function doLogin($usernm, $passwd) { global $mysql; $usernm = $mysql->escape_string($usernm); $check = $mysql->fetch_assoc("SELECT user,password,public_salt FROM " . SQLMODSLOG . " WHERE user='******'"); if ($check === false) { //Username does not exist. $this->storeBad($usernm, $passwd); //$this->error(S_WRONGPASS); return false; } else { //Username exists, hash given password and compare. require_once CORE_DIR . '/crypt/legacy.php'; $crypt = new SaguaroCryptLegacy(); if (!$crypt->compare_hash($passwd, $check['password'], $check['public_salt'])) { $this->storeBad($usernm, $passwd); //$this->error(S_WRONGPASS); return false; } else { //setcookie(name,value,expire,path,domain,secure,httponly); setcookie('saguaro_auser', $check['user'], 0); //, '/', SITE_ROOT_BD, false, true); setcookie('saguaro_apass', $check['password'], 0); //, '/', SITE_ROOT_BD, false, true); return true; } } return "<META HTTP-EQUIV='refresh' content='0;URL=" . PHP_ASELF_ABS . " '>"; }
function addStaff($user = 0, $pass1 = 0, $pass2 = 0, $perm) { global $mysql; //add staff member if (!valid('admin')) { error("Permission denied"); } if ($this->isStaff($mysql->escape_string($user))) { error("This user already exists!"); } switch ($perm) { case 'admin': $allowed = 'janitor_board,moderator,admin'; $denied = 'none'; break; case 'mod': $allowed = 'janitor_board,moderator'; $denied = 'admin'; break; case 'janitor': $allowed = 'janitor_board'; $denied = 'moderator, admin'; break; default: error("Attempted to set unknown permission type."); break; } if ($pass1 !== $pass2) { error("Passwords did not match!"); } require_once CORE_DIR . "/crypt/legacy.php"; $crypt = new SaguaroCryptLegacy(); $salt = $crypt->generate_hash($pass2); $mysql->query("INSERT INTO " . SQLMODSLOG . " (`user`, `password`, `public_salt`, `allowed`, `denied`) VALUES ('" . $mysql->escape_string($user) . "', '" . $salt['hash'] . "', '" . $salt['public_salt'] . "', '" . $allowed . "', '" . $denied . "')"); }
$tables = [SQLLOG => "primary key(no), no int not null auto_increment, now text, name text, email text, sub text, com text, host text, pwd text, ext text, w int, h int, tn_w int, tn_h int, tim text, time int, md5 text, fsize int, fname text, sticky int, permasage int, locked int, root timestamp, resto int, board text", SQLBANLOG => "num INT(25) PRIMARY KEY AUTO_INCREMENT, ip VARCHAR(25), active INT(1), placedon VARCHAR(25), expires VARCHAR(25), board VARCHAR(50), type VARCHAR (2), reason VARCHAR(500), staffnotes VARCHAR(500) ", SQLMODSLOG => "user VARCHAR(25), password VARCHAR(250), public_salt VARCHAR(256), allowed VARCHAR(250), denied VARCHAR(250), PRIMARY KEY (user), UNIQUE KEY (user)", SQLDELLOG => "postno VARCHAR(250) PRIMARY KEY, imgonly VARCHAR(25), board VARCHAR(250), name VARCHAR(250), sub VARCHAR(50), com VARCHAR(" . S_POSTLENGTH . "), img VARCHAR(250), filename VARCHAR(250), admin VARCHAR(100)", "reports" => "num VARCHAR(250) PRIMARY KEY, no VARCHAR(25), board VARCHAR(250), type VARCHAR(250), time TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ip VARCHAR(250)", "loginattempts" => "userattempt VARCHAR(25) PRIMARY KEY, passattempt VARCHAR(250), board VARCHAR(250), ip VARCHAR(250), attemptno VARCHAR(50)", "rebuildqueue" => "board char(4) NOT NULL, no int(11) NOT NULL, ownedby int(11) NOT NULL default '0', ts timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, PRIMARY KEY (board,no,ownedby)"]; foreach ($tables as $table => $query) { $sql = "SHOW TABLES LIKE '{$table}'"; $q = mysqli_query($mysqli, $sql); $exists = mysqli_num_rows($q) > 0 ? true : false; if ($exists) { echo "<strong>{$table}</strong> table already exists.<br>"; } else { echo "<strong>{$table}</strong> table does not exist, creating... "; $status = mysqli_query($mysqli, "CREATE TABLE {$table} ({$query})"); echo $status ? $success : "(" . mysqli_errno($mysqli) . ") " . $fail; } mysqli_free_result($q); } if ($loaded['crypt']) { $crypt = new SaguaroCryptLegacy(); echo "<br>Creating default accounts:<br>"; foreach ($defaults as $account) { $password = $crypt->generate_hash($account['pass']); //Generate password hash and public salt with SaguaroCrypt. //$pass = ($autolock === true) ? "<span class='spoiler'>" . $account['pass'] . "</span>" : ""; echo "<strong>" . $account['name'] . "</strong> {$pass} (<span class='info' title='Privileges'>" . $account['priv'] . "</span> / <span class='info' title='Denied'>" . $account['deny'] . "</span>) "; $status = mysqli_query($mysqli, "INSERT INTO " . SQLMODSLOG . " (user, password, public_salt, allowed, denied) VALUES ('{$account['name']}', '{$password['hash']}', '{$password['public_salt']}', '{$account['priv']}', '{$account['deny']}')"); $unfail = mysqli_errno($mysqli) == 1062 ? "<span class='fail'>ALREADY EXISTS</span><br>" : $fail; echo $status ? $success : "(" . mysqli_errno($mysqli) . ") " . $unfail; } } else { echo "<br><strong class='info' title='" . CORE_DIR . "/crypt/legacy.php'>SaguaroCrypt</strong> was not loaded, cannot create default accounts. <span class='info' title='SaguaroCrypt is used to encrypt passwords in the database.' style='font-style:italic;'>Why?</span>"; } } }