function login($username, $passwd) { global $db_link; // check if username is unique $result = wrap_db_query("SELECT user_id, passwd FROM " . BOOKING_USER_TABLE . " \r\n\t\t\t\t\t\tWHERE username = '******'"); if (!$result) { return false; } $fields = wrap_db_fetch_array($result); # check to see if username was found # also to prevent username = "" sql default if (empty($fields)) { return false; } # check for admin login, passwd = NULL if ($passwd == "" && $result && $fields[1] == NULL) { $passwd = NULL; } //echo "username: $username<br />"; //echo "password: $passwd<br />"; //echo "db field: ".$fields['passwd']."<br />"; if ($fields['passwd'] == NULL) { echo "NULL db passwd<br />"; } if (validate_password($passwd, $fields['passwd'])) { return true; } return false; }
public function index() { checkIE(); if (IS_POST) { $username = I('username', null); $password = I('password', null); $code = I('code', null); $check_verify = $this->_check_verify($code); if ($check_verify) { $user = D('Member')->getUsersByUsername($username); $auth_success = false; if ($user) { $auth_success = validate_password($password, $user[0]['salted_hash']); } if ($auth_success) { $result['code'] = self::SUCCESS_CODE; session('username', $user[0]['username']); session('uid', $user[0]['uid']); session('email', $user[0]['email']); session('groupid', $user[0]['groupid']); session('gender', $user[0]['gender']); session('avatar', $user[0]['avatar']); } else { $result['code'] = self::AUTH_FAILED_CODE; $result['error'] = self::AUTH_FAILED_TIP; } } else { $result['code'] = self::VERIFY_FAILED_CODE; $result['error'] = self::VERIFY_FAILED_TIP; } $this->ajaxReturn($result); } $this->display(); }
function login($dirty_email, $dirty_password) { $email = escape($dirty_email); $password = escape($dirty_password); if (!validate_email($email)) { echo "login-invalid-email"; return; } if (!validate_password($password)) { echo "login-invalid-password"; return; } $account_id = account_id_from_email($email); if ($account_id == -1) { echo "DEBUG: email or password invalid"; return; } if (correct_password($account_id, $password) == false) { echo "DEBUG: email or password invalid"; return; } session_regenerate_id(); fresh_logon($account_id); $username = username_from_account_id($account_id); setcookie('LOGGED_IN', $username, time() + 3600); echo "login-success"; }
function login($username, $passwd) { // check if username is unique $result = wrap_db_query("SELECT user_id, passwd FROM " . BOOKING_USER_TABLE . "\n\t\t\t\t\t\tWHERE username = '******' AND login_enabled = '1'"); if (!$result) { return false; } $fields = wrap_db_fetch_array($result); # check to see if username was found # also to prevent username = "" sql default if ($fields[0] == "") { return false; } # check for admin login, passwd = NULL if ($passwd == "" && $result && $fields[1] == NULL) { $passwd = NULL; } #echo "username: $username<br />"; #echo "password: $passwd<br />"; #echo "db field: $fields[1]<br />"; #if ($fields[1] == NULL) { echo "NULL db passwd<br />"; } if (validate_password($passwd, $fields[1])) { return true; } return false; }
public static function authenticate($ps_username, $ps_password = '', $pa_options = null) { $t_user = new ca_users(); $t_user->load($ps_username); if ($t_user->getPrimaryKey() > 0) { $vs_hash = $t_user->get('password'); if (preg_match('/^[a-f0-9]{32}$/', $vs_hash)) { // old-style md5 passwords //throw new CaUsersException(_t('The stored password for this user seems to be in legacy format. Please update the user account by resetting the password.')); if (md5($ps_password) == $vs_hash) { // if the md5 hash matches, authenticate successfully and move the user over to pbkdf2 key $t_user->setMode(ACCESS_WRITE); // ca_users::update takes care of the hashing by calling AuthenticationManager::updatePassword() $t_user->set('password', $ps_password); $t_user->update(); return true; } else { return false; } } return validate_password($ps_password, $vs_hash); } else { return false; } }
function checkUser($userName, $password) { if (!isset($userName) && !isset($password)) { return false; } include '../../includes/database.php'; // Retrieve username and password from database according to user's input $stmt = $db->prepare("SELECT * FROM " . "users" . " WHERE (`Email` = :Email)"); $resul = $stmt->execute(array(':Email' => $userName)); $result = $stmt->fetch(); $num_rows = $stmt->rowCount(); // Check username and password match //echo $num_rows > 0 &&validate_password($password,$result['password'])?"pasword is real...\n":"not the right pass?\n"; if ($num_rows > 0 && validate_password($password, $result['password'])) { // Set username session variable $_SESSION['Email'] = $userName; $_SESSION['loggedin'] = true; $_SESSION['FName'] = $result['FName']; $_SESSION['LName'] = $result['LName']; $_SESSION['Index'] = $result['Index']; $_SESSION['verified'] = @$result['verified']; return true; } else { return false; } }
/** * Set a user's password * * @return bool * @since 1.8.0 * @access private */ function elgg_set_user_password() { $current_password = get_input('current_password', null, false); $password = get_input('password', null, false); $password2 = get_input('password2', null, false); $user_guid = get_input('guid'); if (!$user_guid) { $user = elgg_get_logged_in_user_entity(); } else { $user = get_entity($user_guid); } if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array('username' => $user->username, 'password' => $current_password); try { pam_auth_userpass($credentials); } catch (LoginException $e) { register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } try { $result = validate_password($password); } catch (RegistrationException $e) { register_error($e->getMessage()); return false; } if ($result) { if ($password == $password2) { $user->salt = _elgg_generate_password_salt(); $user->password = generate_user_password($user, $password); $user->code = ''; if ($user->guid == elgg_get_logged_in_user_guid() && !empty($_COOKIE['elggperm'])) { // regenerate remember me code so no other user could // use it to authenticate later $code = _elgg_generate_remember_me_token(); $_SESSION['code'] = $code; $user->code = md5($code); setcookie("elggperm", $code, time() + 86400 * 30, "/"); } if ($user->save()) { system_message(elgg_echo('user:password:success')); return true; } else { register_error(elgg_echo('user:password:fail')); } } else { register_error(elgg_echo('user:password:fail:notsame')); } } else { register_error(elgg_echo('user:password:fail:tooshort')); } } else { // no change return null; } return false; }
/** Tarkasta sisaankirjautumislomake * @param $email string * @param $password string * @return boolean */ function validate($email, $password) { if (validate_email($email) && validate_password($password)) { return true; } else { return false; } }
/** * * @param string $username * @param string $password * @return Users */ public function getCredentials($username, $password) { $query = Doctrine_Query::create()->from('SystemUser')->where('user_name = ?', $username)->andWhere('deleted = 0'); $user = $query->fetchOne(); if (validate_password($password, $user->get('user_password'))) { return $user; } return null; }
public function login($username, $password) { $stmt = $this->dbh->prepare('SELECT * FROM accounts WHERE username = ?'); $stmt->bindParam(1, $username); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (validate_password($password, $row['password'])) { return $row; } return ''; }
function validate_credentials($form) { $errors = []; $userNameValid = validate_username($form); if (!$userNameValid) { $errors["validation.userName"] = "******"; } $passwordValid = validate_password($form); if (!$passwordValid) { $errors["validation.password"] = "******"; } return $errors; }
/** * check if password entered matches DB * @param string $url * @param string $pwd * @return boolean true, if password matches * @return error message if exception catched during PDO */ function verifyPassword($url, $password, $pdo) { try { require 'password_hash.php'; $stmt = $pdo->prepare("SELECT pwdView from note where id = :url"); $stmt->bindValue(':url', $url, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); return validate_password($password, $result['pwdView']); } catch (PDOException $e) { throw $e; } }
public function index() { $this->load->helper('pbkdf2_helper'); $pass = create_hash('usr#6379'); echo $pass; echo "<p>" . strlen($pass) . "</p>"; echo "<p>result:</p>"; if (validate_password('usr#6379', $pass) == true) { echo "validation passed"; } else { echo "didn't pass!"; } }
/** * Set a user's password * * @return bool * @since 1.8.0 * @access private */ function elgg_set_user_password() { $current_password = get_input('current_password'); $password = get_input('password'); $password2 = get_input('password2'); $user_guid = get_input('guid'); if (!$user_guid) { $user = elgg_get_logged_in_user_entity(); } else { $user = get_entity($user_guid); } if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array('username' => $user->username, 'password' => $current_password); try { pam_auth_userpass($credentials); } catch (LoginException $e) { register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } try { $result = validate_password($password); } catch (RegistrationException $e) { register_error($e->getMessage()); return false; } if ($result) { if ($password == $password2) { $user->salt = generate_random_cleartext_password(); // Reset the salt $user->password = generate_user_password($user, $password); if ($user->save()) { system_message(elgg_echo('user:password:success')); return true; } else { register_error(elgg_echo('user:password:fail')); } } else { register_error(elgg_echo('user:password:fail:notsame')); } } else { register_error(elgg_echo('user:password:fail:tooshort')); } } else { // no change return null; } return false; }
function verify_account($dirty_username, $dirty_password, $dirty_activation_code) { $username = escape($dirty_username); $password = escape($dirty_password); $code = escape($dirty_activation_code); $validateUsrMsg = validate_username($username); if ($validateUsrMsg != "valid-username") { return; } $validatePwdMsg = validate_password($password); if ($validatePwdMsg != "valid-password") { return; } $account_id = account_id_from_code($code); $sql1 = "SELECT * FROM account_signup WHERE code='{$code}'"; $result = query($sql1); if (mysqli_num_rows($result) == 1) { $row = mysqli_fetch_assoc($result); $date_requested = $row["date_requested"]; $expires = $date_requested + 86400; if (time() > $expires) { echo "validation-expired"; return; } $encrypted_password = encrypt_password($password); $sql2 = "UPDATE account_head SET status='logged-out' WHERE account={$account_id};"; query($sql2); if (user_has_status($account_id, 'logged-out') == false) { echo 'verify-error'; return; } $sql3 = "INSERT INTO account_credentials (account, username, password)"; $sql3 .= " VALUES ({$account_id}, '{$username}', '{$encrypted_password}');"; query($sql3); if (user_has_credentials($account_id, $username, $encrypted_password) == false) { echo 'verify-error'; return; } $sql4 = "DELETE FROM account_signup WHERE account={$account_id};"; query($sql4); if (user_has_signup_pending($account_id)) { echo 'verify-error'; return; } echo "verify-success"; return; } echo 'verify-error'; }
function auth_username_password($db, $username, $password) { $st = $db->prepare("SELECT access_token, password FROM users WHERE username=? LIMIT 1"); $st->bind_param("s", $username); $st->execute(); $st->bind_result($token, $hash); $st->fetch(); $st->close(); hj_log("auth_token_db", $token); require_once __DIR__ . '/crypto.inc.php'; if (validate_password($password, $hash)) { hj_log("auth_token_db", $token); return $token; } return NULL; }
/** * Check password * * @return object */ public function password() { $password = utf8_normalize_nfc(request_var('password', '', true)); if (strlen($password) > $this->config['max_pass_chars']) { $return = $this->user->lang('TOO_LONG_USER_PASSWORD'); } else { if (strlen($password) < $this->config['min_pass_chars']) { $return = $this->user->lang('TOO_SHORT_USER_PASSWORD'); } else { if ($return = validate_password($password)) { $return = $this->user->lang($return . '_NEW_PASSWORD'); } else { $return = 0; } } } return new Response($return); }
/** * Authenticates a user by username/password credentials. Uses the 'users' DB table. * @uses User_Model * @access public * @param string $username * @param string $password * @return bool */ function auth_user($username, $password) { $this->load->helper('secure_hash'); $params = array('username' => $username, 'status' => 'Active'); if ($user = $this->user_model->get($params, true)) { if (validate_password($password, $user->password)) { log_message('info', 'User ' . $this->user_model->get_name($user->id) . ' has just logged in!'); reload_session_caps($user->id); return true; } else { add_message('Incorrect username or password, please verify your details and try again.', 'danger'); return false; } } else { add_message('Incorrect username or password, please verify your details and try again.', 'danger'); return false; } }
public function verify_user($username, $password) { //previously sha1 //$this->load->helper('security'); //$password_sha1 = do_hash($password, TRUE); //Currently pbkdf2 $this->load->helper('pbkdf2_helper'); $this->load->helper('date'); $q = $this->db->where('username', $username)->bracket('open')->where('expires >', date('Y-m-d', now()))->or_where('expires', '0000-00-00')->bracket('close')->limit(1)->get('user'); if ($q->num_rows > 0) { //for pbkdf2 $good_hash = $q->row()->password; if (validate_password($password, $good_hash) === true) { return $q->row(); } //for sha1 just return $q->row(); } return false; }
/** Tarkasta rekister\"{o}intilomake * @param $email string * @param $password string * @param $username string * @return boolean */ function validate($email, $password, $username) { if (!validate_email($email)) { echo "email wrong"; return false; } else { if (!validate_password($password)) { echo "password wrong"; return false; } else { if (!validate_username($username)) { echo "username wrong"; return false; } else { echo "correct validation"; return true; } } } }
function form_validation($uname, $pwd, $email, $dob, $sex, $state, $city, $news) { $error_message = ""; $error_message = validate_username($uname, $error_message); $error_message = validate_password($pwd, $error_message); $error_message = validate_email($email, $error_message); $error_message = validate_dob($dob, $error_message); $error_message = validate_sex($sex, $error_message); $error_message = validate_state($state, $error_message); $error_message = validate_city($city, $error_message); $error_message = validate_newsletter($news, $error_message); if ($error_message) { echo "<br>I am sorry, but you haven't filled the form correctly. Please check the following.<br><br>" . $error_message; // echo "I am now redirecting you to the previous page. Please fill it correctly this time."; // header ( "Location: ../Client/signup.html" ); return 0; } else { return 1; } }
function database_user_login($username, $password) { global $mysqli; $username = sanitize_input($username); $password = sanitize_input($password); $userID = database_get_userID($username); $q = "SELECT password FROM users WHERE userID='{$userID}'"; $result = mysqli_query($mysqli, $q); $row = mysqli_fetch_array($result); $datapass = $row['password']; // If the database password and the passed in password are the same // the user is verified. Otherwise, return 0. if (validate_password($password, $datapass)) { set_user_logged_in($userID); } else { set_user_logged_out(); $userID = 0; } return $userID; }
public function valid_pengguna($post) { if ($this->cek_pengguna($post) <= 0) { header("Location:{$this->site_url()}register"); } else { $username = $post['username']; $password = $post['password']; $query = "SELECT * FROM `pengguna` WHERE `username` = :username"; $this->obj->query($query); $this->obj->bind(':username', $username); $this->obj->execute(); $datas = $this->obj->single(); $hash = validate_password($password, $datas->password); if ($hash == 1) { $_SESSION['group'] = $datas->group; $_SESSION['pengguna_id'] = $datas->id; header("Location: {$this->site_url()}profile"); } else { echo "\n\t\t\t\t\t<div class=\"alert alert-warning\"> Username/Password yang anda masukan salah. silakan <a href=\"./?halaman=login\">login</a> kembali</div>\n\t\t\t\t"; } } }
function db_check_credential($username, $password) { // $q = Doctrine_Query::create() // ->from('Account a') // ->where('a.login = ? and crypted_password = ? and enabled = 1', array($username, sha1($password))); //// printf("%s\n", $q->getSqlQuery()); // return ($q->execute()->count() == 1); $account = db_get_account($username); if ($account && $account['enabled']) { if (strstr($account['crypted_password'], ':') !== false) { return validate_password($password, $account['crypted_password']); } else { // check and migrate sha1 password to pbkdf2 if (sha1($password) == $account['crypted_password']) { $values = array('crypted_password' => create_hash($password)); db_save_account($username, $values); return true; } } } return false; }
function login($username, $password) { $this->isLoggedIn = false; $cleanUsername = $this->db->escape_string($username); $cleanPassword = $this->db->escape_string($password); // Evaluate credentials, either yea or nay $query = "SELECT * from console_users WHERE username = '******' LIMIT 1"; $result = $this->db->query($query); $foundUser = $this->db->num_rows($result) == 1; if ($foundUser) { $row = $this->db->read_row($result); $hashedPassword = $row["password"]; if (validate_password($password, $hashedPassword)) { // If logged in, reveal your secrets $this->isLoggedIn = true; // Get user_id from user record $this->regionID = $row["console_user_id"]; // Save session cookie $_SESSION["sessionUser"] = $cleanUsername; $_SESSION["sessionPass"] = $cleanPassword; } } return $this->isLoggedIn; }
<?php require_once '../../_config/dbinfo.inc.php'; require_once '../../_config/misc.func.php'; require_once '../../_config/hash.pwd.php'; session_start(); $conn = oci_connect(ORA_CON_UN, ORA_CON_PW, ORA_CON_DB) or die; $pass = $_POST['password']; $username = $_POST['username']; oci_set_client_identifier($conn, 'admin'); $sql = oci_parse($conn, "SELECT WMU.MART_PASS HASHPASS,\r\n WMU.MART_FULL_NAME FULLNAME,\r\n WMR.MART_ROLE_DESC COMP_ROLE_COMPLETE\r\n FROM MART_USER WMU\r\n INNER JOIN MART_ROLE WMR\r\n ON WMR.MART_ROLE_ID = WMU.MART_ROLE_ID\r\n WHERE WMU.MART_FULL_NAME = :finemail"); oci_bind_by_name($sql, ":finemail", $username); oci_define_by_name($sql, "COMP_ROLE_COMPLETE", $role); oci_define_by_name($sql, "HASHPASS", $hashpass); oci_execute($sql); $r = oci_fetch_array($sql, OCI_ASSOC); $passMatchInt = validate_password($pass, $hashpass); if ($passMatchInt == 1) { $_SESSION['userlogin'] = $username; $_SESSION['rolelogin'] = $role; echo '<script>location.href="../main.php"</script>'; } else { echo '<script>alert("LOGIN FAILED !!! \\nPLEASE ENTER APPROPRIATE USER NAME AND PASSWORD")</script>'; echo '<script>location.href="../../index.php"</script>'; } $globalName = SingleQryFld("SELECT WMS.SETTING_VALUE_STRING FROM MART_SETTINGS WMS WHERE WMS.SETTING_DESC = 'GLOBAL_NAME'", $conn); $_SESSION['globalname'] = $globalName;
$query = "SELECT maildir FROM domains WHERE domain_id=:domain_id"; $sth = $dbh->prepare($query); $sth->execute(array(':domain_id' => $_SESSION['domain_id'])); $row = $sth->fetch(); if ($_POST['on_piped'] == 1 && $_POST['smtp'] != "") { $smtphomepath = $_POST['smtp']; $pophomepath = "{$row['maildir']}/{$_POST['localpart']}"; $_POST['type'] = "piped"; } else { $smtphomepath = "{$row['maildir']}/{$_POST['localpart']}/Maildir"; $pophomepath = "{$row['maildir']}/{$_POST['localpart']}"; $_POST['type'] = "local"; } # Update the password, if the password was given if (isset($_POST['clear']) && $_POST['clear'] !== '') { if (validate_password($_POST['clear'], $_POST['vclear'])) { $cryptedpassword = crypt_password($_POST['clear']); $query = "UPDATE users\n SET crypt=:crypt WHERE localpart=:localpart\n AND domain_id=:domain_id"; $sth = $dbh->prepare($query); $success = $sth->execute(array(':crypt' => $cryptedpassword, ':localpart' => $_POST['localpart'], ':domain_id' => $_SESSION['domain_id'])); if ($success) { if ($_POST['localpart'] == $_SESSION['localpart']) { $_SESSION['crypt'] = $cryptedpassword; } } else { header("Location: adminuser.php?failupdated={$_POST['localpart']}"); die; } } else { header("Location: adminuser.php?badpass={$_POST['localpart']}"); die;
if (!empty($error_log_login) && $error_log_login > 3) { if ($security_code != $secure_image_hash_string) { $validator->addError('Turing Number', ERROR_SECURE_CODE_WRONG); } } $smarty->assign('error_log_login', $error_log_login); $validator->validateGeneral('Account Number', $account_number, _ERROR_FIELD_EMPTY); $validator->validateGeneral('Password', $login_password, _ERROR_FIELD_EMPTY); if (count($validator->errors) == 0) { $sql_user = "******" . _TABLE_USERS . " WHERE account_number='" . $account_number . "' AND status=1"; $user_query = db_query($sql_user); if (db_num_rows($user_query) > 0) { // email passed // check password $user_info = db_fetch_array($user_query); if (!validate_password($login_password, $user_info['password'])) { // wrong password $validator->addError('Account Number/Password', ERROR_INVALID_ACCOUNT); } else { // password passed ==> correct account $login_userid = $user_info['user_id']; $login_account_number = $account_number; $login_useremail = $user_info['email']; tep_session_register('login_userid'); tep_session_register('login_account_number'); tep_session_register('login_useremail'); // set cookies for autologin if ($_POST['remember_me']) { tep_setcookie("account_number", $account_number, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN); tep_setcookie("password", $login_password, time() + 60 * 60 * 24 * 100, HTTP_COOKIE_PATH, HTTP_COOKIE_DOMAIN); }
function confirmUser($login_email, $login_password) { global $login_userid, $login_username; $user_query = db_query("SELECT user_id, user_username, user_password FROM " . _TABLE_USERS . " WHERE member_email='" . $login_email . "'"); if (db_num_rows($user_query) > 0) { // email passed // check password $user_info = db_fetch_array($user_query); if (!validate_password($login_password, $user_info['user_password'])) { // wrong password return false; } else { // password passed ==> correct account $login_userid = $member_info['user_id']; $login_username = $member_info['user_username']; tep_session_register('login_userid'); tep_session_register('login_username'); return true; } } else { return false; } }
<?php require $relative . 'data/php/site/header-menu.inc'; ?> <!-- MAIN CONTENT STARTS --> <div id="centredDiv"> <h1>Login</h1> <?php // Check if user is already logged in if (!isset($_SESSION['user']) || $_SESSION['user'] == "") { $errors = array(); // Check if login values are set. If false, user has opened page the first time if (isset($_POST["email"]) && isset($_POST["pass"])) { require $relative . 'data/php/user/validate.inc'; validate_email($errors, $_POST['email']); validate_password($errors, $_POST["pass"]); if (!isset($errors['email']) && !isset($errors['pass'])) { // form is valid // Check if email exists in user table require $relative . 'data/php/database/pdo.inc'; $email = $_POST["email"]; $password = $_POST["pass"]; // query to check if email exists and password matches $query = "SELECT email, userType, fname FROM user WHERE email = ? AND password = SHA2(CONCAT(?, salt), 0)"; // Execute query and get results $result = select($query, array($email, $password), false); if ($result != false) { // Email exists in database and password matches // Store User Session Data $_SESSION['user'] = $email; $_SESSION['type'] = $result[1];