function checkLogin($u, $p)
{
global $seed;
// global because $seed is declared in the header.php file
if (!valid_username($u) || !valid_password($p) || !user_exists($u)) {
return false;
// the name was not valid, or the password, or the username did not exist
}
//Now let us look for the user in the database.
$query = sprintf("\n\t\tSELECT loginid \n\t\tFROM login \n\t\tWHERE \n\t\tusername = '******' AND password = '******' \n\t\tAND disabled = 0 AND activated = 1 \n\t\tLIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
$result = mysql_query($query);
// If the database returns a 0 as result we know the login information is incorrect.
// If the database returns a 1 as result we know the login was correct and we proceed.
// If the database returns a result > 1 there are multple users
// with the same username and password, so the login will fail.
if (mysql_num_rows($result) != 1) {
return false;
} else {
// Login was successfull
$row = mysql_fetch_array($result);
// Save the user ID for use later
$_SESSION['loginid'] = $row['loginid'];
// Save the username for use later
$_SESSION['username'] = $u;
// Now we show the userbox
return true;
}
return false;
}
private function validateRegistration()
{
loadLibrary("validation.lib");
$user = secure($_POST["username"]);
$display = secure($_POST["display"]);
$pass1 = secure($_POST["pass1"]);
$pass2 = secure($_POST["pass2"]);
$email1 = secure($_POST["email1"]);
$email2 = secure($_POST["email2"]);
$res = valid_username($user);
if ($res !== true) {
$this->errors[] = $res;
}
$res = valid_displayname($display);
if ($res !== true) {
$this->errors[] = $res;
}
if ($pass1 !== $pass2) {
$this->errors[] = "passwords_dont_match";
} else {
$res = valid_password($pass1);
if ($res !== true) {
$this->errors[] = $res;
}
}
if ($email1 !== $email2) {
$this->errors[] = "emails_dont_match";
} else {
$res = valid_email($email1);
if ($res !== true) {
$this->errors[] = $res;
}
}
// Validate these next two for the most protective method.
if ($_POST["hideemail"] == "no") {
$hideemail = false;
} else {
$hideemail = true;
}
if ($_POST["receiveemail"] == "yes") {
$receiveemail = true;
} else {
$receiveemail = false;
}
// Check ToS box
if (!$_POST["tos"]) {
$this->errors[] = "tos_not_checked";
}
if (count($this->errors) == 0) {
// Add the user
global $yakbb;
$yakbb->db->insert("users", array("id" => 0, "username" => $user, "displayname" => $display, "password" => sha256($pass1), "email" => $email1, "emailshow" => $hideemail ? 0 : 1, "emailoptin" => $receiveemail ? 1 : 0, "activated" => 1, "activationcode" => "", "pending" => 0, "registeredtime" => time(), "lastip" => $yakbb->ip, "template" => $yakbb->config["default_template"], "language" => $yakbb->config["default_language"], "timezone" => $yakbb->config["default_timezone"]));
redirect("?action=login®=true");
}
}
function registerNewUser($username, $password, $password2, $email)
{
global $seed;
if (!valid_username($username) || !valid_password($password) || !valid_email($email) || $password != $password2 || user_exists($username)) {
return false;
}
$code = generate_code(20);
$sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')", mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed)), mysql_real_escape_string($email), mysql_real_escape_string($code));
if (mysql_query($sql)) {
$id = mysql_insert_id();
if (sendActivationEmail($username, $password, $id, $email, $code)) {
return true;
} else {
return false;
}
} else {
return false;
}
return false;
}
}
}
}
// for ($c = 0; $c < count($values['checktokens']); $c++)
}
// if (is_array($values['checktokens']))
} else {
if ($input['action'] == 'REGISTER') {
if (!isset($input['username']) || !valid_username($input['username'])) {
die("ERROR: A valid username was not specified. Usernames must use only " . "alphanumeric characters, hyphens, underscores, or periods. Must be " . "2 to 25 characters long.\n");
}
// TODO: Allow banning of email addresses with wildcard support
if (!isset($input['email']) || !valid_email($input['email'])) {
die("ERROR: A valid email was not specified.\n");
}
if (!isset($input['password']) || !valid_password($input['password'])) {
die("ERROR: Password must be between 4 and 30 characters long.\n");
}
// Load the DataLayer
@(include_once 'includes/datalayer.class.php');
// Make sure the DataLayer class loaded sucessfully
if (!class_exists('DataLayer')) {
die("ERROR: Unable to load DataLayer class.\n");
}
$dl = new DataLayer($config['datalayer']);
if ($dl === false) {
die("ERROR: Unable to connect to database.\n");
}
$values = $input;
// Check if the user already exists before going further
if ($dl->Player_Exists_ByUsername($values['username'])) {
//thu vien validate
require_once LIB_PATH . '/validate.php';
//Khoi tao bien
$loginError = array('message' => '', 'username' => '', 'password' => '');
//khoi tao bien ok
$loginOk = TRUE;
//Khoi tao bien luu du lieu
$username = trim($_POST["login-username"]);
$password = trim($_POST["login-password"]);
//validate du lieu
if (!valid_account($username)) {
$loginOk = FALSE;
//Thong tin loi
$loginError['username'] = '******';
}
if (!valid_password($password)) {
$loginOk = FALSE;
$loginError['password'] = '******';
} else {
$password = md5($password);
}
//Ket noi co so du lieu
require_once LIB_PATH . '/database.php';
db_connect();
if ($loginOk == TRUE) {
$checkUserQuery = "SELECT * FROM user WHERE uaccount = '{$username}' and upassword = '******'";
//Neu ton tai
if (db_select_num($checkUserQuery) > 0) {
//dang nhap thanh cong thi luu user vao session
$_SESSION["username"] = $username;
header('Location:' . BASE_URL . 'index.php');
$model["mac"] = $_GET["mac"];
$model["mode"] = "edit";
$model["focus"] = "password";
} else {
$model["mode"] = "add";
$model["focus"] = "mac";
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
/* validate all the entries */
if (valid_mac($model["mac"]) === false) {
invalid_entry($model, "mac");
}
if (valid_username($model["username"]) === false) {
invalid_entry($model, "username");
}
if (valid_password($model["password"]) === false) {
invalid_entry($model, "password");
}
$model["mac"] = strtoupper($model["mac"]);
foreach ($model["switch"] as $i => $switch) {
if (valid_ip($switch["host"]) === false) {
invalid_entry($model, "switch[{$i}][host]");
}
if (valid_call_limit($switch["call-limit"]) === false) {
invalid_entry($model, "switch[{$i}][call-limit]");
}
}
foreach ($model["gateway"] as $i => $gateway) {
if (valid_ip($gateway["host"]) === false) {
invalid_entry($model, "gateway[{$i}][host]");
}
}
/* Checks if the passwords match*/
if ($newuser->password == "") {
give_error("302");
} else {
if ($_POST['reg_password2'] == "") {
give_error("303");
} else {
if ($newuser->password != $_POST['reg_password2']) {
give_error("304");
}
}
}
/* סיסמאות אינן תואמות */
/* Checks if the password is valid */
if (valid_password($newuser->password)) {
give_error("309");
}
/* chcking if mail address is good */
if ($newuser->email == "") {
give_error("305");
}
/* לא הכנסת כתובת דואל */
if (valid_email($newuser->email)) {
give_error("307");
}
/* כתובת שגוייה */
/* Checks if mess_net selected. if selected, checks if mess_id was entered*/
if (valid_mess_id($newuser->mess_net, $newuser->mess_id)) {
give_error("306");
}
public function create_account()
{
//TODO: verify created account
$sp = '<br /> <br />';
$this->load->model('login_model');
$user_email = $this->input->post('user_email', TRUE);
$user_remail = $this->input->post('user_remail', TRUE);
$user_password = $this->input->post('user_password', TRUE);
$user_name = $this->input->post('user_name', TRUE);
$user_repass = $this->input->post('user_repass', TRUE);
$user_language = $this->input->post('language', TRUE);
$gmail = '';
$g_exists = false;
$account = array();
$retArray = array();
$success = true;
$invalid = false;
// flag to reduce redundant error messaging
$error = '';
// Do we have a name?
if (strlen($user_name) < 2) {
$success = false;
$error .= 'Please provide your name.';
if (strlen($user_name) === 1) {
$error .= ' (Seriously? Just one character?!)';
}
$error .= $sp;
}
// Is this a plausible e-mail address?
if (!email_valid($user_email)) {
$success = false;
$invalid = true;
$error .= 'Please provide a valid e-mail address.' . $sp;
}
// Does the e-mail address match the confirmation?
if (!$invalid && $user_email !== $user_remail) {
$success = false;
$error .= 'Please ensure your e-mail address is the same in both e-mail fields.' . $sp;
}
// Does the password meet the criteria?
$valid_password = valid_password($user_password, $user_email, $user_name);
if (!$valid_password['valid']) {
$success = false;
$invalid = true;
$error .= $valid_password['error'];
} else {
$invalid = false;
}
// Does the password match the confirmation?
if (!$invalid && $user_password !== $user_repass) {
$success = false;
$error .= 'Please ensure your password is the same in both password fields.' . $sp;
}
// Is this e-mail address already tied to an account?
if ($this->login_model->doesUserExist($user_email) && $success) {
// user was found; do NOT create account
$success = false;
$error .= 'We already have that e-mail in our user base.';
} else {
// user was not found; create account
// Is it a Gmail user? If so, check for alias
if (stristr($user_email, 'gmail.com')) {
$gmail_parts = explode('@', $user_email);
$g_user = str_replace('.', '', $gmail_parts[0]);
$g_user = str_replace('+', '', $g_user);
$gmail = $g_user . '@gmail.com';
$g_exists = $this->login_model->checkForGmail($gmail);
}
// Return messsage saying it's an existing Gmail alias
if ($g_exists) {
$error = 'It appears that your e-mail address is ';
$error .= 'an alias of a Gmail address that is already ';
$error .= 'registered. Should we create an accont with ';
$error .= 'this e-mail address anyway?';
$success = false;
}
if ($success) {
// no Gmail alias found; continue to create acct
$password = password_hash($user_password, PASSWORD_BCRYPT);
$account['username'] = $user_name;
$account['email'] = $user_email;
$account['password'] = $password;
$account['gmail'] = $gmail;
$account['language'] = $user_language;
$go_create = $this->login_model->addAccount($account);
if (!$go_create) {
$success = false;
$error .= 'There was a problem creating your account. ';
$error .= 'We don\'t know what happened, but it was ';
$error .= 'most likely our fault. We\'re terribly ';
$error .= 'sorry, and we\'ll look into the problem as ';
$error .= 'soon as possible.';
}
}
}
// Return stuff
$retArray['success'] = $success;
if ($success) {
// notify the webmaster that a new user has registered
$this->load->helper('genmail');
$mail_info['to'] = '*****@*****.**';
$mail_info['subject'] = ' *** NEW LTD USER ***';
$message = 'The following user has registered for an account:<br />';
foreach ($account as $k => $v) {
$message .= $k . ': ' . $v . '<br />';
}
$message .= '<br />Server info:<br />';
foreach ($_SERVER as $kk => $vv) {
$message .= $kk . ': ' . json_encode($vv) . '<br />';
}
$mail_info['message'] = $message;
gen_mail($mail_info);
// see if the user has any dogs already registered
$dogs = $this->login_model->retrieveDogs($this->session->userdata('insert_id'), true);
if ($dogs) {
$retArray['dogs'] = $dogs;
}
$retArray['creds'] = array('email' => $user_email, 'password' => $user_password);
}
if (strlen($error) > 0) {
$retArray['error'] = $error;
}
echo json_encode($retArray);
}
usort($xml_array_g, create_function('$a,$b', 'return strcasecmp($a["ID"],$b["ID"]);'));
if (! $project_cnt )
die("<br /><br /><center>You have not been authorized to access any project. Please contact support.");
*/
###########################################################
# MAIN PROGRAM LOGIC BLOCK: WHAT PAGE TO DISPLAY? #
###########################################################
switch ($page) {
# LOGIN PAGE & AUTHENTICATION. IN: $userLogin[] array , $failed flag
case "login":
if ($just_posted) {
$user_login = $_POST["userLogin"];
$index = "";
if (valid_password($user_login, $user_table, $index)) {
# If matched, user index is passed back by reference
$user_entry = $user_table[$index];
$selected_project = $user_login["project_name"];
$cookie = build_new_session_cookie($user_entry, $selected_project);
if ($user_login["password"] == 'codetrack') {
# First time login for Administrators
set_session_cookie_load_page($cookie, "changepassword");
} else {
set_session_cookie_load_page($cookie, "home");
}
exit;
# We have to stop execution following set_session...()
} else {
header("Location: codetrack.php?page=login&failed=y");
exit;
public function save_password()
{
$password = $this->params->data['password'];
$new_password = $this->params->data['new_password'];
$repeat_new_password = $this->params->data['repeat_new_password'];
if (!valid_password($password) or !valid_password($new_password) or !valid_password($repeat_new_password)) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'passwords_invalid')));
exit;
}
if ($new_password !== $repeat_new_password) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'pass1_not_equival_pass2')));
exit;
}
$real_pwd = $this->user_data["User"]["password"];
$password_hash = get_hash(Configure::read('USER_AUTH_SALT'), $password);
if ($password_hash == $real_pwd) {
$this->User->id = $this->user_data["User"]["id"];
$new_pass_hash = get_hash(Configure::read('USER_AUTH_SALT'), $new_password);
$this->User->save(array('password' => $new_pass_hash));
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'password_saved')));
exit;
} else {
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'wrong_password')));
exit;
}
}
function valid_password_hide($str)
{
return valid_password($str);
}
//nopost -> return
if (isset($_POST['un'])) {
$un = $_POST['un'];
} else {
urlto("index.php");
}
if (isset($_POST['pw'])) {
$pw = $_POST['pw'];
} else {
urlto("index.php");
}
//check data
if (!valid_username($un)) {
urlto("index.php?msg=2");
}
if (!valid_password($pw)) {
urlto("index.php?msg=2");
}
$con = mysql_connectEx();
$sql = "SELECT * FROM `motal_users` WHERE `username`='" . $un . "'";
echo $sql . "<hr>";
$result = mysql_query($sql);
$row = @mysql_fetch_array($result);
if (isset($row['username'])) {
//check hashed data
$pw = sha1($un . $pw);
if ($pw == $row['password']) {
$_SESSION['uid'] = $row['id'];
urlto("main.php");
} else {
urlto("index.php?msg=3");
public function doResetPassword()
{
$retArray = array('success' => false, 'error_message' => '');
$success = true;
$invalid = false;
$reset_pw = $this->input->post('reset_pw', TRUE);
$reset_conf = $this->input->post('reset_conf', TRUE);
$username = $this->input->post('username', TRUE);
$email = $this->input->post('email', TRUE);
$is_valid = valid_password($reset_pw, $email, $username);
if (!$is_valid['valid']) {
$retArray['success'] = false;
$retArray['error_message'] = $is_valid['error'];
$success = false;
$invalid = true;
}
if ($reset_pw !== $reset_conf) {
$invalid = true;
$retArray['error_message'] .= 'Please ensure your password is the same in both fields.<br /> <br />';
$success = false;
}
if ($success) {
$new_pass = password_hash($reset_pw, PASSWORD_BCRYPT);
$this->load->model('account_model');
$change = $this->account_model->updatePassword($email, $new_pass);
$retArray['success'] = $change['success'];
}
if ($retArray['success']) {
$retArray['message'] = 'You will be redirected to the home page and may log in there.';
}
echo json_encode($retArray);
exit;
}
function insert_user($userdat)
{
// Creates a new user on the forum
global $yakbb;
// List fields that this function can provide.
$valid_fields = array("username", "displayname", "password", "email", "emailshow", "emailoptin");
$required_fields = array("username", "password", "email");
// Validate that ONLY these fields are provided. Then, validate required fields
$fields_provided = array_keys($userdat);
foreach ($fields_provided as $k => $item) {
if (!in_array($item, $valid_fields)) {
unset($userdat[$item]);
// Remove the invalid item
}
}
foreach ($required_fields as $k => $item) {
if (!in_array($item, $fields_provided)) {
record_yakbb_error("Missed field \"" . $item . "\" in call to insert_user().");
return false;
}
}
// Set the data that will ALWAYS be this way
$userdat["group"] = 0;
$userdat["activated"] = 1;
$userdat["activationcode"] = "";
// Sent via e-mail
$userdat["pending"] = 0;
// Admin approval required?
$userdat["registeredtime"] = time();
$userdat["lastip"] = $yakbb->ip;
$userdat["template"] = $yakbb->config["default_template"];
$userdat["language"] = $yakbb->config["default_language"];
$userdat["timezone"] = $yakbb->config["default_timezone"];
// Set the data that is optional. intval() is used to force integer value upon certain ones
$userdat["emailshow"] = isset($userdat["emailshow"]) ? intval($userdat["emailshow"]) : 0;
$userdat["emailoptin"] = isset($userdat["emailoptin"]) ? intval($userdat["emailoptin"]) : 0;
$userdat["displayname"] = isset($userdat["displayname"]) ? $userdat["displayname"] : $userdat["username"];
// Validate inputted data
if (!function_exists("valid_username")) {
loadLibrary("validation.lib");
}
$errors = array();
$res = valid_username($userdat["username"]);
if ($res !== true) {
$errors[] = $res;
}
$res = valid_displayname($userdat["displayname"]);
if ($res !== true) {
$errors[] = $res;
}
$res = valid_password($userdat["password"]);
if ($res !== true) {
$errors[] = $res;
}
$res = valid_email($userdat["email"]);
if ($res !== true) {
$errors[] = $res;
}
if (count($errors) == 0) {
$yakbb->db->insert("users", $userdat);
return true;
} else {
return $errors;
}
}
public function save()
{
$data = $this->params['data'];
$password = $data['PasswordRecover']['password'];
$password2 = $data['PasswordRecover']['password2'];
if (!valid_password($password) or !valid_password($password2)) {
$this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'false_password')));
exit;
}
if ($password != $password2) {
$this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'pass1_not_equals_pass2')));
exit;
}
$mail = $this->Session->read('mail');
if (empty($mail) or !filter_var($mail, FILTER_VALIDATE_EMAIL)) {
die(L('FALSE_USER_MAIL'));
}
//поиск ключа по базе
$find_user = $this->User->find('first', array('conditions' => array('mail' => $mail)));
if (count($find_user) == 0) {
$this->redirect(array('controller' => 'recovery', 'action' => 'failed'));
exit;
} else {
//форма смены пароля
$user_id = $find_user['User']['id'];
$md_password = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$data_to_save = array('password' => $md_password);
$this->User->id = $user_id;
$this->User->save($data_to_save);
$this->redirect(array('controller' => 'recovery', 'action' => 'success'));
exit;
}
}
ForgetPassword();
break;
case "mailpasswd":
if ($uname != "" and $code != "") {
if (strlen($code) >= $minpass) {
mail_password($uname, $code);
} else {
message_error("<i class=\"fa fa-exclamation\"></i> " . translate("You did not enter the correct password, please go back and try again.") . "<br /><br />", "");
}
} else {
main($user);
}
break;
case "validpasswd":
if ($code != "") {
valid_password($code);
} else {
main($user);
}
break;
case "updatepasswd":
if ($code != "" and $passwd != "") {
update_password($code, $passwd);
} else {
main($user);
}
break;
case "userinfo":
if ($member_list == 1 and (!isset($user) and !isset($admin))) {
Header("Location: index.php");
}
private function loadUser()
{
$this->user = array("id" => 0, "username" => "Guest", "group" => -1, "template" => $this->config["default_template"], "language" => $this->config["default_language"]);
$this->smarty->assign("guest", true);
$this->smarty->assign("admin_access", false);
if (getYakCookie("username") != "" && getYakCookie("password") != "") {
// Check login
$user = secure(getYakCookie("username"));
$pass = getYakCookie("password");
loadLibrary("validation.lib");
if (valid_username($user) === true && valid_password($pass) === true) {
$this->db->query("\r\n\t\t\t\t\tSELECT\r\n\t\t\t\t\t\t*\r\n\t\t\t\t\tFROM\r\n\t\t\t\t\t\tyakbb_users\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\t\tusername = '******'\r\n\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t1\r\n\t\t\t\t");
if ($this->db->numRows() == 1) {
$x = $this->db->fetch();
if ($x["password"] === $pass) {
$this->user = $x;
$this->smarty->assign("guest", false);
}
}
}
}
}
private function validate()
{
loadLibrary("validation.lib");
$user = secure($_POST["username"]);
$pass = $_POST["password"];
$reg = valid_username($user);
if ($reg !== true) {
$this->errors[] = $reg;
}
$reg = valid_password($pass);
if ($reg !== true) {
$this->errors[] = $reg;
}
if (count($this->errors) == 0) {
// Check actual login data now
global $yakbb;
$yakbb->db->query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tpassword\r\n\t\t\t\tFROM\r\n\t\t\t\t\tyakbb_users\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tusername = '******'\r\n\t\t\t\tLIMIT\r\n\t\t\t\t\t1\r\n\t\t\t");
$x = $yakbb->db->fetch();
if ($yakbb->db->numRows() == 0) {
$this->errors[] = "user_doesnt_exist";
} else {
if (sha256($pass) !== $x["password"]) {
$this->errors[] = "password_incorrect";
} else {
// Login
setYakCookie("username", $user, time() + 60 * 60 * 24 * 180);
setYakCookie("password", sha256($pass), time() + 60 * 60 * 24 * 180);
redirect("?");
}
}
}
}
