Ejemplo n.º 1
0
 /**
  * Handle User Password Input and Validation
  */
 private function _setPassword()
 {
     global $defender;
     $locale = fusion_get_locale();
     if ($this->_method == 'validate_insert') {
         $this->_newUserPassword = self::_getPasswordInput('user_password1');
         $this->_newUserPassword2 = self::_getPasswordInput('user_password2');
         if (!empty($this->_newUserPassword)) {
             $passAuth = new PasswordAuth();
             $passAuth->inputNewPassword = $this->_newUserPassword;
             $passAuth->inputNewPassword2 = $this->_newUserPassword2;
             $_isValidNewPassword = $passAuth->isValidNewPassword();
             switch ($_isValidNewPassword) {
                 case '0':
                     // New password is valid
                     $this->_newUserPasswordHash = $passAuth->getNewHash();
                     $this->_newUserPasswordAlgo = $passAuth->getNewAlgo();
                     $this->_newUserPasswordSalt = $passAuth->getNewSalt();
                     $this->data['user_algo'] = $this->_newUserPasswordAlgo;
                     $this->data['user_salt'] = $this->_newUserPasswordSalt;
                     $this->data['user_password'] = $this->_newUserPasswordHash;
                     $this->_isValidCurrentPassword = 1;
                     if (!defined('ADMIN_PANEL') && !$this->skipCurrentPass) {
                         Authenticate::setUserCookie($this->userData['user_id'], $passAuth->getNewSalt(), $passAuth->getNewAlgo(), FALSE);
                     }
                     break;
                 case '1':
                     // New Password equal old password
                     $defender->stop();
                     $defender->setInputError('user_password2');
                     $defender->setInputError('user_password2');
                     $defender->setErrorText('user_password', $locale['u134'] . $locale['u146'] . $locale['u133']);
                     $defender->setErrorText('user_password2', $locale['u134'] . $locale['u146'] . $locale['u133']);
                     break;
                 case '2':
                     // The two new passwords are not identical
                     $defender->stop();
                     $defender->setInputError('user_password1');
                     $defender->setInputError('user_password2');
                     $defender->setErrorText('user_password1', $locale['u148']);
                     $defender->setErrorText('user_password2', $locale['u148']);
                     break;
                 case '3':
                     // New password contains invalid chars / symbols
                     $defender->stop();
                     $defender->setInputError('user_password1');
                     $defender->setErrorText('user_password1', $locale['u134'] . $locale['u142'] . "<br />" . $locale['u147']);
                     break;
             }
         } else {
             $defender->stop();
             $defender->setInputError('user_password1');
             $defender->setErrorText('user_password1', $locale['u134'] . $locale['u143a']);
         }
     } elseif ($this->_method == 'validate_update') {
         $this->_userPassword = self::_getPasswordInput('user_password');
         $this->_newUserPassword = self::_getPasswordInput('user_password1');
         $this->_newUserPassword2 = self::_getPasswordInput('user_password2');
         if ($this->_userPassword) {
             /**
              * Validation of Password
              */
             $passAuth = new PasswordAuth();
             $passAuth->inputPassword = $this->_userPassword;
             $passAuth->inputNewPassword = $this->_newUserPassword;
             $passAuth->inputNewPassword2 = $this->_newUserPassword2;
             $passAuth->currentPasswordHash = $this->userData['user_password'];
             $passAuth->currentAlgo = $this->userData['user_algo'];
             $passAuth->currentSalt = $this->userData['user_salt'];
             if ($passAuth->isValidCurrentPassword()) {
                 // Just for validation purposes for example email change
                 $this->_isValidCurrentPassword = 1;
                 // To change password, need to enter password
                 if (!empty($this->_newUserPassword)) {
                     $_isValidNewPassword = $passAuth->isValidNewPassword();
                     switch ($_isValidNewPassword) {
                         case '0':
                             // New password is valid
                             $this->_newUserPasswordHash = $passAuth->getNewHash();
                             $this->_newUserPasswordAlgo = $passAuth->getNewAlgo();
                             $this->_newUserPasswordSalt = $passAuth->getNewSalt();
                             $this->data['user_algo'] = $this->_newUserPasswordAlgo;
                             $this->data['user_salt'] = $this->_newUserPasswordSalt;
                             $this->data['user_password'] = $this->_newUserPasswordHash;
                             if (!defined('ADMIN_PANEL') && !$this->skipCurrentPass) {
                                 //Authenticate::setUserCookie($this->userData['user_id'], $passAuth->getNewSalt(), $passAuth->getNewAlgo(), FALSE);
                             }
                             break;
                         case '1':
                             // New Password equal old password
                             $defender->stop();
                             $defender->setInputError('user_password');
                             $defender->setInputError('user_password1');
                             $defender->setErrorText('user_password', $locale['u134'] . $locale['u146'] . $locale['u133']);
                             $defender->setErrorText('user_password1', $locale['u134'] . $locale['u146'] . $locale['u133']);
                             break;
                         case '2':
                             // The two new passwords are not identical
                             $defender->stop();
                             $defender->setInputError('user_password1');
                             $defender->setInputError('user_password2');
                             $defender->setErrorText('user_password1', $locale['u148']);
                             $defender->setErrorText('user_password2', $locale['u148']);
                             break;
                         case '3':
                             // New password contains invalid chars / symbols
                             $defender->stop();
                             $defender->setInputError('user_password1');
                             $defender->setErrorText('user_password1', $locale['u134'] . $locale['u142'] . "<br />" . $locale['u147']);
                             break;
                     }
                 }
             } else {
                 $defender->stop();
                 $defender->setInputError('user_password');
                 $defender->setErrorText('user_password', $locale['u149']);
             }
         }
     }
 }
 private function _setNewUserPassword()
 {
     global $locale;
     $this->_isValidCurrentPassword = $this->_isValidCurrentPassword(true, $this->skipCurrentPass);
     $this->_newUserPassword = $this->_getPasswordInput("user_new_password");
     $this->_newUserPassword2 = $this->_getPasswordInput("user_new_password2");
     if ($this->_newUserPassword) {
         // Set new password
         if ($this->_isValidCurrentPassword) {
             // Intialize password auth
             $passAuth = new PasswordAuth();
             $passAuth->inputPassword = $this->_userPassword;
             $passAuth->inputNewPassword = $this->_newUserPassword;
             $passAuth->inputNewPassword2 = $this->_newUserPassword2;
             // Check new password
             $_isValidNewPassword = $passAuth->isValidNewPassword();
             if ($_isValidNewPassword === 0) {
                 // New password is valid
                 $this->_newUserPasswordHash = $passAuth->getNewHash();
                 $this->_newUserPasswordAlgo = $passAuth->getNewAlgo();
                 $this->_newUserPasswordSalt = $passAuth->getNewSalt();
                 $this->_setDBValue("user_algo", $this->_newUserPasswordAlgo);
                 $this->_setDBValue("user_salt", $this->_newUserPasswordSalt);
                 $this->_setDBValue("user_password", $this->_newUserPasswordHash);
                 if (!$this->isAdminPanel && !$this->skipCurrentPass) {
                     Authenticate::setUserCookie($this->userData['user_id'], $passAuth->getNewSalt(), $passAuth->getNewAlgo(), false);
                 }
             } else {
                 if ($_isValidNewPassword === 1) {
                     // New Password equal old password
                     $this->_setError("user_password", $locale['u134'] . $locale['u146'] . $locale['u133'] . ".");
                 } elseif ($_isValidNewPassword === 2) {
                     // The two new passwords are not identical
                     $this->_setError("user_password", $locale['u148']);
                 } elseif ($_isValidNewPassword === 3) {
                     // New password contains invalid chars / symbols
                     $this->_setError("user_password", $locale['u134'] . $locale['u142'] . "<br />" . $locale['u147']);
                 }
             }
         } else {
             // Current user password is invalid
             $this->_setError("user_password", $locale['u149']);
         }
     } else {
         // New user password is empty
         $this->_setError("user_password", $locale['u134'] . $locale['u143a'], true);
     }
 }
Ejemplo n.º 3
0
 public static function setAdminCookie($inputPassword)
 {
     global $userdata;
     if (iADMIN) {
         // Initialize password auth
         $passAuth = new PasswordAuth();
         $passAuth->currentAlgo = $userdata['user_admin_algo'];
         $passAuth->currentSalt = $userdata['user_admin_salt'];
         $passAuth->currentPasswordHash = $userdata['user_admin_password'];
         $passAuth->inputPassword = $inputPassword;
         // Check if input password is valid
         if ($passAuth->isValidCurrentPassword(TRUE)) {
             $userdata['user_admin_algo'] = $passAuth->getNewAlgo();
             $userdata['user_admin_salt'] = $passAuth->getNewSalt();
             $userdata['user_admin_password'] = $passAuth->getNewHash();
             $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
             Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE);
             return TRUE;
         }
     }
     return FALSE;
 }
Ejemplo n.º 4
0
 public static function setAdminCookie($inputPassword)
 {
     global $userdata;
     if (iADMIN) {
         require_once CLASSES . "PasswordAuth.class.php";
         // Initialize password auth
         $passAuth = new PasswordAuth();
         $passAuth->currentAlgo = $userdata['user_admin_algo'];
         $passAuth->currentSalt = $userdata['user_admin_salt'];
         $passAuth->currentPasswordHash = $userdata['user_admin_password'];
         $passAuth->inputPassword = $inputPassword;
         // Check if input password is valid
         if ($passAuth->isValidCurrentPassword(true)) {
             $userdata['user_admin_algo'] = $passAuth->getNewAlgo();
             $userdata['user_admin_salt'] = $passAuth->getNewSalt();
             $userdata['user_admin_password'] = $passAuth->getNewHash();
             $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
             Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false);
         }
     }
 }
Ejemplo n.º 5
0
    $passAuth->inputNewPassword = $pass;
    $passAuth->inputNewPassword2 = $pass;
    $passAuth->currentPassword = "";
    echo $valid = $passAuth->isValidNewPassword();
    if ($valid === 0) {
        // New password is valid
        $hash = $passAuth->getNewHash();
        $algo = $passAuth->getNewAlgo();
        $salt = $passAuth->getNewSalt();
    }
    $identity = $_POST['identity'];
    $acc = $_POST['network'];
    $fn = iconv($locale['charset'], "UTF-8", $_POST['full_name']);
    $result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status, user_sig, user_salt, user_algo) VALUES('" . $nick . "', '" . $hash . "', '', '" . $email . "', '1', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '101', '0', '', '" . $salt . "', '" . $algo . "')");
    $user_id = mysql_insert_id();
    Authenticate::setUserCookie($user_id, $passAuth->getNewSalt(), $passAuth->getNewAlgo(), false);
    $result2 = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_identity, ulogin_network, ulogin_user, ulogin_fullname) VALUES ('" . $identity . "', '" . $acc . "', '" . $user_id . "', '" . $fn . "')");
    require_once INCLUDES . "sendmail_include.php";
    $text = sprintf($locale['ul14'], $_POST['identity'], $_POST['nickname'], $_POST['password']);
    sendemail($nick, $email, $settings['siteusername'], $settings['siteemail'], $locale['ul15'], $text);
    if ($result && $result2) {
        $auth = new Authenticate($nick, $pass, true);
        $userdata = $auth->getUserData();
        unset($auth);
        redirect($_POST['url']);
    } else {
        redirect(BASEDIR . "login.php?ulogin_error");
    }
}
if (isset($_POST['ex_user_save'])) {
    $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $_POST['user_name'] . "'");