function performLogin($credentials, $mysql)
{
$JSONerror->state = 0;
$JSONerror->message = 'Success';
//Connect to MySQL DB
$MySQLConnection = new Mysql($mysql['host'], $mysql['port'], $mysql['user'], $mysql['password'], $mysql['database']);
$MySQLConnection->connect();
if (verifyCredentials($credentials, $MySQLConnection)) {
$userObject = getUserInfo($credentials, $MySQLConnection);
if ($userObject->userValid) {
sessionInit($userObject, false);
echo json_encode($userObject);
} else {
$JSONerror->state = 1;
$JSONerror->message = 'User blocked!';
print_r(json_encode($JSONerror));
}
} else {
$JSONerror->state = 1;
$JSONerror->message = 'Your Password and Username combination does not Match our databse, Sorry';
print_r(json_encode($JSONerror));
}
}
<?php
$conn = null;
require_once '../connections/Connection.php';
echo "<br> <br>";
echo "UserName :"******"NAME"];
echo "<br> <br>";
echo "Password:"******"PASSWORD"];
echo "<br> <br>";
echo "TYPE OF USER:"******"USER"];
echo "<br> <br>";
require_once '../connections/VerifyCredentials.php';
if (verifyCredentials($conn, $_REQUEST["NAME"], $_REQUEST["PASSWORD"])) {
// if credentials are okay then.
session_start();
$_SESSION['NAME'] = $_REQUEST["NAME"];
$_SESSION['USER'] = $_REQUEST["USER"];
if ($_SESSION['USER'] == "Student") {
header('Location: student/index.php');
} else {
header('Location: faculty/index.php');
}
} else {
// if credentials fails =>
header('Location: index.php');
}
if (isset($_POST['action'])) {
/**
* --- Installation ---
* Request to install the nimbusec plugin
*/
if ($_POST['action'] === "installation") {
// -- Continue only if credentials were passed ---
if (isset($_POST['apiKey'], $_POST['apiSecret'])) {
// -- Declare response array --
$resp = array('status' => 0);
$apiKey = htmlentities($_POST['apiKey'], ENT_QUOTES);
$apiSecret = htmlentities($_POST['apiSecret'], ENT_QUOTES);
// -- If $_POST ['apiServer'] then validate for url pattern --
if (verifyString($apiKey) && verifyString($apiSecret)) {
if (!isNimbusecInstalled()) {
if (verifyCredentials($apiKey, $apiSecret)) {
// -- Get access data for WHM API --
$hash = file_get_contents("/root/.accesshash");
$host = gethostname();
$serverAddr = gethostbyname($host);
$whmApi = new WHMAPIClient($hash, $serverAddr);
// -- Install Nimbusec (trigger installation file) --
$res = (require_once "/usr/local/nimbusec/nimbusec/install.php");
if ($res['status']) {
// Set installation flag
$whmApi->setNVData(array(array("NIMBUSEC_INSTALLED", "1")));
// Set credentials
$whmApi->setNVData(array(array("NIMBUSEC_APIKEY", $apiKey), array("NIMBUSEC_APISECRET", $apiSecret)));
array_push($res['content'], "The installation of the nimbusec cPanel / WHM has been finished successfully.");
} else {
array_push($res['content'], "The installation of the nimbusec cPanel / WHM plugin has been aborted suddenly. It is advised to review the nimbusec logs files to find possible causes.");
$htmloutput = false;
header("Content-type: text/plain");
} else {
$htmloutput = true;
}
if ($user !== NULL) {
if ($htmloutput) {
$db = getAuthDb();
showSuccessScreen($db, $user);
} else {
echo "login:{$user}\n";
}
} elseif (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
if ($db = getAuthDb()) {
error_log(__FILE__ . ": Got a database connection");
if (verifyCredentials($db, $_REQUEST['username'], $_REQUEST['password']) === True) {
error_log(__FILE__ . ": verified credentials");
$authtoken = getauthtoken($db, $_REQUEST['username'], $_SERVER["REMOTE_ADDR"]);
$cookieexpire = time() + $MAXTOKENLIFETIME;
if (isset($_SERVER['HTTP_HOST'])) {
$host = $_SERVER['HTTP_HOST'];
$secure = $host != 'localhost';
if (!$secure) {
$host = NULL;
}
} else {
$host = 'darwin.bournemouth.ac.uk';
$secure = TRUE;
}
error_log(__FILE__ . ": The host for the cookie has been determined as '{$host}'");
setrawcookie($DARWINCOOKIENAME, $authtoken, $cookieexpire, '/', $host, $secure);
error_reporting(E_ALL);
ini_set('display_errors', 'On');
require_once '../lib/common.php';
require_once '../lib/authadmin.php';
$AUTHONLY = !isset($_POST["pubkey"]);
if (!(isset($_POST["username"]) && isset($_POST["password"]))) {
handleError("insufficient credentials", 403, "Forbidden");
}
$USERNAME = $_POST["username"];
$PASSWORD = $_POST["password"];
$DB = getAuthDb();
if ($DB === NULL) {
handleError("Database connection error", 500);
}
$DB->autocommit(FALSE);
if (verifyCredentials($DB, $USERNAME, $PASSWORD) !== True) {
handleError("Invalid credentials", 403, "Forbidden");
exit;
// Exit just for certainty. HandleError should have exited already.
}
if ($AUTHONLY) {
header("HTTP/1.1 200 Created");
header("Content-type: text/plain");
print "authenticated {$USERNAME}\n";
exit;
}
// Now we are authenticated. Now add the key
if (isset($_POST["id"])) {
$REQUESTKEYID = $_POST["id"];
}
$PUBKEY = normalizebase64($_POST["pubkey"]);
}
$db = getAuthDb();
if ($db === NULL) {
handleError("Could not connect to the database");
}
if (isset($resettoken) && isset($requestuser)) {
if (verifyResetToken($db, $requestuser, $resettoken)) {
$user = $requestuser;
} else {
handleError("The given reset token is invalid or expired");
exit;
}
} elseif (is_admin() && isset($requestuser)) {
$user = $actualuser;
} else {
if (verifyCredentials($db, $user, $password) !== True) {
showChangeScreen("Your password is incorrect");
exit;
}
}
if ($newpassword !== $newpassword2) {
showChangeScreen("The new passwords do not match");
exit;
}
if (strlen($newpassword) < 6) {
showChangeScreen("The new passwords must be at least 6 characters long");
exit;
}
$db->autocommit(FALSE);
updateCredentials($db, $user, $newpassword);
$db->close();
$dbRoleId = $users->Role_ID;
$dbCostumerId = $users->Costumer_ID;
$user = new User($dbUsername);
$user->setPassword($dbPassword);
$user->setRoleId($dbRoleId);
$user->setCostumerId($dbCostumerId);
}
if ($user != null) {
if (strtolower($user->getUsername()) == strtolower($username) && $user->getPassword() == $password) {
$_SESSION["user"] = $user;
header("Location: ../index.php");
}
}
}
if (isset($_POST["username"]) && isset($_POST["password"])) {
if ($_POST["username"] == "Username" && $_POST["password"] == "Password") {
echo "hello";
exit;
}
require_once "../DBInterface/loginDB.php";
require_once "./user.inc.php";
$username = $_POST["username"];
$password = $_POST["password"];
verifyCredentials($username, $password);
}
if (!isset($_SESSION["user"])) {
echo "<html><body>Wrong credentials provided<br />";
echo "<a href='../index.php'>Back to Login</a>";
echo "</body></html>";
exit;
}
