function saveImage($url, $text)
{
require_once "config/config.php";
// Inserting data into database
$stmt = $db->prepare("INSERT INTO imgs VALUES (?, ?, ?, ?)");
$data = array(null, $url, $text, createHash($db, $url));
$stmt->execute($data);
$hash = getSingleImageHash($db, $url);
return $hash;
}
$newPasswordConfirm = $_POST['NewPasswordConfirm'];
}
// On vérifie si des champs sont vides
if (empty($newPassword) || empty($newPasswordConfirm)) {
$error_fieldsempty = '- Un ou plusieurs champs de texte sont vides. Veuillez les remplir. \\n';
$i++;
}
// Si le mot de passe et sa confirmation ne correspondent pas
if ($newPassword != $newPasswordConfirm) {
$error_passwordconfirm = '- Le mot de passe et sa confirmation sont différents. \\n';
$i++;
}
// Si le mot de passe est trop petit
if (strlen($newPassword) < 6 && !empty($newPassword)) {
$error_passwordwrongsize = '- Votre mot de passe doit contenir au minimum huit caractères. \\n';
$i++;
}
// S'il n'y a aucune erreur
if ($i == 0) {
updatePassword($noUser, createHash($newPassword));
header('Location: ../view/view_update_password.php');
$_SESSION['success_update_password'] = "******";
} else {
setErrors();
header('Location: ../view/view_update_password.php');
}
function setErrors()
{
global $error_passwordconfirm, $error_fieldsempty, $error_passwordwrongsize;
$_SESSION['errors_update_password'] = '******' . $error_passwordconfirm . $error_fieldsempty . $error_passwordwrongsize;
}
function passwordCreate($username, $password)
{
global $aeskey;
// First check if crypt works properly. Old PHP versions like Debian 6 with 5.3.3 will run into an error
if (crypt('password', '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') == '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') {
return password_hash($password, PASSWORD_DEFAULT);
} else {
$newSalt = md5(mt_rand() . strtotime('now'));
return array('hash' => createHash($username, $password, $newSalt, $aeskey), 'salt' => $newSalt);
}
}
function changePasswordCheck($oldPassword, $newPassword, $newPasswordC, $userData)
{
if ($_SESSION['adminType'] != 'sadmin' || $userData['title'] == 'Super Administrator') {
if (!isset($oldPassword) || $oldPassword == '') {
$result = lt('Error old password box is empty') . '...';
return $result;
}
$oldPassHash = createHash($oldPassword, substr($userData['password'], 0, strlen($userData['password']) / 2), 'sha1');
if ($oldPassHash != $userData['password']) {
$result = lt('Error old password was not validated correctly') . '...';
return $result;
}
} else {
if (!isset($oldPassword) || $oldPassword == '') {
$result = lt('Error old password box is empty') . '...';
return $result;
}
$oldPassHash = createHash($oldPassword, substr(RAZOR_SADMIN_PASS, 0, strlen(RAZOR_SADMIN_PASS) / 2), 'sha1');
if ($oldPassHash != RAZOR_SADMIN_PASS) {
$result = lt('Error super admin password was not validated correctly') . '...';
return $result;
}
}
if (!isset($newPassword) || !isset($newPasswordC) || $newPassword == '' || $newPasswordC == '') {
$result = lt('Error a new password box is empty') . '...';
return $result;
}
if ($newPassword != $newPasswordC) {
$result = lt('Error new password was not confirmed correctly') . '...';
return $result;
}
return false;
}
function loginCheck($data, $check)
{
$this->salt = $data['salt'];
$this->secret = $data['secret'];
if (!$check['secret']) {
$check['secret'] = $check['fname'] . '_' . $check['lname'] . '_' . substr($check['email'], 0, 4);
}
if ($this->secret === createHash($this->salt, $check['secret'])) {
return true;
} else {
return false;
}
}
if ($destroySession) {
session_start();
session_destroy();
}
exit;
}
// if create account form is submitted
if (isset($_POST['createAccount'])) {
// clean form data
$newEmail = cleanValue($_POST['newEmail'], true);
$newPassword = cleanValue($_POST['newPassword'], true);
$newSecureQ = cleanValue($_POST['newSecureQ'], true);
$newSecureA = cleanValue($_POST['newSecureA']);
// encrypt password & security answer
$newPassHash = createHash($newPassword);
$newSecAHash = createHash($newSecureA);
// check for valid email address
if (!filter_var($newEmail, FILTER_VALIDATE_EMAIL)) {
$arr = array('status' => 'invalid', 'email' => $newEmail, 'message' => 'Please enter a valid email address.', 'timestamp' => $date);
createJSON($arr, true);
}
if (checkPassword($newPassword) === 'less') {
$arr = array('status' => 'invalid', 'email' => $newEmail, 'message' => 'Your password must be 8 or more characters.', 'timestamp' => $date);
createJSON($arr, true);
}
if (checkPassword($newPassword) === 'more') {
$arr = array('status' => 'invalid', 'email' => $newEmail, 'message' => 'Your password must be less than 12 characters.', 'timestamp' => $date);
createJSON($arr, true);
}
// attempt to insert form data into database
$newAccountsSQL = "INSERT INTO {$tbName} (email, hash, date, security_q, security_a)\n VALUES ('{$newEmail}','{$newPassHash}','{$date}','{$newSecureQ}','{$newSecAHash}')";
<?php
include 'libaweb/seculib.php';
include 'libaweb/dblib.php';
$pass = $_GET['pwd'];
$pass = clean($pass);
$dbContoller = new DbContoller();
if (!$dbContoller->isConn) {
echo "connect is fail!";
} else {
$return_pass = $dbContoller->selectPassword();
$dbContoller->dbClose();
if ($return_pass) {
$salt = $return_pass["salt"];
$hash_string = createHash($salt, $pass);
if ($hash_string == $return_pass["password"]) {
header("location: car.php");
} else {
echo "fail!";
}
} else {
echo "Pass invalid...";
}
}
require_once 'db.php';
$db = DB::getDB();
$action = $_GET['action'];
function createHash()
{
return hash('sha256', uniqid());
}
if ($action == 'login') {
$inputUser = $_GET['name'];
$inputPassword = $_GET['password'];
$data = $db->get('users', array('username', '=', $inputUser));
if ($data->count()) {
$userFromDB = $data->first();
if ($userFromDB->password == $inputPassword) {
$hash = createHash();
echo $_GET['callback'] . '(' . "{'answer' : 'correct', 'hash' : " . json_encode($hash) . "}" . ')';
$db->insert('users_session', array('user_id' => $userFromDB->id, 'hash' => $hash));
} else {
echo $_GET['callback'] . '(' . "{'answer' : 'incorrect', 'reason' : 'password'}" . ')';
}
} else {
echo $_GET['callback'] . '(' . "{'answer' : 'incorrect', 'reason' : 'username'}" . ')';
}
} else {
if ($action == 'register') {
$inputUser = $_GET['name'];
$inputPassword = $_GET['password'];
$inputFirstName = $_GET['firstname'];
$inputLastName = $_GET['lastname'];
$inputGender = $_GET['gender'];
public function Hash($input)
{
createHash($input);
}
$i++;
}
// Vérification de la taille du nom d'utilisateur
if (strlen($username) < 6 && !empty($username)) {
$error_usernamewrongsize = '- Le nom d\'utilisateur doit contenir au minimum six caractères. \\n';
$i++;
}
// On vérifie si des champs sont vides
if (empty($username) || empty($password) || empty($pass_confirm) || empty($email) || empty($last_name) || empty($first_name)) {
$error_fieldsempty = '- Un ou plusieurs champs de texte sont vides. Veuillez les remplir. \\n';
$i++;
}
// S'il n'y a aucune erreur
if ($i == 0) {
// Fonction qui créé l'utilisateur dans la base de données
createUser($username, createHash($password), $email, $last_name, $first_name, $user_type);
// Si on s'est bien inscrit, alors on peut supprimer ces variables de session
unset($_SESSION['new_account_username']);
unset($_SESSION['new_account_email']);
unset($_SESSION['new_account_last_name']);
unset($_SESSION['new_account_first_name']);
$_SESSION["new_account_success"] = true;
header('Location: ../view/view_Login.php');
} else {
setErrors();
header('Location: ../view/view_create_account.php');
}
// Fonction permettant d'initialiser les erreurs dans une variable de session afin de les faire apparaître
// une fois de retour sur la vue
function setErrors()
{
} else {
if (strlen($pass) > 0 && strlen($newPass) > 0 && strlen($reNewPass) > 0) {
$pass = clean($pass);
$newPass = clean($newPass);
$reNewPass = clean($reNewPass);
$return_pass = $dbContoller->selectPassword();
if ($return_pass) {
echo $return_pass["salt"];
$salt = $return_pass["salt"];
//echo $salt . "<br/>";
$hash_string = createHash($salt, $pass);
if ($hash_string == $return_pass["password"]) {
echo $hash_string;
if ($newPass == $reNewPass) {
$newSalt = genSalt();
$newPass = createHash($newSalt, $newPass);
$update = $dbContoller->updatePassword($newPass, $newSalt);
if ($update) {
header("location: index.html");
} else {
echo "fail";
}
}
$dbContoller->dbClose();
} else {
echo "Pass invalid...";
}
} else {
echo "Connect is fail....";
}
} else {
// edit razor array ///////////////////////////////////////
BsocketB('admin-edit-razorarray', array(&$razorArray));
///////////////////////////////////////////////////////////
// login //
if (!isset($_SESSION['adminLogIn'])) {
if (isset($_POST['user']) && $_POST['user'] != '' && isset($_POST['pass']) && $_POST['pass'] != '') {
if (!checkLog()) {
if ($_POST['user'] == RAZOR_SADMIN_USER and createHash($_POST['pass'], substr(RAZOR_SADMIN_PASS, 0, strlen(RAZOR_SADMIN_PASS) / 2), 'sha1') == RAZOR_SADMIN_PASS) {
$_SESSION['loginTimeStamp'] = $ts = time();
$_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']);
$_SESSION['adminType'] = 'sadmin';
} elseif ($_POST['user'] == RAZOR_ADMIN_USER and createHash($_POST['pass'], substr(RAZOR_ADMIN_PASS, 0, strlen(RAZOR_ADMIN_PASS) / 2), 'sha1') == RAZOR_ADMIN_PASS) {
$_SESSION['loginTimeStamp'] = $ts = time();
$_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_ADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']);
$_SESSION['adminType'] = 'admin';
} elseif ($_POST['user'] == RAZOR_USER_USER and createHash($_POST['pass'], substr(RAZOR_USER_PASS, 0, strlen(RAZOR_USER_PASS) / 2), 'sha1') == RAZOR_USER_PASS) {
$_SESSION['loginTimeStamp'] = $ts = time();
$_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_USER_USER . $ts . $_SERVER['HTTP_USER_AGENT']);
$_SESSION['adminType'] = 'user';
} else {
loginLog();
}
} else {
MsgBox(lt('You have exceeded the max amount of login attempts in') . ' ' . RAZOR_LOGAT_TIME / 60 . ' ' . lt('minutes'), 'redbox');
}
}
} else {
if ($_SESSION['adminLogIn'] == sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $_SESSION['loginTimeStamp'] . $_SERVER['HTTP_USER_AGENT'])) {
$_SESSION['loginTimeStamp'] = $ts = time();
$_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']);
$_SESSION['adminType'] = 'sadmin';
function notifyExpirations()
{
global $con;
global $startTime;
global $mail;
global $errorCode;
global $sensitive;
if ($_REQUEST['pass'] != $sensitive['notifyPassword']) {
header("HTTP/1.1 403 Forbidden");
$errorCode = 403;
} else {
set_time_limit(0);
$unrenewedTextbooksQuery = "SELECT * FROM `textbooks` WHERE `renew` < '2016-09-30 23:59:59' AND `status` = 'unsold'";
//Need to make automated date finding eventually.
$unrenewedTextbooks = mysqli_query($con, $unrenewedTextbooksQuery);
$i = 0;
while ($row = mysqli_fetch_array($unrenewedTextbooks, MYSQLI_ASSOC)) {
if (isset($notifyUsers[$row['user_id']])) {
array_push($notifyUsers[$row['user_id']], $row['id']);
} else {
$notifyUsers[$row['user_id']] = array($row['id']);
}
$i++;
}
$numSent = 0;
foreach ($notifyUsers as $user => $value) {
$textbookTitles = array();
if ($numSent >= $_REQUEST['first'] && $numSent < $_REQUEST['first'] + 100) {
foreach ($notifyUsers[$user] as $textbookKey => $textbookId) {
$textbookTitle = mysqli_fetch_array(mysqli_query($con, "SELECT title FROM textbooks WHERE id = {$textbookId}"));
array_push($textbookTitles, $textbookTitle);
}
$userData = mysqli_fetch_array(mysqli_query($con, "SELECT id, email, name FROM users WHERE id = {$user}"));
$renewLink = "https://bearcatexchange.com?email=" . $userData['email'] . "&h=" . createHash(intval($userData['id']), -1);
$mail->addAddress($userData['email'], $userData['name']);
$subject = 'Renew Your Textbook Listings';
$mail->Subject = $subject;
$bodyText = "<div style='font-family: sans-serif; line-height: 2em;'>\n <h2 style='color: #007a5e'>It's time to renew your textbook listings!</h2>\n <div style='font-size: 1.2em;'>\n <div style='color:#000'>\n <p>The following listings are expiring on Bearcat Exchange. Once a listing is expired, it is automatically removed from the Bearcat Exchange to prevent older listings from cluttering your search. If you renew a listing, it will reappear at the top of Bearcat Exchange.</p>\n <p>If you've already sold these textbooks you may ignore this email. If not, <a href='{$renewLink}' style='color: #007a5e'>renew your textbooks now</a>!</p>\n <strong><ol>\n ";
foreach ($textbookTitles as $title) {
$bodyText .= "<li>" . $title[0] . "</li>";
}
$bodyText .= "\n </ol></strong>\n <p>Edit or renew any of your listings at <a href='{$renewLink}' style='color: #007a5e' >{$renewLink}</a>. Thank you for using <a href='https://bearcatexchange.com' style='color: #007a5e'>Bearcat Exchange</a>, the best way to buy and sell textbooks at Binghamton. If you experience technical difficulties, please contact us at <a href='mailto:support@bearcatexchange.com' style='color: #007a5e'>support@bearcatexchange.com</a>.</p>\n </div>\n </div>\n </div>\n ";
$mail->Body = $bodyText;
echo "Sending " . $numSent . "<br>";
sendEmail(0, $user, $subject, $bodyText, 1);
$mail->clearAddresses();
}
$numSent++;
}
die("Success");
}
}
<?php
include 'libaweb/seculib.php';
include 'libaweb/dblib.php';
$pass = "******";
//$_POST["pss"];
$dbContoller = new DbContoller();
if (!$dbContoller->isConn) {
echo "connect is fail!";
} else {
$dbContoller->noAutoCommit();
try {
//query here
$newSalt = genSalt();
$pass = createHash($newSalt, $pass);
$dbContoller->createPassword($pass, $newSalt);
$dbContoller->commit();
echo "success";
} catch (Exception $e) {
$dbContoller->rollback();
echo "Error : " . $e . ". Please try again...";
}
}
$dbContoller->dbClose();
