Example #1
0
         $error = 'reCAPTCHA Invalido';
     } else {
         if (User::login($_POST['user'], $_POST['pass'])) {
             header('location: login.php');
         } else {
             $error = 'Usuario o clave Inválida';
         }
     }
 } else {
     if ($_GET['op'] == 'forgot') {
         if (!checkRecaptchar(RECAPTCHAR_SECRET, $_POST['g-recaptcha-response'])) {
             $error = 'reCAPTCHA Inválido';
         } else {
             $userForgot = User::getUserByUsername($_POST['user']);
             if (!$userForgot) {
                 $userForgot = User::getUserByMail(strtolower($_POST['user']));
             }
             if ($userForgot) {
                 $newPassword = User::generateRandomPassword(8);
                 if (User::updateUser($userForgot->id, $userForgot->rol, $userForgot->mail, $newPassword)) {
                     $msj = 'Se le envió un correo electrónico con su nueva clave.';
                     email($userForgot->mail, 'Nueva Clave', 'Sr(a). ' . $userForgot->name . ',<br /><br />Su nueva clave de ingreso al sistema es: <b>' . $newPassword . '</b>');
                 } else {
                     $error = 'Ocurrió un error interno, intente más tarde.';
                 }
             } else {
                 $error = 'Usuario o E-Mail no está registrado';
             }
         }
     } else {
         if ($_GET['op'] == 'register') {
Example #2
0
        $res['action'] = 'resend';
    }
}
if ($method == 'resend') {
    //Captcha Validate
    require_once PHP_BASE_DIR . "/securimage/securimage.php";
    $img = new Securimage();
    if ($img->check($captcha) == false) {
        $res['message'] = '验证码错误!';
        $res['action'] = 'resend';
    } else {
        $db = new MySQL($log);
        if ($mysqli = $db->openDB()) {
            $user = new User($mysqli, $log);
            $invitation = new Invitation($mysqli, $log);
            if ($user->getUserByMail($email)) {
                if ($user->status == 2) {
                    $s_email = $email;
                    $email_code = $invitation->genEmailValidateCode($user->id);
                    $saemail = new SaeMail();
                    if ($saemail) {
                        //sea maill
                        $message = "尊敬的XSSRAT用户 \r\n\t\t\t您好,欢迎您使用XSSRAT。XSSRAT是一个开放性的Web前端漏洞利用平台,您可以使用该平台进行一些Web前端漏洞的测试,并可以贡献自己的模块供其他用户使用。\r\n\t\t\t本平台是一个开放性的平台,可用于渗透测试或漏洞挖掘过程中,以提高Web应用的安全性,本身不具有任何恶意性。请勿将该平台用于非法用途,否则后果自负!\r\n\t\t\t请访问以下链接激活您的账号:\t\t\t\t\t\r\n\t\t\thttp://xssrat.sinaapp.com/activating.php?code=" . $email_code . "&id=" . $user->id . "&method=active\t\r\n\t\t\r\n\t\t\thttp://xssrat.sinaapp.com\r\n\t\t\tMak3 hack m0r3 c00l!";
                        $ret = $saemail->quickSend($email, 'XSSRAT 用户验证', $message, MAIL_ACCOUNT, MAIL_PASS);
                        $reg_info = array('username' => htmlspecialchars($user->username, ENT_QUOTES), 'email' => htmlspecialchars($user->email, ENT_QUOTES));
                        $_SESSION["reg_info"] = $reg_info;
                        if ($ret) {
                            $res['result'] = true;
                            $res['message'] = '邮件已发出,请您及时查收,若您一直未收到,请稍后重新发送!';
                            $res['action'] = 'resend';
                        }
 static function addUser($us)
 {
     global $db;
     if (is_array($us)) {
         $t = new CUser();
         $t->user = $us['user'];
         $t->mail = $us['mail'];
         $t->pass = $us['pass'];
         $t->name = $us['name'];
         $t->rol = $us['rol'];
         $us = $t;
     }
     if ($us instanceof CUser) {
         if (User::getUserByUsername($us->user)) {
             return E_USER_EXIST;
         }
         if (User::getUserByMail(strtolower($us->mail))) {
             return E_MAIL_EXIST;
         }
         if ($db->qs("INSERT INTO user (user,pass,mail,name,rol) VALUES ('%s','%s','%s','%s','%d')", array(strtolower(secInjection($us->user)), md5($us->pass . strtolower($us->user) . User::$keySecurity), strtolower(secInjection($us->mail)), secInjection($us->name), intval($us->rol)))) {
             return OK;
         } else {
             return E_SQL_ERROR;
         }
     }
     return E_FORMAT_INVALID;
 }
Example #4
0
     $_SESSION["erreur"][] = "Vous devez renseigner un mot de passe 'password'";
 }
 if (isset($_SESSION["erreur"])) {
     header("Location: /Erreur");
 }
 if (empty($_POST["login"])) {
     $_SESSION["erreur"][] = "Vous devez compléter le champ mail ou pseudo";
 }
 if (empty($_POST["password"])) {
     $_SESSION["erreur"][] = "Vous devez compléter le champ mot de passe";
 }
 if (isset($_SESSION["erreur"])) {
     header("Location: /Erreur");
 }
 if (filter_var($_POST["login"], FILTER_VALIDATE_EMAIL)) {
     $user = User::getUserByMail($_POST["login"]);
 } else {
     $user = User::getUserByPseudo($_POST["login"]);
 }
 if (!$user) {
     $_SESSION["erreur"][401] = "Impossible de vous authentifier, merci de vérifier vos identifiants.";
     header("Location: /Erreur");
 } else {
     if ($user->getPassword() != sha1($_POST["password"])) {
         $_SESSION["erreur"][401] = "Impossible de vous authentifier, merci de vérifier vos identifiants.";
         header("Location: /Erreur");
     } else {
         $user->setIsOnline(1);
         $user->save();
         $_SESSION["user"] = $user;
         header("Location: /Portail");