Exemple #1
0
             }
         }
         fclose($fr);
         if (!rename($file_write, '../inc/config.php')) {
             sendBack('Failed to move config file');
         }
     } else {
         if (!is_readable($file_read)) {
             die('Config file is not readable or writeable');
         }
     }
 } else {
     die('Config file does not exist');
 }
 ## Setup the random information for the original admin user ##
 $user_salt = genSalt(12);
 $user_pw = randPass(10);
 $pass_hash = genPw($user_pw, $user_salt);
 ## Add user to the database
 $result = $dbl->addUser('admin', 'Admin', $email, $pass_hash, $user_salt, 2, 1);
 if (!$result) {
     sendBack('Their was a problem adding the admin user to the admin tables, please check the users table exists in your Echelon database');
 }
 ## Send the admin their email ##
 $body = '<html><body>';
 $body .= '<h2>Echelon Admin User Information</h2>';
 $body .= 'This is the admin user login informtion.<br />';
 $body .= 'Username: <b>admin</b><br />';
 $body .= 'Password: <b>' . $user_pw . "</b><br />";
 $body .= 'If you have not already, please entirely remove the install folder from Echelon (/echelon/install/).<br />';
 $body .= 'Thank you for downloading and installing Echelon, <br />';
Exemple #2
0
function hashPass($pass)
{
    // A higher "cost" is more secure but consumes more processing power
    $cost = 5;
    // Create a random salt
    $salt = genSalt();
    // Prefix information about the hash so PHP knows how to verify it later.
    // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
    $salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
    // Hash the password with the salt
    $hash = crypt($pass, $salt);
    return $hash;
}
Exemple #3
0
function encrypt_password($password, $EncryptInfoInOutput = TRUE, $existing_password = FALSE)
{
    switch (PASSWD_ENC) {
        case "clear":
            # do nothing
            $encryption_Info = '';
            break;
        case "crypt":
            // old not correct crypt:
            if ($existing_password !== FALSE and !empty($existing_password)) {
                $password = crypt($password, $existing_password);
                NConf_DEBUG::set("Encrypting password using existing password as salt(" . $existing_password . "): " . $password, 'DEBUG', "encrypt_password");
            } elseif ($existing_password === FALSE) {
                $password = crypt($password, genSalt());
                NConf_DEBUG::set("Encrypting password: "******"encrypt_password");
            } else {
                NConf_DEBUG::set("error", 'DEBUG', "encrypt_password");
            }
            $encryption_Info = "{CRYPT}";
            break;
        case "md5":
            $password = md5($password);
            NConf_DEBUG::set("Encrypting password: "******"encrypt_password");
            $encryption_Info = "{MD5}";
            break;
        case "sha":
            $password = sha1($password);
            NConf_DEBUG::set("Encrypting password: "******"encrypt_password");
            $encryption_Info = "{SHA1}";
            break;
    }
    if ($EncryptInfoInOutput) {
        $password = $encryption_Info . $password;
    }
    return $password;
}
Exemple #4
0
function genPass($para_arr, $hash = 'DES')
{
    if ($hash == 'SHA') {
        return '{SHA}' . base64_encode(pack('H*', sha1($para_arr['passwd'])));
        //return ('{SHA}' . base64_encode(sha1($para_arr['passwd'], TRUE)) );
    }
    if ($hash == 'MD5') {
        return cryptMD5Pass($para_arr['passwd'], $para_arr['salt']);
    }
    if ($hash == 'DES') {
        return md5($para_arr['user'] . ':' . $para_arr['realm'] . ':' . $para_arr['passwd']);
    }
    if (!$passwd) {
        // Return what we were given
        // If calling this directly, do something like
        // $enc_pass = $Htpasswd->cryptPass($pass);
        // if (empty($enc_pass)) { BARF! }
        // You should really verify the data before calling
        // this though - I do.
        return "";
    }
    if (!empty($salt)) {
        //# Make sure only use 2 chars
        $salt = substr($salt, 0, 2);
    } else {
        // If no salt, generate a (pseudo) random one
        $salt = genSalt();
    }
    return crypt($passwd, $salt);
}
emptyInput($display, 'display name');
emptyInput($username, 'username');
emptyInput($pw1, 'your new password');
// check the new email address is a valid email address
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    sendBack('That email address is not valid');
}
## Check if key and email are valid ##
$valid_key = $dbl->verifyRegKey($key, $email, $key_expire);
if (!$valid_key && key == "0") {
    // if the key sent is a valid one
    sendBack('The key or email you submitted are not valid.');
}
## Add user to users table ##
// generate a new salt for the user
$salt = genSalt();
// find the hash of the supplied password and the new salt
$password = genPW($pw1, $salt);
if ($valid_key) {
    $results = $dbl->getGroupAndIdWithKey($key);
    // find the permissions for the user that are assoc with the sent key
    $group = $results[0];
    // perms for user
    $admin_id = $results[1];
    // id of the admin who added this user
} else {
    //self registered
    if ($config['cosmos']['self_reg'] != 'true') {
        sendBack('Self registration is disabled!');
    }
    $group = 1;
 /**
  * Creates a new account
  * @param string $username
  * @param string $password
  * @param array $specialArr More information key=db-column values=value
  * @param string $language
  * @return bool, int on failure
  */
 public function create_user($username, $password, $specialArr = array(), $language = 'default')
 {
     global $db;
     if ($language == 'default') {
         $language = $this->_config['defaultlang'];
     }
     //TODO check if language exists
     if ($this->userExists($username)) {
         return -1;
     }
     $pwsalt = genSalt($password);
     $names = '`username`, `password`, `password_salt`';
     $values = "'" . $db->escape($username) . "', '" . $pwsalt[0] . "', '" . $pwsalt[1] . "'";
     $result = $db->query("INSERT INTO `user` (" . $names . ") VALUES (" . $values . ")");
     if (!$db->Affected_Rows()) {
         return -2;
     }
     return true;
 }
 /**
  * Takes password and generates salt and hash. Then updates their password in the DB
  *
  * @param string $password - the new password the user
  * @param int $user_id - the id of the user that is being edited
  * @param int $min_pw_len - min len of password
  * @return bool(true)/string(error)
  */
 function genAndSetNewPW($password, $user_id, $min_pw_len)
 {
     // get the DB instance pointer
     $dbl = DBL::getInstance();
     // check that the supplied password meets the required password policy for strong passwords
     if (!$this->pwStrength($password, $min_pw_len)) {
         // false: not strong enough
         return 'The password you supplied is not strong enough, a password must be longer than ' . $min_pw_len . ' character and should follow this <a href="http://echelon.bigbrotherbot.net/pw/" title="Echelon Password Policy">policy</a>.';
     }
     // generate a new salt for the user
     $salt_new = genSalt();
     // find the hash of the supplied password and the new salt
     $password_hash = genPW($password, $salt_new);
     // update the user with new password and new salt
     $results_pw = $dbl->editMePW($password_hash, $salt_new, $user_id);
     if ($results_pw == false) {
         return 'There was an error changing your password';
     } else {
         return true;
     }
 }
Exemple #8
0
 //code by Eric A. Meyer, license CC BY-SA
 echo '<script type="text/javascript">function encode() { var obj = document.getElementById("dencoder"); var unencoded = obj.value; obj.value = encodeURIComponent(unencoded); } function decode() { var obj = document.getElementById("dencoder"); var encoded = obj.value; obj.value = decodeURIComponent(encoded.replace(/\\+/g,  " ")); } </script>';
 echo "<font color='blue'>---> Text encoderz/decoderz</font><br><br>";
 echo "fast URL-encoder:<br>";
 echo '<form onsubmit="return false;" action="javascript;"><textarea cols="80" rows="4" id="dencoder"></textarea><div><input type="button" onclick="decode()" value="Decode"> <input type="button" onclick="encode()" value="Encode"></div></form>';
 echo "<br>other encoders: ";
 $cryptform = "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">\n   <input name=\"p\" type=\"hidden\" value=\"e\">\n   <textarea name=\"text\" cols=\"80\" rows=\"4\">";
 if (isset($_POST["text"])) {
     $cryptform .= $_POST["text"];
     $hash = $_POST['hash'];
     $hash1 = $_POST['hash1'];
     $hash2 = $_POST['hash2'];
 } else {
     $hash = genSalt('zxcv', 8);
     $hash1 = genSalt('zxcv', 8);
     $hash2 = genSalt('zxcv', 6, 1);
 }
 $cryptform .= "</textarea><br>\n   <select name=\"cryptmethod\"> \n   <option value=\"asc2hex\"" . ($_POST["cryptmethod"] == "asc2hex" ? " selected" : "") . ">ASCII to Hex</option> \n   <option value=\"hex2asc\"" . ($_POST["cryptmethod"] == "hex2asc" ? " selected" : "") . ">Hex to ASCII</option> \n   <option value=\"b64enc\"" . ($_POST["cryptmethod"] == "b64enc" ? " selected" : "") . ">Base64 Encode</option> \n   <option value=\"b64dec\"" . ($_POST["cryptmethod"] == "b64dec" ? " selected" : "") . ">Base64 Decode</option> \n   <option value=\"crypt\"" . ($_POST["cryptmethod"] == "crypt" ? " selected" : "") . ">DES</option> \n   <option value=\"entityenc\"" . ($_POST["cryptmethod"] == "entityenc" ? " selected" : "") . ">HTML Entities Encode</option> \n   <option value=\"entitydec\"" . ($_POST["cryptmethod"] == "entitydec" ? " selected" : "") . ">HTML Entities Decode</option> \n   <option value=\"md5\"" . ($_POST["cryptmethod"] == "md5" ? " selected" : "") . ">MD5</option>\n   <option value=\"md5md5\"" . ($_POST["cryptmethod"] == "md5md5" ? " selected" : "") . ">MD5(MD5)</option>\n   <option value=\"md5unix\"" . ($_POST["cryptmethod"] == "md5unix" ? " selected" : "") . ">MD5(Unix - \$1\$)</option>\n   <option value=\"md5wp\"" . ($_POST["cryptmethod"] == "md5wp" ? " selected" : "") . ">MD5(WordPress - \$P\$B)</option>\n   <option value=\"md5bb\"" . ($_POST["cryptmethod"] == "md5bb" ? " selected" : "") . ">MD5(PHPBB3 - \$H\$9)</option>\n   <option value=\"md5apr\"" . ($_POST["cryptmethod"] == "md5apr" ? " selected" : "") . ">MD5(APR1 - \$apr1\$)</option>\n   <option value=\"blowfish\"" . ($_POST["cryptmethod"] == "blowfish" ? " selected" : "") . ">Blowfish - \$2a\$</option>\n   <option value=\"sha1\"" . ($_POST["cryptmethod"] == "sha1" ? " selected" : "") . ">SHA1</option>\n   <option value=\"sha256\"" . ($_POST["cryptmethod"] == "sha256" ? " selected" : "") . ">SHA256 - \$5\$</option>\n   <option value=\"sha512\"" . ($_POST["cryptmethod"] == "sha512" ? " selected" : "") . ">SHA512 - \$6\$</option>\n   <option value=\"mysql4\"" . ($_POST["cryptmethod"] == "mysql4" ? " selected" : "") . ">MySQL4</option>\n   <option value=\"mysql5\"" . ($_POST["cryptmethod"] == "mysql5" ? " selected" : "") . ">MySQL5</option>\n   </select> salt: <input type=\"text\" name=\"hash\" size=\"9\" maxlength=\"8\" value=\"" . $hash . "\"> <input type=\"text\" name=\"hash1\" size=\"9\" maxlength=\"8\" value=\"" . $hash1 . "\"> <input type=\"text\" name=\"hash2\" size=\"7\" maxlength=\"6\" value=\"" . $hash2 . "\"> <font color=\"gray\">(salt needed for: md5(unix,wordpress,phpbb3,apr1) - 8 symbols, sha(256,512) - 16 symbols, and blowfish - 22 symbols. ignore these fields if you use other algorithms)</font><br>\n   <input type=\"submit\" name=\"crypt\" value=\"go\"> \n   </form>";
 echo $cryptform;
 if (isset($_POST['crypt'])) {
     $text = $_POST['text'];
     if ($text == '') {
         die("<p>empty form</p>\n" . $pageend . "");
     }
     $hash = $_POST['hash'];
     $hash1 = $_POST['hash1'];
     $hash2 = $_POST['hash2'];
     echo "--><br><textarea cols=\"80\" rows=\"4\">";
     switch ($_POST['cryptmethod']) {
         case "asc2hex":
             $text = asc2hex($text);
<?php 
session_start();
require_once "Mail.php";
include "inc/conn.php";
include "inc/functions.php";
include 'Smarty.class.php';
$q = $dbh->prepare("SELECT tytul FROM film");
$q->execute();
$total = $q->rowCount();
$site = new Smarty();
$site->assign('site_title', 'Baza filmów');
$site->assign('total_cnt', $total);
try {
    if (isset($_POST["login"], $_POST["pass"], $_POST["repass"], $_POST["email"])) {
        if ($_POST["pass"] == $_POST["repass"]) {
            $md5_pass = encPass(genSalt(), $_POST["pass"]);
            $confirm_code = genConfirmCode();
            $query = $dbh->prepare("INSERT INTO users(login,pass,email,aktywny,confirm) VALUES(?,?,?,?,?)");
            $query->execute(array($_POST["login"], $md5_pass, $_POST["email"], 0, $confirm_code));
            sendConfirmURL($_POST["email"], 'newuser', $confirm_code, $_POST["login"], $_POST["pass"]);
            $site->assign('result', 'success');
        } else {
            $site->assign('result', 'fail');
        }
    }
} catch (PDOException $e) {
    echo 'Connection failed: ', $e->getMessage();
}
$site->display('register.tpl');
Exemple #10
0
    echo "connect is fail!";
} else {
    if (strlen($pass) > 0 && strlen($newPass) > 0 && strlen($reNewPass) > 0) {
        $pass = clean($pass);
        $newPass = clean($newPass);
        $reNewPass = clean($reNewPass);
        $return_pass = $dbContoller->selectPassword();
        if ($return_pass) {
            echo $return_pass["salt"];
            $salt = $return_pass["salt"];
            //echo $salt . "<br/>";
            $hash_string = createHash($salt, $pass);
            if ($hash_string == $return_pass["password"]) {
                echo $hash_string;
                if ($newPass == $reNewPass) {
                    $newSalt = genSalt();
                    $newPass = createHash($newSalt, $newPass);
                    $update = $dbContoller->updatePassword($newPass, $newSalt);
                    if ($update) {
                        header("location: index.html");
                    } else {
                        echo "fail";
                    }
                }
                $dbContoller->dbClose();
            } else {
                echo "Pass invalid...";
            }
        } else {
            echo "Connect is fail....";
        }