/**
* Enregistre un utilisateur à la base de donnée
* @param $pseudo string
* @param $prenom string
* @param $nom string
* @param $email string
* @param $password string
* @return bool
*/
public function register($pseudo, $prenom, $nom, $email, $password, $imgname)
{
/* On hash le mot de passe */
$passwordhashed = passwordhash($password);
/* On défini la date d'inscription */
$dateinscription = date('Y-m-d');
$lastco = date("Y-m-d H:i:s");
$registeruser = $this->db->prepare("INSERT INTO users (pseudo, nom, prenom, email, password, imgprofil, dateinscription, lastco) VALUES(:pseudo, :nom, :prenom, :email, :password, :imgprofil, :dateinscription, :lastco)");
$registeruser->execute(array('pseudo' => $pseudo, 'nom' => $nom, 'prenom' => $prenom, 'email' => $email, 'password' => $passwordhashed, 'imgprofil' => $imgname, 'dateinscription' => $dateinscription, 'lastco' => $lastco));
return true;
}
public function change_settings_password($username, $newmdp)
{
$newpassword = passwordhash($newmdp);
try {
$updateMdpMembre = $this->db->prepare('UPDATE users SET password=:password WHERE pseudo=:pseudo AND session=:session');
$updateMdpMembre->execute(array('pseudo' => $username, 'session' => $_SESSION['session'], 'password' => $newpassword));
return true;
} catch (PDOException $e) {
echo $e->getMessage();
}
}
public function register($pseudo, $prenom, $nom, $email, $password, $classe, $datedenaissance, $sexe)
{
try {
$passwordhash = passwordhash($password);
$dateinscription = date('Y-m-d', time());
$prenomplusnom = $prenom . " " . $nom;
$lastco = strftime('%d %B %Y à %H:%M');
$stmt = $this->db->prepare("INSERT INTO users(pseudo,prenom,nom,prenomplusnom,email,password,classe,datedenaissance,sexe,dateinscription,notifMailPrive,allowFindSearch,comptePrive,lastco) VALUES(:pseudo, :prenom, :nom, :prenomplusnom, :email, :password, :classe, :datedenaissance, :sexe, :dateinscription, :notifMailPrive, :allowFindSearch, :comptePrive, :lastco)");
$stmt->execute(array('pseudo' => $pseudo, 'prenom' => $prenom, 'nom' => $nom, 'prenomplusnom' => $prenomplusnom, 'email' => $email, 'password' => $passwordhash, 'classe' => $classe, 'datedenaissance' => $datedenaissance, 'sexe' => $sexe, 'dateinscription' => $dateinscription, 'notifMailPrive' => 'true', 'allowFindSearch' => 'true', 'comptePrive' => 'false', 'lastco' => $lastco));
return true;
} catch (PDOException $e) {
echo $e->getMessage();
}
}
function passwordCheck($password, $storedHash, $username = '', $salt = '')
{
// Easy-WI uses the PHP hash API introduced with version 5.5. Fallbacks in place for older versions.
global $aeskey;
// First check if crypt works properly. With old PHP versions like Debian 6 with 5.3.3 we will run into an error
if (crypt('password', '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') == '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') {
// Return true in case the password is ok
if (password_verify($password, $storedHash)) {
return true;
}
// Password is correctly but stored in an old or insecure format. We need to hash it with a secure implementation.
// Insecure implementations like md5 or sha1 are imported from other systems with the cloud.php job.
if (preg_match('/^[a-z0-9]{32}+$/', $storedHash) and md5($password) == $storedHash) {
return password_hash($password, PASSWORD_DEFAULT);
} else {
if (preg_match('/^[a-z0-9]{40}+$/', $storedHash) and sha1($password) == $storedHash) {
return password_hash($password, PASSWORD_DEFAULT);
} else {
if (preg_match('/^[a-z0-9]{128}+$/', $storedHash) and createHash($username, $password, $salt, $aeskey) == $storedHash) {
return password_hash($password, PASSWORD_DEFAULT);
} else {
if (preg_match('/^[a-z0-9]{128}+$/', $storedHash) and passwordhash($username, $password) == $storedHash) {
return password_hash($password, PASSWORD_DEFAULT);
}
}
}
}
// Fallback to sha512 since some Admins are either lazy or forced to stick to old PHP.
} else {
$newSalt = md5(mt_rand() . date('Y-m-d H:i:s:u'));
if (createHash($username, $password, $salt, $aeskey) == $storedHash) {
return true;
} else {
if (preg_match('/^[a-z0-9]{32}+$/', $storedHash) and md5($password) == $storedHash) {
return array('hash' => createHash($username, $password, $newSalt, $aeskey), 'salt' => $newSalt);
} else {
if (preg_match('/^[a-z0-9]{40}+$/', $storedHash) and sha1($password) == $storedHash) {
return array('hash' => createHash($username, $password, $newSalt, $aeskey), 'salt' => $newSalt);
} else {
if (preg_match('/^[a-z0-9]{128}+$/', $storedHash) and passwordhash($username, $password) == $storedHash) {
return createHash($username, $password, $salt, $aeskey);
}
}
}
}
}
// Password Is Not Correct
return false;
}
*/
define('EASYWIDIR', dirname(__FILE__));
if (is_dir(EASYWIDIR . '/install')) {
die('Please remove the "install" folder');
}
$logininclude = true;
include EASYWIDIR . '/stuff/methods/vorlage.php';
include EASYWIDIR . '/stuff/methods/class_validator.php';
include EASYWIDIR . '/stuff/methods/functions.php';
include EASYWIDIR . '/stuff/settings.php';
include EASYWIDIR . '/stuff/keyphrasefile.php';
if ($ui->ip4('REMOTE_ADDR', 'server') and $ui->names('user', 255, 'post')) {
$query = $sql->prepare("SELECT `ip`,`active`,`pwd`,`salt`,`user`,i.`resellerID` FROM `api_ips` i INNER JOIN `api_settings` s ON s.`resellerID`=i.`resellerID` WHERE `ip`=?");
$query->execute(array($ui->ip4('REMOTE_ADDR', 'server')));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
if ($row['active'] == 'Y' and passwordhash($ui->password('pwd', 255, 'post'), $row['salt']) == $row['pwd'] and $ui->names('user', 255, 'post') == $row['user']) {
$resellerIDs[] = $row['resellerID'];
}
}
} else {
if ($ui->ip4('REMOTE_ADDR', 'server')) {
header('HTTP/1.1 403 Forbidden');
die('403 Forbidden: No valid access data. No API user given. Request IP is: ' . $ui->ip4('REMOTE_ADDR', 'server'));
} else {
header('HTTP/1.1 403 Forbidden');
die('403 Forbidden: No valid access data. No API user given. No IP4 can be found at REMOTE_ADDR.');
}
}
if (in_array($ui->smallletters('type', 10, 'post'), array('gserver', 'list', 'tsdns', 'mysql', 'user', 'voice', 'web'))) {
$type = $ui->smallletters('type', 10, 'post');
}
include EASYWIDIR . '/stuff/keyphrasefile.php';
include EASYWIDIR . '/stuff/methods/functions_gs.php';
include EASYWIDIR . '/stuff/methods/functions_ssh_exec.php';
include EASYWIDIR . '/stuff/methods/class_ts3.php';
include EASYWIDIR . '/stuff/methods/class_app.php';
$validacces = false;
if ($ui->ip4('REMOTE_ADDR', 'server') and $ui->names('user', 255, 'post') and !isset($page_include)) {
$query = $sql->prepare("SELECT `active`,`pwd`,`salt`,`user`,i.`resellerID` FROM `api_ips` i LEFT JOIN `api_settings` s ON i.`resellerID`=s.`resellerID` WHERE `ip`=?");
$query->execute(array($ui->ip4('REMOTE_ADDR', 'server')));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$pwd = $row['pwd'];
$salt = $row['salt'];
if ($row['active'] == 'Y' and passwordhash($ui->password('pwd', 255, 'post'), $salt) == $pwd and $ui->names('user', 255, 'post') == $row['user']) {
$resellerIDs[] = $row['resellerID'];
}
if (isset($resellerIDs) and count($resellerIDs) == 1 and passwordhash($ui->password('pwd', 255, 'post'), $salt) == $pwd) {
$reseller_id = $resellerIDs[0];
$validacces = true;
}
}
} else {
$reseller_id = 0;
$validacces = true;
}
if ($validacces == false) {
header('HTTP/1.1 403 Forbidden');
die('403 Forbidden: Access data not valid');
}
if ($ui->escaped('email', 'post') != '') {
$fullday = date('Y-m-d H:i:s', strtotime("+1 day"));
$query = $sql->prepare("SELECT `id` FROM `badips` WHERE `badip`=? LIMIT 1");
} else {
setFlash("Vous n'avez rien changé !", "warning");
}
}
}
/*
* Si on valide le formulaire pour changer de mot de passe
*/
if (isset($_POST['SubmitPassword'])) {
$errors = array();
$data = array();
$actualpswd = htmlspecialchars(trim($_POST['inputPassword']));
$newpswd = htmlspecialchars(trim($_POST['inputNewPassword']));
$newpswd2 = htmlspecialchars(trim($_POST['inputNewPassword2']));
/* On hash le mot de passe */
$passwordhash = passwordhash($newpswd);
/* Si un des trois champs est vide */
if (empty($actualpswd) || empty($newpswd) || empty($newpswd2)) {
$errors['EmptyInput'] = "Veuillez remplir tous les champs de texte";
}
/* On vérifie que le mot de passe actuel est correct */
if ($actualpswd != $user->checkpassword($info_profil->id, $actualpswd)) {
$errors['PasswordFalse'] = "Le mot de passe actuel est incorrect !";
}
/* Si les nouveaux mot de passe ne sont pas idéntique */
if ($newpswd != $newpswd2) {
$errors['PswdNotSame'] = "La confirmation de votre nouveau mot de passe ne correspond pas";
}
/* On vérifie que le nouveau mot de passe n'est pas le même que l'actuel */
if ($actualpswd == $user->checkpassword($info_profil->id, $newpswd)) {
$errors['PasswordSame'] = "Vous n'avez pas changer de mot de passe";
setFlash($error, "danger");
} else {
$result = $user->forget_password($username);
if ($result['status'] != 0) {
setFlash($result['err'], 'success');
} else {
setFlash($result['err'], 'danger');
}
}
}
if (isset($_POST['submitreset'])) {
$password = $_POST['password'];
$passwordrepeat = $_POST['passwordrepeat'];
if ($password == $passwordrepeat) {
if (strlen(utf8_decode($password)) > 5) {
$passwordhash = passwordhash($password);
$changepass = $DB_con->prepare("UPDATE users SET password=:password WHERE email=:email");
$changepass->execute(array('password' => $passwordhash, 'email' => $_GET['email']));
$deletetoken = $DB_con->prepare("DELETE FROM forget_password WHERE email=:email AND token=:token");
$deletetoken->execute(array('email' => $_GET['email'], 'token' => $_GET['token']));
setFlash('Votre mot de passe a bien été changé ! Reconnectez vous', "success");
$user->redirect('/connexion');
} else {
$error = erreur('USER_PASSWORD_CARACT');
setFlash($error, "danger");
}
} else {
$error = erreur('USER_SAME_PASSWORD');
setFlash($error, "danger");
}
}
if ($ui->smallletters('action', 2, 'post') == 'md') {
$query = $sql->prepare("SELECT COUNT(`active`) AS `amount` FROM `api_settings` WHERE `resellerID`=? LIMIT 1");
$query->execute(array($lookupID));
$amount = $query->fetchColumn();
$salt = md5(date('Y-d-m H:m:s'));
$user = $ui->names('user', 255, 'post');
if ($amount > 0) {
$query = $sql->prepare("UPDATE `api_settings` SET `active`=?,`user`=? WHERE `resellerID`=? LIMIT 1");
$query->execute(array($ui->active('active', 'post'), $user, $lookupID));
if ($ui->password('pwd', 255, 'post') != 'encrypted') {
$query = $sql->prepare("UPDATE `api_settings` SET `pwd`=?,`salt`=? WHERE `resellerID`=? LIMIT 1");
$query->execute(array(passwordhash($ui->password('pwd', 255, 'post'), $salt), $salt, $lookupID));
}
} else {
$query = $sql->prepare("INSERT INTO `api_settings` (`active`,`user`,`salt`,`pwd`,`resellerID`) VALUES (?,?,?,?,?)");
$query->execute(array($ui->active('active', 'post'), $user, passwordhash($ui->password('pwd', 255, 'post'), $salt), $salt, $lookupID));
}
$ips = array();
$postIPs = (array) $ui->ip4('ip', 'post');
$query = $sql->prepare("SELECT `ip` FROM `api_ips` WHERE `resellerID`=?");
$query->execute(array($lookupID));
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
if (!in_array($row['ip'], $postIPs)) {
$delete = $sql->prepare("DELETE FROM `api_ips` WHERE `ip`=? AND `resellerID`=?");
$delete->execute(array($row['ip'], $lookupID));
} else {
$ips[] = $row['ip'];
}
}
foreach ($postIPs as $ip) {
if (!in_array($ip, $ips)) {
