/** return data: $array[success]=true; $array[session_hash]=jkjkjkjkjkjkjkj; $array[subprojects]=array( 55=>'Subproject 1', 77=>'Subproject2' ); **OR** $array[success]=false; $array[errormessage]='Bad Password'; */ function &MSPLogin($username, $password) { global $feedback, $session_ser, $sys_database_type; $success = session_login_valid(strtolower($username), $password); if ($success) { $array['success'] = true; $array['session_hash'] = $session_ser; if ($sys_database_type == "mysql") { $sql = "SELECT pgl.group_project_id, CONCAT(g.group_name, ': ', pgl.project_name) AS name"; } else { $sql = "SELECT pgl.group_project_id, g.group_name || ': ' || pgl.project_name AS name"; } $sql .= "\n\t\t\tFROM groups g, project_group_list pgl, role_setting rs, user_group ug\n\t\t\tWHERE ug.user_id='" . user_getid() . "' \n\t\t\tAND g.group_id=pgl.group_id\n\t\t\tAND rs.value::integer > 0\n\t\t\tAND rs.group_project_id = pgl.group_project_id\n AND ug.role_id = rs.role_id\n AND rs.section_name='pm'"; $res = db_query($sql); $rows = db_numrows($res); if (!$res || $rows < 1) { $array['success'] = false; $array['errormessage'] = 'No Subprojects Found'; } else { for ($i = 0; $i < $rows; $i++) { $array['subprojects'][db_result($res, $i, 'group_project_id')] = db_result($res, $i, 'name'); } } } else { $array['success'] = false; $array['errormessage'] = $feedback; } printr($array, 'MSPLogin::return-array'); return $array; }
function account_verify($password, $user_name, $confirm_hash) { global $feedback; if (!$user_name) { $feedback .= ' Must Enter a User Name '; return false; } // first check just confirmation hash $res = db_query("SELECT confirm_hash,status FROM users \n\t\tWHERE user_name='" . strtolower($user_name) . "'"); if (db_numrows($res) < 1) { $feedback .= ' Invalid username '; return false; } $usr = db_fetch_array($res); if (strcmp($confirm_hash, $usr['confirm_hash'])) { $feedback .= ' Invalid confirmation hash '; return false; } // then check valid login return session_login_valid(strtolower($user_name), $password, 1); }
/** * login - Logs in a SOAP client * * @param string userid The user's unix id * @param string passwd The user's passwd in clear text * * @return string the session key */ function login($userid, $passwd) { global $feedback, $session_ser; setlocale(LC_TIME, _('en_US')); $res = session_login_valid($userid, $passwd); if (!$res) { return new soap_fault('1001', 'user', "Unable to log in with userid of " . $userid, $feedback); } return $session_ser; }
<?php // ## export patches for a specific project include "pre.php"; header("Content-Type: text/plain"); print "<?xml version=\"1.0\"?>\n<!DOCTYPE bs_patches SYSTEM \"http://{$sys_default_host}/export/bs_patches_0.1.dtd\">\n<patches>\n"; if (!isset($group_id)) { print "\t<error>Group ID Not Set</error>\n"; } else { $project = group_get_object($group_id); if (!user_isloggedin()) { if (isset($login) && isset($passwd)) { $success = session_login_valid(strtolower($login), $passwd); if (!$success) { print " <error>Invalid Login and/or Password</error>\n"; print "</tasks>\n"; exit; } } else { print " <error>Login and/or Password missing</error>\n"; print "</tasks>\n"; exit; } } if (!$project->userIsAdmin()) { print " <error>You are not an administrator for this project</error>\n"; print "</bugs>\n"; exit; } $query = "SELECT \n\t\t\t\tp.*\n\t\t\t FROM \n\t\t\t\tpatch p\n\t\t\t WHERE \n\t\t\t\tp.group_id='{$group_id}'"; $res = db_query($query);
<?php /** * * "API" Page to get current session hash * * SourceForge: Breaking Down the Barriers to Open Source Development * Copyright 1999-2001 (c) VA Linux Systems * http://sourceforge.net * * @version $Id$ * */ require_once $gfwww . 'include/squal_pre.php'; $success = session_login_valid($user, $pass); if ($success) { echo $session_ser; } else { echo 'ERROR - ' . $feedback; }
exit_error(_('Missing paramater'), _('You must enter a user name.')); } $u = user_get_object_by_name($loginname); if (!$u || !is_object($u)) { exit_error('Error', 'Could Not Get User'); } elseif ($u->isError()) { exit_error('Error', $u->getErrorMessage()); } if ($u->getStatus() == 'A') { exit_error(_('Invalid operation'), _('Account already active.')); } $confirm_hash = html_clean_hash_string($confirm_hash); if ($confirm_hash != $u->getConfirmHash()) { exit_error(_('Invalid parameter'), _('Cannot confirm account identity - invalid confirmation hash (or login name)')); } if (!session_login_valid($loginname, $passwd, 1)) { exit_error(_('Access denied'), _('Credentials you entered do not correspond to valid account.')); } if (!$u->setStatus('A')) { exit_error(_('Could not activate account'), _('Error while activiting account') . ': ' . $u->getErrorMessage()); } session_redirect("/account/first.php"); } $HTML->header(array('title' => 'Verify')); echo _('<p>In order to complete your registration, login now. Your account will then be activated for normal logins.</p>'); if (isset($GLOBALS['error_msg'])) { print '<p><span class="error">' . $GLOBALS['error_msg'] . '</span>'; } ?> <form action="<?php
/** * Check if a username+password pair is a valid login. * The name will be normalized to MediaWiki's requirements, so * you might need to munge it (for instance, for lowercase initial * letters). * * @param string $username * @param string $password * @return bool * @access public */ function authenticate($username, $password) { /* global $G_USERNAME; echo '<h1>XXXXXX'.$username.$G_USERNAME.'</h1>'; if (strtolower($username) != $G_USERNAME) { return false; } return isset($G_USERNAME); */ return session_login_valid(strtolower($username), $password); }
if ($sys_use_ssl && !session_issecure()) { //force use of SSL for login header('Location: https://' . getStringFromServer('HTTP_HOST') . getStringFromServer('REQUEST_URI')); } // Decide login button based on session. if (session_issecure()) { $login_button = _('Login with SSL'); } else { $login_button = _('Login'); } // ###### first check for valid login, if so, redirect if ($login) { if (!form_key_is_valid(getStringFromRequest('form_key'))) { exit_form_double_submit(); } $success = session_login_valid(strtolower($form_loginname), $form_pw); if ($success) { /* You can now optionally stay in SSL mode */ if ($return_to) { header("Location: " . $return_to); exit; } else { header("Location: " . util_make_url("/my/")); exit; } } } if (isset($session_hash)) { //nuke their old session