<?php
require_once 'header.php';
$error = $user = $pass = "";
// When form is submitted, sanitize inputs and check for validity.
if (isset($_POST['user'])) {
$user = sanitizeString($db, $_POST['user']);
$pass = sanitizeString($db, $_POST['pass']);
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br>";
} else {
// Salt and hash passwords before adding to database.
$salt1 = "2Qs0r@";
$salt2 = "J0n@\$";
$token = hash('ripemd128', "{$salt1}{$pass}{$salt2}");
$result = queryMySQL("SELECT userid,password FROM USERS\n WHERE userid='{$user}' AND password='******'");
if ($result->num_rows == 0) {
$error = "<span class='error'>Username/Password\n invalid</span><br>";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
// Clear forms and present link to main app page.
echo "<script>\$(\"#primaryForm\").remove();</script>";
die("You are now signed in. Please <a href='wall.php'>" . "click here</a> to continue.<br>");
}
}
}
// Remove top sign in button, present sign in form.
echo <<<_END
<script>
\$("#signInBtn").remove();
<?php
// Example 26-7: login.php
require_once 'header.php';
echo "<div class='main'><h3>Please enter your details to log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$pass = password_hash(sanitizeString($_POST['pass']), PASSWORD_DEFAULT);
$pass = sha1(sanitizeString($_POST['pass']));
if ($user == "" || $pass == "") {
$error = "Not all fields were entered<br>";
} else {
$result = queryMySQL("SELECT user,pass FROM members\n WHERE user='******' AND pass='******'");
if ($result->num_rows == 0) {
$error = "<span class='error'>Username/Password\n invalid</span><br><br>";
} else {
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view={$user}'>" . "click here</a> to continue.<br><br>");
}
}
}
echo $pass;
echo <<<_END
<form method='post' action='login.php'>{$error}
<span class='fieldname'>Username</span><input type='text'
maxlength='16' name='user' value='{$user}'><br>
<span class='fieldname'>Password</span><input type='password'
maxlength='16' name='pass' value='{$pass}'>
_END;
require_once 'session.php';
//Haomin liu,12109377,assignment 2,quizfun
$error = $username = $password = "";
$errorCode = 0;
$errorDesc = "";
if (isset($_POST['user'])) {
$username = sanitizeString($_POST['user']);
$password = sanitizeString($_POST['pass']);
if ($username == "" || $password == "") {
$errorCode = 1;
$errorDesc = "Not all fields were entered";
} else {
//salt and hash for password
$salt1 = "qm&h*";
$salt2 = "pg!@";
$token = hash('ripemd128', "{$salt1}{$password}{$salt2}");
//search input user in database
$result = queryMySQL("SELECT username,password FROM members\n WHERE username='******' AND password='******'");
if ($result->num_rows == 0) {
$errorCode = 2;
$errorDesc = "Username or Password is invalid";
} else {
$_SESSION['user'] = $username;
$errorCode = 0;
$errorDesc = "You are now logged in";
}
}
}
echo json_encode(array('error' => $errorCode, 'errorDesc' => $errorDesc));
$connection->close();
if (isset($_SESSION['user'])) {
destroySession();
}
if (isset($_POST['user'])) {
$user = sanitizeString($db, $_POST['user']);
//Get the form fields
$pass = sanitizeString($db, $_POST['pass']);
$passver = sanitizeString($db, $_POST['passver']);
if ($user == "" || $pass == "" || $passver == "") {
$error = "Not all fields were entered<br>";
} else {
if ($pass != $passver) {
$error = "Passwords don't match<br>";
} else {
//Check to see if username already exists
$result = queryMySQL("SELECT username FROM USERS WHERE username='******'");
if ($result->num_rows > 0 || stripos($user, "admin") > -1) {
$error = "Username unavailable";
} else {
$token = encrypt($pass);
add_user($connection, $user, $token);
echo '<META http-equiv="refresh" content="3;URL=http://lamp.cse.fau.edu/~wnazaire2013/fp/index.php">';
die("Sign up sucessful! <a href='index.php'>Login here</a> if redirect fails.");
}
}
}
}
echo <<<_END
{$error}
<div id='info' class=""></div>
<div id="validation_state" class="">
<?php
require_once 'all.php';
if ($loggedin) {
die("<!DOCTYPE html>\n <html>\n <head>\n <title>Log in</title>\n </head>\n <body class='overbody'>\n <link type='text/css' rel='stylesheet' href='login.css'/> \n <link rel='stylesheet' href='jquery-ui.min.css'>\n <link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet'>\n <link href='http://s3.amazonaws.com/codecademy-content/courses/ltp2/css/bootstrap.min.css' rel='stylesheet'>\n <link rel='alternate' type='application/rss+xml' title='RSS' href='http://www.csszengarden.com/zengarden.xml'>\n <script src='//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script type='text/javascript' src='jquery.js'></script>\n <script src='menu.js'></script>\n <script src='filter.js'></script>\n <script src='https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script src='insideFilter.js'></script> \n \n <div class='topbar'>\n <div class='container'>\n <ul class='menu'>\n <li><a href='index.php'>Home</a></li>\n <li><a href='thread.php'>Create Thread</a></li>\n <li><a href='createLiveThread.php'>Create Live Thread</a></li>\n <li><a href='groups.php'>Groups</a></li>\n <li><a href='allChatRooms.php'>Chat</a></li>\n <li><a href='activity.php'>Activity</a></li>\n <li class='dropdown'>\n <a href='#' class='dropdown-toggle'>Me<b class='caret'></b></a>\n <ul class='dropdown-menu'>\n <li><a href='profile.php'>Profile</a></li>\n <li><a href='photos.php'>My Photos</a></li>\n <li><a href='myvideos.php'>My videos</a></li>\n <li><a href='watching.php'>Watching</a></li>\n <li><a href='watchers.php'>My Watchers</a></li>\n <li><a href='groups.php'>My Groups</a></li>\n <li><a href='mythread.php'>My Threads</a></li>\n <li><a href='logout.php'>Log out</a></li>\n <li><a href='messages.php'>Messages</a></li>\n </ul>\n </li>\n </ul>\n \n </div>\n </div>\n <div class='inputEverything'>\n <div class='logmain'>\n You are already logged in. Please <a href='profile.php?view={$user}'>\n click here</a> to continue.<br><br>\n </div>\n </div>");
}
$error = $user = $password = $email = "";
if (isset($_POST['user'])) {
$user = sanitizeString($_POST['user']);
$password = sanitizeString($_POST['password']);
$email = sanitizeString($_POST['email']);
if ($user == '' || $email == '' || $password == '') {
$error = "All fields are not entered<br><br>";
} else {
$result = queryMySQL("SELECT user,password,email FROM members WHERE user='******' AND password='******' AND email='{$email}'");
}
if ($result->num_rows == 0) {
$error = "<span class='error'>Username/Password/email invalid</span><br><br>";
} else {
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
$_SESSION['email'] = $email;
$loggedin = TRUE;
die("<!DOCTYPE html>\n <html>\n <head>\n <title>Log in</title>\n </head>\n <body class='overbody'>\n <link type='text/css' rel='stylesheet' href='login.css'/> \n <link rel='stylesheet' href='jquery-ui.min.css'>\n <link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet'>\n <link href='http://s3.amazonaws.com/codecademy-content/courses/ltp2/css/bootstrap.min.css' rel='stylesheet'>\n <link rel='alternate' type='application/rss+xml' title='RSS' href='http://www.csszengarden.com/zengarden.xml'>\n <script src='//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script type='text/javascript' src='jquery.js'></script>\n <script src='menu.js'></script>\n <script src='filter.js'></script>\n <script src='https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js'></script>\n <script src='insideFilter.js'></script> \n \n <div class='topbar'>\n <div class='container'>\n <ul class='menu'>\n <li><a href='index.php'>Home</a></li>\n <li><a href='thread.php'>Create Thread</a></li>\n <li><a href='createLiveThread.php'>Create Live Thread</a></li>\n <li><a href='groups.php'>Groups</a></li>\n <li><a href='allChatRooms.php'>Chat</a></li>\n <li><a href='activity.php'>Activity</a></li>\n <li class='dropdown'>\n <a href='#' class='dropdown-toggle'>Me<b class='caret'></b></a>\n <ul class='dropdown-menu'>\n <li><a href='profile.php'>Profile</a></li>\n <li><a href='photos.php'>My Photos</a></li>\n <li><a href='viewWatching.php'>Watching</a></li>\n <li><a href='viewWatchers.php'>My Watchers</a></li>\n <li><a href='groups.php'>Groups</a></li>\n <li><a href='logout.php'>Log out</a></li>\n\t\t\t <li><a href='messages.php'>Messages</a></li>\n </ul>\n </li>\n </ul>\n \n </div>\n </div>\n <div class='inputEverything'>\n <div class='logmain'>\n You are now logged in. Please <a href='profile.php?view={$user}'>\n click here</a> to continue.<br><br>\n </div>\n </div>");
}
}
echo <<<_A
<!DOCTYPE html>
<html>
<head>
<title>Log in</title>
$("#slide").slideToggle(3000);
});
});
</script>
<?php
require_once 'functions.php';
$error = $user = $pass = "";
if (isset($_POST['email'])) {
$email = sanitizeString($_POST['email']);
$password = sanitizeString($_POST['password']);
if (empty($email) || empty($password)) {
$error = "Not all fields were entered";
echo "<script>alert('" . $error . "');</script>";
} else {
$result = queryMySQL("SELECT email,password FROM users\n WHERE email='{$email}' AND password='******'");
if ($result->num_rows == 0) {
//$error = "<span class='error'>Username/Password
//invalid</span><br><br>";
echo "<script>alert('Username/Password invalid')</script>";
} else {
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
echo "<script>alert('Success');</script>";
header('Refresh:1; url=index.html');
die;
}
}
}
?>
<?php
require_once '../functions.php';
logger("************* Started admin task *************");
$data = json_decode(file_get_contents("php://input"));
logger(print_r($data, TRUE));
$username = sanitizeString($data->username);
$admin = sanitizeString($data->admin);
logger("username = "******" ... adminset = " . $admin);
$query = "UPDATE users SET admin='{$admin}' WHERE username='******'";
$response = queryMySQL($query);
logger($response);
echo "Success";
*/
require_once 'functions/functions.php';
require_once 'functions/header.php';
if ($_POST) {
if (!$loggedin) {
$error = $user = $pass = "";
if (isset($_POST['username'])) {
$user = sanitizeString($_POST['username']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "") {
$error = "<center>Not all fields were entered<br></center>";
} else {
$s1 = "su*!#er";
$s2 = "ts&a@s#";
$token = hash('ripemd128', "{$s1}{$pass}{$s2}");
$result = queryMySQL("SELECT userid,fac_id,grid FROM Access\n WHERE userid='{$user}' AND pass='******'");
$row = mysql_fetch_array($result);
if (!$row) {
$error = "<br><br><center><span class='error'>Username/Password\n invalid</span><br><br></center>";
echo '' . $error;
} else {
insertAccessInfo($user);
$_SESSION['user'] = $row['userid'];
$_SESSION['fac_id'] = $row['fac_id'];
$_SESSION['grid'] = $row['grid'];
$sessionfac_id = $row['fac_id'];
$loggedin = TRUE;
echo "<br><center><div class='main'>You are now logged in.<br>" . "You are now being redirected to home page." . "<a href='index.php' style='font-size:1em; color:white;'>Click here</a> to redirect manually.<br><br></div></center>";
header("Refresh: 1; url=index.php");
exit;
}
<?php
require_once '../functions.php';
logger("Started fetch");
$data = json_decode(file_get_contents("php://input"));
logger(print_r($data, TRUE));
$username = sanitizeString($data->username);
logger("Username = "******"SELECT username, password, major, first_name, last_name, admin, locked, banned FROM users WHERE username='******'");
logger(print_r($result, TRUE));
$result->data_seek(0);
$row = $result->fetch_array(MYSQLI_ASSOC);
$row = json_encode($row);
logger(print_r($row, TRUE));
logger("Final JSON");
logger(print_r(json_encode($row), TRUE));
echo $row;
<?php
require_once '../functions.php';
logger("Started fetch for rating");
$data = json_decode(file_get_contents("php://input"));
logger(print_r($data, TRUE));
$id = sanitizeString($data->id);
logger("movie_id=" . $id);
$query = "SELECT rating FROM ratings WHERE movie_id='{$id}'";
$result = queryMySQL($query);
if (!$result) {
die($connection->error);
}
$num_ratings = $result->num_rows;
$totalRating = 0;
for ($i = 0; $i < $num_ratings; $i++) {
$result->data_seek($i);
$row = $result->fetch_array(MYSQLI_ASSOC);
$rating = $row['rating'];
$totalRating = $totalRating + $rating;
}
$returnValue = json_encode(array("total_rating" => $totalRating, "ratings_count" => $num_ratings));
logger(print_r($returnValue, TRUE));
echo $returnValue;
die($connection->connect_error);
}
}
if (isset($_POST['user'])) {
$user = sanitizeString($db, $_POST['user']);
//Get the form fields
$pass = sanitizeString($db, $_POST['pass']);
$passver = sanitizeString($db, $_POST['passver']);
if ($user == "" || $pass == "" || $passver == "") {
$error = "Not all fields were entered<br>";
} else {
if ($pass != $passver) {
$error = "Passwords don't match<br>";
} else {
//Check to see if username already exists
$result = queryMySQL("SELECT username,password FROM USERS\n WHERE username='******'");
if ($result->num_rows > 0) {
$error = "<span class='error'>Username already exists</span><br><br>";
} else {
$token = encrypt($pass);
add_user($connection, $user, $token);
die("Sign up sucessful! <a href='index.php'>Login here.</a>");
}
}
}
}
echo <<<_END
{$error}
<label for="user" class="sr-only">Username</label>
<input type="text" name="user" class="form-control" placeholder="Choose a username" value="{$user}" required autofocus>
<label for="pass" class="sr-only">Password</label>
<?php
require_once '../functions.php';
$data = json_decode(file_get_contents("php://input"));
logger(print_r($data, TRUE));
$username = sanitizeString($data->username);
$password = sanitizeString($data->password);
logger("Username = "******"Password = "******"" && $password) {
$response = queryMySQL("INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')");
logger($response);
echo "Success!";
}
?>
<?php
require_once '../functions.php';
logger("Started list");
$result = queryMySQL("SELECT username, password, major, first_name, last_name, banned, locked, admin FROM users");
logger(print_r($result, TRUE));
$num_rows = $result->num_rows;
$returnVal = array();
for ($i = 0; $i < $num_rows; $i++) {
$result->data_seek($i);
$row = $result->fetch_array(MYSQLI_ASSOC);
$returnVal[] = $row;
}
logger(print_r(json_encode($returnVal), TRUE));
echo json_encode($returnVal);
<!-- <script src="js/jquery-2.1.1.js"></script> -->
<script src="js/showpassword.js"></script>
</head>
<body>
<?php
$error = $login_user = $login_pass = $hash_pass = "";
if (isset($_POST['user'])) {
$login_user = sanitizeString($_POST['user']);
$login_pass = sanitizeString($_POST['pass']);
if ($login_pass != "") {
$hash_pass = md5("hash" . $login_pass);
}
if ($login_user == "" || $login_pass == "") {
$error = "<span class='error'>Not all fields were entered.</span>";
} else {
$result = queryMySQL("SELECT user,pass FROM members\n\t\t\t\t\t\t\tWHERE user='******' AND pass='******'");
if ($result->num_rows == 0) {
$error = "Username / Passward invalid.";
echo "<script type='text/javascript'>alert('{$error}');</script>";
} else {
$_SESSION['user'] = $login_user;
$_SESSION['pass'] = $hash_pass;
if (isset($_POST['signup'])) {
header("location:profile.php");
} else {
header("location:members.php");
}
}
}
}
?>
