$newpasswd = $_POST['newpw']; $oldpasswd = $_POST['oldpw']; $salty = "saltyboy"; if ($_POST['submit'] != "OK") { echo "ERROR\n"; return; } function update_password($accounts, $index, $newhash) { $accounts[$index]['passwd'] = $newhash; file_put_contents("../htdocs/private/passwd", serialize($accounts)); } if ($user && $newpasswd && $oldpasswd && strlen($user) > 0 && strlen($newpasswd) > 0 && strlen($oldpasswd) > 0) { if (file_exists("../htdocs/private/passwd") == TRUE) { $accounts = unserialize(file_get_contents("../htdocs/private/passwd")); } else { echo "ERRR\n"; return; } for ($i = 0; $i < count($accounts); $i++) { if ($accounts[$i]['login'] == $user) { if ($accounts[$i]['passwd'] == hash("sha256", $salty . $user . $oldpasswd)) { update_password($accounts, $i, hash("sha256", $salty . $user . $newpasswd)); header("Location: index.html"); echo "OK\n"; return; } } } } echo "ERROR\n";
} if (isset($_REQUEST['doimatkhau'])) { $rs_mkcu = ""; $rs_mkmoi = ""; $rs_remk = ""; if ($_REQUEST['oldpassword']) { $rs_mkcu = $_REQUEST['oldpassword']; } if ($_REQUEST['newpassword']) { $rs_mkmoi = $_REQUEST['newpassword']; } if ($_REQUEST['repassword']) { $rs_remk = $_REQUEST['repassword']; } if ($rs_mkcu && $rs_mkmoi && $rs_remk && $_SESSION['currUser']['password'] === $rs_mkcu) { $result = update_password($rs_mkmoi); if ($result) { update_session(); echo "<div class='alert alert-block alert-success fade in'>Cập nhật thành công.</div>"; } else { echo "<div class='alert alert-block alert-danger fade in'>Lỗi! Không cập mật khẩu được.</div>"; } } else { if ($rs_mkmoi !== $rs_remk) { echo "<div class='alert alert-block alert-danger fade in'>Nhập mật khẩu không khớp.</div>"; } else { if (!$rs_mkcu) { echo "<div class='alert alert-block alert-danger fade in'>Nhập mật khẩu cũ.</div>"; } else { if (!$rs_mkmoi) { echo "<div class='alert alert-block alert-danger fade in'>Nhập mật khẩu mới.</div>";
message_error("<i class=\"fa fa-exclamation\"></i> " . translate("You did not enter the correct password, please go back and try again.") . "<br /><br />", ""); } } else { main($user); } break; case "validpasswd": if ($code != "") { valid_password($code); } else { main($user); } break; case "updatepasswd": if ($code != "" and $passwd != "") { update_password($code, $passwd); } else { main($user); } break; case "userinfo": if ($member_list == 1 and (!isset($user) and !isset($admin))) { Header("Location: index.php"); } if ($uname != "") { userinfo($uname); } else { main($user); } break; case "login":
if ($new_password != $repeat_password) { $errmsg_arr[] = 'Repeat Password Field Value doesnot match with New Password'; $errflag = true; } if ($new_password == $old_password && $old_password) { $errmsg_arr[] = 'New Password cannot be same as Old Password'; $errflag = true; } if ($errflag == true) { $tpl->errors = $errmsg_arr; } else { $user_email = clean($_SESSION['user_email']); $get_user = select_password($database, $user_email, $checkpassword); if ($get_user) { $newpass = clean(md5($new_password)); $updatepassword = update_password($database, $newpass, $user_email); if ($updatepassword) { header("Location: " . main_url . "/changepassword/success"); } } else { $errmsg_arr[] = 'Old Password is Wrong!'; $errflag = true; $tpl->errors = $errmsg_arr; } } //If there are input validations, redirect back to the login form } catch (Exception $e) { // CSRF attack detected $result = $e->getMessage() . ' Form ignored.'; } } else {
<?php if (isset($_POST['cpassword'])) { $current_password = $_POST['cpassword']; } if (isset($_POST['newpass'])) { $new_password = $_POST['newpass']; } if (isset($_POST['confirmpass'])) { $confirm_pass = $_POST['confirmpass']; } if ($current_password === getuserfield_settings('password', $user_id)) { if (update_password($user_id, $new_password)) { $msg = "Your password changed successfully."; header("Location: student_homepage.php?pid=6st16yz9&settings_msg={$msg}"); } else { $msg = "Sorry, Your password could not be changed."; header("Location: student_homepage.php?pid=6st16yz9&settings_msg={$msg}"); } } else { $msg = "Your current password is invalid."; header("Location: student_homepage.php?pid=6st16yz9&settings_msg={$msg}"); }
$userName = $userInfo[0]; echo "<input type=\"hidden\" name=\"userName\" value=\"$userName\">"; if ($passwordChange == 1) { # Verify that the user entered his login $currentPassword = $_POST["md5"]; // verify Current user name and password if (!is_right_password($userId, $currentPassword)) { echo "<p><b>Current Password Invalid - Password not changed</p></b>"; } else { $newPassword = $_POST["md5NewPassword"]; update_password($userId, $newPassword); echo "<script>"; echo "alert(\"Password Updated Successfully\");"; echo "document.location.href = 'index.php'"; echo "</script>"; echo "<BR><BR><BR>"; exit; } } ?> <p> Password should be between 4 and 10 characters long </p> <fieldset class="login"> <legend>Password Change</legend>
} is_valid_password($_POST['pwd1'], $err); } // Validate the email. is_valid_email($_POST['email'], $err); // Validate the session length. is_valid_slength($_POST['slength'], $err); } if (sizeof($err)) { $title = 'Error'; $messages = $err; draw_page('details_error.php'); } else { if (!$FORUM) { if ($_POST['pwd1'] && $_POST['pwd2']) { update_password(addslashes($_POST['pwd1']), $sid); } update_email(addslashes($_POST['email']), $sid); update_slength(addslashes($_POST['slength']), $sid); } update_dm($_POST['dm'], $sid); $title = 'Profile Updated'; draw_page('details.php'); } //////////////////////////////////////////////////////////////////////// // Supporting functions. // Updates the db with the user's new password. function update_password($pwd, &$sid) { global $TABLE_USERS, $rpgDB; $_r = $rpgDB->query(sprintf("UPDATE %s SET pwd = PASSWORD('%s') WHERE pname = '%s' LIMIT 1", $TABLE_USERS, addslashes($pwd), addslashes($sid->GetUserName())));
$user = $_SESSION["user"]; $current_pass = $_POST['current_pass']; $new_pass = $_POST['new_pass']; $confirm_pass = $_POST['confirm_pass']; // Send an alert $alert = true; // If the user and current password are valid if (is_valid_user($user, $current_pass)) { // Verify that the two passwords are the same if ("{$new_pass}" == "{$confirm_pass}") { // Generate the salt $salt = generateSalt($user); // Generate the password hash $hash = generateHash($salt, $new_pass); // Update the password update_password($user, $hash); // Audit log $risk_id = 1000; $message = "Password was modified for the \"" . $_SESSION['user'] . "\" user."; write_log($risk_id, $_SESSION['uid'], $message); $alert_message = "Your password has been updated successfully!"; } else { $alert_message = "The new password entered does not match the confirm password entered. Please try again."; } } else { $alert_message = "You have entered your current password incorrectly. Please try again."; } } ?> <!doctype html>
* You should have received a copy of the GNU General Public License * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;. * * @package OpenEMR * @author Kevin Yeh <*****@*****.**> * @link http://www.open-emr.org */ //SANITIZE ALL ESCAPES $sanitize_all_escapes = true; //STOP FAKE REGISTER GLOBALS $fake_register_globals = false; include_once "../globals.php"; require_once "{$srcdir}/authentication/rsa.php"; require_once "{$srcdir}/authentication/password_change.php"; $rsa_manager = new rsa_key_manager(); $rsa_manager->load_from_db($_REQUEST['pk']); $curPass = $rsa_manager->decrypt($_REQUEST['curPass']); $newPass = $rsa_manager->decrypt($_REQUEST['newPass']); $newPass2 = $rsa_manager->decrypt($_REQUEST['newPass2']); if ($newPass != $newPass2) { echo xlt("Passwords Don't match!"); exit; } $errMsg = ''; $success = update_password($_SESSION['authId'], $_SESSION['authId'], $curPass, $newPass, $errMsg); if ($success) { echo xlt("Password change successful"); } else { // If update_password fails the error message is returned echo text($errMsg); }
<?php require 'values.php'; require 'functions.php'; session_start(); if (!isset($_SESSION['name'])) { session_regenerate_id(true); session_write_close(); header("Location:loginstaff.php"); } if (isset($_POST['password'])) { //check that passwords match. if ($_POST['p1'] != $_POST['p2']) { $status = array("error-message", "Passwords do not match."); } else { $status = update_password($_SESSION['name'], $_POST['p1'], "staff"); } } staffheader($_SESSION['name'], "passwordstaff.php", $_SESSION['year'], $_SESSION['season_name'], $_SESSION['season']); ?> <h3> <center> Change your password below </center></h3> <br> <fieldset style="margin-right:25%%; margin-left: 25%"> <legend>Change Your Password </legend> <div> <form action="passwordstaff.php" method="post"> <label class="selections" for="p1">Your New Password:</label> <input class="input" type="password" name="p1" id="p1" />
<?php require 'values.php'; require 'functions.php'; session_start(); if (!isset($_SESSION['ta_id'])) { session_regenerate_id(true); session_write_close(); header("Location:login.php"); } if (isset($_POST['password'])) { //check that passwords match. if ($_POST['p1'] != $_POST['p2']) { $status = array("error-message", "Passwords do not match."); } else { $status = update_password($_SESSION['ta_id'], $_POST['p1']); } } ?> <head> <link rel="shortcut icon" href="icon.ico" > <link rel="stylesheet" href="css/font-awesome.min.css"> <link rel="stylesheet" href="css/example.css"> <link href="css/styles.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" href="test_files/css3menu13/style.css" type="text/css" /><style type="text/css">._css3m{display:none}</style> <link rel="stylesheet" href="css/thumbnailviewer.css" type="text/css" /> <script src="js/thumbnailviewer.js" type="text/javascript"></script> <script type="text/javascript" src="js/jquery-1.9.1.min.js"></script> <script type="text/javascript" src="js/jssor.core.js"></script> <script type="text/javascript" src="js/jssor.utils.js"></script> <script type="text/javascript" src="js/jssor.slider.js"></script>
function resetpassword($id) { $row = get_user_data($id); $to = $row["email"]; $newPassword = generateRandomString(); $subject = "Password Reset for IRS Website"; $message = "Hello, you recently requested your Password to be reset. Your new password you can log in with is: "; $message .= $newPassword; $headers = 'From: irs.software.project@gmail.com' . "\r\n" . 'Reply-To: irs.software.project@gmail.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); update_password($id, $newPassword); echo ' <script> alert("Password successfully reset"); </script> '; }
header("location:./error.html"); exit; } if ($_POST['action'] === "updateSetting") { if (isset($_POST['nickname']) && isset($_POST['oldPassword']) && isset($_POST['newPassword']) && isset($_POST['profile'])) { $nickname = $_POST['nickname']; $oldPassword = $_POST['oldPassword']; $newPassword = $_POST['newPassword']; $profile = $_POST['profile']; try { $conn = connect(); } catch (Exception $error) { header("location:./admin/setting.php?failed"); exit; } if (update_password($conn, $oldPassword, $newPassword) && update_info($conn, $nickname, $profile)) { header("location:./admin/setting.php?success"); } else { header("location:./admin/setting.php?failed"); } } else { header("location:./admin/setting.php?failed"); } } if ($_POST['action'] === "del") { if (isset($_POST['id']) && is_num($_POST['id'])) { try { $conn = connect(); del_item($conn, $_POST['id']); } catch (Exception $error) { header("location:./admin/admin.php");
$updateErr = array(); $newPswd = $newPswdAgain = $currentPswd = ""; $newPswd = test_input($_POST["newPswd"]); $newPswdAgain = test_input($_POST["newPswdAgain"]); $currentPswd = test_input($_POST["currentPswd"]); if (empty($newPswd) || empty($newPswdAgain) || empty($currentPswd)) { $action['result'] = 'error'; array_push($updateErr, "Aizpildiet visus paroles maiņas laukus"); } else { if (strlen($newPswd) < 6) { $action['result'] = 'error'; array_push($updateErr, "Paroles garumam ir jābut vismas 6 simboli"); } if ($newPswd != $newPswdAgain) { $action['result'] = 'error'; array_push($updateErr, "Paroles nesakrīt"); } if (login($_SESSION['user_username'], $currentPswd, $conn) === false) { $action['result'] = 'error'; array_push($updateErr, "Nepareiza pašreizējā parole"); } } if ($action['result'] != 'error') { $update_password = update_password($newPswd, $_SESSION['user_id'], $conn); if ($update_password) { exit; } else { array_push($updateErr, "Neizdevās atjaunināt paroli"); } } output_errors($updateErr);
$doit = false; } } if ($doit == true) { require_once "{$srcdir}/authentication/password_change.php"; //if password expiration option is enabled, calculate the expiration date of the password if ($GLOBALS['password_expiration_days'] != 0) { $exp_days = $GLOBALS['password_expiration_days']; $exp_date = date('Y-m-d', strtotime("+{$exp_days} days")); } $insertUserSQL = "insert into users set " . "username = '******'rumple')) . "', password = '******'NoLongerUsed' . "', fname = '" . trim(formData('fname')) . "', mname = '" . trim(formData('mname')) . "', lname = '" . trim(formData('lname')) . "', federaltaxid = '" . trim(formData('federaltaxid')) . "', state_license_number = '" . trim(formData('state_license_number')) . "', newcrop_user_role = '" . trim(formData('erxrole')) . "', physician_type = '" . trim(formData('physician_type')) . "', authorized = '" . trim(formData('authorized')) . "', info = '" . trim(formData('info')) . "', federaldrugid = '" . trim(formData('federaldrugid')) . "', upin = '" . trim(formData('upin')) . "', npi = '" . trim(formData('npi')) . "', taxonomy = '" . trim(formData('taxonomy')) . "', facility_id = '" . trim(formData('facility_id')) . "', specialty = '" . trim(formData('specialty')) . "', see_auth = '" . trim(formData('see_auth')) . "', cal_ui = '" . trim(formData('cal_ui')) . "', default_warehouse = '" . trim(formData('default_warehouse')) . "', irnpool = '" . trim(formData('irnpool')) . "', calendar = '" . $calvar . "', pwd_expiration_date = '" . trim("{$exp_date}") . "'"; $clearAdminPass = $_POST['adminPass']; $clearUserPass = $_POST['stiltskin']; $password_err_msg = ""; $prov_id = ""; $success = update_password($_SESSION['authId'], 0, $clearAdminPass, $clearUserPass, $password_err_msg, true, $insertUserSQL, trim(formData('rumple')), $prov_id); error_log($password_err_msg); $alertmsg .= $password_err_msg; if ($success) { //set the facility name from the selected facility_id sqlStatement("UPDATE users, facility SET users.facility = facility.name WHERE facility.id = '" . trim(formData('facility_id')) . "' AND users.username = '******'rumple')) . "'"); sqlStatement("insert into groups set name = '" . trim(formData('groupname')) . "', user = '******'rumple')) . "'"); if (isset($phpgacl_location) && acl_check('admin', 'acl') && trim(formData('rumple'))) { // Set the access control group of user set_user_aro($_POST['access_group'], trim(formData('rumple')), trim(formData('fname')), trim(formData('mname')), trim(formData('lname'))); } $ws = new WSProvider($prov_id); } } else { $alertmsg .= xl('User', '', '', ' ') . trim(formData('rumple')) . xl('already exists.', '', ' '); }
$user_id = $_SESSION['user_id']; $query = <<<SQL_QUERY update admin set admin_pass = ? where admin_id = ? SQL_QUERY; $rs = exec_query($sql, $query, array($upass, $user_id)); set_page_message(tr('User password updated successfully!')); } } } } } /* * * static page messages. * */ gen_admin_menu($tpl); $tpl->assign(array('TR_CHANGE_PASSWORD' => tr('Change password'), 'TR_PASSWORD_DATA' => tr('Password data'), 'TR_PASSWORD' => tr('Password'), 'TR_PASSWORD_REPEAT' => tr('Password repeat'), 'TR_UPDATE_PASSWORD' => tr('Update password'))); update_password(); gen_page_message($tpl); $tpl->parse('PAGE', 'page'); $tpl->prnt(); if (isset($cfg['DUMP_GUI_DEBUG'])) { dump_gui_debug(); } unset_messages();
if (isset($mybb->input['code']) && $user) { $query = $db->simple_select("awaitingactivation", "code", "uid='" . $user['uid'] . "' AND type='p'"); $activationcode = $db->fetch_field($query, 'code'); $now = TIME_NOW; if (!$activationcode || $activationcode != $mybb->get_input('code')) { error($lang->error_badlostpwcode); } $db->delete_query("awaitingactivation", "uid='" . $user['uid'] . "' AND type='p'"); $username = $user['username']; // Generate a new password, then update it $password_length = (int) $mybb->settings['minpasswordlength']; if ($password_length < 8) { $password_length = 8; } $password = random_str($password_length); $logindetails = update_password($user['uid'], md5($password), $user['salt']); $email = $user['email']; $plugins->run_hooks("member_resetpassword_process"); $emailsubject = $lang->sprintf($lang->emailsubject_passwordreset, $mybb->settings['bbname']); $emailmessage = $lang->sprintf($lang->email_passwordreset, $username, $mybb->settings['bbname'], $password); my_mail($email, $emailsubject, $emailmessage); $plugins->run_hooks("member_resetpassword_reset"); error($lang->redirect_passwordreset); } else { $plugins->run_hooks("member_resetpassword_form"); switch ($mybb->settings['username_method']) { case 0: $lang_username = $lang->username; break; case 1: $lang_username = $lang->username1;
function change_password($id) { $result = update_password($_POST['password']); if ($result) { redirect("user/account"); } else { redirect("user/account/update-password-failed"); } }