function CustomerAction() { $request = Slim::getInstance()->request(); $customer = json_decode($request->getBody()); //echo '{"users": ' . json_encode($user) . '}';exit; $token = $customer->access_token; //echo '{"error":{"text":"'.$token.'"}}'; exit; if ($customer->access_token != "") { $status_token = validate_token($customer->access_token); //echo '{"error":{"text":"'.$status_token.'"}}'; exit; if ($status_token == 'valid') { $sql = "INSERT INTO user_profile (firstname, lastname) VALUES ('" . $customer->first_name . "', '" . $customer->last_name . "' )"; $db_host = "127.0.0.1"; $db_user = "******"; $db_pass = ""; $db_name = "myavazone_db"; $db = new DB(); $db->connect($db_host, $db_user, '', false, false, $db_name, 'tbl_'); $res_q = $db->query($sql); echo '{"apidata": "User Added Sucessfully."}'; exit; break; //echo '{"error":{"text":'.mc_encrypt($user->password,$user->key).'}}'; //echo '{"error":{"text":"Token is valid"}}'; } else { echo '{"error":{"text":"Token is not valid"}}'; } } else { echo '{"error":{"text":"Token is NULL"}}'; } /*$user_details=array( 'password_hash' => mc_encrypt('admin@123','d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282') );*/ }
function UserAction() { $request = Slim::getInstance()->request(); $user = json_decode($request->getBody()); //echo '{"users": ' . json_encode($user) . '}';exit; $token = $user->access_token; //echo '{"error":{"text":"'.$token.'"}}'; exit; if ($user->access_token != "") { $status_token = validate_token($user->access_token); //echo '{"error":{"text":"'.$status_token.'"}}'; exit; if ($status_token == 'valid') { //update_token($user->access_token); //echo '{"error":{"text":"'.$user->cmd.'"}}'; exit; switch ($user->cmd) { case 'user_login': $params = array('username' => $user->username); $get_user = GetvalidUserDetails($params); if ($get_user == null) { echo '{"error": "Username and password is invalid"}'; } else { //echo '{"error":{"text":"'.$get_user.'"}}'; exit; //echo '{"error":{"text":'.json_encode($get_user).'}}'; exit; $hash_password = md5($user->password); // echo '{"error":{"text":"'.$get_user->hash_password.'"}}'; exit; // echo '{"error":{"text":"hi"}}'; // echo '{"error":{"text":"'.$get_user->hash_password.'"}}'; exit; if ($hash_password == $get_user->hash_password) { if ($get_user->is_active == "Y") { echo '{"error":"","apidata": ' . json_encode($get_user) . '}'; } else { echo '{"error": "User is not active"}'; } } else { echo '{"error": "password is invalid"}'; } } exit; break; } //echo '{"error":{"text":'.mc_encrypt($user->password,$user->key).'}}'; echo '{"error":{"text":"Token is valid"}}'; } else { echo '{"error":{"text":"Token is not valid"}}'; } } else { echo '{"error":{"text":"Token is NULL"}}'; } /*$user_details=array( 'password_hash' => mc_encrypt('admin@123','d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282') );*/ }
function csrfguard_start() { if (count($_POST)) { if (!isset($_POST['CSRFName']) or !isset($_POST['CSRFToken'])) { die("No CSRFName found, probable invalid request."); } $name = $_POST['CSRFName']; $token = $_POST['CSRFToken']; if (!validate_token($name, $token)) { die("Invalid CSRF token."); } } ob_start(); /* adding double quotes for "inject" to prevent: Notice: Use of undefined constant inject - assumed 'inject' */ register_shutdown_function("inject"); }
public function loginAction(Request $request, Player $me) { if ($me->isValid()) { throw new ForbiddenException("You are already logged in!"); } $query = $request->query; $session = $request->getSession(); $token = $query->get("token"); $username = $query->get("username"); if (!$token || !$username) { throw new BadRequestException(); } // Don't check whether IPs match if we're on a development environment $checkIP = !$this->isDebug(); $info = validate_token($token, $username, array(), $checkIP); if (!isset($info)) { throw new ForbiddenException("There was an error processing your login. Please go back and try again."); } $session->set("username", $info['username']); $session->set("groups", $info['groups']); $redirectToProfile = false; if (!Player::playerBZIDExists($info['bzid'])) { // If they're new, redirect to their profile page so they can add some info $player = Player::newPlayer($info['bzid'], $info['username']); $redirectToProfile = true; } else { $player = Player::getFromBZID($info['bzid']); if ($player->isDeleted()) { $player->setStatus('active'); } } $session->set("playerId", $player->getId()); $player->updateLastLogin(); $player->setUsername($info['username']); Visit::enterVisit($player->getId(), $request->getClientIp(), gethostbyaddr($request->getClientIp()), $request->server->get('HTTP_USER_AGENT'), $request->server->get('HTTP_REFERER')); $this->configPromoteAdmin($player); if ($redirectToProfile) { $profile = Service::getGenerator()->generate('profile_show'); return new RedirectResponse($profile); } else { return $this->goBack(); } }
function validate_session($conn, $token, $workerId, $userAgent) { $results = get_session_data($conn, $token); // If no results, fail. If results, check // If token is expired. if (!$results) { echo 'false'; return false; } else { $timeStart = $results[0]['timeStart']; $timeExpire = $results[0]['timeExpire']; $token_truth = validate_token($token, $workerId, $userAgent, $timeStart); $time_truth = $timeExpire > time(); if ($token_truth && $time_truth) { return true; } } return false; }
public function validateLogin(&$output) { global $config; global $user; // initialise permissions $user->removeAllPermissions(); if (isset($_GET['auth']) === false) { // no auth data -> no login return false; } // load module specific auth helper require dirname(__FILE__) . '/checkToken.php'; if (($this->groups = $config->getValue('login.modules.bzbb.groups')) === false || is_array($this->groups) === false) { // no accepted groups in config -> no login $output = 'config error : no login group was specified.'; return false; } $groupNames = array(); foreach ($this->groups as $group) { $groupNames[] = $group['name']; } unset($group); // validate external login data // parameters supplied by 3rd party weblogin script if (!($this->info = validate_token($_GET['token'], $_GET['username'], $groupNames, !$config->getValue('login.modules.bzbb.disableCheckIP')))) { // login did not work $output = 'Login failed: The returned values could not be validated! ' . 'You may check your username and password and <a href="./">try again</a>.'; return false; } // check if username is not empty or does only consist of whitespace if (strlen(ltrim($this->getName())) === 0) { $output = 'Login failed: Username empty. This is likely a problem with the bzbb api.'; return false; } // code ran successfully return true; }
* */ /* File : cancel.php. * Description: Updates the status file of the relevant FUPS process to * indicate that the user wants the process cancelled. Lets * the user know the result, and directs the user back to * the status page to wait for acknowledgement of cancellation. * Part of the web app functionality of FUPS. */ require_once __DIR__ . '/common.php'; $err = ''; if (!isset($_GET['token'])) { $err = 'Fatal error: I did not detect a URL query parameter "token".'; } else { $token = $_GET['token']; if (validate_token($token, $err)) { $cancellation_filename = make_cancellation_filename($token, $err); if (!@file_put_contents($cancellation_filename, '') === false) { $err = 'A fatal error occurred: failed to write to the cancellation file.'; } } } $page = substr(__FILE__, strlen(FUPS_INC_ROOT)); fups_output_page_start($page, 'FUPS cancellation page: cancel an in-progress task', 'Cancel an in-progress FUPS task.'); global $fups_url_run; if (!$err) { ?> <ul class="fups_listmin"> <li><a href="<?php echo $fups_url_run; ?>
<?php if (isset($_GET['bzbbauth']) && $_GET['bzbbauth']) { require 'checkToken.php'; // initialise permissions $user->removeAllPermissions(); // groups used for permissions // each group can use the fine grained permission system $groups = array('VERIFIED', 'GU-LEAGUE.REFEREES', 'GU-LEAGUE.ADMINS'); $args = explode(',', urldecode($_GET['bzbbauth'])); // $args[0] is token, $args[1] is callsign if (!($info = validate_token($args[0], $args[1], $groups, !$config->getValue('login.modules.bzbb.disableCheckIP')))) { // login did not work, removing permissions not necessary as additional permissions where never granted // after permissions were removed at the beginning of the file $helper->done('<p class="first_p">Login failed: The returned values could not be validated! You may check your username and password.</p>' . "\n" . '<p>Please <a href="./">try again</a>.</p>' . "\n"); } // NOTE: invalid bzid should be set to -1 // assume user is in the // VERIFIED group // because login worked // since we use a global login for auth any user should be in that group $_SESSION['username'] = $info['username']; $external_login_id = $info['bzid']; $_SESSION['bzid'] = $external_login_id; $_SESSION['user_logged_in'] = true; // permissions for private messages $user->setPermission('allow_add_messages'); $user->setPermission('allow_delete_messages'); // server tracker permissions $user->setPermission('allow_watch_servertracker'); // test only for GU-LEAGUE.ADMINS group
$page['title'] = 'Login'; // Read user input if (isset($_GET['token'])) { $input['token'] = $_GET['token']; } if (isset($_GET['username'])) { $input['username'] = $_GET['username']; } // Process data if (isset($input['token'], $input['username'])) { // Send a request to the list server via the CHECKTOKEN action. This will // figure out of this token we received is valid for this use. The fourth // argument (checkIP) is currently set to false since it impairs local // testing. // TODO: Remove the fourth argument, set it to true, or add a config option $results = validate_token($_GET['token'], urldecode($_GET['username']), array($config['imageModeratorGroup']), false); // The BZID must be returned in our response, and it must be greater than 0 if (isset($results['bzid']) && is_numeric($results['bzid']) && $results['bzid'] > 0) { // Assign the bzid and username to our session $_SESSION['bzid'] = $user['bzid'] = $results['bzid']; $_SESSION['username'] = $user['username'] = $results['username']; // If the user is in our moderator group, give them moderator rights if (isset($results['groups']) && in_array($config['imageModeratorGroup'], $results['groups'])) { $_SESSION['moderator'] = $user['moderator'] = true; } else { $_SESSION['moderator'] = $user['moderator'] = false; } // Since they have logged in successfully, we'll redirect them back to // the main page in 5 seconds. $tpl->assign('redirect', array('url' => $config['paths']['baseURL'], 'delay' => 5)); } else {
private static function validate_token() { if (!validate_token($_SESSION['token'])) { die("Unable to validate token, IP address logged for potential attack: " . $_SERVER['REMOTE_ADDR']); } }