Skip to content

Instantly share code, notes, and snippets.

@afnanenayet

afnanenayet/Controller

Last active August 29, 2015 14:19
Show Gist options
  • Save afnanenayet/19f4de021d003797b64b to your computer and use it in GitHub Desktop.
Save afnanenayet/19f4de021d003797b64b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Controller
<?php
require('OrganizationHome.php');
require("$OrganizationHome/SessionSpecifics.php");
if (isset($_SESSION['Authority']) and $_SESSION['Authority'] != '') {
header("Location: Controller.php");
exit;
}
if (!isset($_SESSION["Attempts"])) {
$_SESSION["Attempts"] = 0;
$FirstTime = true;
} else {
$FirstTime = false;
}
if (!isset($_REQUEST['View'])) {
$View = '';
} else {
$View = $_REQUEST['View'];
}
$LoginMessage = '';
$ErrorMessage = '';
$NeedsReset = false;
if (isset($_REQUEST['After'])) {
$After = $_REQUEST['After'];
} else {
$After = '';
}
if ($FirstTime) {
$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>";
//$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>";
} elseif ($View == 'Log In') {
$LoginMessage = '';
if (!isset($_POST['EnteredLoginId']) or !isset($_POST['EnteredPassword'])) {
$Msg = "Please use the intranet's buttons and links to navigate...";
LogIt('Suspicious', $View, $Msg, '');
echo $Msg;
exit;
} elseif ($_POST['EnteredLoginId'] == "" or $_POST['EnteredPassword'] == "") {
$ErrorMessage .= "<p><span class=\"FlagIt\">* </span>Please enter your Login Id and your Password before clicking
the Log In button...</p>";
} else {
$ErrorMessage = '';
}
if ($ErrorMessage == '') {
$NeedsReset = false;
//This scheme is needed to accomodate passwords entered & known by the Admin stored in plain text
//so the User may need to reset the password to a sha1 checksum
//Try hashed password first, will usually be this...
extract($_POST);
$HashedPassword = sha1($EnteredPassword);
$EnteredLoginId = mysql_real_escape_string($EnteredLoginId);
//$EnteredLoginId = addslashes($EnteredLoginId);
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$HashedPassword'";
//echo $SQLStmt; exit;
$PassResult = mysql_query($SQLStmt) or die ("Unable to get Hashed Password using '$SQLStmt'...");
$ResultCount = mysql_num_rows($PassResult);
if ($ResultCount == 0) {
//echo "Trying plain text"; exit;
//$LoginMessage .= "Going after reset password, sha1 didn't work...<br>";
$EnteredPassword = mysql_real_escape_string($EnteredPassword);
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$EnteredPassword'";
$PassResult = mysql_query($SQLStmt) or die ("Unable to get reset password using '$SQLStmt'...");
$ResultCount = mysql_num_rows($PassResult);
if ($ResultCount == 1) $NeedsReset = true;
}
if ($ResultCount == 1) {
$AcctRecord = mysql_fetch_assoc($PassResult);
$_SESSION['UserId'] = $AcctRecord['AcctId'];
$_SESSION['LoginId'] = $AcctRecord['AcctLoginId'];
$_SESSION['Authority'] = $AcctRecord['AcctAuthority'];
$_SESSION['EmailAddress'] = $AcctRecord['AcctEmail'];
$FirstName = $AcctRecord['AcctFirstName'];
$LastName = $AcctRecord['AcctLastName'];
$Suffix = $AcctRecord['AcctSuffix'];
$_SESSION['FirstName'] = $AcctRecord['AcctFirstName'];
$_SESSION['LastName'] = $AcctRecord['AcctLastName'];
$_SESSION['Suffix'] = $AcctRecord['AcctSuffix'];
if ($FirstName <> "") $FirstName .= " ";
$_SESSION['FullName'] = $FirstName . $LastName . $Suffix;
$_SESSION['OrganizationFullName'] = $OrganizationFullName;
$_SESSION['OrganizationShortName'] = $OrganizationShortName;
$UserAgent = $_SERVER['HTTP_USER_AGENT'];
if (strpos($UserAgent,'Mobi') !== false || strpos($UserAgent,'iPhone') !== false) {
$_SESSION['BrowserType'] = 'Mobil';
} elseif (strpos($UserAgent,'Android') !== false || strpos($UserAgent,'iPad') !== false) {
$_SESSION['BrowserType'] = 'Tablet';
} else {
$_SESSION['BrowserType'] = 'DeskOrNotebook';
}
LogIt('',$View, 'Logged In','');
unset($_SESSION['Attempts']);
if ($NeedsReset) {
header("Location: SetPassword.php?View=GetNew");
} else {
if (isset($After) and $After != '') {
$Location = $After;
} else {
$Location = 'Controller.php';
}
$_SESSION['Attempts'] = 0;
//echo 'To Controller'; exit;
header("Location: $Location");
}
exit;
} elseif ($ResultCount == 0) {
LogIt('Suspicious',$View, "Attempted log in using '$EnteredLoginId'",'');
$ErrorMessage .= "<span class=\"FlagIt\">* </span>The login id and password entered were not a valid combination.
<br />Please try again...";
} else {
$ErrorMessage .= "<span class=\"FlagIt\">* </span>Please contact your organization's intranet manager and advise that your login credentials are no longer valid... ($ResultCount)";
}
}
//echo "Were we ever here "; exit;
} else {
LogIt('Suspicious',$View, "Invalid View", '');
session_destroy();
print "<html><head><title>Invalid View!</title></head>
<body>
<h1 style=\"color:red\">Invalid View!
Please use the links and buttons to navigate this site!
</h1>
</body>
</html>";
exit;
//$TheStatus = $AcctRecord['AcctStatus'];
//if (!isset($_SESSION['MenuMsg'])) $LoginMessage = "<span class=\"FlagIt\">* </span>Your Log In cannot be processed at this time. Your account status is '$TheStatus'... ";
}
$_SESSION["Attempts"] ++;
if ($_SESSION["Attempts"] > 3) {
LogIt('Suspicious',$View, "Failed to Log In after 3 attempts", '');
session_destroy();
print "<html><head><title>Too Many Attempts!</title></head>
<body>
<h1 style=\"color:red\">Too many log in attempts.
Please check with your organization's intranet manager about your intranet credentials...</h1>
</body>
</html>";
exit;
}
//$LoginMessage .= "Enter your Login Id and Password, then click the Log In button. ";
$Attempts = $_SESSION["Attempts"];
if ($Attempts == 1) {
$LoginMessage .= "";
} elseif ($Attempts == 2) {
//sleep(5);
$LoginMessage .= " (2nd attempt)";
} elseif ($Attempts == 3) {
//sleep(10);{
$LoginMessage .= " (Last attempt)";
}
if ($LoginMessage != '') $LoginMessage = "<p>$LoginMessage</p>\n";
if (isset($_SESSION['MenuMsg'])) {
$MenuMsg = '<p>' . $_SESSION['MenuMsg'] . "</p>\n";
unset($_SESSION['MenuMsg']);;
} else {
$MenuMsg = '';
}
if ($After != '') {
$AfterSlug = "<input type=\"hidden\" name=\"After\" value=\"$After\" />";
} else {
$AfterSlug = '';
}
$LogInForm = "\n\n<form name=\"LogIn\" method=\"POST\" action=\"LogIn.php\" >\n";
$LogInForm .= "
<span style=\"font-size:2em; \">
$MenuMsg
$LoginMessage
$ErrorMessage
<table><tr><td align=\"right\">Login Id:&nbsp;</td><td><input type=\"text\" size=\"20\" maxlength=\"20\" name=\"EnteredLoginId\" ></td></tr>
<tr><td align=\"right\">Password:&nbsp;</td><td><input type=\"password\" size=\"28\" maxlength=\"28\" name=\"EnteredPassword\" ></td></tr>
<tr><td align=\"right\">&nbsp;</td><td><input type=\"submit\" name=\"View\" value=\"Log In\" /></td></tr>
</table>
$AfterSlug
<p>Click <a href=\"AccountOwner.php?View=Get Account\"><span class=\"FlagIt\">Get Account</span></a>
to get an account with $OrganizationFullName.
<br /><br />Click <a href=\"AccountOwner.php?View=Have VCode\"><span class=\"FlagIt\">Enter Email Verification Code</span></a>
to enter an email validation code. </p>
<span>
";
$TheHTML = file_get_contents("Templates/Form.html");
if (!$TheHTML) {
$Msg = "Can't read Template...";
LogIt("File Read Error", $View, $Msg, '');
echo $Msg;
exit;
}
$LogInForm = "\n\n$LogInForm\n\n</form>\n\n";
$TheHTML = str_replace('<body>', '<body onLoad="document.LogIn.EnteredLoginId.focus()">', $TheHTML);
$TheHTML = str_replace('<!--Title-->', 'Log In', $TheHTML);
$TheHTML = str_replace('[[[H1]]]', "<h1>Log In to $OrganizationShortPossessive Site</h1>", $TheHTML);
$TheHTML = str_replace('[[[BackLinks]]]', '', $TheHTML);
$TheHTML = str_replace('[[[Notices]]]', '', $TheHTML);
$TheHTML = str_replace('[[[UI]]]', $LogInForm, $TheHTML);
$TheHTML = str_replace('[[[LogInStatus]]]', 'Logging In', $TheHTML);
echo $TheHTML;
?>
Raw
Log In
<?php
require('OrganizationHome.php');
require("$OrganizationHome/SessionSpecifics.php");
if (isset($_SESSION['Authority']) and $_SESSION['Authority'] != '') {
header("Location: Controller.php");
exit;
}
if (!isset($_SESSION["Attempts"])) {
$_SESSION["Attempts"] = 0;
$FirstTime = true;
} else {
$FirstTime = false;
}
if (!isset($_REQUEST['View'])) {
$View = '';
} else {
$View = $_REQUEST['View'];
}
$LoginMessage = '';
$ErrorMessage = '';
$NeedsReset = false;
if (isset($_REQUEST['After'])) {
$After = $_REQUEST['After'];
} else {
$After = '';
}
if ($FirstTime) {
$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>";
//$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>";
} elseif ($View == 'Log In') {
$LoginMessage = '';
if (!isset($_POST['EnteredLoginId']) or !isset($_POST['EnteredPassword'])) {
$Msg = "Please use the intranet's buttons and links to navigate...";
LogIt('Suspicious', $View, $Msg, '');
echo $Msg;
exit;
} elseif ($_POST['EnteredLoginId'] == "" or $_POST['EnteredPassword'] == "") {
$ErrorMessage .= "<p><span class=\"FlagIt\">* </span>Please enter your Login Id and your Password before clicking
the Log In button...</p>";
} else {
$ErrorMessage = '';
}
if ($ErrorMessage == '') {
$NeedsReset = false;
//This scheme is needed to accomodate passwords entered & known by the Admin stored in plain text
//so the User may need to reset the password to a sha1 checksum
//Try hashed password first, will usually be this...
extract($_POST);
$HashedPassword = sha1($EnteredPassword);
$EnteredLoginId = mysql_real_escape_string($EnteredLoginId);
//$EnteredLoginId = addslashes($EnteredLoginId);
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$HashedPassword'";
//echo $SQLStmt; exit;
$PassResult = mysql_query($SQLStmt) or die ("Unable to get Hashed Password using '$SQLStmt'...");
$ResultCount = mysql_num_rows($PassResult);
if ($ResultCount == 0) {
//echo "Trying plain text"; exit;
//$LoginMessage .= "Going after reset password, sha1 didn't work...<br>";
$EnteredPassword = mysql_real_escape_string($EnteredPassword);
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$EnteredPassword'";
$PassResult = mysql_query($SQLStmt) or die ("Unable to get reset password using '$SQLStmt'...");
$ResultCount = mysql_num_rows($PassResult);
if ($ResultCount == 1) $NeedsReset = true;
}
if ($ResultCount == 1) {
$AcctRecord = mysql_fetch_assoc($PassResult);
$_SESSION['UserId'] = $AcctRecord['AcctId'];
$_SESSION['LoginId'] = $AcctRecord['AcctLoginId'];
$_SESSION['Authority'] = $AcctRecord['AcctAuthority'];
$_SESSION['EmailAddress'] = $AcctRecord['AcctEmail'];
$FirstName = $AcctRecord['AcctFirstName'];
$LastName = $AcctRecord['AcctLastName'];
$Suffix = $AcctRecord['AcctSuffix'];
$_SESSION['FirstName'] = $AcctRecord['AcctFirstName'];
$_SESSION['LastName'] = $AcctRecord['AcctLastName'];
$_SESSION['Suffix'] = $AcctRecord['AcctSuffix'];
if ($FirstName <> "") $FirstName .= " ";
$_SESSION['FullName'] = $FirstName . $LastName . $Suffix;
$_SESSION['OrganizationFullName'] = $OrganizationFullName;
$_SESSION['OrganizationShortName'] = $OrganizationShortName;
$UserAgent = $_SERVER['HTTP_USER_AGENT'];
if (strpos($UserAgent,'Mobi') !== false || strpos($UserAgent,'iPhone') !== false) {
$_SESSION['BrowserType'] = 'Mobil';
} elseif (strpos($UserAgent,'Android') !== false || strpos($UserAgent,'iPad') !== false) {
$_SESSION['BrowserType'] = 'Tablet';
} else {
$_SESSION['BrowserType'] = 'DeskOrNotebook';
}
LogIt('',$View, 'Logged In','');
unset($_SESSION['Attempts']);
if ($NeedsReset) {
header("Location: SetPassword.php?View=GetNew");
} else {
if (isset($After) and $After != '') {
$Location = $After;
} else {
$Location = 'Controller.php';
}
$_SESSION['Attempts'] = 0;
//echo 'To Controller'; exit;
header("Location: $Location");
}
exit;
} elseif ($ResultCount == 0) {
LogIt('Suspicious',$View, "Attempted log in using '$EnteredLoginId'",'');
$ErrorMessage .= "<span class=\"FlagIt\">* </span>The login id and password entered were not a valid combination.
<br />Please try again...";
} else {
$ErrorMessage .= "<span class=\"FlagIt\">* </span>Please contact your organization's intranet manager and advise that your login credentials are no longer valid... ($ResultCount)";
}
}
//echo "Were we ever here "; exit;
} else {
LogIt('Suspicious',$View, "Invalid View", '');
session_destroy();
print "<html><head><title>Invalid View!</title></head>
<body>
<h1 style=\"color:red\">Invalid View!
Please use the links and buttons to navigate this site!
</h1>
</body>
</html>";
exit;
//$TheStatus = $AcctRecord['AcctStatus'];
//if (!isset($_SESSION['MenuMsg'])) $LoginMessage = "<span class=\"FlagIt\">* </span>Your Log In cannot be processed at this time. Your account status is '$TheStatus'... ";
}
$_SESSION["Attempts"] ++;
if ($_SESSION["Attempts"] > 3) {
LogIt('Suspicious',$View, "Failed to Log In after 3 attempts", '');
session_destroy();
print "<html><head><title>Too Many Attempts!</title></head>
<body>
<h1 style=\"color:red\">Too many log in attempts.
Please check with your organization's intranet manager about your intranet credentials...</h1>
</body>
</html>";
exit;
}
//$LoginMessage .= "Enter your Login Id and Password, then click the Log In button. ";
$Attempts = $_SESSION["Attempts"];
if ($Attempts == 1) {
$LoginMessage .= "";
} elseif ($Attempts == 2) {
//sleep(5);
$LoginMessage .= " (2nd attempt)";
} elseif ($Attempts == 3) {
//sleep(10);{
$LoginMessage .= " (Last attempt)";
}
if ($LoginMessage != '') $LoginMessage = "<p>$LoginMessage</p>\n";
if (isset($_SESSION['MenuMsg'])) {
$MenuMsg = '<p>' . $_SESSION['MenuMsg'] . "</p>\n";
unset($_SESSION['MenuMsg']);;
} else {
$MenuMsg = '';
}
if ($After != '') {
$AfterSlug = "<input type=\"hidden\" name=\"After\" value=\"$After\" />";
} else {
$AfterSlug = '';
}
$LogInForm = "\n\n<form name=\"LogIn\" method=\"POST\" action=\"LogIn.php\" >\n";
$LogInForm .= "
<span style=\"font-size:2em; \">
$MenuMsg
$LoginMessage
$ErrorMessage
<table><tr><td align=\"right\">Login Id:&nbsp;</td><td><input type=\"text\" size=\"20\" maxlength=\"20\" name=\"EnteredLoginId\" ></td></tr>
<tr><td align=\"right\">Password:&nbsp;</td><td><input type=\"password\" size=\"28\" maxlength=\"28\" name=\"EnteredPassword\" ></td></tr>
<tr><td align=\"right\">&nbsp;</td><td><input type=\"submit\" name=\"View\" value=\"Log In\" /></td></tr>
</table>
$AfterSlug
<p>Click <a href=\"AccountOwner.php?View=Get Account\"><span class=\"FlagIt\">Get Account</span></a>
to get an account with $OrganizationFullName.
<br /><br />Click <a href=\"AccountOwner.php?View=Have VCode\"><span class=\"FlagIt\">Enter Email Verification Code</span></a>
to enter an email validation code. </p>
<span>
";
$TheHTML = file_get_contents("Templates/Form.html");
if (!$TheHTML) {
$Msg = "Can't read Template...";
LogIt("File Read Error", $View, $Msg, '');
echo $Msg;
exit;
}
$LogInForm = "\n\n$LogInForm\n\n</form>\n\n";
$TheHTML = str_replace('<body>', '<body onLoad="document.LogIn.EnteredLoginId.focus()">', $TheHTML);
$TheHTML = str_replace('<!--Title-->', 'Log In', $TheHTML);
$TheHTML = str_replace('[[[H1]]]', "<h1>Log In to $OrganizationShortPossessive Site</h1>", $TheHTML);
$TheHTML = str_replace('[[[BackLinks]]]', '', $TheHTML);
$TheHTML = str_replace('[[[Notices]]]', '', $TheHTML);
$TheHTML = str_replace('[[[UI]]]', $LogInForm, $TheHTML);
$TheHTML = str_replace('[[[LogInStatus]]]', 'Logging In', $TheHTML);
echo $TheHTML;
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment