PHP - Moved: Cakephp Auth Component

This topic has been moved to Application Frameworks.

http://www.phpfreaks.com/forums/index.php?topic=352519.0

This topic has been moved to Application Frameworks.

http://www.phpfreaks.com/forums/index.php?topic=308958.0

This topic has been moved to Application Frameworks.

http://www.phpfreaks.com/forums/index.php?topic=352167.0

This topic has been moved to Miscellaneous.

http://www.phpfreaks.com/forums/index.php?topic=353875.0

This topic has been moved to Other Libraries and Frameworks.

http://www.phpfreaks.com/forums/index.php?topic=347122.0

Hi I am using facebook auth but email id not fetching from facebook login please help me why is happening? 

HI All,   I need some suggestions on how to proceed on with component development. and any logic code or similar coding will be very much appreciated.   The component should display the list of contents displaying some columns from a table(ie.,scncontent) from database similar to web links component along with the tool bar (new,edit,publish,unpublish,trash etc., actions ) and with pagination also . This component should be designed with MVC architecture. On clicking new or edit icons, a form should be opened and data should be saved or updated to database.  

Hi, I have a problem with my code probably it's authorisation mistake or something. I bought a book PHP6, MySQL, Apache Web Development and I am copying every excercise like it's in the book. If u have this book it's chapter 2, page 63. And here is the exact code from the book. It always says that the user ID or pass is incorrect.


Code: [Select]
<?php
 session_start ();
 $_SESSION['username'] = $_POST['user'];
 $_SESSION['userpass'] = $_POST['pass'];
 $_SESSION['authuser'] = 1;
 
 //over uzivatelske meno a heslo
 if (  ($_SESSION['username'] == 'Peter') and
      ($_SESSION['userpas'] == '12345')) {
  
   $_SESSION['authuser'] = 1;
  } else {
    echo "Unfortunately you do not have required authorisation to enter this site!";
exit();
  }
 ?>
 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Najts oblubeny film!</title>
</head>

<body>
<?php
 $oblubenyfilm = urlencode('Zivot Briana');
 echo '<a href="moviesite.php?oblfilm=$oblubenyfilm\">';
 echo 'Dalsie informacie o mojom oblubenom filme!';
 echo '</a>'
?>
</body>
</html>

The page is http://www.magicfoto.gigacast.net/test/login.php
as you can see ID is "Peter" and pass "12345"

If you know what should be wrong pls reply.

PS.: I am a begginer so please be patient
Thanks

Ok So the main purpose of this is:

1). User has to grab a OTP from the generator (work's)
2) the OTC updates in the database field (work's) via the person's user_email
3). it sends an email containing the OTP

what it is not doing is, when they go and login, it just keeps saying invalid login credentials.

I'm pasting my code below to see if anyone can help me out here. this is still a work in progress.


do_login.php (not working here) Keep's saying invalid password.


<?php
if(empty($_POST)) exit;

include 'config.php';

// declare post fields

$post_user_email = trim($_POST['user_email']);
$post_password = trim($_POST['authcode']);

$post_autologin = $_POST['autologin'];

if(($post_user_email == $config_email) && ($post_password == $config_password))
{
$_SESSION['Site-Key'] = $config_email;

// Autologin Requested?

if($post_autologin == 1)
{
$password_hash = md5($config_password); // will result in a 32 characters hash

setcookie ($cookie_name, 'usr='.$config_email.'&hash='.$password_hash, time() + $cookie_time);
}

exit('OK');
}
else
{
echo '<div id="error_notification">The submitted login info is incorrect.</div>';
}
?>



Index.php


<?php
require_once 'config.php';


if(isset($_SESSION['google-ads123123']))
{
header("Location: http://forum.site1.com");
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
 <HEAD>
  <TITLE>Access Required</TITLE>

  <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script>
  <script type="text/javascript" src="js/process.js"></script>

  <link rel="stylesheet" type="text/css" href="style.css" />
</HEAD>

 <BODY>

<center>

<div id="status">

<fieldset><legend align="center">Authentication</legend>

<div id="login_response"><!-- spanner --></div>

<form id="login" name="login" method="post" action="do_login.php">
<table align="center" width="200" border="0">
<tr>
<td width="80">Email</td><td><input id="user_email" type="text" name="user_email"></td>
</tr>
<tr>
<td>AuthCode:</td>
<td><input type="password" name="authcode"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="checkbox" name="autologin" value="1">Remember Me</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input id="submit" type="submit" name="submit" value="Login">
<br />
<a href="getcode.php"> Get Auth Code </a>
<div id="ajax_loading"><img align="absmiddle" src="images/spinner.gif">&nbsp;Processing...</div></td>
</tr>
</table>
</form>
</fieldset>

</div>

</center>
 </BODY>
</HTML>



getcode.php (generates a MD5 and adds into db)


<?php
$db_host = '123';
$db_username = '123';
$db_password = '123';
$db_name = '123';


@mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
@mysql_select_db($db_name) or die(mysql_error());

// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$email_address = $_POST['user_email'];
if (!isset($_POST['user_email'])) {
?>
<h2>Generate your Auth Code</h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <p class="style3"><label for="user_email">Email:</label>
    <input type="text" title="Please enter your email address" name="user_email" size="30"/></p>
    <p class="style3"><label title="Generate Auth Code">&nbsp</label>
    <input type="submit" value="Submit" class="submit-button"/></p>
</form>
<?php
}
elseif (empty($email_address)) {
    echo $empty_fields_message;
}
else {
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  $query="SELECT username FROM users WHERE user_email = '$email_address'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->user_email;// email is stored to a variable
 if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Auth Code</b><br> Sorry Your address is not in our database ."; exit;}
function makeRandomPassword() {
          $salt = "abchefghjkmnpqrstuvwxyz0123456789";
          srand((double)microtime()*1000000);
          $i = 0;
          while ($i <= 7) {
                $num = rand() % 33;
                $tmp = substr($salt, $num, 1);
                $pass = $pass . $tmp;
                $i++;
          }
          return $pass;
    }
    $random_password = makeRandomPassword();
    $db2_password = md5($random_password);

    $sql = mysql_query("UPDATE users SET authcode='$db2_password' WHERE user_email='$email_address'");

    $subject = "Auth Code Verification";
       $message = "
Here is your Auth Code,

       Auth Code: $random_password
       Auth Code: $db2_password

       This is an automated response, please do not reply!";

       mail($email_address, $subject, $message, "From: Auth Server<theslcguy@safe-mail.net.com>");
       echo "Your Auth Code has been sent! <br /> Please check your email! <br /> Also Allow up to 5 minutes to recieve your Code...<br />";
       echo "<br><br>Click <a href='http://auth.site1.com'>here</a> to login";
    }
    else { echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
   }
?>



Config.php


<?php


session_start(); // Start Session
header('Cache-control: private'); // IE 6 FIX

// always modified
header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT');
// HTTP/1.1
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
// HTTP/1.0
header('Pragma: no-cache');

// ---------- LOGIN INFO ---------- //

$config_email = $POST["user_email"];
$config_authcode = $POST["authcode"];

$cookie_name = 'google-ads123123';

$cookie_time = (3600 * 24 * 30); // 30 days

if(!$_SESSION['google-ads123123'])
{
include_once 'autologin.php';
}
?>

I'm making a login/sign up page and the following pieces are not working together properly. When I set up the login page following a guide, it had me direct input the structure and I added a user (password is encrypted). When I log in with that password/username, it passes authentication.php perfectly. When I use my signup form (signup.php is simply called by a button on an HTML), it fails saying "Incorrect Password!". I'd say it's failing because of encryption but it passes with my old login that is encrypted so I'm thoroughly lost.

Authentication.php

<?php
session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'test';
$DATABASE_NAME = 'login';
// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if ( mysqli_connect_errno() ) {
	// If there is an error with the connection, stop the script and display the error.
	die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
	// Could not get the data that should have been sent.
	die ('Please fill both the username and password field!');
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
	// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
	$stmt->bind_param('s', $_POST['username']);
	$stmt->execute();
	// Store the result so we can check if the account exists in the database.
	$stmt->store_result();
if ($stmt->num_rows > 0) {
	$stmt->bind_result($id, $password);
	$stmt->fetch();
	// Account exists, now we verify the password.
	// Note: remember to use password_hash in your registration file to store the hashed passwords.
	if (password_verify ($_POST['password'], $password)) {
		// Verification success! User has loggedin!
		// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
		session_regenerate_id();
		$_SESSION['loggedin'] = TRUE;
		$_SESSION['name'] = $_POST['username'];
		$_SESSION['id'] = $id;
		header('Location: dashboard.php');
	} else {
		echo 'Incorrect password!';
	}
} else {
	echo 'Incorrect username!';
}
	$stmt->close();
}
?>

 

Signup.php

<?php
 
// get database connection
include_once '../config/database.php';
 
// instantiate user object
include_once '../objects/user.php';
 
$database = new Database();
$db = $database->getConnection();
 
$user = new User($db);
 
// set user property values
$user->username = $_POST['uname'];
$user->password = base64_encode($_POST['password']);
$user->created = date('Y-m-d H:i:s');
 
// create the user
if($user->signup()){
    $user_arr=array(
        "status" => true,
        "message" => "Successfully Signup!",
        "id" => $user->id,
        "username" => $user->username
    );
}
else{
    $user_arr=array(
        "status" => false,
        "message" => "Username already exists!"
    );
}
print_r(json_encode($user_arr));
?>

 

login.php

<?php
// include database and object files
include_once '../config/database.php';
include_once '../objects/user.php';
 
// get database connection
$database = new Database();
$db = $database->getConnection();
 
// prepare user object
$user = new User($db);
// set ID property of user to be edited
$user->username = isset($_GET['username']) ? $_GET['username'] : die();
$user->password = base64_encode(isset($_GET['password']) ? $_GET['password'] : die());
// read the details of user to be edited
$stmt = $user->login();
if($stmt->rowCount() > 0){
    // get retrieved row
    $row = $stmt->fetch(PDO::FETCH_ASSOC);
    // create array
    $user_arr=array(
        "status" => true,
        "message" => "Successfully Login!",
        "id" => $row['id'],
        "username" => $row['username']
    );
}
else{
    $user_arr=array(
        "status" => false,
        "message" => "Invalid Username or Password!",
    );
}
// make it json format
// print_r(json_encode($user_arr));
if (in_array("Successfully Login!", $user_arr)) { 

	header('Location: ../../dashboard.html');
}
?>

 

I've got a little php script here at work that used to log into a SSH server and grab some log files and show them in a web browser.  Simple stuff.  Recently we've changed the login on the servers to use our VPN tokens instead of a password that I pick for my account.  We can use authorized keys which works fine for me in putty and I'm trying to set that up because I keep getting prompted for user and password the "old" way.   I'm using ssh2_auth_pubkey_file and been reading the manual about it but I can't seem to get it to work   I make my connection as follows  

$connection = ssh2_connect($serverHost, 22, array('hostkey'=>'ssh-rsa'));

  Then setup the auth_pubkey.  There is no passphrase or anything I use with putty so i left that part out  

$result = ssh2_auth_pubkey_file($connection, 'username','/path/to/id_rsa.pub','/path/to/id_rsa');

  the information in my id_rsa.pub file matches what's in authorized_keys on the server in my username/.ssh dir   I'm not 100% what else to check for?  Anyone have any tips Thanks  

Hi Guys,

This  is my first post as part of the community. I am working on a personal project for myself and was trying to password protect some pages. Im newish to php and was wondering if HTTP AUTH headers work with MYSQL Databases for usernames and passwords. Any help or insight would be greatly appreciated! Thanks!

Steve

Hi.   I am trying to authenticate a mail server from the wordpress user database. Wordpress now uses phpass for password hashing, but it has changed not so long ago. So I would like to use the WP functions, to stay compatible in future releases    There is a possibility in Dovecot, to run a shell script for authentication (checkpassword). So, I thought, this script could start a php scipt, and it would use the WP functions for authentications. I made the php script, and it worked. Then I made the bash script, which runs the php, and it worked too. But when the Dovecot starts the bash script, it gives a PHP error. I am stuck now.   It is a simple Debian Wheezy LAMP, with postfix, dovecot, wordpress.   The PHP code is:

<?php

define('WP_USE_THEMES', false);
require("wp-config.php");

$mail = $argv[1];
$pass = $argv[2];

$con=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
$result = mysqli_query($con,"SELECT user_login FROM ".$table_prefix."users WHERE user_email='".$mail."'");
$row = mysqli_fetch_array($result);
$user = $row['user_login'];
mysqli_close($con);

$check = wp_authenticate_username_password(NULL, $user, $pass);
if ( is_wp_error($check) ) {
      $ispassok = "1";
} else {
      $ispassok = $user;
}

exit ($ispassok);

It gets the email address and the password as an argument, finds out the username, then uses a WP function to check out is it a valid user/pass combination. If it is, then it returns the username, if not, then returns "1". The bash script is:

#!/bin/bash

# The first and only argument is path to checkpassword-reply binary.
# It should be executed at the end if authentication succeeds.
CHECKPASSWORD_REPLY_BINARY="$1"

# Messages to stderr will end up in mail log (prefixed with "dovecot: auth: Error:")
LOG=/dev/stderr

# User and password will be supplied on file descriptor 3.
INPUT_FD=3

export ISOK

read -d $'\0' -r -u $INPUT_FD USER
read -d $'\0' -r -u $INPUT_FD PASS

#USER=$1
#PASS=$2

ISOK=$(php /var/www/wordpress/proba.php $USER $PASS)

echo "User:"$USER"   Pass:"$PASS"   IsOK:"$ISOK > /etc/dovecot/out.txt

if [ "$ISOK" = "1" ]; then
    exit 1
else
    export password="{PLAIN}$PASS"
    exec $CHECKPASSWORD_REPLY_BINARY
fi

There is a commented out lines, used for testing. When I run the script manually from shell with email address and cleartext password as arguments, it works as it should. But when the dovecot runs it, then I have an error message in mail log about php error:

Jun  2 21:45:09 NWVK001 dovecot: auth: Error: PHP Fatal error:  Out of memory (allocated 5505024) (tried to allocate 12288 bytes) in /var/www/wordpress/wp-includes/link-template.php on line 2909
Jun  2 21:45:09 NWVK001 dovecot: auth: Error: Fatal error: Out of memory (allocated 5505024) (tried to allocate 12288 bytes) in /var/www/wordpress/wp-includes/link-template.php on line 2909

I searched around, but couldn't find any help. If there is someone with an idea, I would gladly listen.   Thanks.

Hi everyone, this is my first post. i am starting to learn flash and other programs and haven't started on PHP yet. I have purchased a template that i am modifying and the problem i am having is that my server is a windows one and doesn't like the code that i have attached. It is very simple and doesn't offer any protection with strip slashes etc but the real problem is that i need to add the smpt auth.

I have tried several lines of code but it doesnt seem to work. 

I cant change the headers so i am hoping i can get a little help from this community. It is greatly appreciated

Hi there,

Any help is greatly appreciated. I've commented out the code giving me trouble.

Error = <br />
<b>Warning</b>:  curl_setopt(): supplied argument is not a valid cURL handle resource in <b>/###.php</b> on line <b>34</b><br />
<br />
<b>Warning</b>:  curl_setopt(): supplied argument is not a valid cURL handle resource in <b>/###.php</b> on line <b>35</b><br />

<?php
$ch = curl_init();
$timeout = 30;
$userAgent = $_SERVER['HTTP_USER_AGENT'];

if ($_REQUEST['update']) {

curl_setopt($ch, CURLOPT_URL, $_REQUEST['url']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_USERPWD, $_REQUEST['username'] . ':' . $_REQUEST['password']);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERAGENT, $userAgent);
//curl_setopt($c, CURLOPT_POST, true);
//curl_setopt($c, CURLOPT_POSTFIELDS, $_REQUEST['update']);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);

$response = curl_exec($ch);    

if (curl_errno($ch)) {
echo curl_error($ch);
} else {
curl_close($ch);
echo $response;
}

}