private function onRegister()
{
$form = $this->getForm();
$errorsA = $errorsB = '';
if (false !== ($errorsA = $form->validate($this->module)) || false !== ($errorsB = $this->onRegisterB())) {
return $errorsA . $errorsB . $this->templateForm();
}
$username = Common::getPost('username');
$password = Common::getPost('password');
$email = Common::getPost('email');
$birthdate = sprintf('%04d%02d%02d', Common::getPost('birthdatey'), Common::getPost('birthdatem'), Common::getPost('birthdated'));
$default_country = $this->module->cfgDetectCountry() ? GWF_IP2Country::detectCountryID() : 0;
$countryid = $form->getVar('countryid', $default_country);
require_once GWF_CORE_PATH . 'module/Register/GWF_UserActivation.php';
$token = GWF_UserActivation::generateToken();
$ua = new GWF_UserActivation(array('username' => $username, 'email' => $email, 'token' => $token, 'birthdate' => $birthdate, 'countryid' => $countryid, 'password' => GWF_Password::hashPasswordS($password), 'timestamp' => time(), 'ip' => GWF_IP6::getIP(GWF_IP_EXACT)));
if (false === $ua->insert()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateForm();
}
if ($this->module->wantEmailActivation()) {
return $this->sendEmail($username, $email, $token, $password);
} else {
GWF_Website::redirect(GWF_WEB_ROOT . 'quick_activate/' . $token);
}
return $this->module->message('msg_registered');
}
private static function insert_bot($botname)
{
$user = new GWF_User(array('user_id' => 0, 'user_options' => GWF_User::BOT | GWF_User::WEBSPIDER, 'user_name' => $botname, 'user_password' => GWF_Password::hashPasswordS('webspider'), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT, '127.0.0.1'), 'user_email' => '', 'user_gender' => 'no_gender', 'user_lastlogin' => 0, 'user_lastactivity' => 0, 'user_birthdate' => '00000000', 'user_avatar_v' => 0, 'user_countryid' => 0, 'user_langid' => 0, 'user_langid2' => 0, 'user_level' => 0, 'user_title' => '', 'user_settings' => NULL, 'user_data' => NULL, 'user_credits' => 0.0));
if (false === $user->insert()) {
return false;
}
echo "Inserted new Bot: {$botname}<br/>";
return $user;
}
private function onCrossRegister($username)
{
$options = 0;
$password = GWF_Random::randomKey();
$user = new GWF_User(array('user_id' => 0, 'user_options' => $options, 'user_name' => $username, 'user_password' => GWF_Password::hashPasswordS($password), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT), 'user_email' => '', 'user_gender' => 'no_gender', 'user_lastlogin' => time(), 'user_lastactivity' => time(), 'user_birthdate' => '00000000', 'user_avatar_v' => 0, 'user_countryid' => 0, 'user_langid' => 1, 'user_langid2' => 0, 'user_level' => 0, 'user_title' => '', 'user_settings' => '', 'user_data' => '', 'user_credits' => '0.00'));
if (false === $user->insert()) {
return false;
}
return true;
}
public static function convert(GWF_User $user, $password)
{
if (false === ($row = self::table(__CLASS__)->getRow($user->getID()))) {
return true;
}
$oldHash = self::oldHash($password);
if ($oldHash !== $row->getVar('pmap_password')) {
return GWF_Module::getModule('WeChall')->error('err_password');
}
$row->delete();
$user->saveVar('user_password', GWF_Password::hashPasswordS($password));
return true;
}
public function onSetup()
{
$form = $this->getFormSetup();
if (false !== ($error = $form->validate($this->module))) {
return $error . $this->templatePrompt();
}
$plain = $newpass = $form->getVar('new_pass');
if ($newpass !== '') {
$newpass = GWF_Password::hashPasswordS($newpass);
}
$this->module->cfgSaveSuperhash($newpass);
$key = $newpass === '' ? 'msg_pass_cleared' : 'msg_pass_set';
return $this->module->message($key, array($plain));
}
private function onChangePass(GWF_AccountChange $ac)
{
$form = $this->getForm();
if (false !== ($errors = $form->validate($this->module))) {
return $errors . $this->templateChange($ac);
}
$user = $ac->getUser();
$password = $form->getVar('password');
GWF_Hook::call(GWF_Hook::CHANGE_PASSWD, $user, array($password, ''));
$ac->delete();
if (false === $user->saveVar('user_password', GWF_Password::hashPasswordS($password))) {
return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__));
}
return $this->module->message('msg_pass_changed');
}
private function displayLogin()
{
if (GWF_Session::isLoggedIn()) {
return '';
}
$formhash = '_username_password_bind_ip';
$formhash = GWF_Password::getToken($formhash);
$username = $this->module->lang('th_user_name');
$password = $this->module->lang('th_password');
$bind_ip = $this->module->lang('th_bind_ip');
$register = $this->module->lang('menu_register');
$forgot = $this->module->lang('btn_forgot_pw');
$login = $this->module->lang('btn_login');
$box = '<form action="' . GWF_WEB_ROOT . 'login" method="post" id="wc_toplogin">' . PHP_EOL . '<div><img src="' . GWF_WEB_ROOT . 'tpl/wc4/img/icon_user.gif" title="' . $username . '" alt="' . $username . ':" /> <input type="text" name="username" value="" /></div>' . PHP_EOL . '<div><img src="' . GWF_WEB_ROOT . 'tpl/wc4/img/icon_pass.gif" title="' . $password . '" alt="' . $password . ':" /> <input type="password" name="password" value="" /></div>' . PHP_EOL . '<div class="le">' . $bind_ip . ' <input type="checkbox" name="bind_ip" checked="checked" /></div>' . PHP_EOL . '<div class="le"><input type="submit" name="login" value="' . $login . '" /></div>' . PHP_EOL . '<div><a href="' . GWF_WEB_ROOT . 'register">' . $register . '</a> <a href="' . GWF_WEB_ROOT . 'recovery">' . $forgot . '</a></div>' . PHP_EOL . '</form>' . PHP_EOL;
// '</div>'.PHP_EOL;
return $this->sidebox($this->module->lang('ft_signup') . $this->getHideButton(), $box);
}
public function onLogin($doValidate = true)
{
require_once GWF_CORE_PATH . 'module/Login/GWF_LoginFailure.php';
$isAjax = isset($_GET['ajax']);
$form = $this->getForm();
if ($doValidate) {
if (false !== ($errors = $form->validate($this->module, $isAjax))) {
if ($isAjax) {
return $errors;
} else {
return $errors . $this->form();
}
}
}
$username = Common::getPostString('username');
$password = Common::getPostString('password');
$users = GDO::table('GWF_User');
if (false === ($user = $users->selectFirstObject('*', sprintf('user_name=\'%s\' AND user_options&%d=0', $users->escape($username), GWF_User::DELETED)))) {
if ($isAjax) {
return $this->module->error('err_login');
} else {
return $this->module->error('err_login') . $this->form();
}
} elseif (true !== ($error = $this->checkBruteforce($user, $isAjax))) {
if ($isAjax) {
return $error;
} else {
return $error . $this->form();
}
} elseif (false === GWF_Hook::call(GWF_HOOK::LOGIN_PRE, $user, array($password, ''))) {
return '';
#GWF_HTML::err('ERR_GENERAL', array( __FILE__, __LINE__));
} elseif (false === GWF_Password::checkPasswordS($password, $user->getVar('user_password'))) {
if ($isAjax) {
return $this->onLoginFailed($user, $isAjax);
} else {
return $this->onLoginFailed($user, $isAjax) . $this->form();
}
}
GWF_Password::clearMemory('password');
return $this->onLoggedIn($user, $isAjax);
}
private static function fixWeChallUser(Module_WeChall $module)
{
if (false === ($user = GWF_User::getByName('WeChall'))) {
$user = new GWF_User(array('user_name' => 'WeChall', 'user_email' => '*****@*****.**', 'user_password' => GWF_Password::hashPasswordS('wechallbot'), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT, '127.0.0.1'), 'user_lastactivity' => time(), 'user_options' => GWF_User::BOT));
if (false === $user->insert()) {
echo GWF_HTML::error('WeChall Install', 'Can not find user WeChall');
$uid = 0;
} else {
$uid = $user->getID();
}
} else {
$uid = $user->getID();
}
if (false === $module->saveModuleVar('wc_uid', $uid)) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return '';
}
require 'key2.key';
$key2 = ob_get_contents();
ob_end_clean();
chdir("../../../");
require_once "challenge/html_head.php";
$title = '2013 New Years Special';
html_head("Install: {$title}");
if (!GWF_User::isAdminS()) {
return htmlSendToLogin("Better be admin !");
}
$solution = false;
$score = 4;
$url = "challenge/quangntenemy/2013NYS/index.php";
$creators = "quangntenemy";
$tags = 'Special,Crypto';
WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true, WC_Challenge::CHALL_CASE_I);
if (!($user = GWF_User::getByName('Rudolph2013'))) {
$user = new GWF_User(array('user_id' => '0', 'user_options' => GWF_User::BOT | GWF_User::MAIL_APPROVED | GWF_User::EMAIL_GPG, 'user_name' => 'Rudolph2013', 'user_password' => GWF_Password::hashPasswordS('quangster'), 'user_regdate' => GWF_Time::getDate(), 'user_email' => '*****@*****.**'));
$user->insert();
} else {
$user->saveOption(GWF_User::EMAIL_GPG, true);
}
GWF_PublicKey::updateKey($user->getID(), $key1);
if (!($user = GWF_User::getByName('Silvester2013'))) {
$user = new GWF_User(array('user_id' => '0', 'user_options' => GWF_User::BOT | GWF_User::MAIL_APPROVED | GWF_User::EMAIL_GPG, 'user_name' => 'Silvester2013', 'user_password' => GWF_Password::hashPasswordS('quangster'), 'user_regdate' => GWF_Time::getDate(), 'user_email' => '*****@*****.**'));
$user->insert();
} else {
$user->saveOption(GWF_User::EMAIL_GPG, true);
}
GWF_PublicKey::updateKey($user->getID(), $key2);
require_once "challenge/html_foot.php";
public static function displayHeaderLoginBROKEN(Module_WeChall $module)
{
if (GWF_User::isLoggedIn() || !GWF_Session::haveCookies()) {
return '';
}
if (false === ($mod_login = GWF_Module::loadModuleDB('Login', false, true))) {
return '';
}
$formhash = GWF_Password::getToken('_username_password_bind_ip_login');
return '<form action="' . GWF_WEB_ROOT . 'login" method="post" id="wc_toplogin">' . '<div>' . GWF_CSRF::hiddenForm($formhash) . '</div>' . '<div>' . $mod_login->lang('th_username') . ' <input type="text" name="username" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_password') . ' <input type="password" name="password" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_bind_ip') . ' <input type="checkbox" name="bind_ip" checked="checked" />' . '<input type="submit" name="login" value="' . $mod_login->lang('btn_login') . '" />' . '</div>' . '</form>';
}
private function onEditPassword($newpass)
{
$user = $this->user;
if ($newpass === '') {
return array();
}
unset($_POST['password']);
if (false === $user->saveVar('user_password', GWF_Password::hashPasswordS($newpass))) {
GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__), true, true);
return array();
}
GWF_Hook::call(GWF_Hook::CHANGE_PASSWD, $user, array($newpass, ''));
return array($this->module->lang('msg_userpass_changed', array($user->displayUsername(), GWF_HTML::display($newpass))));
}
public function validate_check_pass(Module_Admin $module, $arg)
{
return GWF_Password::checkPasswordS($arg, $this->module->cfgSuperHash()) ? false : $this->module->lang('err_check_pass');
}
####conf retryout,u,l,i,7
$lang = array('en' => array('help' => 'Usage: %CMD% <password>. Logs you in. ', 'already' => 'You are already logged in, maybe by NickServ?', 'not_reg' => 'You are not registered. Try %T%register <password> in private first.', 'paswrng' => 'Your password is wrong. This incident is beeing reported.', 'wait' => 'Please wait %s and try again.', 'logedin' => 'Welcome back! You are now logged in.', 'conf_retryout' => 'Specifies the timeout between two consecutive login attempts.'), 'de' => array('help' => 'Nutze: %CMD% <passwort>. Authentifiziert Dich mit %BOT%.', 'already' => 'Du bist bereits eingeloggt, eventuell durch NickServ?', 'not_reg' => 'Du hast Dich noch nicht registriert. Nutze %T%register <passwort> im query mit %BOT%.', 'paswrng' => 'Falsches Passwort. Davon wird der Weihnachtsmann erfahren!', 'wait' => 'Bitte warte %s und versuche es noch einmal.', 'logedin' => 'Willkommen zurück! Du bist nun authentifiziert.', 'conf_retryout' => 'Die Zeit zwischen zwei Login versuchen.'));
$plugin = Dog::getPlugin();
$user = Dog::getUser();
$argv = $plugin->argv();
$wait = $plugin->getConf('retryout');
$uid = $user->getID();
$t = microtime(true);
# Attmepts
global $DOG_RLOGIN_ATTEMPTS;
if (!isset($DOG_RLOGIN_ATTEMPTS)) {
$DOG_RLOGIN_ATTEMPTS = array();
}
# TODO: Cleanup attempts.
if (count($argv) !== 1) {
$plugin->showHelp();
} elseif ($user->isLoggedIn()) {
$plugin->rply('already');
} elseif (!$user->isRegistered()) {
$plugin->rply('not_reg');
} elseif (isset($DOG_RLOGIN_ATTEMPTS[$uid]) && $DOG_RLOGIN_ATTEMPTS[$uid] > $t - $wait) {
$duration = round($wait - ($t - $DOG_RLOGIN_ATTEMPTS[$uid]) + 0.5);
$plugin->rply('wait', array(GWF_Time::humanDuration($duration)));
} elseif (!GWF_Password::checkPasswordS($argv[0], $user->getPass())) {
$DOG_RLOGIN_ATTEMPTS[$uid] = $t;
$plugin->rply('paswrng');
} else {
$user->setLoggedIn();
$plugin->rply('logedin');
}
public function getToken()
{
return GWF_Password::getToken($this->getVar('post_date') . $this->getVar('post_title'));
}
public static function createAdmin($username, $password, $email, &$output)
{
if (false === ($user = GWF_User::getByName($username))) {
$user = new GWF_User(array('user_name' => $username, 'user_email' => $email, 'user_password' => GWF_Password::hashPasswordS($password), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT), 'user_lastactivity' => time()));
if (false === $user->insert()) {
return false;
}
}
$userid = $user->getID();
if (false === GWF_UserGroup::addToGroup($userid, GWF_Group::getByName(GWF_Group::ADMIN)->getID())) {
return false;
}
if (false === GWF_UserGroup::addToGroup($userid, GWF_Group::getByName(GWF_Group::STAFF)->getID())) {
return false;
}
$output .= GWF_HTML::message('Install Wizard', sprintf('Added new admin user: %s - Password: [censored]', $username));
return true;
}
public function getToken()
{
return GWF_Password::getToken($this->getVar('thread_title') . $this->getVar('thread_lastdate'));
}
$user = Dog::getUser();
$plugin = Dog::getPlugin();
$argv = $plugin->argv();
$argc = count($argv);
$plen = $plugin->getConf('passlen');
if ($argc === 0) {
$plugin->showHelp();
} elseif ($argc === 1) {
if ($user->isRegistered()) {
return $plugin->rply('already');
} elseif (strlen($argv[0]) < $plen) {
$plugin->rply('pasweak', array($plen));
} else {
$user->saveVar('user_pass', GWF_Password::hashPasswordS($plugin->argv(0)));
// Dog_ModuleGWF::executeHook('register', $user);
$user->setLoggedIn();
return $plugin->rply('success');
}
} elseif ($argc === 2) {
if (!GWF_Password::checkPasswordS($argv[0], $user->getPass())) {
return $plugin->rply('failed');
} elseif (strlen($argv[1]) < $plen) {
$plugin->rply('pasweak', array($plen));
} else {
$user->saveVar('user_pass', GWF_Password::hashPasswordS($argv[1]));
$user->setLoggedIn();
return $plugin->rply('changed');
}
} else {
$plugin->showHelp();
}
private function onLogin(IWebSocketConnection $user, $message)
{
$data = explode(' ', $message);
if (count($data) !== 3) {
return false;
}
$ename = GDO::escape($data[1]);
$table = GDO::table('Dog_User');
if (false === ($dog_user = $table->selectFirstObject('*', "user_name='{$ename}'"))) {
$this->sendToUser($user->getId(), 'XLIN2,Unknown username!');
return false;
}
if (false === GWF_Password::checkPasswordS($data[2], $dog_user->getVar('user_pass'))) {
$this->sendToUser($user->getId(), 'XLIN3,Wrong password!');
return false;
}
$this->sendToUser($user->getId(), 'XLIN1');
$this->users[$user->getId()] = $dog_user;
$this->addToQueue($user, $dog_user, 'PRIVMSG Dog :.login ' . $data[2]);
return true;
}
public static function hash($string)
{
return substr(GWF_Password::md5($string), 0, 16) . substr(GWF_Password::hashSHA1($string), 0, 16) . substr(GWF_Password::hashCRC32($string), 0, 8);
}
public function getLinkToken($userid, $onsitename)
{
return GWF_Password::md5(GWF_SECRET_SALT . $this->getAuthKey() . $userid . $this->getID() . $onsitename . GWF_SECRET_SALT);
}
