Ejemplos de pass_check en PHP

Ejemplo n.º 1

Archivo: user.php Proyecto: sillycross/dts

$udata = $db->fetch_array($result);
if ($udata['password'] != $cpass) {
    gexit($_ERROR['wrong_pw'], __FILE__, __LINE__);
}
if ($udata['groupid'] <= 0) {
    gexit($_ERROR['user_ban'], __FILE__, __LINE__);
}
if (!isset($mode)) {
    $mode = 'show';
}
if ($mode == 'edit') {
    $gamedata = array();
    $gamedata['innerHTML']['info'] = '';
    if ($opass && $npass && $rnpass) {
        $pass_right = true;
        $pass_check = pass_check($npass, $rnpass);
        if ($pass_check != 'pass_ok') {
            $gamedata['innerHTML']['info'] .= $_ERROR[$pass_check] . '<br />';
            $pass_right = false;
        }
        $opass = md5($opass);
        $npass = md5($npass);
        if ($opass != $udata['password']) {
            $gamedata['innerHTML']['info'] .= $_ERROR['wrong_pw'] . '<br />';
            $pass_right = false;
        }
        if ($pass_right) {
            gsetcookie('pass', $npass);
            $passqry = "`password` ='{$npass}',";
            $gamedata['innerHTML']['info'] .= $_INFO['pass_success'] . '<br />';
        } else {

Ejemplo n.º 2

Archivo: login.php Proyecto: vulnerabilityCode/ctf

<?php

require_once 'includes/header.inc.php';
require_once 'includes/user.inc.php';
if (!isset($_POST) || empty($_POST)) {
    echo 'login please:<br/>' . "\n";
    form_dump(array('username' => array('text', '', ''), 'password' => array('password', '', ''), 'login' => array('submit', 'login')));
} else {
    if (isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']) && pass_check($_POST['username'], $_POST['password'])) {
        $_SESSION['user'] = $_POST['username'];
        $_SESSION['islogged'] = 1;
        header('location: http://' . $_SERVER['HTTP_HOST'] . '/forum/overview.php');
        die;
    } else {
        echo 'incorrect login data, please try again<br />' . "\n";
        form_dump(array('username' => array('text', $_POST['username'], ''), 'password' => array('password', $_POST['password'], ''), 'login' => array('submit', 'login')));
        die;
    }
}
require_once 'includes/footer.inc.php';

Ejemplo n.º 3

Archivo: login.php Proyecto: winddramon/dts

//require GAME_ROOT.'./gamedata/resources.php';
//include GAME_ROOT.'./include/user.func.php';
//ob_start();
//if($gzipcompress && function_exists('ob_gzhandler') && CURSCRIPT != 'wap') {
//	ob_start('ob_gzhandler');
//} else {
//	$gzipcompress = 0;
//	ob_start();
//}
//foreach($nmlimit as $value){
//	if(!empty($value) && strpos($username,$value)!==false){
//		gexit($_ERROR['banned_name'],__file__,__line__);
//	}
//}
$name_check = name_check($username);
$pass_check = pass_check($password, $password);
if ($name_check != 'name_ok') {
    gexit($_ERROR[$name_check], __FILE__, __LINE__);
} elseif ($pass_check != 'pass_ok') {
    gexit($_ERROR[$pass_check], __FILE__, __LINE__);
}
//if(!$username||!$password) {
//	gexit($_ERROR['login_info'],__file__,__line__);
//} elseif(preg_match("[,|>|<|;|'|\"]",$username)){
//	gexit($_ERROR['invalid_name'],__file__,__line__);
//} elseif(preg_match($nmlimit,$username)){
//	gexit($_ERROR['banned_name'],__file__,__line__);
//} elseif(mb_strlen($username,'utf-8')>15) {
//	gexit($_ERROR['long_name'],__file__,__line__);
//} else{
//	include_once GAME_ROOT.'./gamedata/system.php';

Ejemplo n.º 4

Archivo: getprofile.php Proyecto: benstraats/FriendRequest

        $stmt->execute();
        $stmt->bind_result($field1, $value1);
        while ($stmt->fetch()) {
            $val_decrypt = decryption($value1);
            echo $field1 . "\t" . $val_decrypt . "\n";
        }
    }
} else {
    //currUser, user, user, currUser, currUser
    //returns the password of the currUsers profile only if currUser is friends with user.
    $fullCheckSQL = "SELECT u.password FROM users as u JOIN friends as f ON u.username=f.user1 OR u.username=f.user2 WHERE ((f.user1=? and f.user2=?) OR (f.user1=? and f.user2=?)) and u.username=?";
    $stmt->prepare($fullCheckSQL);
    $stmt->bind_param('sssss', $currUser, $user, $user, $currUser, $currUser);
    $stmt->execute();
    $stmt->bind_result($pass_return2);
    $stmt->fetch();
    //will fail if passwords do not match
    if (pass_check($currPass, $pass_return2)) {
        //user
        $profileSQL2 = "SELECT field,value FROM profile WHERE user=?";
        $stmt->prepare($profileSQL2);
        $stmt->bind_param('s', $user);
        $stmt->execute();
        $stmt->bind_result($field2, $value2);
        while ($stmt->fetch()) {
            $val_dec = decryption($value2);
            echo $field2 . ":" . $val_dec . "\n";
        }
    }
}
mysqli_close($con);

Ejemplo n.º 5

Archivo: removefriend.php Proyecto: benstraats/FriendRequest

<?php

include 'encrypt.php';
//user, currUser. currPass
$user = $_POST["user"];
$currUser = $_POST["currUser"];
$currPass = $_POST["currPass"];
$con = new mysqli("localhost", "fradmin", "people123", "friendrequest");
$user_pass_sql = "SELECT password FROM users WHERE username=?";
$stmt = $con->stmt_init();
$stmt->prepare($user_pass_sql);
$stmt->bind_param('s', $currUser);
$stmt->execute();
$stmt->bind_result($user_pass);
$stmt->fetch();
$friend_count_sql = "SELECT COUNT(*) FROM friends WHERE (user1=? and user2=?) or (user1=? and user2=?)";
$stmt->prepare($friend_count_sql);
$stmt->bind_param('ssss', $user, $currUser, $currUser, $user);
$stmt->execute();
$stmt->bind_result($count);
$stmt->fetch();
if (pass_check($currPass, $user_pass) && $count > 0) {
    $delete_friend_sql = "DELETE FROM friends WHERE (user1=? and user2=?) or (user1=? and user2=?)";
    $stmt->prepare($delete_friend_sql);
    $stmt->bind_param('ssss', $user, $currUser, $currUser, $user);
    $stmt->execute();
    echo "true";
} else {
    echo "false";
}

Ejemplo n.º 6

Archivo: saveprofile.php Proyecto: benstraats/FriendRequest

$pass = $_POST["password"];
$profile = $_POST["profile"];
$jsonProfile = json_decode($profile);
//Create connection
$con = new mysqli("localhost", "fradmin", "people123", "friendrequest");
$stmt = $con->stmt_init();
$count = 1;
//user
$passCheckSQL = "SELECT password FROM users WHERE username=?";
$stmt->prepare($passCheckSQL);
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($pass_result);
$stmt->fetch();
//checking the password will fail if user does not exist
if (pass_check($pass, $pass_result) && !(strpos($profile, "\n") !== false) && !(strpos($profile, "\t") !== false)) {
    //user
    $clearProfileSQL = "DELETE FROM profile WHERE user=?";
    $stmt->prepare($clearProfileSQL);
    $stmt->bind_param('s', $user);
    $stmt->execute();
    foreach ($jsonProfile->profile as $row) {
        foreach ($row as $key => $val) {
            if ($val != "") {
                $val_en = encryption($val);
                $insertSQL = "INSERT INTO profile VALUES(?,?,?,?)";
                $stmt->prepare($insertSQL);
                $stmt->bind_param('isss', $count, $user, $key, $val_en);
                $stmt->execute();
                $count = $count + 1;
            }

Ejemplo n.º 7

Archivo: login.php Proyecto: benstraats/FriendRequest

<?php

include 'encrypt.php';
$user = $_POST["user"];
$pass = $_POST["password"];
// Create connection
$con = new mysqli("localhost", "fradmin", "people123", "friendrequest");
$stmt = $con->stmt_init();
//user
$passSQL = "SELECT password FROM users WHERE username=?";
$stmt->prepare($passSQL);
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($pass_return);
$stmt->fetch();
if (pass_check($pass, $pass_return)) {
    echo "True";
} else {
    echo "False";
}
mysqli_close($con);

Ejemplo n.º 8

Archivo: requestfriend.php Proyecto: benstraats/FriendRequest

$friendCheckSQL = "SELECT COUNT(*) FROM friends WHERE (user1=? and user2=?) or (user1=? and user2=?)";
$stmt->prepare($friendCheckSQL);
$stmt->bind_param('ssss', $user, $fuser, $fuser, $user);
$stmt->execute();
$stmt->bind_result($fCount);
$stmt->fetch();
//user, fuser
$userCheckSQL = "SELECT COUNT(*) FROM users WHERE username=? or username=?";
$stmt->prepare($userCheckSQL);
$stmt->bind_param('ss', $user, $fuser);
$stmt->execute();
$stmt->bind_result($uCount);
$stmt->fetch();
if ($rCount == 0 && $fCount == 0 && $uCount == 2 && $user != $fuser) {
    //user
    $passCheckSQL = "SELECT password FROM users WHERE username=?";
    $stmt->prepare($passCheckSQL);
    $stmt->bind_param('s', $user);
    $stmt->execute();
    $stmt->bind_result($passResult);
    $stmt->fetch();
    if (pass_check($pass, $passResult)) {
        //fuser, user
        $insertSQL = "INSERT INTO requests (requestee, requester) VALUES (?,?)";
        $stmt->prepare($insertSQL);
        $stmt->bind_param('ss', $fuser, $user);
        $stmt->execute();
        echo "Friend Request Sent To " . $fuser;
    }
}
mysqli_close($con);