function sanitize($input, $flags, $min = '', $max = '') { if ($flags & UTF8) { $input = my_utf8_decode($input); } if ($flags & PARANOID) { $input = sanitize_paranoid_string($input, $min, $max); } if ($flags & INT) { $input = sanitize_int($input, $min, $max); } if ($flags & FLOAT) { $input = sanitize_float($input, $min, $max); } if ($flags & HTML) { $input = sanitize_html_string($input, $min, $max); } if ($flags & SQL) { $input = sanitize_sql_string($input, $min, $max); } if ($flags & LDAP) { $input = sanitize_ldap_string($input, $min, $max); } if ($flags & SYSTEM) { $input = sanitize_system_string($input, $min, $max); } return $input; }
function check($input, $flags, $min = '', $max = '') { $oldput = $input; if ($flags & UTF8) { $input = my_utf8_decode($input); } if ($flags & PARANOID) { $input = sanitize_paranoid_string($input, $min, $max); } if ($flags & INT) { $input = sanitize_int($input, $min, $max); } if ($flags & FLOAT) { $input = sanitize_float($input, $min, $max); } if ($flags & HTML) { $input = sanitize_html_string($input, $min, $max); } if ($flags & LDAP) { $input = sanitize_ldap_string($input, $min, $max); } if ($flags & SYSTEM) { $input = sanitize_system_string($input, $min, $max, TRUE); } if ($input != $oldput) { return FALSE; } return TRUE; }
<?php // This script is designed to allow authorized Support Center users to reset a user's password // in the case that the given user has forgotten their password and the answers to their challenge // response questions. // // All changes made via this script are logged for future reference. The Support Center cannot choose // the password assigned to the user - it is random. This script will also reset the grace login count // for the given user. include "../config.php"; include "/srv/www/live/webapps/include/sanitize.php"; //$usercn = 'teststu'; $usercn = sanitize_ldap_string($_POST['usercn']); $success = false; //sanitize_ldap_string() // Perform ldapsearch to find user's current dn... if ($_POST['confirm'] != "1") { echo "You did not confirm this operation!!!<br /><br />"; echo "<a href='https://www.svsu.edu/netserv/xtac/'>Back to XTAC</a>"; die; } //test comment if ($connection = @ldap_connect($ldap_url)) { if ($bind = @ldap_bind($connection, $pw_user, base64_decode($pw_pass))) { $tempfilter = "cn={$usercn}"; $results = ldap_search($connection, "o=svsu", $tempfilter); $info = ldap_get_entries($connection, $results); if ($info["count"] == 1) { $userdn = $info[0]["dn"]; // Get a random password to use: $newpass = generatePassword();