function getPWDHash($pwd, $salt = null)
{
if (strlen(getConfig("PWD_HASH_TYPE")) <= 0 || !getConfig("PWD_HASH_TYPE")) {
setConfig("PWD_HASH_TYPE", "logiks");
}
if (!isValidMd5($pwd)) {
$pwd = md5($pwd);
}
switch (strtolower(getConfig("PWD_HASH_TYPE"))) {
case 'md5':
return md5($pwd);
break;
case 'sha1':
return sha1($pwd);
break;
/*case "shamd5":
return sha1(md5($pwd));
break;*/
/*case "shamd5":
return sha1(md5($pwd));
break;*/
default:
if ($salt == null || strlen($salt) <= 0 || $salt === false) {
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$options = ['cost' => getConfig("HASH_COST"), 'salt' => $salt];
$hash = password_hash($pwd, PASSWORD_BCRYPT, $options);
$options['hash'] = $hash;
return $options;
} else {
$options = ['cost' => getConfig("HASH_COST"), 'salt' => $salt];
$hash = password_hash($pwd, PASSWORD_BCRYPT, $options);
$options['hash'] = $hash;
return $options;
}
break;
}
return "";
}
private function listenForEvents($inp, $user, $sess)
{
$need = $inp['obj']['need'];
if (isset($inp['obj']['qid'])) {
$queueid = $inp['obj']['qid'];
} else {
$queueid = '';
}
$sid = $inp['sid'];
$needsendqid = false;
if (!isValidMd5($queueid)) {
$queueid = randHash();
$needsendqid = true;
}
$sysipc = new DVIPCSys();
$useripc = new DVIPCUser($sid);
$sysipc->registerIPC($sid);
$useripc->register($queueid);
$sysevent = $useripc->listenForEvent();
if ($sysevent['type'] == 'idle') {
if ($needsendqid) {
$sysevent['qid'] = $queueid;
}
$ret['objs']['event'] = $sysevent;
$ret['result'] = 'success';
return $ret;
}
//check tags
$systags = $sysevent['tags'];
$systagsarr = explode(' ', $systags);
unset($need['_isarr']);
foreach ($need as $ind => $tags) {
$needtags = $tags['tags'];
$needtagsarr = explode(' ', $needtags);
if (count($needtagsarr) > 0) {
if ($needtagsarr == array_values(array_intersect($systagsarr, $needtagsarr))) {
$clevent = $sysevent;
$systagsarr['_isarr'] = '_isarr';
$clevent['tags'] = $systagsarr;
if (isset($clevent['objs'])) {
// $filter = new DvObjFilter();
// $clevent['objs'] = $filter->filter($clevent['objs'], $user, $clevent['tags']);
}
if ($needsendqid) {
$clevent['qid'] = $queueid;
}
$ret['objs']['event'] = $clevent;
$ret['result'] = 'success';
return $ret;
}
}
}
return $this->listenForEvents($inp, $user, $sess);
}
$api_caller;
if (!check_api_access($api_caller)) {
die(json_encode($api_caller));
}
log_api_action($api_caller['id'], "logging in to user: "******"SELECT state,password,password_salt,id from users where (username = ? or email = ?)");
$stmt->bind_param('ss', $username, $username);
$stmt->execute();
$stmt->bind_result($method, $password_h, $password_salt, $uid);
$stmt->fetch();
$stmt->close();
if (isValidMd5($password_h)) {
$cv_hash = cv_hash($password);
if ($password_h == $cv_hash) {
updatePassword($uid, $password);
$login = true;
}
} elseif ($method != 3) {
$nc_hash = hashpass($password);
if ($password_h == $nc_hash) {
updatePassword($uid, $password);
$login = true;
}
} else {
$options = ['cost' => 11, 'salt' => $password_salt];
$pwd_h = password_hash($password, PASSWORD_BCRYPT, $options);
if ($password_h == $pwd_h) {
<?php
$urlGET = isset($_GET["url"]) ? $_GET["url"] : "NONE";
if ($urlGET != "NONE" && !isValidMd5($urlGET)) {
$urlGET = "NONE";
}
$currentUrl = "NONE";
function isValidMd5($md5)
{
return !empty($md5) && preg_match('/^[a-f0-9]{32}$/', $md5);
}
$conection = @mysql_connect("localhost", "user", "pass") or die("error connection");
@mysql_select_db("pocs", $conection) or die("error select db");
$sql = "SELECT * FROM shortener WHERE (hash = '{$urlGET}') LIMIT 1";
$retval = @mysql_query($sql) or die("error query");
while ($row = mysql_fetch_array($retval, MYSQL_ASSOC)) {
$currentUrl = $row["url"];
break;
}
@mysql_close($conection) or die("error close");
if ($currentUrl != "NONE") {
header("Location: {$currentUrl}");
}
write_error_to_log("API Changement mot de passe", "Paramètres manquants, 'pseudoPost', 'actualPasswordPost', 'newPasswordPost' et/ou 'confirmPasswordPost' ne sont pas renseignés");
die('{"status_code":0,"error_description":"undeclared variables"}');
}
// Le nouveau mot de passe doit être égal à la confirmation
if ($_POST['newPasswordPost'] != $_POST['confirmPasswordPost']) {
// Les mots de passe sont différents
die('{"status_code":0,"error_description":"passwords don\'t match"}');
}
/************************/
// MYSQL //
/************************/
try {
// Connexion à la base de données avec l'utilisateur "db_writer_music"
$connexion = new PDO("mysql:host={$DB_HOST};dbname={$DB_NAME}", $DB_WRITER_LOGIN, $DB_WRITER_PSW);
// On vérifie si l'argument "newPasswordPost" est un hash MD5
if (isValidMd5($_POST['newPasswordPost'])) {
// L'argument est bien un hash MD5
$newPassword = $_POST['newPasswordPost'];
} else {
// L'argument n'est pas un hash MD5, on le calcul alors
$newPassword = md5($_POST['newPasswordPost']);
}
} catch (PDOException $e) {
// Une erreur est survenue lors de la connexion à la base de données
write_error_to_log("API Changement mot de passe", "Connexion à la base de données impossible : " . $e->getMessage());
die('{"status_code":0, "error_description":"connection to database failed"}');
}
/****************************/
// Verification utilisateur //
/****************************/
// On génére la commande SQL nous permettant de vérifier si l'utilisateur est