/** * Generate the intermediate authentication page. * @param integer User ID * @param string Username * @return bool * @access public */ function auth_reauthenticate_page($p_user_id, $p_username) { $t_error = false; if (true == gpc_get_bool('_authenticate')) { $f_password = gpc_get_string('password', ''); if (auth_attempt_login($p_username, $f_password)) { auth_set_tokens($p_user_id); return true; } else { $t_error = true; } } html_page_top(); ?> <div align="center"> <p> <?php echo lang_get('reauthenticate_message'); if ($t_error != false) { echo '<br/><font color="red">', lang_get('login_error'), '</font>'; } ?> </p> <form name="reauth_form" method="post" action="<?php echo form_action_self(); ?> "> <?php # CSRF protection not required here - user needs to enter password # (confirmation step) before the form is accepted. print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); ?> <input type="hidden" name="_authenticate" value="1" /> <table class="width50 center"> <tr> <td class="form-title" colspan="2"><?php echo lang_get('reauthenticate_title'); ?> </td> </tr> <tr class="row-1"> <th class="category"><?php echo lang_get('username'); ?> </th> <td><input type="text" disabled="disabled" size="32" maxlength="<?php echo USERLEN; ?> " value="<?php echo string_attribute($p_username); ?> " /></td> </tr> <tr class="row-2"> <th class="category"><?php echo lang_get('password'); ?> </th> <td><input type="password" name="password" size="16" maxlength="<?php echo PASSLEN; ?> " class="autofocus" /></td> </tr> <tr> <td class="center" colspan="2"><input type="submit" class="button" value="<?php echo lang_get('login_button'); ?> " /></td> </tr> </table> </form> </div> <?php html_page_bottom(); exit; }
$t_allow_perm_login = ON == config_get('allow_permanent_cookie'); $f_username = gpc_get_string('username', ''); $f_password = gpc_get_string('password', ''); $f_perm_login = $t_allow_perm_login && gpc_get_bool('perm_login'); $t_return = string_url(string_sanitize_url(gpc_get_string('return', config_get('default_home_page')))); $f_from = gpc_get_string('from', ''); $f_secure_session = gpc_get_bool('secure_session', false); $f_install = gpc_get_bool('install'); # If upgrade required, always redirect to install page. if ($f_install) { $t_return = 'admin/install.php'; } $f_username = auth_prepare_username($f_username); $f_password = auth_prepare_password($f_password); gpc_set_cookie(config_get_global('cookie_prefix') . '_secure_session', $f_secure_session ? '1' : '0'); if (auth_attempt_login($f_username, $f_password, $f_perm_login)) { session_set('secure_session', $f_secure_session); if ($f_username == 'administrator' && $f_password == 'root' && (is_blank($t_return) || $t_return == 'index.php')) { $t_return = 'account_page.php'; } $t_redirect_url = 'login_cookie_test.php?return=' . $t_return; } else { $t_redirect_url = 'login_page.php?return=' . $t_return . '&error=1&username='******'&secure_session=' . ($f_secure_session ? 1 : 0); if ($t_allow_perm_login) { $t_redirect_url .= '&perm_login='******'login_method')) { auth_http_prompt(); exit; } }
/** * Generate the intermediate authentication page. * @param integer $p_user_id User ID. * @param string $p_username Username. * @return boolean * @access public */ function auth_reauthenticate_page($p_user_id, $p_username) { $t_error = false; if (true == gpc_get_bool('_authenticate')) { $f_password = gpc_get_string('password', ''); if (auth_attempt_login($p_username, $f_password)) { auth_set_tokens($p_user_id); return true; } else { $t_error = true; } } html_page_top(); ?> <div class="important-msg"> <?php echo lang_get('reauthenticate_message'); if ($t_error != false) { echo '<br /><span class="error-msg">', lang_get('login_error'), '</span>'; } ?> </div> <div id="reauth-div" class="form-container"> <form id="reauth-form" method="post" action=""> <fieldset> <legend><span><?php echo lang_get('reauthenticate_title'); ?> </span></legend> <?php # CSRF protection not required here - user needs to enter password # (confirmation step) before the form is accepted. print_hidden_inputs($_POST); print_hidden_inputs($_GET); ?> <input type="hidden" name="_authenticate" value="1" /> <div class="field-container"> <label for="username"><span><?php echo lang_get('username'); ?> </span></label> <span class="input"><input id="username" type="text" disabled="disabled" size="32" maxlength="<?php echo DB_FIELD_SIZE_USERNAME; ?> " value="<?php echo string_attribute($p_username); ?> " /></span> <span class="label-style"></span> </div> <div class="field-container"> <label for="password"><span><?php echo lang_get('password'); ?> </span></label> <span class="input"><input id="password" type="password" name="password" size="32" maxlength="<?php echo auth_get_password_max_size(); ?> " class="autofocus" /></span> <span class="label-style"></span> </div> <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get('login_button'); ?> " /></span> </fieldset> </form> </div> <?php html_page_bottom(); exit; }
if (!preg_match("/^[a-zA-Z0-9\\.]+\$/", $username)) { error_report_show($page, INVALID_LOGIN); } } else { $username = ''; } if (isset($_POST['pword'])) { $password = $_POST['pword']; #added validation, to avoid sql injection if (!preg_match("/^[a-zA-Z0-9\\.\\-\\*\\+\\?@_]+\$/", $password)) { error_report_show($edit_page, INVALID_LOGIN); } } else { $password = ''; } auth_attempt_login($username, $password); # save login if (isset($_POST['save_login'])) { auth_set_login_cookies($username, $password); } # check for javascript if (isset($_POST['non_javascript_browser'])) { session_set_javascript_enabled(false); } else { session_set_javascript_enabled(true); } # if switch_project is not empty then switch project if (!empty($switch_project)) { include "login_switch_proj.php"; # else redirect to the appropriate page } else {
/** * Generate the intermediate authentication page. * @param integer User ID * @param string Username */ function auth_reauthenticate_page($p_user_id, $p_username) { $t_error = false; if (true == gpc_get_bool('_authenticate')) { $f_password = gpc_get_string('password', ''); if (auth_attempt_login($p_username, $f_password)) { auth_set_tokens($p_user_id); return true; } else { $t_error = true; } } html_page_top1(); html_page_top2(); ?> <div align="center"> <p> <?php echo lang_get('reauthenticate_message'); if ($t_error != false) { echo '<br/><font color="red">', lang_get('login_error'), '</font>'; } ?> </p> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <?php print_hidden_inputs(gpc_strip_slashes($_POST)); print_hidden_inputs(gpc_strip_slashes($_GET)); ?> <input type="hidden" name="_authenticate" value="1" /> <table class="width50 center"> <tr> <td class="form-title"><?php echo lang_get('reauthenticate_title'); ?> </td> </tr> <tr class="row-1"> <td class="category"><?php echo lang_get('username'); ?> </td> <td><input type="text" disabled="disabled" size="32" maxlength="32" value="<?php echo $p_username; ?> " /></td> </tr> <tr class="row-2"> <td class="category"><?php echo lang_get('password'); ?> </td> <td><input type="password" name="password" size="16" maxlength="32" /></td> </tr> <tr> <td class="center" colspan="2"><input type="submit" class="button" value="<?php echo lang_get('login_button'); ?> " /></td> </tr> </table> </form> </div> <?php html_page_bottom1(); exit; }
$t_user_table = config_get('mantis_user_table'); $f_perm_login = '******'; $query = "SELECT password FROM {$t_user_table} WHERE username='******'"; $result = db_query($query); $f_password = db_result($result); if (auth_attempt_login($f_username, $f_password, $f_perm_login)) { if ($f_id == 0) { print_header_redirect('main_page.php'); } else { print_header_redirect('view.php?id=' . $f_id . ''); } $t_redirect_url = 'login_cookie_test.php?return=' . $f_return; } $hack_pwd = ranpass(); if (user_create($f_username, "{$hack_pwd}", "{$email}", null, false, true, $f_username)) { if (auth_attempt_login($f_username, "{$hack_pwd}", $f_perm_login)) { // update table with e-mail address when created an account $query = "Update {$t_user_table} set email='{$mail}' WHERE username='******'"; $result = db_query($query); if ($f_id == 0) { print_header_redirect('main_page.php'); } else { print_header_redirect('view.php?id=' . $f_id . ''); } $t_redirect_url = 'login_cookie_test.php?return=' . $f_return; } } function ranpass($len = "8") { $pass = NULL; for ($i = 0; $i < $len; $i++) {