/** * Logs in a user. Returns boolean indicating the result. * * @param string $userName Username of the person logging in. * @param string $password Password in plain text of the person logging in. **/ function LoginUser($userName, $password) { if ($stmt = $this->dbConnect->prepare("SELECT password FROM usersinfo WHERE username=?")) { $stmt->bind_param("s", $userName); $stmt->execute(); $stmt->bind_result($hashedPassword); $stmt->fetch(); $stmt->close(); $pwdHasher = new PasswordHash(8, FALSE); $hashString = $pwdHasher->HashPassword($password); // Tests to determine if hashing is the issue with the login problem. /* $hashString = $pwdHasher->HashPassword($password); echo "The password entered is " . $password . "<br />"; echo "The hashed string is " . $hashString . "<br />"; echo "The hashed password to compare against is " . $hashedPassword; */ //if($pwdHasher->CheckPassword($password, $hashedPassword)) if ($pwdHasher->CheckPassword($hashString, $hashedPassword)) { } echo $userName; $_SESSION['username'] = $userName; return true; } return false; }
function checkPassword($password) { switch ($this->userData['passwordFormat']) { case 'phpass': if (!isset($this->userData['passwordHash'])) { throw new Exception('User object was not generated with password hash information.'); } else { require 'PasswordHash.php'; $h = new PasswordHash(8, FALSE); return $h->CheckPassword($password, $this->userData['passwordHash']); } break; case 'vbmd5': if (!isset($this->userData['passwordHash'], $this->userData['passwordSalt'])) { throw new Exception('User object was not generated with password hash information.'); } else { if ($this->userData['passwordHash'] === md5($password . $this->userData['passwordSalt'])) { return true; } else { return false; } } break; case 'raw': if ($this->userData['passwordHash'] === md5($password . $this->userData['passwordSalt'])) { return true; } else { return false; } break; default: throw new Exception('Invalid password format.'); break; } }
/** * Log the user in * * @param string * @param string * @return bool */ function login($username, $password) { if (is_null($user = $this->ci->user_dal->get_user_by_username($username))) { $this->increase_login_attempt($username); $this->error = array('msg' => "Login incorrect"); return FALSE; } $hasher = new PasswordHash(8, FALSE); if (!$hasher->CheckPassword($password, $user->password)) { $this->increase_login_attempt($username); $this->error = array('msg' => "Login incorrect"); return FALSE; } if ($user->banned == 1) { $this->error = array('msg' => $user->ban_reason); return FALSE; } if ($user->activated == 0) { $this->error = array('msg' => "User Account is not active"); return FALSE; } $data = array('user_id' => $user->id, 'username' => $user->username, 'status' => $user->activated == 1 ? 1 : 0, 'threads_shown' => $user->threads_shown, 'hide_enemy_posts' => $user->hide_enemy_posts, 'comments_shown' => $user->comments_shown, 'view_html' => $user->view_html, 'new_post_notification' => $user->new_post_notification, 'random_titles' => $user->random_titles, 'emoticon' => $user->emoticon, 'hide_ads' => $user->hide_ads, 'chat_fixed_size' => $user->chat_fixed_size); $this->ci->session->set_userdata($data); $this->ci->user_id = (int) $user->id; $this->create_autologin($user->id); $this->ci->user_dal->insert_ip_address($user->id, $this->ci->input->ip_address()); $this->clear_login_attempts($username); $ip = $this->ci->config->item('login_record_ip', 'auth'); $time = $this->ci->config->item('login_record_time', 'auth'); $this->ci->user_dal->update_login_info($user->id, $ip, $time); return TRUE; }
public function login($user, $password) { $userslug = makeSlug($user); $tablename = $this->prefix . "users"; // for once we don't use getUser(), because we need the password. $user = $this->db->fetchAssoc("SELECT * FROM {$tablename} WHERE username='******'"); if (empty($user)) { $this->session->setFlash('error', 'Username or password not correct. Please check your input.'); return false; } require_once __DIR__ . "/phpass/PasswordHash.php"; $hasher = new PasswordHash(8, TRUE); if ($hasher->CheckPassword($password, $user['password'])) { if (!$user['enabled']) { $this->session->setFlash('error', 'Your account is disabled. Sorry about that.'); return false; } $update = array('lastseen' => date('Y-m-d H:i:s'), 'lastip' => $_SERVER['REMOTE_ADDR']); $this->db->update($tablename, $update, array('id' => $user['id'])); $user = $this->getUser($user['id']); $this->session->start(); $this->session->set('user', $user); $this->session->setFlash('success', "You've been logged on successfully."); return true; } else { $this->session->setFlash('error', 'Username or password not correct. Please check your input.'); return false; } }
function correct_credentials($username, $password) { $rightPassword = false; try { // Pull in the password hash from the DB for this user $db = new PDO("sqlite:database/noiseFactionDatabase.db"); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $statement = $db->prepare("select passwordHash from Account where username = ?;"); $result = $statement->execute(array($username)); if ($result != 1) { throw new pdoDbException("Something's gone wrong with the prepared statement"); } else { $userTuple = $statement->fetch(PDO::FETCH_ASSOC); // If $userTuple is null, there is no account under that name if ($userTuple !== null) { $passwordHash = $userTuple["passwordHash"]; $hasher = new PasswordHash(8, FALSE); // This comes from PasswordHash.php $rightPassword = $hasher->CheckPassword($attempt, $passwordHash); } else { // What should we do here? $rightPassword = false; } } $db = null; } catch (PDOException $e) { echo 'Exception: ' . $e->getMessage(); } return $rightPassword; }
private function _authenticate($queryWhereCondition, $loginStr, $password) { // query user in Joomla table $result = $this->_db->querySelect('user_login,user_email,user_pass', $this->_websoccer->getConfig('wordpresslogin_tableprefix') . 'users', 'user_status = 0 AND ' . $queryWhereCondition, $loginStr); $wpUser = $result->fetch_array(); $result->free(); // user does not exist if (!$wpUser) { return FALSE; } // check password. require BASE_FOLDER . '/classes/phpass/PasswordHash.php'; $hasher = new PasswordHash(8, TRUE); if (!$hasher->CheckPassword($password, $wpUser['user_pass'])) { return FALSE; } // valid user, check if he exists $userEmail = strtolower($wpUser['user_email']); $userId = UsersDataService::getUserIdByEmail($this->_websoccer, $this->_db, $userEmail); if ($userId > 0) { return $userId; } // create new user return UsersDataService::createLocalUser($this->_websoccer, $this->_db, $wpUser['user_login'], $userEmail); }
function txp_validate($user, $password, $log = TRUE) { $safe_user = doSlash($user); $name = FALSE; $hash = safe_field('pass', 'txp_users', "name = '{$safe_user}'"); $phpass = new PasswordHash(PASSWORD_COMPLEXITY, PASSWORD_PORTABILITY); // check post-4.3-style passwords if ($phpass->CheckPassword($password, $hash)) { if ($log) { $name = safe_field("name", "txp_users", "name = '{$safe_user}' and privs > 0"); } else { $name = $user; } } else { // no good password: check 4.3-style passwords $passwords = array(); $passwords[] = "password(lower('" . doSlash($password) . "'))"; $passwords[] = "password('" . doSlash($password) . "')"; if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) { $passwords[] = "old_password(lower('" . doSlash($password) . "'))"; $passwords[] = "old_password('" . doSlash($password) . "')"; } $name = safe_field("name", "txp_users", "name = '{$safe_user}' and (pass = "******") and privs > 0"); // old password is good: migrate password to phpass if ($name !== FALSE) { safe_update("txp_users", "pass = '******'", "name = '{$safe_user}'"); } } if ($name !== FALSE && $log) { // update the last access time safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'"); } return $name; }
function phpass_check($user, $auth) { $CI =& get_instance(); $CI->load->library('PasswordHash'); $hasher = new PasswordHash(HASH_COST_LOG2, HASH_PORTABLE); return $hasher->CheckPassword($auth['password'], $user['password']); }
/** * Validates a username and password * * This method should return true or false depending on if login * succeeded. * * @param string $username * @param string $password * * @return bool */ protected function validateUserPass($username, $password) { $linkItem = \OCP\Share::getShareByToken($username, false); \OC_User::setIncognitoMode(true); $this->share = $linkItem; if (!$linkItem) { return false; } // check if the share is password protected if (isset($linkItem['share_with'])) { if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { // Check Password $forcePortable = CRYPT_BLOWFISH != 1; $hasher = new \PasswordHash(8, $forcePortable); if (!$hasher->CheckPassword($password . $this->config->getSystemValue('passwordsalt', ''), $linkItem['share_with'])) { return false; } else { return true; } } else { return false; } } else { return true; } }
/** * Given the plain password to check and a hash, returns true if there is * a match. * * @param string $passwordToCheck * @param string $hashedPassword * @return boolean */ public static function compareHashedStrings($passwordToCheck, $hashedPassword) { // Get an instance of the pass hasher $hasher = new PasswordHash(self::HASH_COST, self::HASH_PORTABILITY); // Compare passwords return $hasher->CheckPassword($passwordToCheck, $hashedPassword); }
public function authenticate() { $passwordHasher = new PasswordHash(Yii::app()->params['phpass']['iteration_count_log2'], Yii::app()->params['phpass']['portable_hashes']); if (null === $this->_user) { $this->errorCode = self::ERROR_NOT_FOUND; } else { if (User::DISABLED === $this->_user->status) { $this->errorCode = self::ERROR_DISABLED; } else { if (null === $this->_user->password_hash) { $this->errorCode = self::ERROR_PASSWORD_NOT_SET; } else { if ($passwordHasher->CheckPassword($this->_user->password_hash, $this->_password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { $this->errorCode = self::ERROR_NONE; } } } } if (self::ERROR_NONE !== $this->errorCode) { return $this->errorCode; } $this->setState('isAdmin', $this->_user->is_admin); return self::ERROR_NONE; }
function check_login($user_id, $password) { session_destroy(); session_start(); $wp_host = "127.0.0.1"; $wp_port = "3306"; $wp_user = "******"; $wp_pass = "******"; $wp_db = "jol"; $wp_conn = mysql_connect($wp_host . ":" . $wp_port, $wp_user, $wp_pass); //$password=HashPassword($password); $ret = false; $wp_pre = "wp_"; $sql = "select * from " . $wp_pre . "users where user_login='******'"; if ($wp_conn) { mysql_select_db($wp_db, $wp_conn); $result = mysql_query($sql, $wp_conn); $row = mysql_fetch_array($result); if ($row) { $wp_hasher = new PasswordHash(8, TRUE); if ($wp_hasher->CheckPassword($password, $row['user_pass'])) { $ret = $user_id; $sql = "insert into users(user_id,ip,nick,school) values('" . mysql_real_escape_string($user_id) . "','','','') on DUPLICATE KEY UPDATE nick='" . mysql_real_escape_string($user_id) . "'"; mysql_query($sql); } } } return $ret; }
function login($login, $password) { if (strlen($login) > 0 and strlen($password) > 0) { $get_user_func = 'get_user_by_username'; //使用用户名查询验证 if (!is_null($user = $this->ci->admins->{$get_user_func}($login))) { // 密码是否在数据库加密 $hasher = new PasswordHash($this->ci->config->item('phpass_hash_strength', 'fx_auth'), $this->ci->config->item('phpass_hash_portable', 'fx_auth')); //检查加密密码 if ($hasher->CheckPassword($password, $user->password)) { // 密码正确 if ($user->banned == 1) { // 用户是否被锁定 $this->error = array('banned' => $user->ban_reason); //锁定原因 } else { //设置session $this->ci->session->set_userdata(array('user_id' => $user->id, 'user_name' => $user->username, 'status' => $user->activated == 1 ? STATUS_ACTIVATED : STATUS_NOT_ACTIVATED)); if ($user->activated == 0) { // 失败 未活动 $this->error = array('not_activated' => ''); } else { return true; } } } else { // 错误密码 $this->error = array('password' => 'auth_incorrect_password'); } } } return FALSE; }
public function checkCredentials($email, $pw) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return false; } if (strlen($pw) > 20) { return false; } /* * Using phpass open-source pw hashing class here. * It provides its own salt in the has itself, * and has a function to check if the hash matches. * We could also store a hash and a salt in the DB */ $hasher = new PasswordHash(8, false); if (!$this->_db) { $this->_db = DB::getInstance(); } //get the stored password $query = 'SELECT password_hash,id,first_name,is_admin FROM users WHERE email = ? LIMIT 1'; $stmt = $this->_db->prepare($query); $stmt->execute(array($email)); $row = $stmt->fetch(); if ($row['password_hash']) { if ($hasher->CheckPassword($pw, $row['password_hash'])) { return array('id' => $row['id'], 'fname' => strip_tags($row['first_name']), 'is_admin' => $row['is_admin']); } return false; } return false; }
function checkpwd($password, $user_login) { include "includes/PasswordHash.php"; $hasher = new PasswordHash(8, false); $stored_hash = "*"; $db = new ezSQL_mysqli(db_user, db_password, db_name, db_host); if ($db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';") == "yes") { //if encryption is ON $stored_hash = $db->get_var("SELECT user_password from site_users WHERE user_login = '******' OR user_email = '{$user_login}' LIMIT 1;"); $check = $hasher->CheckPassword($password, $stored_hash); if ($check) { $return_value = TRUE; } else { $return_value = FALSE; } //if encryption is OFF } else { $num = $db->get_var("select count(user_id) from site_users WHERE (user_login = '******' OR user_email = '{$user_login}') AND user_password = BINARY '{$password}' AND user_pending = 0 limit 1;"); if ($num == 1) { $return_value = TRUE; } else { $return_value = FALSE; } } return $return_value; }
function api_user_login() { global $loginErrorMessage; $user = null; $pwd = null; if (isset($_POST['login'])) { $user = $_POST['login']; } if (isset($_POST['password'])) { $pwd = $_POST['password']; } // Check in database... // Get the main database $dbh_ident = get_local_auth_database(); $stmt = $dbh_ident->prepare("SELECT * FROM pasteque_users WHERE can_login AND user_id = :user_id"); $stmt->bindParam(':user_id', $user, \PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetchAll(); if (count($result) != 1) { // Bouh, invalid user $loginErrorMessage = \i18n("Unavailable user"); return false; } $userDbData = $result[0]; require_once 'PasswordHash.php'; $hasher = new \PasswordHash(8, TRUE); if ($hasher->CheckPassword($pwd, $userDbData['password'])) { session_start(); $_SESSION["user"] = $userDbData['user_id']; return true; } else { $loginErrorMessage = \i18n("Invalid user or password"); return false; } }
function onAuthenticate($credentials, $options = null) { // Check Login //------------------------------------------------------------------------------ $data = ext_find_user($credentials['username'], null); // Username not existing if ($data === NULL) { return false; } require_once _EXT_PATH . '/libraries/PasswordHash.php'; $hasher = new PasswordHash(8, FALSE); $result = $hasher->CheckPassword($credentials['password'], $data[1]); if (!$result) { $data = ext_find_user($credentials['username'], $credentials['password']); if ($data == NULL) { return false; } } // Set Login $_SESSION['credentials_extplorer']['username'] = $data[0]; $_SESSION['credentials_extplorer']['password'] = $data[1]; $_SESSION['file_mode'] = 'extplorer'; $GLOBALS["home_dir"] = str_replace('\\', '/', $data[2]); $GLOBALS["home_url"] = $data[3]; $GLOBALS["show_hidden"] = $data[4]; $GLOBALS["no_access"] = $data[5]; $GLOBALS["permissions"] = $data[6]; return true; }
function login($email, $password) { global $db; if (isset($_COOKIE['session'])) { return 3; } $db->Prepare('SELECT * FROM `users` WHERE email=\'$0\''); $db->Execute($email); if ($db->RowCount() <= 0) { return 1; } $row = $db->Fetch(); $hasher = new PasswordHash(8, false); if (!$hasher->CheckPassword($password, $row['password'])) { return 2; } if ($row['activated'] == 0) { return 4; } $secure = $hasher->HashPassword($email . ':' . uniqid() . ':' . $password); $db->Prepare('SELECT id FROM `sessions` WHERE user_id=\'$0\''); $db->Execute($row['id']); if ($db->RowCount() <= 0) { $db->Prepare('INSERT INTO `sessions` (ip, session, user_id) VALUES (\'$0\', \'$1\', \'$2\')'); $db->Execute($_SERVER['REMOTE_ADDR'], $secure, $row['id']); } else { $sess_row = $db->Fetch(); $db->Prepare('UPDATE `sessions` SET ip=\'$0\', session=\'$1\', user_id=\'$2\' WHERE id=$3'); $db->Execute($_SERVER['REMOTE_ADDR'], $secure, $row['id'], $sess_row['id']); } setcookie('session', $secure); return 0; }
function newFund($username, $password, $xml_url, $user_email, $fundName, $numMembers, $stateLaw, $fundAddressCareOf, $fundAddressLevel, $fundAddressStreet, $fundAddressSuburb, $fundAddressState, $fundAddressPostcode, $teeMtgAddressLevel, $teeMtgAddressStreet, $teeMtgAddressSuburb, $teeMtgAddressState, $teeMtgAddressPostcode, $m1MemberNamePrefix, $m1MemberGivenNames, $m1MemberFamilyName, $m1MemberDOB, $m1MemberTFN, $m1AddressLevel, $m1AddressStreet, $m1AddressSuburb, $m1AddressState, $m1AddressPostcode, $m2MemberNamePrefix, $m2MemberGivenNames, $m2MemberFamilyName, $m2MemberDOB, $m2MemberTFN, $m2AddressLevel, $m2AddressStreet, $m2AddressSuburb, $m2AddressState, $m2AddressPostcode, $m3MemberNamePrefix, $m3MemberGivenNames, $m3MemberFamilyName, $m3MemberDOB, $m3MemberTFN, $m3AddressLevel, $m3AddressStreet, $m3AddressSuburb, $m3AddressState, $m3AddressPostcode, $m4MemberNamePrefix, $m4MemberGivenNames, $m4MemberFamilyName, $m4MemberDOB, $m4MemberTFN, $m4AddressLevel, $m4AddressStreet, $m4AddressSuburb, $m4AddressState, $m4AddressPostcode, $t2NonMemberNamePrefix, $t2NonMemberGivenNames, $t2NonMemberFamilyName, $t2NonMemberAddressLevel, $t2NonMemberAddressStreet, $t2NonMemberAddressSuburb, $t2NonMemberAddressState, $t2NonMemberAddressPostcode, $corpTeeName, $corpTeeACN, $corpTeeAddressCareOf, $corpTeeAddressLevel, $corpTeeAddressStreet, $corpTeeAddressSuburb, $corpTeeAddressState, $corpTeeAddressPostcode, $d2NonMemberNamePrefix, $d2NonMemberGivenNames, $d2NonMemberFamilyName, $d2NonMemberAddressLevel, $d2NonMemberAddressStreet, $d2NonMemberAddressSuburb, $d2NonMemberAddressState, $d2NonMemberAddressPostcode, $chairmanTrustee) { $ch = curl_init(); $timeout = 3600; curl_setopt($ch, CURLOPT_URL, $xml_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET'); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); $data = curl_exec($ch); // $response = curl_getinfo($ch); curl_close($ch); $xml = simplexml_load_string($data); if (!simplexml_load_string($data) && !$xml) { global $wpdb; $wp_hasher = new PasswordHash(8, TRUE); $sql = "SELECT * FROM wp_users WHERE user_login = '******' "; $resultuser = $wpdb->get_results($sql); if ($resultuser) { foreach ($resultuser as $results) { if ($wp_hasher->CheckPassword($password, $results->user_pass)) { $unique = trim(com_create_guid(), '{}'); $result = $wpdb->insert('service_nsf', array('unique_code' => $unique, 'user_email' => $user_email, 'fundName' => $fundName, 'numMembers' => $numMembers, 'stateLaw' => $stateLaw, 'fundAddressCareOf' => $fundAddressCareOf, 'fundAddressLevel' => $fundAddressLevel, 'fundAddressStreet' => $fundAddressStreet, 'fundAddressSuburb' => $fundAddressSuburb, 'fundAddressState' => $fundAddressState, 'fundAddressPostcode' => $fundAddressPostcode, 'teeMtgAddressLevel' => $teeMtgAddressLevel, 'teeMtgAddressStreet' => $teeMtgAddressStreet, 'teeMtgAddressSuburb' => $teeMtgAddressSuburb, 'teeMtgAddressState' => $teeMtgAddressState, 'teeMtgAddressPostcode' => $teeMtgAddressPostcode, 'm1MemberNamePrefix' => $m1MemberNamePrefix, 'm1MemberGivenNames' => $m1MemberGivenNames, 'm1MemberFamilyName' => $m1MemberFamilyName, 'm1MemberDOB' => $m1MemberDOB, 'm1MemberTFN' => $m1MemberTFN, 'm1AddressLevel' => $m1AddressLevel, 'm1AddressStreet' => $m1AddressStreet, 'm1AddressSuburb' => $m1AddressSuburb, 'm1AddressState' => $m1AddressState, 'm1AddressPostcode' => $m1AddressPostcode, 'm2MemberNamePrefix' => $m2MemberNamePrefix, 'm2MemberGivenNames' => $m2MemberGivenNames, 'm2MemberFamilyName' => $m2MemberFamilyName, 'm2MemberDOB' => $m2MemberDOB, 'm2MemberTFN' => $m2MemberTFN, 'm2AddressLevel' => $m2AddressLevel, 'm2AddressStreet' => $m2AddressStreet, 'm2AddressSuburb' => $m2AddressSuburb, 'm2AddressState' => $m2AddressState, 'm2AddressPostcode' => $m2AddressPostcode, 'm3MemberNamePrefix' => $m3MemberNamePrefix, 'm3MemberGivenNames' => $m3MemberGivenNames, 'm3MemberFamilyName' => $m3MemberFamilyName, 'm3MemberDOB' => $m3MemberDOB, 'm3MemberTFN' => $m3MemberTFN, 'm3AddressLevel' => $m3AddressLevel, 'm3AddressStreet' => $m3AddressStreet, 'm3AddressSuburb' => $m3AddressSuburb, 'm3AddressState' => $m3AddressState, 'm3AddressPostcode' => $m3AddressPostcode, 'm4MemberNamePrefix' => $m4MemberNamePrefix, 'm4MemberGivenNames' => $m4MemberGivenNames, 'm4MemberFamilyName' => $m4MemberFamilyName, 'm4MemberDOB' => $m4MemberDOB, 'm4MemberTFN' => $m4MemberTFN, 'm4AddressLevel' => $m4AddressLevel, 'm4AddressStreet' => $m4AddressStreet, 'm4AddressSuburb' => $m4AddressSuburb, 'm4AddressState' => $m4AddressState, 'm4AddressPostcode' => $m4AddressPostcode, 't2NonMemberNamePrefix' => $t2NonMemberNamePrefix, 't2NonMemberGivenNames' => $t2NonMemberGivenNames, 't2NonMemberFamilyName' => $t2NonMemberFamilyName, 't2NonMemberAddressLevel' => $t2NonMemberAddressLevel, 't2NonMemberAddressStreet' => $t2NonMemberAddressStreet, 't2NonMemberAddressSuburb' => $t2NonMemberAddressSuburb, 't2NonMemberAddressState' => $t2NonMemberAddressState, 't2NonMemberAddressPostcode' => $t2NonMemberAddressPostcode, 'corpTeeName' => $corpTeeName, 'corpTeeACN' => $corpTeeACN, 'corpTeeAddressCareOf' => $corpTeeAddressCareOf, 'corpTeeAddressLevel' => $corpTeeAddressLevel, 'corpTeeAddressStreet' => $corpTeeAddressStreet, 'corpTeeAddressSuburb' => $corpTeeAddressSuburb, 'corpTeeAddressState' => $corpTeeAddressState, 'corpTeeAddressPostcode' => $corpTeeAddressPostcode, 'd2NonMemberNamePrefix' => $d2NonMemberNamePrefix, 'd2NonMemberGivenNames' => $d2NonMemberGivenNames, 'd2NonMemberFamilyName' => $d2NonMemberFamilyName, 'd2NonMemberAddressLevel' => $d2NonMemberAddressLevel, 'd2NonMemberAddressStreet' => $d2NonMemberAddressStreet, 'd2NonMemberAddressSuburb' => $d2NonMemberAddressSuburb, 'd2NonMemberAddressState' => $d2NonMemberAddressState, 'd2NonMemberAddressPostcode' => $d2NonMemberAddressPostcode, 'chairmanTrustee' => $chairmanTrustee), array('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')); return array('unique_code' => $unique); } else { return array('username' => 'Invalid username or password1'); } } } else { return array('username' => 'Invalid username or password2' . $result); } } else { return @nsf_parser($username, $password, $xml_url); } }
public function authenticate() { error_log("authenticating", 0); $is_authenticated = 0; $associatedUserId = -1; if (isset($_POST["mac"])) { error_log("mac address auth:" . $_POST["mac"], 0); $mac = $_POST["mac"]; $this->load->model("usermodel"); $associatedUserId = $this->usermodel->getUserIdFromMACAddress($mac); } if ($associatedUserId > 0) { $is_authenticated = 1; } else { if (isset($_POST['u']) && isset($_POST['p'])) { $password = $_POST['p']; $this->db->where('user_login', $_POST['u']); $query = $this->db->get('wpmember_users'); $results = $query->result(); if (count($results) > 0) { $hash = $results[0]->user_pass; require_once MEMBERINCLUDEPATH . '/wp-includes/class-phpass.php'; $wp_hasher = new PasswordHash(8, TRUE); $check = $wp_hasher->CheckPassword($password, $hash); $is_authenticated = $check; error_log("authentication" . $check, 0); } } } echo $is_authenticated; }
function loginUser($username, $password) { $pwdHasher = new PasswordHash(8, FALSE); $query = $this->db_conn->prepare('SELECT * FROM users WHERE username = ?'); $values = array($username); $query->execute($values); $obj = $query->fetch(PDO::FETCH_OBJ); if ($pwdHasher->CheckPassword($password, $obj->password)) { $this->user_id = $obj->user_id; setcookie('treasure_logged', 1, time() + 360000); //COOKIE variables initialisation setcookie('treasure_username', $obj->username, time() + 360000); setcookie('treasure_name', $obj->full_name, time() + 360000); setcookie('treasure_user_id', $this->user_id, time() + 360000); setcookie('treasure_user_role', $obj->role, time() + 360000); $_SESSION['treasure_logged'] = 1; $_SESSION['treasure_username'] = $obj->username; $_SESSION['treasure_name'] = $obj->full_name; $_SESSION['treasure_user_id'] = $this->user_id; $_SESSION['treasure_user_role'] = $obj->role; return 1; } else { return 0; } }
public static function verify($plain, $hash) { $result = false; if (strlen($plain) > 0 && strlen($hash) > 0) { switch (static::getType($hash)) { case 'phpass': if (!class_exists('PasswordHash', false)) { include OSCOM::getConfig('dir_root', 'Shop') . 'includes/third_party/PasswordHash.php'; } $hasher = new \PasswordHash(10, true); $result = $hasher->CheckPassword($plain, $hash); break; case 'salt': // split apart the hash / salt $stack = explode(':', $hash, 2); if (count($stack) === 2) { $result = md5($stack[1] . $plain) == $stack[0]; } else { $result = false; } break; default: $result = password_verify($plain, $hash); break; } } return $result; }
/** * Perform authentication against the given password * * @param integer $userId The user ID we're trying to authenticate as. This may not be needed, but can be used to "upgrade" auth schemes. * @param string $password Password (plain text) * * @return bool True if the authentication is successful */ public function authenticate($userId, $password) { if (!is_string($password) || $password === '' || empty($this->_data)) { return false; } require_once 'class-phpass.php'; return PasswordHash::CheckPassword($password, $this->_data['hash']); }
function cmp($passwd, $hash, $work_factor = 0) { if ($work_factor < 4 || $work_factor > 31) { $work_factor = DEFAULT_WORK_FACTOR; } $hasher = new PasswordHash($work_factor, FALSE); return $hasher && $hasher->CheckPassword($passwd, $hash); }
function validate_password($str, $hash) { $pp = new PasswordHash(8, FALSE); $proses = $pp->CheckPassword($str, $hash); if ($proses == TRUE) { return true; } else { return false; } }
public function checkPassword($password, $hash) { if (strlen($hash) <= 32) { $check = hash_equals($hash, md5($password)); } else { $wp_hasher = new PasswordHash(8, true); $check = $wp_hasher->CheckPassword($password, $hash); } return $check; }
/** * Try and authenticate for our password compatibility scheme. * * @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed) * @param ?MEMBER The member id (NULL: use member name) * @param MD5 The md5-hashed password * @param string The raw password * @param boolean Whether this is a cookie login * @param array Row of OCF account * @return ?tempcode Error message (NULL: none) */ function auth($username, $userid, $password_hashed, $password_raw, $cookie_login, $row) { if (class_exists('PasswordHash')) { $wp_hasher = new PasswordHash(8, true); if (!$wp_hasher->CheckPassword($password_raw, $row['m_pass_hash_salted'])) { return do_lang_tempcode('USER_BAD_PASSWORD'); } } return NULL; }
function ValidateLogin() { global $connection, $config, $page; require "core/libs/phpass.php"; //escape user input $username = $connection->real_escape_string($_POST["username"]); $password = $connection->real_escape_string($_POST["password"]); $hasher = new PasswordHash($config->hash_cost_log2, $config->hash_portable); //try to get a teacher $request = "SELECT * FROM teachers_users WHERE user = '******'"; $result = $connection->query($request); $line = $result->fetch_assoc(); if (isset($line["password"]) and $line["active"] == 1) { if ($hasher->CheckPassword($password, $line["password"])) { //set session $_SESSION["notes-user"] = $username; } else { $status = "error"; } } else { //now try to get a backend user $request = "SELECT * FROM backend_users WHERE user = '******'"; $result = $connection->query($request); $line = $result->fetch_assoc(); include_once "core/module-loader.php"; //Inlcude functions to check permissions if authenticated in backend mode if (isset($line["password"]) and $line["active"] == 1 and checkPermissionModules("notes-engine")) { if ($line["failed_access"] <= 10) { if ($hasher->CheckPassword($password, $line["password"])) { //set session $_SESSION["user"] = $username; $_SESSION["rights"] = $line["rights"]; $request = "UPDATE backend_users SET failed_access=0 WHERE user = '******'"; $connection->query($request); } else { $status = "error"; $errnum = $line["failed_access"] + 1; $request = "UPDATE backend_users SET failed_access={$errnum} WHERE user = '******'"; $connection->query($request); } } else { $status = "locked"; } } else { $status = "error"; } } if (isset($status)) { if ($status == "error") { echo "<div class='alert alert-warning alert-dismissible' role='alert'>\n <button type='button' class='close' data-dismiss='alert'><span aria-hidden='true'>×</span><span class='sr-only'>Chiudi</span></button>\n <strong>Attenzione! Impossiblie accedere:</strong> nome utente e password non corretti oppure non si dispone dei privilegi necessari (per utenti backend)\n </div>"; } elseif ($status == "locked") { echo "<div class='alert alert-danger' role='alert'>\n <strong>Errore!</strong> L'account è stato bloccato a causa di un alto numero di login falliti\n </div>"; } } }
/** * Insert the changes on a user into the database * @author Clemens John <*****@*****.**> * @param $user_id * @param $changepassword * @param $permission * @param $oldpassword * @param $newpassword * @param $newpasswordchk * @param $openid * @param $vorname * @param $nachname * @param $strasse * @param $plz * @param $ort * @param $telefon * @param $email * @param $jabber * @param $icq * @param $website * @param $about * @param $notification_method * @return boolean if the user was edited successfull */ public function userInsertEdit($user_id, $changepassword, $permission, $oldpassword, $newpassword, $newpasswordchk, $openid, $vorname, $nachname, $strasse, $plz, $ort, $telefon, $email, $jabber, $icq, $website, $about, $notification_method) { $user_data = User_old::getUserByID($user_id); $message = array(); //check weatcher the given data is valid $phpass = new PasswordHash(8, false); if ($changepassword and !$phpass->CheckPassword($oldpassword, $user_data['password'])) { $message[] = array("Dein altes Passwort ist nicht richtig.", 2); } elseif ($changepassword and empty($newpassword)) { $message[] = array("Du musst ein neues Passwort angeben.", 2); } elseif ($changepassword and $newpassword != $newpasswordchk) { $message[] = array("Deine beiden neuen Passwörter stimmen nicht überein.", 2); } elseif (empty($email)) { $message[] = array("Du musst eine Emailadresse angeben.", 2); } elseif (!User_old::isUniqueEmail($email, $user_id)) { $message[] = array("Es existiert bereits ein Benutzer mit der ausgewhälten Emailadresse <i>{$email}</i>.", 2); } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $message[] = array("Die ausgewählte Emailadresse " . $email . " ist keine gültige Emailadresse.", 2); } elseif (!empty($jabber) and !filter_var($jabber, FILTER_VALIDATE_EMAIL)) { $message[] = array("Die ausgewählte Jabberadresse " . $jabber . " ist keine gültige Jabberadresse.", 2); } elseif (!empty($openid) and !User_old::isUniqueOpenID($openid, $user_id)) { $message[] = array("Die ausgewählte OpenID <i>" . $openid . "</i> ist bereits mit einem Benutzer verknüpft.", 2); } //if the user data is not valid, return false if (count($message) > 0) { Message::setMessage($message); return false; } //if user wants to set a new password, encrypt new password if ($changepassword) { $newpassword = $phpass->HashPassword($newpassword); if (strlen($newpassword) < 20) { $message[] = array("Beim Hashen des neuen Passworts trat ein Fehler auf.", 2); Message::setMessage($message); return false; } } else { $newpassword = $user_data['password']; } if (!$permission) { $newpermission = $user_data['permission']; } else { $newpermission = 0; foreach ($permission as $dual) { $newpermission += $dual; } } //if all checks are okay, update the data into the database $stmt = DB::getInstance()->prepare("UPDATE users SET \n\t\t\t\t\t\t\t permission = ?, password = ?, openid = ?, vorname = ?, nachname = ?,\n\t\t\t\t\t\t\t strasse = ?, plz = ?, ort = ?, telefon = ?, email = ?, jabber = ?,\n\t\t\t\t\t\t\t icq = ?, website = ?, about = ?, notification_method = ?\n\t\t\t\t\t\t WHERE id = ?"); $stmt->execute(array($newpermission, $newpassword, $openid, $vorname, $nachname, $strasse, $plz, $ort, $telefon, $email, $jabber, $icq, $website, $about, $notification_method, $user_id)); $message[] = array("Die Daten von {$user_data['nickname']} wurden geändert", 1); message::setMessage($message); return true; }
public function verify($password, $hash) { $password = (string) $password; $hash = (string) $hash; // Don't allow empty passwords, on creation use validation for not accepting them. if ($hash == '' || $password == '') { return false; } $hasher = new PasswordHash(8, false); return $hasher->CheckPassword($password, $hash) ? true : false; }