private function validatePassword($pwd, $pwdRepeat)
 {
     if (empty($pwd)) {
         $this->registrationError['noLoginPwd'] = 1;
     }
     if (empty($pwdRepeat)) {
         $this->registrationError['noLoginPwdRepeat'] = 1;
     }
     if (strlen($pwd) < 6) {
         $this->registrationError['pwdTooShort'] = 1;
     }
     if ($this->registrationError['noLoginPwd'] == 0 && $this->registrationError['noLoginPwdRepeat'] == 0) {
         if ($pwd != $pwdRepeat) {
             $this->registrationError['pwdNotPwdRepeat'] = 1;
         }
     }
     if ($this->registrationError['noLoginPwd'] == 0 && $this->registrationError['noLoginPwdRepeat'] == 0 && $this->registrationError['pwdTooShort'] == 0 && $this->registrationError['pwdNotPwdRepeat'] == 0) {
         $this->password = miscellaneous::hasher($pwd);
     }
 }
 private function validatePassword($password)
 {
     if (empty($password)) {
         $this->setAccountError('noLoginPwd');
     } else {
         $db = db::getInstance();
         $stmt = $db->prepare('SELECT
               tblUserAccount_pwd
             FROM
               tblUserAccount
             WHERE
               tblUserAccount_accId = lower(:aid)');
         $stmt->bind_param('aid', $this->accountID);
         $stmt->execute();
         $savedPwd = $stmt->fetch_assoc();
         if ($password != miscellaneous::hasher($password, $savedPwd['tblUserAccount_pwd'])) {
             $this->setAccountError('loginPwdWrong');
         } else {
             return true;
         }
     }
 }
    $smarty->assign('content', 'account_login.tpl');
    if (isset($_POST) && isset($_POST['submit'])) {
        if ($account->loginUser($_POST) == false) {
            $smarty->assign('accountError', $account->getAccountError());
            $smarty->assign('content', 'account_login.tpl');
        } else {
            #die(var_dump($_POST));
            $_SESSION['account']['accountID'] = serialize($account->getAccountID());
            $_SESSION['account']['loginName'] = serialize($account->getLoginName());
            $_SESSION['account']['group'] = serialize($account->getGroup());
            $_SESSION['account']['checksum'] = serialize(\eCMS\Misc\miscellaneous::hasher(unserialize($_SESSION['account']['accountID']) . unserialize($_SESSION['account']['loginName'])));
            if (isset($_POST['stayLoggedIn'])) {
                setcookie('gerki[accountID]', serialize($account->getAccountID()), time() + 60 * 60 * 24 * 30);
                setcookie('gerki[loginName]', serialize($account->getLoginName()), time() + 60 * 60 * 24 * 30);
                setcookie('gerki[group]', serialize($account->getGroup()), time() + 60 * 60 * 24 * 30);
                $checksum = \eCMS\Misc\miscellaneous::hasher(unserialize($_SESSION['account']['accountID']) . unserialize($_SESSION['account']['loginName']));
                setcookie('gerki[checksum]', serialize($checksum), time() + 60 * 60 * 24 * 30);
                \eCMS\Account\Account::saveChecksum($checksum, $account->getAccountID(), $account->getLoginName());
            }
            header("Location: ?module=news");
        }
        $_POST = '';
    }
    $smarty->assign('account', $account);
}
if (isset($_GET['action']) && $_GET['action'] == 'logout') {
    $_SESSION = array();
    unset($_SESSION['account']);
    session_destroy();
    setcookie('gerki[accountID]', '', time() - 1);
    setcookie('gerki[loginName]', '', time() - 1);
Beispiel #4
0
/** Check SESSION and COOKIE for manipulation */
if (isset($_SESSION['account']) || isset($_COOKIE['gerki'])) {
    if (isset($_SESSION['account'])) {
        if (unserialize($_SESSION['account']['checksum']) != \eCMS\Misc\miscellaneous::hasher(unserialize($_SESSION['account']['accountID']) . unserialize($_SESSION['account']['loginName']), unserialize($_SESSION['account']['checksum']))) {
            $_SESSION = array();
            unset($_SESSION['account']);
            session_destroy();
            setcookie('gerki[accountID]', '', time() - 1);
            setcookie('gerki[loginName]', '', time() - 1);
            setcookie('gerki[group]', '', time() - 1);
            setcookie('gerki[checksum]', '', time() - 1);
            $_COOKIE['gerki'] = '';
            unset($_COOKIE['gerki']);
        }
    }
    if (isset($_COOKIE['gerki'])) {
        if (unserialize($_COOKIE['gerki']['checksum']) != \eCMS\Misc\miscellaneous::hasher(unserialize($_COOKIE['gerki']['accountID']) . unserialize($_COOKIE['gerki']['loginName']), unserialize($_COOKIE['gerki']['checksum']))) {
            $_SESSION = array();
            unset($_SESSION['account']);
            session_destroy();
            setcookie('gerki[accountID]', '', time() - 1);
            setcookie('gerki[loginName]', '', time() - 1);
            setcookie('gerki[group]', '', time() - 1);
            setcookie('gerki[checksum]', '', time() - 1);
            $_COOKIE['gerki'] = '';
            unset($_COOKIE['gerki']);
        }
    }
}
$country = array('Abchasien', 'Afghanistan', '&Auml;gypten', 'Albanien', 'Algerien', 'Andorra', 'Angola', 'Antigua und Barbuda', '&Auml;quatorialguinea', 'Argentinien', 'Armenien', 'Aserbaidschan', '&Auml;thiopien', 'Australien', 'Bahamas', 'Bahrain', 'Bangladesch', 'Barbados', 'Belarus', 'Belgien', 'Belize', 'Benin', 'Bergkarabach', 'Bhutan', 'Bolivien', 'Bosnien und Herzegowina', 'Botswana', 'Brasilien', 'Brunei', 'Bulgarien', 'Burkina Faso', 'Burundi', 'Chile', 'Volksrepublik China', 'Cookinseln', 'Costa Rica', 'D&auml;nemark', 'Deutschland', 'Dominica', 'Dominikanische Republik', 'Dschibuti', 'Ecuador', 'El Salvador', 'Elfenbeink&uuml;ste', 'Eritrea', 'Estland', 'Fidschi', 'Finnland', 'Frankreich', 'Gabun', 'Gambia', 'Georgien', 'Ghana', 'Grenada', 'Griechenland', 'Guatemala', 'Guinea', 'Guinea-Bissau', 'Guyana', 'Haiti', 'Honduras', 'Indien', 'Indonesien', 'Irak', 'Iran', 'Irland', 'Island', 'Israel', 'Italien', 'Jamaika', 'Japan', 'Jemen', 'Jordanien', 'Kambodscha', 'Kamerun', 'Kanada', 'Kap Verde', 'Kasachstan', 'Katar', 'Kenia', 'Kirgisistan', 'Kiribati', 'Kolumbien', 'Komoren', 'Kongo, Demokratische Republik', 'Kongo, Republik', 'Niederlande', 'Korea, Nord', 'Korea, S&uuml;d', 'Kosovo', 'Kroatien', 'Kuba', 'Kuwait', 'Laos', 'Lesotho', 'Lettland', 'Libanon', 'Liberia', 'Libyen', 'Liechtenstein', 'Litauen', 'Luxemburg', 'Madagaskar', 'Malawi', 'Malaysia', 'Malediven', 'Mali', 'Malta', 'Marokko', 'Marshallinseln', 'Mauretanien', 'Mauritius', 'Mazedonien', 'Mexiko', 'Mikronesien', 'Moldawien', 'Monaco', 'Mongolei', 'Montenegro', 'Mosambik', 'Myanmar', 'Namibia', 'Nauru', 'Nepal', 'Neuseeland', 'Nicaragua', 'Niger', 'Nigeria', 'Niue', 'Nordzypern', 'Norwegen', 'Oman', '&Ouml;sterreich', 'Osttimor / Timor-Leste', 'Pakistan', 'Pal&auml;stina', 'Palau', 'Panama', 'Papua-Neuguinea', 'Paraguay', 'Peru', 'Philippinen', 'Polen', 'Portugal', 'Ruanda', 'Rum&auml;nien', 'Russland', 'Salomonen', 'Sambia', 'Samoa', 'San Marino', 'S&atilde;o Tom&eacute; und Pr&iacute;ncipe', 'Saudi-Arabien', 'Schweden', 'Schweiz', 'Senegal', 'Serbien', 'Seychellen', 'Sierra Leone', 'Simbabwe', 'Singapur', 'Slowakei', 'Slowenien', 'Somalia', 'Somaliland', 'Spanien', 'Sri Lanka', 'St. Kitts und Nevis', 'St. Lucia', 'St. Vincent und die Grenadinen', 'S&uuml;dafrika', 'Sudan', 'S&uuml;dossetien', 'S&uuml;dsudan', 'Suriname', 'Swasiland', 'Syrien', 'Tadschikistan', 'Taiwan', 'Tansania', 'Thailand', 'Togo', 'Tonga', 'Transnistrien', 'Trinidad und Tobago', 'Tschad', 'Tschechien', 'Tunesien', 'T&uuml;rkei', 'Turkmenistan', 'Tuvalu', 'Uganda', 'Ukraine', 'Ungarn', 'Uruguay', 'Usbekistan', 'Vanuatu', 'Vatikanstadt', 'Venezuela', 'Vereinigte Arabische Emirate', 'Vereinigte Staaten', 'Vereinigtes K&ouml;nigreich', 'Vietnam', 'Westsahara', 'Zentralafrikanische Republik', 'Zypern');
$smarty->assign('country', $country);