public function control()
 {
     $output = "";
     $authorized = false;
     if (isset($this->argc) && $this->argc > 1) {
         // check for CLI credentials
         $session = new Session();
         $username = $this->argv[1];
         if ($this->argc > 2) {
             $pw = $this->argv[2];
         } else {
             $pw = getenv('THINKUP_PASSWORD');
         }
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         $owner = $owner_dao->getByEmail($username);
         if ($owner_dao->isOwnerAuthorized($username, $pw)) {
             $authorized = true;
             Session::completeLogin($owner);
         } else {
             $output = "ERROR: Incorrect username and password.";
         }
     } else {
         // check user is logged in on the web
         if ($this->isLoggedIn()) {
             $authorized = true;
         } else {
             $output = "ERROR: Invalid or missing username and password.";
         }
     }
     if ($authorized) {
         $crawler = Crawler::getInstance();
         $crawler->crawl();
     }
     return $output;
 }
 public function control()
 {
     $this->setPageTitle('Log in');
     $this->setViewTemplate('session.login.tpl');
     $this->view_mgr->addHelp('login', 'userguide/accounts/index');
     $this->disableCaching();
     //don't show login form if already logged in
     if ($this->isLoggedIn()) {
         $controller = new DashboardController(true);
         return $controller->go();
     } else {
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
             if ($_POST['email'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['email'] == '') {
                     $this->addErrorMessage("Email must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $user_email = $_POST['email'];
                 if (get_magic_quotes_gpc()) {
                     $user_email = stripslashes($user_email);
                 }
                 $this->addToView('email', $user_email);
                 $owner = $owner_dao->getByEmail($user_email);
                 if (!$owner) {
                     $this->addErrorMessage("Incorrect email");
                     return $this->generateView();
                 } elseif (!$owner->is_activated) {
                     $this->addErrorMessage("Inactive account. " . $owner->account_status . ". " . '<a href="forgot.php">Reset your password.</a>');
                     return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $owner_dao->getPass($user_email))) {
                     //failed login
                     if ($owner->failed_logins >= 10) {
                         $owner_dao->deactivateOwner($user_email);
                         $owner_dao->setAccountStatus($user_email, "Account deactivated due to too many failed logins");
                     }
                     $owner_dao->incrementFailedLogins($user_email);
                     $this->addErrorMessage("Incorrect password");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($owner);
                     $owner_dao->updateLastLogin($user_email);
                     $owner_dao->resetFailedLogins($user_email);
                     $owner_dao->clearAccountStatus('');
                     $controller = new DashboardController(true);
                     return $controller->control();
                 }
             }
         } else {
             return $this->generateView();
         }
     }
 }
 /**
  * @return string
  */
 public function control()
 {
     $output = "";
     $authorized = false;
     if (isset($this->argc) && $this->argc > 2) {
         // check for CLI credentials
         $session = new Session();
         $streamer_method = $this->argv[1];
         $username = $this->argv[2];
         if ($this->argc > 3) {
             $pw = $this->argv[3];
         } else {
             $pw = getenv('THINKUP_PASSWORD');
         }
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         $owner = $owner_dao->getByEmail($username);
         $passcheck = $owner_dao->getPass($username);
         if ($session->pwdCheck($pw, $passcheck)) {
             $authorized = true;
             Session::completeLogin($owner);
         } else {
             $output = "ERROR: Incorrect username and password.";
         }
     } else {
         // check user is logged in on the web
         if ($this->isLoggedIn()) {
             $authorized = true;
         } else {
             $output = "ERROR: Invalid or missing stream method, username, and password.";
         }
     }
     if ($authorized) {
         $streamer = Streamer::getInstance();
         // print "have streamer method: $streamer_method\n";
         switch ($streamer_method) {
             case 'stream':
                 $streamer->stream();
                 break;
             case 'streamProcess':
                 $streamer->streamProcess();
                 break;
             case 'shutdownStreams':
                 $streamer->shutdownStreams();
                 break;
             default:
                 $output = "Error: could not identify stream method to run.";
         }
     }
     return $output;
 }
 /**
  * Checks if the authorization tokens (username & API secret) are valid or not, and allow the request if they are.
  * If there are no authorization tokens, the request could be allowed if a valid session is found.
  */
 public function control()
 {
     if ($this->isAPICallValid()) {
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         $owner = $owner_dao->getByEmail($this->getLoggedInUser());
         Session::completeLogin($owner);
         return $this->authControl();
     }
     $as = $this->getAPISecretFromRequest();
     if (empty($as) && $this->isLoggedIn()) {
         return $this->authControl();
     }
     $this->setContentType("text/plain; charset=UTF-8");
     throw new UnauthorizedUserException("Unauthorized API call");
 }
Пример #5
0
 public function control()
 {
     $this->setPageTitle('Log in');
     $this->setViewTemplate('session.login.tpl');
     $this->disableCaching();
     //don't show login form if already logged in
     if ($this->isLoggedIn()) {
         $controller = new DashboardController(true);
         return $controller->go();
     } else {
         $od = DAOFactory::getDAO('OwnerDAO');
         if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
             if ($_POST['email'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['email'] == '') {
                     $this->addErrorMessage("Email must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $user_email = $_POST['email'];
                 $this->addToView('email', $user_email);
                 $owner = $od->getByEmail($user_email);
                 if (!$owner) {
                     $this->addErrorMessage("Incorrect email");
                     return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $od->getPass($user_email))) {
                     $this->addErrorMessage("Incorrect password");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($owner);
                     $od->updateLastLogin($user_email);
                     $controller = new DashboardController(true);
                     return $controller->control();
                 }
             }
         } else {
             return $this->generateView();
         }
     }
 }
 /**
  * Checks if the authorization tokens (username & API secret) are valid or not, and allow the request if they are.
  * If there are no authorization tokens, the request could be allowed if a valid session is found.
  */
 public function control()
 {
     $owner = $this->isAPICallValid();
     if ($owner) {
         Session::completeLogin($owner);
         return $this->authControl();
     }
     $as = $this->getAPISecretFromRequest();
     if (empty($as) && $this->isLoggedIn()) {
         return $this->authControl();
     }
     // Assume if no API key is set, that it's a regular HTML page request
     if (empty($as)) {
         parent::control();
     } else {
         $this->setContentType("text/plain; charset=UTF-8");
         throw new UnauthorizedUserException("Unauthorized API call");
     }
 }
Пример #7
0
 public function go()
 {
     $this->setViewTemplate('admin_login.tpl');
     $this->addPageTitle('Log in');
     if ($this->isLoggedIn()) {
         header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/dashboard.php");
     } else {
         if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) {
             if ($_POST['username'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['username'] == '') {
                     $this->addErrorMessage("Username must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $username = $_POST['username'];
                 $this->addToView('username', $username);
                 $user = User::findByUsername($username);
                 if (!$user) {
                     $this->addErrorMessage("Incorrect username");
                     return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) {
                     $this->addErrorMessage("Incorrect password");
                     return $this->generateView();
                 } elseif (!$user->type) {
                     $this->addErrorMessage("You are not an administrator");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($user);
                     header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/login.php");
                 }
             }
         } else {
             $this->addPageTitle('Log in');
             return $this->generateView();
         }
     }
 }
Пример #8
0
 public function go()
 {
     $this->setViewTemplate('landingpage.tpl');
     $this->addPageTitle('Log in');
     if ($this->isLoggedIn()) {
         $controller = new LandingPageController();
         return $controller->go();
     } else {
         if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) {
             if ($_POST['username'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['username'] == '') {
                     $this->addErrorMessage("Username must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $username = $_POST['username'];
                 $this->addToView('username', $username);
                 $user = User::findByUsername($username);
                 if (!$user) {
                     header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=username");
                     //return $this->generateView();
                 } elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) {
                     header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=password");
                     return $this->generateView();
                 } else {
                     // this sets variables in the session
                     $session->completeLogin($user);
                     header('Location:' . SOURCE_ROOT_PATH . "pages/home.php");
                 }
             }
         } else {
             $this->addPageTitle('Log in');
             return $this->generateView();
         }
     }
 }
Пример #9
0
 public function testCompleteLoginAndIsLoggedInIsAdmin()
 {
     $val = array();
     $val["id"] = 10;
     $val["user_name"] = 'testuser';
     $val["full_name"] = 'Test User';
     $val['email'] = '*****@*****.**';
     $val['last_login'] = '******';
     $val["is_admin"] = 0;
     $val["is_activated"] = 1;
     $val["failed_logins"] = 0;
     $val["account_status"] = '';
     $owner = new Owner($val);
     $session = new Session();
     $session->completeLogin($owner);
     $this->assertTrue(Session::isLoggedIn());
     $this->assertFalse(Session::isAdmin());
     $val = array();
     $val["id"] = 11;
     $val["user_name"] = 'testuser';
     $val["full_name"] = 'Test User2';
     $val['email'] = '*****@*****.**';
     $val['last_login'] = '******';
     $val["is_admin"] = 1;
     $val["is_activated"] = 1;
     $val["failed_logins"] = 0;
     $val["account_status"] = '';
     $owner = new Owner($val);
     $session->completeLogin($owner);
     $this->assertTrue(Session::isLoggedIn());
     $this->assertTrue(Session::isAdmin());
     $this->assertEqual(Session::getLoggedInUser(), '*****@*****.**');
 }
Пример #10
0
 public function control()
 {
     $this->setPageTitle('Log in');
     $this->setViewTemplate('session.login.tpl');
     $this->view_mgr->addHelp('login', 'userguide/accounts/index');
     $this->disableCaching();
     //don't show login form if already logged in
     if ($this->isLoggedIn()) {
         $controller = new DashboardController(true);
         return $controller->go();
     } else {
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
             if ($_POST['email'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['email'] == '') {
                     $this->addErrorMessage("Email must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $user_email = $_POST['email'];
                 if (get_magic_quotes_gpc()) {
                     $user_email = stripslashes($user_email);
                 }
                 $this->addToView('email', $user_email);
                 $owner = $owner_dao->getByEmail($user_email);
                 if (!$owner) {
                     $this->addErrorMessage("Incorrect email");
                     return $this->generateView();
                 } elseif (!$owner->is_activated) {
                     $error_msg = 'Inactive account. ';
                     if ($owner->failed_logins == 0) {
                         $error_msg .= '<a href="http://thinkupapp.com/docs/install/install.html#activate-your-account">' . 'You must activate your account.</a>';
                     } elseif ($owner->failed_logins == 10) {
                         $error_msg .= $owner->account_status . '. <a href="forgot.php">Reset your password.</a>';
                     }
                     $this->addErrorMessage($error_msg);
                     return $this->generateView();
                     // If the credentials supplied by the user are incorrect
                 } elseif (!$owner_dao->isOwnerAuthorized($user_email, $_POST['pwd'])) {
                     $error_msg = 'Incorrect password';
                     if ($owner->failed_logins == 9) {
                         // where 9 represents the 10th attempt!
                         $owner_dao->deactivateOwner($user_email);
                         $status = 'Account deactivated due to too many failed logins';
                         $owner_dao->setAccountStatus($user_email, $status);
                         $error_msg = 'Inactive account. ' . $status . '. <a href="forgot.php">Reset your password.</a>';
                     }
                     $owner_dao->incrementFailedLogins($user_email);
                     $this->addErrorMessage($error_msg);
                     return $this->generateView();
                 } else {
                     // user has logged in sucessfully this sets variables in the session
                     $session->completeLogin($owner);
                     $owner_dao->updateLastLogin($user_email);
                     $owner_dao->resetFailedLogins($user_email);
                     $owner_dao->clearAccountStatus($user_email);
                     $controller = new DashboardController(true);
                     return $controller->go();
                 }
             }
         } else {
             return $this->generateView();
         }
     }
 }
Пример #11
0
}
$db = new Database($THINKTANK_CFG);
$conn = $db->getConnection();
$od = new OwnerDAO($db);
$user_email = mysql_real_escape_string($_POST['email']);
$s = new SmartyThinkTank();
$s->caching = false;
if ($_POST['Submit'] == 'Login') {
    $result = $od->getForLogin($user_email);
    if (!$result) {
        header("Location: login.php?emsg=Invalid+email+or+password");
    } elseif (!$session->pwdCheck($_POST['pwd'], $result['pwd'])) {
        header("Location: login.php?emsg=Incorrect+email+or+password");
    } else {
        // this sets variables in the session
        $session->completeLogin($result);
        $od->updateLastLogin($user_email);
        if (isset($_GET['ret']) && !empty($_GET['ret'])) {
            header("Location: {$_GET['ret']}");
        } else {
            header("Location: " . $THINKTANK_CFG['site_root_path']);
        }
        exit;
    }
}
if (isset($_GET["emsg"])) {
    $emsg = $_GET["emsg"];
}
if (isset($_GET["smsg"])) {
    $smsg = $_GET["smsg"];
}
 /**
  * Attempt to log in user via private API key and redirect to specified success or failure URLs based on result
  * with msg parameter set.
  * Expected $_GET parameters:
  * u: email address
  * k: private API key
  * failure_redir: failure redirect URL
  * success_redir: success redirect URL
  */
 public function control()
 {
     $this->disableCaching();
     if (!isset($_GET['success_redir']) || !isset($_GET['failure_redir']) || $_GET['success_redir'] == "" || $_GET['failure_redir'] == "") {
         if (!isset($_GET['success_redir']) || $_GET['success_redir'] == "") {
             $controller = new LoginController(true);
             $controller->addErrorMessage('No success redirect specified');
             return $controller->go();
         }
         if (!isset($_GET['failure_redir']) || $_GET['failure_redir'] == "") {
             $controller = new LoginController(true);
             $controller->addErrorMessage('No failure redirect specified');
             return $controller->go();
         }
     } else {
         $this->success_redir = $_GET['success_redir'];
         $this->failure_redir = $_GET['failure_redir'];
         if (!isset($_GET['u'])) {
             $this->fail('User is not set.');
         }
         if (!isset($_GET['k'])) {
             $this->fail('API key is not set.');
         }
         if ($this->isLoggedIn()) {
             Session::logout();
         }
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         if ($_GET['u'] == '' || $_GET['k'] == '') {
             if ($_GET['u'] == '') {
                 $this->fail("Email must not be empty.");
             } else {
                 $this->fail("API key must not be empty.");
             }
         } else {
             $user_email = $_GET['u'];
             if (get_magic_quotes_gpc()) {
                 $user_email = stripslashes($user_email);
             }
             $owner = $owner_dao->getByEmail($user_email);
             if (!$owner) {
                 $this->fail("Invalid email.");
             } elseif (!$owner->is_activated) {
                 $error_msg = 'Inactive account.';
                 $this->fail($error_msg);
                 // If the credentials supplied by the user are incorrect
             } elseif (!$owner_dao->isOwnerAuthorizedViaPrivateAPIKey($user_email, $_GET['k'])) {
                 $error_msg = 'Invalid API key.';
                 $this->fail($error_msg);
             } else {
                 // user has logged in sucessfully this sets variables in the session
                 Session::completeLogin($owner);
                 $owner_dao->updateLastLogin($user_email);
                 $owner_dao->resetFailedLogins($user_email);
                 $owner_dao->clearAccountStatus($user_email);
                 $this->succeed("Logged in successfully.");
             }
         }
     }
 }
Пример #13
0
 public function control()
 {
     if (isset($_GET['redirect'])) {
         $this->redirectToThinkUpLLCEndpoint($page = null, $redirect = $_GET['redirect']);
     } else {
         $this->redirectToThinkUpLLCEndpoint();
     }
     $this->setPageTitle('Log in');
     $this->setViewTemplate('session.login.tpl');
     $this->view_mgr->addHelp('login', 'userguide/accounts/index');
     $this->disableCaching();
     // set var for open registration
     $config = Config::getInstance();
     $is_registration_open = $config->getValue('is_registration_open');
     $this->addToView('is_registration_open', $is_registration_open);
     // Set successful login redirect destination
     if (isset($_GET['redirect'])) {
         $this->addToView('redirect', $_GET['redirect']);
     }
     // If form has been submitted
     if (isset($_POST['redirect'])) {
         $this->addToView('redirect', $_POST['redirect']);
     }
     //don't show login form if already logged in
     if ($this->isLoggedIn()) {
         $controller = new InsightStreamController(true);
         return $controller->go();
     } else {
         $owner_dao = DAOFactory::getDAO('OwnerDAO');
         if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
             if ($_POST['email'] == '' || $_POST['pwd'] == '') {
                 if ($_POST['email'] == '') {
                     $this->addErrorMessage("Email must not be empty");
                     return $this->generateView();
                 } else {
                     $this->addErrorMessage("Password must not be empty");
                     return $this->generateView();
                 }
             } else {
                 $session = new Session();
                 $user_email = $_POST['email'];
                 if (get_magic_quotes_gpc()) {
                     $user_email = stripslashes($user_email);
                 }
                 $this->addToView('email', $user_email);
                 $owner = $owner_dao->getByEmail($user_email);
                 if (!$owner) {
                     $this->addErrorMessage("Hmm, that email seems wrong.");
                     return $this->generateView();
                 } elseif (!$owner->is_activated) {
                     $error_msg = 'Inactive account. ';
                     if ($owner->failed_logins == 0) {
                         $error_msg .= '<a href=\\"http://thinkup.com/docs/install/install.html#activate-your-account\\">' . 'You must activate your account.</a>';
                     } elseif ($owner->failed_logins == 10) {
                         $error_msg .= $owner->account_status . '. <a href=\\"forgot.php\\">Reset your password.</a>';
                     }
                     $disable_xss = true;
                     $this->addErrorMessage($error_msg, null, $disable_xss);
                     return $this->generateView();
                     // If the credentials supplied by the user are incorrect
                 } elseif (!$owner_dao->isOwnerAuthorized($user_email, $_POST['pwd'])) {
                     $error_msg = "Hmm, that password seems wrong.";
                     if ($owner->failed_logins == 9) {
                         // where 9 represents the 10th attempt!
                         $owner_dao->deactivateOwner($user_email);
                         $status = 'Account deactivated due to too many failed logins';
                         $owner_dao->setAccountStatus($user_email, $status);
                         $error_msg = 'Inactive account. ' . $status . '. <a href=\\"forgot.php\\">Reset your password.</a>';
                     }
                     $owner_dao->incrementFailedLogins($user_email);
                     $disable_xss = true;
                     $this->addErrorMessage($error_msg, null, $disable_xss);
                     return $this->generateView();
                 } else {
                     // user has logged in sucessfully this sets variables in the session
                     $session->completeLogin($owner);
                     $owner_dao->updateLastLogin($user_email);
                     $owner_dao->resetFailedLogins($user_email);
                     $owner_dao->clearAccountStatus($user_email);
                     if (isset($_POST['redirect']) && $_POST['redirect'] != '') {
                         $success_redir = $_POST['redirect'];
                     } else {
                         $success_redir = $config->getValue('site_root_path');
                     }
                     if (!$this->redirect($success_redir)) {
                         $controller = new InsightStreamController(true);
                         return $controller->go();
                     }
                 }
             }
         } else {
             return $this->generateView();
         }
     }
 }
Пример #14
0
 public function testCompleteLoginAndIsLoggedInIsAdmin()
 {
     $val = array();
     $val["id"] = 10;
     $val["user_name"] = 'testuser';
     $val["full_name"] = 'Test User';
     $val['email'] = '*****@*****.**';
     $val['last_login'] = '******';
     $val["is_admin"] = 0;
     $val["is_activated"] = 1;
     $val["failed_logins"] = 0;
     $val["account_status"] = '';
     $val["timezone"] = 'America/New_York';
     $val["joined"] = date('Y-m-d');
     $val["api_key"] = '';
     $val["api_key_private"] = '';
     $val["email_notification_frequency"] = 'daily';
     $val["membership_level"] = 0;
     $owner = new Owner($val);
     $session = new Session();
     $session->completeLogin($owner);
     $this->assertTrue(Session::isLoggedIn());
     $this->assertFalse(Session::isAdmin());
     $val = array();
     $val["id"] = 11;
     $val["user_name"] = 'testuser';
     $val["full_name"] = 'Test User2';
     $val['email'] = '*****@*****.**';
     $val['last_login'] = '******';
     $val["is_admin"] = 1;
     $val["is_activated"] = 1;
     $val["failed_logins"] = 0;
     $val["account_status"] = '';
     $val["timezone"] = 'America/New_York';
     $val["joined"] = date('Y-m-d');
     $val["api_key"] = '';
     $val["api_key_private"] = '';
     $val["email_notification_frequency"] = 'daily';
     $val["membership_level"] = 0;
     $owner = new Owner($val);
     $session->completeLogin($owner);
     $this->assertTrue(Session::isLoggedIn());
     $this->assertTrue(Session::isAdmin());
     $this->assertEqual(Session::getLoggedInUser(), '*****@*****.**');
 }