public static function challenge_login($user, $pass) { $result = false; $query = database::select('id, password')->tables('user')->where('username', '=', ':username')->where('status', '=', 1, 'and')->param(':username', $user)->limit(1)->execute(); $query_result = $query->fetch(); if ($query_result && bcrypt::verify(user::config()->get('salt') . $query_result->uid . $pass, $query_result->pass)) { $result = (int) $query_result->id; } return $result; }
public function update_user(UserRequest $request, $username) { $user = User::whereUsername($username)->firstOrFail(); $newpassword = input::get('password'); $oldpassword = User::findOrFail(5)->password; if (bcrypt::check($newpassword, $oldpassword)) { $tes = User::findOrFail(5); $tes->password = bcrypt::make(input::get('newpassword')); $tes->save(); } else { var_dump('gagal'); } $input = $request->all(); return redirect()->route('admin::user'); }
/** * Insere novos usuarios * @return boolean, json */ public function inserir(usuariosModel $usuarios) { $senha = bcrypt::hash($usuarios->getSenha()); $data = array('id_funcionario' => $usuarios->getFuncionario()->getId(), 'id_nivel_acesso' => $usuarios->getNivelAcesso(), 'email_usuario' => $usuarios->getEmail(), 'login_usuario' => $usuarios->getLogin(), 'senha_usuario' => $senha, 'status_usuario' => $usuarios->getStatus(), 'data_criacao_usuario' => $usuarios->getDataCadastro()); $this->db->clear(); $this->db->setTabela('sys_usuarios'); try { if ($this->db->insert($data)) { return true; } else { return $this->db->getError(); } } catch (dbException $e) { echo $e->getMessageError(); //echo $this->db->getCode(); } }
$user = $_SESSION['user']; $old_password_entered = $_POST['old_password']; $new_password_entered = $_POST['new_password']; $new_password_confirm = $_POST['new_password_confirm']; if ($old_password_entered == '' || $new_password_entered == '' || $new_password_confirm == '') { // Blank entries submitted header('Location: index.php'); } else { if ($new_password_entered == $new_password_confirm) { if (check_strong_password($new_password_entered)) { require_once $_SERVER['DOCUMENT_ROOT'] . '/config/db.php'; $stmt = $GLOBALS['dbh']->prepare("SELECT password_hashed FROM `opsec_users` WHERE user = :user"); $stmt->execute(array(':user' => $user)); $row = $stmt->fetch(); $hashed_password_from_table = $row['password_hashed']; $bcrypt = new bcrypt(12); $password_correct = $bcrypt->verify($old_password_entered, $hashed_password_from_table); if ($password_correct) { $hashed_pw = $bcrypt->genHash($new_password_entered); $passwd_stmt = $GLOBALS['dbh']->prepare("UPDATE `opsec_users` SET `password_hashed` = :password_hashed WHERE `user` = :user"); $passwd_stmt->execute(array(':password_hashed' => $hashed_pw, ':user' => $user)); echo "Password updated successfully."; } else { die("Old password not correct!"); } } else { die; } } else { die("New passwords do not match!"); }
$user_entered = strtolower($_POST['user']); $password_entered = $_POST['password']; if ($user_entered == '' || $password_entered == '' || $token_entered == '') { // Blank entries submitted header('Location: index.php'); } else { if (check_strong_password($password_entered)) { require_once $_SERVER['DOCUMENT_ROOT'] . '/config/db.php'; $token_stmt = $GLOBALS['dbh']->prepare("SELECT token, issued FROM `opsec_registration_tokens` WHERE token = :token"); $token_stmt->execute(array(':token' => $token_entered)); $row = $token_stmt->fetch(); $token_from_table = $row['token']; $issued_epoch = strtotime($row['issued']); $twelve_hours_ago_epoch = strtotime('-12 hours'); if ($token_from_table != '' && $issued_epoch > $twelve_hours_ago_epoch) { $bcrypt = new bcrypt(12); $hashed_pw = $bcrypt->genHash($password_entered); try { $stmt = $GLOBALS['dbh']->prepare("INSERT INTO `opsec_users`(user, password_hashed) VALUES (:user, :password_hashed)"); $stmt->execute(array(':user' => $user_entered, ':password_hashed' => $hashed_pw)); } catch (Exception $e) { die("Error inserting into db"); } } $delete_token_stmt = $GLOBALS['dbh']->prepare("DELETE FROM `opsec_registration_tokens` WHERE token = :token"); $delete_token_stmt->execute(array(':token' => $token_entered)); header('Location: index.php'); } else { die; } }
} if (isset($_SESSION['user'])) { Header('Location: main.php'); } else { require './libs/bcrypt.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/config/db.php'; $user_entered = $_POST['user']; $password_entered = $_POST['password']; if ($user_entered == '' || $password_entered == '') { header('Location: index.php'); } else { $stmt = $GLOBALS['dbh']->prepare("SELECT user, password_hashed FROM `opsec_users` WHERE user = :user"); $stmt->execute(array(':user' => $user_entered)); $row = $stmt->fetch(); $hashed_password_from_table = $row['password_hashed']; $user_from_table = $row['user']; $bcrypt = new bcrypt(12); $password_correct = $bcrypt->verify($password_entered, $hashed_password_from_table); if ($user_entered == $user_from_table && $password_correct) { $login_history_stmt = $GLOBALS['dbh']->prepare("INSERT INTO `opsec_user_login_history` (`user`) VALUES (:user)"); $login_history_stmt->execute(array(':user' => $user_entered)); $_SESSION['user'] = $user_from_table; header('Location: main.php'); } else { header('Location: index.php'); } } } ?>
$ret = $this->enc_sym($key,$str); return base64_encode($cry).':'.base64_encode($ret); } function dec_pub($dat) { list($cry,$str) = array_map('base64_decode',explode(':',$dat)); $res = openssl_get_publickey($this->pub); openssl_public_decrypt($cry,$key,$res); $ret = $this->dec_sym($key,$str); return trim($ret); } } header('Content-Type: text/plain'); $source = file_get_contents(__FILE__); echo strlen($source)."\n"; echo "Source: $source\n"; $cry = new bcrypt(); $cry->setPrivateFile("pkey/pri_key",'aaaa'); $cry->setPublicFile("pkey/pub_key"); $str = $cry->enc_pri($source); echo $str."\n"; echo $cry->dec_pub($str); return;
<?php // Copyright (c) 2011 Antoni Sobkowicz for PHP version // // Permission to use, copy, modify, and distribute this software for any // purpose with or without fee is hereby granted, provided that the above // copyright notice and this permission notice appear in all copies. // // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR // ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ini_set('max_execution_time', 300); include "bcrypt.php"; $bcryptclass = new bcrypt(); echo $bcryptclass->hashpw("pemppassword", '$2a$06$thisissomerandomsaltxz');