function checkLogin($u, $p) { global $seed; // global because $seed is declared in the header.php file if (!valid_username($u) || !valid_password($p) || !user_exists($u)) { return false; // the name was not valid, or the password, or the username did not exist } //Now let us look for the user in the database. $query = sprintf("\n\t\tSELECT loginid \n\t\tFROM login \n\t\tWHERE \n\t\tusername = '******' AND password = '******' \n\t\tAND disabled = 0 AND activated = 1 \n\t\tLIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed))); $result = mysql_query($query); // If the database returns a 0 as result we know the login information is incorrect. // If the database returns a 1 as result we know the login was correct and we proceed. // If the database returns a result > 1 there are multple users // with the same username and password, so the login will fail. if (mysql_num_rows($result) != 1) { return false; } else { // Login was successfull $row = mysql_fetch_array($result); // Save the user ID for use later $_SESSION['loginid'] = $row['loginid']; // Save the username for use later $_SESSION['username'] = $u; // Now we show the userbox return true; } return false; }
private function validateRegistration() { loadLibrary("validation.lib"); $user = secure($_POST["username"]); $display = secure($_POST["display"]); $pass1 = secure($_POST["pass1"]); $pass2 = secure($_POST["pass2"]); $email1 = secure($_POST["email1"]); $email2 = secure($_POST["email2"]); $res = valid_username($user); if ($res !== true) { $this->errors[] = $res; } $res = valid_displayname($display); if ($res !== true) { $this->errors[] = $res; } if ($pass1 !== $pass2) { $this->errors[] = "passwords_dont_match"; } else { $res = valid_password($pass1); if ($res !== true) { $this->errors[] = $res; } } if ($email1 !== $email2) { $this->errors[] = "emails_dont_match"; } else { $res = valid_email($email1); if ($res !== true) { $this->errors[] = $res; } } // Validate these next two for the most protective method. if ($_POST["hideemail"] == "no") { $hideemail = false; } else { $hideemail = true; } if ($_POST["receiveemail"] == "yes") { $receiveemail = true; } else { $receiveemail = false; } // Check ToS box if (!$_POST["tos"]) { $this->errors[] = "tos_not_checked"; } if (count($this->errors) == 0) { // Add the user global $yakbb; $yakbb->db->insert("users", array("id" => 0, "username" => $user, "displayname" => $display, "password" => sha256($pass1), "email" => $email1, "emailshow" => $hideemail ? 0 : 1, "emailoptin" => $receiveemail ? 1 : 0, "activated" => 1, "activationcode" => "", "pending" => 0, "registeredtime" => time(), "lastip" => $yakbb->ip, "template" => $yakbb->config["default_template"], "language" => $yakbb->config["default_language"], "timezone" => $yakbb->config["default_timezone"])); redirect("?action=login®=true"); } }
function registerNewUser($username, $password, $password2, $email) { global $seed; if (!valid_username($username) || !valid_password($password) || !valid_email($email) || $password != $password2 || user_exists($username)) { return false; } $code = generate_code(20); $sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')", mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed)), mysql_real_escape_string($email), mysql_real_escape_string($code)); if (mysql_query($sql)) { $id = mysql_insert_id(); if (sendActivationEmail($username, $password, $id, $email, $code)) { return true; } else { return false; } } else { return false; } return false; }
} } } // for ($c = 0; $c < count($values['checktokens']); $c++) } // if (is_array($values['checktokens'])) } else { if ($input['action'] == 'REGISTER') { if (!isset($input['username']) || !valid_username($input['username'])) { die("ERROR: A valid username was not specified. Usernames must use only " . "alphanumeric characters, hyphens, underscores, or periods. Must be " . "2 to 25 characters long.\n"); } // TODO: Allow banning of email addresses with wildcard support if (!isset($input['email']) || !valid_email($input['email'])) { die("ERROR: A valid email was not specified.\n"); } if (!isset($input['password']) || !valid_password($input['password'])) { die("ERROR: Password must be between 4 and 30 characters long.\n"); } // Load the DataLayer @(include_once 'includes/datalayer.class.php'); // Make sure the DataLayer class loaded sucessfully if (!class_exists('DataLayer')) { die("ERROR: Unable to load DataLayer class.\n"); } $dl = new DataLayer($config['datalayer']); if ($dl === false) { die("ERROR: Unable to connect to database.\n"); } $values = $input; // Check if the user already exists before going further if ($dl->Player_Exists_ByUsername($values['username'])) {
//thu vien validate require_once LIB_PATH . '/validate.php'; //Khoi tao bien $loginError = array('message' => '', 'username' => '', 'password' => ''); //khoi tao bien ok $loginOk = TRUE; //Khoi tao bien luu du lieu $username = trim($_POST["login-username"]); $password = trim($_POST["login-password"]); //validate du lieu if (!valid_account($username)) { $loginOk = FALSE; //Thong tin loi $loginError['username'] = '******'; } if (!valid_password($password)) { $loginOk = FALSE; $loginError['password'] = '******'; } else { $password = md5($password); } //Ket noi co so du lieu require_once LIB_PATH . '/database.php'; db_connect(); if ($loginOk == TRUE) { $checkUserQuery = "SELECT * FROM user WHERE uaccount = '{$username}' and upassword = '******'"; //Neu ton tai if (db_select_num($checkUserQuery) > 0) { //dang nhap thanh cong thi luu user vao session $_SESSION["username"] = $username; header('Location:' . BASE_URL . 'index.php');
$model["mac"] = $_GET["mac"]; $model["mode"] = "edit"; $model["focus"] = "password"; } else { $model["mode"] = "add"; $model["focus"] = "mac"; } if ($_SERVER["REQUEST_METHOD"] == "POST") { /* validate all the entries */ if (valid_mac($model["mac"]) === false) { invalid_entry($model, "mac"); } if (valid_username($model["username"]) === false) { invalid_entry($model, "username"); } if (valid_password($model["password"]) === false) { invalid_entry($model, "password"); } $model["mac"] = strtoupper($model["mac"]); foreach ($model["switch"] as $i => $switch) { if (valid_ip($switch["host"]) === false) { invalid_entry($model, "switch[{$i}][host]"); } if (valid_call_limit($switch["call-limit"]) === false) { invalid_entry($model, "switch[{$i}][call-limit]"); } } foreach ($model["gateway"] as $i => $gateway) { if (valid_ip($gateway["host"]) === false) { invalid_entry($model, "gateway[{$i}][host]"); }
} /* Checks if the passwords match*/ if ($newuser->password == "") { give_error("302"); } else { if ($_POST['reg_password2'] == "") { give_error("303"); } else { if ($newuser->password != $_POST['reg_password2']) { give_error("304"); } } } /* סיסמאות אינן תואמות */ /* Checks if the password is valid */ if (valid_password($newuser->password)) { give_error("309"); } /* chcking if mail address is good */ if ($newuser->email == "") { give_error("305"); } /* לא הכנסת כתובת דואל */ if (valid_email($newuser->email)) { give_error("307"); } /* כתובת שגוייה */ /* Checks if mess_net selected. if selected, checks if mess_id was entered*/ if (valid_mess_id($newuser->mess_net, $newuser->mess_id)) { give_error("306"); }
public function create_account() { //TODO: verify created account $sp = '<br /> <br />'; $this->load->model('login_model'); $user_email = $this->input->post('user_email', TRUE); $user_remail = $this->input->post('user_remail', TRUE); $user_password = $this->input->post('user_password', TRUE); $user_name = $this->input->post('user_name', TRUE); $user_repass = $this->input->post('user_repass', TRUE); $user_language = $this->input->post('language', TRUE); $gmail = ''; $g_exists = false; $account = array(); $retArray = array(); $success = true; $invalid = false; // flag to reduce redundant error messaging $error = ''; // Do we have a name? if (strlen($user_name) < 2) { $success = false; $error .= 'Please provide your name.'; if (strlen($user_name) === 1) { $error .= ' (Seriously? Just one character?!)'; } $error .= $sp; } // Is this a plausible e-mail address? if (!email_valid($user_email)) { $success = false; $invalid = true; $error .= 'Please provide a valid e-mail address.' . $sp; } // Does the e-mail address match the confirmation? if (!$invalid && $user_email !== $user_remail) { $success = false; $error .= 'Please ensure your e-mail address is the same in both e-mail fields.' . $sp; } // Does the password meet the criteria? $valid_password = valid_password($user_password, $user_email, $user_name); if (!$valid_password['valid']) { $success = false; $invalid = true; $error .= $valid_password['error']; } else { $invalid = false; } // Does the password match the confirmation? if (!$invalid && $user_password !== $user_repass) { $success = false; $error .= 'Please ensure your password is the same in both password fields.' . $sp; } // Is this e-mail address already tied to an account? if ($this->login_model->doesUserExist($user_email) && $success) { // user was found; do NOT create account $success = false; $error .= 'We already have that e-mail in our user base.'; } else { // user was not found; create account // Is it a Gmail user? If so, check for alias if (stristr($user_email, 'gmail.com')) { $gmail_parts = explode('@', $user_email); $g_user = str_replace('.', '', $gmail_parts[0]); $g_user = str_replace('+', '', $g_user); $gmail = $g_user . '@gmail.com'; $g_exists = $this->login_model->checkForGmail($gmail); } // Return messsage saying it's an existing Gmail alias if ($g_exists) { $error = 'It appears that your e-mail address is '; $error .= 'an alias of a Gmail address that is already '; $error .= 'registered. Should we create an accont with '; $error .= 'this e-mail address anyway?'; $success = false; } if ($success) { // no Gmail alias found; continue to create acct $password = password_hash($user_password, PASSWORD_BCRYPT); $account['username'] = $user_name; $account['email'] = $user_email; $account['password'] = $password; $account['gmail'] = $gmail; $account['language'] = $user_language; $go_create = $this->login_model->addAccount($account); if (!$go_create) { $success = false; $error .= 'There was a problem creating your account. '; $error .= 'We don\'t know what happened, but it was '; $error .= 'most likely our fault. We\'re terribly '; $error .= 'sorry, and we\'ll look into the problem as '; $error .= 'soon as possible.'; } } } // Return stuff $retArray['success'] = $success; if ($success) { // notify the webmaster that a new user has registered $this->load->helper('genmail'); $mail_info['to'] = '*****@*****.**'; $mail_info['subject'] = ' *** NEW LTD USER ***'; $message = 'The following user has registered for an account:<br />'; foreach ($account as $k => $v) { $message .= $k . ': ' . $v . '<br />'; } $message .= '<br />Server info:<br />'; foreach ($_SERVER as $kk => $vv) { $message .= $kk . ': ' . json_encode($vv) . '<br />'; } $mail_info['message'] = $message; gen_mail($mail_info); // see if the user has any dogs already registered $dogs = $this->login_model->retrieveDogs($this->session->userdata('insert_id'), true); if ($dogs) { $retArray['dogs'] = $dogs; } $retArray['creds'] = array('email' => $user_email, 'password' => $user_password); } if (strlen($error) > 0) { $retArray['error'] = $error; } echo json_encode($retArray); }
usort($xml_array_g, create_function('$a,$b', 'return strcasecmp($a["ID"],$b["ID"]);')); if (! $project_cnt ) die("<br /><br /><center>You have not been authorized to access any project. Please contact support."); */ ########################################################### # MAIN PROGRAM LOGIC BLOCK: WHAT PAGE TO DISPLAY? # ########################################################### switch ($page) { # LOGIN PAGE & AUTHENTICATION. IN: $userLogin[] array , $failed flag case "login": if ($just_posted) { $user_login = $_POST["userLogin"]; $index = ""; if (valid_password($user_login, $user_table, $index)) { # If matched, user index is passed back by reference $user_entry = $user_table[$index]; $selected_project = $user_login["project_name"]; $cookie = build_new_session_cookie($user_entry, $selected_project); if ($user_login["password"] == 'codetrack') { # First time login for Administrators set_session_cookie_load_page($cookie, "changepassword"); } else { set_session_cookie_load_page($cookie, "home"); } exit; # We have to stop execution following set_session...() } else { header("Location: codetrack.php?page=login&failed=y"); exit;
public function save_password() { $password = $this->params->data['password']; $new_password = $this->params->data['new_password']; $repeat_new_password = $this->params->data['repeat_new_password']; if (!valid_password($password) or !valid_password($new_password) or !valid_password($repeat_new_password)) { $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'passwords_invalid'))); exit; } if ($new_password !== $repeat_new_password) { $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'pass1_not_equival_pass2'))); exit; } $real_pwd = $this->user_data["User"]["password"]; $password_hash = get_hash(Configure::read('USER_AUTH_SALT'), $password); if ($password_hash == $real_pwd) { $this->User->id = $this->user_data["User"]["id"]; $new_pass_hash = get_hash(Configure::read('USER_AUTH_SALT'), $new_password); $this->User->save(array('password' => $new_pass_hash)); $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'password_saved'))); exit; } else { $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'wrong_password'))); exit; } }
function valid_password_hide($str) { return valid_password($str); }
//nopost -> return if (isset($_POST['un'])) { $un = $_POST['un']; } else { urlto("index.php"); } if (isset($_POST['pw'])) { $pw = $_POST['pw']; } else { urlto("index.php"); } //check data if (!valid_username($un)) { urlto("index.php?msg=2"); } if (!valid_password($pw)) { urlto("index.php?msg=2"); } $con = mysql_connectEx(); $sql = "SELECT * FROM `motal_users` WHERE `username`='" . $un . "'"; echo $sql . "<hr>"; $result = mysql_query($sql); $row = @mysql_fetch_array($result); if (isset($row['username'])) { //check hashed data $pw = sha1($un . $pw); if ($pw == $row['password']) { $_SESSION['uid'] = $row['id']; urlto("main.php"); } else { urlto("index.php?msg=3");
public function doResetPassword() { $retArray = array('success' => false, 'error_message' => ''); $success = true; $invalid = false; $reset_pw = $this->input->post('reset_pw', TRUE); $reset_conf = $this->input->post('reset_conf', TRUE); $username = $this->input->post('username', TRUE); $email = $this->input->post('email', TRUE); $is_valid = valid_password($reset_pw, $email, $username); if (!$is_valid['valid']) { $retArray['success'] = false; $retArray['error_message'] = $is_valid['error']; $success = false; $invalid = true; } if ($reset_pw !== $reset_conf) { $invalid = true; $retArray['error_message'] .= 'Please ensure your password is the same in both fields.<br /> <br />'; $success = false; } if ($success) { $new_pass = password_hash($reset_pw, PASSWORD_BCRYPT); $this->load->model('account_model'); $change = $this->account_model->updatePassword($email, $new_pass); $retArray['success'] = $change['success']; } if ($retArray['success']) { $retArray['message'] = 'You will be redirected to the home page and may log in there.'; } echo json_encode($retArray); exit; }
function insert_user($userdat) { // Creates a new user on the forum global $yakbb; // List fields that this function can provide. $valid_fields = array("username", "displayname", "password", "email", "emailshow", "emailoptin"); $required_fields = array("username", "password", "email"); // Validate that ONLY these fields are provided. Then, validate required fields $fields_provided = array_keys($userdat); foreach ($fields_provided as $k => $item) { if (!in_array($item, $valid_fields)) { unset($userdat[$item]); // Remove the invalid item } } foreach ($required_fields as $k => $item) { if (!in_array($item, $fields_provided)) { record_yakbb_error("Missed field \"" . $item . "\" in call to insert_user()."); return false; } } // Set the data that will ALWAYS be this way $userdat["group"] = 0; $userdat["activated"] = 1; $userdat["activationcode"] = ""; // Sent via e-mail $userdat["pending"] = 0; // Admin approval required? $userdat["registeredtime"] = time(); $userdat["lastip"] = $yakbb->ip; $userdat["template"] = $yakbb->config["default_template"]; $userdat["language"] = $yakbb->config["default_language"]; $userdat["timezone"] = $yakbb->config["default_timezone"]; // Set the data that is optional. intval() is used to force integer value upon certain ones $userdat["emailshow"] = isset($userdat["emailshow"]) ? intval($userdat["emailshow"]) : 0; $userdat["emailoptin"] = isset($userdat["emailoptin"]) ? intval($userdat["emailoptin"]) : 0; $userdat["displayname"] = isset($userdat["displayname"]) ? $userdat["displayname"] : $userdat["username"]; // Validate inputted data if (!function_exists("valid_username")) { loadLibrary("validation.lib"); } $errors = array(); $res = valid_username($userdat["username"]); if ($res !== true) { $errors[] = $res; } $res = valid_displayname($userdat["displayname"]); if ($res !== true) { $errors[] = $res; } $res = valid_password($userdat["password"]); if ($res !== true) { $errors[] = $res; } $res = valid_email($userdat["email"]); if ($res !== true) { $errors[] = $res; } if (count($errors) == 0) { $yakbb->db->insert("users", $userdat); return true; } else { return $errors; } }
public function save() { $data = $this->params['data']; $password = $data['PasswordRecover']['password']; $password2 = $data['PasswordRecover']['password2']; if (!valid_password($password) or !valid_password($password2)) { $this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'false_password'))); exit; } if ($password != $password2) { $this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'pass1_not_equals_pass2'))); exit; } $mail = $this->Session->read('mail'); if (empty($mail) or !filter_var($mail, FILTER_VALIDATE_EMAIL)) { die(L('FALSE_USER_MAIL')); } //поиск ключа по базе $find_user = $this->User->find('first', array('conditions' => array('mail' => $mail))); if (count($find_user) == 0) { $this->redirect(array('controller' => 'recovery', 'action' => 'failed')); exit; } else { //форма смены пароля $user_id = $find_user['User']['id']; $md_password = get_hash(Configure::read('USER_AUTH_SALT'), $password); $data_to_save = array('password' => $md_password); $this->User->id = $user_id; $this->User->save($data_to_save); $this->redirect(array('controller' => 'recovery', 'action' => 'success')); exit; } }
ForgetPassword(); break; case "mailpasswd": if ($uname != "" and $code != "") { if (strlen($code) >= $minpass) { mail_password($uname, $code); } else { message_error("<i class=\"fa fa-exclamation\"></i> " . translate("You did not enter the correct password, please go back and try again.") . "<br /><br />", ""); } } else { main($user); } break; case "validpasswd": if ($code != "") { valid_password($code); } else { main($user); } break; case "updatepasswd": if ($code != "" and $passwd != "") { update_password($code, $passwd); } else { main($user); } break; case "userinfo": if ($member_list == 1 and (!isset($user) and !isset($admin))) { Header("Location: index.php"); }
private function loadUser() { $this->user = array("id" => 0, "username" => "Guest", "group" => -1, "template" => $this->config["default_template"], "language" => $this->config["default_language"]); $this->smarty->assign("guest", true); $this->smarty->assign("admin_access", false); if (getYakCookie("username") != "" && getYakCookie("password") != "") { // Check login $user = secure(getYakCookie("username")); $pass = getYakCookie("password"); loadLibrary("validation.lib"); if (valid_username($user) === true && valid_password($pass) === true) { $this->db->query("\r\n\t\t\t\t\tSELECT\r\n\t\t\t\t\t\t*\r\n\t\t\t\t\tFROM\r\n\t\t\t\t\t\tyakbb_users\r\n\t\t\t\t\tWHERE\r\n\t\t\t\t\t\tusername = '******'\r\n\t\t\t\t\tLIMIT\r\n\t\t\t\t\t\t1\r\n\t\t\t\t"); if ($this->db->numRows() == 1) { $x = $this->db->fetch(); if ($x["password"] === $pass) { $this->user = $x; $this->smarty->assign("guest", false); } } } } }
private function validate() { loadLibrary("validation.lib"); $user = secure($_POST["username"]); $pass = $_POST["password"]; $reg = valid_username($user); if ($reg !== true) { $this->errors[] = $reg; } $reg = valid_password($pass); if ($reg !== true) { $this->errors[] = $reg; } if (count($this->errors) == 0) { // Check actual login data now global $yakbb; $yakbb->db->query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tpassword\r\n\t\t\t\tFROM\r\n\t\t\t\t\tyakbb_users\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tusername = '******'\r\n\t\t\t\tLIMIT\r\n\t\t\t\t\t1\r\n\t\t\t"); $x = $yakbb->db->fetch(); if ($yakbb->db->numRows() == 0) { $this->errors[] = "user_doesnt_exist"; } else { if (sha256($pass) !== $x["password"]) { $this->errors[] = "password_incorrect"; } else { // Login setYakCookie("username", $user, time() + 60 * 60 * 24 * 180); setYakCookie("password", sha256($pass), time() + 60 * 60 * 24 * 180); redirect("?"); } } } }