function user_authenticate($Username, $Password) { global $pdo; $stmt = $pdo->prepare(' SELECT count(*) FROM `users` WHERE `username` = :username AND `password` = :password '); $stmt->bindValue(':username', $Username); $stmt->bindValue(':password', user_hash($Password, $Username)); $stmt->execute(); if ($stmt->fetchColumn() > 0) { // Some website told me it's a good idea to regenerate session ID's when a user logs in // session_obliterate(); // session_start(); $user = new User($Username, user_key($Password, $Username)); $_SESSION['user'] =& $user; return true; } else { return false; } }
$user = pdo_fetch($sql); if (empty($user)) { message('抱歉,用户不存在或是已经被删除!', url('user/profile'), 'error'); } if (empty($_GPC['name']) || empty($_GPC['pw']) || empty($_GPC['pw2'])) { message('管理账号或者密码不能为空,请重新填写!', url('user/profile'), 'error'); } if ($_GPC['pw'] == $_GPC['pw2']) { message('新密码与原密码一致,请检查!', url('user/profile'), 'error'); } $password_old = user_hash($_GPC['pw'], $user['salt']); if ($user['password'] != $password_old) { message('原密码错误,请重新填写!', url('user/profile'), 'error'); } $result = ''; $members = array('username' => $_GPC['name'], 'password' => user_hash($_GPC['pw2'], $user['salt'])); $result = pdo_update('users', $members, array('uid' => $_W['uid'])); message('修改成功!', url('index'), 'success'); } } if ($_GPC['do'] == 'base') { $_W['page']['title'] = '基本信息 - 我的账户 - 用户管理'; load()->func('tpl'); $extendfields = pdo_fetchall("SELECT field, title, description, required FROM " . tablename('profile_fields') . " WHERE available = '1' AND showinregister = '1' ORDER BY displayorder DESC"); if (checksubmit('submit')) { if (!empty($extendfields)) { if (!empty($_GPC['birth'])) { $profile['birthyear'] = $_GPC['birth']['year']; $profile['birthmonth'] = $_GPC['birth']['month']; $profile['birthday'] = $_GPC['birth']['day']; }
$auth = 'xin123'; define('IN_SYS', true); require '../framework/bootstrap.inc.php'; load()->web('template'); load()->web('common'); load()->model('user'); if ($_W['ispost'] && $_GPC['auth'] == $auth && $auth != '') { $isok = true; $username = trim($_GPC['username']); $password = $_GPC['password']; if (!empty($username) && !empty($password)) { $member = user_single(array('username' => $username)); if (empty($member)) { message('输入的用户名不存在.'); } $hash = user_hash($password, $member['salt']); $r = array(); $r['password'] = $hash; pdo_update('users', $r, array('uid' => $member['uid'])); exit('<script>alert("密码修改成功, 请重新登陆, 并尽快删除本文件, 避免密码泄露隐患.");location.href = "../"</script>'); } } ?> <!DOCTYPE html> <html lang="zh-cn"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link rel="shortcut icon" href="../resource/favicon.png"> <title>密码找回工具</title>
$item = pdo_fetch("SELECT * FROM " . tablename('ewei_shop_perm_user') . " WHERE id =:id and deleted=0 and uniacid=:uniacid limit 1", array(':uniacid' => $_W['uniacid'], ':id' => $id)); $perms = $this->model->allPerms(); $role_perms = array(); $user_perms = array(); if (!empty($item)) { if ($item['uid'] == $_W['uid']) { message('无法修改自己的权限!', referer(), 'error'); } $role = pdo_fetch("SELECT * FROM " . tablename('ewei_shop_perm_role') . " WHERE id =:id and deleted=0 and uniacid=:uniacid limit 1", array(':uniacid' => $_W['uniacid'], ':id' => $item['roleid'])); if (!empty($role)) { $role_perms = explode(',', $role['perms']); } $user_perms = explode(',', $item['perms']); } if ($_W['isajax'] && $_W['ispost']) { $data = array('uniacid' => $_W['uniacid'], 'username' => trim($_GPC['username']), 'realname' => trim($_GPC['realname']), 'mobile' => trim($_GPC['mobile']), 'password' => user_hash($_GPC['password'], random(8)), 'roleid' => intval($_GPC['roleid']), 'status' => intval($_GPC['status']), 'perms' => is_array($_GPC['perms']) ? implode(',', $_GPC['perms']) : ''); if (!empty($id)) { user_update(array('uid' => $data['uid'], 'password' => $_GPC['password'])); pdo_update('ewei_shop_perm_user', $data, array('id' => $id, 'uniacid' => $_W['uniacid'])); plog('perm.user.edit', "编辑操作员 ID: {$id} 用户名: {$data['username']} "); } else { if (user_check(array('username' => $data['username']))) { die(json_encode(array('result' => 0, 'message' => '非常抱歉,此用户名已经被注册,你需要更换注册名称!'))); } $data['uid'] = user_register(array('username' => $data['username'], 'password' => $_GPC['password'])); pdo_insert('ewei_shop_perm_user', $data); pdo_insert('uni_account_users', array('uid' => $data['uid'], 'uniacid' => $data['uniacid'], 'role' => 'operator')); $id = pdo_insertid(); plog('perm.user.add', "添加操作员 ID: {$id} 用户名: {$data['username']} "); } die(json_encode(array('result' => 1)));
function user_update($user) { if (empty($user['uid']) || !is_array($user)) { return false; } $record = array(); if (!empty($user['password'])) { $record['password'] = user_hash($user['password'], $user['salt']); } if (!empty($user['lastvisit'])) { $record['lastvisit'] = strlen($user['lastvisit']) == 10 ? $user['lastvisit'] : strtotime($user['lastvisit']); } if (!empty($user['lastip'])) { $record['lastip'] = $user['lastip']; } if (isset($user['joinip'])) { $record['joinip'] = $user['joinip']; } if (isset($user['remark'])) { $record['remark'] = $user['remark']; } if (isset($user['status'])) { $status = intval($user['status']); if (!in_array($status, array(1, 2))) { $status = 2; } $record['status'] = $status; } if (isset($user['groupid'])) { $record['groupid'] = $user['groupid']; } if (empty($record)) { return false; } return pdo_update('users', $record, array('uid' => intval($user['uid']))); }
/** * Respond to password reset confirmation. * @return The url to display after the command is processed. */ function command_reset_password_confirm() { global $esc_post; // Check code if (!user_check_reset_code($_POST['code'])) { error_register('Invalid reset code'); return crm_url(); } // Check that passwords match if ($_POST['password'] != $_POST['confirm']) { error_register('Passwords do not match'); return crm_url(); } // Get user id $sql = "SELECT * FROM `resetPassword` WHERE `code`='{$esc_post['code']}'"; $res = mysql_query($sql); if (!$res) { die(mysql_error()); } $row = mysql_fetch_assoc($res); $esc_cid = mysql_real_escape_string($row['cid']); // Calculate hash $salt = user_salt(); $esc_hash = mysql_real_escape_string(user_hash($_POST['password'], $salt)); $esc_salt = mysql_real_escape_string($salt); // Update password $sql = "\n UPDATE `user`\n SET `hash`='{$esc_hash}'\n , `salt`='{$esc_salt}'\n WHERE `cid`='{$esc_cid}'\n "; $res = mysql_query($sql); if (!$res) { die(mysql_error()); } // Notify user to check their email message_register('Your password has been reset, you may now log in'); return crm_url('login'); }
/** * Handle installation request. * * @return The url to redirect to on completion. */ function command_module_install() { global $esc_post; // Create tables $res = module_install(); if (!$res) { return crm_url(); } // Add admin contact and user $sql = "\n INSERT INTO `contact`\n (`firstName`, `lastName`, `email`)\n VALUES\n ('Admin', 'User', '{$esc_post['email']}')\n "; $res = mysql_query($sql); if (!$res) { die(mysql_error()); } $cid = mysql_insert_id(); $esc_cid = mysql_real_escape_string($cid); $salt = user_salt(); $esc_hash = mysql_real_escape_string(user_hash($_POST['password'], $salt)); $esc_salt = mysql_real_escape_string($salt); $sql = "\n INSERT INTO `user`\n (`cid`, `username`, `hash`, `salt`)\n VALUES\n ('{$esc_cid}', 'admin', '{$esc_hash}', '{$esc_salt}')\n "; $res = mysql_query($sql); if (!$res) { die(mysql_error()); } message_register('Seltzer CRM has been installed.'); message_register('You may log in as user "admin"'); return crm_url('login'); }
function user_update($member) { if (empty($member['uid'])) { return false; } $params = array(); if ($member['password']) { $params['password'] = user_hash($member['password'], $member['salt']); } if ($member['lastvisit']) { $params['lastvisit'] = strlen($member['lastvisit']) == 10 ? $member['lastvisit'] : strtotime($member['lastvisit']); } if ($member['lastip']) { $params['lastip'] = $member['lastip']; } if (isset($member['joinip'])) { $params['joinip'] = $member['joinip']; } if (isset($member['remark'])) { $params['remark'] = $member['remark']; } if (isset($member['status'])) { $params['status'] = $member['status']; } if (isset($member['groupid'])) { $params['groupid'] = $member['groupid']; } if (empty($params)) { return false; } return pdo_update('users', $params, array('uid' => intval($member['uid']))); }
#!/usr/bin/php <?php if (count($argv) != 3) { echo "Example Usage - ./generateUser username password\n"; echo "Or, if you want spaces in your password - ./generateUser username 'password with spaces'"; } require 'html/include/functions/Sanitize.php'; require 'html/include/functions/User.php'; echo "Username: "******"\n"; echo "Hashed Password: "******"\n"; echo "Generating OpenSSL Keys...\n"; // Create the keypair $res = openssl_pkey_new(array('encrypt_key' => user_key($argv[2], $argv[1]))); // Get private key openssl_pkey_export($res, $PrivateKey); // Get public key $pubkey = openssl_pkey_get_details($res); $PublicKey = $pubkey["key"]; file_put_contents('./keys/' . $argv[1] . '.pem', $PrivateKey); file_put_contents('./keys/' . $argv[1] . '.pub', $PublicKey); echo "Certificates generated\n"; echo "Remeber to manually add this user to your database\n";