Exemplo n.º 1
0
 public function SessionStart()
 {
     common::GetConfig();
     $username = '******';
     $users = gpFiles::Get('_site/users');
     $userinfo = $users[$username];
     $session_id = gpsession::create($userinfo, $username, $sessions);
     $logged_in = gpsession::start($session_id, $sessions);
     self::AssertTrue($logged_in, 'Not Logged In');
 }
Exemplo n.º 2
0
 function LogIn()
 {
     global $dataDir, $langmessage, $gp_internal_redir, $config;
     // check nonce
     // expire the nonce after 10 minutes
     if (!common::verify_nonce('login_nonce', $_POST['login_nonce'], true, 300)) {
         message($langmessage['OOPS'] . ' (Expired Nonce)');
         return;
     }
     if (!isset($_COOKIE['g']) && !isset($_COOKIE[gp_session_cookie])) {
         message($langmessage['COOKIES_REQUIRED']);
         $gp_internal_redir = 'Admin_Main';
         return false;
     }
     //delete the entry in $sessions if we're going to create another one with login
     if (isset($_COOKIE[gp_session_cookie])) {
         gpsession::CleanSession($_COOKIE[gp_session_cookie]);
     }
     include $dataDir . '/data/_site/users.php';
     $username = gpsession::GetLoginUser($users);
     if ($username === false) {
         gpsession::IncorrectLogin('1');
         return false;
     }
     $users[$username] += array('attempts' => 0, 'granted' => '', 'editing' => '');
     $userinfo = $users[$username];
     //Check Attempts
     if ($userinfo['attempts'] >= 5) {
         $timeDiff = (time() - $userinfo['lastattempt']) / 60;
         //minutes
         if ($timeDiff < 10) {
             message($langmessage['LOGIN_BLOCK'], ceil(10 - $timeDiff));
             $gp_internal_redir = 'Admin_Main';
             return false;
         }
     }
     //check against password sent to a user's email address from the forgot_password form
     $passed = false;
     if (!empty($userinfo['newpass']) && gpsession::CheckPassword($userinfo['newpass'])) {
         $userinfo['password'] = $userinfo['newpass'];
         $passed = true;
         //check password
     } elseif (gpsession::CheckPassword($userinfo['password'])) {
         $passed = true;
     }
     //if passwords don't match
     if ($passed !== true) {
         gpsession::IncorrectLogin('2');
         gpsession::UpdateAttempts($users, $username);
         return false;
     }
     //will be saved in UpdateAttempts
     if (isset($userinfo['newpass'])) {
         unset($userinfo['newpass']);
     }
     $session_id = gpsession::create($userinfo, $username);
     if (!$session_id) {
         message($langmessage['OOPS'] . ' (Data Not Saved)');
         gpsession::UpdateAttempts($users, $username, true);
         return false;
     }
     $logged_in = gpsession::start($session_id);
     if ($logged_in === true) {
         message($langmessage['logged_in']);
     } elseif ($logged_in === 'locked') {
         $logged_in = false;
     }
     //need to save the user info regardless of success or not
     //also saves file_name in users.php
     $users[$username] = $userinfo;
     gpsession::UpdateAttempts($users, $username, true);
     return $logged_in;
 }
Exemplo n.º 3
0
 /**
  * Handle admin login/logout/session_start if admin session parameters exist
  *
  */
 function sessions()
 {
     $update_cookies = false;
     $cmd = '';
     if (isset($_GET['cmd']) && $_GET['cmd'] == 'logout') {
         $cmd = 'logout';
     } elseif (isset($_POST['cmd']) && $_POST['cmd'] == 'login') {
         $cmd = $_POST['cmd'];
     } elseif (isset($_COOKIE[gp_session_cookie])) {
         $cmd = 'start';
     } elseif (isset($_COOKIE['gpEasy'])) {
         $_COOKIE[gp_session_cookie] = $_COOKIE['gpEasy'];
         $update_cookies = true;
         $cmd = 'start';
     }
     if (empty($cmd)) {
         return;
     }
     includeFile('tool/sessions.php');
     includeFile('admin/admin_tools.php');
     includeFile('tool/editing.php');
     if ($update_cookies) {
         gpsession::cookie(gp_session_cookie, $_COOKIE['gpEasy']);
         gpsession::cookie('gpEasy', '', time() - 42000);
     }
     switch ($cmd) {
         case 'logout':
             gpsession::LogOut();
             return;
         case 'login':
             gpsession::LogIn();
             return;
     }
     if (isset($_COOKIE[gp_session_cookie])) {
         gpsession::CheckPosts($_COOKIE[gp_session_cookie]);
         gpsession::start($_COOKIE[gp_session_cookie]);
     }
 }