From b719ba64640d2ba3803521cd6029f8499f8d43de Mon Sep 17 00:00:00 2001 From: shubham_meena Date: Mon, 24 Mar 2014 17:07:53 +0530 Subject: [PATCH 1/9] changed login from username to both username and email --- .../ryzom_ams/ams_lib/translations/en.ini | 6 +- .../ryzom_ams/ams_lib/translations/fr.ini | 6 +- .../ryzom_ams/www/html/autoload/webusers.php | 60 ++++++++++++++++++- .../server/ryzom_ams/www/html/func/login.php | 31 ++++++++-- .../ryzom_ams/www/html/templates/login.tpl | 4 +- 5 files changed, 92 insertions(+), 15 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/en.ini b/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/en.ini index 586d49241..8eed7991a 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/en.ini +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/en.ini @@ -126,8 +126,8 @@ go_home = "Go Home" userlist_info = "welcome to the userlist" [login] -login_info = "Please login with your Username and Password." -login_error_message = "The username/password were not correct!" +login_info = "Please login with your Email/Username and Password." +login_error_message = "The Email/username/password were not correct!" login_register_message ="Register If you don't have an account yet, create one" login_here = "here" login_forgot_password_message = "In case you forgot your password, click" @@ -242,4 +242,4 @@ email_body_forgot_password_header = "A request to reset your account's password email_body_forgot_password_footer = " ---------- If you didn't make this request, please ignore this message." -;=========================================================================== \ No newline at end of file +;=========================================================================== diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/fr.ini b/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/fr.ini index b4fa1fcf6..3284a5a7d 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/fr.ini +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/translations/fr.ini @@ -116,8 +116,8 @@ go_home = "Allez au main page" userlist_info = "bienvenue sur le userlist page!" [login] -login_info = "S'il vous plait vous connecter avec votre nom d'utilisateur et mot de passe." -login_error_message = "Le remplie nom d'utilisateur / mot de passe ne sont pas correctes!" +login_info = "S'il vous plait vous connecter avec votre Email/nom d'utilisateur et mot de passe." +login_error_message = "Le remplie Email/nom d'utilisateur / mot de passe ne sont pas correctes!" login_register_message =" Inscrivez-vous Si vous n'avez pas encore de compte, creez-en un" login_here = "ici" login_forgot_password_message = "Dans le cas ou vous avez oublie votre mot de passe, cliquez" @@ -230,4 +230,4 @@ email_body_forgot_password_header = "Une demande de reinitialiser le mot de pass email_body_forgot_password_footer = " ---------- Si vous n'avez pas fait cette demande, s'il vous plait ignorer ce message." -;=========================================================================== \ No newline at end of file +;=========================================================================== diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php index d8e59d1f9..aea4537b4 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php @@ -90,6 +90,47 @@ class WebUsers extends Users{ } + + /** + * check if the login email and password match the db. + * @param $email the inserted email id + * @param $password the inserted password (unhashed) + * @return the logged in user's db row as array if login was a success, else "fail" will be returned. + */ + public static function checkLoginMatchUsingEmail($email,$password){ + + $dbw = new DBLayer("web"); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE Email=:emailid", array('emailid' => $email)); + $row = $statement->fetch(); + $salt = substr($row['Password'],0,2); + $hashed_input_pass = crypt($password, $salt); + if($hashed_input_pass == $row['Password']){ + return $row; + }else{ + return "fail"; + } + } + + /** + * check for the login type email or username. + * @param $value the inserted value + * @return the type email or username will be returned. + */ + public static function checkLoginType($login_value){ + + $dbl = new DBLayer("web"); + $statement = $dbl->executeWithoutParams("SELECT * FROM ams_user"); + $row = $statement->fetch(); + + foreach( $row as $key => $value) + { + if($login_value == $value){ + return $key; + } + } + } + + /** * returns te id for a given username * @param $username the username @@ -118,6 +159,23 @@ class WebUsers extends Users{ return "FALSE"; } } + + /** + * returns the username for a given emailaddress + * @param $email the emailaddress + * @return the username linked to the emailaddress + */ + public static function getUsernameFromEmail($email){ + $dbw = new DBLayer("web"); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE Email=:email", array('email' => $email)); + $row = $statement->fetch(); + if(!empty($row)){ + return $row['Login']; + }else{ + return "FALSE"; + } + } + /** @@ -355,4 +413,4 @@ class WebUsers extends Users{ } } -} \ No newline at end of file +} diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php index b0b6b5add..ca971d3cd 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php @@ -9,15 +9,34 @@ function login(){ global $INGAME_WEBPATH; global $WEBPATH; try{ - $username = filter_var($_POST['Username'],FILTER_SANITIZE_STRING); + $login_value = filter_var($_POST['LoginValue'],FILTER_SANITIZE_STRING); $password = filter_var($_POST['Password'],FILTER_SANITIZE_STRING); - //check if the filtered sent POST data returns a match with the DB - $result = WebUsers::checkLoginMatch($username, $password); + //check login type if email or username + $login_type = WebUsers::checkLoginType($login_value); + + //check if the filtered sent POST data returns a match with the DB + + if($login_type == 'Login') + { + $result = WebUsers::checkLoginMatch($login_value, $password); + }else + { + $result = WebUsers::checkLoginMatchUsingEmail($login_value, $password); + } + if( $result != "fail"){ //handle successful login - $_SESSION['user'] = $username; - $_SESSION['id'] = WebUsers::getId($username); + + if($login_type == 'Login') + { + $_SESSION['user'] = $login_value; + $_SESSION['id'] = WebUsers::getId($login_value); + }else{ + $_SESSION['user'] = WebUsers::getUsernameFromEmail($login_value); + $_SESSION['id'] = WebUsers::getIdFromEmail($login_value); + } + $_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id'])); $user = new WebUsers($_SESSION['id']); $_SESSION['Language'] = $user->getLanguage(); @@ -54,4 +73,4 @@ function login(){ exit; } -} \ No newline at end of file +} diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/login.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/login.tpl index 26c992d50..54a87bbcb 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/login.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/login.tpl @@ -14,8 +14,8 @@
-
- +
+
From be4633c1b806ac19d4dc6f829d73bec3a68a9dfc Mon Sep 17 00:00:00 2001 From: shubham_meena Date: Tue, 25 Mar 2014 06:29:17 +0000 Subject: [PATCH 2/9] changed login through email / username --- .../ryzom_ams/www/html/autoload/webusers.php | 72 ++----------------- 1 file changed, 7 insertions(+), 65 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php index aea4537b4..90730291a 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php @@ -70,15 +70,15 @@ class WebUsers extends Users{ /** - * check if the login username and password match the db. - * @param $username the inserted username + * check if the login username/email and password match the db. + * @param $value the inserted username or email * @param $password the inserted password (unhashed) * @return the logged in user's db row as array if login was a success, else "fail" will be returned. */ - public static function checkLoginMatch($username,$password){ + public static function checkLoginMatch($value,$password){ $dbw = new DBLayer("web"); - $statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $username)); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:value OR Email:value", array('value' => $value)); $row = $statement->fetch(); $salt = substr($row['Password'],0,2); $hashed_input_pass = crypt($password, $salt); @@ -89,50 +89,9 @@ class WebUsers extends Users{ } } - - - /** - * check if the login email and password match the db. - * @param $email the inserted email id - * @param $password the inserted password (unhashed) - * @return the logged in user's db row as array if login was a success, else "fail" will be returned. - */ - public static function checkLoginMatchUsingEmail($email,$password){ - - $dbw = new DBLayer("web"); - $statement = $dbw->execute("SELECT * FROM ams_user WHERE Email=:emailid", array('emailid' => $email)); - $row = $statement->fetch(); - $salt = substr($row['Password'],0,2); - $hashed_input_pass = crypt($password, $salt); - if($hashed_input_pass == $row['Password']){ - return $row; - }else{ - return "fail"; - } - } - - /** - * check for the login type email or username. - * @param $value the inserted value - * @return the type email or username will be returned. - */ - public static function checkLoginType($login_value){ - - $dbl = new DBLayer("web"); - $statement = $dbl->executeWithoutParams("SELECT * FROM ams_user"); - $row = $statement->fetch(); - - foreach( $row as $key => $value) - { - if($login_value == $value){ - return $key; - } - } - } - - + /** - * returns te id for a given username + * returns the id for a given username * @param $username the username * @return the user's id linked to the username */ @@ -145,7 +104,7 @@ class WebUsers extends Users{ /** - * returns te id for a given emailaddress + * returns the id for a given emailaddress * @param $email the emailaddress * @return the user's id linked to the emailaddress */ @@ -160,23 +119,6 @@ class WebUsers extends Users{ } } - /** - * returns the username for a given emailaddress - * @param $email the emailaddress - * @return the username linked to the emailaddress - */ - public static function getUsernameFromEmail($email){ - $dbw = new DBLayer("web"); - $statement = $dbw->execute("SELECT * FROM ams_user WHERE Email=:email", array('email' => $email)); - $row = $statement->fetch(); - if(!empty($row)){ - return $row['Login']; - }else{ - return "FALSE"; - } - } - - /** * get uId attribute of the object. From 7d92faa5bed60c2f7f0da1cbda2fab9a8a2d62d8 Mon Sep 17 00:00:00 2001 From: shubham_meena Date: Tue, 25 Mar 2014 06:35:21 +0000 Subject: [PATCH 3/9] login.php edited online with Bitbucket: to provide access through both username and email --- .../server/ryzom_ams/www/html/func/login.php | 26 +++---------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php index ca971d3cd..f0212f18b 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php @@ -12,31 +12,13 @@ function login(){ $login_value = filter_var($_POST['LoginValue'],FILTER_SANITIZE_STRING); $password = filter_var($_POST['Password'],FILTER_SANITIZE_STRING); - //check login type if email or username - $login_type = WebUsers::checkLoginType($login_value); - //check if the filtered sent POST data returns a match with the DB - - if($login_type == 'Login') - { - $result = WebUsers::checkLoginMatch($login_value, $password); - }else - { - $result = WebUsers::checkLoginMatchUsingEmail($login_value, $password); - } - + $result = WebUsers::checkLoginMatch($login_value, $password); + if( $result != "fail"){ //handle successful login - - if($login_type == 'Login') - { - $_SESSION['user'] = $login_value; - $_SESSION['id'] = WebUsers::getId($login_value); - }else{ - $_SESSION['user'] = WebUsers::getUsernameFromEmail($login_value); - $_SESSION['id'] = WebUsers::getIdFromEmail($login_value); - } - + $_SESSION['user'] = $result['Login']; + $_SESSION['id'] = $result['UId']; $_SESSION['ticket_user'] = serialize(Ticket_User::constr_ExternId($_SESSION['id'])); $user = new WebUsers($_SESSION['id']); $_SESSION['Language'] = $user->getLanguage(); From ccd5355f48f8ac72d414d0994ab9a74b3ccf10a9 Mon Sep 17 00:00:00 2001 From: shubham_meena Date: Thu, 27 Mar 2014 16:50:26 +0530 Subject: [PATCH 4/9] changed hardcoded location of ams_lib with location difined in configuration --- code/ryzom/tools/server/ryzom_ams/www/html/index.php | 2 +- .../tools/server/ryzom_ams/www/html/installer/libsetup.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/index.php b/code/ryzom/tools/server/ryzom_ams/www/html/index.php index faf3488c6..e93ca5be5 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/index.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/index.php @@ -13,7 +13,6 @@ //load required pages and turn error reporting on/off error_reporting(E_ALL); ini_set('display_errors', 'on'); -require_once( '../../ams_lib/libinclude.php' ); if (!file_exists('../is_installed')) { //if is_installed doesnt exist run setup require( 'installer/libsetup.php' ); @@ -24,6 +23,7 @@ if (!file_exists('../is_installed')) { //if config exists then include it require( '../config.php' ); } +require_once( $AMS_LIB'/libinclude.php' ); session_start(); //Running Cron? diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php index 932d6d2db..206cce4fe 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php @@ -34,7 +34,7 @@ if (!isset($_POST['function'])) { //require the pages that are being needed. require_once( '../config.default.php' ); - require_once( '../../ams_lib/libinclude.php' ); + require_once( $AMS_LIB.'/libinclude.php' ); ini_set( "display_errors", true ); error_reporting( E_ALL ); From 2277f6fbcb4ffad759ff5e8997b946f8467181db Mon Sep 17 00:00:00 2001 From: botanic Date: Mon, 7 Apr 2014 06:27:15 -0700 Subject: [PATCH 5/9] missed a ../ --- .../tools/server/ryzom_ams/www/html/installer/libsetup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php index 98da6a309..597d6b9ab 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php @@ -6,7 +6,7 @@ */ //set permissions - if(is_writable('../../../www/login/logs')) { + if(is_writable('../../../../www/login/logs')) { echo "failed to get write permissions on logs"; exit; } From 5e61238b6c9630da6c30ac4d03255d897af9a577 Mon Sep 17 00:00:00 2001 From: botanic Date: Mon, 7 Apr 2014 06:29:44 -0700 Subject: [PATCH 6/9] missed it on all of them --- .../server/ryzom_ams/www/html/installer/libsetup.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php index f152f9ebb..7abf8e397 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php @@ -10,23 +10,23 @@ echo "failed to get write permissions on logs"; exit; } - if(is_writable('../../../admin/graphs_output')) { + if(is_writable('../../../../admin/graphs_output')) { echo "failed to get write permissions on graphs_output"; exit; } - if(is_writable('../../../admin/templates/default_c')) { + if(is_writable('../../../../admin/templates/default_c')) { echo "failed to get write permissions on default_c"; exit; } - if(is_writable('../../www')) { + if(is_writable('../../../www')) { echo "failed to get write permissions on www"; exit; } - if(is_writable('../../www/html/cache')) { + if(is_writable('../../../www/html/cache')) { echo "failed to get write permissions on cache"; exit; } - if(is_writable('../../www/html/templates_c')) { + if(is_writable('../../../www/html/templates_c')) { echo "failed to get write permissions on templates_c"; exit; } From 23209d173521043471d2a3f0386d32549a83a6d5 Mon Sep 17 00:00:00 2001 From: botanic Date: Mon, 7 Apr 2014 06:35:15 -0700 Subject: [PATCH 7/9] display erors on installer --- .../tools/server/ryzom_ams/www/html/installer/libsetup.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php index 7abf8e397..247f71827 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php @@ -4,6 +4,9 @@ * This script will install all databases related to the Ryzom AMS and it will generate an admin account.. * @author Daan Janssens, mentored by Matthew Lagoe */ + + ini_set('display_errors', 1); + error_reporting(E_ALL); //set permissions if(is_writable('../../../../www/login/logs')) { From 7e27e78c255915abfee184fa3744681ec26297f1 Mon Sep 17 00:00:00 2001 From: botanic Date: Mon, 7 Apr 2014 06:39:41 -0700 Subject: [PATCH 8/9] missing . --- code/ryzom/tools/server/ryzom_ams/www/html/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/index.php b/code/ryzom/tools/server/ryzom_ams/www/html/index.php index e93ca5be5..b4827bfe2 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/index.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/index.php @@ -23,7 +23,7 @@ if (!file_exists('../is_installed')) { //if config exists then include it require( '../config.php' ); } -require_once( $AMS_LIB'/libinclude.php' ); +require_once( $AMS_LIB.'/libinclude.php' ); session_start(); //Running Cron? From 01a7736de64d9ba64100f437e289f8855b547abb Mon Sep 17 00:00:00 2001 From: botanic Date: Mon, 7 Apr 2014 08:03:55 -0700 Subject: [PATCH 9/9] fix paths --- .../server/ryzom_ams/www/html/installer/libsetup.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php index 247f71827..73450dcad 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/installer/libsetup.php @@ -9,27 +9,27 @@ error_reporting(E_ALL); //set permissions - if(is_writable('../../../../www/login/logs')) { + if(is_writable('../../../www/login/logs')) { echo "failed to get write permissions on logs"; exit; } - if(is_writable('../../../../admin/graphs_output')) { + if(is_writable('../../../admin/graphs_output')) { echo "failed to get write permissions on graphs_output"; exit; } - if(is_writable('../../../../admin/templates/default_c')) { + if(is_writable('../../../admin/templates/default_c')) { echo "failed to get write permissions on default_c"; exit; } - if(is_writable('../../../www')) { + if(is_writable('../../www')) { echo "failed to get write permissions on www"; exit; } - if(is_writable('../../../www/html/cache')) { + if(is_writable('../../www/html/cache')) { echo "failed to get write permissions on cache"; exit; } - if(is_writable('../../../www/html/templates_c')) { + if(is_writable('../../www/html/templates_c')) { echo "failed to get write permissions on templates_c"; exit; }