function password_func($password, $password2) { // Do passwords match ? if ($password != $password2) { throw new Exception('Passwords do not match.'); } // Passwords can not contain special characters if (bad_chars($password)) { throw new Exception("Passwords can't contain spaces or the following special characters: ' \" = % ; < > --"); } // Password complexity if (!(strlen($password) >= 7 && preg_match('/^(?=.*[a-z])(?=.*[A-Z])((?=.*\\d)|(?=.*\\W)).+$/', $password))) { $ERROR = "Password does not meet complexity requirements: <br />\n"; $ERROR .= "Minimum 7 characters with at least one capital letter, one lowercase letter"; $ERROR .= " and one number or one approved special character. {$test}\n"; throw new Exception("{$ERROR}"); } // Create hash $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22); $hash = crypt($password, '$2a$12$' . $salt); return $hash; }
html_break(2); html_link_back(); } elseif ($delete) { for ($i = 0; $i != $numoffiles; $i++) { if ($fileman[$i]) { if ($GLOBALS['phpgw']->vfs->delete(array('string' => $fileman[$i]))) { html_text_summary(lang('Deleted %1', $disppath . '/' . $fileman[$i]), $fileinfo['size']); } else { $GLOBALS['phpgw']->common->error_list(array(lang('Could not delete %1', $disppath . '/' . $fileman[$i]))); } } } html_break(2); html_link_back(); } elseif ($newdir && $createdir) { if ($badchar = bad_chars($createdir, True, True)) { echo $GLOBALS['phpgw']->common->error_list(array(html_encode(lang('Directory names cannot contain "%1"', $badchar), 1))); html_break(2); html_link_back(); html_page_close(); } if ($createdir[strlen($createdir) - 1] == ' ' || $createdir[0] == ' ') { echo $GLOBALS['phpgw']->common->error_list(array(lang('Cannot create directory because it begins or ends in a space'))); html_break(2); html_link_back(); html_page_close(); } $ls_array = $GLOBALS['phpgw']->vfs->ls(array('string' => $path . '/' . $createdir, 'relatives' => array(RELATIVE_NONE), 'checksubdirs' => False, 'nofiles' => True)); $fileinfo = $ls_array[0]; if ($fileinfo['name']) { if ($fileinfo['mime_type'] != 'Directory') {
break; } } // If not in a group then give error if (!isset($login)) { $error = "Login Failed."; } } else { $error = "Login Failed."; } break; default: // Connect to DB try { // If any bad chars in post contents dont allow DB lookup if (bad_chars($_POST["username"]) || bad_chars($_POST["password"])) { throw new Exception("Input will not accept those special characters!"); } // is user valid ?? $sth = $dbh->prepare("SELECT count(HASH) FROM USERS WHERE NAME = ?"); $sth->bindParam(1, $_POST["username"]); $sth->execute(); $user_valid = $sth->fetchColumn(); $sth = null; if ($user_valid) { // if user is valid get hash $sth = $dbh->prepare("SELECT HASH,ROLE FROM USERS WHERE NAME = ?"); $sth->bindParam(1, $_POST["username"]); $sth->execute(); $row = $sth->fetch(); $db_hash = $row['HASH'];
<?php $title = "Add Device"; // Check for certain SQL chars function bad_chars($input) { if (preg_match('/([\'\\"%=;<>\\s]|--)/', $input)) { return 1; } else { return 0; } } // If post then update DB if ($_SERVER['REQUEST_METHOD'] == "POST" && $_POST["change"] == "Add") { // If input contains bad chars then give errors if (bad_chars($_POST["name"]) || bad_chars($_POST["ip"])) { $contents .= "Device name or IP address can't contain spaces or the following special characters: ' \" = % ; < > --"; } else { $name = $_POST["name"]; $ip = $_POST["ip"]; if (isset($_POST["dns"])) { $ip = "NULL"; } // Are there any blank fields ? if ($name != "" && $ip != "") { // If all checks pass then insert into DB //if ($error == 0) { $time = time(); $sth = $dbcore->prepare("INSERT INTO DEVICES ('NAME','IP','DATE_ADDED','CID_TIME','LAST_DATE') \n\t\t\t\t\t\t\t\t\t\tVALUES (:name,:ip,{$time},0,0)"); $sth->bindValue(':name', $name); $sth->bindValue(':ip', $ip);