function Handle($Request) { header("Cache-Control: no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0"); header("Pragma: no-cache"); $userSession = new phpsec\Session(); $sessionID = $userSession->existingSession(); if ($sessionID != FALSE) { $userID = \phpsec\Session::getUserIDFromSessionID($sessionID); return require_once __DIR__ . "/../../view/default/user/index.php"; } else { $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home"; header("Location: {$newLocation}"); } }
function Handle($Request) { try { $userSession = new phpsec\Session(); $sessionID = $userSession->existingSession(); if ($sessionID != FALSE) { if (isset($_POST['submit'])) { $userID = \phpsec\Session::getUserIDFromSessionID($sessionID); if (isset($_POST['_x_oldpass']) && $_POST['_x_oldpass'] != "" && isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") { $config = (require_once __DIR__ . "/../../config/config.php"); if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) { $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>"; if ($config['PASSWORD_SUGGESTION'] === "ON") { $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>"; } return require_once __DIR__ . "/../../view/default/user/passwordreset.php"; } if ($_POST['pass'] !== $_POST['repass']) { $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>"; return require_once __DIR__ . "/../../view/default/user/passwordreset.php"; } try { $userObj = phpsec\UserManagement::logIn($userID, $_POST['_x_oldpass']); $userObj->resetPassword($_POST['_x_oldpass'], $_POST['pass']); $this->info .= "Your password have been changed successfully." . "<BR>"; } catch (phpsec\WrongPasswordException $e) { if ($config['BRUTE_FORCE_DETECTION'] === "ON") { try { new phpsec\AdvancedPasswordManagement($userID, $_POST['pass'], TRUE); } catch (phpsec\BruteForceAttackDetectedException $ex) { \phpsec\User::lockAccount($userID); $this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>"; } } $this->error .= "Your old password does not seems correct. Please enter your old password for verification." . "<BR>"; } } else { $this->error .= "ERROR: Empty fields are not allowed." . "<BR>"; } } } else { $this->error .= "You are not logged-in. Please login to complete the operation." . "<BR>"; $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login"; header("Location: {$newLocation}"); } } catch (Exception $e) { $this->error .= $e->getMessage() . "<BR>"; } return require_once __DIR__ . "/../../view/default/user/passwordreset.php"; }
function Handle($Request) { try { $userSession = new phpsec\Session(); $sessionID = $userSession->existingSession(); if ($sessionID != FALSE) { if (isset($_POST['submit'])) { if (isset($_POST['pass']) && $_POST['pass'] != "" && isset($_POST['repass']) && $_POST['repass'] != "") { $config = (require_once __DIR__ . "/../../config/config.php"); if (phpsec\BasicPasswordManagement::$passwordStrength > phpsec\BasicPasswordManagement::strength($_POST['pass'])) { $this->error .= "ERROR: This password is too weak. Please choose a different password. A good password contains a-z, A-Z, 0-9, & special characters." . "<BR>"; if ($config['PASSWORD_SUGGESTION'] === "ON") { $this->info .= "This password is strong: " . substr(\phpsec\BasicPasswordManagement::generate(1), 0, 8) . "<BR>"; } return require_once __DIR__ . "/../../view/default/user/newpassword.php"; } if ($_POST['pass'] !== $_POST['repass']) { $this->error .= "Your Password and Re-Type Password fields do not match. Please enter the same password twice." . "<BR>"; return require_once __DIR__ . "/../../view/default/user/newpassword.php"; } $userID = \phpsec\Session::getUserIDFromSessionID($sessionID); if ($userID !== FALSE) { $userObj = phpsec\UserManagement::forceLogIn($userID); if ($userObj->forceResetPassword($_POST['pass'])) { $this->info .= "Your Password has been changed successfully." . "<BR>"; } else { $this->error .= "We encountered an error. Please re-try later!" . "<BR>"; } } else { $userSession->destroySession(); $this->error .= "Your session seems to be invalid. Cannot proceed!!" . "<BR>"; } } else { $this->error .= "ERROR: Empty fields are not allowed." . "<BR>"; } } } else { $this->error .= "Seems you should not be accessing this page!" . "<BR>"; $newLocation = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/login"; header("Location: {$newLocation}"); } } catch (Exception $e) { $this->error .= $e->getMessage() . "<BR>"; } return require_once __DIR__ . "/../../view/default/user/newpassword.php"; }
function Handle($Request) { try { $userSession = new phpsec\Session(); $sessionID = $userSession->existingSession(); if ($sessionID != FALSE) { $userID = \phpsec\Session::getUserIDFromSessionID($sessionID); $userObj = phpsec\UserManagement::forceLogIn($userID); phpsec\UserManagement::logOut($userObj); } else { phpsec\User::deleteAuthenticationToken(); } $this->info .= "You are now logged out." . "<BR>"; $nextURL = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/home"; header("Location: {$nextURL}"); } catch (Exception $e) { $this->error .= $e->getMessage() . "<BR>"; $lastURL = $_SERVER['HTTP_REFERER']; header("Location: {$lastURL}"); } }
function Handle($Request) { try { $config = (require_once __DIR__ . "/../../config/config.php"); $userID = \phpsec\User::checkRememberMe(); if (!$userID) { if (isset($_POST['submit'])) { if (isset($_POST['user']) && $_POST['user'] != "" && isset($_POST['pass']) && $_POST['pass'] != "") { try { $userID = $_POST['user']; $userObj = phpsec\UserManagement::logIn($_POST['user'], $_POST['pass']); } catch (phpsec\WrongPasswordException $e) { if ($config['BRUTE_FORCE_DETECTION'] === "ON") { try { new phpsec\AdvancedPasswordManagement($_POST['user'], $_POST['pass'], TRUE); } catch (phpsec\BruteForceAttackDetectedException $ex) { \phpsec\User::lockAccount($_POST['user']); $this->error .= "Brute Force Attack detected on this account. This account has now been locked. If its not your fault, then please contact the administrator." . "<BR>"; } } $this->error .= "Incorrect Username/Password combination!" . "<BR>"; return require_once __DIR__ . "/../../view/default/user/login.php"; } catch (phpsec\UserAccountInactive $e) { $userEmail = phpsec\User::getPrimaryEmail($_POST['user']); $activationLink = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/temppass?user="******"&mode=activation" . "&email=" . $userEmail; $this->error .= "ERROR: The account is inactive. Please activate your account by clicking <a href=\"{$activationLink}\">here</a>." . "<BR>"; return require_once __DIR__ . "/../../view/default/user/login.php"; } if (isset($_POST['remember-me']) && $_POST['remember-me'] == "on") { if (phpsec\HttpRequest::isHTTPS()) { phpsec\User::enableRememberMe($_POST['user']); } else { phpsec\User::enableRememberMe($_POST['user'], FALSE, TRUE); } } } else { $this->error .= "Empty fields are not allowed. Please fill the required areas." . "<BR>"; } } else { return require_once __DIR__ . "/../../view/default/user/login.php"; } } $userSession = new phpsec\Session(); try { $sessionID = $userSession->existingSession(); if ($sessionID) { $userSessionID = $userSession->rollSession(); } else { $userSessionID = $userSession->newSession($userID); } $userObj = phpsec\UserManagement::forceLogIn($userID); if ($userObj->isPasswordExpired()) { $this->info .= "Its been too long since you have changed your password. For security reasons, please change your password." . "<BR>"; } $url_to_redirect = \phpsec\HttpRequest::Protocol() . "://" . \phpsec\HttpRequest::Host() . \phpsec\HttpRequest::PortReadable() . "/rnj/framework/user/index"; header("HTTP/1.1 302 Found"); header('Location: ' . $url_to_redirect); } catch (\phpsec\SessionExpired $e) { $this->error .= $e->getMessage() . "<BR>"; phpsec\User::deleteAuthenticationToken(); } } catch (Exception $e) { $this->error .= $e->getMessage() . "<BR>"; } return require_once __DIR__ . "/../../view/default/user/login.php"; }