function saveImage($url, $text) { require_once "config/config.php"; // Inserting data into database $stmt = $db->prepare("INSERT INTO imgs VALUES (?, ?, ?, ?)"); $data = array(null, $url, $text, createHash($db, $url)); $stmt->execute($data); $hash = getSingleImageHash($db, $url); return $hash; }
$newPasswordConfirm = $_POST['NewPasswordConfirm']; } // On vérifie si des champs sont vides if (empty($newPassword) || empty($newPasswordConfirm)) { $error_fieldsempty = '- Un ou plusieurs champs de texte sont vides. Veuillez les remplir. \\n'; $i++; } // Si le mot de passe et sa confirmation ne correspondent pas if ($newPassword != $newPasswordConfirm) { $error_passwordconfirm = '- Le mot de passe et sa confirmation sont différents. \\n'; $i++; } // Si le mot de passe est trop petit if (strlen($newPassword) < 6 && !empty($newPassword)) { $error_passwordwrongsize = '- Votre mot de passe doit contenir au minimum huit caractères. \\n'; $i++; } // S'il n'y a aucune erreur if ($i == 0) { updatePassword($noUser, createHash($newPassword)); header('Location: ../view/view_update_password.php'); $_SESSION['success_update_password'] = "******"; } else { setErrors(); header('Location: ../view/view_update_password.php'); } function setErrors() { global $error_passwordconfirm, $error_fieldsempty, $error_passwordwrongsize; $_SESSION['errors_update_password'] = '******' . $error_passwordconfirm . $error_fieldsempty . $error_passwordwrongsize; }
function passwordCreate($username, $password) { global $aeskey; // First check if crypt works properly. Old PHP versions like Debian 6 with 5.3.3 will run into an error if (crypt('password', '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') == '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') { return password_hash($password, PASSWORD_DEFAULT); } else { $newSalt = md5(mt_rand() . strtotime('now')); return array('hash' => createHash($username, $password, $newSalt, $aeskey), 'salt' => $newSalt); } }
function changePasswordCheck($oldPassword, $newPassword, $newPasswordC, $userData) { if ($_SESSION['adminType'] != 'sadmin' || $userData['title'] == 'Super Administrator') { if (!isset($oldPassword) || $oldPassword == '') { $result = lt('Error old password box is empty') . '...'; return $result; } $oldPassHash = createHash($oldPassword, substr($userData['password'], 0, strlen($userData['password']) / 2), 'sha1'); if ($oldPassHash != $userData['password']) { $result = lt('Error old password was not validated correctly') . '...'; return $result; } } else { if (!isset($oldPassword) || $oldPassword == '') { $result = lt('Error old password box is empty') . '...'; return $result; } $oldPassHash = createHash($oldPassword, substr(RAZOR_SADMIN_PASS, 0, strlen(RAZOR_SADMIN_PASS) / 2), 'sha1'); if ($oldPassHash != RAZOR_SADMIN_PASS) { $result = lt('Error super admin password was not validated correctly') . '...'; return $result; } } if (!isset($newPassword) || !isset($newPasswordC) || $newPassword == '' || $newPasswordC == '') { $result = lt('Error a new password box is empty') . '...'; return $result; } if ($newPassword != $newPasswordC) { $result = lt('Error new password was not confirmed correctly') . '...'; return $result; } return false; }
function loginCheck($data, $check) { $this->salt = $data['salt']; $this->secret = $data['secret']; if (!$check['secret']) { $check['secret'] = $check['fname'] . '_' . $check['lname'] . '_' . substr($check['email'], 0, 4); } if ($this->secret === createHash($this->salt, $check['secret'])) { return true; } else { return false; } }
if ($destroySession) { session_start(); session_destroy(); } exit; } // if create account form is submitted if (isset($_POST['createAccount'])) { // clean form data $newEmail = cleanValue($_POST['newEmail'], true); $newPassword = cleanValue($_POST['newPassword'], true); $newSecureQ = cleanValue($_POST['newSecureQ'], true); $newSecureA = cleanValue($_POST['newSecureA']); // encrypt password & security answer $newPassHash = createHash($newPassword); $newSecAHash = createHash($newSecureA); // check for valid email address if (!filter_var($newEmail, FILTER_VALIDATE_EMAIL)) { $arr = array('status' => 'invalid', 'email' => $newEmail, 'message' => 'Please enter a valid email address.', 'timestamp' => $date); createJSON($arr, true); } if (checkPassword($newPassword) === 'less') { $arr = array('status' => 'invalid', 'email' => $newEmail, 'message' => 'Your password must be 8 or more characters.', 'timestamp' => $date); createJSON($arr, true); } if (checkPassword($newPassword) === 'more') { $arr = array('status' => 'invalid', 'email' => $newEmail, 'message' => 'Your password must be less than 12 characters.', 'timestamp' => $date); createJSON($arr, true); } // attempt to insert form data into database $newAccountsSQL = "INSERT INTO {$tbName} (email, hash, date, security_q, security_a)\n VALUES ('{$newEmail}','{$newPassHash}','{$date}','{$newSecureQ}','{$newSecAHash}')";
<?php include 'libaweb/seculib.php'; include 'libaweb/dblib.php'; $pass = $_GET['pwd']; $pass = clean($pass); $dbContoller = new DbContoller(); if (!$dbContoller->isConn) { echo "connect is fail!"; } else { $return_pass = $dbContoller->selectPassword(); $dbContoller->dbClose(); if ($return_pass) { $salt = $return_pass["salt"]; $hash_string = createHash($salt, $pass); if ($hash_string == $return_pass["password"]) { header("location: car.php"); } else { echo "fail!"; } } else { echo "Pass invalid..."; } }
require_once 'db.php'; $db = DB::getDB(); $action = $_GET['action']; function createHash() { return hash('sha256', uniqid()); } if ($action == 'login') { $inputUser = $_GET['name']; $inputPassword = $_GET['password']; $data = $db->get('users', array('username', '=', $inputUser)); if ($data->count()) { $userFromDB = $data->first(); if ($userFromDB->password == $inputPassword) { $hash = createHash(); echo $_GET['callback'] . '(' . "{'answer' : 'correct', 'hash' : " . json_encode($hash) . "}" . ')'; $db->insert('users_session', array('user_id' => $userFromDB->id, 'hash' => $hash)); } else { echo $_GET['callback'] . '(' . "{'answer' : 'incorrect', 'reason' : 'password'}" . ')'; } } else { echo $_GET['callback'] . '(' . "{'answer' : 'incorrect', 'reason' : 'username'}" . ')'; } } else { if ($action == 'register') { $inputUser = $_GET['name']; $inputPassword = $_GET['password']; $inputFirstName = $_GET['firstname']; $inputLastName = $_GET['lastname']; $inputGender = $_GET['gender'];
public function Hash($input) { createHash($input); }
$i++; } // Vérification de la taille du nom d'utilisateur if (strlen($username) < 6 && !empty($username)) { $error_usernamewrongsize = '- Le nom d\'utilisateur doit contenir au minimum six caractères. \\n'; $i++; } // On vérifie si des champs sont vides if (empty($username) || empty($password) || empty($pass_confirm) || empty($email) || empty($last_name) || empty($first_name)) { $error_fieldsempty = '- Un ou plusieurs champs de texte sont vides. Veuillez les remplir. \\n'; $i++; } // S'il n'y a aucune erreur if ($i == 0) { // Fonction qui créé l'utilisateur dans la base de données createUser($username, createHash($password), $email, $last_name, $first_name, $user_type); // Si on s'est bien inscrit, alors on peut supprimer ces variables de session unset($_SESSION['new_account_username']); unset($_SESSION['new_account_email']); unset($_SESSION['new_account_last_name']); unset($_SESSION['new_account_first_name']); $_SESSION["new_account_success"] = true; header('Location: ../view/view_Login.php'); } else { setErrors(); header('Location: ../view/view_create_account.php'); } // Fonction permettant d'initialiser les erreurs dans une variable de session afin de les faire apparaître // une fois de retour sur la vue function setErrors() {
} else { if (strlen($pass) > 0 && strlen($newPass) > 0 && strlen($reNewPass) > 0) { $pass = clean($pass); $newPass = clean($newPass); $reNewPass = clean($reNewPass); $return_pass = $dbContoller->selectPassword(); if ($return_pass) { echo $return_pass["salt"]; $salt = $return_pass["salt"]; //echo $salt . "<br/>"; $hash_string = createHash($salt, $pass); if ($hash_string == $return_pass["password"]) { echo $hash_string; if ($newPass == $reNewPass) { $newSalt = genSalt(); $newPass = createHash($newSalt, $newPass); $update = $dbContoller->updatePassword($newPass, $newSalt); if ($update) { header("location: index.html"); } else { echo "fail"; } } $dbContoller->dbClose(); } else { echo "Pass invalid..."; } } else { echo "Connect is fail...."; } } else {
// edit razor array /////////////////////////////////////// BsocketB('admin-edit-razorarray', array(&$razorArray)); /////////////////////////////////////////////////////////// // login // if (!isset($_SESSION['adminLogIn'])) { if (isset($_POST['user']) && $_POST['user'] != '' && isset($_POST['pass']) && $_POST['pass'] != '') { if (!checkLog()) { if ($_POST['user'] == RAZOR_SADMIN_USER and createHash($_POST['pass'], substr(RAZOR_SADMIN_PASS, 0, strlen(RAZOR_SADMIN_PASS) / 2), 'sha1') == RAZOR_SADMIN_PASS) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'sadmin'; } elseif ($_POST['user'] == RAZOR_ADMIN_USER and createHash($_POST['pass'], substr(RAZOR_ADMIN_PASS, 0, strlen(RAZOR_ADMIN_PASS) / 2), 'sha1') == RAZOR_ADMIN_PASS) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_ADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'admin'; } elseif ($_POST['user'] == RAZOR_USER_USER and createHash($_POST['pass'], substr(RAZOR_USER_PASS, 0, strlen(RAZOR_USER_PASS) / 2), 'sha1') == RAZOR_USER_PASS) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_USER_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'user'; } else { loginLog(); } } else { MsgBox(lt('You have exceeded the max amount of login attempts in') . ' ' . RAZOR_LOGAT_TIME / 60 . ' ' . lt('minutes'), 'redbox'); } } } else { if ($_SESSION['adminLogIn'] == sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $_SESSION['loginTimeStamp'] . $_SERVER['HTTP_USER_AGENT'])) { $_SESSION['loginTimeStamp'] = $ts = time(); $_SESSION['adminLogIn'] = sha1($_SERVER['REMOTE_ADDR'] . RAZOR_SADMIN_USER . $ts . $_SERVER['HTTP_USER_AGENT']); $_SESSION['adminType'] = 'sadmin';
function notifyExpirations() { global $con; global $startTime; global $mail; global $errorCode; global $sensitive; if ($_REQUEST['pass'] != $sensitive['notifyPassword']) { header("HTTP/1.1 403 Forbidden"); $errorCode = 403; } else { set_time_limit(0); $unrenewedTextbooksQuery = "SELECT * FROM `textbooks` WHERE `renew` < '2016-09-30 23:59:59' AND `status` = 'unsold'"; //Need to make automated date finding eventually. $unrenewedTextbooks = mysqli_query($con, $unrenewedTextbooksQuery); $i = 0; while ($row = mysqli_fetch_array($unrenewedTextbooks, MYSQLI_ASSOC)) { if (isset($notifyUsers[$row['user_id']])) { array_push($notifyUsers[$row['user_id']], $row['id']); } else { $notifyUsers[$row['user_id']] = array($row['id']); } $i++; } $numSent = 0; foreach ($notifyUsers as $user => $value) { $textbookTitles = array(); if ($numSent >= $_REQUEST['first'] && $numSent < $_REQUEST['first'] + 100) { foreach ($notifyUsers[$user] as $textbookKey => $textbookId) { $textbookTitle = mysqli_fetch_array(mysqli_query($con, "SELECT title FROM textbooks WHERE id = {$textbookId}")); array_push($textbookTitles, $textbookTitle); } $userData = mysqli_fetch_array(mysqli_query($con, "SELECT id, email, name FROM users WHERE id = {$user}")); $renewLink = "https://bearcatexchange.com?email=" . $userData['email'] . "&h=" . createHash(intval($userData['id']), -1); $mail->addAddress($userData['email'], $userData['name']); $subject = 'Renew Your Textbook Listings'; $mail->Subject = $subject; $bodyText = "<div style='font-family: sans-serif; line-height: 2em;'>\n <h2 style='color: #007a5e'>It's time to renew your textbook listings!</h2>\n <div style='font-size: 1.2em;'>\n <div style='color:#000'>\n <p>The following listings are expiring on Bearcat Exchange. Once a listing is expired, it is automatically removed from the Bearcat Exchange to prevent older listings from cluttering your search. If you renew a listing, it will reappear at the top of Bearcat Exchange.</p>\n <p>If you've already sold these textbooks you may ignore this email. If not, <a href='{$renewLink}' style='color: #007a5e'>renew your textbooks now</a>!</p>\n <strong><ol>\n "; foreach ($textbookTitles as $title) { $bodyText .= "<li>" . $title[0] . "</li>"; } $bodyText .= "\n </ol></strong>\n <p>Edit or renew any of your listings at <a href='{$renewLink}' style='color: #007a5e' >{$renewLink}</a>. Thank you for using <a href='https://bearcatexchange.com' style='color: #007a5e'>Bearcat Exchange</a>, the best way to buy and sell textbooks at Binghamton. If you experience technical difficulties, please contact us at <a href='mailto:support@bearcatexchange.com' style='color: #007a5e'>support@bearcatexchange.com</a>.</p>\n </div>\n </div>\n </div>\n "; $mail->Body = $bodyText; echo "Sending " . $numSent . "<br>"; sendEmail(0, $user, $subject, $bodyText, 1); $mail->clearAddresses(); } $numSent++; } die("Success"); } }
<?php include 'libaweb/seculib.php'; include 'libaweb/dblib.php'; $pass = "******"; //$_POST["pss"]; $dbContoller = new DbContoller(); if (!$dbContoller->isConn) { echo "connect is fail!"; } else { $dbContoller->noAutoCommit(); try { //query here $newSalt = genSalt(); $pass = createHash($newSalt, $pass); $dbContoller->createPassword($pass, $newSalt); $dbContoller->commit(); echo "success"; } catch (Exception $e) { $dbContoller->rollback(); echo "Error : " . $e . ". Please try again..."; } } $dbContoller->dbClose();