/** * 验证密码/用户 * * @param string $username * @param string $password * @param string $imgcode * @param string $logincode */ function checkUser($username, $password, $imgcode, $logincode = false) { session_start(); if (trim($username) == '' || trim($password) == '') { return false; } else { $sessionCode = isset($_SESSION['code']) ? $_SESSION['code'] : ''; $logincode = false === $logincode ? Option::get('login_code') : $logincode; if ($logincode == 'y' && (empty($imgcode) || $imgcode != $sessionCode)) { return false; } $userData = getUserDataByLogin($username); if ($userData === false) { return false; } $hash = $userData['password']; $check = checkPassword($password, $hash); return $check; } }
function checkRegister($email, $password, $re_password) { $account = getMember($email); if ($account || !checkPassword($password, $re_password)) { return false; } return true; }
function verifyUserPass($username, $password, $redirect) { $config = getConfig(); if (checkUsername($username, $config->username) && checkPassword($password, $config->password)) { if (loadConfig($config)) { $_SESSION["loggedIn"] = true; } header("Location: " . $redirect); } else { return false; } }
function getHash($username, $pass, $mysqli) { $request = "SELECT * FROM `authme` WHERE `username` = '" . clean($username, $mysqli) . "'"; $result = $mysqli->query($request); while ($row = $result->fetch_array(MYSQLI_NUM)) { $passDb = $row[2]; } if (checkPassword($pass, $passDb, null) == true) { return $passDb; } return 0; }
public function update(Request $request, User $user) { $user->name = $request->name; $user->email = $request->email; $user->password = bcrypt(checkPassword($user->password, $request->password)); $user->save(); if (!$request->input('role_list')) { $roleList = []; } else { $roleList = $request->input('role_list'); } $user->roles()->sync($roleList); Flash::success('User Updated!'); return redirect()->action('UserController@index'); }
function safeChange($user, $newPass, $error) { global $wgOut; # Make sure that the change is really a success if ($error == 'success') { $result = true; # Check how safe the password is $msg = checkPassword($newPass, $result, $user); # print errors and return to the input prompt if (!$result) { $wgOut->addHTML($msg); throw new PasswordError(''); } return false; } return false; }
function getUser($schema_name, $dbconn) { //checks to see if the user exists $username = "******" . $schema_name . ".users WHERE username = '******'username']}' LIMIT 1"; $usernameResults = pg_query($dbconn, $username); $numrows = pg_numrows($usernameResults); if ($numrows > 0) { $usernameResponse = pg_fetch_result($usernameResults, 0, 0); $securityResponse = pg_fetch_result($usernameResults, 0, 1); //echo $securityResponse; checkPassword($usernameResponse, $securityResponse, $dbconn, $schema_name); } else { echo "<script type='text/javascript'>alert('User does not exist..');window.location.replace(\"../login.php\");</script>"; } /*if ($usernameResponse) { //echo 'Retrieved User '.$usernameResponse; checkPassword($usernameResponse,$dbconn,$schema_name); } else{ }*/ }
function doLoginQuery($username, $password) { global $dbh; global $loginerror; global $domain; $check = false; $sth = $dbh->prepare("SELECT * FROM invoice_users WHERE user_login=:username;"); $sth->bindParam(':username', $username, PDO::PARAM_STR); $sth->execute(); foreach ($sth as $row) { $check = checkPassword($_POST['login_pass'], $row['user_pass']); $info = $row; } if (!$check) { $loginerror = 'Deze combinatie gebruikersnaam/wachtwoord is niet bij ons bekend.'; } else { $_SESSION['user'] = $info['user_login']; $_SESSION['user_priv'] = $info['user_status']; $_SESSION['user_email'] = $info['user_email']; $_SESSION['user_num'] = $info['usercustnum']; $_SESSION['user_id'] = $info['ID']; header("Location: {$domain}{$_GET['red']}"); } }
$ret->mail = false; if ($ret->response) { $ret->mail = Util::send_mail($username, "Password Reset link", "This is your reset link : http://www.thisisud.com/register.php?reset=true&rl=" . $ret->message . " . The link expires in 3 days."); } print json_encode($ret); } if ($columns === "RESET_PASSWORD_CONF") { $password = $_POST['password']; $confirmpassword = $_POST['confirmpassword']; $reset_link = $_POST['reset_link']; $ret = resetPassword_conf($reset_link, $password, $confirmpassword); print $ret; } if ($columns === "RE_CONFIRM_PASS") { $password = $_POST['password']; $ret = checkPassword($_SESSION["user"]->email_id, $password); print $ret; } } else { if (isset($_POST['contact'])) { $contact = $_POST['contact']; if ($contact === "CONTACT_EMAILER") { $data = json_decode(stripslashes($_POST['data']), true); $name = $data['name']; $email = $data['email']; $comment = $data['comment']; $msg = "<html><body><table style='max-width: 800px; border-radius: 5px; border: 1px solid black;'>"; $msg .= '<tr><td style="width:180px; background-color: gray; color: white; padding: 10px;">Name</td><td style="width: 600px; padding: 10px;">' . $name . '</td></tr>'; $msg .= '<tr><td style="width:180px; background-color: gray; color: white; padding: 10px;">Email</td><td style="width: 600px; padding: 10px;">' . $email . '</td></tr>'; $msg .= '<tr><td style="width:180px; background-color: gray; color: white; padding: 10px;">Question/Comment</td><td style="width: 600px; padding: 10px;">' . $comment . '</td></tr>'; $msg .= "</table></body></html>";
*******************************************************************************/ // prevent direct invocation if (!isset($cfg['user']) || isset($_REQUEST['cfg'])) { @ob_end_clean(); @header("location: ../../../index.php"); exit; } /******************************************************************************/ $newUser = tfb_getRequestVar('newUser'); $pass1 = tfb_getRequestVar('pass1'); $pass2 = tfb_getRequestVar('pass2'); $userType = tfb_getRequestVar('userType'); // check username $usernameCheck = checkUsername($newUser); // check password $passwordCheck = checkPassword($pass1, $pass2); // new user ? $newUser = strtolower($newUser); if ($usernameCheck === true && $passwordCheck === true) { addNewUser($newUser, $pass1, $userType); AuditAction($cfg["constants"]["admin"], $cfg['_NEWUSER'] . ": " . $newUser); @header("location: admin.php?op=showUsers"); exit; } // init template-instance tmplInitializeInstance($cfg["theme"], "page.admin.addUser.tmpl"); // set vars $tmpl->setvar('newUser', $newUser); // error // backward-compat-vars $tmpl->setvar('_TRYDIFFERENTUSERID', $cfg['_TRYDIFFERENTUSERID']);
function loginProcess() { $username = $_REQUEST['username']; $password = $_REQUEST['password']; $authenticated = checkPassword($username, $password); if (!$authenticated) { session_unset(); loginFailed(_kt('Could not authenticate administrative user')); return; } $_SESSION['setup_user'] = $username; welcome(); }
header("Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'"); header("X-Content-Security-Policy: default-src 'self'; object-src 'none'; frame-src 'none'"); header("X-WebKit-CSP: default-src 'self'; object-src 'none'; frame-src 'none'"); ini_set("session.cookie_httponly", 1); session_start(); require_once "config.php"; require_once "functions.php"; if (isset($_SESSION['isLogin']) && $_SESSION['isLogin'] === true) { header("Location: admin.php"); exit; } $forbiddenIPList = loadForbiddenIPList(); $ip = $_SERVER['REMOTE_ADDR']; if (!isset($forbiddenIPList[$ip]) || $forbiddenIPList[$ip] < 3) { if (isset($_POST['password']) && $_POST['password'] != '') { if (checkPassword($_POST['password'])) { $_SESSION['isLogin'] = true; $_SESSION['user_IP'] = $ip; $_SESSION['user_agent'] = $_SERVER['HTTP_USER_AGENT']; if (isset($forbiddenIPList[$ip])) { unset($forbiddenIPList[$ip]); saveForbiddenIPList($forbiddenIPList); } header("Location: admin.php"); exit; } else { if (isset($forbiddenIPList[$ip])) { $forbiddenIPList[$ip]++; } else { $forbiddenIPList[$ip] = 1; }
exit; } if ($newpass != $newpasscnfm) { ?> <div class="password-change alert alert-danger fade in" role="alert"> <p class="lead"> <span class="glyphicon glyphicon-remove-sign" aria-hidden="true"></span> <strong>Error</strong> New password does not match confirmed password. <br> <a class="alert-link" href="javascript:history.back()">Return and Fix</a> </p> </div> <?php exit; } else { if (checkPassword($currentpwd)) { $db = new DB_Functions(); $hashedPassword = getPasswordHash($newpass); $db->changePassword($_SESSION['email'], $hashedPassword); ?> <div class="password-change alert alert-success fade in" role="alert"> <p class="lead"> <span class="glyphicon glyphicon-ok-sign" aria-hidden="true"></span> <strong>Success</strong> Your password has been changed! </p> </div> <script type="text/javascript"> (function(){ setTimeout(function(){window.location.href = "./"; }, 1200); })(); </script>
include '../init.php'; sleep(3); $username = $_POST["username"]; $password = $_POST["password"]; $errors = array(); if (empty($username) && empty($password)) { $errors[] = "Please input your username and password"; } else { if (empty($username)) { $errors[] = "Please input your username"; } if (checkUser($username) === false) { $errors[] = "That username does not exist in our database."; } $passCheck = checkPassword($username, $password); if ($passCheck === false) { $errors[] = "Your password is incorrect. Please try again."; } } if (!empty($errors)) { foreach ($errors as $error) { $return['error'] = true; $return['msg'] = $error; } } else { $ua = getBrowser(); $browser = $ua['name'] . ' ' . $ua['version']; $os = $ua['platform']; loginCheck($username); loginLog($passCheck, $browser, $os);
function change_password($uid, $oldpass, $pass1, $pass2) { $sql = sprintf("SELECT username FROM user_info WHERE uid='%s'", mysql_real_escape_string($uid)); $username = get_element($sql); if ($username == NULL) { return 'error'; } if (checkPassword($username, $oldpass) == TRUE) { $err = newPass($uid, $username, $pass1, $pass2); return $err; } else { return 'wrong'; } }
setSessionData(); } else { header('Location:/auth.php?action=errorWrongUserData'); } } else { header('Location:/auth.php?action=errorWrongUserData'); } } if (isset($_POST['login']) && empty($_POST['password'])) { if (!preg_match("/^[a-z0-9_]+\$/i", $_POST['login'])) { header('Location:/auth.php?action=errorWrongSymbols'); exit; } setSessionData(); } elseif (isset($_POST['login']) && isset($_POST['password'])) { checkPassword($_POST['login'], $_POST['password']); } else { header('Location:/auth.php'); } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Задание 5. Авторизация пользователей</title> </head> <body> </body> </html>
$coverError = 0; if (!$profileError) { $stmt = $db->prepare("update `users` set profileImg_ext=:profExt where id=:id"); $stmt->bindParam(":profExt", $_SESSION['profileExt']); $stmt->bindParam(":id", $_SESSION['user_id']); $stmt->execute(); $coverError = upload_main_image("coverImg"); if (!$coverError) { $stmt = $db->prepare("update `users` set coverImg_ext=:coverExt where id=:id"); $stmt->bindParam(":coverExt", $_SESSION['coverExt']); $stmt->bindParam(":id", $_SESSION['user_id']); $stmt->execute(); } } // Password check $passwordError = checkPassword(); if (!$passwordError && isset($_POST['newPass']) && !empty($_POST['newPass'])) { try { $stmt = $db->prepare("update `users` set password=:password where id=:id"); $stmt->bindParam(":password", hash("sha512", $_POST['newPass'])); $stmt->bindParam(":id", $_SESSION['user_id']); $stmt->execute(); $passwordChanged = 1; } catch (PDOException $e) { $passwordError = -1; } } // Basic data check $phoneError = $addressError = $emailError = $dateError = $usernameError = 0; $phoneChanged = $addressChanged = $emailChanged = $dateChanged = $usernameChanged = 0; if (isset($_POST['username']) && !empty($_POST['username']) && addslashes($_POST['username']) != $_SESSION['username']) {
//echo $uName; //echo $pass; $fName = ""; //echo $uName . $pass; //Validating every entry, only format if (checkUName($uName) && $uName != "") { $success++; //echo $eMail . "<br/>"; } else { if (checkEmail($uName) && $uName != "") { $success++; } else { $errorString .= "<li>- Your Username/Password has the wrong format, please try agian</li>"; } } if (checkPassword($pass) && $pass != "") { $success++; //echo $pass . "<br/>"; } else { $errorString .= "<li>- The entred password has the wrong format</li>"; } if ($success == 2) { $dbc = new dbc(); $dbcData = array('uName' => $uName, 'pass' => sha1($pass . UNIQE_SALT)); $res = $dbc->query("SELECT * FROM Users WHERE uName = :uName AND pass = :pass", $dbcData); if ($res == 1) { $success++; userSignIn($uName); } $dbc = new dbc(); $dbcData = array('uName' => $uName, 'pass' => sha1($pass . UNIQE_SALT));
} //check if the file hasn't been used more than 3 times $count = recordedAsUsedCount($pwd); if ($count > ALLOWED_DLS_COUNT - 1) { return PWD_CHECK_USED_TOO_MANY_TIMES; } return PWD_CHECK_VALID; } // start of the real thing if (!array_key_exists("pwd", $HTTP_GET_VARS)) { header("Location: dlerror-badpwd.php?pwd=no_pwd_given\n"); exit; } $pwd = $HTTP_GET_VARS["pwd"]; bailIfFileDoesntExists(); $res = checkPassword($pwd); if ($res == PWD_CHECK_NOT_FOUND) { recordPasswordAsUsed($pwd, 0); header("Location: dlerror-badpwd.php?pwd=" . urlencode($pwd) . "\n"); exit; } if ($res == PWD_CHECK_USED_TOO_MANY_TIMES) { header("Location: dlerror-toomany.php?pwd=" . urlencode($pwd) . "\n"); exit; } // other values must mean PWD_CHECK_VALID // would be good to have assert() here // update the file with used password to mark that the // password has been used recordPasswordAsUsed($pwd, 1); // and finally return the file
function signUp($user) { $user = validateFixProfile($user); if (is_string($user)) { # error msg: invalid info return $user; } if (userExists($user["email"])) { return ACCOUNT_ALREADY_EXISTS_ERR; } $user["password"] = trim($user["password"]); $checkPassword = checkPassword($user["password"], $user["confirm_password"]); if (is_string($checkPassword)) { return $checkPassword; } $account_type = $user["account_type"]; if ($account_type !== "Tutor" && $account_type !== "Student") { return INVALID_ACCOUNT_TYPE_ERR; } $gender = $user["gender"]; if ($gender !== "Male" && $gender !== "Female") { return INVALID_GENDER_ERR; } if (is_uploaded_file($_FILES["profile_pic"]["tmp_name"]) && isValidImg("profile_pic") !== true) { return INVALID_IMG_ERR; } $user_id = insertUser($user); if (isNum($user_id)) { insertInto($account_type, $user_id); if (file_exists($_FILES["profile_pic"]["tmp_name"])) { $path = getProfilePicPath($user_id); moveFile("profile_pic", getTempPath($user_id), $path); changeProfilePic($user_id, $path); } # else { # changeProfilePic($user_id, DEFAULT_PROFILE_PIC); # } $u = getFullUserById($user_id); if (sendActivationMail($u["email"], $user_id, $u["activation_code"])) { return true; } else { return " Account successfully created but could not send you a verification email. Please request another one. "; } } else { return UNKNOWN_ERR . RETRY_MSG; } }
function doJoinTeam($playerName, $team, $password) { if (checkPassword($team, $password, "JOINTEAM") == false) { return "Password is incorrect"; } if (isPlayerInTeam($playerName, $team) == true) { return "You can't join the same team twice you know?"; } $pid = getPid($playerName); if ($pid == 0) { return "Error"; } $tid = getTid($team); $query = "insert into team_members values ('{$tid}', '{$pid}')"; $result = mysql_query($query); if (mysql_affected_rows() != 1) { return "Database error"; } return "OK"; }
$request = "SELECT * FROM `webadmin` WHERE `username` = '{$username}'"; $result = $mysqli->query($request); if (!$result) { $admincheck = false; } elseif ($result->num_rows == 1 && ($result = true)) { $admincheck = true; } else { $admincheck = false; } } $request = "SELECT * FROM `authme` WHERE `username` = '{$username}'"; $result = $mysqli->query($request); while ($row = $result->fetch_array(MYSQLI_NUM)) { $passfromdb = $row[2]; } $checked = checkPassword($pass, $passfromdb, $algorithm); $ip = $_SERVER['REMOTE_ADDR']; if ($checked == true && $ip != "77.75.74.41") { if (isset($_SERVER['HTTP_COOKIE'])) { $cookies = explode(';', $_SERVER['HTTP_COOKIE']); foreach ($cookies as $cookie) { $parts = explode('=', $cookie); $name = trim($parts[0]); setcookie($name, '', time() - 1000); setcookie($name, '', time() - 1000, '/'); } } unset($_COOKIE['unite_username']); unset($_COOKIE['unite_password']); unset($_COOKIE['unite_admin']); if ($admin == false) {
// ------------------------------------------------------------------------ // include '../../mainfile.php'; if (!$xoopsUser) { redirect_header(XOOPS_URL, 2, _NOPERM); } include XOOPS_ROOT_PATH . "/header.php"; if (!isset($_POST['submit'])) { //show change password form include_once XOOPS_ROOT_PATH . "/class/xoopsformloader.php"; $form = new XoopsThemeForm(_PROFILE_MA_CHANGEPASSWORD, 'form', 'changepass.php', 'post', true); $form->addElement(new XoopsFormPassword(_PROFILE_MA_OLDPASSWORD, 'oldpass', 15, 50), true); $form->addElement(new XoopsFormPassword(_PROFILE_MA_NEWPASSWORD, 'newpass', 15, 50), true); $form->addElement(new XoopsFormPassword(_PROFILE_MA_VERIFYPASS, 'vpass', 15, 50), true); $form->addElement(new XoopsFormButton('', 'submit', _SUBMIT, 'submit')); $form->display(); } else { include_once XOOPS_ROOT_PATH . "/modules/" . $xoopsModule->getVar('dirname') . "/include/functions.php"; $stop = checkPassword($xoopsUser->getVar('uname'), $_POST['oldpass'], $_POST['newpass'], $_POST['vpass']); if ($stop != "") { redirect_header('userinfo.php?uid=' . $xoopsUser->getVar('uid'), 2, $stop); } else { //update password $xoopsUser->setVar('pass', md5($_POST['newpass'])); $member_handler =& xoops_gethandler('member'); if ($member_handler->insertUser($xoopsUser)) { redirect_header('userinfo.php?uid=' . $xoopsUser->getVar('uid'), 2, _PROFILE_MA_PASSWORDCHANGED); } redirect_header('userinfo.php?uid=' . $xoopsUser->getVar('uid'), 2, _PROFILE_MA_ERRORDURINGSAVE); } } include XOOPS_ROOT_PATH . "/footer.php";
function confirmPassword($password){ // Database look-up should go here here... return checkPassword($password); }
<?php $input = "hxbxwxba"; while (true) { $input = incrementPassword($input); if (checkPassword($input)) { echo $input . "\n"; } } function checkPassword($password) { $found = false; $chars = str_split($password); foreach ($chars as $pos => $char) { if ($pos > count($chars) - 3) { break; } if (ord($char) + 1 === ord($chars[$pos + 1]) && ord($char) + 2 === ord($chars[$pos + 2])) { $found = true; } } if (!$found) { return false; } foreach ($chars as $char) { if ($char === 'i' || $char === 'o' || $char === 'l') { return false; } } $ignoredChars = array(); foreach ($chars as $pos => $char) {
// Returns user_id if there is a logged in user, and -1 otherwise function loggedInUser() { if (isset($_COOKIE['user_id'])) { return $_COOKIE['user_id']; } return -1; } $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ""; switch ($action) { case "login": $username = isset($_POST['username']) ? $_POST['username'] : null; $password = isset($_POST['password']) ? $_POST['password'] : null; $error = null; if (isset($username) && isset($password)) { $user_id = checkPassword($username, $password); if ($user_id == -1) { $error = "Incorrect username/password."; } else { addToCookie("user_id", $user_id); } } else { $error = "Username or password is empty."; } if (isset($error)) { echo $error . " Try again!<br />"; } break; case "logout": unsetCookie("user_id"); $user_id = -1;
{ $bool = true; if ($_POST['Especialidad'] == 4 && strlen($_POST['otra']) === 0) { ?> <p id="parUsers">Se debe introducir un valor en el campo de Otra Especialidad</p> <?php $bool = false; } return $bool; } //Llamadas a las funciones $contMensaje = 0; if (checkPatterns() === false) { $contMensaje++; } if (checkPassword() === false) { $contMensaje++; } if (checkEspecialidad() === false) { $contMensaje++; } if ($contMensaje > 0) { ?> <a id="linkUsers" href="../registro.html">Volver al registro</a> <?php } else { $_POST[nombreyApellidos] = operateInput($_POST[nombreyApellidos]); $_POST[correoElectronico] = operateInput($_POST[correoElectronico]); $_POST[password] = operateInput($_POST[password]); $_POST[numTelefono] = operateInput($_POST[numTelefono]); $_POST[Especialidad] = operateInput($_POST[Especialidad]);
function fieldLogin($method, $target, $payload) { switch ($method) { case "GET": checkNULL($target, 'user'); $result = dbSelect('users', 'online', "username='******'"); if ($result->num_rows == 0) { echoError("no_user"); } else { $row = $result->fetch_assoc(); httpResponse(array("online" => $row['online']), 200); } break; case "POST": case "PUT": checkNULL($target, 'user'); checkNULL($payload['pw'], 'password'); checkPassword($target, $payload['pw']); dbUpdate('users', 'online=1', "username='******'"); echoSuccess("login_user"); break; case "DELETE": checkNULL($target, 'user'); checkOnline($target); dbUpdate('users', 'online=0', "username='******'"); echoSuccess("logout_user"); break; default: echoError('Invalid Method'); break; } }
<?php require "../php/header.php"; $html_title = "WinBolo.net: Modify Player"; openDatabase(false); $password = $HTTP_POST_VARS['password']; $name = $HTTP_GET_VARS['name']; $passwordOk = checkPassword($name, $password, "EDITTEAM"); include "{$BASE_FILES}/inc_top.php"; if ($userdata['session_logged_in'] == false) { $error_body = "You must login before you can use this page."; include "{$BASE_FILES}/inc_error.php"; } else { if ($passwordOk == true) { $team = getTeamClass($name); # $cookieTeam = $team->getName(); include "{$BASE_FILES}/inc_teammodify.php"; } else { $error_body = "Your password is incorrect."; include "{$BASE_FILES}/inc_error.php"; } } require "{$BASE_FILES}/inc_bottom.php";
/** Make sure that the WordPress bootstrap has run before continuing. */ require dirname(__FILE__) . '/wp-load.php'; $password = '******'; $storePass = '******'; function checkPassword($password, $storePass) { global $wp_hasher; if (empty($wp_hasher)) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } $result = false; try { $result = $wp_hasher->CheckPassword($password, $storePass); } catch (Exception $e) { } $jarr = array("code" => $result); return json_encode($jarr); } $action = $_GET['action']; $password = $_GET['pwd']; $storePass = $_GET['storepwd']; $from = $_GET['from']; // echo $action . ':' . $password . ':' . $storePass . ':' . $from; if ($from != 'web2py') { echo ""; exit; } if ($action == 'login') { echo checkPassword($password, $storePass); }