function compare_passwords($plain, $hashed)
{
// Backwards compatibility
if (strpos($hashed, ':') === false) {
return secure_compare(md5($plain), $hashed);
}
return secure_compare(salted_hash($plain, $hashed), $hashed);
}
/**
* Determine if the password is correct and salt it if it hasn't been already
*
* @param string $userID The user ID to check the password against
* @param string $passwd The password the visitor sent
*
* @return bool True if password was correct and properly salted, otherwise false
*/
function valid_passwd($userID, $passwd)
{
$dbh = DB::connect();
if ($passwd == "") {
return false;
}
/* Get salt for this user. */
$salt = get_salt($userID);
if ($salt) {
$q = "SELECT ID FROM Users ";
$q .= "WHERE ID = " . $userID . " ";
$q .= "AND Passwd = " . $dbh->quote(salted_hash($passwd, $salt));
$result = $dbh->query($q);
if (!$result) {
return false;
}
$row = $result->fetch(PDO::FETCH_NUM);
return $row[0] > 0;
} else {
/* Check password without using salt. */
$q = "SELECT ID FROM Users ";
$q .= "WHERE ID = " . $userID . " ";
$q .= "AND Passwd = " . $dbh->quote(md5($passwd));
$result = $dbh->query($q);
if (!$result) {
return false;
}
$row = $result->fetch(PDO::FETCH_NUM);
if (!$row[0]) {
return false;
}
/* Password correct, but salt it first! */
if (!save_salt($userID, $passwd)) {
trigger_error("Unable to salt user's password;" . " ID " . $userID, E_USER_WARNING);
return false;
}
return true;
}
}
exit;
}
$error = 0;
$current_user_password = trim($HTTP_POST_VARS['current_user_password']);
$user_password = trim($HTTP_POST_VARS['user_password']);
$user_password2 = trim($HTTP_POST_VARS['user_password2']);
if (!compare_passwords($current_user_password, $user_info['user_password'])) {
$msg .= ($msg != "" ? "<br />" : "") . $lang['update_password_error'];
$error = 1;
}
if ($user_password != $user_password2 || $user_password == "") {
$msg .= ($msg != "" ? "<br />" : "") . $lang['update_password_confirm_error'];
$error = 1;
}
if (!$error) {
$user_password_hashed = salted_hash($user_password);
$sql = "UPDATE " . USERS_TABLE . "\n SET " . get_user_table_field("", "user_password") . " = '" . $user_password_hashed . "'\n WHERE " . get_user_table_field("", "user_id") . " = " . $user_info['user_id'];
$site_db->query($sql);
$msg = $lang['update_password_success'];
$user_info = $site_sess->load_user_info($user_info['user_id']);
}
$action = "editprofile";
}
if ($action == "editprofile") {
$txt_clickstream = $lang['control_panel'];
if ($user_info['user_level'] == GUEST) {
show_error_page($lang['no_permission']);
exit;
}
$user_name = $user_info['user_name'];
if (!$update_process) {
if (empty($cont)) {
$error_log[] = "Could not load: " . $db_file;
}
if (empty($error_log)) {
$cont = preg_replace('/4images_/', $table_prefix, $cont);
$pieces = split_sql_dump($cont);
for ($i = 0; $i < sizeof($pieces); $i++) {
$sql = trim($pieces[$i]);
if (!empty($sql) and $sql[0] != "#") {
if (!$site_db->query($sql)) {
$error_log[] = $sql;
}
}
}
include ROOT_PATH . 'includes/security_utils.php';
$admin_pass_hashed = salted_hash($admin_password);
$current_time = time();
$sql = "UPDATE " . $table_prefix . "users\n SET user_name = '{$admin_user}', user_password = '******', user_joindate = {$current_time}, user_lastaction = {$current_time}, user_lastvisit = {$current_time}\n WHERE user_name = 'admin'";
if (!$site_db->query($sql)) {
$error_log[] = $sql;
}
$sql = "UPDATE " . $table_prefix . "settings\n SET setting_value = '{$install_lang}'\n WHERE setting_name = 'language_dir'";
if (!$site_db->query($sql)) {
$error_log[] = $sql;
}
}
if (empty($error_log)) {
$config_file = '<?php' . "\n";
$config_file .= '/**************************************************************************' . "\n";
$config_file .= ' * *' . "\n";
$config_file .= ' * 4images - A Web Based Image Gallery Management System *' . "\n";
/**
* Save a user's salted password in the database
*
* @param string $user_id The user ID of the user who is salting their password
* @param string $passwd The password of the user logging in
*/
function save_salt($user_id, $passwd)
{
$dbh = DB::connect();
$salt = generate_salt();
$hash = salted_hash($passwd, $salt);
$q = "UPDATE Users SET Salt = " . $dbh->quote($salt) . ", ";
$q .= "Passwd = " . $dbh->quote($hash) . " WHERE ID = " . $user_id;
return $dbh->exec($q);
}
$password = $_POST['password'];
$confirm = $_POST['confirm'];
$uid = uid_from_email($email);
if (empty($email) || empty($password)) {
$error = __('Missing a required field.');
} elseif ($password != $confirm) {
$error = __('Password fields do not match.');
} elseif (!good_passwd($password)) {
$length_min = config_get_int('options', 'passwd_min_len');
$error = __("Your password must be at least %s characters.", $length_min);
} elseif ($uid == null) {
$error = __('Invalid e-mail.');
}
if (empty($error)) {
$salt = generate_salt();
$hash = salted_hash($password, $salt);
$error = password_reset($hash, $salt, $resetkey, $email);
}
} elseif (isset($_POST['email'])) {
$email = $_POST['email'];
$username = username_from_id(uid_from_email($email));
if (empty($email)) {
$error = __('Missing a required field.');
} else {
send_resetkey($email);
header('Location: ' . get_uri('/passreset/') . '?step=confirm');
exit;
}
}
$step = isset($_GET['step']) ? $_GET['step'] : NULL;
html_header(__("Password Reset"));
