function onSubmit($vals) { $vals['public'] = $vals['public'] ? 'yes' : 'no'; if ($vals['website'] == 'http://') { $vals['website'] = ''; } $session_id = session_make_pending_key(); $vals['verify'] = str_replace('PENDING:', '', $session_id); // 1. insert into sitellite_user $res = db_execute(' insert into sitellite_user (username, password, firstname, lastname, company, website, country, province, email, session_id, role, team) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', $vals['user_id'], better_crypt($vals['password']), $vals['firstname'], $vals['lastname'], $vals['company'], $vals['website'], $vals['country'], $vals['province'], $vals['email'], $session_id, 'member', 'core'); if (!$res) { page_title('Unknown Error'); echo '<p>An error occurred while creating your account. Please try again later.</p>'; echo '<p>Error Message: ' . db_error() . '</p>'; return; } // 2. insert into org_profile /*db_execute ( 'insert into org_profile (user_id, public, about, sig) values (?, ?, ?, ?)', $vals['user_id'], $vals['public'], $vals['about'], $vals['sig'] );*/ // 3. email confirmation @mail($vals['email'], 'Membership Confirmation', template_simple('member_confirmation.spt', $vals), 'From: ' . appconf('email')); // 4. log them in //global $cgi, $session; //$cgi->username = $cgi->user_id; //$session->username = $cgi->user_id; //$session->password = $cgi->password; //$session->start (); // 5. respond page_title(intl_get('Welcome') . ' ' . $vals['firstname'] . ' ' . $vals['lastname']); echo '<p>Your account has been created. An email has also been sent to your address containing information necessary to activate your account.</p>'; }
function onSubmit($vals) { $vals['public'] = $vals['public'] ? 'yes' : 'no'; if ($vals['website'] == 'http://') { $vals['website'] = ''; } $session_id = session_make_pending_key(); $vals['verify'] = str_replace('PENDING:', '', $session_id); // 1. insert into sitellite_user $res = session_user_add(array('username' => $vals['user_id'], 'password' => better_crypt($vals['password']), 'firstname' => $vals['firstname'], 'lastname' => $vals['lastname'], 'company' => $vals['company'], 'website' => $vals['website'], 'country' => $vals['country'], 'province' => $vals['province'], 'email' => $vals['email'], 'session_id' => $session_id, 'role' => 'member', 'team' => 'none', 'public' => $vals['public'], 'profile' => $vals['about'], 'sig' => $vals['sig'], 'registered' => date('Y-m-d H:i:s'), 'modified' => date('Y-m-d H:i:s'))); if (!$res) { page_title('Unknown Error'); echo '<p>An error occurred while creating your account. Please try again later.</p>'; return; } // 2. email confirmation @mail($vals['email'], 'Membership Confirmation', template_simple('register_confirmation.spt', $vals), 'From: ' . appconf('email')); // 3. respond page_title(intl_get('Welcome') . ' ' . $vals['firstname'] . ' ' . $vals['lastname']); echo '<p>Your account has been created. An email has also been sent to your address containing information necessary to activate your account.</p>'; }
/** * Calls the better_crypt() function instead of crypt() when comparing * a new password to the original to see if it matches up. * * @access public * @param string * @param string * @return boolean */ function better_crypt_compare($pass, $original) { if (better_crypt($pass, $original) == $original) { return true; } return false; }
$vals['teams'][$k] = str_replace(',', '', $v); if (empty($vals['teams'][$k])) { unset($vals['teams'][$k]); } } unset($vals['_list']); unset($vals['tab1']); unset($vals['tab2']); unset($vals['tab3']); unset($vals['tab-end']); unset($vals['password_verify']); unset($vals['submit_button']); unset($vals['registered']); $vals['modified'] = date('Y-m-d H:i:s'); if (!empty($vals['passwd'])) { $vals['password'] = better_crypt($vals['passwd']); unset($vals['passwd']); } else { unset($vals['passwd']); } $user = $vals['_key']; unset($vals['_key']); $vals['lang'] = 'en'; // changeable via preferences later by user if ($vals['website'] == 'http://') { unset($vals['website']); } if ($user == session_username()) { global $session; $vals['expires'] = date('YmdHis', time() + $session->timeout); }
// verify key $cgi->user = $session->getUserByEmail($cgi->email); if (!$cgi->user) { if ($box['context'] == 'action') { page_title(intl_get('Recover Your Password')); } echo template_simple('passrecover/emailnotfound.spt', $cgi); return; } if (!$session->isValidKey($cgi->user, 'RECOVER:' . $cgi->key)) { header('Location: ' . site_prefix() . '/index/sitemember-passrecover-action'); exit; } if (!empty($cgi->password) && $cgi->verify == $cgi->password) { // update password $session->update(array('password' => better_crypt($cgi->password)), $cgi->user); $session->username = $cgi->user; $session->password = $cgi->password; $session->start(); if ($box['context'] == 'action') { page_title(intl_get('Your Password Has Been Changed')); } } else { if ($cgi->verify != $cgi->password) { $cgi->error = true; } // prompt for new password if ($box['context'] == 'action') { page_title(intl_get('Choose a New Password')); } echo template_simple('passrecover/newpass.spt', $cgi);
if ($new_password != $new_password2) { $errors[] = $lang['passwords_not_identical']; } $error = Account::validatePassword($new_password); if ($error != AccountError::NO_ERROR) { $errors[] = AccountError::str($error, $lang); } if (count($errors) == 0) { // check if username and token are valid $query = "SELECT id from " . DB_PREFIX . "user WHERE name = '" . escape($db, $username) . "' and resetToken = '" . escape($db, $token) . "' and resetToken <> '' LIMIT 1"; $result = $db->query($query); if ($result->num_rows == 0) { $errors[] = $lang["token_incorrect"]; } else { $user = $result->fetch_object(); $crypted_pw = better_crypt($new_password); $db->query("UPDATE " . DB_PREFIX . "user SET password = '******', resetToken = '' WHERE id = {$user->id} LIMIT 1"); header("Location:index.php?changedpw"); } } } ?> <h2>Passwort zurücksetzen</h2> <?php foreach ($errors as $error) { echo '<div class="enboxed" style="color:red;">' . $error . '</div>'; } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>
} // Check that the password contains enough $ret = preg_match("/^(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^a-zA-Z0-9])(?!.*\\s).{8,20}\$/", $_POST['password']); if ($ret != true) { $_SESSION['error_message'] = "The password must contain:<br>one lower case letter, one upper case letter,<br>one digit, one special character,<br>be 8-20 in length, and have no spaces."; session_write_close(); header("Location: register.php"); return; } $username = test_input($_POST["email"]); $api_key = test_input($_POST["api_key"]); $answer = test_input($_POST["answer"]); $label_format = $_POST['label_format']; $question = $_POST['question']; $password = $_POST['password']; $password_hash = better_crypt($password); // Check if the API Key is valid $restApi = new RestApi(array('url' => $base_url . 'machines', 'token' => $api_key, 'methodType' => 'GET', 'params' => array())); $info_arr = $restApi->getInfo(); //echo $info_arr["http_code"]; if ($info_arr["http_code"] != 200) { $_SESSION['error_message'] = 'Your API Key does not seem to be valid<br>Error Code: ' . $info_arr["http_code"]; header("Location: register.php"); return; } // check if the username or API already exists in the DB if (checkRedundantVal($username) || checkRedundantVal($api_key)) { header("Location: check_user_false.php"); } else { // Connect to the DB $con = tep_db_connect();
echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n" . "<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n" . "The requested URL " . $PHP_SELF . " was not found on this server.<p>\n<hr>\n" . $_SERVER['SERVER_SIGNATURE'] . "</body></html>"; exit; } // END KEEPOUT CHECKING $on = appconf('changepass'); if (!$on) { header('Location: ' . site_prefix() . '/index/sitemember-app'); exit; } elseif ($on != 'box:sitemember/changepass') { list($type, $call) = split(':', $on); $func = 'loader_' . $type; echo $func(trim($call), array(), $context); return; } if (!session_valid()) { header('Location: ' . site_prefix() . '/index/sitemember-app'); exit; } global $cgi, $session; if (better_crypt_compare($cgi->current, session_password()) && !empty($cgi->newpass) && $cgi->verify == $cgi->newpass) { $session->update(array('password' => better_crypt($cgi->newpass), 'expires' => date('Y-m-d H:i:s', time() + 3600)), $session->username); page_title(intl_get('Password Changed')); echo template_simple('pass_changed.spt'); } else { $data = array(); if (!empty($cgi->newpass)) { $data['error'] = true; } page_title(intl_get('Change Password')); echo template_simple('changepass.spt', $data); }
public static function register($db, $lang, $username, $password, $email) { Account::cleanup($db); $result = $db->query("SELECT COUNT(*) FROM " . DB_PREFIX . "user WHERE name = '" . escape($db, $username) . "' LIMIT 1"); $result = $result->fetch_row(); if ($result[0] != 0) { return AccountError::USERNAME_OCCUPIED; } $result = $db->query("SELECT COUNT(*) FROM " . DB_PREFIX . "user WHERE email = '" . escape($db, $email) . "' LIMIT 1"); $result = $result->fetch_row(); if ($result[0] != 0) { return AccountError::EMAIL_OCCUPIED; } if (strlen($username) < self::USERNAME_MIN_LENGTH || strlen($username) > self::USERNAME_MAX_LENGTH) { return AccountError::USERNAME_INVALID_LENGTH; } //if (! preg_match("/^[-0-9A-Z_@+.\s]+$/i", $username) || strpos($username, " ") !== false) { if (preg_match("/\\s/i", $username)) { return AccountError::USERNAME_INVALID_CHARS; } $pwerror = Account::validatePassword($password); if ($pwerror != AccountError::NO_ERROR) { return $pwerror; } if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) { return AccountError::INVALID_EMAIL; } $crypted_pw = better_crypt($password); $token = ""; if (EMAIL_VERIFICATION) { $token = Account::sendRegisterMail($lang, $email, $username); if ($token === false) { return AccountError::EMAIL_SEND_ERROR; } } $query = "INSERT INTO " . DB_PREFIX . "user (name, password, power, status, nameColor, registerToken, email, registerDate) VALUES ('" . escape($db, $username) . "', '" . $crypted_pw . "', 10, '" . self::DEFAULT_STATUS . "', '" . randomColor() . "', '" . $token . "', '" . escape($db, $email) . "', " . time() * 1000 . ")"; $result = $db->query($query); if ($result === false) { echo '<pre>' . $query . "\n" . $db->error; return AccountError::DATABASE_ERROR; } return AccountError::NO_ERROR; }
/** * Encrypts the value given with the optional salt. If the * value is also missing, uses the $data_value property. Returns the * encrypted string. * * @access public * @param string $value * @param string $salt * @return string * */ function encrypt($value = '', $salt = '') { return better_crypt($value, $salt); }
$data['onclick'] = 'return validate (this.form)'; $data['body'] = template_simple('password.spt', $data); } break; case 6: $conn = @mysql_connect($cgi->dbhost . ':' . $cgi->dbport, $cgi->dbuser, $cgi->dbpass); if (!$conn) { header(sprintf('Location: ?step=3&dbhost=%s&dbport=%s&database=%s&dbuser=%s&dbpass=%s&drop=%s&error=%s', $cgi->dbhost, $cgi->dbport, $cgi->database, $cgi->dbuser, $cgi->dbpass, $cgi->drop, 'Failed to connect to MySQL: ' . mysql_error())); exit; } if (!@mysql_select_db($cgi->database, $conn)) { header(sprintf('Location: ?step=3&dbhost=%s&dbport=%s&database=%s&dbuser=%s&dbpass=%s&drop=%s&error=%s', $cgi->dbhost, $cgi->dbport, $cgi->database, $cgi->dbuser, $cgi->dbpass, $cgi->drop, 'Can\'t use database "' . $cgi->database . '": ' . mysql_error())); exit; } // set password if (!@mysql_query('update sitellite_user set password = "******" where username = "******"', $conn)) { $data['error'] = true; $data['body'] = '<p class="notice">Error setting password: '******'</p>'; } $data['step'] = 6; $data['next_step'] = 7; $data['title'] = 'Finish Up'; $data['next'] = 'Finish'; if (empty($data['body'])) { $data['body'] = template_simple('finish.spt', $data); } break; default: // mark the installation completed @umask(00); @touch('installed');
if ($parameters['command'] == 'save') { if (!session_valid()) { echo loader_box('sitellite/user/password', null); // The error message will handle itself return; } if (empty($parameters['password_new_1']) || empty($parameters['password_new_2'])) { // They gotta fill out all 3 fields echo loader_box('sitellite/user/password', array('errormsg' => 'You have to fill in both password fields with your new password')); return; } if ($parameters['password_new_1'] != $parameters['password_new_2']) { echo loader_box('sitellite/user/password', array('errormsg' => 'Your passwords do not match')); return; } $crypted = better_crypt($parameters['password_new_1']); $res = db_execute("update sitellite_user set password = ?, expires = now() + 3600 where username = ?", $crypted, $session->username); if (!$res) { echo loader_box('sitellite/user/password', array('errormsg' => 'Database error: ' . db_error())); return; } if (!isset($parameters['goto'])) { $parameters['goto'] = ''; } else { $parameters['goto'] = '/' . $parameters['goto']; } page_title(intl_get('Password Changed')); echo template_simple('user/password_saved.spt', $parameters); return; } case 'inline':
function updateUserPassword($userID, $password, $key) { if (checkEmailKey($key, $userID) === false) { return false; } //$password = md5(trim($password) . PW_SALT); $password = better_crypt($password); if ($SQL = tep_db_query("UPDATE `users` SET `password` = '" . $password . "' WHERE `id` = {$userID}")) { $SQL = tep_db_query("DELETE FROM `recoveryemails_enc` WHERE `Key` = '{$key}'"); } }