public function _home() {
global $config, $user, $cache;
if (!_button()) {
return false;
}
$username = request_var('username', '');
$password = request_var('password', '');
$username = get_username_base($username);
$sql = 'SELECT user_id, username
FROM _members
WHERE username_base = ?';
if (!$userdata = sql_fieldrow(sql_filter($sql, $username))) {
fatal_error();
}
$sql = 'UPDATE _members SET user_password = ?
WHERE user_id = ?';
sql_query(sql_filter($sql, HashPassword($password), $userdata['user_id']));
return _pre('La contraseña de ' . $userdata['username'] . ' fue actualizada.', true);
}
function login($username, $mdp)
{
session_start();
$link = connectDB();
// Requête qui va chercher dans la BDD la ligne qui correspond
// à la combinaison utilisateur/mot de passe
$query = 'SELECT id_Utilisateur
FROM Utilisateur
WHERE nom_Utilisateur = "' . mysqli_real_escape_string($link, $username) . '" AND
MDP_Utilisateur = "' . mysqli_real_escape_string($link, HashPassword($mdp)) . '"';
$row = queryDB($query);
// Si une seule combinaison utilisateur/mdp ressort de la requête,
// on le connecte
if (count($row) == 1) {
// Requête pour inserer l'id de l'utilisateur dans la table de connexion
$query = "INSERT INTO Connexion(User_Connexion)\n VALUES (" . $row['id_Utilisateur'] . ")";
queryDB($query);
// On met en variables de session
// Que l'utilisateur est connecté
$_SESSION['isloged'] = true;
// Son pseudo
$_SESSION['user'] = $username;
// Son id
$_SESSION['id_user'] = $row['id_Utilisateur'];
return true;
} else {
// Login Not Ok
$_SESSION['isloged'] = false;
return false;
}
}
function VerifySession($database)
{
$email = $_COOKIE['email'];
$query = "SELECT id,pw_salt FROM users WHERE email='{$email}'";
$result = MySqlDatabaseQuery($database, $query);
$id = $result[0]['id'];
$salt = $result[0]['pw_salt'];
$query = "SELECT session_key FROM sessions WHERE id='{$id}'";
$result = MySqlDatabaseQuery($database, $query);
// if hashed session key is equal to stored database value, session is authentic
if ($result[0]['session_key'] === HashPassword($_SESSION['session_key'], $salt)) {
return TRUE;
} else {
return FALSE;
}
}
function EditUserPassword($username, $newPassword1, $newPassword2)
{
global $users, $dbConn;
//Authorize user (is admin)
if (IsAdmin() === false) {
die("Only admins can edit entries.");
}
$newPassword1 = trim($newPassword1);
$newPassword2 = trim($newPassword2);
if ($newPassword1 != $newPassword2) {
die("passwords don't match");
}
$password = $newPassword1;
//Check password length
if (strlen($password) < 8) {
die("password must be longer than 8 characters");
}
//Check that the user exists
if (!isset($users[$username])) {
die("User does not exist");
return;
}
//Generate new salt, number of iterations and hashed password.
$newUserSalt = GenerateSalt();
$newUserPasswordIterations = intval(rand(10000, 20000));
$newPasswordHash = HashPassword($password, $newUserSalt, $newUserPasswordIterations);
$users[$loggedInUser["username"]]["salt"] = $newUserSalt;
$users[$loggedInUser["username"]]["password_hash"] = $newPasswordHash;
$users[$loggedInUser["username"]]["password_iterations"] = $newUserPasswordIterations;
$newUserSaltClean = mysqli_real_escape_string($dbConn, $newUserSalt);
$newPasswordHashClean = mysqli_real_escape_string($dbConn, $newPasswordHash);
$newUserPasswordIterationsClean = mysqli_real_escape_string($dbConn, $newUserPasswordIterations);
$usernameClean = mysqli_real_escape_string($dbConn, $username);
$sql = "\t\n\t\tUPDATE user\n\t\tSET\n\t\tuser_password_salt = '{$newUserSaltClean}',\n\t\tuser_password_iterations = '{$newUserPasswordIterationsClean}',\n\t\tuser_password_hash = '{$newPasswordHashClean}'\n\t\tWHERE user_username = '******';\n\t";
$data = mysqli_query($dbConn, $sql);
$sql = "";
LoadUsers();
$loggedInUser = IsLoggedIn(TRUE);
}
<?php
session_start();
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Star Movies</title>
</head>
<body>
<?php
//initialize Amdmin User
set_include_path(get_include_path() . PATH_SEPARATOR . $_SERVER["DOCUMENT_ROOT"] . "/../" . "/libary");
require_once "hash.php";
require_once "getSqlConnection.php";
$x = $sqlcon->prepare("INSERT INTO `t_User` (`Benutzername`, `Passwort`, `Vorname`, `Nachname`, `MailAdresse`, `Strasse`, `StadtID`, `TypID` ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$myval1 = 'Admin';
$myval2 = HashPassword('UseTheForce2016!');
$myval3 = 'Max';
$myval4 = 'Muster';
$myval5 = '*****@*****.**';
$myval6 = 'Testweg 1';
$myval7 = 1;
$myval8 = 1;
$x->bind_param("ssssssii", $myval1, $myval2, $myval3, $myval4, $myval5, $myval6, $myval7, $myval8);
$x->execute();
$sqlcon->close();
?>
</body>
</html>
function IsLoggedIn()
{
global $loginChecked, $loggedInUser, $config;
if ($loginChecked) {
return $loggedInUser;
}
if (!isset($_COOKIE["sessionID"])) {
//No session cookie, therefore not logged in
$loggedInUser = false;
$loginChecked = true;
return false;
}
if (!file_exists("data/sessions.json")) {
//No session was ever created on the site
$loggedInUser = false;
$loginChecked = true;
return false;
}
$sessions = json_decode(file_get_contents("data/sessions.json"), true);
$sessionID = "" . $_COOKIE["sessionID"];
$pepper = isset($config["PEPPER"]) ? $config["PEPPER"] : "BetterThanNothing";
$sessionIDHash = HashPassword($sessionID, $pepper, $config["SESSION_PASSWORD_ITERATIONS"]);
if (!isset($sessions[$sessionIDHash])) {
//Session ID does not exist
$loggedInUser = false;
$loginChecked = true;
return false;
} else {
//Session ID does in fact exist
$loggedInUser = $sessions[$sessionIDHash]["username"];
$loginChecked = true;
return $sessions[$sessionIDHash]["username"];
}
}
function myldap_add($data)
{
// prepare data
$info = array();
$info["objectclass"][0] = "organizationalPerson";
$info["objectclass"][1] = "person";
$info["objectclass"][2] = "inetOrgPerson";
$info["objectclass"][3] = "top";
$info["cn"] = $data["cn"];
$info["sn"] = $data["sn"];
$info["telephoneNumber"] = $data["telephonenumber"];
$info["postalCode"] = $data["postalcode"];
$info['userPassword'] = HashPassword($data["userpassword"]);
// add data to directory
$r = ldap_add(F3::get('LDAP.conn'), "cn=" . $info["cn"] . "," . F3::get('LDAP.ou'), $info);
return $r;
}
function myldap_add($ds, $dn, $data)
{
// prepare data
$info = array();
$info["objectclass"][0] = "organizationalPerson";
$info["objectclass"][1] = "person";
$info["objectclass"][2] = "inetOrgPerson";
$info["objectclass"][3] = "top";
$info["cn"] = $data["cn"];
$info["sn"] = $data["sn"];
$info["telephoneNumber"] = $data["telephoneNumber"];
$info["postalCode"] = $data["postalCode"];
$info['userPassword'] = HashPassword($data["userPassword"]);
// add data to directory
$r = ldap_add($ds, "cn=" . $info["cn"] . ",ou=moodleusers," . $dn, $info);
return $r;
}
function do_login($box_text = '', $need_admin = false, $extra_vars = false) {
global $config, $user;
$error = w();
$action = request_var('mode', '');
if (empty($user->data)) {
$user->init(false);
}
if (empty($user->lang)) {
$user->setup();
}
if ($user->is('bot')) {
redirect(s_link());
}
$code_invite = request_var('invite', '');
$admin = _button('admin');
$login = _button('login');
$submit = _button();
$need_auth = false;
if ($admin) {
$need_auth = true;
}
$v_fields = array(
'username' => '',
'email' => '',
'email_confirm' => '',
'key' => '',
'key_confirm' => '',
'gender' => 0,
'birthday_month' => 0,
'birthday_day' => 0,
'birthday_year' => 0,
'tos' => 0,
'ref' => 0
);
if (!empty($code_invite)) {
$sql = 'SELECT i.invite_email, m.user_email
FROM _members_ref_invite i, _members m
WHERE i.invite_code = ?
AND i.invite_uid = m.user_id';
if (!$invite_row = sql_fieldrow(sql_filter($sql, $code_invite))) {
fatal_error();
}
$v_fields['ref'] = $invite_row['user_email'];
$v_fields['email'] = $invite_row['invite_email'];
unset($invite_row);
}
switch ($action) {
case 'in':
if ($user->is('member') && !$admin) {
redirect(s_link());
}
if ($login && (!$user->is('member') || $admin)) {
$username = request_var('username', '');
$password = request_var('password', '');
$ref = request_var('ref', '');
if (!empty($username) && !empty($password)) {
$username_base = get_username_base($username);
$sql = 'SELECT user_id, username, user_password, user_type, user_country, user_avatar, user_location, user_gender, user_birthday
FROM _members
WHERE username_base = ?';
if ($row = sql_fieldrow(sql_filter($sql, $username_base))) {
$exclude_type = array(USER_INACTIVE);
if (ValidatePassword($password, $row['user_password']) && (!in_array($row['user_type'], $exclude_type))) {
$user->session_create($row['user_id'], $admin);
if (!$row['user_country'] || !$row['user_location'] || !$row['user_gender'] || !$row['user_birthday'] || !$row['user_avatar']) {
$ref = s_link('my', 'profile');
} else {
$ref = (empty($ref) || (preg_match('#' . preg_quote($config['server_name']) . '/$#', $ref))) ? s_link('today') : $ref;
}
redirect($ref);
}
}
}
}
break;
case 'out':
if ($user->is('member')) {
$user->session_kill();
}
redirect(s_link());
break;
case 'up':
if ($user->is('member')) {
redirect(s_link('my profile'));
} else if ($user->is('bot')) {
redirect(s_link());
}
$code = request_var('code', '');
if (!empty($code)) {
if (!preg_match('#([a-z0-9]+)#is', $code)) {
fatal_error();
}
$sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email
FROM _crypt_confirm c, _members m
WHERE c.crypt_code = ?
AND c.crypt_userid = m.user_id';
if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) {
fatal_error();
}
$user_id = $crypt_data['user_id'];
$sql = 'UPDATE _members SET user_type = ?
WHERE user_id = ?';
sql_query(sql_filter($sql, USER_NORMAL, $user_id));
$sql = 'DELETE FROM _crypt_confirm
WHERE crypt_code = ?
AND crypt_userid = ?';
sql_query(sql_filter($sql, $code, $user_id));
$emailer = new emailer();
$emailer->from('info');
$emailer->use_template('user_welcome_confirm');
$emailer->email_address($crypt_data['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $crypt_data['username'])
);
$emailer->send();
$emailer->reset();
$user->session_create($user_id, 0);
//
if (empty($user->data)) {
$user->init();
}
if (empty($user->lang)) {
$user->setup();
}
$custom_vars = array(
'S_REDIRECT' => '',
'MESSAGE_TITLE' => lang('information'),
'MESSAGE_TEXT' => lang('membership_added_confirm')
);
page_layout('INFORMATION', 'message', $custom_vars);
}
//
/*$sql = 'SELECT *
FROM _members_ref_assoc
WHERE ref_uid = ?';
if ($ref_assoc = sql_fieldrow(sql_filter($sql, $user_id))) {
if ($user_id != $ref_assoc['ref_orig']) {
$user->points_add(3, $ref_assoc['ref_orig']);
$sql_insert = array(
'user_id' => $user_id,
'buddy_id' => $ref_assoc['ref_orig'],
'friend_time' => time()
);
sql_insert('members_friends', $sql_insert);
$sql_insert = array(
'user_id' => $ref_assoc['ref_orig'],
'buddy_id' => $user_id,
'friend_time' => time()
);
sql_insert('members_friends', $sql_insert);
$user->save_unread(UH_FRIEND, $user_id, 0, $ref_assoc['ref_orig']);
}
$sql = 'DELETE FROM _members_ref_assoc
WHERE ref_id = ?';
sql_query(sql_filter($sql, $ref_assoc['ref_id']));
}
//
$sql = 'SELECT *
FROM _members_ref_invite
WHERE invite_email = ?';
if ($row = sql_fieldrow(sql_filter($sql, $crypt_data['user_email']))) {
$sql = 'DELETE FROM _members_ref_invite
WHERE invite_code = ?';
sql_query(sql_filter($sql, $row['invite_code']));
}
//
$emailer = new emailer();
$emailer->from('info');
$emailer->use_template('user_welcome_confirm');
$emailer->email_address($crypt_data['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $crypt_data['username'])
);
$emailer->send();
$emailer->reset();
//
if (empty($user->data)) {
$user->init();
}
if (empty($user->lang)) {
$user->setup();
}
$custom_vars = array(
'S_REDIRECT' => '',
'MESSAGE_TITLE' => lang('information'),
'MESSAGE_TEXT' => lang('membership_added_confirm')
);
page_layout('INFORMATION', 'message', $custom_vars);
* */
if ($submit) {
foreach ($v_fields as $k => $v) {
$v_fields[$k] = request_var($k, $v);
}
if (empty($v_fields['username'])) {
$error['username'] = '******';
} else {
$len_username = strlen($v_fields['username']);
if (($len_username < 2) || ($len_username > 20) || !get_username_base($v_fields['username'], true)) {
$error['username'] = '******';
}
if (!sizeof($error)) {
$result = validate_username($v_fields['username']);
if ($result['error']) {
$error['username'] = $result['error_msg'];
}
}
if (!sizeof($error)) {
$v_fields['username_base'] = get_username_base($v_fields['username']);
$sql = 'SELECT user_id
FROM _members
WHERE username_base = ?';
if (sql_field(sql_filter($sql, $v_fields['username_base']), 'user_id', 0)) {
$error['username'] = '******';
}
}
if (!sizeof($error)) {
$sql = 'SELECT ub
FROM _artists
WHERE subdomain = ?';
if (sql_field(sql_filter($sql, $v_fields['username_base']), 'ub', 0)) {
$error['username'] = '******';
}
}
}
if (empty($v_fields['email']) || empty($v_fields['email_confirm'])) {
if (empty($v_fields['email'])) {
$error['email'] = 'EMPTY_EMAIL';
}
if (empty($v_fields['email_confirm'])) {
$error['email_confirm'] = 'EMPTY_EMAIL_CONFIRM';
}
} else {
if ($v_fields['email'] == $v_fields['email_confirm']) {
$result = validate_email($v_fields['email']);
if ($result['error']) {
$error['email'] = $result['error_msg'];
}
} else {
$error['email'] = 'EMAIL_MISMATCH';
$error['email_confirm'] = 'EMAIL_MISMATCH';
}
}
if (!empty($v_fields['key']) && !empty($v_fields['key_confirm'])) {
if ($v_fields['key'] != $v_fields['key_confirm']) {
$error['key'] = 'PASSWORD_MISMATCH';
} else if (strlen($v_fields['key']) > 32) {
$error['key'] = 'PASSWORD_LONG';
}
} else {
if (empty($v_fields['key'])) {
$error['key'] = 'EMPTY_PASSWORD';
} elseif (empty($v_fields['key_confirm'])) {
$error['key_confirm'] = 'EMPTY_PASSWORD_CONFIRM';
}
}
if (!$v_fields['birthday_month'] || !$v_fields['birthday_day'] || !$v_fields['birthday_year']) {
$error['birthday'] = 'EMPTY_BIRTH_MONTH';
}
if (!$v_fields['tos']) {
$error['tos'] = 'AGREETOS_ERROR';
}
if (!sizeof($error)) {
//$v_fields['country'] = strtolower(geoip_country_code_by_name($user->ip));
$v_fields['country'] = 90;
$v_fields['birthday'] = leading_zero($v_fields['birthday_year']) . leading_zero($v_fields['birthday_month']) . leading_zero($v_fields['birthday_day']);
$member_data = array(
'user_type' => USER_INACTIVE,
'user_active' => 1,
'username' => $v_fields['username'],
'username_base' => $v_fields['username_base'],
'user_password' => HashPassword($v_fields['key']),
'user_regip' => $user->ip,
'user_session_time' => 0,
'user_lastpage' => '',
'user_lastvisit' => time(),
'user_regdate' => time(),
'user_level' => 0,
'user_posts' => 0,
'userpage_posts' => 0,
'user_points' => 0,
'user_timezone' => $config['board_timezone'],
'user_dst' => $config['board_dst'],
'user_lang' => $config['default_lang'],
'user_dateformat' => $config['default_dateformat'],
'user_country' => (int) $v_fields['country'],
'user_rank' => 0,
'user_avatar' => '',
'user_avatar_type' => 0,
'user_email' => $v_fields['email'],
'user_lastlogon' => 0,
'user_totaltime' => 0,
'user_totallogon' => 0,
'user_totalpages' => 0,
'user_gender' => $v_fields['gender'],
'user_birthday' => (string) $v_fields['birthday'],
'user_mark_items' => 0,
'user_topic_order' => 0,
'user_email_dc' => 1,
'user_refop' => 0,
'user_refby' => $v_fields['ref']
);
$user_id = sql_insert('members', $member_data);
set_config('max_users', $config['max_users'] + 1);
// Confirmation code
$verification_code = md5(unique_id());
$insert = array(
'crypt_userid' => $user_id,
'crypt_code' => $verification_code,
'crypt_time' => $user->time
);
sql_insert('crypt_confirm', $insert);
// Emailer
$emailer = new emailer();
if (!empty($v_fields['ref'])) {
$valid_ref = email_format($v_fields['ref']);
if ($valid_ref) {
$sql = 'SELECT user_id
FROM _members
WHERE user_email = ?';
if ($ref_friend = sql_field(sql_filter($sql, $v_fields['ref']), 'user_id', 0)) {
$sql_insert = array(
'ref_uid' => $user_id,
'ref_orig' => $ref_friend
);
sql_insert('members_ref_assoc', $sql_insert);
$sql_insert = array(
'user_id' => $user_id,
'buddy_id' => $ref_friend,
'friend_time' => time()
);
sql_insert('members_friends', $sql_insert);
} else {
$invite_user = explode('@', $v_fields['ref']);
$invite_code = substr(md5(unique_id()), 0, 6);
$sql_insert = array(
'invite_code' => $invite_code,
'invite_email' => $v_fields['ref'],
'invite_uid' => $user_id
);
sql_insert('members_ref_invite', $sql_insert);
$emailer->from('info');
$emailer->use_template('user_invite');
$emailer->email_address($v_fields['ref']);
$emailer->assign_vars(array(
'INVITED' => $invite_user[0],
'USERNAME' => $v_fields['username'],
'U_REGISTER' => s_link('my register a', $invite_code))
);
$emailer->send();
$emailer->reset();
}
}
}
// Send confirm email
$emailer->from('info');
$emailer->use_template('user_welcome');
$emailer->email_address($v_fields['email']);
$emailer->assign_vars(array(
'USERNAME' => $v_fields['username'],
'U_ACTIVATE' => 'http:' . s_link('signup', $verification_code))
);
$emailer->send();
$emailer->reset();
$custom_vars = array(
'MESSAGE_TITLE' => lang('information'),
'MESSAGE_TEXT' => lang('membership_added')
);
page_layout('INFORMATION', 'message', $custom_vars);
/*
$user->session_create($user_id, 0);
redirect(s_link());
*/
}
}
break;
case 'r':
if ($user->is('member')) {
redirect(s_link('my profile'));
} else if ($user->is('bot')) {
redirect(s_link());
}
$code = request_var('code', '');
if (request_var('r', 0)) {
redirect(s_link());
}
if (!empty($code)) {
if (!preg_match('#([a-z0-9]+)#is', $code)) {
fatal_error();
}
$sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email
FROM _crypt_confirm c, _members m
WHERE c.crypt_code = ?
AND c.crypt_userid = m.user_id';
if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) {
fatal_error();
}
if (_button()) {
$password = request_var('newkey', '');
$password2 = request_var('newkey2', '');
if (!empty($password)) {
if ($password === $password2) {
$crypt_password = HashPassword($password);
$sql = 'UPDATE _members SET user_password = ?
WHERE user_id = ?';
sql_query(sql_filter($sql, $crypt_password, $crypt_data['user_id']));
$sql = 'DELETE FROM _crypt_confirm
WHERE crypt_userid = ?';
sql_query(sql_filter($sql, $crypt_data['user_id']));
// Send email
$emailer = new emailer();
$emailer->from('info');
$emailer->use_template('user_confirm_passwd', $config['default_lang']);
$emailer->email_address($crypt_data['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $crypt_data['username'],
'PASSWORD' => $password,
'U_PROFILE' => s_link('m', $crypt_data['username_base']))
);
$emailer->send();
$emailer->reset();
//
v_style(array(
'PAGE_MODE' => 'updated'
));
} else {
v_style(array(
'PAGE_MODE' => 'nomatch',
'S_CODE' => $code)
);
}
} else {
v_style(array(
'PAGE_MODE' => 'nokey',
'S_CODE' => $code)
);
}
} else {
v_style(array(
'PAGE_MODE' => 'verify',
'S_CODE' => $code)
);
}
} else if (_button()) {
$email = request_var('address', '');
if (empty($email) || !email_format($email)) {
fatal_error();
}
$sql = 'SELECT *
FROM _members
WHERE user_email = ?
AND user_active = 1
AND user_type NOT IN (??, ??)
AND user_id NOT IN (
SELECT ban_userid
FROM _banlist
)';
if (!$userdata = sql_fieldrow(sql_filter($sql, $email, USER_INACTIVE, USER_FOUNDER))) {
fatal_error();
}
$emailer = new emailer();
$verification_code = md5(unique_id());
$sql = 'DELETE FROM _crypt_confirm
WHERE crypt_userid = ?';
sql_query(sql_filter($sql, $userdata['user_id']));
$insert = array(
'crypt_userid' => $userdata['user_id'],
'crypt_code' => $verification_code,
'crypt_time' => $user->time
);
sql_insert('crypt_confirm', $insert);
// Send email
$emailer->from('info');
$emailer->use_template('user_activate_passwd', $config['default_lang']);
$emailer->email_address($userdata['user_email']);
$emailer->assign_vars(array(
'USERNAME' => $userdata['username'],
'U_ACTIVATE' => s_link('signr', $verification_code))
);
$emailer->send();
$emailer->reset();
_style('reset_complete');
}
break;
default:
break;
}
//
// Signup data
//
if (sizeof($error)) {
_style('error', array(
'MESSAGE' => parse_error($error))
);
}
$s_genres_select = '';
$genres = array(1 => 'MALE', 2 => 'FEMALE');
foreach ($genres as $id => $value) {
$s_genres_select .= '<option value="' . $id . '"' . (($v_fields['gender'] == $id) ? ' selected="true"' : '') . '>' . lang($value) . '</option>';
}
$s_bday_select = '';
for ($i = 1; $i < 32; $i++) {
$s_bday_select .= '<option value="' . $i . '"' . (($v_fields['birthday_day'] == $i) ? 'selected="true"' : '') . '>' . $i . '</option>';
}
$s_bmonth_select = '';
$months = array(1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October', 11 => 'November', 12 => 'December');
foreach ($months as $id => $value)
{
$s_bmonth_select .= '<option value="' . $id . '"' . (($v_fields['birthday_month'] == $id) ? ' selected="true"' : '') . '>' . $user->lang['datetime'][$value] . '</option>';
}
$s_byear_select = '';
$current_year = date('Y');
for ($i = ($current_year - 1); $i > $current_year - 102; $i--)
{
$s_byear_select .= '<option value="' . $i . '"' . (($v_fields['birthday_year'] == $i) ? ' selected="true"' : '') . '>' . $i . '</option>';
}
$v_fields['birthday'] = false;
if (isset($error['birthday'])) {
$v_fields['birthday'] = true;
}
$s_hidden = w();
if ($need_auth) {
$s_hidden = array('admin' => 1);
}
if (!isset($v_fields['refby'])) {
$v_fields['refby'] = '';
}
$layout_vars = array(
'IS_NEED_AUTH' => $need_auth,
'IS_LOGIN' => $login,
'CUSTOM_MESSAGE' => $box_text,
'S_HIDDEN_FIELDS' => s_hidden($s_hidden),
'U_SIGNIN' => s_link('signin'),
'U_SIGNUP' => s_link('signup'),
'U_SIGNOUT' => s_link('signout'),
'U_PASSWORD' => s_link('signr'),
'V_USERNAME' => $v_fields['username'],
'V_KEY' => $v_fields['key'],
'V_KEY_CONFIRM' => $v_fields['key_confirm'],
'V_EMAIL' => $v_fields['email'],
'V_REFBY' => $v_fields['refby'],
'V_GENDER' => $s_genres_select,
'V_BIRTHDAY_DAY' => $s_bday_select,
'V_BIRTHDAY_MONTH' => $s_bmonth_select,
'V_BIRTHDAY_YEAR' => $s_byear_select,
'V_TOS' => ($v_fields['tos']) ? ' checked="true"' : '',
'PAGE_MODE' => ''
);
foreach ($v_fields as $k => $v) {
$layout_vars['E_' . strtoupper($k)] = (isset($error[$k])) ? true : false;
}
if ($login) {
$ref = request_var('ref', '');
_style('error', array(
'LASTPAGE' => ($ref != '') ? $ref : s_link())
);
}
$box_text = (!empty($box_text)) ? lang($box_text, $box_text) : '';
page_layout('LOGIN2', 'login', $layout_vars);
}
<?php
define('IN_EX', true);
include '../includes/common.php';
$user->session_start();
echo HashPassword('4otatkan');
}
if ($errormsg) {
echo "<div class='errormsg'>";
echo "<font color='#ff0000'> {$errormsg} </font>";
echo "</div>";
echo "<form method='POST'><table><tr><td></td><td></td></tr>";
echo "<tr><td>Desired username</td><td><input type='text' name='username' value='{$username}' /></td></tr>";
echo "<tr><td>First Name</td><td><input type='text' name='first_name' value='{$first_name}' /></td></tr>";
echo "<tr><td>Last Name</td><td><input type='text' name='last_name' value='{$last_name}' /></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='password0' /></td></tr>";
echo "<tr><td>Retype Password</td><td><input type='password' name='password1' /></td></tr>";
echo "<tr><td>Email Address</td><td><input type='text' name='email_addr' value='{$email_addr}' /></td></tr>";
echo "<tr><td></td><td><input type='submit' value='Submit'>";
echo "</table>";
} else {
$password = HashPassword($password0);
$teamID = 0;
$query = sprintf("INSERT INTO users (username, password, first_name, last_name, preferred_name, email_addr, teamID) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', %d)", $username, $password, $first_name, $last_name, $first_name . ' ' . $last_name, $email_addr, $teamID);
$insert = mysql_query($query) or die(mysql_error());
echo "Thanks for registering, {$first_name}! Now you can <a href='login.php'>log in.</a><br>If you are an intern, please email the <a href='mailto:computer@wsbf.net'>Computer Engineer</a> to get CD review permissions. ";
}
} else {
$username = $first_name = $last_name = $email_addr = '';
echo "<form method='POST'><table><tr><td></td><td></td></tr>";
echo "<tr><td>Desired username</td><td><input type='text' name='username' value='{$username}' /></td></tr>";
echo "<tr><td>First Name</td><td><input type='text' name='first_name' value='{$first_name}' /></td></tr>";
echo "<tr><td>Last Name</td><td><input type='text' name='last_name' value='{$last_name}' /></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='password0' /></td></tr>";
echo "<tr><td>Retype Password</td><td><input type='password' name='password1' /></td></tr>";
echo "<tr><td>Email Address</td><td><input type='text' name='email_addr' value='{$email_addr}' /></td></tr>";
echo "<tr><td></td><td><input type='submit' value='Submit'>";
require_once "hash.php";
if (isset($_POST["mid"])) {
$myval = $_POST["mid"];
} else {
$myval = 0;
}
$myval1 = $_POST["Vorname"];
$myval2 = $_POST["Nachname"];
$myval3 = $_POST["Benutzername"];
$myval4 = $_POST["EMail"];
$myval5 = $_POST["Strasse"];
$myval6 = $_POST["PLZ"];
$myval7 = $_POST["Ort"];
$myval8 = $_POST["Typ"];
if (isset($_POST["Passwort"]) && $_POST["Passwort"] != '' && isset($_POST["PWRep"]) && $_POST["PWRep"] === $_POST["Passwort"] && $_POST["Passwort"] != '') {
$myval9 = HashPassword($_POST["Passwort"]);
} else {
$myval9 = '';
}
require_once "getSqlConnection.php";
$sqlcon = getSqlCon();
$x = $sqlcon->prepare("CALL p_ManipulateUser (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$x->bind_param("issssissss", $myval, $myval3, $myval5, $myval6, $myval7, $myval8, $myval4, $myval1, $myval2, $myval9);
$result = $x->execute();
$sqlcon->close();
redirect('/Mitarbeiter.php');
} else {
if (isset($_GET["id"])) {
require_once "getSqlConnection.php";
$sqlcon = getSqlCon();
$x = $sqlcon->prepare("SELECT * FROM v_mitarbeiter WHERE ID = ?");
function generateCAPassword($password)
{
$update = array('userPassword' => HashPassword($password));
return $update;
}
}
if ($usernamenotempty == TRUE && $usernamevalidate == TRUE && $usernamenotduplicate == TRUE && $passwordnotempty == TRUE && $passwordmatch == TRUE && $passwordvalidate == TRUE && $captchavalidation == TRUE) {
//The username, password and recaptcha validation succeeds.
//Hash the password
//This is very important for security reasons because once the password has been compromised,
//The attacker cannot still get the plain text password equivalent without brute force.
function HashPassword($input)
{
//Credits: http://crackstation.net/hashing-security.html
//This is secure hashing the consist of strong hash algorithm sha 256 and using highly random salt
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$hash = hash("sha256", $salt . $input);
$final = $salt . $hash;
return $final;
}
$hashedpassword = HashPassword($desired_password);
//Insert username and the hashed password to MySQL database
mysql_query("INSERT INTO `authentication` (`username`, `password`) VALUES ('{$desired_username}', '{$hashedpassword}')") or die(mysql_error());
//Send notification to webmaster
$message = "New member has just registered: {$desired_username}";
mail($email, $subject, $message, $from);
//redirect to login page
header(sprintf("Location: %s", $loginpage_url));
exit;
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Register as a Valid User</title>
// Pega senha atual
$results = ldap_search($conexao, "ou=System," . $dn, "cn=" . $usuario);
$numresults = ldap_count_entries($conexao, $results);
$info = ldap_get_entries($conexao, $results);
$senhaantigaldap = $info[0]["userpassword"][0];
// Verificando senha antiga
if (!ValidatePassword($senhaantiga, $senhaantigaldap)) {
echo "<tr><td><font color=\"red\"><b>Senha atual não é válida!</b></font></td></tr>";
echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>";
} else {
if ($novasenha != $novasenha2) {
echo "<tr><td><font color=\"red\"><b>As novas senhas não são iguais!</b></font></td></tr>";
echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>";
} else {
// Alterar senha
$entry["userpassword"][0] = HashPassword($novasenha);
$uptdn = "cn=" . $usuario . ",ou=System," . $dn;
if (ldap_modify($conexao, $uptdn, $entry)) {
echo "<tr><td align=\"center\"><b>Senha atualizada com sucesso!<br>Por favor, efetue o <i>logout</i> e <i>login</i> no sistema novamente!</b></td></tr>";
echo "<tr><td align=\"center\"><a href=\"logout.php\">Logout!</a></td></tr>";
} else {
echo "<tr><td align=\"center\"><font color=\"red\"><b>A senha não foi atualizada!<br>(" . ldap_error($conexao) . ")</b></font></td></tr>";
echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>";
}
}
}
} else {
echo "<tr><td><font color=\"red\"><b>Preencha os campos corretamente!</b></font></td></tr>";
echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>";
}
}
if ($passnew == $passnew2) {
$passwordmatch = TRUE;
} else {
$passwordmatch = FALSE;
}
if ($passwordnotempty == TRUE && $passwordmatch == TRUE) {
function HashPassword($input)
{
//Credits: http://crackstation.net/hashing-security.html
//This is secure hashing the consist of strong hash algorithm sha 256 and using highly random salt
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$hash = hash("sha256", $salt . $input);
$final = $salt . $hash;
return $final;
}
$hashedpassword = HashPassword($passnew);
$prenom = $_SESSION['prenom'];
$nom = $_SESSION['nom'];
$query = "UPDATE `see_authentification` SET `password`= '{$hashedpassword}' WHERE `prenom` = '{$prenom}' AND `nom` = '{$nom}' ";
mysql_query("SET NAMES UTF8");
$result = mysql_query($query) or die(mysql_error());
header(sprintf("Location: %s", $loginpage_url));
exit;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr">
<head>
<title>INDAL - Suivi des Etudes d'Eclairage</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
protected function _up_home()
{
global $bio, $warning;
$v = $this->__(w('send address'));
if (!empty($v->send)) {
$v = _array_merge($v, $this->__(array_merge(w('password firstname lastname country status'), _array_keys(w('gender birth_day birth_month birth_year'), 0))));
if (empty($v->address)) {
$warning->set('empty_address');
}
if (empty($v->password)) {
$warning->set('empty_password');
}
if (!email_format($v->address)) {
$warning->set('bad_address');
}
if (!($v->alias = _low($v->firstname . $v->lastname))) {
$warning->set('bad_alias');
}
if ($this->alias_exists($v->alias)) {
$warning->set('record_alias');
}
if (!($v->country = $this->country_exists($v->country))) {
$warning->set('bad_country');
}
if (!$v->birth_day || !$v->birth_month || !$v->birth_year) {
$warning->set('bad_birth');
}
$v->birth = _timestamp($v->birth_month, $v->birth_day, $v->birth_year);
$v->name = trim($v->firstname) . ' ' . trim($v->lastname);
$sql_insert = array('type' => 0, 'level' => 0, 'active' => 1, 'alias' => $v->alias, 'name' => $v->firstname . ' ' . $v->lastname, 'first' => $v->firstname, 'last' => $v->lastname, 'key' => HashPassword($v->password), 'address' => $v->address, 'gender' => $v->gender, 'birth' => $v->birth, 'birthlast' => 0, 'regip' => $bio->v('ip'), 'regdate' => time(), 'session_time' => time(), 'lastpage' => '', 'timezone' => -6, 'dst' => 0, 'dateformat' => 'd M Y H:i', 'lang' => 'sp', 'country' => $v->country, 'avatar' => '', 'actkey' => '', 'recovery' => 0, 'fails' => 0);
$bio->id = sql_put('_bio', prefix('bio', $sql_insert));
$sql_insert = array('bio' => $bio->id, 'name' => $v->address, 'primary' => 1);
sql_put('_bio_address', prefix('address', $sql_insert));
echo 'OK';
exit;
}
//$gi = geoip_open(XFS.XCOR . 'store/geoip.dat', GEOIP_STANDARD);
$geoip_code = '';
if ($bio->v('ip') != '127.0.0.1') {
// GeoIP
if (!@function_exists('geoip_country_code_by_name')) {
//require_once(XFS.XCOR . 'geoip.php');
}
//$geoip_code = @geoip_country_code_by_name($bio->v('ip'));
}
for ($i = 1; $i < 32; $i++) {
if ($i == 1) {
_style('birth_day');
}
_style('birth_day.row', array('DAY' => $i));
}
for ($i = 1; $i < 13; $i++) {
if ($i == 1) {
_style('birth_month');
}
_style('birth_month.row', array('MONTH' => $i));
}
for ($i = date('Y'); $i > 1900; $i--) {
if ($i == date('Y')) {
_style('birth_year');
}
_style('birth_year.row', array('YEAR' => $i));
}
//_pre($geoip_code, true);
/*
$sql = 'SELECT *
FROM _countries
ORDER BY country_name';
$countries = sql_rowset($sql);
$v->country = ($v->country) ? $v->country : ((isset($country_codes[$geoip_code])) ? $country_codes[$geoip_code] : $country_codes['gt']);
foreach ($countries as $i => $row) {
if (!$i) _style('countries');
_style('countries.row', array(
'V_ID' => $row->country_id,
'V_NAME' => $row->country_name,
'V_SEL' => 0)
);
}
*
*/
return;
}
