Login

Hier ist dein System0 Account verifikations Link. Bitte klicke drauf. Sollte dies nicht funktionieren, kopiere bitte den Link und öffne Ihn in deinem Browser.
https://app.ksw3d.ch/login/verify_account.php?token=$token
Achtung: der Link funktioniert nur in dem gleichen Browser und Gerät, auf dem du deinen Account erstellt hast.

Vielen dank für dein Vertrauen in uns!
Code Camp 2024
"}]}' EOF; exec($mail); header("location: /login/login.php?mail_sent1"); } else{ header("location: /login/login.php?mail_sent3"); } } // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST" and $_GET["action"]=="login"){ // Check if username is empty if(empty(trim($_POST["username"]))){ $username_err = "Please enter username."; } else{ $username = trim($_POST["username"]); } // Check if password is empty if(empty(trim($_POST["password"]))){ $password_err = "Please enter your password."; } else{ $password = trim($_POST["password"]); } // Validate credentials if(empty($username_err) && empty($password_err)){ // Prepare a select statement $sql = "SELECT id, username, password, role, color,banned,banned_reason ,telegram_id,notification_telegram,notification_mail, class_id FROM users WHERE username = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username); // Set parameters $param_username = htmlspecialchars($username); // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // Store result mysqli_stmt_store_result($stmt); // Check if username exists, if yes then verify password if(mysqli_stmt_num_rows($stmt) == 1){ // Bind result variables mysqli_stmt_bind_result($stmt, $id, $username, $hashed_password, $role,$color,$banned,$banned_reason,$telegram_id,$notification_telegram,$notification_mail,$class_id); if(mysqli_stmt_fetch($stmt)){ if(password_verify($password, $hashed_password)){ if($banned!=1) { // Password is correct, so start a new session mysqli_stmt_close($stmt); if(isset($_POST["keepmeloggedin"])) { $token=getSalt(); $sql="UPDATE users SET keepmeloggedin=? WHERE username=?"; if($stmt = mysqli_prepare($link, $sql)){ $ptoken=""; $pusername=""; mysqli_stmt_bind_param($stmt, "ss", $ptoken,$pusername); $ptoken=$token; $pusername=$username; mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } else echo("Error while setting 'keepmeloggedin'"); $cookie=$username.':'.$token; $mac=hash("sha256",$cookie); $cookie.=':'.$mac; setcookie('keepmeloggedin',$cookie,time()+(3600*24*31)); log_("Added keepmeloggedin token for $username","LOGIN:AUTOLOGIN"); } session_start(); // Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["username"] = $username; $_SESSION["role"] = $role; $_SESSION["token"]=bin2hex(random_bytes(32)); $_SESSION["color"]=$color; $_SESSION["creation_token"]= urlencode(bin2hex(random_bytes(24/2))); $_SESSION["telegram_id"]=$telegram_id; $_SESSION["notification_telegram"]=$notification_telegram; $_SESSION["notification_mail"]=$notification_mail; $_SESSION["class_id"]=$class_id; //get the class $sql="select name from class where id=$class_id"; $stmt = mysqli_prepare($link, $sql); mysqli_stmt_execute($stmt); $class_name=""; mysqli_stmt_bind_result($stmt, $class_name); $_SESSION["class"]=$class_name; // Redirect user to welcome page log_("$username logged in","LOGIN:SUCCESS"); header("location:/app/overview.php"); } else { $_SESSION["verify"]=$username; $login_err = "Dein Account wurde noch nicht aktiviert. Neuen aktivierungslink anfordern"; } } else{ // Password is not valid, display a generic error message $login_err = "Invalid username or password."; log_("$username tried to log in with wrong Password","LOGIN:FAILURE"); } } } else{ // Username doesn't exist, display a generic error message $login_err = "Invalid username or password."; log_("$username tried to log in with non existant username","LOGIN:FAILURE"); } } else{ echo "Oops! Something went wrong. Please try again later."; log_("$username tried to log. Undefind failure","LOGIN:FAILURE"); } // Close statement mysqli_stmt_close($stmt); } } // Close connection mysqli_close($link); } // Processing form data when form is submitted and user wants to create new user if($_SERVER["REQUEST_METHOD"] == "POST" and $_GET["action"]=="create_user"){ // Validate username if(empty(trim($_POST["username"]))){ $err = "Please enter a username."; } elseif(!preg_match('/^[a-zA-Z0-9_@.\-]+$/', trim($_POST["username"]))){ $err = "Username can only contain letters, numbers, and underscores."; } else{ // Prepare a select statement $sql = "SELECT id FROM users WHERE username = ?"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username); // Set parameters $param_username = trim($_POST["username"]); // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ /* store result */ mysqli_stmt_store_result($stmt); if(mysqli_stmt_num_rows($stmt) == 1){ $err = "This username is already taken."; } else{ $username = trim($_POST["username"]); } } else{ echo "Oops! Something went wrong. Please try again later."; } // Close statement mysqli_stmt_close($stmt); } } // Validate password if(empty(trim($_POST["password"]))){ $err = "Please enter a password."; } elseif(strlen(trim($_POST["password"])) < 6){ $err = "Password must have atleast 6 characters."; } else if(strlen(trim($_POST["new_password"])) > 96) { $login_err = "Password cannot have more than 96 characters."; } else{ $password = trim($_POST["password"]); } // Validate confirm password if(empty(trim($_POST["confirm_password"]))){ $err = "Please confirm password."; } else{ $confirm_password = trim($_POST["confirm_password"]); if(empty($err) && ($password != $confirm_password)){ $err = "Password did not match."; } } // Validate kantimail if(strpos($_POST["username"],"@kantiwattwil.ch")===false){ $err = "Only members of KSW can access this site. (prename.name@kantiwattwil.ch)."; } // Check input errors before inserting in database if(empty($err)){ // Prepare an insert statement $sql = "INSERT INTO users (username, password, role,banned,banned_reason,notification_telegram,notification_mail) VALUES (?, ?, ?,?,?,?,?)"; if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters $banned=1; $banned_reason="Account muss zuerst verifiziert werden (Link in Mail)"; $tel=0; $mail=1; mysqli_stmt_bind_param($stmt, "sssisii", $param_username, $param_password, $role,$banned,$banned_reason,$tel,$mail); // Set parameters $param_username = $username; $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash $role="11100000000"; $banned=1; $tel=0; $mail=1; $banned_reason="Account muss zuerst verifiziert werden (Link in Mail)"; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // Redirect to login page if(!is_dir("/var/www/html/user_files/$username")) mkdir("/var/www/html/user_files/$username"); //create session token, which has account creation token inisde it. $_SESSION["creation_token"]= urlencode(bin2hex(random_bytes(24/2))); $token=$_SESSION["creation_token"]; $_SESSION["verify"]=$username; $_SESSION["email"]=$username; //send the mail: $mail=<<Hier ist dein System0 Account verifikations Link. Bitte klicke drauf. Sollte dies nicht funktionieren, kopiere bitte den Link und öffne Ihn in deinem Browser.
https://app.ksw3d.ch/login/verify_account.php?token=$token
Achtung: der Link funktioniert nur in dem gleichen Browser und Gerät, auf dem du deinen Account erstellt hast.

Vielen dank für dein Vertrauen in uns!
Code Camp 2024
"}]}' EOF; exec($mail); header("location: login.php?mail_sent1"); } else{ echo "Oops! Something went wrong. Please try again later."; } // Close statement mysqli_stmt_close($stmt); } } // Close connection mysqli_close($link); } if($_SERVER["REQUEST_METHOD"] == "POST" and $_GET["action"]=="reset_pw"){ $email=htmlspecialchars($_POST["username"]); $_SESSION["email"]=$email; $_SESSION["pw_reset_token"]= urlencode(bin2hex(random_bytes(24 / 2))); $token=$_SESSION["pw_reset_token"]; $_SESSION["verify"]=$email; $mail=<<Hier ist dein System0 Passwort Zurücksetzungs Link. Bitte klicke drauf. Sollte dies nicht funktionieren, kopiere bitte den Link und öffne Ihn in deinem Browser.
https://app.ksw3d.ch/login/reset_pw.php?token=$token
Achtung: der Link funktioniert nur in dem gleichen Browser und Gerät, auf dem du deinen Account erstellt hast.

Vielen dank für dein Vertrauen in uns!
Code Camp 2024
"}]}' EOF; exec($mail); header("location: login.php?mail_sent2"); } ?> Login

Login

' . $login_err . '

'; } if(isset($_GET["mail_sent1"])) echo '

Eine Mail mit einem Aktivierungslink wurde an deine Mailadresse gesendet.

'; if(isset($_GET["mail_sent2"])) echo '

Eine Mail mit einem Passwort zurücksetzungslink wurde an deine Mailadresse gesendet.

'; if(isset($_GET["acc_verify_ok"])) echo '

Email erfolgreich Verifiziert.

'; if(isset($_GET["mail_sent3"])) echo '

Eine Mail mit einem Passwort zurücksetzungslink konnte nich gesendet werden. Bitte melde dich beim Support hier.

'; ?>

"); echo('const a=document.getElementById("lnk_1");'); echo('a.click();'); echo(""); } if(isset($_GET["resend_pw_reset"])){ echo(""); } ?>