function register_valid(Codendi_Request $request) { global $Language; if (!$request->existAndNonEmpty('Update')) { return false; } if (!$request->existAndNonEmpty('user_id')) { $GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_userid')); return false; } if (!$request->existAndNonEmpty('form_pw')) { $GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_nopasswd')); return false; } if ($request->get('form_pw') != $request->get('form_pw2')) { $GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_passwd')); return false; } $errors = array(); if (!account_pwvalid($request->get('form_pw'), $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return false; } // if we got this far, it must be good $user_manager = UserManager::instance(); $user = $user_manager->getUserById($request->get('user_id')); $user->setPassword($request->get('form_pw')); if (!$user_manager->updateDb($user)) { $GLOBALS['Response']->addFeedback(Feedback::ERROR, $Language->getText('admin_user_changepw', 'error_update')); return false; } return true; }
function register_valid() { if (!$GLOBALS["Update"]) { return 0; } // check against old pw $res = db_query("SELECT user_pw, status FROM users WHERE user_id=" . user_getid()); $row_pw = db_fetch_array($res); if ($row_pw[user_pw] != md5($GLOBALS[form_oldpw])) { $GLOBALS[register_error] = "Old password is incorrect."; return 0; } if ($row_pw[status] != 'A') { $GLOBALS[register_error] = "Account must be active to change password."; return 0; } if (!$GLOBALS[form_pw]) { $GLOBALS[register_error] = "You must supply a password."; return 0; } if ($GLOBALS[form_pw] != $GLOBALS[form_pw2]) { $GLOBALS[register_error] = "Passwords do not match."; return 0; } if (!account_pwvalid($GLOBALS[form_pw])) { return 0; } // if we got this far, it must be good $user =& user_get_object(user_getid()); if (!$user->setPasswd($GLOBALS['form_pw'])) { $GLOBALS['register_error'] = $user->getErrorMessage(); return 0; } return 1; }
function register_valid() { global $Language; if (!isset($GLOBALS['Update'])) { return 0; } if (!isset($GLOBALS['user_id'])) { $GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_userid')); return 0; } if (!isset($GLOBALS['form_pw'])) { $GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_nopasswd')); return 0; } if ($GLOBALS['form_pw'] != $GLOBALS['form_pw2']) { $GLOBALS['Response']->addFeedback('error', $Language->getText('admin_user_changepw', 'error_passwd')); return 0; } if (!account_pwvalid($GLOBALS['form_pw'], $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return 0; } // if we got this far, it must be good if (!account_set_password($GLOBALS['user_id'], $GLOBALS['form_pw'])) { $GLOBALS['register_error'] = $Language->getText('admin_user_changepw', 'error_update'); return 0; } return 1; }
function register_valid() { global $form_user; if (!$GLOBALS["Update"]) { return 0; } // check against old pw db_query("SELECT user_pw FROM users WHERE user_id={$form_user}"); if (!$GLOBALS['form_pw']) { $GLOBALS['register_error'] = "You must supply a password."; return 0; } if ($GLOBALS['form_pw'] != $GLOBALS['form_pw2']) { $GLOBALS['register_error'] = "Passwords do not match."; return 0; } if (!account_pwvalid($GLOBALS['form_pw'])) { return 0; } // if we got this far, it must be good //$user=user_get_object(user_getid()); $user = user_get_object($form_user); if (!$user->setPasswd($GLOBALS['form_pw'])) { $GLOBALS['register_error'] = $user->getErrorMessage(); return 0; } return 1; }
function register_valid($user_id, CSRFSynchronizerToken $csrf, EventManager $event_manager) { $request = HTTPRequest::instance(); if (!$request->isPost() || !$request->exist('Update')) { return 0; } $csrf->check(); // check against old pw $user_manager = UserManager::instance(); $user = $user_manager->getUserById($user_id); if ($user === null) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'user_not_found')); return 0; } $password_expiration_checker = new User_PasswordExpirationChecker(); $password_handler = PasswordHandlerFactory::getPasswordHandler(); $login_manager = new User_LoginManager($event_manager, $user_manager, $password_expiration_checker, $password_handler); if (!$login_manager->verifyPassword($user, $request->get('form_oldpw'))) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'incorrect_old_password')); return 0; } try { $status_manager = new User_UserStatusManager(); $status_manager->checkStatus($user); } catch (User_StatusInvalidException $exception) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'account_inactive')); return 0; } if (!$request->exist('form_pw')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_needed')); return 0; } if ($request->get('form_pw') != $request->get('form_pw2')) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'password_not_match')); return 0; } if ($request->get('form_pw') === $request->get('form_oldpw')) { $GLOBALS['Response']->addFeedback('warning', $GLOBALS['Language']->getText('account_change_pw', 'identical_password')); return 0; } if (!account_pwvalid($request->get('form_pw'), $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return 0; } // if we got this far, it must be good $user->setPassword($request->get('form_pw')); if (!$user_manager->updateDb($user)) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_change_pw', 'internal_error_update')); return 0; } return 1; }
function account_register_new($unix_name, $realname, $password1, $password2, $email, $language, $timezone, $mail_site, $mail_va, $language_id, $timezone) { global $feedback; if (db_numrows(db_query("SELECT user_id FROM users WHERE user_name LIKE '{$unix_name}'")) > 0) { $feedback .= "That username already exists."; return false; } // Check that username is not identical with an existing unix groupname (groups) helix 22.06.2001 if (db_numrows(db_query("SELECT unix_group_name FROM groups WHERE unix_group_name LIKE '{$unix_name}'")) > 0) { $feedback .= "That username is identical with the unixname of an existing group."; return false; } // End of change helix 22.06.2001 if (!$unix_name) { $feedback .= "You must supply a username."; return false; } if (!$password1) { $feedback .= "You must supply a password."; return false; } if ($password1 != $password2) { $feedback .= "Passwords do not match."; return false; } if (!account_pwvalid($password1)) { $feedback .= ' Password must be at least 6 characters. '; return false; } if (!account_namevalid($unix_name)) { $feedback .= ' Invalid Unix Name '; return false; } if (!validate_email($email)) { $feedback .= ' Invalid Email Address '; return false; } // if we got this far, it must be good $confirm_hash = substr(md5($session_hash . $HTTP_POST_VARS['form_pw'] . time()), 0, 16); $result = db_query("INSERT INTO users (user_name,user_pw,unix_pw,realname,email,add_date," . "status,confirm_hash,mail_siteupdates,mail_va,language,timezone) " . "VALUES ('{$unix_name}'," . "'" . md5($password1) . "'," . "'" . account_genunixpw($password1) . "'," . "'" . "{$realname}'," . "'{$email}'," . "'" . time() . "'," . "'P'," . "'{$confirm_hash}'," . "'" . ($mail_site ? "1" : "0") . "'," . "'" . ($mail_va ? "1" : "0") . "'," . "'{$language_id}'," . "'{$timezone}')"); $user_id = db_insertid($result, 'users', 'user_id'); if (!$result || !$user_id) { $feedback .= ' Insert Failed ' . db_error(); return false; } else { // send mail $message = "Thank you for registering on the " . $GLOBALS['sys_default_name'] . " web site. In order\n" . "to complete your registration, visit the following url: \n\n" . "https://" . $GLOBALS['HTTP_HOST'] . "/account/verify.php?confirm_hash={$confirm_hash}\n\n" . "Enjoy the site.\n\n" . " -- the " . $GLOBALS['sys_default_name'] . " staff\n"; mail($email, $GLOBALS['sys_default_name'] . " Account Registration", $message, "From: noreply@" . $GLOBALS['sys_default_domain']); return $user_id; } }
function register_valid($user_id) { $request =& HTTPRequest::instance(); if (!$request->isPost() || !$request->exist('Update')) { return 0; } // check against old pw $res = db_query("SELECT user_pw, status FROM user WHERE status IN ('A', 'R') AND user_id=" . db_ei($user_id)); if (!$res || db_numrows($res) != 1) { $GLOBALS['Response']->addFeedback('error', "Internal error: Cannot locate user in database."); return 0; } $row_pw = db_fetch_array(); if ($row_pw['user_pw'] != md5($request->get('form_oldpw'))) { $GLOBALS['Response']->addFeedback('error', "Old password is incorrect."); return 0; } if ($row_pw['status'] != 'A' && $row_pw['status'] != 'R') { $GLOBALS['Response']->addFeedback('error', "Account must be active to change password."); return 0; } if (!$request->exist('form_pw')) { $GLOBALS['Response']->addFeedback('error', "You must supply a password."); return 0; } if ($request->get('form_pw') != $request->get('form_pw2')) { $GLOBALS['Response']->addFeedback('error', "Passwords do not match."); return 0; } if (!account_pwvalid($request->get('form_pw'), $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return 0; } // if we got this far, it must be good if (!account_set_password($user_id, $request->get('form_pw'))) { $GLOBALS['Response']->addFeedback('error', "Internal error: Could not update password."); return 0; } return 1; }
<?php header("Cache-Control: no-cache, no-store, must-revalidate"); require_once 'pre.php'; require_once 'account.php'; $request =& HTTPRequest::instance(); account_pwvalid($request->get('form_pw'), $errors); echo '[' . implode(', ', array_keys($errors)) . ']';
/** * setPasswd - Changes user's password. * * @param string The plaintext password. * @return boolean success. */ function setPasswd($passwd) { global $SYS; if (!account_pwvalid($passwd)) { $this->setError('Error: ' . $GLOBALS['register_error']); return false; } db_begin(); $unix_pw = account_genunixpw($passwd); $res = db_query("\n\t\t\tUPDATE users\n\t\t\tSET user_pw='" . md5($passwd) . "',\n\t\t\tunix_pw='{$unix_pw}'\n\t\t\tWHERE user_id='" . $this->getID() . "'\n\t\t"); if (!$res || db_affected_rows($res) < 1) { $this->setError('ERROR - Could Not Change User Password: '******'{crypt}' . $unix_pw)) { $this->setError($SYS->getErrorMessage()); db_rollback(); return false; } } } $hook_params = array(); $hook_params['user'] = $this; $hook_params['user_id'] = $this->getID(); $hook_params['user_password'] = $passwd; plugin_hook("user_setpasswd", $hook_params); db_commit(); return true; }
function register_valid($confirm_hash) { global $Language; $request =& HTTPRequest::instance(); $vLoginName = new Valid_UserNameFormat('form_loginname'); $vLoginName->required(); if (!$request->valid($vLoginName)) { return 0; } $vRealName = new Valid_RealNameFormat('form_realname'); $vRealName->required(); if (!$request->valid($vRealName)) { $GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_realname')); return 0; } if (!$request->existAndNonEmpty('form_pw')) { $GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_nopasswd')); return 0; } $tz = $request->get('timezone'); if (!is_valid_timezone($tz)) { $GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_notz')); return 0; } if (!$request->existAndNonEmpty('form_register_purpose') && ($GLOBALS['sys_user_approval'] && $request->get('page') != "admin_creation")) { $GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_nopurpose')); return 0; } if (!validate_email($request->get('form_email'))) { $GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_email')); return 0; } if ($request->get('page') != "admin_creation" && $request->get('form_pw') != $request->get('form_pw2')) { $GLOBALS['Response']->addFeedback('error', $Language->getText('account_register', 'err_passwd')); return 0; } if (!account_pwvalid($request->get('form_pw'), $errors)) { foreach ($errors as $e) { $GLOBALS['Response']->addFeedback('error', $e); } return 0; } $expiry_date = 0; if ($request->exist('form_expiry') && $request->get('form_expiry') != '' && !ereg("[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}", $request->get('form_expiry'))) { $GLOBALS['Response']->addFeedback('error', $GLOBALS['Language']->getText('account_register', 'data_not_parsed')); return 0; } $vDate = new Valid_String(); $vDate->required(); if ($request->exist('form_expiry') && $vDate->validate($request->get('form_expiry'))) { $date_list = split("-", $request->get('form_expiry'), 3); $unix_expiry_time = mktime(0, 0, 0, $date_list[1], $date_list[2], $date_list[0]); $expiry_date = $unix_expiry_time; } $status = 'P'; if ($request->get('page') == "admin_creation") { if ($request->get('form_restricted')) { $status = 'R'; } else { $status = 'A'; } } //use sys_lang as default language for each user at register $res = account_create($request->get('form_loginname'), $request->get('form_pw'), '', $request->get('form_realname'), $request->get('form_register_purpose'), $request->get('form_email'), $status, $confirm_hash, $request->get('form_mail_site'), $request->get('form_mail_va'), $tz, UserManager::instance()->getCurrentUser()->getLocale(), 'A', $expiry_date); return $res; }
$mail->AddBCC($tbl_admins['email']); } $copyAdmins = "Yes"; } // initial message $message = $lang[REG_NEW]; if ($_POST['registerSubmit']) { global $feedback, $hidden_hash_var, $db_link; $username = $_POST['username']; $password1 = $_POST['password1']; $password2 = $_POST['password2']; $email = $_POST['email']; //all vars present and passwords match? if ($username && $password1 && $password1 == $password2 && $email && validate_email($email)) { //password and name are valid? if (account_namevalid($username) && account_pwvalid($password1)) { $username = strtolower($username); //does the name exist in the database? $sql = "SELECT * FROM " . TABLE_USERS . " WHERE username='******'"; $result = mysql_query($sql, $db_link); if ($result && mysql_numrows($result) > 0) { $feedback .= "ERR_USERNAME_RESERVED"; } else { //create a new hash to insert into the db and the confirmation email $hash = md5($email . $hidden_hash_var); $sql = "INSERT INTO " . TABLE_USERS . " (username, usertype, password, email, confirm_hash, is_confirmed) " . "VALUES ('{$username}','user','" . md5($password1) . "','{$email}', '{$hash}','0')"; $result = mysql_query($sql, $db_link); if (!$result) { $feedback .= ' MySQL ERROR - ' . mysql_error(); } else { //send the confirm email
function user_register($user_name, $password1, $password2, $email, $real_name) { global $feedback, $hidden_hash_var; //all vars present and passwords match? if ($user_name && $password1 && $password1 == $password2 && $email && validate_email($email)) { //password and name are valid? if (account_namevalid($user_name) && account_pwvalid($password1)) { $user_name = strtolower($user_name); $password1 = strtolower($password1); //does the name exist in the database? $sql = "SELECT * FROM user WHERE user_name='{$user_name}'"; $result = db_query($sql); if ($result && db_numrows($result) > 0) { $feedback .= ' ERROR - USER NAME EXISTS '; return false; } else { //create a new hash to insert into the db and the confirmation email $hash = md5($email . $hidden_hash_var); $sql = "INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) " . "VALUES ('{$user_name}','{$real_name}','" . md5($password1) . "','{$email}','{$GLOBALS['REMOTE_ADDR']}','{$hash}','0')"; $result = db_query($sql); if (!$result) { $feedback .= ' ERROR - ' . db_error(); return false; } else { //send the confirm email user_send_confirm_email($email, $hash); $feedback .= ' Successfully Registered. You Should Have a Confirmation Email Waiting '; return true; } } } else { $feedback .= ' Account Name or Password Invalid '; return false; } } else { $feedback .= ' ERROR - Must Fill In User Name, Matching Passwords, And Provide Valid Email Address '; return false; } }