/** * @desc login with user and password * * @param $username(String) the username * @param $password(String) the password * * @access public */ function login($username, $password) { if ($username == "admin" && $password == "nimda") { Authenticate::login("admin", "administrator"); return true; } else { if ($username == "user" && $password == "resu") { Authenticate::login("user", "user"); return true; } } return false; }
<?php include_once 'classes/Authenticate.class.php'; $auth = false; // Assume user is not authenticated $user = $_SERVER['PHP_AUTH_USER']; $pwd = $_SERVER['PHP_AUTH_PW']; if (isset($user) && isset($pwd)) { $login = new Authenticate(); $username = $login->login($user, $pwd); if ($username !== false) { $auth = true; } } if (!$auth) { header('Cache-Control: no-cache'); Header('Pragma: no-cache'); Header('Expires: Sat, Jan 01 2000 01:01:01 GMT'); header('WWW-Authenticate: Basic realm=AQ Intranet'); header('HTTP/1.0 401 Unauthorized'); echo "<H2>Authorization Required.</H2>\n"; echo "<BR><BR>Click <A HREF=\"javascript:history.back(-1)\">here</A> to go back.\n"; exit; }
} $email = $_POST['email']; $password = $_POST['password']; if (!preg_match('/^([\\w\\!\\#$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`{\\|\\}\\~]+\\.)*[\\w\\!\\#$\\%\\&\'\\*\\+\\-\\/\\=\\?\\^\\`{\\|\\}\\~]+@((((([a-z0-9]{1}[a-z0-9\\-]{0,62}[a-z0-9]{1})|[a-z])\\.)+[a-z]{2,6})|(\\d{1,3}\\.){3}\\d{1,3}(\\:\\d{1,5})?)$/i', $email)) { $msg = 'Invalid email address'; return; } if (empty($password)) { $msg = 'You need to enter a password'; return; } if (strlen($password) > 72) { $msg = 'The supplied password is too long'; return; } $login = $auth->login($email, $password); if ($login > 0) { $verified = $auth->isVerified($login['id']); if (empty($verified)) { $msg = 'You have not confirmed your email address'; return; } $auth->validateUser($login); event::fire('USER_LOGIN'); if (!empty($dest)) { header('Location: ' . $dest); } else { header("Location: index.php"); } die; }
} } else { //user is loged in but not accsessing any particular page/view, view not set go_homeforlogedin(); } $msg = isset($_GET['loginerrorfeed']) ? $_GET["loginerrorfeed"] : ""; $smarty->assign("message", $msg); $smarty->display("index.tpl"); } //end else user is loged in and making request if (isset($_POST["submit"])) { $username = htmlentities(htmlspecialchars($_POST["username"])); $password = htmlentities(htmlspecialchars($_POST["password"])); if (!empty($username) && !empty($password)) { // echo $username.$password.$logintype; $reply = $auth->login($username, $password); if ($reply == 1) { header("Location:../melnet/?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" Invalid username and password combination! ::.."))); } else { if ($reply == 2) { header("Location:../melnet/?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" User-is-Temporary-Disabled! ::.."))); } else { if ($reply == 3) { header("Location:../melnet/?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" User have not verified Registration! ::.."))); } else { if ($reply == 0) { header("Location:../melnet/index.php?sid=" . $_SESSION['user_id'] . "&token=" . ($token = $_SESSION['token'] . "&loginerrorfeed=" . rawurlencode(" Login Successful! ::.."))); } } } }
$department = htmlspecialchars(trim($_POST['department'])); $emailid = htmlspecialchars(trim($_POST['emailid'])); $password = htmlspecialchars(trim($_POST['password'])); $secureid = htmlspecialchars(trim($_POST['secureid'])); $contactnumber = htmlspecialchars(trim($_POST['contactnumber'])); $fields = array($name, $department, $emailid, $password, $secureid, $contactnumber); // check if the secure id entered is "14300" if yes then set the user type to student else admin if (Authenticate::areFieldsFilled($fields)) { if (User::isValidUser($secureid)) { $type = User::getUserType($secureid); //register the user $isRegistrationSuccessful = User::register($name, $emailid, $department, $contactnumber, $type, $password); if ($isRegistrationSuccessful === DatabaseManager::PRIMARY_KEY_VIOLATED) { $status = "Email Id already Exists!"; } elseif ($isRegistrationSuccessful === DatabaseManager::INSERT_SUCCESS) { if (Authenticate::login($emailid, $password)) { Authenticate::redirect(); } } else { $status = $isRegistrationSuccessful; } } else { $status = 'Invalid secure Id'; } } else { $status = 'Please fill up the form correctly!'; } } ?>
margin-left : 0px; margin-top : 0px; } </style> </head> <body> <?php if ($values['cmd'] == "login") { // Check if login works //$user = new User($values['username']); // Store the user name as a session variable //$loginRes = user_login($values['username'], $values['password'], $auth); $auth = new Authenticate(); $loginRes = $auth->login($values['username'], $values['password']); if ($loginRes == FALSE) { print_error("<b>Unable to authenticate user.</b><br/>Ensure user name and password is correct. Both are case sensitive.", "info"); //echo "Ensure user name and password is correct. Both are case sensitive.<br/>\n"; } //echo "Click <a href=\"" . $_SERVER['PHP_SELF'] . "\">here</a> to continue.<br/>\n"; //die(); } if ($values['cmd'] == "logout") { //user_logout(); $auth = new Authenticate(); $auth->logout(); echo "Logging out user '" . $_SESSION['username'] . "'.<br/>\n"; echo "Click <a href=\"index.php\">here</a> to continue.<br/>\n"; //die(); ?>
/** * Security action checks that the caller has the credentials to run the remote methods */ function securityAction(&$amfbody) { $check = true; if (!$amfbody->noExec) { $classConstruct =& $amfbody->getClassConstruct(); $methodName = $amfbody->methodName; $className = $amfbody->className; if ($methodName == "_authenticate") { if (method_exists($classConstruct, "_authenticate")) { $credentials = $amfbody->getValue(); //Fix for error in _authenticate //Pass throught the executive $roles = Executive::doMethodCall($amfbody, $classConstruct, '_authenticate', array($credentials['userid'], $credentials['password'])); if ($roles !== '__amfphp_error' && $roles !== false && $roles !== "") { Authenticate::login($credentials['userid'], $roles); return false; } else { Authenticate::logout(); return false; } } else { $ex = new AMFException(E_USER_ERROR, "The _authenticate method was not found in the " . $className . " class", __FILE__, __LINE__, "AMFPHP_AUTHENTICATE_NOT_FOUND"); AMFException::throwException($amfbody, $ex); return false; } } //else //Check for gateway restrictions $methodRecord = $classConstruct->methodTable[$methodName]; // create a shortcut for the ugly path $instanceName = $GLOBALS['amfphp']['instanceName']; if (isset($instanceName) && isset($methodRecord['instance'])) { // see if we have an instance defined if ($instanceName != $methodRecord['instance']) { // if the names don't match die $ex = new AMFException(E_USER_ERROR, "The method {" . $methodName . "} instance name does not match this gateway's instance name.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_MISMATCH"); AMFException::throwException($amfbody, $ex); return false; } } else { if (isset($methodRecord['instance'])) { // see if the method has an instance defined if ($instanceName != $methodRecord['instance']) { // if the names don't match die $ex = new AMFException(E_USER_ERROR, "The restricted method {" . $methodName . "} is not allowed through a non-restricted gateway.", __FILE__, __LINE__, "AMFPHP_INSTANCE_NAME_RESTRICTION"); AMFException::throwException($amfbody, $ex); return false; } } } if (!isset($methodRecord['access']) || strtolower($methodRecord['access']) != "remote") { // make sure we can remotely call it $ex = new AMFException(E_USER_ERROR, "ACCESS DENIED: The method {" . $methodName . "} has not been declared a remote method.", __FILE__, __LINE__, "AMFPHP_METHOD_NOT_REMOTE"); AMFException::throwException($amfbody, $ex); return false; } if (isset($methodRecord['roles']) && !Authenticate::isUserInRole($methodRecord['roles'])) { $ex = new AMFException(E_USER_ERROR, "This user is not does not have access to {" . $methodName . "}.", __FILE__, __LINE__, "AMFPHP_AUTH_MISMATCH"); AMFException::throwException($amfbody, $ex); return false; } } return true; }
<?php include '../includes/Authenticate.php'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) { if (!empty($_POST['useremail']) && !empty($_POST['password'])) { $useremail = htmlspecialchars($_POST['useremail']); $password = htmlspecialchars($_POST['password']); //validate user and password from the database if (Authenticate::login($useremail, $password)) { Authenticate::redirect(); unset($status); } else { $status = 'Invalid Login Credentials !'; } } else { //the user has submitted empty form .Notify :Empty Form Submitted $status = 'Empty Form Submitted!'; } } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Gnooble: Login</title> <link href='http://fonts.googleapis.com/css?family=Open+Sans:700,300,600,400' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="../assets/css/bootstrap.min.css"> <link rel="stylesheet" href="../assets/css/main.css"> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
<?php if (!isset($_SESSION)) { session_start(); } define('__ROOT__', dirname(dirname(__FILE__))); define('__BASENAME__', basename(__ROOT__)); require_once __ROOT__ . '/modules/Authenticate.class.php'; $email = !isset($_POST['email']) ? "" : $_POST['email']; $password = !isset($_POST['password']) ? "" : $_POST['password']; $authObj = new Authenticate(); $authObj->login($email, $password);
$data = json_decode($app->request->getBody()); $user_id = UsersAPI::post($database, $data); echo $user_id; }); // update user $app->put('/api/users', function () use($app, $database) { }); // delete user $app->delete('/api/users', function () use($app, $database) { }); /* * LOGIN route, handles login * based on given username and password */ $app->post('/login', function () use($app, $database) { $credentials = json_decode($app->request->getBody()); // log in the user with given credentials $loginStatus = Authenticate::login($credentials, $database); // return the succes/error state to javascript echo json_encode($loginStatus); }); /* * REGISTER route, handles registration */ $app->post('/register', function () use($app, $database) { $data = json_decode($app->request->getBody()); $user_id = UsersAPI::post($database, $data); echo json_encode($user_id); }); // Run Slim app $app->run();
session_start(); //session_id()=session_id(); //login script include $_SERVER["DOCUMENT_ROOT"] . '/admin/classes/classes.php'; // Include local class lib $log = new log($_SERVER["PHP_SELF"]); if ($_GET['logout'] == '1') { $sess = new SessionData(); // Creates session object $sess->Logout(); } if ($_SERVER['REQUEST_METHOD'] == "POST") { // Creates session object $auth = new Authenticate(); extract($_POST); if ($auth->login($email, $pass)) { header('Location: index.php'); } else { $error = "<p class='red'>Invalid email or password.</p>"; } } ?> <style> .title { color:#000000; font-Family: Tahoma, Arial, Helvetica, sans-serif; font-size: 18px; font-weight: bold; text-decoration:none;