private function _setAdminPassword()
 {
     global $locale, $defender;
     if ($this->_getPasswordInput("user_admin_password")) {
         // if submit current admin password
         $this->_userAdminPassword = $this->_getPasswordInput("user_admin_password");
         // var1
         $this->_newUserAdminPassword = $this->_getPasswordInput("user_admin_password1");
         // var2
         $this->_newUserAdminPassword2 = $this->_getPasswordInput("user_admin_password2");
         // var3
         $passAuth = new PasswordAuth();
         //print_p($this->_userAdminPassword); // this is not available if no password exist
         //print_p($this->_newUserAdminPassword);
         //print_p($this->_newUserAdminPassword2);
         if (!$this->userData['user_admin_password'] && !$this->userData['user_admin_salt']) {
             // New Admin
             $valid_current_password = 1;
             $passAuth->inputPassword = '******';
             $passAuth->inputNewPassword = $this->_userAdminPassword;
             $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
         } else {
             // Old Admin
             // Intialize password auth
             $passAuth->inputPassword = $this->_userAdminPassword;
             // var1
             $passAuth->inputNewPassword = $this->_newUserAdminPassword;
             // var2
             $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
             // var3
             $passAuth->currentPasswordHash = $this->userData['user_admin_password'];
             $passAuth->currentAlgo = $this->userData['user_admin_algo'];
             $passAuth->currentSalt = $this->userData['user_admin_salt'];
             $valid_current_password = $passAuth->isValidCurrentPassword();
         }
         if ($valid_current_password) {
             $this->_isValidCurrentAdminPassword = 1;
             // authenticated. now do the integrity check
             $_isValidNewPassword = $passAuth->isValidNewPassword();
             switch ($_isValidNewPassword) {
                 case '0':
                     // New password is valid
                     $new_admin_password = $passAuth->getNewHash();
                     $new_admin_salt = $passAuth->getNewSalt();
                     $new_admin_algo = $passAuth->getNewAlgo();
                     $this->data['user_admin_algo'] = $new_admin_algo;
                     $this->data['user_admin_salt'] = $new_admin_salt;
                     $this->data['user_admin_password'] = $new_admin_password;
                     break;
                 case '1':
                     // new password is old password
                     $defender->stop();
                     $defender->setInputError('user_admin_password');
                     $defender->setInputError('user_admin_password1');
                     $defender->setErrorText('user_admin_password', $locale['u144'] . $locale['u146'] . $locale['u133']);
                     $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u146'] . $locale['u133']);
                     break;
                 case '2':
                     // The two new passwords are not identical
                     $defender->stop();
                     $defender->setInputError('user_admin_password1');
                     $defender->setInputError('user_admin_password2');
                     $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u148a']);
                     $defender->setErrorText('user_admin_password2', $locale['u144'] . $locale['u148a']);
                     break;
                 case '3':
                     // New password contains invalid chars / symbols
                     $defender->stop();
                     $defender->setInputError('user_admin_password1');
                     $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']);
                     break;
             }
         } else {
             $defender->stop();
             $defender->setInputError('user_admin_password');
             $defender->setErrorText('user_admin_password', $locale['u149a']);
         }
     } else {
         // check db only - admin cannot save profile page without password
         if (iADMIN) {
             $require_valid_password = $this->userData['user_admin_password'] ? TRUE : FALSE;
             if (!$require_valid_password) {
                 // 149 for admin
                 $defender->stop();
                 $defender->setInputError('user_admin_password');
                 $defender->setErrorText('user_admin_password', $locale['u149a']);
             }
         }
     }
 }
 private function _isValidCurrentPassword($loginPass = true, $skipCurrentPass = false)
 {
     if ($loginPass && !$skipCurrentPass) {
         $this->_userHash = $this->_getPasswordInput("user_hash");
         $this->_userPassword = $this->_getPasswordInput("user_password");
         $password = $this->_userPassword;
         $hash = $this->userData['user_password'];
         $salt = $this->userData['user_salt'];
         $algo = $this->userData['user_algo'];
     } elseif ($loginPass == false && !$skipCurrentPass) {
         $this->_userAdminPassword = $this->_getPasswordInput("user_admin_password");
         $password = $this->_userAdminPassword;
         $hash = $this->userData['user_admin_password'];
         $salt = $this->userData['user_admin_salt'];
         $algo = $this->userData['user_admin_algo'];
     }
     if ($skipCurrentPass == false) {
         // Check user auth
         if ($loginPass && $this->_userHash != $hash) {
             redirect(BASEDIR . "index.php");
         }
         // Intialize password auth
         $passAuth = new PasswordAuth();
         $passAuth->inputPassword = $password;
         $passAuth->currentAlgo = $algo;
         $passAuth->currentSalt = $salt;
         $passAuth->currentPasswordHash = $hash;
         // Check if password is correct
         if ($passAuth->isValidCurrentPassword(false)) {
             return true;
         } else {
             return false;
         }
     } else {
         return true;
     }
 }
Example #3
0
 public static function setAdminCookie($inputPassword)
 {
     global $userdata;
     if (iADMIN) {
         // Initialize password auth
         $passAuth = new PasswordAuth();
         $passAuth->currentAlgo = $userdata['user_admin_algo'];
         $passAuth->currentSalt = $userdata['user_admin_salt'];
         $passAuth->currentPasswordHash = $userdata['user_admin_password'];
         $passAuth->inputPassword = $inputPassword;
         // Check if input password is valid
         if ($passAuth->isValidCurrentPassword(TRUE)) {
             $userdata['user_admin_algo'] = $passAuth->getNewAlgo();
             $userdata['user_admin_salt'] = $passAuth->getNewSalt();
             $userdata['user_admin_password'] = $passAuth->getNewHash();
             $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
             Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE);
             return TRUE;
         }
     }
     return FALSE;
 }
Example #4
0
 public static function setAdminCookie($inputPassword)
 {
     global $userdata;
     if (iADMIN) {
         require_once CLASSES . "PasswordAuth.class.php";
         // Initialize password auth
         $passAuth = new PasswordAuth();
         $passAuth->currentAlgo = $userdata['user_admin_algo'];
         $passAuth->currentSalt = $userdata['user_admin_salt'];
         $passAuth->currentPasswordHash = $userdata['user_admin_password'];
         $passAuth->inputPassword = $inputPassword;
         // Check if input password is valid
         if ($passAuth->isValidCurrentPassword(true)) {
             $userdata['user_admin_algo'] = $passAuth->getNewAlgo();
             $userdata['user_admin_salt'] = $passAuth->getNewSalt();
             $userdata['user_admin_password'] = $passAuth->getNewHash();
             $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
             Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false);
         }
     }
 }
    } else {
        redirect(BASEDIR . "login.php?ulogin_error");
    }
}
if (isset($_POST['ex_user_save'])) {
    $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $_POST['user_name'] . "'");
    if (dbrows($result)) {
        $user = dbarray($result);
        require_once CLASSES . "PasswordAuth.class.php";
        // Initialize password auth
        $passAuth = new PasswordAuth();
        $passAuth->currentAlgo = $user['user_algo'];
        $passAuth->currentSalt = $user['user_salt'];
        $passAuth->currentPasswordHash = $user['user_password'];
        $passAuth->inputPassword = $_POST['user_pass'];
        if ($passAuth->isValidCurrentPassword(false)) {
            $result = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_user, ulogin_identity, ulogin_network, ulogin_fullname) VALUES ('" . $user['user_id'] . "','" . $_POST['identity'] . "','" . $_POST['network'] . "', '" . iconv($locale['charset'], "UTF-8", $_POST['full_name']) . "')");
            $auth = new Authenticate($_POST['user_name'], $_POST['user_pass'], true);
            unset($auth);
            if ($result) {
                redirect($_POST['url']);
            }
        } else {
            redirect(BASEDIR . "login.php?ulogin_error");
        }
    } else {
        redirect(BASEDIR . "login.php?ulogin_error");
    }
}
if (isset($_POST['action']) && $_POST['action'] == "gettoken") {
    require_once INFUSIONS . "ulogin/lib/uloginAPI2.class.php";