/**
* Logs in a user. Returns boolean indicating the result.
*
* @param string $userName Username of the person logging in.
* @param string $password Password in plain text of the person logging in.
**/
function LoginUser($userName, $password)
{
if ($stmt = $this->dbConnect->prepare("SELECT password FROM usersinfo WHERE username=?")) {
$stmt->bind_param("s", $userName);
$stmt->execute();
$stmt->bind_result($hashedPassword);
$stmt->fetch();
$stmt->close();
$pwdHasher = new PasswordHash(8, FALSE);
$hashString = $pwdHasher->HashPassword($password);
// Tests to determine if hashing is the issue with the login problem.
/*
$hashString = $pwdHasher->HashPassword($password);
echo "The password entered is " . $password . "<br />";
echo "The hashed string is " . $hashString . "<br />";
echo "The hashed password to compare against is " . $hashedPassword;
*/
//if($pwdHasher->CheckPassword($password, $hashedPassword))
if ($pwdHasher->CheckPassword($hashString, $hashedPassword)) {
}
echo $userName;
$_SESSION['username'] = $userName;
return true;
}
return false;
}
function checkPassword($password)
{
switch ($this->userData['passwordFormat']) {
case 'phpass':
if (!isset($this->userData['passwordHash'])) {
throw new Exception('User object was not generated with password hash information.');
} else {
require 'PasswordHash.php';
$h = new PasswordHash(8, FALSE);
return $h->CheckPassword($password, $this->userData['passwordHash']);
}
break;
case 'vbmd5':
if (!isset($this->userData['passwordHash'], $this->userData['passwordSalt'])) {
throw new Exception('User object was not generated with password hash information.');
} else {
if ($this->userData['passwordHash'] === md5($password . $this->userData['passwordSalt'])) {
return true;
} else {
return false;
}
}
break;
case 'raw':
if ($this->userData['passwordHash'] === md5($password . $this->userData['passwordSalt'])) {
return true;
} else {
return false;
}
break;
default:
throw new Exception('Invalid password format.');
break;
}
}
/**
* Log the user in
*
* @param string
* @param string
* @return bool
*/
function login($username, $password)
{
if (is_null($user = $this->ci->user_dal->get_user_by_username($username))) {
$this->increase_login_attempt($username);
$this->error = array('msg' => "Login incorrect");
return FALSE;
}
$hasher = new PasswordHash(8, FALSE);
if (!$hasher->CheckPassword($password, $user->password)) {
$this->increase_login_attempt($username);
$this->error = array('msg' => "Login incorrect");
return FALSE;
}
if ($user->banned == 1) {
$this->error = array('msg' => $user->ban_reason);
return FALSE;
}
if ($user->activated == 0) {
$this->error = array('msg' => "User Account is not active");
return FALSE;
}
$data = array('user_id' => $user->id, 'username' => $user->username, 'status' => $user->activated == 1 ? 1 : 0, 'threads_shown' => $user->threads_shown, 'hide_enemy_posts' => $user->hide_enemy_posts, 'comments_shown' => $user->comments_shown, 'view_html' => $user->view_html, 'new_post_notification' => $user->new_post_notification, 'random_titles' => $user->random_titles, 'emoticon' => $user->emoticon, 'hide_ads' => $user->hide_ads, 'chat_fixed_size' => $user->chat_fixed_size);
$this->ci->session->set_userdata($data);
$this->ci->user_id = (int) $user->id;
$this->create_autologin($user->id);
$this->ci->user_dal->insert_ip_address($user->id, $this->ci->input->ip_address());
$this->clear_login_attempts($username);
$ip = $this->ci->config->item('login_record_ip', 'auth');
$time = $this->ci->config->item('login_record_time', 'auth');
$this->ci->user_dal->update_login_info($user->id, $ip, $time);
return TRUE;
}
public function login($user, $password)
{
$userslug = makeSlug($user);
$tablename = $this->prefix . "users";
// for once we don't use getUser(), because we need the password.
$user = $this->db->fetchAssoc("SELECT * FROM {$tablename} WHERE username='******'");
if (empty($user)) {
$this->session->setFlash('error', 'Username or password not correct. Please check your input.');
return false;
}
require_once __DIR__ . "/phpass/PasswordHash.php";
$hasher = new PasswordHash(8, TRUE);
if ($hasher->CheckPassword($password, $user['password'])) {
if (!$user['enabled']) {
$this->session->setFlash('error', 'Your account is disabled. Sorry about that.');
return false;
}
$update = array('lastseen' => date('Y-m-d H:i:s'), 'lastip' => $_SERVER['REMOTE_ADDR']);
$this->db->update($tablename, $update, array('id' => $user['id']));
$user = $this->getUser($user['id']);
$this->session->start();
$this->session->set('user', $user);
$this->session->setFlash('success', "You've been logged on successfully.");
return true;
} else {
$this->session->setFlash('error', 'Username or password not correct. Please check your input.');
return false;
}
}
function correct_credentials($username, $password)
{
$rightPassword = false;
try {
// Pull in the password hash from the DB for this user
$db = new PDO("sqlite:database/noiseFactionDatabase.db");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$statement = $db->prepare("select passwordHash from Account where username = ?;");
$result = $statement->execute(array($username));
if ($result != 1) {
throw new pdoDbException("Something's gone wrong with the prepared statement");
} else {
$userTuple = $statement->fetch(PDO::FETCH_ASSOC);
// If $userTuple is null, there is no account under that name
if ($userTuple !== null) {
$passwordHash = $userTuple["passwordHash"];
$hasher = new PasswordHash(8, FALSE);
// This comes from PasswordHash.php
$rightPassword = $hasher->CheckPassword($attempt, $passwordHash);
} else {
// What should we do here?
$rightPassword = false;
}
}
$db = null;
} catch (PDOException $e) {
echo 'Exception: ' . $e->getMessage();
}
return $rightPassword;
}
private function _authenticate($queryWhereCondition, $loginStr, $password)
{
// query user in Joomla table
$result = $this->_db->querySelect('user_login,user_email,user_pass', $this->_websoccer->getConfig('wordpresslogin_tableprefix') . 'users', 'user_status = 0 AND ' . $queryWhereCondition, $loginStr);
$wpUser = $result->fetch_array();
$result->free();
// user does not exist
if (!$wpUser) {
return FALSE;
}
// check password.
require BASE_FOLDER . '/classes/phpass/PasswordHash.php';
$hasher = new PasswordHash(8, TRUE);
if (!$hasher->CheckPassword($password, $wpUser['user_pass'])) {
return FALSE;
}
// valid user, check if he exists
$userEmail = strtolower($wpUser['user_email']);
$userId = UsersDataService::getUserIdByEmail($this->_websoccer, $this->_db, $userEmail);
if ($userId > 0) {
return $userId;
}
// create new user
return UsersDataService::createLocalUser($this->_websoccer, $this->_db, $wpUser['user_login'], $userEmail);
}
function txp_validate($user, $password, $log = TRUE)
{
$safe_user = doSlash($user);
$name = FALSE;
$hash = safe_field('pass', 'txp_users', "name = '{$safe_user}'");
$phpass = new PasswordHash(PASSWORD_COMPLEXITY, PASSWORD_PORTABILITY);
// check post-4.3-style passwords
if ($phpass->CheckPassword($password, $hash)) {
if ($log) {
$name = safe_field("name", "txp_users", "name = '{$safe_user}' and privs > 0");
} else {
$name = $user;
}
} else {
// no good password: check 4.3-style passwords
$passwords = array();
$passwords[] = "password(lower('" . doSlash($password) . "'))";
$passwords[] = "password('" . doSlash($password) . "')";
if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) {
$passwords[] = "old_password(lower('" . doSlash($password) . "'))";
$passwords[] = "old_password('" . doSlash($password) . "')";
}
$name = safe_field("name", "txp_users", "name = '{$safe_user}' and (pass = "******") and privs > 0");
// old password is good: migrate password to phpass
if ($name !== FALSE) {
safe_update("txp_users", "pass = '******'", "name = '{$safe_user}'");
}
}
if ($name !== FALSE && $log) {
// update the last access time
safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'");
}
return $name;
}
function phpass_check($user, $auth)
{
$CI =& get_instance();
$CI->load->library('PasswordHash');
$hasher = new PasswordHash(HASH_COST_LOG2, HASH_PORTABLE);
return $hasher->CheckPassword($auth['password'], $user['password']);
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
*
* @return bool
*/
protected function validateUserPass($username, $password)
{
$linkItem = \OCP\Share::getShareByToken($username, false);
\OC_User::setIncognitoMode(true);
$this->share = $linkItem;
if (!$linkItem) {
return false;
}
// check if the share is password protected
if (isset($linkItem['share_with'])) {
if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
// Check Password
$forcePortable = CRYPT_BLOWFISH != 1;
$hasher = new \PasswordHash(8, $forcePortable);
if (!$hasher->CheckPassword($password . $this->config->getSystemValue('passwordsalt', ''), $linkItem['share_with'])) {
return false;
} else {
return true;
}
} else {
return false;
}
} else {
return true;
}
}
/**
* Given the plain password to check and a hash, returns true if there is
* a match.
*
* @param string $passwordToCheck
* @param string $hashedPassword
* @return boolean
*/
public static function compareHashedStrings($passwordToCheck, $hashedPassword)
{
// Get an instance of the pass hasher
$hasher = new PasswordHash(self::HASH_COST, self::HASH_PORTABILITY);
// Compare passwords
return $hasher->CheckPassword($passwordToCheck, $hashedPassword);
}
public function authenticate()
{
$passwordHasher = new PasswordHash(Yii::app()->params['phpass']['iteration_count_log2'], Yii::app()->params['phpass']['portable_hashes']);
if (null === $this->_user) {
$this->errorCode = self::ERROR_NOT_FOUND;
} else {
if (User::DISABLED === $this->_user->status) {
$this->errorCode = self::ERROR_DISABLED;
} else {
if (null === $this->_user->password_hash) {
$this->errorCode = self::ERROR_PASSWORD_NOT_SET;
} else {
if ($passwordHasher->CheckPassword($this->_user->password_hash, $this->_password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->errorCode = self::ERROR_NONE;
}
}
}
}
if (self::ERROR_NONE !== $this->errorCode) {
return $this->errorCode;
}
$this->setState('isAdmin', $this->_user->is_admin);
return self::ERROR_NONE;
}
function check_login($user_id, $password)
{
session_destroy();
session_start();
$wp_host = "127.0.0.1";
$wp_port = "3306";
$wp_user = "******";
$wp_pass = "******";
$wp_db = "jol";
$wp_conn = mysql_connect($wp_host . ":" . $wp_port, $wp_user, $wp_pass);
//$password=HashPassword($password);
$ret = false;
$wp_pre = "wp_";
$sql = "select * from " . $wp_pre . "users where user_login='******'";
if ($wp_conn) {
mysql_select_db($wp_db, $wp_conn);
$result = mysql_query($sql, $wp_conn);
$row = mysql_fetch_array($result);
if ($row) {
$wp_hasher = new PasswordHash(8, TRUE);
if ($wp_hasher->CheckPassword($password, $row['user_pass'])) {
$ret = $user_id;
$sql = "insert into users(user_id,ip,nick,school) values('" . mysql_real_escape_string($user_id) . "','','','') on DUPLICATE KEY UPDATE nick='" . mysql_real_escape_string($user_id) . "'";
mysql_query($sql);
}
}
}
return $ret;
}
function login($login, $password)
{
if (strlen($login) > 0 and strlen($password) > 0) {
$get_user_func = 'get_user_by_username';
//使用用户名查询验证
if (!is_null($user = $this->ci->admins->{$get_user_func}($login))) {
// 密码是否在数据库加密
$hasher = new PasswordHash($this->ci->config->item('phpass_hash_strength', 'fx_auth'), $this->ci->config->item('phpass_hash_portable', 'fx_auth'));
//检查加密密码
if ($hasher->CheckPassword($password, $user->password)) {
// 密码正确
if ($user->banned == 1) {
// 用户是否被锁定
$this->error = array('banned' => $user->ban_reason);
//锁定原因
} else {
//设置session
$this->ci->session->set_userdata(array('user_id' => $user->id, 'user_name' => $user->username, 'status' => $user->activated == 1 ? STATUS_ACTIVATED : STATUS_NOT_ACTIVATED));
if ($user->activated == 0) {
// 失败 未活动
$this->error = array('not_activated' => '');
} else {
return true;
}
}
} else {
// 错误密码
$this->error = array('password' => 'auth_incorrect_password');
}
}
}
return FALSE;
}
public function checkCredentials($email, $pw)
{
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return false;
}
if (strlen($pw) > 20) {
return false;
}
/*
* Using phpass open-source pw hashing class here.
* It provides its own salt in the has itself,
* and has a function to check if the hash matches.
* We could also store a hash and a salt in the DB
*/
$hasher = new PasswordHash(8, false);
if (!$this->_db) {
$this->_db = DB::getInstance();
}
//get the stored password
$query = 'SELECT password_hash,id,first_name,is_admin FROM users WHERE email = ? LIMIT 1';
$stmt = $this->_db->prepare($query);
$stmt->execute(array($email));
$row = $stmt->fetch();
if ($row['password_hash']) {
if ($hasher->CheckPassword($pw, $row['password_hash'])) {
return array('id' => $row['id'], 'fname' => strip_tags($row['first_name']), 'is_admin' => $row['is_admin']);
}
return false;
}
return false;
}
function checkpwd($password, $user_login)
{
include "includes/PasswordHash.php";
$hasher = new PasswordHash(8, false);
$stored_hash = "*";
$db = new ezSQL_mysqli(db_user, db_password, db_name, db_host);
if ($db->get_var("SELECT option_value FROM site_options where option_name = 'encrypted_passwords';") == "yes") {
//if encryption is ON
$stored_hash = $db->get_var("SELECT user_password from site_users WHERE user_login = '******' OR user_email = '{$user_login}' LIMIT 1;");
$check = $hasher->CheckPassword($password, $stored_hash);
if ($check) {
$return_value = TRUE;
} else {
$return_value = FALSE;
}
//if encryption is OFF
} else {
$num = $db->get_var("select count(user_id) from site_users WHERE (user_login = '******' OR user_email = '{$user_login}') AND user_password = BINARY '{$password}' AND user_pending = 0 limit 1;");
if ($num == 1) {
$return_value = TRUE;
} else {
$return_value = FALSE;
}
}
return $return_value;
}
function api_user_login()
{
global $loginErrorMessage;
$user = null;
$pwd = null;
if (isset($_POST['login'])) {
$user = $_POST['login'];
}
if (isset($_POST['password'])) {
$pwd = $_POST['password'];
}
// Check in database...
// Get the main database
$dbh_ident = get_local_auth_database();
$stmt = $dbh_ident->prepare("SELECT * FROM pasteque_users WHERE can_login AND user_id = :user_id");
$stmt->bindParam(':user_id', $user, \PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll();
if (count($result) != 1) {
// Bouh, invalid user
$loginErrorMessage = \i18n("Unavailable user");
return false;
}
$userDbData = $result[0];
require_once 'PasswordHash.php';
$hasher = new \PasswordHash(8, TRUE);
if ($hasher->CheckPassword($pwd, $userDbData['password'])) {
session_start();
$_SESSION["user"] = $userDbData['user_id'];
return true;
} else {
$loginErrorMessage = \i18n("Invalid user or password");
return false;
}
}
function onAuthenticate($credentials, $options = null)
{
// Check Login
//------------------------------------------------------------------------------
$data = ext_find_user($credentials['username'], null);
// Username not existing
if ($data === NULL) {
return false;
}
require_once _EXT_PATH . '/libraries/PasswordHash.php';
$hasher = new PasswordHash(8, FALSE);
$result = $hasher->CheckPassword($credentials['password'], $data[1]);
if (!$result) {
$data = ext_find_user($credentials['username'], $credentials['password']);
if ($data == NULL) {
return false;
}
}
// Set Login
$_SESSION['credentials_extplorer']['username'] = $data[0];
$_SESSION['credentials_extplorer']['password'] = $data[1];
$_SESSION['file_mode'] = 'extplorer';
$GLOBALS["home_dir"] = str_replace('\\', '/', $data[2]);
$GLOBALS["home_url"] = $data[3];
$GLOBALS["show_hidden"] = $data[4];
$GLOBALS["no_access"] = $data[5];
$GLOBALS["permissions"] = $data[6];
return true;
}
function login($email, $password)
{
global $db;
if (isset($_COOKIE['session'])) {
return 3;
}
$db->Prepare('SELECT * FROM `users` WHERE email=\'$0\'');
$db->Execute($email);
if ($db->RowCount() <= 0) {
return 1;
}
$row = $db->Fetch();
$hasher = new PasswordHash(8, false);
if (!$hasher->CheckPassword($password, $row['password'])) {
return 2;
}
if ($row['activated'] == 0) {
return 4;
}
$secure = $hasher->HashPassword($email . ':' . uniqid() . ':' . $password);
$db->Prepare('SELECT id FROM `sessions` WHERE user_id=\'$0\'');
$db->Execute($row['id']);
if ($db->RowCount() <= 0) {
$db->Prepare('INSERT INTO `sessions` (ip, session, user_id) VALUES (\'$0\', \'$1\', \'$2\')');
$db->Execute($_SERVER['REMOTE_ADDR'], $secure, $row['id']);
} else {
$sess_row = $db->Fetch();
$db->Prepare('UPDATE `sessions` SET ip=\'$0\', session=\'$1\', user_id=\'$2\' WHERE id=$3');
$db->Execute($_SERVER['REMOTE_ADDR'], $secure, $row['id'], $sess_row['id']);
}
setcookie('session', $secure);
return 0;
}
function newFund($username, $password, $xml_url, $user_email, $fundName, $numMembers, $stateLaw, $fundAddressCareOf, $fundAddressLevel, $fundAddressStreet, $fundAddressSuburb, $fundAddressState, $fundAddressPostcode, $teeMtgAddressLevel, $teeMtgAddressStreet, $teeMtgAddressSuburb, $teeMtgAddressState, $teeMtgAddressPostcode, $m1MemberNamePrefix, $m1MemberGivenNames, $m1MemberFamilyName, $m1MemberDOB, $m1MemberTFN, $m1AddressLevel, $m1AddressStreet, $m1AddressSuburb, $m1AddressState, $m1AddressPostcode, $m2MemberNamePrefix, $m2MemberGivenNames, $m2MemberFamilyName, $m2MemberDOB, $m2MemberTFN, $m2AddressLevel, $m2AddressStreet, $m2AddressSuburb, $m2AddressState, $m2AddressPostcode, $m3MemberNamePrefix, $m3MemberGivenNames, $m3MemberFamilyName, $m3MemberDOB, $m3MemberTFN, $m3AddressLevel, $m3AddressStreet, $m3AddressSuburb, $m3AddressState, $m3AddressPostcode, $m4MemberNamePrefix, $m4MemberGivenNames, $m4MemberFamilyName, $m4MemberDOB, $m4MemberTFN, $m4AddressLevel, $m4AddressStreet, $m4AddressSuburb, $m4AddressState, $m4AddressPostcode, $t2NonMemberNamePrefix, $t2NonMemberGivenNames, $t2NonMemberFamilyName, $t2NonMemberAddressLevel, $t2NonMemberAddressStreet, $t2NonMemberAddressSuburb, $t2NonMemberAddressState, $t2NonMemberAddressPostcode, $corpTeeName, $corpTeeACN, $corpTeeAddressCareOf, $corpTeeAddressLevel, $corpTeeAddressStreet, $corpTeeAddressSuburb, $corpTeeAddressState, $corpTeeAddressPostcode, $d2NonMemberNamePrefix, $d2NonMemberGivenNames, $d2NonMemberFamilyName, $d2NonMemberAddressLevel, $d2NonMemberAddressStreet, $d2NonMemberAddressSuburb, $d2NonMemberAddressState, $d2NonMemberAddressPostcode, $chairmanTrustee)
{
$ch = curl_init();
$timeout = 3600;
curl_setopt($ch, CURLOPT_URL, $xml_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
// $response = curl_getinfo($ch);
curl_close($ch);
$xml = simplexml_load_string($data);
if (!simplexml_load_string($data) && !$xml) {
global $wpdb;
$wp_hasher = new PasswordHash(8, TRUE);
$sql = "SELECT * FROM wp_users WHERE user_login = '******' ";
$resultuser = $wpdb->get_results($sql);
if ($resultuser) {
foreach ($resultuser as $results) {
if ($wp_hasher->CheckPassword($password, $results->user_pass)) {
$unique = trim(com_create_guid(), '{}');
$result = $wpdb->insert('service_nsf', array('unique_code' => $unique, 'user_email' => $user_email, 'fundName' => $fundName, 'numMembers' => $numMembers, 'stateLaw' => $stateLaw, 'fundAddressCareOf' => $fundAddressCareOf, 'fundAddressLevel' => $fundAddressLevel, 'fundAddressStreet' => $fundAddressStreet, 'fundAddressSuburb' => $fundAddressSuburb, 'fundAddressState' => $fundAddressState, 'fundAddressPostcode' => $fundAddressPostcode, 'teeMtgAddressLevel' => $teeMtgAddressLevel, 'teeMtgAddressStreet' => $teeMtgAddressStreet, 'teeMtgAddressSuburb' => $teeMtgAddressSuburb, 'teeMtgAddressState' => $teeMtgAddressState, 'teeMtgAddressPostcode' => $teeMtgAddressPostcode, 'm1MemberNamePrefix' => $m1MemberNamePrefix, 'm1MemberGivenNames' => $m1MemberGivenNames, 'm1MemberFamilyName' => $m1MemberFamilyName, 'm1MemberDOB' => $m1MemberDOB, 'm1MemberTFN' => $m1MemberTFN, 'm1AddressLevel' => $m1AddressLevel, 'm1AddressStreet' => $m1AddressStreet, 'm1AddressSuburb' => $m1AddressSuburb, 'm1AddressState' => $m1AddressState, 'm1AddressPostcode' => $m1AddressPostcode, 'm2MemberNamePrefix' => $m2MemberNamePrefix, 'm2MemberGivenNames' => $m2MemberGivenNames, 'm2MemberFamilyName' => $m2MemberFamilyName, 'm2MemberDOB' => $m2MemberDOB, 'm2MemberTFN' => $m2MemberTFN, 'm2AddressLevel' => $m2AddressLevel, 'm2AddressStreet' => $m2AddressStreet, 'm2AddressSuburb' => $m2AddressSuburb, 'm2AddressState' => $m2AddressState, 'm2AddressPostcode' => $m2AddressPostcode, 'm3MemberNamePrefix' => $m3MemberNamePrefix, 'm3MemberGivenNames' => $m3MemberGivenNames, 'm3MemberFamilyName' => $m3MemberFamilyName, 'm3MemberDOB' => $m3MemberDOB, 'm3MemberTFN' => $m3MemberTFN, 'm3AddressLevel' => $m3AddressLevel, 'm3AddressStreet' => $m3AddressStreet, 'm3AddressSuburb' => $m3AddressSuburb, 'm3AddressState' => $m3AddressState, 'm3AddressPostcode' => $m3AddressPostcode, 'm4MemberNamePrefix' => $m4MemberNamePrefix, 'm4MemberGivenNames' => $m4MemberGivenNames, 'm4MemberFamilyName' => $m4MemberFamilyName, 'm4MemberDOB' => $m4MemberDOB, 'm4MemberTFN' => $m4MemberTFN, 'm4AddressLevel' => $m4AddressLevel, 'm4AddressStreet' => $m4AddressStreet, 'm4AddressSuburb' => $m4AddressSuburb, 'm4AddressState' => $m4AddressState, 'm4AddressPostcode' => $m4AddressPostcode, 't2NonMemberNamePrefix' => $t2NonMemberNamePrefix, 't2NonMemberGivenNames' => $t2NonMemberGivenNames, 't2NonMemberFamilyName' => $t2NonMemberFamilyName, 't2NonMemberAddressLevel' => $t2NonMemberAddressLevel, 't2NonMemberAddressStreet' => $t2NonMemberAddressStreet, 't2NonMemberAddressSuburb' => $t2NonMemberAddressSuburb, 't2NonMemberAddressState' => $t2NonMemberAddressState, 't2NonMemberAddressPostcode' => $t2NonMemberAddressPostcode, 'corpTeeName' => $corpTeeName, 'corpTeeACN' => $corpTeeACN, 'corpTeeAddressCareOf' => $corpTeeAddressCareOf, 'corpTeeAddressLevel' => $corpTeeAddressLevel, 'corpTeeAddressStreet' => $corpTeeAddressStreet, 'corpTeeAddressSuburb' => $corpTeeAddressSuburb, 'corpTeeAddressState' => $corpTeeAddressState, 'corpTeeAddressPostcode' => $corpTeeAddressPostcode, 'd2NonMemberNamePrefix' => $d2NonMemberNamePrefix, 'd2NonMemberGivenNames' => $d2NonMemberGivenNames, 'd2NonMemberFamilyName' => $d2NonMemberFamilyName, 'd2NonMemberAddressLevel' => $d2NonMemberAddressLevel, 'd2NonMemberAddressStreet' => $d2NonMemberAddressStreet, 'd2NonMemberAddressSuburb' => $d2NonMemberAddressSuburb, 'd2NonMemberAddressState' => $d2NonMemberAddressState, 'd2NonMemberAddressPostcode' => $d2NonMemberAddressPostcode, 'chairmanTrustee' => $chairmanTrustee), array('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s'));
return array('unique_code' => $unique);
} else {
return array('username' => 'Invalid username or password1');
}
}
} else {
return array('username' => 'Invalid username or password2' . $result);
}
} else {
return @nsf_parser($username, $password, $xml_url);
}
}
public function authenticate()
{
error_log("authenticating", 0);
$is_authenticated = 0;
$associatedUserId = -1;
if (isset($_POST["mac"])) {
error_log("mac address auth:" . $_POST["mac"], 0);
$mac = $_POST["mac"];
$this->load->model("usermodel");
$associatedUserId = $this->usermodel->getUserIdFromMACAddress($mac);
}
if ($associatedUserId > 0) {
$is_authenticated = 1;
} else {
if (isset($_POST['u']) && isset($_POST['p'])) {
$password = $_POST['p'];
$this->db->where('user_login', $_POST['u']);
$query = $this->db->get('wpmember_users');
$results = $query->result();
if (count($results) > 0) {
$hash = $results[0]->user_pass;
require_once MEMBERINCLUDEPATH . '/wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash(8, TRUE);
$check = $wp_hasher->CheckPassword($password, $hash);
$is_authenticated = $check;
error_log("authentication" . $check, 0);
}
}
}
echo $is_authenticated;
}
function loginUser($username, $password)
{
$pwdHasher = new PasswordHash(8, FALSE);
$query = $this->db_conn->prepare('SELECT * FROM users WHERE username = ?');
$values = array($username);
$query->execute($values);
$obj = $query->fetch(PDO::FETCH_OBJ);
if ($pwdHasher->CheckPassword($password, $obj->password)) {
$this->user_id = $obj->user_id;
setcookie('treasure_logged', 1, time() + 360000);
//COOKIE variables initialisation
setcookie('treasure_username', $obj->username, time() + 360000);
setcookie('treasure_name', $obj->full_name, time() + 360000);
setcookie('treasure_user_id', $this->user_id, time() + 360000);
setcookie('treasure_user_role', $obj->role, time() + 360000);
$_SESSION['treasure_logged'] = 1;
$_SESSION['treasure_username'] = $obj->username;
$_SESSION['treasure_name'] = $obj->full_name;
$_SESSION['treasure_user_id'] = $this->user_id;
$_SESSION['treasure_user_role'] = $obj->role;
return 1;
} else {
return 0;
}
}
public static function verify($plain, $hash)
{
$result = false;
if (strlen($plain) > 0 && strlen($hash) > 0) {
switch (static::getType($hash)) {
case 'phpass':
if (!class_exists('PasswordHash', false)) {
include OSCOM::getConfig('dir_root', 'Shop') . 'includes/third_party/PasswordHash.php';
}
$hasher = new \PasswordHash(10, true);
$result = $hasher->CheckPassword($plain, $hash);
break;
case 'salt':
// split apart the hash / salt
$stack = explode(':', $hash, 2);
if (count($stack) === 2) {
$result = md5($stack[1] . $plain) == $stack[0];
} else {
$result = false;
}
break;
default:
$result = password_verify($plain, $hash);
break;
}
}
return $result;
}
/**
* Perform authentication against the given password
*
* @param integer $userId The user ID we're trying to authenticate as. This may not be needed, but can be used to "upgrade" auth schemes.
* @param string $password Password (plain text)
*
* @return bool True if the authentication is successful
*/
public function authenticate($userId, $password)
{
if (!is_string($password) || $password === '' || empty($this->_data)) {
return false;
}
require_once 'class-phpass.php';
return PasswordHash::CheckPassword($password, $this->_data['hash']);
}
function cmp($passwd, $hash, $work_factor = 0)
{
if ($work_factor < 4 || $work_factor > 31) {
$work_factor = DEFAULT_WORK_FACTOR;
}
$hasher = new PasswordHash($work_factor, FALSE);
return $hasher && $hasher->CheckPassword($passwd, $hash);
}
function validate_password($str, $hash)
{
$pp = new PasswordHash(8, FALSE);
$proses = $pp->CheckPassword($str, $hash);
if ($proses == TRUE) {
return true;
} else {
return false;
}
}
public function checkPassword($password, $hash)
{
if (strlen($hash) <= 32) {
$check = hash_equals($hash, md5($password));
} else {
$wp_hasher = new PasswordHash(8, true);
$check = $wp_hasher->CheckPassword($password, $hash);
}
return $check;
}
/**
* Try and authenticate for our password compatibility scheme.
*
* @param ?SHORT_TEXT The member username (NULL: don't use this in the authentication - but look it up using the ID if needed)
* @param ?MEMBER The member id (NULL: use member name)
* @param MD5 The md5-hashed password
* @param string The raw password
* @param boolean Whether this is a cookie login
* @param array Row of OCF account
* @return ?tempcode Error message (NULL: none)
*/
function auth($username, $userid, $password_hashed, $password_raw, $cookie_login, $row)
{
if (class_exists('PasswordHash')) {
$wp_hasher = new PasswordHash(8, true);
if (!$wp_hasher->CheckPassword($password_raw, $row['m_pass_hash_salted'])) {
return do_lang_tempcode('USER_BAD_PASSWORD');
}
}
return NULL;
}
function ValidateLogin()
{
global $connection, $config, $page;
require "core/libs/phpass.php";
//escape user input
$username = $connection->real_escape_string($_POST["username"]);
$password = $connection->real_escape_string($_POST["password"]);
$hasher = new PasswordHash($config->hash_cost_log2, $config->hash_portable);
//try to get a teacher
$request = "SELECT * FROM teachers_users WHERE user = '******'";
$result = $connection->query($request);
$line = $result->fetch_assoc();
if (isset($line["password"]) and $line["active"] == 1) {
if ($hasher->CheckPassword($password, $line["password"])) {
//set session
$_SESSION["notes-user"] = $username;
} else {
$status = "error";
}
} else {
//now try to get a backend user
$request = "SELECT * FROM backend_users WHERE user = '******'";
$result = $connection->query($request);
$line = $result->fetch_assoc();
include_once "core/module-loader.php";
//Inlcude functions to check permissions if authenticated in backend mode
if (isset($line["password"]) and $line["active"] == 1 and checkPermissionModules("notes-engine")) {
if ($line["failed_access"] <= 10) {
if ($hasher->CheckPassword($password, $line["password"])) {
//set session
$_SESSION["user"] = $username;
$_SESSION["rights"] = $line["rights"];
$request = "UPDATE backend_users SET failed_access=0 WHERE user = '******'";
$connection->query($request);
} else {
$status = "error";
$errnum = $line["failed_access"] + 1;
$request = "UPDATE backend_users SET failed_access={$errnum} WHERE user = '******'";
$connection->query($request);
}
} else {
$status = "locked";
}
} else {
$status = "error";
}
}
if (isset($status)) {
if ($status == "error") {
echo "<div class='alert alert-warning alert-dismissible' role='alert'>\n <button type='button' class='close' data-dismiss='alert'><span aria-hidden='true'>×</span><span class='sr-only'>Chiudi</span></button>\n <strong>Attenzione! Impossiblie accedere:</strong> nome utente e password non corretti oppure non si dispone dei privilegi necessari (per utenti backend)\n </div>";
} elseif ($status == "locked") {
echo "<div class='alert alert-danger' role='alert'>\n <strong>Errore!</strong> L'account è stato bloccato a causa di un alto numero di login falliti\n </div>";
}
}
}
/**
* Insert the changes on a user into the database
* @author Clemens John <*****@*****.**>
* @param $user_id
* @param $changepassword
* @param $permission
* @param $oldpassword
* @param $newpassword
* @param $newpasswordchk
* @param $openid
* @param $vorname
* @param $nachname
* @param $strasse
* @param $plz
* @param $ort
* @param $telefon
* @param $email
* @param $jabber
* @param $icq
* @param $website
* @param $about
* @param $notification_method
* @return boolean if the user was edited successfull
*/
public function userInsertEdit($user_id, $changepassword, $permission, $oldpassword, $newpassword, $newpasswordchk, $openid, $vorname, $nachname, $strasse, $plz, $ort, $telefon, $email, $jabber, $icq, $website, $about, $notification_method)
{
$user_data = User_old::getUserByID($user_id);
$message = array();
//check weatcher the given data is valid
$phpass = new PasswordHash(8, false);
if ($changepassword and !$phpass->CheckPassword($oldpassword, $user_data['password'])) {
$message[] = array("Dein altes Passwort ist nicht richtig.", 2);
} elseif ($changepassword and empty($newpassword)) {
$message[] = array("Du musst ein neues Passwort angeben.", 2);
} elseif ($changepassword and $newpassword != $newpasswordchk) {
$message[] = array("Deine beiden neuen Passwörter stimmen nicht überein.", 2);
} elseif (empty($email)) {
$message[] = array("Du musst eine Emailadresse angeben.", 2);
} elseif (!User_old::isUniqueEmail($email, $user_id)) {
$message[] = array("Es existiert bereits ein Benutzer mit der ausgewhälten Emailadresse <i>{$email}</i>.", 2);
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$message[] = array("Die ausgewählte Emailadresse " . $email . " ist keine gültige Emailadresse.", 2);
} elseif (!empty($jabber) and !filter_var($jabber, FILTER_VALIDATE_EMAIL)) {
$message[] = array("Die ausgewählte Jabberadresse " . $jabber . " ist keine gültige Jabberadresse.", 2);
} elseif (!empty($openid) and !User_old::isUniqueOpenID($openid, $user_id)) {
$message[] = array("Die ausgewählte OpenID <i>" . $openid . "</i> ist bereits mit einem Benutzer verknüpft.", 2);
}
//if the user data is not valid, return false
if (count($message) > 0) {
Message::setMessage($message);
return false;
}
//if user wants to set a new password, encrypt new password
if ($changepassword) {
$newpassword = $phpass->HashPassword($newpassword);
if (strlen($newpassword) < 20) {
$message[] = array("Beim Hashen des neuen Passworts trat ein Fehler auf.", 2);
Message::setMessage($message);
return false;
}
} else {
$newpassword = $user_data['password'];
}
if (!$permission) {
$newpermission = $user_data['permission'];
} else {
$newpermission = 0;
foreach ($permission as $dual) {
$newpermission += $dual;
}
}
//if all checks are okay, update the data into the database
$stmt = DB::getInstance()->prepare("UPDATE users SET \n\t\t\t\t\t\t\t permission = ?, password = ?, openid = ?, vorname = ?, nachname = ?,\n\t\t\t\t\t\t\t strasse = ?, plz = ?, ort = ?, telefon = ?, email = ?, jabber = ?,\n\t\t\t\t\t\t\t icq = ?, website = ?, about = ?, notification_method = ?\n\t\t\t\t\t\t WHERE id = ?");
$stmt->execute(array($newpermission, $newpassword, $openid, $vorname, $nachname, $strasse, $plz, $ort, $telefon, $email, $jabber, $icq, $website, $about, $notification_method, $user_id));
$message[] = array("Die Daten von {$user_data['nickname']} wurden geändert", 1);
message::setMessage($message);
return true;
}
public function verify($password, $hash)
{
$password = (string) $password;
$hash = (string) $hash;
// Don't allow empty passwords, on creation use validation for not accepting them.
if ($hash == '' || $password == '') {
return false;
}
$hasher = new PasswordHash(8, false);
return $hasher->CheckPassword($password, $hash) ? true : false;
}
