function userLogin()
{
$userName = $_POST['userName'];
$password = $_POST['userPassword'];
$rememberData = $_POST['rememberData'];
# Verify if the user currently exists in the Database
$result = validateUserCredentials($userName);
if ($result['status'] == 'COMPLETE') {
$decryptedPassword = decryptPassword($result['password']);
# Compare the decrypted password with the one provided by the user
if ($decryptedPassword === $password) {
$response = array("status" => "COMPLETE");
# Starting the sesion
startSession($result['fName'], $result['lName'], $userName);
# Setting the cookies
if ($rememberData) {
setcookie("cookieUserName", $userName);
}
echo json_encode($response);
} else {
die(json_encode(errors(306)));
}
} else {
die(json_encode($result));
}
}
function ftp_openconnection()
{
// --------------
// This function opens an ftp connection
// --------------
// Global variables
global $net2ftp_globals;
// Check if the FTP module of PHP is installed
if (function_exists("ftp_connect") == false) {
$errormessage = Yii::t('mc', 'The <a href=\\"http://www.php.net/manual/en/ref.ftp.php\\" target=\\"_blank\\">FTP module of PHP</a> is not installed.<br /><br /> The administrator of this website should install this FTP module. Installation instructions are given on <a href=\\"http://www.php.net/manual/en/ref.ftp.php\\" target=\\"_blank\\">php.net</a><br />');
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
// Decrypt password
$sessKey = "net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"];
if (isset($_SESSION[$sessKey]) == true) {
$net2ftp_password = decryptPassword($_SESSION[$sessKey]);
} else {
$net2ftp_password = decryptPassword($net2ftp_globals["password_encrypted"]);
}
// Check if port nr is filled in
if ($net2ftp_globals["ftpserverport"] < 1 || $net2ftp_globals["ftpserverport"] > 65535 || $net2ftp_globals["ftpserverport"] == "") {
$net2ftp_globals["ftpserverport"] = 21;
}
// Set up basic connection
$ftp_connect = "ftp_connect";
if ($net2ftp_globals["sslconnect"] == "yes" && function_exists("ftp_ssl_connect")) {
$ftp_connect = "ftp_ssl_connect";
}
$conn_id = $ftp_connect($net2ftp_globals["ftpserver"], $net2ftp_globals["ftpserverport"]);
if ($conn_id == false) {
$errormessage = Yii::t('mc', 'Unable to connect to FTP server <b>{ip}</b> on port <b>{port}</b>.', array('{ip}' => $net2ftp_globals["ftpserver"], '{port}' => $net2ftp_globals["ftpserverport"]));
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
// Login with username and password
$login_result = ftp_login($conn_id, $net2ftp_globals["username"], $net2ftp_password);
if ($login_result == false) {
unset($_SESSION[$sessKey]);
$errormessage = Yii::t('mc', 'Unable to login to FTP server, please make sure the password has been entered correctly.<br/><br/>(FTP Server: {ip}:{port}, user: {user})<br/><br/>', array('{ip}' => $net2ftp_globals["ftpserver"], '{port}' => $net2ftp_globals["ftpserverport"], '{user}' => $net2ftp_globals["username"]));
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
// Set passive mode
if ($net2ftp_globals["passivemode"] == "yes") {
$success = ftp_pasv($conn_id, TRUE);
if ($success == false) {
$errormessage = Yii::t('mc', 'Unable to switch to passive mode on FTP server <b>{ip}</b>.', array('{ip}' => $net2ftp_globals["ftpserver"]));
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
}
// Get the system type
// $net2ftp_globals["systype"] = ftp_systype($conn_id);
// Return the connection ID
return $conn_id;
}
function ftp_openconnection()
{
// --------------
// This function opens an ftp connection
// --------------
// Global variables
global $net2ftp_globals;
// Check if the FTP module of PHP is installed
if (function_exists("ftp_connect") == false) {
$errormessage = __("The <a href=\"http://www.php.net/manual/en/ref.ftp.php\" target=\"_blank\">FTP module of PHP</a> is not installed.<br /><br /> The administrator of this website should install this FTP module. Installation instructions are given on <a href=\"http://www.php.net/manual/en/ref.ftp.php\" target=\"_blank\">php.net</a><br />");
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
// Decrypt password
if (isset($_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]]) == true) {
$net2ftp_password = decryptPassword($_SESSION["net2ftp_password_encrypted_" . $net2ftp_globals["ftpserver"] . $net2ftp_globals["username"]]);
} else {
$net2ftp_password = decryptPassword($net2ftp_globals["password_encrypted"]);
}
// Check if port nr is filled in
if ($net2ftp_globals["ftpserverport"] < 1 || $net2ftp_globals["ftpserverport"] > 65535 || $net2ftp_globals["ftpserverport"] == "") {
$net2ftp_globals["ftpserverport"] = 21;
}
// Set up basic connection
$ftp_connect = "ftp_connect";
if ($net2ftp_globals["sslconnect"] == "yes" && function_exists("ftp_ssl_connect")) {
$ftp_connect = "ftp_ssl_connect";
}
$conn_id = $ftp_connect($net2ftp_globals["ftpserver"], $net2ftp_globals["ftpserverport"]);
if ($conn_id == false) {
$errormessage = __("Unable to connect to FTP server <b>%1\$s</b> on port <b>%2\$s</b>.<br /><br />Are you sure this is the address of the FTP server? This is often different from that of the HTTP (web) server. Please contact your ISP helpdesk or system administrator for help.<br />", $net2ftp_globals["ftpserver"], $net2ftp_globals["ftpserverport"]);
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
// Login with username and password
$login_result = ftp_login($conn_id, $net2ftp_globals["username"], $net2ftp_password);
if ($login_result == false) {
$errormessage = __("Unable to login to FTP server <b>%1\$s</b> with username <b>%2\$s</b>.<br /><br />Are you sure your username and password are correct? Please contact your ISP helpdesk or system administrator for help.<br />", $net2ftp_globals["ftpserver"], $net2ftp_globals["username"]);
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
// Set passive mode
if ($net2ftp_globals["passivemode"] == "yes") {
$success = ftp_pasv($conn_id, TRUE);
if ($success == false) {
$errormessage = __("Unable to switch to the passive mode on FTP server <b>%1\$s</b>.", $net2ftp_globals["ftpserver"]);
setErrorVars(false, $errormessage, debug_backtrace(), __FILE__, __LINE__);
return false;
}
}
// Get the system type
// $net2ftp_globals["systype"] = ftp_systype($conn_id);
// Return the connection ID
return $conn_id;
}
function editPassword($idUser, $pass_given, $new_pass)
{
if ($pass_given === $new_pass) {
return false;
}
global $db;
$stmt = $db->prepare('SELECT password FROM User WHERE idUser = :idUser');
$stmt->bindParam(':idUser', $idUser, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll();
if (count($result) === 0) {
return false;
}
if (!decryptPassword($pass_given, $result[0]['password'])) {
return false;
}
$passEnc = encryptPassword($new_pass, 20);
$stmt = $db->prepare('UPDATE User SET password = :new_pass WHERE idUser = :idUser');
$stmt->bindParam(':idUser', $idUser, PDO::PARAM_STR);
$stmt->bindParam(':new_pass', $passEnc, PDO::PARAM_STR);
$stmt->execute();
return true;
}
function getIdByUserPass($user, $pass)
{
global $db;
$stmt = $db->prepare('SELECT *
FROM User WHERE user = :user');
$stmt->bindParam(':user', $user, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetchAll();
if (count($result) == 0) {
return false;
}
if (decryptPassword($pass, $result[0]['password'])) {
return $result[0]['idUser'];
}
return false;
}
function verifyLogin($user_id, $password)
{
if (!checkLock("checkuser")) {
return -2;
}
$user_id = escape($user_id);
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$password = decryptPassword($password);
$result = mysql_query("SELECT password, salt FROM users WHERE id='" . $user_id . "'");
if ($row = mysql_fetch_array($result)) {
if (chash2($password, hex2bin($row['salt'])) == $row['password']) {
return true;
} else {
lockAction("checkuser");
return -1;
}
} else {
lockAction("checkuser");
return -1;
}
}
function resetPassword($user_id, $password)
{
$user_id = escape($user_id);
$gen_salt = secure_random_bytes(20);
$db_salt = escape(bin2hex($gen_salt));
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$password = decryptPassword($password);
$password = escape(chash2($password, $gen_salt));
mysql_query("UPDATE users SET password='******', salt = '{$db_salt}' WHERE id='{$user_id}'");
mysql_query("DELETE FROM reset WHERE user_id='{$user_id}'");
//make sure user doesn't reset again with same link
}
