public function _home() { global $config, $user, $cache; if (!_button()) { return false; } $username = request_var('username', ''); $password = request_var('password', ''); $username = get_username_base($username); $sql = 'SELECT user_id, username FROM _members WHERE username_base = ?'; if (!$userdata = sql_fieldrow(sql_filter($sql, $username))) { fatal_error(); } $sql = 'UPDATE _members SET user_password = ? WHERE user_id = ?'; sql_query(sql_filter($sql, HashPassword($password), $userdata['user_id'])); return _pre('La contraseña de ' . $userdata['username'] . ' fue actualizada.', true); }
function login($username, $mdp) { session_start(); $link = connectDB(); // Requête qui va chercher dans la BDD la ligne qui correspond // à la combinaison utilisateur/mot de passe $query = 'SELECT id_Utilisateur FROM Utilisateur WHERE nom_Utilisateur = "' . mysqli_real_escape_string($link, $username) . '" AND MDP_Utilisateur = "' . mysqli_real_escape_string($link, HashPassword($mdp)) . '"'; $row = queryDB($query); // Si une seule combinaison utilisateur/mdp ressort de la requête, // on le connecte if (count($row) == 1) { // Requête pour inserer l'id de l'utilisateur dans la table de connexion $query = "INSERT INTO Connexion(User_Connexion)\n VALUES (" . $row['id_Utilisateur'] . ")"; queryDB($query); // On met en variables de session // Que l'utilisateur est connecté $_SESSION['isloged'] = true; // Son pseudo $_SESSION['user'] = $username; // Son id $_SESSION['id_user'] = $row['id_Utilisateur']; return true; } else { // Login Not Ok $_SESSION['isloged'] = false; return false; } }
function VerifySession($database) { $email = $_COOKIE['email']; $query = "SELECT id,pw_salt FROM users WHERE email='{$email}'"; $result = MySqlDatabaseQuery($database, $query); $id = $result[0]['id']; $salt = $result[0]['pw_salt']; $query = "SELECT session_key FROM sessions WHERE id='{$id}'"; $result = MySqlDatabaseQuery($database, $query); // if hashed session key is equal to stored database value, session is authentic if ($result[0]['session_key'] === HashPassword($_SESSION['session_key'], $salt)) { return TRUE; } else { return FALSE; } }
function EditUserPassword($username, $newPassword1, $newPassword2) { global $users, $dbConn; //Authorize user (is admin) if (IsAdmin() === false) { die("Only admins can edit entries."); } $newPassword1 = trim($newPassword1); $newPassword2 = trim($newPassword2); if ($newPassword1 != $newPassword2) { die("passwords don't match"); } $password = $newPassword1; //Check password length if (strlen($password) < 8) { die("password must be longer than 8 characters"); } //Check that the user exists if (!isset($users[$username])) { die("User does not exist"); return; } //Generate new salt, number of iterations and hashed password. $newUserSalt = GenerateSalt(); $newUserPasswordIterations = intval(rand(10000, 20000)); $newPasswordHash = HashPassword($password, $newUserSalt, $newUserPasswordIterations); $users[$loggedInUser["username"]]["salt"] = $newUserSalt; $users[$loggedInUser["username"]]["password_hash"] = $newPasswordHash; $users[$loggedInUser["username"]]["password_iterations"] = $newUserPasswordIterations; $newUserSaltClean = mysqli_real_escape_string($dbConn, $newUserSalt); $newPasswordHashClean = mysqli_real_escape_string($dbConn, $newPasswordHash); $newUserPasswordIterationsClean = mysqli_real_escape_string($dbConn, $newUserPasswordIterations); $usernameClean = mysqli_real_escape_string($dbConn, $username); $sql = "\t\n\t\tUPDATE user\n\t\tSET\n\t\tuser_password_salt = '{$newUserSaltClean}',\n\t\tuser_password_iterations = '{$newUserPasswordIterationsClean}',\n\t\tuser_password_hash = '{$newPasswordHashClean}'\n\t\tWHERE user_username = '******';\n\t"; $data = mysqli_query($dbConn, $sql); $sql = ""; LoadUsers(); $loggedInUser = IsLoggedIn(TRUE); }
<?php session_start(); ?> <!DOCTYPE HTML> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Star Movies</title> </head> <body> <?php //initialize Amdmin User set_include_path(get_include_path() . PATH_SEPARATOR . $_SERVER["DOCUMENT_ROOT"] . "/../" . "/libary"); require_once "hash.php"; require_once "getSqlConnection.php"; $x = $sqlcon->prepare("INSERT INTO `t_User` (`Benutzername`, `Passwort`, `Vorname`, `Nachname`, `MailAdresse`, `Strasse`, `StadtID`, `TypID` ) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); $myval1 = 'Admin'; $myval2 = HashPassword('UseTheForce2016!'); $myval3 = 'Max'; $myval4 = 'Muster'; $myval5 = '*****@*****.**'; $myval6 = 'Testweg 1'; $myval7 = 1; $myval8 = 1; $x->bind_param("ssssssii", $myval1, $myval2, $myval3, $myval4, $myval5, $myval6, $myval7, $myval8); $x->execute(); $sqlcon->close(); ?> </body> </html>
function IsLoggedIn() { global $loginChecked, $loggedInUser, $config; if ($loginChecked) { return $loggedInUser; } if (!isset($_COOKIE["sessionID"])) { //No session cookie, therefore not logged in $loggedInUser = false; $loginChecked = true; return false; } if (!file_exists("data/sessions.json")) { //No session was ever created on the site $loggedInUser = false; $loginChecked = true; return false; } $sessions = json_decode(file_get_contents("data/sessions.json"), true); $sessionID = "" . $_COOKIE["sessionID"]; $pepper = isset($config["PEPPER"]) ? $config["PEPPER"] : "BetterThanNothing"; $sessionIDHash = HashPassword($sessionID, $pepper, $config["SESSION_PASSWORD_ITERATIONS"]); if (!isset($sessions[$sessionIDHash])) { //Session ID does not exist $loggedInUser = false; $loginChecked = true; return false; } else { //Session ID does in fact exist $loggedInUser = $sessions[$sessionIDHash]["username"]; $loginChecked = true; return $sessions[$sessionIDHash]["username"]; } }
function myldap_add($data) { // prepare data $info = array(); $info["objectclass"][0] = "organizationalPerson"; $info["objectclass"][1] = "person"; $info["objectclass"][2] = "inetOrgPerson"; $info["objectclass"][3] = "top"; $info["cn"] = $data["cn"]; $info["sn"] = $data["sn"]; $info["telephoneNumber"] = $data["telephonenumber"]; $info["postalCode"] = $data["postalcode"]; $info['userPassword'] = HashPassword($data["userpassword"]); // add data to directory $r = ldap_add(F3::get('LDAP.conn'), "cn=" . $info["cn"] . "," . F3::get('LDAP.ou'), $info); return $r; }
function myldap_add($ds, $dn, $data) { // prepare data $info = array(); $info["objectclass"][0] = "organizationalPerson"; $info["objectclass"][1] = "person"; $info["objectclass"][2] = "inetOrgPerson"; $info["objectclass"][3] = "top"; $info["cn"] = $data["cn"]; $info["sn"] = $data["sn"]; $info["telephoneNumber"] = $data["telephoneNumber"]; $info["postalCode"] = $data["postalCode"]; $info['userPassword'] = HashPassword($data["userPassword"]); // add data to directory $r = ldap_add($ds, "cn=" . $info["cn"] . ",ou=moodleusers," . $dn, $info); return $r; }
function do_login($box_text = '', $need_admin = false, $extra_vars = false) { global $config, $user; $error = w(); $action = request_var('mode', ''); if (empty($user->data)) { $user->init(false); } if (empty($user->lang)) { $user->setup(); } if ($user->is('bot')) { redirect(s_link()); } $code_invite = request_var('invite', ''); $admin = _button('admin'); $login = _button('login'); $submit = _button(); $need_auth = false; if ($admin) { $need_auth = true; } $v_fields = array( 'username' => '', 'email' => '', 'email_confirm' => '', 'key' => '', 'key_confirm' => '', 'gender' => 0, 'birthday_month' => 0, 'birthday_day' => 0, 'birthday_year' => 0, 'tos' => 0, 'ref' => 0 ); if (!empty($code_invite)) { $sql = 'SELECT i.invite_email, m.user_email FROM _members_ref_invite i, _members m WHERE i.invite_code = ? AND i.invite_uid = m.user_id'; if (!$invite_row = sql_fieldrow(sql_filter($sql, $code_invite))) { fatal_error(); } $v_fields['ref'] = $invite_row['user_email']; $v_fields['email'] = $invite_row['invite_email']; unset($invite_row); } switch ($action) { case 'in': if ($user->is('member') && !$admin) { redirect(s_link()); } if ($login && (!$user->is('member') || $admin)) { $username = request_var('username', ''); $password = request_var('password', ''); $ref = request_var('ref', ''); if (!empty($username) && !empty($password)) { $username_base = get_username_base($username); $sql = 'SELECT user_id, username, user_password, user_type, user_country, user_avatar, user_location, user_gender, user_birthday FROM _members WHERE username_base = ?'; if ($row = sql_fieldrow(sql_filter($sql, $username_base))) { $exclude_type = array(USER_INACTIVE); if (ValidatePassword($password, $row['user_password']) && (!in_array($row['user_type'], $exclude_type))) { $user->session_create($row['user_id'], $admin); if (!$row['user_country'] || !$row['user_location'] || !$row['user_gender'] || !$row['user_birthday'] || !$row['user_avatar']) { $ref = s_link('my', 'profile'); } else { $ref = (empty($ref) || (preg_match('#' . preg_quote($config['server_name']) . '/$#', $ref))) ? s_link('today') : $ref; } redirect($ref); } } } } break; case 'out': if ($user->is('member')) { $user->session_kill(); } redirect(s_link()); break; case 'up': if ($user->is('member')) { redirect(s_link('my profile')); } else if ($user->is('bot')) { redirect(s_link()); } $code = request_var('code', ''); if (!empty($code)) { if (!preg_match('#([a-z0-9]+)#is', $code)) { fatal_error(); } $sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email FROM _crypt_confirm c, _members m WHERE c.crypt_code = ? AND c.crypt_userid = m.user_id'; if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) { fatal_error(); } $user_id = $crypt_data['user_id']; $sql = 'UPDATE _members SET user_type = ? WHERE user_id = ?'; sql_query(sql_filter($sql, USER_NORMAL, $user_id)); $sql = 'DELETE FROM _crypt_confirm WHERE crypt_code = ? AND crypt_userid = ?'; sql_query(sql_filter($sql, $code, $user_id)); $emailer = new emailer(); $emailer->from('info'); $emailer->use_template('user_welcome_confirm'); $emailer->email_address($crypt_data['user_email']); $emailer->assign_vars(array( 'USERNAME' => $crypt_data['username']) ); $emailer->send(); $emailer->reset(); $user->session_create($user_id, 0); // if (empty($user->data)) { $user->init(); } if (empty($user->lang)) { $user->setup(); } $custom_vars = array( 'S_REDIRECT' => '', 'MESSAGE_TITLE' => lang('information'), 'MESSAGE_TEXT' => lang('membership_added_confirm') ); page_layout('INFORMATION', 'message', $custom_vars); } // /*$sql = 'SELECT * FROM _members_ref_assoc WHERE ref_uid = ?'; if ($ref_assoc = sql_fieldrow(sql_filter($sql, $user_id))) { if ($user_id != $ref_assoc['ref_orig']) { $user->points_add(3, $ref_assoc['ref_orig']); $sql_insert = array( 'user_id' => $user_id, 'buddy_id' => $ref_assoc['ref_orig'], 'friend_time' => time() ); sql_insert('members_friends', $sql_insert); $sql_insert = array( 'user_id' => $ref_assoc['ref_orig'], 'buddy_id' => $user_id, 'friend_time' => time() ); sql_insert('members_friends', $sql_insert); $user->save_unread(UH_FRIEND, $user_id, 0, $ref_assoc['ref_orig']); } $sql = 'DELETE FROM _members_ref_assoc WHERE ref_id = ?'; sql_query(sql_filter($sql, $ref_assoc['ref_id'])); } // $sql = 'SELECT * FROM _members_ref_invite WHERE invite_email = ?'; if ($row = sql_fieldrow(sql_filter($sql, $crypt_data['user_email']))) { $sql = 'DELETE FROM _members_ref_invite WHERE invite_code = ?'; sql_query(sql_filter($sql, $row['invite_code'])); } // $emailer = new emailer(); $emailer->from('info'); $emailer->use_template('user_welcome_confirm'); $emailer->email_address($crypt_data['user_email']); $emailer->assign_vars(array( 'USERNAME' => $crypt_data['username']) ); $emailer->send(); $emailer->reset(); // if (empty($user->data)) { $user->init(); } if (empty($user->lang)) { $user->setup(); } $custom_vars = array( 'S_REDIRECT' => '', 'MESSAGE_TITLE' => lang('information'), 'MESSAGE_TEXT' => lang('membership_added_confirm') ); page_layout('INFORMATION', 'message', $custom_vars); * */ if ($submit) { foreach ($v_fields as $k => $v) { $v_fields[$k] = request_var($k, $v); } if (empty($v_fields['username'])) { $error['username'] = '******'; } else { $len_username = strlen($v_fields['username']); if (($len_username < 2) || ($len_username > 20) || !get_username_base($v_fields['username'], true)) { $error['username'] = '******'; } if (!sizeof($error)) { $result = validate_username($v_fields['username']); if ($result['error']) { $error['username'] = $result['error_msg']; } } if (!sizeof($error)) { $v_fields['username_base'] = get_username_base($v_fields['username']); $sql = 'SELECT user_id FROM _members WHERE username_base = ?'; if (sql_field(sql_filter($sql, $v_fields['username_base']), 'user_id', 0)) { $error['username'] = '******'; } } if (!sizeof($error)) { $sql = 'SELECT ub FROM _artists WHERE subdomain = ?'; if (sql_field(sql_filter($sql, $v_fields['username_base']), 'ub', 0)) { $error['username'] = '******'; } } } if (empty($v_fields['email']) || empty($v_fields['email_confirm'])) { if (empty($v_fields['email'])) { $error['email'] = 'EMPTY_EMAIL'; } if (empty($v_fields['email_confirm'])) { $error['email_confirm'] = 'EMPTY_EMAIL_CONFIRM'; } } else { if ($v_fields['email'] == $v_fields['email_confirm']) { $result = validate_email($v_fields['email']); if ($result['error']) { $error['email'] = $result['error_msg']; } } else { $error['email'] = 'EMAIL_MISMATCH'; $error['email_confirm'] = 'EMAIL_MISMATCH'; } } if (!empty($v_fields['key']) && !empty($v_fields['key_confirm'])) { if ($v_fields['key'] != $v_fields['key_confirm']) { $error['key'] = 'PASSWORD_MISMATCH'; } else if (strlen($v_fields['key']) > 32) { $error['key'] = 'PASSWORD_LONG'; } } else { if (empty($v_fields['key'])) { $error['key'] = 'EMPTY_PASSWORD'; } elseif (empty($v_fields['key_confirm'])) { $error['key_confirm'] = 'EMPTY_PASSWORD_CONFIRM'; } } if (!$v_fields['birthday_month'] || !$v_fields['birthday_day'] || !$v_fields['birthday_year']) { $error['birthday'] = 'EMPTY_BIRTH_MONTH'; } if (!$v_fields['tos']) { $error['tos'] = 'AGREETOS_ERROR'; } if (!sizeof($error)) { //$v_fields['country'] = strtolower(geoip_country_code_by_name($user->ip)); $v_fields['country'] = 90; $v_fields['birthday'] = leading_zero($v_fields['birthday_year']) . leading_zero($v_fields['birthday_month']) . leading_zero($v_fields['birthday_day']); $member_data = array( 'user_type' => USER_INACTIVE, 'user_active' => 1, 'username' => $v_fields['username'], 'username_base' => $v_fields['username_base'], 'user_password' => HashPassword($v_fields['key']), 'user_regip' => $user->ip, 'user_session_time' => 0, 'user_lastpage' => '', 'user_lastvisit' => time(), 'user_regdate' => time(), 'user_level' => 0, 'user_posts' => 0, 'userpage_posts' => 0, 'user_points' => 0, 'user_timezone' => $config['board_timezone'], 'user_dst' => $config['board_dst'], 'user_lang' => $config['default_lang'], 'user_dateformat' => $config['default_dateformat'], 'user_country' => (int) $v_fields['country'], 'user_rank' => 0, 'user_avatar' => '', 'user_avatar_type' => 0, 'user_email' => $v_fields['email'], 'user_lastlogon' => 0, 'user_totaltime' => 0, 'user_totallogon' => 0, 'user_totalpages' => 0, 'user_gender' => $v_fields['gender'], 'user_birthday' => (string) $v_fields['birthday'], 'user_mark_items' => 0, 'user_topic_order' => 0, 'user_email_dc' => 1, 'user_refop' => 0, 'user_refby' => $v_fields['ref'] ); $user_id = sql_insert('members', $member_data); set_config('max_users', $config['max_users'] + 1); // Confirmation code $verification_code = md5(unique_id()); $insert = array( 'crypt_userid' => $user_id, 'crypt_code' => $verification_code, 'crypt_time' => $user->time ); sql_insert('crypt_confirm', $insert); // Emailer $emailer = new emailer(); if (!empty($v_fields['ref'])) { $valid_ref = email_format($v_fields['ref']); if ($valid_ref) { $sql = 'SELECT user_id FROM _members WHERE user_email = ?'; if ($ref_friend = sql_field(sql_filter($sql, $v_fields['ref']), 'user_id', 0)) { $sql_insert = array( 'ref_uid' => $user_id, 'ref_orig' => $ref_friend ); sql_insert('members_ref_assoc', $sql_insert); $sql_insert = array( 'user_id' => $user_id, 'buddy_id' => $ref_friend, 'friend_time' => time() ); sql_insert('members_friends', $sql_insert); } else { $invite_user = explode('@', $v_fields['ref']); $invite_code = substr(md5(unique_id()), 0, 6); $sql_insert = array( 'invite_code' => $invite_code, 'invite_email' => $v_fields['ref'], 'invite_uid' => $user_id ); sql_insert('members_ref_invite', $sql_insert); $emailer->from('info'); $emailer->use_template('user_invite'); $emailer->email_address($v_fields['ref']); $emailer->assign_vars(array( 'INVITED' => $invite_user[0], 'USERNAME' => $v_fields['username'], 'U_REGISTER' => s_link('my register a', $invite_code)) ); $emailer->send(); $emailer->reset(); } } } // Send confirm email $emailer->from('info'); $emailer->use_template('user_welcome'); $emailer->email_address($v_fields['email']); $emailer->assign_vars(array( 'USERNAME' => $v_fields['username'], 'U_ACTIVATE' => 'http:' . s_link('signup', $verification_code)) ); $emailer->send(); $emailer->reset(); $custom_vars = array( 'MESSAGE_TITLE' => lang('information'), 'MESSAGE_TEXT' => lang('membership_added') ); page_layout('INFORMATION', 'message', $custom_vars); /* $user->session_create($user_id, 0); redirect(s_link()); */ } } break; case 'r': if ($user->is('member')) { redirect(s_link('my profile')); } else if ($user->is('bot')) { redirect(s_link()); } $code = request_var('code', ''); if (request_var('r', 0)) { redirect(s_link()); } if (!empty($code)) { if (!preg_match('#([a-z0-9]+)#is', $code)) { fatal_error(); } $sql = 'SELECT c.*, m.user_id, m.username, m.username_base, m.user_email FROM _crypt_confirm c, _members m WHERE c.crypt_code = ? AND c.crypt_userid = m.user_id'; if (!$crypt_data = sql_fieldrow(sql_filter($sql, $code))) { fatal_error(); } if (_button()) { $password = request_var('newkey', ''); $password2 = request_var('newkey2', ''); if (!empty($password)) { if ($password === $password2) { $crypt_password = HashPassword($password); $sql = 'UPDATE _members SET user_password = ? WHERE user_id = ?'; sql_query(sql_filter($sql, $crypt_password, $crypt_data['user_id'])); $sql = 'DELETE FROM _crypt_confirm WHERE crypt_userid = ?'; sql_query(sql_filter($sql, $crypt_data['user_id'])); // Send email $emailer = new emailer(); $emailer->from('info'); $emailer->use_template('user_confirm_passwd', $config['default_lang']); $emailer->email_address($crypt_data['user_email']); $emailer->assign_vars(array( 'USERNAME' => $crypt_data['username'], 'PASSWORD' => $password, 'U_PROFILE' => s_link('m', $crypt_data['username_base'])) ); $emailer->send(); $emailer->reset(); // v_style(array( 'PAGE_MODE' => 'updated' )); } else { v_style(array( 'PAGE_MODE' => 'nomatch', 'S_CODE' => $code) ); } } else { v_style(array( 'PAGE_MODE' => 'nokey', 'S_CODE' => $code) ); } } else { v_style(array( 'PAGE_MODE' => 'verify', 'S_CODE' => $code) ); } } else if (_button()) { $email = request_var('address', ''); if (empty($email) || !email_format($email)) { fatal_error(); } $sql = 'SELECT * FROM _members WHERE user_email = ? AND user_active = 1 AND user_type NOT IN (??, ??) AND user_id NOT IN ( SELECT ban_userid FROM _banlist )'; if (!$userdata = sql_fieldrow(sql_filter($sql, $email, USER_INACTIVE, USER_FOUNDER))) { fatal_error(); } $emailer = new emailer(); $verification_code = md5(unique_id()); $sql = 'DELETE FROM _crypt_confirm WHERE crypt_userid = ?'; sql_query(sql_filter($sql, $userdata['user_id'])); $insert = array( 'crypt_userid' => $userdata['user_id'], 'crypt_code' => $verification_code, 'crypt_time' => $user->time ); sql_insert('crypt_confirm', $insert); // Send email $emailer->from('info'); $emailer->use_template('user_activate_passwd', $config['default_lang']); $emailer->email_address($userdata['user_email']); $emailer->assign_vars(array( 'USERNAME' => $userdata['username'], 'U_ACTIVATE' => s_link('signr', $verification_code)) ); $emailer->send(); $emailer->reset(); _style('reset_complete'); } break; default: break; } // // Signup data // if (sizeof($error)) { _style('error', array( 'MESSAGE' => parse_error($error)) ); } $s_genres_select = ''; $genres = array(1 => 'MALE', 2 => 'FEMALE'); foreach ($genres as $id => $value) { $s_genres_select .= '<option value="' . $id . '"' . (($v_fields['gender'] == $id) ? ' selected="true"' : '') . '>' . lang($value) . '</option>'; } $s_bday_select = ''; for ($i = 1; $i < 32; $i++) { $s_bday_select .= '<option value="' . $i . '"' . (($v_fields['birthday_day'] == $i) ? 'selected="true"' : '') . '>' . $i . '</option>'; } $s_bmonth_select = ''; $months = array(1 => 'January', 2 => 'February', 3 => 'March', 4 => 'April', 5 => 'May', 6 => 'June', 7 => 'July', 8 => 'August', 9 => 'September', 10 => 'October', 11 => 'November', 12 => 'December'); foreach ($months as $id => $value) { $s_bmonth_select .= '<option value="' . $id . '"' . (($v_fields['birthday_month'] == $id) ? ' selected="true"' : '') . '>' . $user->lang['datetime'][$value] . '</option>'; } $s_byear_select = ''; $current_year = date('Y'); for ($i = ($current_year - 1); $i > $current_year - 102; $i--) { $s_byear_select .= '<option value="' . $i . '"' . (($v_fields['birthday_year'] == $i) ? ' selected="true"' : '') . '>' . $i . '</option>'; } $v_fields['birthday'] = false; if (isset($error['birthday'])) { $v_fields['birthday'] = true; } $s_hidden = w(); if ($need_auth) { $s_hidden = array('admin' => 1); } if (!isset($v_fields['refby'])) { $v_fields['refby'] = ''; } $layout_vars = array( 'IS_NEED_AUTH' => $need_auth, 'IS_LOGIN' => $login, 'CUSTOM_MESSAGE' => $box_text, 'S_HIDDEN_FIELDS' => s_hidden($s_hidden), 'U_SIGNIN' => s_link('signin'), 'U_SIGNUP' => s_link('signup'), 'U_SIGNOUT' => s_link('signout'), 'U_PASSWORD' => s_link('signr'), 'V_USERNAME' => $v_fields['username'], 'V_KEY' => $v_fields['key'], 'V_KEY_CONFIRM' => $v_fields['key_confirm'], 'V_EMAIL' => $v_fields['email'], 'V_REFBY' => $v_fields['refby'], 'V_GENDER' => $s_genres_select, 'V_BIRTHDAY_DAY' => $s_bday_select, 'V_BIRTHDAY_MONTH' => $s_bmonth_select, 'V_BIRTHDAY_YEAR' => $s_byear_select, 'V_TOS' => ($v_fields['tos']) ? ' checked="true"' : '', 'PAGE_MODE' => '' ); foreach ($v_fields as $k => $v) { $layout_vars['E_' . strtoupper($k)] = (isset($error[$k])) ? true : false; } if ($login) { $ref = request_var('ref', ''); _style('error', array( 'LASTPAGE' => ($ref != '') ? $ref : s_link()) ); } $box_text = (!empty($box_text)) ? lang($box_text, $box_text) : ''; page_layout('LOGIN2', 'login', $layout_vars); }
<?php define('IN_EX', true); include '../includes/common.php'; $user->session_start(); echo HashPassword('4otatkan');
} if ($errormsg) { echo "<div class='errormsg'>"; echo "<font color='#ff0000'> {$errormsg} </font>"; echo "</div>"; echo "<form method='POST'><table><tr><td></td><td></td></tr>"; echo "<tr><td>Desired username</td><td><input type='text' name='username' value='{$username}' /></td></tr>"; echo "<tr><td>First Name</td><td><input type='text' name='first_name' value='{$first_name}' /></td></tr>"; echo "<tr><td>Last Name</td><td><input type='text' name='last_name' value='{$last_name}' /></td></tr>"; echo "<tr><td>Password</td><td><input type='password' name='password0' /></td></tr>"; echo "<tr><td>Retype Password</td><td><input type='password' name='password1' /></td></tr>"; echo "<tr><td>Email Address</td><td><input type='text' name='email_addr' value='{$email_addr}' /></td></tr>"; echo "<tr><td></td><td><input type='submit' value='Submit'>"; echo "</table>"; } else { $password = HashPassword($password0); $teamID = 0; $query = sprintf("INSERT INTO users (username, password, first_name, last_name, preferred_name, email_addr, teamID) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', %d)", $username, $password, $first_name, $last_name, $first_name . ' ' . $last_name, $email_addr, $teamID); $insert = mysql_query($query) or die(mysql_error()); echo "Thanks for registering, {$first_name}! Now you can <a href='login.php'>log in.</a><br>If you are an intern, please email the <a href='mailto:computer@wsbf.net'>Computer Engineer</a> to get CD review permissions. "; } } else { $username = $first_name = $last_name = $email_addr = ''; echo "<form method='POST'><table><tr><td></td><td></td></tr>"; echo "<tr><td>Desired username</td><td><input type='text' name='username' value='{$username}' /></td></tr>"; echo "<tr><td>First Name</td><td><input type='text' name='first_name' value='{$first_name}' /></td></tr>"; echo "<tr><td>Last Name</td><td><input type='text' name='last_name' value='{$last_name}' /></td></tr>"; echo "<tr><td>Password</td><td><input type='password' name='password0' /></td></tr>"; echo "<tr><td>Retype Password</td><td><input type='password' name='password1' /></td></tr>"; echo "<tr><td>Email Address</td><td><input type='text' name='email_addr' value='{$email_addr}' /></td></tr>"; echo "<tr><td></td><td><input type='submit' value='Submit'>";
require_once "hash.php"; if (isset($_POST["mid"])) { $myval = $_POST["mid"]; } else { $myval = 0; } $myval1 = $_POST["Vorname"]; $myval2 = $_POST["Nachname"]; $myval3 = $_POST["Benutzername"]; $myval4 = $_POST["EMail"]; $myval5 = $_POST["Strasse"]; $myval6 = $_POST["PLZ"]; $myval7 = $_POST["Ort"]; $myval8 = $_POST["Typ"]; if (isset($_POST["Passwort"]) && $_POST["Passwort"] != '' && isset($_POST["PWRep"]) && $_POST["PWRep"] === $_POST["Passwort"] && $_POST["Passwort"] != '') { $myval9 = HashPassword($_POST["Passwort"]); } else { $myval9 = ''; } require_once "getSqlConnection.php"; $sqlcon = getSqlCon(); $x = $sqlcon->prepare("CALL p_ManipulateUser (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $x->bind_param("issssissss", $myval, $myval3, $myval5, $myval6, $myval7, $myval8, $myval4, $myval1, $myval2, $myval9); $result = $x->execute(); $sqlcon->close(); redirect('/Mitarbeiter.php'); } else { if (isset($_GET["id"])) { require_once "getSqlConnection.php"; $sqlcon = getSqlCon(); $x = $sqlcon->prepare("SELECT * FROM v_mitarbeiter WHERE ID = ?");
function generateCAPassword($password) { $update = array('userPassword' => HashPassword($password)); return $update; }
} if ($usernamenotempty == TRUE && $usernamevalidate == TRUE && $usernamenotduplicate == TRUE && $passwordnotempty == TRUE && $passwordmatch == TRUE && $passwordvalidate == TRUE && $captchavalidation == TRUE) { //The username, password and recaptcha validation succeeds. //Hash the password //This is very important for security reasons because once the password has been compromised, //The attacker cannot still get the plain text password equivalent without brute force. function HashPassword($input) { //Credits: http://crackstation.net/hashing-security.html //This is secure hashing the consist of strong hash algorithm sha 256 and using highly random salt $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); $hash = hash("sha256", $salt . $input); $final = $salt . $hash; return $final; } $hashedpassword = HashPassword($desired_password); //Insert username and the hashed password to MySQL database mysql_query("INSERT INTO `authentication` (`username`, `password`) VALUES ('{$desired_username}', '{$hashedpassword}')") or die(mysql_error()); //Send notification to webmaster $message = "New member has just registered: {$desired_username}"; mail($email, $subject, $message, $from); //redirect to login page header(sprintf("Location: %s", $loginpage_url)); exit; } } ?> <!DOCTYPE HTML> <html> <head> <title>Register as a Valid User</title>
// Pega senha atual $results = ldap_search($conexao, "ou=System," . $dn, "cn=" . $usuario); $numresults = ldap_count_entries($conexao, $results); $info = ldap_get_entries($conexao, $results); $senhaantigaldap = $info[0]["userpassword"][0]; // Verificando senha antiga if (!ValidatePassword($senhaantiga, $senhaantigaldap)) { echo "<tr><td><font color=\"red\"><b>Senha atual não é válida!</b></font></td></tr>"; echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>"; } else { if ($novasenha != $novasenha2) { echo "<tr><td><font color=\"red\"><b>As novas senhas não são iguais!</b></font></td></tr>"; echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>"; } else { // Alterar senha $entry["userpassword"][0] = HashPassword($novasenha); $uptdn = "cn=" . $usuario . ",ou=System," . $dn; if (ldap_modify($conexao, $uptdn, $entry)) { echo "<tr><td align=\"center\"><b>Senha atualizada com sucesso!<br>Por favor, efetue o <i>logout</i> e <i>login</i> no sistema novamente!</b></td></tr>"; echo "<tr><td align=\"center\"><a href=\"logout.php\">Logout!</a></td></tr>"; } else { echo "<tr><td align=\"center\"><font color=\"red\"><b>A senha não foi atualizada!<br>(" . ldap_error($conexao) . ")</b></font></td></tr>"; echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>"; } } } } else { echo "<tr><td><font color=\"red\"><b>Preencha os campos corretamente!</b></font></td></tr>"; echo "<tr><td align=\"center\"><a href=\"senha.php\"><img align=\"middle\" border=\"0\" src=\"../figuras/volta2.gif\"></a></td></tr>"; } }
if ($passnew == $passnew2) { $passwordmatch = TRUE; } else { $passwordmatch = FALSE; } if ($passwordnotempty == TRUE && $passwordmatch == TRUE) { function HashPassword($input) { //Credits: http://crackstation.net/hashing-security.html //This is secure hashing the consist of strong hash algorithm sha 256 and using highly random salt $salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); $hash = hash("sha256", $salt . $input); $final = $salt . $hash; return $final; } $hashedpassword = HashPassword($passnew); $prenom = $_SESSION['prenom']; $nom = $_SESSION['nom']; $query = "UPDATE `see_authentification` SET `password`= '{$hashedpassword}' WHERE `prenom` = '{$prenom}' AND `nom` = '{$nom}' "; mysql_query("SET NAMES UTF8"); $result = mysql_query($query) or die(mysql_error()); header(sprintf("Location: %s", $loginpage_url)); exit; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr" lang="fr"> <head> <title>INDAL - Suivi des Etudes d'Eclairage</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
protected function _up_home() { global $bio, $warning; $v = $this->__(w('send address')); if (!empty($v->send)) { $v = _array_merge($v, $this->__(array_merge(w('password firstname lastname country status'), _array_keys(w('gender birth_day birth_month birth_year'), 0)))); if (empty($v->address)) { $warning->set('empty_address'); } if (empty($v->password)) { $warning->set('empty_password'); } if (!email_format($v->address)) { $warning->set('bad_address'); } if (!($v->alias = _low($v->firstname . $v->lastname))) { $warning->set('bad_alias'); } if ($this->alias_exists($v->alias)) { $warning->set('record_alias'); } if (!($v->country = $this->country_exists($v->country))) { $warning->set('bad_country'); } if (!$v->birth_day || !$v->birth_month || !$v->birth_year) { $warning->set('bad_birth'); } $v->birth = _timestamp($v->birth_month, $v->birth_day, $v->birth_year); $v->name = trim($v->firstname) . ' ' . trim($v->lastname); $sql_insert = array('type' => 0, 'level' => 0, 'active' => 1, 'alias' => $v->alias, 'name' => $v->firstname . ' ' . $v->lastname, 'first' => $v->firstname, 'last' => $v->lastname, 'key' => HashPassword($v->password), 'address' => $v->address, 'gender' => $v->gender, 'birth' => $v->birth, 'birthlast' => 0, 'regip' => $bio->v('ip'), 'regdate' => time(), 'session_time' => time(), 'lastpage' => '', 'timezone' => -6, 'dst' => 0, 'dateformat' => 'd M Y H:i', 'lang' => 'sp', 'country' => $v->country, 'avatar' => '', 'actkey' => '', 'recovery' => 0, 'fails' => 0); $bio->id = sql_put('_bio', prefix('bio', $sql_insert)); $sql_insert = array('bio' => $bio->id, 'name' => $v->address, 'primary' => 1); sql_put('_bio_address', prefix('address', $sql_insert)); echo 'OK'; exit; } //$gi = geoip_open(XFS.XCOR . 'store/geoip.dat', GEOIP_STANDARD); $geoip_code = ''; if ($bio->v('ip') != '127.0.0.1') { // GeoIP if (!@function_exists('geoip_country_code_by_name')) { //require_once(XFS.XCOR . 'geoip.php'); } //$geoip_code = @geoip_country_code_by_name($bio->v('ip')); } for ($i = 1; $i < 32; $i++) { if ($i == 1) { _style('birth_day'); } _style('birth_day.row', array('DAY' => $i)); } for ($i = 1; $i < 13; $i++) { if ($i == 1) { _style('birth_month'); } _style('birth_month.row', array('MONTH' => $i)); } for ($i = date('Y'); $i > 1900; $i--) { if ($i == date('Y')) { _style('birth_year'); } _style('birth_year.row', array('YEAR' => $i)); } //_pre($geoip_code, true); /* $sql = 'SELECT * FROM _countries ORDER BY country_name'; $countries = sql_rowset($sql); $v->country = ($v->country) ? $v->country : ((isset($country_codes[$geoip_code])) ? $country_codes[$geoip_code] : $country_codes['gt']); foreach ($countries as $i => $row) { if (!$i) _style('countries'); _style('countries.row', array( 'V_ID' => $row->country_id, 'V_NAME' => $row->country_name, 'V_SEL' => 0) ); } * */ return; }