/** * Hash user's password using salt. * @param string $password Unhashed password. * @return string Hashed password */ private function _hashPassword($password) { $register = new ASRegister(); return $register->hashPassword($password); }
$output .= PHP_EOL; $file = '../ASEngine/ASConfig.php'; $handle = fopen($file, 'w'); fwrite($handle, $output); fclose($handle); // set this flag to bypass some checks and to be able to complete the installation $installation = true; include "../ASEngine/AS.php"; $db->exec("ALTER DATABASE `" . $db_name . "` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci"); $query = "CREATE TABLE IF NOT EXISTS `as_users` (\n `user_id` int(11) NOT NULL auto_increment,\n `email` varchar(40) NOT NULL,\n `username` varchar(250) NOT NULL,\n `password` varchar(250) NOT NULL,\n `confirmation_key` varchar(40) NOT NULL,\n `confirmed` enum('Y','N') NOT NULL default 'N',\n `password_reset_key` varchar(250) NOT NULL default '',\n `password_reset_confirmed` enum('Y','N') NOT NULL default 'N',\n `password_reset_timestamp` datetime NOT NULL default '0000-00-00 00:00:00',\n `register_date` date NOT NULL,\n `user_role` int(4) NOT NULL default 1,\n `last_login` datetime NOT NULL default '0000-00-00 00:00:00',\n `banned` enum('Y','N') NOT NULL default 'N',\n PRIMARY KEY (`user_id`),\n UNIQUE KEY `username` (`username`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;\n\nCREATE TABLE IF NOT EXISTS `as_social_logins` (\n `id` int(11) NOT NULL AUTO_INCREMENT,\n `user_id` int(11) NOT NULL,\n `provider` varchar(50) DEFAULT 'email',\n `provider_id` varchar(250) DEFAULT NULL,\n `created_at` datetime NOT NULL default '0000-00-00 00:00:00',\n PRIMARY KEY (`id`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;\n\nCREATE TABLE IF NOT EXISTS `as_login_attempts` (\n `id_login_attempts` int(11) NOT NULL AUTO_INCREMENT,\n `ip_addr` varchar(20) NOT NULL,\n `attempt_number` int(11) NOT NULL DEFAULT '1',\n `date` date NOT NULL,\n PRIMARY KEY (`id_login_attempts`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;\n\nCREATE TABLE IF NOT EXISTS `as_comments` (\n `comment_id` int(11) NOT NULL AUTO_INCREMENT,\n `posted_by` int(11) NOT NULL,\n `posted_by_name` varchar(30) NOT NULL,\n `comment` text NOT NULL,\n `post_time` datetime NOT NULL,\n PRIMARY KEY (`comment_id`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;\n\nCREATE TABLE IF NOT EXISTS `as_user_details` (\n `id_user_details` int(11) NOT NULL AUTO_INCREMENT,\n `user_id` int(11) NOT NULL,\n `first_name` varchar(35) NOT NULL DEFAULT '',\n `last_name` varchar(35) NOT NULL DEFAULT '',\n `phone` varchar(30) NOT NULL DEFAULT '',\n `address` varchar(30) NOT NULL DEFAULT '',\n\n PRIMARY KEY (`id_user_details`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;\n\nCREATE TABLE IF NOT EXISTS `as_user_roles` (\n `role_id` int(11) NOT NULL AUTO_INCREMENT,\n `role` varchar(20) NOT NULL,\n PRIMARY KEY (`role_id`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;\n\nINSERT INTO `as_user_roles` (`role_id`, `role`) VALUES\n(1, 'user'),\n(2, 'editor'),\n(3, 'admin');\n\nINSERT INTO `as_users` (`user_id`, `email`, `username`, `password`, `confirmation_key`, \n `confirmed`, `password_reset_key`, `password_reset_confirmed`, \n `user_role`, `register_date`) \nVALUES (1,'{$admin_email}', 'admin','','', 'Y', '', 'N', 3, '" . date("Y-m-d") . "');"; $db->exec($query); //function for creating salt function randomString($length = 10) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./'; $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, strlen($characters) - 1)]; } return $randomString; } //update admin password to admin123 $ASRegister = new ASRegister(); //hash password with sha512 without salt because it will be transfered from //client side hashed with sha512 $adminPass = hash("sha512", "admin123"); //hash password using salt $adminPass = $ASRegister->hashPassword($adminPass); $db->update("as_users", array("password" => $adminPass), "`username` = 'admin'"); //Advanced Security installed successfully! echo "success";