Ejemplo n.º 1
0
/**
 * Change User Password
 *
 * Change the pass of the user.
 * The user is automatically logged out after the pass change.
 *
 * @param mixed[] $details User Details
 *
 * @return null
 */
function change_user_pass_local($details)
{
    global $db;
    if ($details['newpass'] != $details['newpass2']) {
        error(ERR_USER_MATCH_NEW_PASS);
        return false;
    }
    $query = "SELECT id, password FROM users WHERE username = "******"userlogin"], 'text');
    $response = $db->query($query);
    if (PEAR::isError($response)) {
        error($response->getMessage());
        return false;
    }
    $rinfo = $response->fetchRow();
    if (Poweradmin\Password::verify($details['currentpass'], $rinfo['password'])) {
        $query = "UPDATE users SET password = "******" WHERE id = " . $db->quote($rinfo['id'], 'integer');
        $response = $db->query($query);
        if (PEAR::isError($response)) {
            error($response->getMessage());
            return false;
        }
        logout(_('Password has been changed, please login.'), 'success');
    } else {
        error(ERR_USER_WRONG_CURRENT_PASS);
        return false;
    }
}
Ejemplo n.º 2
0
function SQLAuthenticate()
{
    global $db;
    global $password_encryption;
    global $session_key;
    if (isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) {
        //Username and password are set, lets try to authenticate.
        $session_pass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($session_key), base64_decode($_SESSION["userpwd"]), MCRYPT_MODE_CBC, md5(md5($session_key))), "");
        $rowObj = $db->queryRow("SELECT id, fullname, password FROM users WHERE username="******"userlogin"], 'text') . " AND active=1");
        if ($rowObj) {
            if (Poweradmin\Password::verify($session_pass, $rowObj['password'])) {
                $_SESSION["userid"] = $rowObj["id"];
                $_SESSION["name"] = $rowObj["fullname"];
                $_SESSION["auth_used"] = "internal";
                if (isset($_POST["authenticate"])) {
                    log_notice(sprintf('Successful authentication attempt from [%s] for user \'%s\'', $_SERVER['REMOTE_ADDR'], $_SESSION["userlogin"]));
                    //If a user has just authenticated, redirect him to requested page
                    session_write_close();
                    $redirect_url = $_POST["query_string"] ? $_SERVER['SCRIPT_NAME'] . "?" . $_POST["query_string"] : $_SERVER['SCRIPT_NAME'];
                    clean_page($redirect_url);
                    exit;
                }
            } else {
                if (isset($_POST['authenticate'])) {
                    //				auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error");
                    auth(_('Authentication failed!'), "error");
                } else {
                    auth();
                }
            }
        } else {
            if (isset($_POST['authenticate'])) {
                log_warn(sprintf('Failed authentication attempt from [%s]', $_SERVER['REMOTE_ADDR']));
                //Authentication failed, retry.
                //			auth( _('Authentication failed! - <a href="reset_password.php">(forgot password)</a>'),"error");
                auth(_('Authentication failed!'), "error");
            } else {
                unset($_SESSION["userpwd"]);
                unset($_SESSION["userlogin"]);
                auth();
            }
        }
    } else {
        //No username and password set, show auth form (again).
        auth();
    }
}