function pass_save() { global $smarty; $user = user_isonline(); $oldpass = @$_POST['oldpass']; $pass = @$_POST['loginpass']; $pass2 = @$_POST['loginpass2']; if ($pass == '') { pass_main(_('Please enter new password')); return false; } if ($pass != $pass2) { pass_main(_('New password does not match')); return false; } if (user_encrypt($oldpass) != $user['loginpass']) { pass_main(_('Current password is not correct')); return false; } $ret = user_passwd($user['id'], $pass); if ($ret !== true) { vpn_log($ret); pass_main(_("<p>{$ret}</p>" . '<p>There is an error occur, please contact us for help if you need.</p>')); return false; } $smarty->assign('tip_title', _('Successed')); $smarty->assign('tip_msg', _('Login password successfully changed')); $smarty->assign('redirect_url', 'account.php'); $smarty->display('tip.html'); }
public function login() { //Gather data from AJAX $data = json_decode(file_get_contents('php://input'), true); $return['error'] = -3; $return['value'] = null; //Sanitise inputs $result = $this->checkInput($data, array('username', 'password')); if ($result == '') { //Check if UID exists $uid = getUserUID($data['username']); if ($uid == null) { $return['error'] = -2; $return['value'] = "Invalid credentials"; } else { $saltedPw = crypt($data['password'], getSalt($data['username'])); if (checkSaltedPass($data['username'], $saltedPw)) { //Generates salt for username $salt = $this->generateSalt(); //Authenticated token $token = $data['username'] . $salt; //Authentication information $cookievars['username'] = $data['username']; $cookievars['salt'] = $salt; //Creates cookie with name of authenticated token, setcookie(user_encrypt($token), json_encode($cookievars), 0, "/"); //Returns with authenticated token $return['error'] = 0; $return['value'] = user_encrypt($token); } else { $return['error'] = -2; $return['value'] = "Invalid credentials"; } } } else { $return['error'] = -1; $return['value'] = $result; } $jsonstring = json_encode($return); echo $jsonstring; }
/** * 新建用户 * * @return 成功返回 true,失败返回错误信息 */ function user_add($email, $pass) { $qemail = addslashes($email); $qpass = addslashes(user_encrypt($pass)); $ts = time(NULL); $sql = "SELECT * FROM account WHERE email='{$qemail}'"; $res = db_query($sql); if ($res == false) { return _('Can create user while querying DB'); } if (db_num_rows($res) > 0) { return _('The user/email is exists'); } $credit = DEFAULT_USER_CREDIT * 100; $sql = "INSERT INTO account (email, regtime, loginpass, credit) VALUES ('{$qemail}', {$ts}, '{$qpass}', {$credit})"; $res = db_query($sql); if ($res == false) { return _('Can create user while updating DB'); } return true; }