<input type="text" id="root" name="root" value="' . $config['root'] . '" /> <label for="dir_img">Image directory:</label> <input type="text" id="dir_img" name="dir[img]" value="' . $config['dir']['img'] . '" /> <label for="dir_thumb">Thumbnail directory:</label> <input type="text" id="dir_thumb" name="dir[thumb]" value="' . $config['dir']['thumb'] . '" /> <label for="dir_res">Thread directory:</label> <input type="text" id="dir_res" name="dir[res]" value="' . $config['dir']['res'] . '" /> </fieldset> <fieldset> <legend>Miscellaneous</legend> <label for="secure_trip_salt">Secure trip (##) salt:</label> <input type="text" id="secure_trip_salt" name="secure_trip_salt" value="' . create_salt() . '" size="40" /> </fieldset> <p style="text-align:center"> <input type="submit" value="Complete installation" /> </p> </form> '; echo Element('page.html', $page); } elseif ($step == 3) { $instance_config = '<?php /* * Instance Configuration * ---------------------- * Edit this file and not config.php for imageboard configuration.
} else { $_SESSION['error'] = message_error(pg_last_error($db_connection)); header("Location: ../showcase/php/php_showcase_data_manipulation.php"); } } else { header("Location: ../showcase/php/php_showcase_data_manipulation.php"); } } else { if (isset($_POST['edit_mode'])) { if (!isset($_POST['password']) || isset($_POST['password']) && strlen($_POST['password']) == 0) { $password = null; } if (strlen(create_error_string($login, $password, $email, $gender)) == 0) { $update_user_sql = "UPDATE users SET superuser = '******', email = '{$email}', note = '{$note}', gender = '{$gender}'"; if (isset($_POST['password']) && strlen($password) > 0) { $salt_hash = create_salt(); $password_hash = create_password_hash($password, $salt_hash); $update_user_sql .= ", password_hash = '{$password_hash}', salt_hash = '{$salt_hash}' "; } $update_user_sql .= "WHERE login LIKE '{$login}'"; if ($update_user_sql_result = pg_query($db_connection, $update_user_sql)) { $_SESSION['info'] = message_info("User " . $login . " updated successfully."); header("Location: ../showcase/php/php_showcase_db_diagnostics.php"); } else { $_SESSION['error'] = message_error(pg_last_error($db_connection)); header("Location: ../showcase/php/php_showcase_data_manipulation.php"); } } else { header("Location: ../showcase/php/php_showcase_data_manipulation.php"); } } else {
function md5crypt($pw, $salt = "", $magic = "") { $MAGIC = "\$1\$"; if ($magic == "") { $magic = $MAGIC; } if ($salt == "") { $salt = create_salt(); } $slist = explode("\$", $salt); if ($slist[0] == "1") { $salt = $slist[1]; } $salt = substr($salt, 0, 8); $ctx = $pw . $magic . $salt; $final = hex2bin(md5($pw . $salt . $pw)); for ($i = strlen($pw); $i > 0; $i -= 16) { if ($i > 16) { $ctx .= substr($final, 0, 16); } else { $ctx .= substr($final, 0, $i); } } $i = strlen($pw); while ($i > 0) { if ($i & 1) { $ctx .= chr(0); } else { $ctx .= $pw[0]; } $i = $i >> 1; } $final = hex2bin(md5($ctx)); for ($i = 0; $i < 1000; $i++) { $ctx1 = ""; if ($i & 1) { $ctx1 .= $pw; } else { $ctx1 .= substr($final, 0, 16); } if ($i % 3) { $ctx1 .= $salt; } if ($i % 7) { $ctx1 .= $pw; } if ($i & 1) { $ctx1 .= substr($final, 0, 16); } else { $ctx1 .= $pw; } $final = hex2bin(md5($ctx1)); } $passwd = ""; $passwd .= to64(ord($final[0]) << 16 | ord($final[6]) << 8 | ord($final[12]), 4); $passwd .= to64(ord($final[1]) << 16 | ord($final[7]) << 8 | ord($final[13]), 4); $passwd .= to64(ord($final[2]) << 16 | ord($final[8]) << 8 | ord($final[14]), 4); $passwd .= to64(ord($final[3]) << 16 | ord($final[9]) << 8 | ord($final[15]), 4); $passwd .= to64(ord($final[4]) << 16 | ord($final[10]) << 8 | ord($final[5]), 4); $passwd .= to64(ord($final[11]), 2); return "{$magic}{$salt}\${$passwd}"; }
function register_user($username, $password, $firstname, $lastname) { $username = strtolower($username); $hash = hash("sha256", $password); $salt = create_salt(); $hash = hash("sha256", $salt . $hash); $mysqli = new mysqli($GLOBALS["dbhost"], $GLOBALS["dbuser"], $GLOBALS["dbpass"], $GLOBALS["dbname"]); if (mysqli_connect_errno()) { return mysqli_connect_error(); } // sanitize username $username = $mysqli->real_escape_string($username); // check if user is registered $query = "SELECT * FROM Users WHERE Username = '******';"; $result = $mysqli->query($query); if ($result->num_rows > 0) { // if they are, close the connection and result and return $result->close(); $mysqli->close(); return "Username already registered!"; } // close the result $result->close(); // insert user into database $query = "INSERT INTO Users ( Username, FirstName, LastName, Password, Salt ) VALUES ( '{$username}' , '{$firstname}' , '{$lastname}', '{$hash}', '{$salt}' );"; $result = $mysqli->query($query); if (!$result) { $mysqli->close(); return "Could not insert user."; } // Close the connection $mysqli->close(); // Return Successful return "Successful"; }