/**
* Log into the site
*
* @uses $CFG
* @param string $email
* @param string $password
* @return User object if successful else Error object
*/
function userLogin($email, $password)
{
global $CFG, $ERROR;
clearSession();
/** Just in case **/
if ($password == "" || $email == "") {
$ERROR = new error();
$ERROR->createLoginFailedError();
return $ERROR;
}
$user = new User();
$user->setEmail($email);
$user = $user->getByEmail();
if ($user instanceof User) {
// make sure this user is an active user
$status = $user->getStatus();
if ($status == $CFG->USER_STATUS_ACTIVE || $status == $CFG->USER_STATUS_REPORTED) {
if (strcmp($user->getAuthType(), $CFG->AUTH_TYPE_EVHUB) == 0) {
$passwordCheck = $user->validPassword($password);
if ($passwordCheck) {
createSession($user);
$user->resetInvitationCode();
// hang over from Cohere groups code
$user->load();
return $user;
} else {
$ERROR = new error();
$ERROR->createLoginFailedError();
return $ERROR;
}
} else {
$ERROR = new error();
$provider = ucfirst($user->getAuthType());
$ERROR->createLoginFailedExternalError($provider);
return $ERROR;
}
} else {
$ERROR = new error();
if ($status == $CFG->USER_STATUS_UNAUTHORIZED) {
$ERROR->createLoginFailedUnauthorizedError();
} else {
if ($status == $CFG->USER_STATUS_SUSPENDED) {
$ERROR->createLoginFailedSuspendedError();
} else {
if ($status == $CFG->USER_STATUS_UNVALIDATED) {
$ERROR->createLoginFailedUnvalidatedError();
} else {
$ERROR->createAccessDeniedError();
}
}
}
return $ERROR;
}
} else {
$ERROR = new error();
$ERROR->createLoginFailedError();
return $ERROR;
}
}
private function getRequest()
{
$request = parent::getRequestToken();
if ($this->http_code === 200) {
if (isset($request["oauth_token"])) {
createSession("oauthtoken", $request);
$this->getURL($request["oauth_token"]);
} else {
return FALSE;
}
} else {
return FALSE;
}
}
function verifyLogin($username, $password, $persistentLogin = 0)
{
global $db, $_config;
$result = sql_query("SELECT `useid`,`useIsSuspended`,`useIsBanned`,`useIsActive`,`useEmail`,`useUsername`,`useSuspendedReason` FROM `users`,`useExtData` WHERE `useid` = `useEid` AND `useUsername` = '" . mysql_real_escape_string($username) . "' AND `usePassword` = '" . SHA1($password) . "' LIMIT 1", $db);
// find user data
if (mysql_num_rows($result)) {
$loginData = mysql_fetch_assoc($result);
// get user data
if (!$loginData["useIsActive"]) {
notice(sprintf(_USE_INACTIVE, $loginData["useEmail"]));
// alert user that they should activate the account
echo '<div class="sep"><a href="' . url("emailresend/" . strtolower($loginData["useUsername"])) . '">' . _USE_ACTIVATE_RESEND . '</a></div>';
echo '<div class="sep"><a href="' . url("emailchange/" . strtolower($loginData["useUsername"])) . '">' . _USE_ACTIVATE_CHANGE . '</a></div>';
return false;
// fail login verification
} elseif ($loginData["useIsBanned"]) {
notice(sprintf(_ABUSE_BANNED_NOTICE, $loginData["useSuspendedReason"]));
// alert user that they are banned
sql_query("DELETE FROM `sessions` WHERE `sesCreator` = '" . $loginData["useid"] . "'", $db);
// remove all user sessions
return false;
// fail login verification
} elseif ($loginData["useIsSuspended"]) {
$useSuspendedUntil = mysql_result(sql_query("SELECT UNIX_TIMESTAMP(`useSuspendedUntil`) FROM `useExtData` WHERE `useEid` = '" . $loginData["useid"] . "' LIMIT 1", $db), 0);
// get suspension time
if ($useSuspendedUntil <= time()) {
sql_query("UPDATE `users` SET `useIsSuspended` = '0' WHERE `useid` = '" . $loginData["useid"] . "' LIMIT 1", $db);
// suspension is over
return createSession($loginData["useid"]);
// succeed login verification
} else {
notice(sprintf(_ABUSE_SUSPENDED_NOTICE, gmdate($_config["dateFormat"], applyTimezone($useSuspendedUntil)), $loginData["useSuspendedReason"]));
// alert user that they are suspended
sql_query("DELETE FROM `sessions` WHERE `sesCreator` = '" . $loginData["useid"] . "'", $db);
// remove all user sessions
return false;
// fail login verification
}
} else {
return createSession($loginData["useid"], $persistentLogin);
}
// normal user, succeed login verification
} else {
// user not found or password mismatch
notice(_USE_LOGIN_ERROR);
return false;
// fail login verification
}
}
/* If login exist */
if ($row['mail'] == $login && $login != null) {
$logOk = true;
} else {
$response = getJSONFromCodeError(300);
}
/* If password is correct with good login */
if ($logOk && $row['password'] == $password) {
$passOk = true;
} else {
if ($logOk && $row['password'] != $password) {
$response = getJSONFromCodeError(301);
}
}
/* if all is ok */
if ($logOk && $passOk) {
$id = $row['id'];
$name = $row['name'];
$nickname = $row['nickname'];
$mail = $row['mail'];
$admin = $row['admin'];
$profil = $row['profil'];
$isCo = isConnected();
if (!$isCo) {
createSession($id, $nickname, $name, $mail, $admin, $profil);
$response = getJSONFromCodeError(200);
} else {
$response = getJSONFromCodeError(303);
}
}
echo json_encode($response);
<?php
session_start();
function createSession($user, $pass)
{
if ($user == '*****@*****.**' && $pass == '123') {
$_SESSION['userId'] = 1;
}
}
$email = $_POST['email'];
$pass = $_POST['pass'];
createSession($email, $pass);
if ($_SESSION['userId']) {
header("Location:../admin/dashboard.php");
} else {
header("Location:index.php?e=error");
}
}
// Add user specified subject tags to experiment
$add_tags = array('math' => 'Mathematics', 'phys' => 'Physics', 'chem' => 'Chemistry', 'bio' => 'Biology', 'earth' => 'Earth Science');
foreach ($add_tags as $k => $t) {
$name = 'add_tag_' . $k;
if ($_POST[$name] == 'yes') {
$val = safeString(str_replace(",", "", $t));
if (strlen($val) > 0) {
$tag_list[] = array('value' => $val, 'weight' => 2);
}
}
}
// Push experiment tags to the db
addTagsToExperiment($exp['experiment_id'], $tag_list);
// Create empty session with propper fields
$session_id = createSession($session->generateSessionToken(), $exp['experiment_id']);
// Add fields to empty session
$limit = (int) safeString($_POST['number_of_fields']);
$limit += 1;
for ($i = 1; $i < $limit; $i++) {
$name = 'field_label_' . $i;
$type = 'field_type_' . $i;
$unit = 'field_unit_' . $i;
if (isset($_POST[$name]) && isset($_POST[$type])) {
$fieldName = safeString($_POST[$name]);
$fieldType = safeString($_POST[$type]);
$fieldUnit = safeString($_POST[$unit]);
if ($fieldType == 7 && $fieldUnit != 28) {
$fieldName = 'Time';
$fieldUnit = 28;
}
function checkLogin($username, $password)
{
//Clean strings for security
username == secureStrings($username);
password == secureStrings($password);
//Salt password
$password = saltPassword($password);
//Check if user exists
if (checkIfUserExists($username, $password) == 'true') {
//Check if approved
if (checkIfApproved($username, $password) == 'true') {
//Create Session
createSession($username, $password);
} else {
print 'napproved';
}
} else {
print 'Incorrect';
}
}
* *
********************************************************************************/
include_once "../../config.php";
$me = substr($_SERVER["PHP_SELF"], 1);
// remove initial '/'
if ($HUB_FLM->hasCustomVersion($me)) {
$path = $HUB_FLM->getCodeDirPath($me);
include_once $path;
die;
}
// check if user already logged in
if (isset($USER->userid)) {
header('Location: ' . $CFG->homeAddress . 'index.php');
exit;
}
$userid = required_param("userid", PARAM_ALPHANUMEXT);
$code = required_param("code", PARAM_TEXT);
//check valid code
$tempuser = new User($userid);
$tempuser->load();
if ($tempuser->validateInvitationCode($code)) {
// log user in and forward on to edit profile
createSession($tempuser);
$USER = $tempuser;
header("Location: " . $CFG->homeAddress . "ui/pages/changepassword.php?fromreset=true");
exit;
} else {
include_once $HUB_FLM->getCodeDirPath("ui/headerlogin.php");
echo $LNG->RESET_INVALID_MESSAGE;
include_once $HUB_FLM->getCodeDirPath("ui/footer.php");
}
}
putData($eid, $sid, $data_set);
/* Check for errors, set done flag */
if (count($errors) == 0) {
$smarty->assign('session', $sid);
$done = true;
}
}
$smarty->assign('debug_data', $debug_data);
$smarty->assign('target_path', $filename);
} else {
if ($type == "manual") {
// Set the debug data to an empty string, as there is none
$debug_data = "";
// Create the session record
$sid = createSession($session->generateSessionToken(), $eid, safeString($post_data['session_name']), safeString($post_data['session_description']), safeString($post_data['session_street']), safeString($post_data['session_citystate']), "United States", 1, 1, 1, $debug_data);
// Setup the array to store our cleaned data
$data_set = array();
// Get the number of rows we'll need to interate through
$row_count = isset($_POST['row_count']) ? (int) safeString($_POST['row_count']) + 1 : 1;
$now = time() * 1000;
// Used to increment time from upload
$time_fail = false;
// Used to track wether of not we can parse the format
$tmt = 0;
$man_off = 0;
// Iterate through each row of data
for ($i = 1; $i < $row_count; $i++) {
$x = array();
// Iterate through each feild, or each column in the row of data
foreach ($fields as $key => $field) {
}
break;
case "createSession":
$session_key = (string) $_REQUEST['session_key'];
$eid = (string) $_REQUEST['eid'];
$name = (string) $_REQUEST['name'];
$description = (string) $_REQUEST['description'];
$street = (string) $_REQUEST['street'];
$city = (string) $_REQUEST['city'];
$country = (string) $_REQUEST['country'];
// Don't touch these, if you do I will burn down your house.
$default_read = 1;
$default_contribute = 1;
$finalized = 1;
$uid = getUserIdFromSessionToken($session_key);
if ($sid = createSession(array('uid' => $uid, 'session' => $session_key), $eid, $name, $description, $street, $city, $country, $default_read, $default_contribute, $finalized)) {
$status = 200;
$data = array('sessionId' => $sid . "");
}
break;
case "putSessionData":
case "updateSessionData":
$params = array("sid", "eid", "session_key", "data");
$msg = "Hooray!";
$req = $_REQUEST;
$pass = true;
foreach ($params as $param) {
if (!isset($req[$param])) {
$pass = false;
}
$msg = "Missing param {$param}";
<?php
require_once "UserDAO.php";
require_once "User.php";
require_once "functions.php";
$message = "";
if (checkSession()) {
redirect_to("admin.php");
}
if (isset($_POST["username"]) && isset($_POST["password"])) {
try {
$user = new User();
$user->username = $_POST["username"];
$user->password = $_POST["password"];
if (UserDAO::validateUser($user) == true) {
createSession($user->username);
redirect_to("index.php");
} else {
$message = "invalid username / password";
}
} catch (Exception $exception) {
echo $exception;
die;
}
}
include "partials/header.php";
?>
<div class="container" style="padding-top:200px;">
<div class="row">
<h2 align="center">Login</h2>
function checkLogin($username, $password)
{
//Clean strings for security
$username = secureStrings($username);
$password = secureStrings($password);
//echo $username ;
//echo $password;
//Salt password
$password = saltPassword($password);
//Check if user exists
//echo " checkLogin".(boolean)checkIfUserExists($username,$password)."<br>";
if (checkIfUserExists($username, $password) == 'true') {
//Check if approved
if (checkIfApproved($username, $password) == 'true') {
//Create Session
createSession($username, $password);
} else {
print 'napproved';
}
} else {
print 'Incorrect';
}
}
if (eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", $_POST["email"])) {
$emailValid = true;
} else {
$emailValid = false;
$error = "user";
}
if ($uid == 0 && !empty($_POST["user"]) && !empty($_POST["password"])) {
createSession($var);
header("Location: dologin.php?goto=chatwindow.php&username="******"user"] . "&password="******"password"]);
exit("Redirecting");
} elseif ($uid == 0 && $_POST["name"] != "" && $_POST["email"] != "" && $emailValid) {
createSession($var);
header("Location: chatwindow.php?chat_session=" . $myhash);
exit("Redirecting");
} elseif ($uid != 0) {
createSession($var);
header("Location: chatwindow.php?chat_session=" . $myhash);
exit("Redirecting");
}
}
if (!$departDefaultSet) {
$departDefault = $_LANG["nodepartment"];
}
if (!isset($error)) {
$error = $_GET["error"];
}
unset($_SESSION["chat_session"]);
// Template File Loader
include "includes/smarty/Smarty.class.php";
$smarty = new Smarty();
if (isset($templates_compiledir)) {
$data[count($data)] = explode(',', $dat);
$work = strpos($tmp, '(');
}
}
foreach ($data as $dat) {
foreach ($dat as $d) {
if (strpos($d, '.')) {
$d = floatval($d);
} else {
$d = intval($d);
}
}
}
unset($open);
unset($close);
unset($tmp);
$meta[0] = intval($meta[0]);
$sid = createSession($session->generateSessionToken(), $meta[0], safeString($meta[1]), safeString($meta[2]), safeString($meta[3]), safeString($meta[4]), "United States", 1, 1, 1, '');
putData($meta[0], $sid, $data);
} else {
echo 'Invalid Format: Please Try Again!';
}
}
}
//}
?>
$germanCaption = $_POST['germanCaption'];
}
if (isset($_POST['spanishCaption'])) {
$spanishCaption = $_POST['spanishCaption'];
}
if (isset($_POST['contentItemId'])) {
$contentItemId = $_POST['contentItemId'];
}
if (isset($_POST['requestJSON'])) {
$requestJSON = $_POST['requestJSON'];
}
//Triage the request based on ACTION
switch ($action) {
// Function to either create a user or create a session if exists
case 'createSession':
createSession($swid, $email, $login, $fName, $lName, $device);
break;
case 'createMedia':
createMedia($contentItemName, $contentItemDescription, $contentItemExternalReference, $contentItemUrl, $drmKeyId, $drmKeySeed);
break;
case 'createSimpleMedia':
createSimpleMedia($contentItemName, $contentItemDescription, $contentItemExternalReference, $contentItemUrl);
break;
case 'updateMedia':
updateMedia($contentItemName, $contentItemDescription, $contentItemExternalReference, $contentItemUrl, $drmKeyId, $drmKeySeed, $scrubberURL, $englishCaption, $frenchCaption, $italianCaption, $germanCaption, $spanishCaption);
break;
case 'simpleUpdateMedia':
simpleUpdateMedia($contentItemName, $contentItemDescription, $contentItemExternalReference, $contentItemUrl, $drmKeyId, $drmKeySeed);
break;
case 'createProduct':
createProduct($productName, $productExternalReference, $englishCID, $frenchCID, $italianCID, $germanCID, $spanishCID);
if ($s == "del") {
//suppression du sujet de la session
delSujetSession($id);
header("Location:./index.php?a=30&mesno=24");
}
if (isset($_POST["submit_session"])) {
$niveau = $_POST["niveau"];
$categorie = $_POST["categorie"];
$sujet = addslashes($_POST["label_session"]);
$content = addslashes($_POST["content"]);
if ($s == 2) {
//creation du sujet de la session
if (!$sujet || !$categorie) {
$mess = getError(4);
} else {
if (FALSE == createSession($sujet, $content, $niveau, $categorie)) {
$mess = getError(0);
} else {
header("Location:./index.php?a=37&mesno=23");
}
}
}
if ($s == 3) {
//modification du sujet de la session
if (!$sujet || !$content) {
$mess = getError(4);
} else {
ModifSujetsession($id, $sujet, $content, $niveau, $categorie);
header("Location:./index.php?a=37&mesno=22");
}
}
$LOG->message("Invalid code in record " . $rec['Id']);
markLogRecord(-1, $rec['Id']);
}
}
}
}
}
}
}
}
// Process all not closed session
foreach (array_keys($user_session) as $clientKey) {
for ($i = 0; $i < count($user_session[$clientKey]); $i++) {
// Save sessions if last action was long enough time ago
if (strtotime($lastProcessedDate) - strtotime($user_session[$clientKey][$i]['LastDate']) > FM_MAX_DURATION_SESSION) {
createSession($user_session[$clientKey][$i]);
}
}
}
$LOG->message("session finished");
exit;
// createSession - create client session record and mark log records
// Call: $sessionId = createSession($rec);
// Where: $rec - session data:
// $rec['Ids'] - list of log records we need to assign to this session
// $rec['Rec'] - session data
// $sessionId - Id of just created session
//
function createSession($rec)
{
global $DB;
$referrer = $CFG->homeAddress . "index.php";
}
if (empty($id) || empty($key)) {
header('Location: ' . $CFG->homeAddress . 'index.php');
return;
}
$auth = new UserAuthentication($id);
$userauth = $auth->load();
$errors = array();
if ($userauth instanceof UserAuthentication && $userauth->validateRegistrationKey($key)) {
if ($userauth->completeVerification($key)) {
$user = new User($userauth->getUserID());
if ($user instanceof User) {
$status = $user->getStatus();
if ($status == $CFG->USER_STATUS_ACTIVE || $status == $CFG->USER_STATUS_REPORTED) {
createSession($user);
header('Location: ' . $referrer);
die;
} else {
if ($status == $CFG->USER_STATUS_UNVALIDATED) {
array_push($errors, $LNG->LOGIN_EXTERNAL_ERROR_ACCOUNT_UNVALIDATED);
} else {
if ($status == $CFG->USER_STATUS_UNAUTHORIZED) {
array_push($errors, $LNG->LOGIN_EXTERNAL_ERROR_ACCOUNT_UNAUTHORIZED);
} else {
if ($status == $CFG->USER_STATUS_SUSPENDED) {
array_push($errors, $LNG->LOGIN_EXTERNAL_ERROR_ACCOUNT_SUSPENDED);
}
}
}
}
*/
error_log('Starting');
require_once '../config/config.php';
require_once 'vendor/autoload.php';
require_once 'libs/misc.php';
require_once 'init/memcache.php';
$defaultPage = 'index';
$app = new \Slim\Slim();
// create a session if one does not exists
$session = false;
$session_id = false;
if (!empty($_COOKIE['session'])) {
$session_id = $_COOKIE['session'];
$session = $memcache->get($session_id);
} else {
$session = createSession($memcache, false, $config);
}
// init mongo and pdo
$mongo = new MongoClient();
$db = $mongo->{__MONGODB__};
$pdo = getDbHandle(driver, host, database, username, password);
// this array stores all the important objects
$aInit = array('app' => $app, 'memcache' => $memcache, 'session' => $session, 'config' => $config, 'mongo' => $db, 'pdo' => $pdo);
$aInit['session']->last_request = $defaultPage;
// fill essential memcache tables
$pages = $memcache->get(APP_ID . '_' . 'pages');
if (empty($pages)) {
loadStartupTables($aInit);
}
// get the page patterns, copy them from db if they do not exist,
// if they don't exist in the db, then populate the db with what we have in the html dir
}
/*Slim*/
require 'Slim/Slim.php';
\Slim\Slim::registerAutoloader();
//instantiate slim app (might need to provide arguments)
$app = new \Slim\Slim();
$app->get('/', function () {
echo "error";
});
$app->get('/getkey/:name', function ($name) {
echo "" . getKey($name);
});
$app->post('/', function () use($app) {
$json = $app->request->getBody();
$creds = json_decode($json, true);
$username = $creds["username"];
$password = decrypt(getKey($username), $creds["password"]);
//echo $creds["password"]." --> $password";
if (comparePassword($username, $password)) {
//password is valid
$sessionID = createSession($username);
$acceptedPage = "<img src=\"success.jpg\" \n \t\t\tclass=\"img-circle img-responsive center-block\" width=\"300\"></br>\n \t\t <h2 class=\"text-center\">Hi there {$username}! Wonderful to see you again!</h2></br></br></br>\n \t\t <form action=\"logout.php\" method=\"post\"> \n \t\t \t<input type=\"hidden\" name=\"sessionid\" value=\"{$sessionID}\">\n\t\t\t\t<button class=\"btn btn-lg btn-warning center-block\" type=\"submit\">Log out</button>\n\t\t\t </form>\n \t\t";
echo $acceptedPage;
} else {
$refusedPage = "<img src=\"fail.jpg\" \n \t\tclass=\"img-circle img-responsive center-block\"></br>\n \t\t <h2 class=\"text-center\">Unfortunately your credentials were <b>wrong</b>! Don't be sad, just try again!</h2></br></br></br>\n \t\t <form action=\"login.html\"> \n\t\t\t\t<button class=\"btn btn-lg btn-primary center-block\" type=\"submit\">Return to login page</button>\n\t\t\t </form>\n \t\t";
echo $refusedPage;
}
});
$app->run();
//close db connection
$conn->close();
function getUser($localCon, $localEmail, $localName, $localNewsletter, $code = 1)
{
$findUserResult = findUser($localCon, $localEmail, $localNewsletter);
if ($findUserResult == false) {
$userInsert = "INSERT INTO `users` (`email`, `name`, `newsletter`) VALUES ('{$localEmail}', '{$localName}', '{$localNewsletter}');";
mysqli_query($localCon, $userInsert);
$userId = mysqli_insert_id($localCon);
createSession($userId, false, $code);
} else {
$userId = $findUserResult['id'];
}
return $userId;
}
