3 * This example rely's on the provisioning example, you must first create accounts in the provisioning
4 * example then use them here.
6 * This example is solely an example of how a login page might look and/or work
8 * If a user doesnt have a token assigned, they wont require it on the login page. This is an example
9 * of when your allowing the user to increase security of their OWN account, not the security of the
14 require_once("../provisioning/dbfunctions.php");
15 require_once("../provisioning/token.php");
22 // check if we're logged in
23 if(isset($_SESSION["loginname"])) {
24 if($_SESSION["loginname"]!="") {
27 if(isset($_REQUEST["logout"])) {
28 error_log("session killer");
29 unset($_SESSION["loginname"]);
30 header("Location: index.php");
34 // display the logged in page
41 // here is where we process the login
42 if(isset($_REQUEST["login"])) {
45 // get the data from the post request
46 error_log("begin login");
47 $username = $_REQUEST["username"];
48 $password = $_REQUEST["password"];
49 $tokencode = $_REQUEST["tokencode"];
51 // pull the password hash from the database
52 $sql = "select users_password from users where users_username='$username'";
53 error_log("running sql: $sql");
54 $res = $db->query($sql);
56 foreach($res as $row) {
57 $passhash = $row["users_password"];
60 // user entered a tokencode, fail the login and tell the user
61 // if they dont have a token code assigned to them
62 if($tokencode != "") {
63 if(!$myga->hasToken($username)) {
64 $msg = urlencode("Attempted to login with a token when username isnt assigned one");
65 header("Location: index.php?failure=$msg");
69 // check the password hash versus the login password
70 error_log("checking $passhash against $password (".sha1($password).")");
71 if($passhash == sha1($password)) $passright = true;
73 header("Location: index.php?failure=LoginIncorrect");
77 // now get myGA to check the token code
78 error_log("passed password auth");
79 if($myga->hasToken($username)) if(!$myga->authenticateUser($username, $tokencode)) {
80 header("Location: index.php?failure=LoginIncorrect");
85 $_SESSION["loginname"] = "$username";
87 header("Location: index.php");
94 // and our "your logged in" page
95 function displayLogedInPage()
100 Welcome <?php echo $_SESSION["loginname"]?>, you are logged in.
101 Click <a href="index.php?logout">here</a> to log out.
117 <h2>Welcome to Generic Site</h2>
118 <i><b>Note:</b> if the user you've provisioned has not got a token code, its not required for login</i><br>
121 if(isset($_REQUEST["failure"])) {
122 echo "<hr><font color=\"red\">Login Failure: ".$_REQUEST["failure"]."</font><hr>";
125 <form method="post" action="index.php?login">
127 <tr><td>Username</td><td><input type="text" name="username"></td></tr>
128 <tr><td>Password</td><td><input type="password" name="password"></td></tr>
129 <tr><td>Pin Code</td><td><input type="text" name="tokencode"></td></tr>
130 <tr><td><input type="submit" name="login" value="Login"></td></tr>