private function _setAdminPassword()
 {
     global $locale, $defender;
     if ($this->_getPasswordInput("user_admin_password")) {
         // if submit current admin password
         $this->_userAdminPassword = $this->_getPasswordInput("user_admin_password");
         // var1
         $this->_newUserAdminPassword = $this->_getPasswordInput("user_admin_password1");
         // var2
         $this->_newUserAdminPassword2 = $this->_getPasswordInput("user_admin_password2");
         // var3
         $passAuth = new PasswordAuth();
         //print_p($this->_userAdminPassword); // this is not available if no password exist
         //print_p($this->_newUserAdminPassword);
         //print_p($this->_newUserAdminPassword2);
         if (!$this->userData['user_admin_password'] && !$this->userData['user_admin_salt']) {
             // New Admin
             $valid_current_password = 1;
             $passAuth->inputPassword = '******';
             $passAuth->inputNewPassword = $this->_userAdminPassword;
             $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
         } else {
             // Old Admin
             // Intialize password auth
             $passAuth->inputPassword = $this->_userAdminPassword;
             // var1
             $passAuth->inputNewPassword = $this->_newUserAdminPassword;
             // var2
             $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
             // var3
             $passAuth->currentPasswordHash = $this->userData['user_admin_password'];
             $passAuth->currentAlgo = $this->userData['user_admin_algo'];
             $passAuth->currentSalt = $this->userData['user_admin_salt'];
             $valid_current_password = $passAuth->isValidCurrentPassword();
         }
         if ($valid_current_password) {
             $this->_isValidCurrentAdminPassword = 1;
             // authenticated. now do the integrity check
             $_isValidNewPassword = $passAuth->isValidNewPassword();
             switch ($_isValidNewPassword) {
                 case '0':
                     // New password is valid
                     $new_admin_password = $passAuth->getNewHash();
                     $new_admin_salt = $passAuth->getNewSalt();
                     $new_admin_algo = $passAuth->getNewAlgo();
                     $this->data['user_admin_algo'] = $new_admin_algo;
                     $this->data['user_admin_salt'] = $new_admin_salt;
                     $this->data['user_admin_password'] = $new_admin_password;
                     break;
                 case '1':
                     // new password is old password
                     $defender->stop();
                     $defender->setInputError('user_admin_password');
                     $defender->setInputError('user_admin_password1');
                     $defender->setErrorText('user_admin_password', $locale['u144'] . $locale['u146'] . $locale['u133']);
                     $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u146'] . $locale['u133']);
                     break;
                 case '2':
                     // The two new passwords are not identical
                     $defender->stop();
                     $defender->setInputError('user_admin_password1');
                     $defender->setInputError('user_admin_password2');
                     $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u148a']);
                     $defender->setErrorText('user_admin_password2', $locale['u144'] . $locale['u148a']);
                     break;
                 case '3':
                     // New password contains invalid chars / symbols
                     $defender->stop();
                     $defender->setInputError('user_admin_password1');
                     $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']);
                     break;
             }
         } else {
             $defender->stop();
             $defender->setInputError('user_admin_password');
             $defender->setErrorText('user_admin_password', $locale['u149a']);
         }
     } else {
         // check db only - admin cannot save profile page without password
         if (iADMIN) {
             $require_valid_password = $this->userData['user_admin_password'] ? TRUE : FALSE;
             if (!$require_valid_password) {
                 // 149 for admin
                 $defender->stop();
                 $defender->setInputError('user_admin_password');
                 $defender->setErrorText('user_admin_password', $locale['u149a']);
             }
         }
     }
 }
Example #2
0
 $userPassword = "";
 $adminPassword = "";
 $userPass = new PasswordAuth();
 $userPass->inputNewPassword = isset($_POST['password1']) ? stripinput(trim($_POST['password1'])) : "";
 $userPass->inputNewPassword2 = isset($_POST['password2']) ? stripinput(trim($_POST['password2'])) : "";
 $returnValue = $userPass->isValidNewPassword();
 if ($returnValue == 0) {
     $userPassword = $userPass->getNewHash();
     $userSalt = $userPass->getNewSalt();
 } elseif ($returnValue == 2) {
     $error .= $locale['071'] . "<br /><br />\n";
     $error_pass = "******";
 } elseif ($returnValue == 3) {
     $error .= $locale['072'] . "<br /><br />\n";
 }
 $adminPass = new PasswordAuth();
 $adminPass->inputNewPassword = isset($_POST['admin_password1']) ? stripinput(trim($_POST['admin_password1'])) : "";
 $adminPass->inputNewPassword2 = isset($_POST['admin_password2']) ? stripinput(trim($_POST['admin_password2'])) : "";
 $returnValue = $adminPass->isValidNewPassword();
 if ($returnValue == 0) {
     $adminPassword = $adminPass->getNewHash();
     $adminSalt = $adminPass->getNewSalt();
 } elseif ($returnValue == 2) {
     $error .= $locale['073'] . "<br /><br />\n";
     $error_pass = "******";
 } elseif ($returnValue == 3) {
     $error .= $locale['075'] . "<br /><br />\n";
 }
 if ($userPass->inputNewPassword == $adminPass->inputNewPassword) {
     $error .= $locale['074'] . "<br /><br />\n";
     $error_pass = "******";
 private function _setEmailVerification()
 {
     global $settings, $locale;
     require_once INCLUDES . "sendmail_include.php";
     $userCode = hash_hmac("sha1", PasswordAuth::getNewPassword(), $this->_userEmail);
     $activationUrl = $settings['siteurl'] . "register.php?email=" . $this->_userEmail . "&code=" . $userCode;
     $message = str_replace("USER_NAME", $this->_userName, $locale['u152']);
     $message = str_replace("USER_PASSWORD", $this->_newUserPassword, $message);
     $message = str_replace("ACTIVATION_LINK", $activationUrl, $message);
     if (sendemail($this->_userName, $this->_userEmail, $settings['siteusername'], $settings['siteemail'], $locale['u151'], $message)) {
         $userInfo = serialize(array("user_name" => $this->_userName, "user_password" => $this->_newUserPasswordHash, "user_salt" => $this->_newUserPasswordSalt, "user_algo" => $this->_newUserPasswordAlgo, "user_email" => $this->_userEmail, "user_field_fields" => $this->_dbFields, "user_field_inputs" => $this->_dbValues));
         $userInfo = addslash($userInfo);
         $result = dbquery("INSERT INTO " . DB_NEW_USERS . " (\n\t\t\t\t\tuser_code, user_name, user_email, user_datestamp, user_info\n\t\t\t\t) VALUES(\n\t\t\t\t\t'" . $userCode . "', '" . $this->_userName . "', '" . $this->_userEmail . "', '" . time() . "', '" . $userInfo . "'\n\t\t\t\t)");
         $this->_completeMessage = $locale['u150'];
     } else {
         $this->_setError("email_activation", $locale['u153'] . "<br />" . $locale['u154']);
     }
 }
Example #4
0
 public static function getNewRandomSalt($length = 12)
 {
     return sha1(PasswordAuth::getNewPassword($length));
 }
Example #5
0
     $user_sql = "user_level='102'";
 } else {
     redirect(FUSION_SELF . $aidlink . "&error=1");
 }
 $result = dbquery("SELECT user_id, user_name, user_email FROM " . DB_USERS . " WHERE " . $user_sql . " ORDER BY user_level DESC, user_id");
 while ($data = dbarray($result)) {
     $loginPassIsReset = false;
     $adminPassIsReset = false;
     $adminPass = new PasswordAuth();
     $newLoginPass = "";
     $newAdminPass = $adminPass->getNewPassword(12);
     $adminPass->inputNewPassword = $newAdminPass;
     $adminPass->inputNewPassword2 = $newAdminPass;
     $adminPassIsReset = $adminPass->isValidNewPassword() === 0 ? true : false;
     if (isset($_POST['reset_login']) && $_POST['reset_login'] == 1) {
         $loginPass = new PasswordAuth();
         $newLoginPass = $loginPass->getNewPassword(12);
         $loginPass->inputNewPassword = $newLoginPass;
         $loginPass->inputNewPassword2 = $newLoginPass;
         $message = str_replace(array("[USER_NAME]", "[NEW_PASS]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newLoginPass, $newAdminPass, $userdata['user_name'], $reset_message), $locale['409']);
         $loginPassIsReset = $loginPass->isValidNewPassword() === 0 ? true : false;
     } else {
         $message = str_replace(array("[USER_NAME]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newAdminPass, $userdata['user_name'], $reset_message), $locale['408']);
         $loginPassIsReset = true;
     }
     if ($loginPassIsReset && $adminPassIsReset && sendemail($data['user_name'], $data['user_email'], $userdata['user_name'], $userdata['user_email'], $locale['407'] . $settings['sitename'], $message)) {
         $result2 = dbquery("UPDATE " . DB_USERS . " SET\n\t\t\t\t\t\t" . ($newLoginPass ? "user_algo='" . $loginPass->getNewAlgo() . "', user_salt='" . $loginPass->getNewSalt() . "', \n\t\t\t\t\t\t\t\t\t\t\tuser_password='******', " : "") . "\n\t\t\t\t\t\tuser_admin_algo='" . $adminPass->getNewAlgo() . "', user_admin_salt='" . $adminPass->getNewSalt() . "', \n\t\t\t\t\t\tuser_admin_password='******'\n\t\t\t\t\tWHERE user_id='" . $data['user_id'] . "'");
         $reset_success[] = array($data['user_id'], $data['user_name'], $data['user_email']);
     } else {
         $reset_failed[] = array($data['user_id'], $data['user_name'], $data['user_email']);
     }
Example #6
0
 /**
  * Authenticates current user with credentials, passed as a parameters. The user should be
  * guest. If not, exception will be raised. You should make logout before.
  * 
  * The $auth_credentials parameter should contain information to auth. In case of simple
  * built-in auth, the array must contain "login" and "password" keys. Optionally, "one_time_token" 
  * may be passed to authenticate using it instead of login and password. 
  * Custom auth methods (OAuth, OpenID) may use this array to pass required information. The
  * BeforeAuth behavior code intercept this credentials and manage custom authentication.
  * If after that callback session was updated with new user, the auth process considered to be 
  * successful and further actions will be skipped.
  *
  * If user.split_auth_message is not false, the incorrect auth message will be split into two messages:
  * one for incorrect login, another for incorrect password. In other case, the single message 
  * will be outputted via the exception.
  *
  * Behaviors BeforeAuth and AfterAuth are available.
  */
 function auth(array $auth_credentials)
 {
     if ($this->id !== self::GUEST) {
         throw new UserException("User already authenticated.Log out before.");
     }
     if (empty($auth_credentials)) {
         throw new UserException("You must specify auth credentials. E.g. array('login'=>'qwe', 'password'=>'qwe') ");
     }
     $this->trigger("BeforeAuth", array($this, &$auth_credentials));
     $new_user = User::renew();
     if ($new_user->isGuest() && isset($auth_credentials['login'], $auth_credentials['password'])) {
         $new_user = self::findBy("login", $auth_credentials['login']);
         if (Config::getInstance()->user->split_auth_message) {
             if (is_null($new_user)) {
                 throw new UserAuthException("No such user with login '{$auth_credentials['login']}'");
             }
             if (!PasswordAuth::match($new_user, $auth_credentials['password'])) {
                 throw new UserAuthException("Password don't match");
             } elseif ($new_user->getState() != "active") {
                 throw new UserAuthException("User is not active");
             }
         } elseif (is_null($new_user) || $new_user->getState() != "active" || !PasswordAuth::match($new_user, $auth_credentials['password'])) {
             throw new UserAuthException("Login or password don't match or user is not active");
         }
     }
     if (User::renew()->isGuest() && Config::getInstance()->session->one_time_token->allowed && isset($auth_credentials['one_time_token'])) {
         if (is_null($user_id = OneTimeTokenAuth::findUser($auth_credentials['one_time_token'], true))) {
             throw new UserAuthException("Wrong one time token");
         }
         $new_user = self::findBy("id", $user_id);
     }
     $this->trigger("AfterAuth", array($this, &$new_user));
     return self::forceAuth($new_user);
 }
                 }
             }
         } else {
             redirect(BASEDIR . "register.php?msg=1");
         }
         if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $email)) {
             $check1 = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_email='" . $email . "'");
             $check2 = dbquery("SELECT * FROM " . DB_RM_USERS . " WHERE rmuser_useremail='" . $email . "'");
             if (dbrows($check1) || dbrows($check2)) {
                 redirect(BASEDIR . "register.php?msg=3");
             }
         } else {
             redirect(BASEDIR . "register.php?msg=4");
         }
         require_once CLASSES . "PasswordAuth.class.php";
         $passAuth = new PasswordAuth();
         $passAuth->inputNewPassword = $password1;
         $passAuth->inputNewPassword2 = $password2;
         $passAuth->currentPassword = "";
         $valid = $passAuth->isValidNewPassword();
         if ($valid === 0) {
             $password = $password1;
         } else {
             redirect(BASEDIR . "register.php?msg=5");
         }
     } else {
         redirect(BASEDIR . "register.php");
     }
 }
 require_once INCLUDES . "bbcode_include.php";
 // finish doublecheck - start app
Example #8
0
 public static function setAdminCookie($inputPassword)
 {
     global $userdata;
     if (iADMIN) {
         require_once CLASSES . "PasswordAuth.class.php";
         // Initialize password auth
         $passAuth = new PasswordAuth();
         $passAuth->currentAlgo = $userdata['user_admin_algo'];
         $passAuth->currentSalt = $userdata['user_admin_salt'];
         $passAuth->currentPasswordHash = $userdata['user_admin_password'];
         $passAuth->inputPassword = $inputPassword;
         // Check if input password is valid
         if ($passAuth->isValidCurrentPassword(true)) {
             $userdata['user_admin_algo'] = $passAuth->getNewAlgo();
             $userdata['user_admin_salt'] = $passAuth->getNewSalt();
             $userdata['user_admin_password'] = $passAuth->getNewHash();
             $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
             Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false);
         }
     }
 }
         $sql1 .= ", " . $f_name;
         $sql2 .= ", '" . $f_value . "'";
     } else {
         $sql1 .= $f_name;
         $sql2 .= "'" . $f_value . "'";
     }
     $i++;
 }
 //echo $sql1.$sql2;
 $ins_appp = dbquery("INSERT INTO " . DB_RM_FORM_APPS . " (" . $sql1 . ") VALUES (" . $sql2 . ")");
 $appp_id = mysql_insert_id();
 $name = $app['username'];
 $email = $app['useremail'];
 $password = $app['password'];
 require_once CLASSES . "PasswordAuth.class.php";
 $passAuth = new PasswordAuth();
 $passAuth->inputNewPassword = $password;
 $passAuth->inputNewPassword2 = $password;
 $passAuth->currentPassword = "";
 echo $valid = $passAuth->isValidNewPassword();
 if ($valid === 0) {
     // New password is valid
     $hash = $passAuth->getNewHash();
     $algo = $passAuth->getNewAlgo();
     $salt = $passAuth->getNewSalt();
 }
 $code = md5($name . $email);
 $ins_rm_user = dbquery("INSERT INTO " . DB_RM_USERS . " (rmuser_username, rmuser_useremail, rmuser_password, rmuser_algo, rmuser_salt, rmuser_code, rmuser_verified, rmuser_approved) VALUES ('" . $name . "', '" . $email . "', '" . $hash . "', '" . $algo . "', '" . $salt . "', '" . $code . "', '0', '0')");
 $rm_user_id = mysql_insert_id();
 $ins_app = dbquery("INSERT INTO " . DB_RM_APPS . " (app_rm_user, app_user, app_form, app_voted, app_votes_yes, app_votes_no, app_date, app_status, app_username, app_useremail) VALUES ('" . $rm_user_id . "', '0', '" . $appp_id . "', '', '0', '0', '" . $time . "', '0', '" . $name . "', '" . $email . "')");
 // sendmail, verify user
Example #10
0
 public static function setAdminCookie($inputPassword)
 {
     global $userdata;
     if (iADMIN) {
         // Initialize password auth
         $passAuth = new PasswordAuth();
         $passAuth->currentAlgo = $userdata['user_admin_algo'];
         $passAuth->currentSalt = $userdata['user_admin_salt'];
         $passAuth->currentPasswordHash = $userdata['user_admin_password'];
         $passAuth->inputPassword = $inputPassword;
         // Check if input password is valid
         if ($passAuth->isValidCurrentPassword(TRUE)) {
             $userdata['user_admin_algo'] = $passAuth->getNewAlgo();
             $userdata['user_admin_salt'] = $passAuth->getNewSalt();
             $userdata['user_admin_password'] = $passAuth->getNewHash();
             $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
             Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE);
             return TRUE;
         }
     }
     return FALSE;
 }
    if ($result && $result2) {
        $auth = new Authenticate($nick, $pass, true);
        $userdata = $auth->getUserData();
        unset($auth);
        redirect($_POST['url']);
    } else {
        redirect(BASEDIR . "login.php?ulogin_error");
    }
}
if (isset($_POST['ex_user_save'])) {
    $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $_POST['user_name'] . "'");
    if (dbrows($result)) {
        $user = dbarray($result);
        require_once CLASSES . "PasswordAuth.class.php";
        // Initialize password auth
        $passAuth = new PasswordAuth();
        $passAuth->currentAlgo = $user['user_algo'];
        $passAuth->currentSalt = $user['user_salt'];
        $passAuth->currentPasswordHash = $user['user_password'];
        $passAuth->inputPassword = $_POST['user_pass'];
        if ($passAuth->isValidCurrentPassword(false)) {
            $result = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_user, ulogin_identity, ulogin_network, ulogin_fullname) VALUES ('" . $user['user_id'] . "','" . $_POST['identity'] . "','" . $_POST['network'] . "', '" . iconv($locale['charset'], "UTF-8", $_POST['full_name']) . "')");
            $auth = new Authenticate($_POST['user_name'], $_POST['user_pass'], true);
            unset($auth);
            if ($result) {
                redirect($_POST['url']);
            }
        } else {
            redirect(BASEDIR . "login.php?ulogin_error");
        }
    } else {