public function testLogin() { $this->assertFalse($this->object->login('', '')); $this->assertFalse($this->object->login('a', 'b')); $this->assertFalse($this->object->isLogged()); //Criando um novo usuario $user = createRandomUser(); $grupo = createRandomGroup(); $dao = Factory::DAO('usuario'); /* @var $dao UsuarioDAO */ $this->assertEquals(1, $dao->UsuarioGrupo()->novo($user['id'], $grupo['id'])); $this->assertFalse($this->object->login($user['email'], $user['email'])); $this->assertTrue($this->object->login($user['email'], hashit($user['email']))); $this->assertTrue($this->object->isLogged()); //Conferindo os dados $this->assertEquals($user['id'], $this->object->getUserId()); $this->assertEquals($user['nome'], $this->object->getUserName()); $this->assertEquals($user['email'], $this->object->getData('email')); $this->assertEquals(array($grupo['id'] => $grupo['nome']), $this->object->getGroups()); $this->assertTrue($this->object->isMemberOf($grupo['nome'])); $this->assertFalse($this->object->isAdmin()); $this->object->logout(); $this->assertFalse($this->object->isLogged()); //Excluindo o usuário $dao->delete($user['id']); $this->assertFalse($this->object->login($user['email'], hashit($user['email']))); $this->assertFalse($this->object->isLogged()); }
/** * Cria um novo usuário * @return array */ function createRandomUser() { $name = 'Name' . rand(1, 100000); $email = 'emailuser' . $name . '@test.com'; $dao = Factory::DAO('usuario'); /* @var $dao UsuarioDAO */ $dao->novo($name, $email, hashit($email)); return $dao->getByEmail($email); }
function login($username, $password) { global $db; $username = mysqli_real_escape_string($username); $result = $db->query('SELECT * FROM simpleauth_players WHERE name = "' . $username . '"'); $row = $result->fetch_assoc(); if ($row['hash'] == hashit(strtolower($username), $password)) { return true; } else { return false; } }
public function testGetByEmail() { $data = $this->object->getByEmail('*****@*****.**'); $this->assertNotEmpty($data); $this->assertEquals('*****@*****.**', $data['email']); $email = 'randname' . rand() . '@test.com'; $this->assertEmpty($this->object->getByEmail($email)); $this->assertEquals(1, $this->object->novo($email, $email, hashit('password'))); $user = $this->object->getByEmail($email); $this->assertNotEmpty($user); $this->object->delete($user['id']); $this->assertEmpty($this->object->getByEmail($email)); }
function createDefaultUser() { echo '<li>CreateDefaultUser</li>'; $dao = Factory::DAO('usuario'); /* @var $dao UsuarioDAO */ $email = '*****@*****.**'; $user = $dao->getByEmail($email); if (empty($user)) { assert($dao->novo('Administrator', $email, hashit('admin'))); $dao = Factory::DAO('usuarioGrupo'); /* @var $dao UsuarioGrupoDAO */ assert($dao->novo($email, 'admin')); } }
public function _entrar() { $this->addParameter('usuario', 'string', array(Flag::REQUIRED)); $this->addParameter('senha', 'string', array(Flag::REQUIRED)); $this->addParameter('redirect', 'string', array(Flag::DEFAULT_VALUE => '/')); $this->pagedata["method"] = $this->getMethod(); if ($this->isValidParameters()) { $user = $this->getParameter('usuario'); $pass = hashit($this->getParameter('senha')); if (Session::singleton()->login($user, $pass)) { redirect($this->getParameter('redirect')); } } else { echo "invalid parameters"; } $this->pagedata['erro'] = $_SESSION["logginError"]; $this->pagedata['vemail'] = $this->getParameter('usuario'); $this->pagedata['vredirect'] = $this->getParameter('redirect'); return $this->_main(); }
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff) { set_mycookie("uid", $id, $expires); set_mycookie("pass", $passhash, $expires); set_mycookie("hashv", hashit($id, $passhash), $expires); if ($updatedb) { @sql_query("UPDATE users SET last_login = "******" WHERE id = {$id}"); } }
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff) { setcookie("uid", $id, $expires, "/"); setcookie("pass", $passhash, $expires, "/"); setcookie("hashv", hashit($id, $passhash), $expires, "/"); if ($updatedb) { sql_query("UPDATE users SET last_login = NOW() WHERE id = {$id}"); } }
function Login_response() { //************************************************** global $_, $EX, $message, $page, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $USERNAME, $HASHWORD; $_SESSION = array(); //make sure it's empty $_SESSION['valid'] = 0; //Default to failed login. $attempts = 0; $elapsed = 0; //Check for prior login attempts (but don't increment count just yet) if (is_file($LOGIN_ATTEMPTS)) { $attempts = (int) file_get_contents($LOGIN_ATTEMPTS); $elapsed = time() - filemtime($LOGIN_ATTEMPTS); } if ($attempts > 0) { $message .= '<b>' . hsc($_['login_msg_01a']) . ' ' . $attempts . ' ' . hsc($_['login_msg_01b']) . '</b><br>'; } if ($attempts >= $MAX_ATTEMPTS && $elapsed < $LOGIN_DELAY) { $message .= hsc($_['login_msg_02a']) . ' '; $message .= Timeout_Timer($LOGIN_DELAY - $elapsed, 'timer0'); $message .= ' ' . hsc($_['login_msg_02b']); return; } //Trim any incidental whitespace before validating. $_POST['password'] = trim($_POST['password']); $_POST['username'] = trim($_POST['username']); //validate login. if ($_POST['password'] == "" || $_POST['username'] == "") { return; //Ignore login attempt if either username or password is blank. } elseif (hashit($_POST['password']) == $HASHWORD && $_POST['username'] == $USERNAME) { session_regenerate_id(true); $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check. $_SESSION['valid'] = 1; $page = "index"; if (is_file($LOGIN_ATTEMPTS)) { unlink($LOGIN_ATTEMPTS); } //delete invalid attempts count file } else { file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts $message = $EX . '<b>' . hsc($_['login_msg_03']) . $attempts . '</b><br>'; if ($attempts >= $MAX_ATTEMPTS) { $message .= hsc($_['login_msg_02a']) . ' '; $message .= Timeout_Timer($LOGIN_DELAY, 'timer0', '', ''); $message .= ' ' . hsc($_['login_msg_02b']); } } }
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff) { set_mycookie("uid", $id, $expires); set_mycookie("pass", $passhash, $expires); set_mycookie("hashv", hashit($id, $passhash), $expires); if ($updatedb) { sql_query("UPDATE users SET last_login = "******" WHERE id = " . sqlesc($id)) or sqlerr(__FILE__, __LINE__); } }
function passhash($password) { $hash = config('password.hash'); $salt = config('password.salt'); switch ($hash) { case 'md5': $password = md5($password); break; case 'hash': $password = md5($salt . sha1(md5($password))); break; // md5ed with a salt of an sha1 of an md5.. // md5ed with a salt of an sha1 of an md5.. case 'hash2': $password = hashit($password); default: $password = $password; break; } return $password; }
function logincookie($id, $passhash, $expires = 0x7fffffff) { Cookie::set('uid', $id, $expires, '/'); Cookie::set('pass', $passhash, $expires, '/'); Cookie::set('hashx', hashit($id, $passhash), $expires, '/'); }
$current = $page; } // sinon la page courante est bien celle indiquée dans l'URL } /* $start est la valeur de départ du LIMIT dans notre requête SQL (est fonction de la page courante) */ $start = $current * $epp - $epp; /* Récupération des données à afficher pour la page courante */ $qry = "select * from `notes` where `note` LIKE '%{$q}%' and `type`='1' LIMIT {$start}, {$epp}"; $res = @mysql_query($qry); $num = mysql_num_rows($res); if ($num == 0) { echo "<div id='wrong'>No Results</div>"; } if ($res) { while ($row = mysql_fetch_array($res)) { $user = $row['user']; $userN = nameUser($user); $pic = loadpic($user); $timestamp = Timesince($row['date']); $note = stripslashes(nl2br($row['note'])); $noteID = hashit($row['notes_id']); echo "\n\n\t\t\t\t\t\t\t\t\t\t\t\t<table width='765' border='0'>\n\t\t\t\t\t\t\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<td width='10' height='21' valign='top'><a href='user/{$userN}'>{$pic}</a></td>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<td width='745' valign='top'><a href='user/{$userN}'><font color='blue'>{$userN} \t \t\t\t\t\t\t\t\t\t\t</font></a> <a href='note/{$noteID}'>" . $note . "</a><br /><em><font color='grey'>Posted \t\t\t\t\t\t\t\t\t\t{$timestamp} ago</font></em> \t\t\t</td>\n\t\t\t\t\t\t\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t \n\t\t\t\t\t\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t\t\t\t\t\t\t<hr />\n\n\t\t\t\n\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t"; } } /* Libération du résultat */ mysql_free_result($res); //else echo mysqli_error($dbc); /* Appel de la fonction */ echo paginate("search2.php?q={$q}", '&p=', $countp, $current); } //else error
?> <br /> <form method='post' action='./new_announcement.php'> <table border='1' cellpadding='5' cellspacing='0'> <tr> <td> <div align='center'> <input name='n_pms' type='hidden' value='<?php echo $count; ?> ' /> <input name='ann_query' type='hidden' value='<?php echo $announcement_query; ?> ' /> <input name='ann_hash' type='hidden' value ='<?php echo hashit($announcement_query, $count); ?> ' /> <button type='submit'>Create New Announcement</button> </div></td> </tr> </table> </form> <?php } if (isset($pagemenu)) { echo "<p>{$pagemenu}<br />{$browsemenu}</p>"; } echo stdfoot(); die;
$pdl = $array['pdl']; if ($pdl > 0) { $partial = ratios($pul, $pdl) . " (" . mksize($pul) . "/" . mksize($pdl) . ")"; } else { if ($pul > 0) { $partial = "Inf. " . mksize($pul) . "/" . mksize($pdl) . ")"; } else { $partial = "---"; } } $auxres = sql_query("SELECT COUNT(DISTINCT p.id)\n FROM posts AS p LEFT JOIN topics as t ON p.topic_id = t.id\n LEFT JOIN forums AS f ON t.forum_id = f.id\n WHERE p.user_id = " . sqlesc($user['id']) . " AND f.min_class_read <= " . sqlesc($CURUSER['class'])) or sqlerr(__FILE__, __LINE__); $n = mysqli_fetch_row($auxres); $n_posts = $n[0]; $auxres = sql_query("SELECT COUNT(id) FROM comments WHERE user = "******"<tr><td><b><a href='userdetails.php?id=" . (int) $user['id'] . "'>" . htmlsafechars($user['username']) . "</a></b>" . ($user["donor"] == "yes" ? "<img src='pic/star.gif' alt=\"{$lang['usersearch_donor']}\" />" : "") . ($user["warned"] == "yes" ? "<img src=\"pic/warned.gif\" alt=\"{$lang['usersearch_warned']}\" />" : "") . "</td>\n <td>" . ratios($user['uploaded'], $user['downloaded']) . "</td>\n <td>" . $ipstr . "</td><td>" . htmlsafechars($user['email']) . "</td>\n <td><div align='center'>" . get_date($user['added'], '') . "</div></td>\n <td><div align='center'>" . get_date($user['last_access'], '', 0, 1) . "</div></td>\n <td><div align='center'>" . htmlsafechars($user['status']) . "</div></td>\n <td><div align='center'>" . htmlsafechars($user['enabled']) . "</div></td>\n <td><div align='center'>" . ratios($pul, $pdl) . "</div></td>\n <td><div align='right'>" . number_format($pul / 1048576) . "</div></td>\n <td><div align='right'>" . number_format($pdl / 1048576) . "</div></td>\n <td><div align='center'>" . ($n_posts ? "<a href='userhistory.php?action=viewposts&id=" . (int) $user['id'] . "'>{$n_posts}</a>" : $n_posts) . "|" . ($n_comments ? "<a href='userhistory.php?action=viewcomments&id=" . (int) $user['id'] . "'>{$n_comments}</a>" : $n_comments) . "</div></td></tr>\n"; } $HTMLOUT .= "</table>"; if ($count > $perpage) { $HTMLOUT .= $pager['pagerbottom']; } $HTMLOUT .= "\n<br />\n\n<form method='post' action='./new_announcement.php'>\n<table class='table table-bordered'>\n<tr>\n<td>\n<div align='center'>\n<input name='n_pms' type='hidden' value='" . $count . "' />\n<input name='ann_query' type='hidden' value='" . rawurlencode($announcement_query) . "' />\n<input name='ann_hash' type='hidden' value ='" . hashit($announcement_query, $count) . "' />\n<button type='submit'>{$lang['usersearch_create_ann']}</button>\n</div></td>\n</tr>\n</table>\n</form><br>"; } } if (isset($pagemenu)) { $HTMLOUT .= "<p>{$pagemenu}<br />{$browsemenu}</p>"; } echo $HTMLOUT . stdfoot(); die;
} ?> <br><br> <form method=post action=/new_announcement.php> <table border="1" cellpadding="5" cellspacing="0"> <tr> <td> <div align="center"> <input name="n_pms" type="hidden" value="<?php print $count; ?> "> <input name="ann_query" type="hidden" value="<?php print $announcement_query; ?> "> <input name="ann_hash" type="hidden" value ="<?php print hashit($announcement_query, $count); ?> "> <BUTTON TYPE=SUBMIT>Create New Announcement</BUTTON> </div></td> </tr> </table> </form> <?php } } print "<p>{$pagemenu}<br>{$browsemenu}</p>"; stdfoot(); die;
} //else echo mysqli_error($dbc); } //while of friends /* Appel de la fonction */ echo @paginate("welcome.php", '?p=', $countp, $current); //////////////////////////////////////////////////////////////////////// ?> </p> <p> </p> <p> </p></td> <td width="515" valign="top"><p><strong>YOUR NOTES</strong></p> <p> <div id="putnote"></div> <?php //MY NOTES $get_notes = mysql_query("select * from `notes` where `user`='" . $uid . "' and `note`!='0' order by notes_id desc") or die(mysql_error()); while ($note_row = mysql_fetch_array($get_notes)) { $note = stripslashes(nl2br($note_row['note'])); $time = $note_row['date']; $title = $note_row['title']; $ida = $note_row['notes_id']; $id = hashit($ida); echo "<a href='note/{$id}'>" . $title . "...</a> " . date("M j'G", $time) . "<br />"; } ?> </p></td> </tr> </table>
function logincookie($id, $passhash, $expires = 0x7fffffff) { Cookie::set("uid", $id, $expires, "/"); Cookie::set("pass", $passhash, $expires, "/"); Cookie::set("hashx", hashit($id, $passhash), $expires, "/"); }
function Login_response() { //*************************************************** global $_, $EX, $ONESCRIPT_file, $message, $page, $USERNAME, $HASHWORD, $LOGIN_ATTEMPTS, $MAX_ATTEMPTS, $LOGIN_DELAY, $LOGIN_DELAYED, $LOG_LOGINS, $LOGIN_LOG_file; $_SESSION = array(); //make sure it's empty $_SESSION['valid'] = 0; //Default to failed login. $attempts = 0; $elapsed = 0; $LOGIN_ATTEMPTS = Convert_encoding($LOGIN_ATTEMPTS); //$LOGIN_ATTEMPTS only used for filesystem access. $LOGIN_DELAYED = 0; //used to start Countdown at end of file //Check for prior login attempts (but don't increment count just yet) if (is_file($LOGIN_ATTEMPTS)) { $attempts = (int) file_get_contents($LOGIN_ATTEMPTS); $elapsed = time() - filemtime($LOGIN_ATTEMPTS); } if ($attempts > 0) { $message .= '<b>' . hsc($_['login_msg_01a']) . ' ' . $attempts . ' ' . hsc($_['login_msg_01b']) . '</b><br>'; } if ($attempts >= $MAX_ATTEMPTS && $elapsed < $LOGIN_DELAY) { $LOGIN_DELAYED = $LOGIN_DELAY - $elapsed; $message .= hsc($_['login_msg_02a']) . ' <span id=timer0></span> ' . hsc($_['login_msg_02b']); return; } //Trim any incidental whitespace before validating. $_POST['password'] = trim($_POST['password']); $_POST['username'] = trim($_POST['username']); //validate login. if ($_POST['password'] == "" || $_POST['username'] == "") { return; //Ignore login attempt if either username or password is blank. } elseif (hashit($_POST['password']) == $HASHWORD && $_POST['username'] == $USERNAME) { session_regenerate_id(true); $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; //for user consistancy check. $_SESSION['valid'] = 1; $page = "index"; if (is_file($LOGIN_ATTEMPTS)) { unlink($LOGIN_ATTEMPTS); } //delete count/file of $LOGIN_ATTEMPTS } else { file_put_contents($LOGIN_ATTEMPTS, ++$attempts); //increment attempts $message = $EX . '<b>' . hsc($_['login_msg_03']) . $attempts . '</b><br>'; if ($attempts >= $MAX_ATTEMPTS) { $LOGIN_DELAYED = $LOGIN_DELAY; $message .= hsc($_['login_msg_02a']) . ' <span id=timer0></span> ' . hsc($_['login_msg_02b']); } } //Log login attempts if ($LOG_LOGINS) { $log_file = Convert_encoding($LOGIN_LOG_file); $pass_fail = $_SESSION['valid'] . ' '; $timestamp = date("Y-m-d H:i:s") . ' '; $client_IP = $_SERVER['REMOTE_ADDR'] . ' '; $client_port = $_SERVER['REMOTE_PORT'] . ' '; $client = '"' . $_SERVER['HTTP_USER_AGENT'] . '"'; file_put_contents($log_file, $pass_fail . $timestamp . $client_IP . $client_port . $client . "\n", FILE_APPEND); } // }
<?php session_start(); include 'config.php'; include 'functions.php'; @($uid = $_SESSION['user_id']); @($user = $_SESSION['user']); $date = time(); if ((!isset($uid) || empty($uid) || !is_numeric($uid)) && isset($user)) { echo "ERROR 404"; } else { $sql = mysql_query("select * from notification where user_id='{$uid}'"); while ($row = mysql_fetch_array($sql)) { $id = hashit($row['note_id']); $fromID = $row['from_id']; echo "<p><a href='profile.php?id={$fromID}'>" . nameUser($row['from_id']) . "</a> <em>posted a comment about this <a href='note.php/{$id}'>Note</a></em></p>"; //update all UNREAD messages $up = mysql_query("UPDATE notification set unread='0' where user_id='{$uid}' and unread='1'"); } }
require_once INCL_DIR . 'bbcode_functions.php'; dbconn(false); loggedinorreturn(); $lang = array_merge(load_language('global')); if ($CURUSER['class'] < UC_ADMINISTRATOR) { stderr('Error', 'Your not authorised'); } $stdfoot = array('js' => array('shout')); if ($_SERVER['REQUEST_METHOD'] == 'POST') { //== The expiry days. $days = array(array(7, '7 Days'), array(14, '14 Days'), array(21, '21 Days'), array(28, '28 Days'), array(56, '2 Months')); //== Usersearch POST data... $n_pms = isset($_POST['n_pms']) ? (int) $_POST['n_pms'] : 0; $ann_query = isset($_POST['ann_query']) ? trim($_POST['ann_query']) : ''; $ann_hash = isset($_POST['ann_hash']) ? trim($_POST['ann_hash']) : ''; if (hashit($ann_query, $n_pms) != $ann_hash) { die; } // Validate POST... if (!preg_match('/\\ASELECT.+?FROM.+?WHERE.+?\\z/', $ann_query)) { stderr('Error', 'Misformed Query'); } if (!$n_pms) { stderr('Error', 'No recipients'); } //== Preview POST data ... $body = trim(isset($_POST['msg']) ? $_POST['msg'] : ''); $subject = trim(isset($_POST['subject']) ? $_POST['subject'] : ''); $expiry = 0 + (isset($_POST['expiry']) ? $_POST['expiry'] : 0); if (isset($_POST['buttonval']) and $_POST['buttonval'] == 'Submit') { //== Check values before inserting into row...
} // sinon la page courante est bien celle indiquée dans l'URL } /* $start est la valeur de départ du LIMIT dans notre requête SQL (est fonction de la page courante) */ $start = $current * $epp - $epp; /* Récupération des données à afficher pour la page courante */ $qry = "SELECT * FROM notes where user='******' LIMIT {$start}, {$epp}"; $res = @mysql_query($qry); if ($res) { /* Affichage des données */ echo "<ul>\n"; while ($item = mysql_fetch_array($res)) { $noteP = substr($item['note'], 0, 40); $noteidi = $item['notes_id']; $title = $item['title']; $idtohash = hashit($noteidi); $strike = $item['strike']; if ($strike == 1) { $d = "strike"; } else { $d = "u"; } echo "<{$d}><li><a id='titlee' class='{$noteidi}' href='note.php?q={$idtohash}'>" . $title . "</a></{$d}> "; if ($user_sess == $user && $strike == 0) { echo " <a id='{$noteidi}' href='#' class='deleteButton' > [ Delete ] </a><div id='deliiii'></div>"; } echo "</li>\n"; } echo "</ul>\n"; /* Libération du résultat */ mysql_free_result($res);