = $this->preAuthControl();
if (!$response) {
return $this->authControl();
if ($this->isLoggedIn()) {
return $this->authControl();
} else {
$controller = new LoginController();
return $controller->go();
//return $this->bounce();
}
} else {
return $response;
}
}
public function control()
{
$session = new Session();
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$this->view_mgr->addHelp('reset', 'userguide/accounts/index');
$this->setViewTemplate('session.resetpassword.tpl');
$this->addHeaderJavaScript('assets/js/jqBootstrapValidation.js');
$this->addHeaderJavaScript('assets/js/validate-fields.js');
$this->disableCaching();
$config = Config::getInstance();
$this->addToView('is_registration_open', $config->getValue('is_registration_open'));
if (!isset($_GET['token']) || !preg_match('/^[\\da-f]{32}$/', $_GET['token']) || !($user = $owner_dao->getByPasswordToken($_GET['token']))) {
// token is nonexistant or bad
$this->addErrorMessage('You have reached this page in error.');
return $this->generateView();
}
if (!$user->validateRecoveryToken($_GET['token'])) {
$this->addErrorMessage('Your token is expired.');
return $this->generateView();
}
if (isset($_POST['password'])) {
if ($_POST['password'] == $_POST['password_confirm']) {
$login_controller = new LoginController(true);
// Try to update the password
if ($owner_dao->updatePassword($user->email, $_POST['password']) < 1) {
$login_controller->addErrorMessage('Problem changing your password!');
} else {
$owner_dao->activateOwner($user->email);
$owner_dao->clearAccountStatus($user->email);
$owner_dao->resetFailedLogins($user->email);
$owner_dao->updatePasswordToken($user->email, '');
$login_controller->addSuccessMessage('You have changed your password.');
}
return $login_controller->go();
} else {
$this->addErrorMessage("Passwords didn't match.");
}
} else {
if (isset($_POST['Submit'])) {
$this->addErrorMessage('Please enter a new password.');
}
}
return $this->generateView();
}
public function authControl()
{
$user_logon = DAOFactory::getDAO('UserLogonDAO');
if (isset($_GET['reason'])) {
$reason = 2;
} else {
$reason = 1;
}
$user_logon->userLogoutUpdate($reason);
Session::logout();
if (!$this->redirectToSternIndiaEndpoint('logout.php')) {
$controller = new LoginController(true);
if ($reason) {
$controller->reason = $reason;
}
$controller->addSuccessMessage("You have successfully logged out.");
return $controller->go();
}
}
public function control()
{
$this->redirectToEmpoddyLabsEndPoint();
$config = Config::getInstance();
if ($this->isLoggedIn()) {
//$user_dao = DAOFactory::getDAO('UserDAO');
foreach ($PROCESS_MAP as $key => $value) {
if ($_GET['action'] == $key) {
if ($this->checkPermission($value['checkPermission'])) {
return $this->{$value['function']}();
} else {
//@TODO set error response denied permission
}
}
}
//@TODO : error response action was not there
$user_dao = DAOFactory::getDAO('UserDAO');
//return $this->addUser($user_dao);
if ($_GET['action'] == 'setup') {
if ($this->checkPermission('client_setup')) {
return $this->clientSetup();
} else {
#code for error message
}
} else {
if ($_GET['action'] == 'add') {
if ($this->checkPermission('client_add')) {
return $this->addClient($user_dao);
} else {
#code for error message
}
}
}
} else {
//return "Here comes the control";
$controller = new LoginController(true);
return $controller->go();
//return $this->addUser($user_dao);
}
}
public function control()
{
$config = Config::getInstance();
$this->setViewTemplate('insights.tpl');
$this->addToView('enable_bootstrap', true);
$this->addToView('developer_log', $config->getValue('is_log_verbose'));
$this->addHeaderJavaScript('assets/js/d3.min.js');
if ($this->shouldRefreshCache()) {
if (isset($_GET['u']) && isset($_GET['n']) && isset($_GET['d']) && isset($_GET['s'])) {
$this->displayIndividualInsight();
} else {
if (!$this->displayPageOfInsights()) {
$controller = new LoginController();
return $controller->go();
}
}
if ($this->isLoggedIn()) {
//Populate search dropdown with service users and add thinkup_api_key for desktop notifications.
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
$this->addToView('thinkup_api_key', $owner->api_key);
$this->addHeaderJavaScript('assets/js/notify-insights.js');
$instance_dao = DAOFactory::getDAO('InstanceDAO');
$instances = $instance_dao->getByOwner($owner);
$this->addToView('instances', $instances);
$saved_searches = array();
if (sizeof($instances) > 0) {
$instancehashtag_dao = DAOFactory::getDAO('InstanceHashtagDAO');
$saved_searches = $instancehashtag_dao->getHashtagsByInstances($instances);
}
$this->addToView('saved_searches', $saved_searches);
}
}
$this->addToView('tpl_path', THINKUP_WEBAPP_PATH . 'plugins/insightsgenerator/view/');
return $this->generateView();
}
public function control()
{
if ($this->isLoggedIn()) {
$location_dao = DAOFactory::getDAO('LocationDAO');
if ($_GET['action'] == 'add') {
if ($this->checkPermission('add_location')) {
return $this->addLocation($location_dao);
} else {
//error response
}
}
if ($_GET['action'] == 'location_suggest') {
return $this->suggestLocation($location_dao);
}
if ($_GET['action'] == 'view') {
return $this->viewLocation($location_dao);
}
if ($_GET['action'] == 'modify') {
if ($this->checkPermission('mod_location')) {
return $this->modifyLocation($location_dao);
} else {
// error response
}
}
if ($_GET['action'] == 'delete') {
if ($this->checkPermission('del_location')) {
return $this->deleteLocation($location_dao);
} else {
// error response
}
}
} else {
$controller = new LoginController(true);
return $controller->go();
}
}
public function testAlreadyLoggedIn()
{
$this->simulateLogin('*****@*****.**');
$controller = new LoginController(true);
$results = $controller->go();
$this->assertPattern('/Logged in as: me@example.com/', $results);
}
public function testValidLoginWithCustomRedirect()
{
$_POST['Submit'] = 'Log In';
$_POST['email'] = '*****@*****.**';
$_POST['pwd'] = 'secretpassword';
$_POST['redirect'] = 'http://example.com/redirect/';
$controller = new LoginController(true);
$results = $controller->go();
$this->debug($controller->redirect_destination);
$this->assertPattern('/example\\.com\\/redirect/', $controller->redirect_destination);
}
public function testOfControllerWithRegistrationClosed()
{
// make sure registration is closed
$bvalues = array('namespace' => OptionDAO::APP_OPTIONS, 'option_name' => 'is_registration_open', 'option_value' => 'false');
$bdata = FixtureBuilder::build('options', $bvalues);
$controller = new LoginController(true);
$result = $controller->go();
$v_mgr = $controller->getViewManager();
$this->assertEqual($v_mgr->getTemplateDataItem('is_registration_open'), false);
$this->assertNoPattern('/Register/', $result);
}
public function testFailedLoginLockout()
{
$hashed_pass = ThinkUpTestLoginHelper::hashPasswordUsingDeprecatedMethod("blah");
$owner = array('id' => 2, 'email' => '*****@*****.**', 'pwd' => $hashed_pass, 'is_activated' => 1);
$builder = FixtureBuilder::build('owners', $owner);
//force login lockout by providing the wrong password more than 10 times
$i = 1;
while ($i <= 11) {
$_POST['Submit'] = 'Log In';
$_POST['email'] = '*****@*****.**';
$_POST['pwd'] = 'blah1';
$controller = new LoginController(true);
$results = $controller->go();
$v_mgr = $controller->getViewManager();
$this->assertEqual($v_mgr->getTemplateDataItem('controller_title'), 'Log in');
$owner = $this->DAO->getByEmail('*****@*****.**');
if ($i < 10) {
$this->assertPattern("/Incorrect password/", $v_mgr->getTemplateDataItem('error_msg'));
$this->assertEqual($owner->failed_logins, $i);
} else {
$this->assertEqual("Inactive account. Account deactivated due to too many failed logins. " . '<a href="forgot.php">Reset your password.</a>', $v_mgr->getTemplateDataItem('error_msg'));
$this->assertEqual($owner->account_status, "Account deactivated due to too many failed logins");
}
$i = $i + 1;
}
}
public function control()
{
$this->redirectToEmpoddyLabsEndPoint();
$config = Config::getInstance();
if ($this->isLoggedIn()) {
//$user_dao = DAOFactory::getDAO('UserDAO');
$user_dao = DAOFactory::getDAO('UserDAO');
switch ($_GET['action']) {
case 'add':
if ($this->checkPermission('add_user')) {
return $this->addUser($user_dao);
} else {
//@TODO: handle not permitted case
}
break;
case 'view':
if ($this->checkPermission('view_user')) {
return $this->viewUser($user_dao);
} else {
//@TODO: handle not permitted case
}
break;
case 'modify':
if ($this->checkPermission('modify_user')) {
return $this->modifyUser($user_dao);
} else {
//@TODO: handle not permitted case
}
break;
case 'delete':
if ($this->checkPermission('delete_user')) {
return $this->deleteUser($user_dao);
} else {
//@TODO: handle not permitted case
}
break;
default:
//@TODO : A error page to be shown
return "You don't have permission to do the same.";
}
} else {
$controller = new LoginController(true);
return $controller->go();
}
}
* The page for calling the Hackademic Login Controller * * Copyright (c) 2012 OWASP * * LICENSE: * * This file is part of Hackademic CMS (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project). * * Hackademic CMS is free software: you can redistribute it and/or modify it under the terms of the GNU General Public * License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any * later version. * * Hackademic CMS is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. * * You should have received a copy of the GNU General Public License along with Hackademic CMS. If not, see * <http://www.gnu.org/licenses/>. * * * @author Pragya Gupta <pragya18nsit[at]gmail[dot]com> * @author Konstantinos Papapanagiotou <conpap[at]gmail[dot]com> * @license http://www.gnu.org/licenses/gpl.html * @copyright 2012 OWASP * */ require_once "../init.php"; require_once HACKADEMIC_PATH . "controller/class.LoginController.php"; $controller = new LoginController(); echo $controller->go();
public function testOfThinkUpLLCRedirect()
{
$config = Config::getInstance();
$config->setValue('thinkupllc_endpoint', 'http://example.com/user/');
$controller = new LoginController(true);
$result = $controller->go();
$this->assertEqual($controller->redirect_destination, 'http://example.com/user/');
}
public function testAlreadyLoggedIn()
{
$this->simulateLogin('*****@*****.**');
$controller = new LoginController(true);
$results = $controller->go();
$this->assertTrue(strpos($results, 'Logged in as: me@example.com') > 0);
}
<?php
/*
* Copyright 2014 Empodex PHP Framework.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @copyright 2014-2015 Empoddy Labs.
* @author Prabhat Shankar <prabhat.singh88[at]gmail.com>
*/
chdir('..');
require_once 'init.php';
$controller = new LoginController();
$result = $controller->go();
//var_dump(Utils::convert($controller->baseMem));
//Profiler::debugPoint(true,__METHOD__, __FILE__, __LINE__, Utils::convert(memory_get_usage(true)));
echo $result;
