private function _setNewAdminPassword() { global $locale; // Only accept if user is admin, updating his profile (not admin panel) if (iADMIN && $this->_method == "validate_update" && !$this->isAdminPanel) { if ($this->_getPasswordInput("user_admin_password") == "") { if ($this->userData['user_admin_password'] == "") { $this->_isValidCurrentAdminPassword = true; $showError = false; } else { $this->_isValidCurrentAdminPassword = false; $showError = true; } } else { $this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false); $showError = true; } //$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false); $this->_newUserAdminPassword = $this->_getPasswordInput("user_new_admin_password"); $this->_newUserAdminPassword2 = $this->_getPasswordInput("user_new_admin_password2"); // Require current password if ($this->_isValidCurrentAdminPassword) { // Require current admin password if ($this->_isValidCurrentPassword) { if ($this->_userAdminPassword != $this->_userPassword) { // Intialize password auth $passAuth = new PasswordAuth(); $passAuth->inputPassword = $this->_userAdminPassword; $passAuth->inputNewPassword = $this->_newUserAdminPassword; $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; // Check admin new password $_isValidNewPassword = $passAuth->isValidNewPassword(); if ($_isValidNewPassword === 0) { // New password is valid $this->_setDBValue("user_admin_algo", $passAuth->getNewAlgo()); $this->_setDBValue("user_admin_salt", $passAuth->getNewSalt()); $this->_setDBValue("user_admin_password", $passAuth->getNewHash()); } else { if ($_isValidNewPassword === 1) { // New Password equal old password $this->_setError("user_password", $locale['u144'] . $locale['u146'] . $locale['u131']); } elseif ($_isValidNewPassword === 2) { // The two new passwords are not identical $this->_setError("user_password", $locale['u148a']); } elseif ($_isValidNewPassword === 3) { // New password contains invalid chars / symbols $this->_setError("user_password", $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']); } } } else { // New admin password equal Login password $this->_setError("user_admin_password", $locale['u144'] . $locale['u146'] . $locale['u133']); } } else { // Current login password is invalid $this->_setError("user_admin_password", $locale['u149b']); } } else { // Current admin password is invalid $this->_setError("user_admin_password", $locale['u149a'], $showError); } } }
private function _setAdminPassword() { global $locale, $defender; if ($this->_getPasswordInput("user_admin_password")) { // if submit current admin password $this->_userAdminPassword = $this->_getPasswordInput("user_admin_password"); // var1 $this->_newUserAdminPassword = $this->_getPasswordInput("user_admin_password1"); // var2 $this->_newUserAdminPassword2 = $this->_getPasswordInput("user_admin_password2"); // var3 $passAuth = new PasswordAuth(); //print_p($this->_userAdminPassword); // this is not available if no password exist //print_p($this->_newUserAdminPassword); //print_p($this->_newUserAdminPassword2); if (!$this->userData['user_admin_password'] && !$this->userData['user_admin_salt']) { // New Admin $valid_current_password = 1; $passAuth->inputPassword = '******'; $passAuth->inputNewPassword = $this->_userAdminPassword; $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; } else { // Old Admin // Intialize password auth $passAuth->inputPassword = $this->_userAdminPassword; // var1 $passAuth->inputNewPassword = $this->_newUserAdminPassword; // var2 $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; // var3 $passAuth->currentPasswordHash = $this->userData['user_admin_password']; $passAuth->currentAlgo = $this->userData['user_admin_algo']; $passAuth->currentSalt = $this->userData['user_admin_salt']; $valid_current_password = $passAuth->isValidCurrentPassword(); } if ($valid_current_password) { $this->_isValidCurrentAdminPassword = 1; // authenticated. now do the integrity check $_isValidNewPassword = $passAuth->isValidNewPassword(); switch ($_isValidNewPassword) { case '0': // New password is valid $new_admin_password = $passAuth->getNewHash(); $new_admin_salt = $passAuth->getNewSalt(); $new_admin_algo = $passAuth->getNewAlgo(); $this->data['user_admin_algo'] = $new_admin_algo; $this->data['user_admin_salt'] = $new_admin_salt; $this->data['user_admin_password'] = $new_admin_password; break; case '1': // new password is old password $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setInputError('user_admin_password1'); $defender->setErrorText('user_admin_password', $locale['u144'] . $locale['u146'] . $locale['u133']); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u146'] . $locale['u133']); break; case '2': // The two new passwords are not identical $defender->stop(); $defender->setInputError('user_admin_password1'); $defender->setInputError('user_admin_password2'); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u148a']); $defender->setErrorText('user_admin_password2', $locale['u144'] . $locale['u148a']); break; case '3': // New password contains invalid chars / symbols $defender->stop(); $defender->setInputError('user_admin_password1'); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']); break; } } else { $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setErrorText('user_admin_password', $locale['u149a']); } } else { // check db only - admin cannot save profile page without password if (iADMIN) { $require_valid_password = $this->userData['user_admin_password'] ? TRUE : FALSE; if (!$require_valid_password) { // 149 for admin $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setErrorText('user_admin_password', $locale['u149a']); } } } }
$adminPass->inputNewPassword = $newAdminPass; $adminPass->inputNewPassword2 = $newAdminPass; $adminPassIsReset = $adminPass->isValidNewPassword() === 0 ? true : false; if (isset($_POST['reset_login']) && $_POST['reset_login'] == 1) { $loginPass = new PasswordAuth(); $newLoginPass = $loginPass->getNewPassword(12); $loginPass->inputNewPassword = $newLoginPass; $loginPass->inputNewPassword2 = $newLoginPass; $message = str_replace(array("[USER_NAME]", "[NEW_PASS]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newLoginPass, $newAdminPass, $userdata['user_name'], $reset_message), $locale['409']); $loginPassIsReset = $loginPass->isValidNewPassword() === 0 ? true : false; } else { $message = str_replace(array("[USER_NAME]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newAdminPass, $userdata['user_name'], $reset_message), $locale['408']); $loginPassIsReset = true; } if ($loginPassIsReset && $adminPassIsReset && sendemail($data['user_name'], $data['user_email'], $userdata['user_name'], $userdata['user_email'], $locale['407'] . $settings['sitename'], $message)) { $result2 = dbquery("UPDATE " . DB_USERS . " SET\n\t\t\t\t\t\t" . ($newLoginPass ? "user_algo='" . $loginPass->getNewAlgo() . "', user_salt='" . $loginPass->getNewSalt() . "', \n\t\t\t\t\t\t\t\t\t\t\tuser_password='******', " : "") . "\n\t\t\t\t\t\tuser_admin_algo='" . $adminPass->getNewAlgo() . "', user_admin_salt='" . $adminPass->getNewSalt() . "', \n\t\t\t\t\t\tuser_admin_password='******'\n\t\t\t\t\tWHERE user_id='" . $data['user_id'] . "'"); $reset_success[] = array($data['user_id'], $data['user_name'], $data['user_email']); } else { $reset_failed[] = array($data['user_id'], $data['user_name'], $data['user_email']); } } opentable($locale['410']); $sucess = count($reset_success); $sucess_ids = ""; $failed = count($reset_failed); $failed_ids = ""; echo "<table cellpadding='0' cellspacing='0' width='70%' class='admin-reset tbl-border center'>\n"; for ($i = 0; $i < $sucess; $i++) { $sucess_ids .= $sucess_ids != "" ? "." . $reset_success[$i][0] : $reset_success[$i][0]; echo "<tr>\n"; echo "<td class='tbl1' width='250'><strong>" . ($i == 0 ? "Admins reset:" : "") . "</strong></td>\n";
sendemail($uinfo['user_name'], $uinfo['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['eml1'], $msg, "html"); redirect(BASEDIR . "register.php?msg=8"); } else { $name = $app['username']; $email = $app['useremail']; $password = $app['password']; require_once CLASSES . "PasswordAuth.class.php"; $passAuth = new PasswordAuth(); $passAuth->inputNewPassword = $password; $passAuth->inputNewPassword2 = $password; $passAuth->currentPassword = ""; echo $valid = $passAuth->isValidNewPassword(); if ($valid === 0) { // New password is valid $hash = $passAuth->getNewHash(); $algo = $passAuth->getNewAlgo(); $salt = $passAuth->getNewSalt(); } $code = md5($name . $email); $ins_rm_user = dbquery("INSERT INTO " . DB_RM_USERS . " (rmuser_username, rmuser_useremail, rmuser_password, rmuser_algo, rmuser_salt, rmuser_code, rmuser_verified, rmuser_approved) VALUES ('" . $name . "', '" . $email . "', '" . $hash . "', '" . $algo . "', '" . $salt . "', '" . $code . "', '0', '0')"); $rm_user_id = mysql_insert_id(); $ins_app = dbquery("INSERT INTO " . DB_RM_APPS . " (app_rm_user, app_user, app_form, app_voted, app_votes_yes, app_votes_no, app_date, app_status, app_username, app_useremail) VALUES ('" . $rm_user_id . "', '0', '" . $appp_id . "', '', '0', '0', '" . $time . "', '0', '" . $name . "', '" . $email . "')"); // sendmail, verify user require_once INCLUDES . "sendmail_include.php"; $msg = sprintf($locale['eml3'], $code); sendemail($name, $email, $settings['siteusername'], $settings['siteemail'], $locale['eml1'], $msg, "html"); redirect(BASEDIR . "register.php?msg=8"); } } else { redirect(BASEDIR . "register.php?msg=7"); }
public static function setAdminCookie($inputPassword) { global $userdata; if (iADMIN) { require_once CLASSES . "PasswordAuth.class.php"; // Initialize password auth $passAuth = new PasswordAuth(); $passAuth->currentAlgo = $userdata['user_admin_algo']; $passAuth->currentSalt = $userdata['user_admin_salt']; $passAuth->currentPasswordHash = $userdata['user_admin_password']; $passAuth->inputPassword = $inputPassword; // Check if input password is valid if ($passAuth->isValidCurrentPassword(true)) { $userdata['user_admin_algo'] = $passAuth->getNewAlgo(); $userdata['user_admin_salt'] = $passAuth->getNewSalt(); $userdata['user_admin_password'] = $passAuth->getNewHash(); $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'"); Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false); } } }
public static function setAdminCookie($inputPassword) { global $userdata; if (iADMIN) { // Initialize password auth $passAuth = new PasswordAuth(); $passAuth->currentAlgo = $userdata['user_admin_algo']; $passAuth->currentSalt = $userdata['user_admin_salt']; $passAuth->currentPasswordHash = $userdata['user_admin_password']; $passAuth->inputPassword = $inputPassword; // Check if input password is valid if ($passAuth->isValidCurrentPassword(TRUE)) { $userdata['user_admin_algo'] = $passAuth->getNewAlgo(); $userdata['user_admin_salt'] = $passAuth->getNewSalt(); $userdata['user_admin_password'] = $passAuth->getNewHash(); $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'"); Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE); return TRUE; } } return FALSE; }
} else { require_once "../locale/Russian_frontend.php"; } $nick = trim(stripinput($_POST['nickname'])); $email = trim(stripinput($_POST['email'])); $pass = trim(stripinput($_POST['password'])); require_once CLASSES . "PasswordAuth.class.php"; $passAuth = new PasswordAuth(); $passAuth->inputNewPassword = $pass; $passAuth->inputNewPassword2 = $pass; $passAuth->currentPassword = ""; echo $valid = $passAuth->isValidNewPassword(); if ($valid === 0) { // New password is valid $hash = $passAuth->getNewHash(); $algo = $passAuth->getNewAlgo(); $salt = $passAuth->getNewSalt(); } $identity = $_POST['identity']; $acc = $_POST['network']; $fn = iconv($locale['charset'], "UTF-8", $_POST['full_name']); $result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status, user_sig, user_salt, user_algo) VALUES('" . $nick . "', '" . $hash . "', '', '" . $email . "', '1', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '101', '0', '', '" . $salt . "', '" . $algo . "')"); $user_id = mysql_insert_id(); Authenticate::setUserCookie($user_id, $passAuth->getNewSalt(), $passAuth->getNewAlgo(), false); $result2 = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_identity, ulogin_network, ulogin_user, ulogin_fullname) VALUES ('" . $identity . "', '" . $acc . "', '" . $user_id . "', '" . $fn . "')"); require_once INCLUDES . "sendmail_include.php"; $text = sprintf($locale['ul14'], $_POST['identity'], $_POST['nickname'], $_POST['password']); sendemail($nick, $email, $settings['siteusername'], $settings['siteemail'], $locale['ul15'], $text); if ($result && $result2) { $auth = new Authenticate($nick, $pass, true); $userdata = $auth->getUserData();