Last active
August 29, 2015 14:19
-
-
Save afnanenayet/19f4de021d003797b64b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require('OrganizationHome.php'); | |
require("$OrganizationHome/SessionSpecifics.php"); | |
if (isset($_SESSION['Authority']) and $_SESSION['Authority'] != '') { | |
header("Location: Controller.php"); | |
exit; | |
} | |
if (!isset($_SESSION["Attempts"])) { | |
$_SESSION["Attempts"] = 0; | |
$FirstTime = true; | |
} else { | |
$FirstTime = false; | |
} | |
if (!isset($_REQUEST['View'])) { | |
$View = ''; | |
} else { | |
$View = $_REQUEST['View']; | |
} | |
$LoginMessage = ''; | |
$ErrorMessage = ''; | |
$NeedsReset = false; | |
if (isset($_REQUEST['After'])) { | |
$After = $_REQUEST['After']; | |
} else { | |
$After = ''; | |
} | |
if ($FirstTime) { | |
$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>"; | |
//$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>"; | |
} elseif ($View == 'Log In') { | |
$LoginMessage = ''; | |
if (!isset($_POST['EnteredLoginId']) or !isset($_POST['EnteredPassword'])) { | |
$Msg = "Please use the intranet's buttons and links to navigate..."; | |
LogIt('Suspicious', $View, $Msg, ''); | |
echo $Msg; | |
exit; | |
} elseif ($_POST['EnteredLoginId'] == "" or $_POST['EnteredPassword'] == "") { | |
$ErrorMessage .= "<p><span class=\"FlagIt\">* </span>Please enter your Login Id and your Password before clicking | |
the Log In button...</p>"; | |
} else { | |
$ErrorMessage = ''; | |
} | |
if ($ErrorMessage == '') { | |
$NeedsReset = false; | |
//This scheme is needed to accomodate passwords entered & known by the Admin stored in plain text | |
//so the User may need to reset the password to a sha1 checksum | |
//Try hashed password first, will usually be this... | |
extract($_POST); | |
$HashedPassword = sha1($EnteredPassword); | |
$EnteredLoginId = mysql_real_escape_string($EnteredLoginId); | |
//$EnteredLoginId = addslashes($EnteredLoginId); | |
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$HashedPassword'"; | |
//echo $SQLStmt; exit; | |
$PassResult = mysql_query($SQLStmt) or die ("Unable to get Hashed Password using '$SQLStmt'..."); | |
$ResultCount = mysql_num_rows($PassResult); | |
if ($ResultCount == 0) { | |
//echo "Trying plain text"; exit; | |
//$LoginMessage .= "Going after reset password, sha1 didn't work...<br>"; | |
$EnteredPassword = mysql_real_escape_string($EnteredPassword); | |
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$EnteredPassword'"; | |
$PassResult = mysql_query($SQLStmt) or die ("Unable to get reset password using '$SQLStmt'..."); | |
$ResultCount = mysql_num_rows($PassResult); | |
if ($ResultCount == 1) $NeedsReset = true; | |
} | |
if ($ResultCount == 1) { | |
$AcctRecord = mysql_fetch_assoc($PassResult); | |
$_SESSION['UserId'] = $AcctRecord['AcctId']; | |
$_SESSION['LoginId'] = $AcctRecord['AcctLoginId']; | |
$_SESSION['Authority'] = $AcctRecord['AcctAuthority']; | |
$_SESSION['EmailAddress'] = $AcctRecord['AcctEmail']; | |
$FirstName = $AcctRecord['AcctFirstName']; | |
$LastName = $AcctRecord['AcctLastName']; | |
$Suffix = $AcctRecord['AcctSuffix']; | |
$_SESSION['FirstName'] = $AcctRecord['AcctFirstName']; | |
$_SESSION['LastName'] = $AcctRecord['AcctLastName']; | |
$_SESSION['Suffix'] = $AcctRecord['AcctSuffix']; | |
if ($FirstName <> "") $FirstName .= " "; | |
$_SESSION['FullName'] = $FirstName . $LastName . $Suffix; | |
$_SESSION['OrganizationFullName'] = $OrganizationFullName; | |
$_SESSION['OrganizationShortName'] = $OrganizationShortName; | |
$UserAgent = $_SERVER['HTTP_USER_AGENT']; | |
if (strpos($UserAgent,'Mobi') !== false || strpos($UserAgent,'iPhone') !== false) { | |
$_SESSION['BrowserType'] = 'Mobil'; | |
} elseif (strpos($UserAgent,'Android') !== false || strpos($UserAgent,'iPad') !== false) { | |
$_SESSION['BrowserType'] = 'Tablet'; | |
} else { | |
$_SESSION['BrowserType'] = 'DeskOrNotebook'; | |
} | |
LogIt('',$View, 'Logged In',''); | |
unset($_SESSION['Attempts']); | |
if ($NeedsReset) { | |
header("Location: SetPassword.php?View=GetNew"); | |
} else { | |
if (isset($After) and $After != '') { | |
$Location = $After; | |
} else { | |
$Location = 'Controller.php'; | |
} | |
$_SESSION['Attempts'] = 0; | |
//echo 'To Controller'; exit; | |
header("Location: $Location"); | |
} | |
exit; | |
} elseif ($ResultCount == 0) { | |
LogIt('Suspicious',$View, "Attempted log in using '$EnteredLoginId'",''); | |
$ErrorMessage .= "<span class=\"FlagIt\">* </span>The login id and password entered were not a valid combination. | |
<br />Please try again..."; | |
} else { | |
$ErrorMessage .= "<span class=\"FlagIt\">* </span>Please contact your organization's intranet manager and advise that your login credentials are no longer valid... ($ResultCount)"; | |
} | |
} | |
//echo "Were we ever here "; exit; | |
} else { | |
LogIt('Suspicious',$View, "Invalid View", ''); | |
session_destroy(); | |
print "<html><head><title>Invalid View!</title></head> | |
<body> | |
<h1 style=\"color:red\">Invalid View! | |
Please use the links and buttons to navigate this site! | |
</h1> | |
</body> | |
</html>"; | |
exit; | |
//$TheStatus = $AcctRecord['AcctStatus']; | |
//if (!isset($_SESSION['MenuMsg'])) $LoginMessage = "<span class=\"FlagIt\">* </span>Your Log In cannot be processed at this time. Your account status is '$TheStatus'... "; | |
} | |
$_SESSION["Attempts"] ++; | |
if ($_SESSION["Attempts"] > 3) { | |
LogIt('Suspicious',$View, "Failed to Log In after 3 attempts", ''); | |
session_destroy(); | |
print "<html><head><title>Too Many Attempts!</title></head> | |
<body> | |
<h1 style=\"color:red\">Too many log in attempts. | |
Please check with your organization's intranet manager about your intranet credentials...</h1> | |
</body> | |
</html>"; | |
exit; | |
} | |
//$LoginMessage .= "Enter your Login Id and Password, then click the Log In button. "; | |
$Attempts = $_SESSION["Attempts"]; | |
if ($Attempts == 1) { | |
$LoginMessage .= ""; | |
} elseif ($Attempts == 2) { | |
//sleep(5); | |
$LoginMessage .= " (2nd attempt)"; | |
} elseif ($Attempts == 3) { | |
//sleep(10);{ | |
$LoginMessage .= " (Last attempt)"; | |
} | |
if ($LoginMessage != '') $LoginMessage = "<p>$LoginMessage</p>\n"; | |
if (isset($_SESSION['MenuMsg'])) { | |
$MenuMsg = '<p>' . $_SESSION['MenuMsg'] . "</p>\n"; | |
unset($_SESSION['MenuMsg']);; | |
} else { | |
$MenuMsg = ''; | |
} | |
if ($After != '') { | |
$AfterSlug = "<input type=\"hidden\" name=\"After\" value=\"$After\" />"; | |
} else { | |
$AfterSlug = ''; | |
} | |
$LogInForm = "\n\n<form name=\"LogIn\" method=\"POST\" action=\"LogIn.php\" >\n"; | |
$LogInForm .= " | |
<span style=\"font-size:2em; \"> | |
$MenuMsg | |
$LoginMessage | |
$ErrorMessage | |
<table><tr><td align=\"right\">Login Id: </td><td><input type=\"text\" size=\"20\" maxlength=\"20\" name=\"EnteredLoginId\" ></td></tr> | |
<tr><td align=\"right\">Password: </td><td><input type=\"password\" size=\"28\" maxlength=\"28\" name=\"EnteredPassword\" ></td></tr> | |
<tr><td align=\"right\"> </td><td><input type=\"submit\" name=\"View\" value=\"Log In\" /></td></tr> | |
</table> | |
$AfterSlug | |
<p>Click <a href=\"AccountOwner.php?View=Get Account\"><span class=\"FlagIt\">Get Account</span></a> | |
to get an account with $OrganizationFullName. | |
<br /><br />Click <a href=\"AccountOwner.php?View=Have VCode\"><span class=\"FlagIt\">Enter Email Verification Code</span></a> | |
to enter an email validation code. </p> | |
<span> | |
"; | |
$TheHTML = file_get_contents("Templates/Form.html"); | |
if (!$TheHTML) { | |
$Msg = "Can't read Template..."; | |
LogIt("File Read Error", $View, $Msg, ''); | |
echo $Msg; | |
exit; | |
} | |
$LogInForm = "\n\n$LogInForm\n\n</form>\n\n"; | |
$TheHTML = str_replace('<body>', '<body onLoad="document.LogIn.EnteredLoginId.focus()">', $TheHTML); | |
$TheHTML = str_replace('<!--Title-->', 'Log In', $TheHTML); | |
$TheHTML = str_replace('[[[H1]]]', "<h1>Log In to $OrganizationShortPossessive Site</h1>", $TheHTML); | |
$TheHTML = str_replace('[[[BackLinks]]]', '', $TheHTML); | |
$TheHTML = str_replace('[[[Notices]]]', '', $TheHTML); | |
$TheHTML = str_replace('[[[UI]]]', $LogInForm, $TheHTML); | |
$TheHTML = str_replace('[[[LogInStatus]]]', 'Logging In', $TheHTML); | |
echo $TheHTML; | |
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
require('OrganizationHome.php'); | |
require("$OrganizationHome/SessionSpecifics.php"); | |
if (isset($_SESSION['Authority']) and $_SESSION['Authority'] != '') { | |
header("Location: Controller.php"); | |
exit; | |
} | |
if (!isset($_SESSION["Attempts"])) { | |
$_SESSION["Attempts"] = 0; | |
$FirstTime = true; | |
} else { | |
$FirstTime = false; | |
} | |
if (!isset($_REQUEST['View'])) { | |
$View = ''; | |
} else { | |
$View = $_REQUEST['View']; | |
} | |
$LoginMessage = ''; | |
$ErrorMessage = ''; | |
$NeedsReset = false; | |
if (isset($_REQUEST['After'])) { | |
$After = $_REQUEST['After']; | |
} else { | |
$After = ''; | |
} | |
if ($FirstTime) { | |
$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>"; | |
//$LoginMessage .= "<p>Enter your login id and password, then click the Log In button...</p>"; | |
} elseif ($View == 'Log In') { | |
$LoginMessage = ''; | |
if (!isset($_POST['EnteredLoginId']) or !isset($_POST['EnteredPassword'])) { | |
$Msg = "Please use the intranet's buttons and links to navigate..."; | |
LogIt('Suspicious', $View, $Msg, ''); | |
echo $Msg; | |
exit; | |
} elseif ($_POST['EnteredLoginId'] == "" or $_POST['EnteredPassword'] == "") { | |
$ErrorMessage .= "<p><span class=\"FlagIt\">* </span>Please enter your Login Id and your Password before clicking | |
the Log In button...</p>"; | |
} else { | |
$ErrorMessage = ''; | |
} | |
if ($ErrorMessage == '') { | |
$NeedsReset = false; | |
//This scheme is needed to accomodate passwords entered & known by the Admin stored in plain text | |
//so the User may need to reset the password to a sha1 checksum | |
//Try hashed password first, will usually be this... | |
extract($_POST); | |
$HashedPassword = sha1($EnteredPassword); | |
$EnteredLoginId = mysql_real_escape_string($EnteredLoginId); | |
//$EnteredLoginId = addslashes($EnteredLoginId); | |
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$HashedPassword'"; | |
//echo $SQLStmt; exit; | |
$PassResult = mysql_query($SQLStmt) or die ("Unable to get Hashed Password using '$SQLStmt'..."); | |
$ResultCount = mysql_num_rows($PassResult); | |
if ($ResultCount == 0) { | |
//echo "Trying plain text"; exit; | |
//$LoginMessage .= "Going after reset password, sha1 didn't work...<br>"; | |
$EnteredPassword = mysql_real_escape_string($EnteredPassword); | |
$SQLStmt = "select * from Accounts where AcctLoginId='$EnteredLoginId' and AcctPassword='$EnteredPassword'"; | |
$PassResult = mysql_query($SQLStmt) or die ("Unable to get reset password using '$SQLStmt'..."); | |
$ResultCount = mysql_num_rows($PassResult); | |
if ($ResultCount == 1) $NeedsReset = true; | |
} | |
if ($ResultCount == 1) { | |
$AcctRecord = mysql_fetch_assoc($PassResult); | |
$_SESSION['UserId'] = $AcctRecord['AcctId']; | |
$_SESSION['LoginId'] = $AcctRecord['AcctLoginId']; | |
$_SESSION['Authority'] = $AcctRecord['AcctAuthority']; | |
$_SESSION['EmailAddress'] = $AcctRecord['AcctEmail']; | |
$FirstName = $AcctRecord['AcctFirstName']; | |
$LastName = $AcctRecord['AcctLastName']; | |
$Suffix = $AcctRecord['AcctSuffix']; | |
$_SESSION['FirstName'] = $AcctRecord['AcctFirstName']; | |
$_SESSION['LastName'] = $AcctRecord['AcctLastName']; | |
$_SESSION['Suffix'] = $AcctRecord['AcctSuffix']; | |
if ($FirstName <> "") $FirstName .= " "; | |
$_SESSION['FullName'] = $FirstName . $LastName . $Suffix; | |
$_SESSION['OrganizationFullName'] = $OrganizationFullName; | |
$_SESSION['OrganizationShortName'] = $OrganizationShortName; | |
$UserAgent = $_SERVER['HTTP_USER_AGENT']; | |
if (strpos($UserAgent,'Mobi') !== false || strpos($UserAgent,'iPhone') !== false) { | |
$_SESSION['BrowserType'] = 'Mobil'; | |
} elseif (strpos($UserAgent,'Android') !== false || strpos($UserAgent,'iPad') !== false) { | |
$_SESSION['BrowserType'] = 'Tablet'; | |
} else { | |
$_SESSION['BrowserType'] = 'DeskOrNotebook'; | |
} | |
LogIt('',$View, 'Logged In',''); | |
unset($_SESSION['Attempts']); | |
if ($NeedsReset) { | |
header("Location: SetPassword.php?View=GetNew"); | |
} else { | |
if (isset($After) and $After != '') { | |
$Location = $After; | |
} else { | |
$Location = 'Controller.php'; | |
} | |
$_SESSION['Attempts'] = 0; | |
//echo 'To Controller'; exit; | |
header("Location: $Location"); | |
} | |
exit; | |
} elseif ($ResultCount == 0) { | |
LogIt('Suspicious',$View, "Attempted log in using '$EnteredLoginId'",''); | |
$ErrorMessage .= "<span class=\"FlagIt\">* </span>The login id and password entered were not a valid combination. | |
<br />Please try again..."; | |
} else { | |
$ErrorMessage .= "<span class=\"FlagIt\">* </span>Please contact your organization's intranet manager and advise that your login credentials are no longer valid... ($ResultCount)"; | |
} | |
} | |
//echo "Were we ever here "; exit; | |
} else { | |
LogIt('Suspicious',$View, "Invalid View", ''); | |
session_destroy(); | |
print "<html><head><title>Invalid View!</title></head> | |
<body> | |
<h1 style=\"color:red\">Invalid View! | |
Please use the links and buttons to navigate this site! | |
</h1> | |
</body> | |
</html>"; | |
exit; | |
//$TheStatus = $AcctRecord['AcctStatus']; | |
//if (!isset($_SESSION['MenuMsg'])) $LoginMessage = "<span class=\"FlagIt\">* </span>Your Log In cannot be processed at this time. Your account status is '$TheStatus'... "; | |
} | |
$_SESSION["Attempts"] ++; | |
if ($_SESSION["Attempts"] > 3) { | |
LogIt('Suspicious',$View, "Failed to Log In after 3 attempts", ''); | |
session_destroy(); | |
print "<html><head><title>Too Many Attempts!</title></head> | |
<body> | |
<h1 style=\"color:red\">Too many log in attempts. | |
Please check with your organization's intranet manager about your intranet credentials...</h1> | |
</body> | |
</html>"; | |
exit; | |
} | |
//$LoginMessage .= "Enter your Login Id and Password, then click the Log In button. "; | |
$Attempts = $_SESSION["Attempts"]; | |
if ($Attempts == 1) { | |
$LoginMessage .= ""; | |
} elseif ($Attempts == 2) { | |
//sleep(5); | |
$LoginMessage .= " (2nd attempt)"; | |
} elseif ($Attempts == 3) { | |
//sleep(10);{ | |
$LoginMessage .= " (Last attempt)"; | |
} | |
if ($LoginMessage != '') $LoginMessage = "<p>$LoginMessage</p>\n"; | |
if (isset($_SESSION['MenuMsg'])) { | |
$MenuMsg = '<p>' . $_SESSION['MenuMsg'] . "</p>\n"; | |
unset($_SESSION['MenuMsg']);; | |
} else { | |
$MenuMsg = ''; | |
} | |
if ($After != '') { | |
$AfterSlug = "<input type=\"hidden\" name=\"After\" value=\"$After\" />"; | |
} else { | |
$AfterSlug = ''; | |
} | |
$LogInForm = "\n\n<form name=\"LogIn\" method=\"POST\" action=\"LogIn.php\" >\n"; | |
$LogInForm .= " | |
<span style=\"font-size:2em; \"> | |
$MenuMsg | |
$LoginMessage | |
$ErrorMessage | |
<table><tr><td align=\"right\">Login Id: </td><td><input type=\"text\" size=\"20\" maxlength=\"20\" name=\"EnteredLoginId\" ></td></tr> | |
<tr><td align=\"right\">Password: </td><td><input type=\"password\" size=\"28\" maxlength=\"28\" name=\"EnteredPassword\" ></td></tr> | |
<tr><td align=\"right\"> </td><td><input type=\"submit\" name=\"View\" value=\"Log In\" /></td></tr> | |
</table> | |
$AfterSlug | |
<p>Click <a href=\"AccountOwner.php?View=Get Account\"><span class=\"FlagIt\">Get Account</span></a> | |
to get an account with $OrganizationFullName. | |
<br /><br />Click <a href=\"AccountOwner.php?View=Have VCode\"><span class=\"FlagIt\">Enter Email Verification Code</span></a> | |
to enter an email validation code. </p> | |
<span> | |
"; | |
$TheHTML = file_get_contents("Templates/Form.html"); | |
if (!$TheHTML) { | |
$Msg = "Can't read Template..."; | |
LogIt("File Read Error", $View, $Msg, ''); | |
echo $Msg; | |
exit; | |
} | |
$LogInForm = "\n\n$LogInForm\n\n</form>\n\n"; | |
$TheHTML = str_replace('<body>', '<body onLoad="document.LogIn.EnteredLoginId.focus()">', $TheHTML); | |
$TheHTML = str_replace('<!--Title-->', 'Log In', $TheHTML); | |
$TheHTML = str_replace('[[[H1]]]', "<h1>Log In to $OrganizationShortPossessive Site</h1>", $TheHTML); | |
$TheHTML = str_replace('[[[BackLinks]]]', '', $TheHTML); | |
$TheHTML = str_replace('[[[Notices]]]', '', $TheHTML); | |
$TheHTML = str_replace('[[[UI]]]', $LogInForm, $TheHTML); | |
$TheHTML = str_replace('[[[LogInStatus]]]', 'Logging In', $TheHTML); | |
echo $TheHTML; | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment