function normalLogin($connect, $email, $password)
{
$id = checkCredentials($connect, $email, $password);
if ($id > 0) {
updateLastLogin($connect, $id);
$response = array();
$response['status'] = 1;
$response['message'] = "Successfully logged in";
$response['user_id'] = $id;
echo json_encode($response);
} else {
showJson(2, "Cannot login\nCheck your Credentials");
}
}
// This check prevents access to debug front controllers that are deployed by accident to production servers.
// Feel free to remove this, extend it, or make something more sophisticated.
// Add Credentials to access to development part
function checkCredentials()
{
$users = array('development' => 'd72749aa617e56fe4dae35f083852653');
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
return false;
}
foreach ($users as $user => $password) {
if ($user == $_SERVER['PHP_AUTH_USER'] && $password == md5($_SERVER['PHP_AUTH_PW'])) {
return true;
}
}
return false;
}
if (isset($_SERVER['HTTP_CLIENT_IP']) || isset($_SERVER['HTTP_X_FORWARDED_FOR']) || !(preg_match('/^(192\\.168\\..*|127\\.0\\.0\\.1|fe80::1|::1)/i', @$_SERVER['REMOTE_ADDR']) || php_sapi_name() === 'cli-server')) {
if (!checkCredentials()) {
header('WWW-Authenticate: Basic realm="Secured Area"');
exit;
}
}
$loader = (require_once __DIR__ . '/../app/bootstrap.php.cache');
Debug::enable();
require_once __DIR__ . '/../app/AppKernel.php';
$kernel = new AppKernel('dev', true);
$kernel->loadClassCache();
$request = Request::createFromGlobals();
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);
$res = mysql_query($query, $link);
if(mysql_affected_rows() > 0){
return True;
}
return False;
}
if(array_key_exists("username", $_REQUEST) and array_key_exists("password", $_REQUEST)) {
$link = mysql_connect('localhost', 'natas27', '<censored>');
mysql_select_db('natas27', $link);
if(validUser($link,$_REQUEST["username"])) {
//user exists, check creds
if(checkCredentials($link,$_REQUEST["username"],$_REQUEST["password"])){
echo "Welcome " . htmlentities($_REQUEST["username"]) . "!<br>";
echo "Here is your data:<br>";
$data=dumpData($link,$_REQUEST["username"]);
print htmlentities($data);
}
else{
echo "Wrong password for user: "******"username"]) . "<br>";
}
}
else {
//user doesn't exist
if(createUser($link,$_REQUEST["username"],$_REQUEST["password"])){
echo "User " . htmlentities($_REQUEST["username"]) . " was created!";
}
}
</head>
<body>
<h1 class="text-centered">Please Login...</h1>
<div class="container">
<form class="form-signin" action="login.php" method="post">
<label for="inputUser" class="sr-only">Username</label>
<input type="text" name="username" id="inputUser" class="form-control" size="10" placeholder="Username" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" size="10" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-clock" type="submit">Login</button>
</form>
<?php
//If the user tried to login....
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if (checkCredentials($username, $password)) {
$_SESSION['loggedin'] = $username;
if (isset($_SESSION['monthlyReportURL'])) {
redirect(basename($_SESSION['monthlyReportURL']));
} else {
redirect("index.php");
}
} else {
echo '<p>Username or password is invalid.</p>';
}
}
?>
</div>
</body>
</html>
function linkSearch($linktype, $search, $pages = "*", $relation = "*", $credentials = false)
{
global $server;
checkCredentials($server, $credentials, 'view', _("HomePage"));
$dbi = WikiDB::open($GLOBALS['DBParams']);
require_once "lib/TextSearchQuery.php";
$pagequery = new TextSearchQuery($pages);
$linkquery = new TextSearchQuery($search);
if ($linktype == 'relation') {
$relquery = new TextSearchQuery($relation);
$links = $dbi->_backend->link_search($pagequery, $linkquery, $linktype, $relquery);
} elseif ($linktype == 'attribute') {
// only numeric search withh attributes!
$relquery = new TextSearchQuery($relation);
require_once "lib/SemanticWeb.php";
// search: "population > 1 million and area < 200 km^2" relation="*" pages="*"
$linkquery = new SemanticAttributeSearchQuery($search, $relation);
$links = $dbi->_backend->link_search($pagequery, $linkquery, $linktype, $relquery);
} else {
// we already do have forward and backlinks as SOAP
$links = $dbi->_backend->link_search($pagequery, $linkquery, $linktype);
}
return $links->asArray();
}
return false;
} else {
return true;
}
}
if (myIsset($_POST['newPass']) && myIsset($_POST['verifyPass']) && $_POST['changePassSubmit'] != 'true') {
if ($_POST['newPass'] == $_POST['verifyPass']) {
echo '';
} else {
echo "Passwords don't match.";
}
} else {
if (myIsset($_POST['currentPass']) && myIsset($_POST['newPass']) && $_POST['changePassSubmit'] == 'true') {
$pass = htmlspecialchars($_POST['currentPass']);
$user = $_SESSION['loggedin'];
if (checkCredentials($user, $pass)) {
$newPass = htmlspecialchars($_POST['newPass']);
if ($newPass == $pass) {
echo 'Your new password must be different from your current password.';
exit;
}
$link = retrieve_mysqli();
$queryString = 'UPDATE user SET salt = ?, hashed_password = ? WHERE username = ?';
// get salt and hash password
mt_srand();
$salt = mt_rand();
$hashPass = generateHash($salt . $newPass);
// query the database
if ($stmt = mysqli_prepare($link, $queryString)) {
//Get the stored salt and hash as $dbSalt and $dbHash
mysqli_stmt_bind_param($stmt, "sss", $salt, $hashPass, $user);
<?php
require 'Authorization.php';
require 'Slim/Slim.php';
\Slim\Slim::registerAutoloader();
$app = new \Slim\Slim();
/*
* Rota para tratar requisições de login
*/
$app->post('/login', function () {
// recupera o body com os dados do login
$user = json_decode(\Slim\Slim::getInstance()->request->getBody());
// verifica se usuário existe no banco de dados
if (checkCredentials($user)) {
//cria e define a chave de autorização se existir
$authorizationKey = generateAuthorizationKey($user->login, $user->password);
\Slim\Slim::getInstance()->response->headers->set('Authorization', $authorizationKey);
echo '{ "message": "success" }';
} else {
// retorna mensagem de erro caso usuário não exista
\Slim\Slim::getInstance()->response->setStatus(401);
echo '{ "message": "invalid credentials", "login": "******", "password": "******" }';
}
});
/*
* Rota que exige autenticação do usuário para acessar
*/
$app->post('/main', function () {
// recupera a chave de autorização
$authorization = \Slim\Slim::getInstance()->request->headers->get("Authorization");
// verifica se a chave é valida
if (isset($_REQUEST['pin'])) {
$posted_pin = $_REQUEST['pin'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
$username = escapeshellcmd($_POST['username']);
$password = '';
if (CONFIG_PASSWORD) {
// The password must not be escaped.
$password = $_POST['userpassword'];
}
if (CONFIG_PIN) {
$posted_pin = escapeshellcmd($_POST['pin']);
$pin = $dbcon->querySingle("SELECT value FROM setting WHERE key = 'pin'");
}
if (CONFIG_PASSWORD && !checkCredentials($username, $password)) {
// Invalid username or password.
} else {
if (CONFIG_PIN && $pin != $posted_pin) {
trace("access denied for user '{$username}', wrong pin {$posted_pin}");
$errtext = _('Invalid PIN.');
} else {
// Successfully checked username, password and PIN.
trace("access granted for user '{$username}'");
$_SESSION['username'] = $username;
$_SESSION['address'] = $dbcon->ipAddress();
$_SESSION['pin'] = $pin;
$_SESSION['starturl'] = CONFIG_START_URL;
$_SESSION['monitor'] = CONFIG_STATIONNAME;
$dbcon->addUser($username, $dbcon->ipAddress(), getDevice());
// Weiterleitung zur geschützten Startseite
<?php
$view = new stdClass();
$view->pageTitle = 'Login';
require_once 'Views/login.phtml';
if (isset($_POST['submit'])) {
$login = new Login();
$validator = $login > checkCredentials($_POST);
if ($validator !== true) {
$view->error = $validator;
}
}
require_once 'Views/login.phtml';
function doFullTextSearch($s, $credentials = false)
{
global $server;
checkCredentials($server, $credentials, 'view', _("FullTextSearch"));
$dbi = WikiDB::open($GLOBALS['DBParams']);
$query = new TextSearchQuery($s);
$page_iter = $dbi->fullSearch($query);
$pages = array();
while ($page = $page_iter->next()) {
$pages[] = array('pagename' => $page->getName());
}
return $pages;
}
<?php
/**
* login.php
* @author HiTechRabbit <*****@*****.**>
* @date 15.02.2016
*/
require_once 'inc/utils.php';
$errors = [];
if (isset($_POST['login']) && isset($_POST['password'])) {
$login = trim(strip_tags($_POST['login']));
$password = trim(strip_tags($_POST['password']));
if (strlen($login) < 5 || strlen($password) < 5) {
$errors[] = "Username and password should be at least 5 characters long";
} else {
$id = checkCredentials($login, $password);
if ($id) {
//Stocke le login dans la session
$_SESSION['id_user'] = $id;
header('Location: index.php');
exit;
} else {
$errors[] = 'Invalid username or password';
}
}
}
// Si déjà connecté, déconnecte et redirige vers la page d'accueil
if (isset($_SESSION['id_user'])) {
//On supprime les variables de session en vidant la superglobale $_SESSION
$_SESSION = array();
session_destroy();
<?php
include_once 'database/users.php';
session_start();
$referer;
if (isset($_COOKIE['redirect'])) {
$referer = $_COOKIE['redirect'];
} else {
$referer = './index.php';
}
if (isset($_POST['login_btn'])) {
if (checkCredentials($_POST['username'], $_POST['password'])) {
$_SESSION['username'] = $_POST['username'];
echo "<script>alert('Login successful')</script>";
} else {
if (isRegistered($_POST['username'])) {
echo "<script>alert('Wrong password!')</script>";
} else {
echo "<script>alert('User is not registered!')</script>";
}
}
header('Location: ' . $referer);
} else {
if (isset($_POST['cancel_btn'])) {
header('Location: ' . $referer);
} else {
echo "<h1>You shouldn't be here</h1>";
}
}
