function prooveOldPassword($form) { if ($form->fields["newpassword1"]->getValue() != $form->fields["newpassword2"]->getValue()) { $form->fields["newpassword1"]->setError(" "); $form->fields["newpassword2"]->setError(t("password.does.not.match.the.previous")); return false; } if (isset($form->fields["password"]) && $form->fields["newpassword1"]->getValue() == $form->fields["password"]->getValue()) { $form->fields["newpassword1"]->setError(t("please.take.new.password")); return false; } $res = db_query("select * from {cdb_person} where id=:id", array(":id" => $_SESSION["user"]->id)); $ret = $res->fetch(); if (isset($form->fields["password"]) && !user_check_password($form->fields["password"], $ret)) { $form->fields["password"]->setError(t("password.is.incorrect")); } else { $scrambled_password = scramble_password($form->fields["newpassword1"]->getValue()); $res = db_query("update {cdb_person} set password=:password where id=:id", array(":id" => $_SESSION["user"]->id, ":password" => $scrambled_password)); $oldpwd = $_SESSION["user"]->password; addInfoMessage(t("password.changes.successfully")); // There is no old password? Then the person logged in with a loginstr and now has to be forwarded to home if ($oldpwd == null) { header("Location: ?q=home"); } } }
function comparepassword($password, $saved) { require_once DRUPAL_ROOT . '/includes/password.inc'; $account = new Object(); $account->pass = $saved; return user_check_password($password, $account); }
/** * Checking site administrator's username and password. */ function check_username_password() { $sitename = variable_get('site_name', "Default site name"); $usernames = array('admin', 'admin123', 'siteadmin', 'siteadmin123', $sitename); $query = db_select('users', 'u')->fields('u', array('name'))->condition('u.uid', 1)->execute()->fetchAssoc(); if (in_array($query['name'], $usernames)) { $data = "<li><b>Error </b>Change site administrator's username ie <b>" . $query['name'] . "</b></li>"; fwrite($GLOBALS['createdFile'], $data); } $passwords = array('admin', 'admin123', 'siteadmin', 'siteadmin123', $sitename); $passwords[] = $query['name']; $account = user_load_by_name($query['name']); foreach ($passwords as $password) { $pass = user_check_password($password, $account); if ($pass == TRUE) { $data = "<li><b>Error </b>Need to change site administrator's password immediately.</li>"; fwrite($GLOBALS['createdFile'], $data); break; } } }
/** * Authenticate the user against the drupal db * * @param string $name the user name * @param string $password the password for the above user name * @param boolean $loadCMSBootstrap load cms bootstrap? * @param NULL|string $realPath filename of script * * @return mixed false if no auth * array( * contactID, ufID, unique string ) if success * @access public */ static function authenticate($name, $password, $loadCMSBootstrap = FALSE, $realPath = NULL) { require_once 'DB.php'; $config = CRM_Core_Config::singleton(); $dbDrupal = DB::connect($config->userFrameworkDSN); if (DB::isError($dbDrupal)) { CRM_Core_Error::fatal("Cannot connect to drupal db via {$config->userFrameworkDSN}, " . $dbDrupal->getMessage()); } $account = $userUid = $userMail = NULL; if ($loadCMSBootstrap) { $bootStrapParams = array(); if ($name && $password) { $bootStrapParams = array('name' => $name, 'pass' => $password); } CRM_Utils_System::loadBootStrap($bootStrapParams, TRUE, TRUE, $realPath); global $user; if ($user) { $userUid = $user->uid; $userMail = $user->mail; } } else { // CRM-8638 // SOAP cannot load drupal bootstrap and hence we do it the old way // Contact CiviSMTP folks if we run into issues with this :) $cmsPath = $config->userSystem->cmsRootPath($realPath); require_once "{$cmsPath}/includes/bootstrap.inc"; require_once "{$cmsPath}/includes/password.inc"; $strtolower = function_exists('mb_strtolower') ? 'mb_strtolower' : 'strtolower'; $name = $dbDrupal->escapeSimple($strtolower($name)); $sql = "\nSELECT u.*\nFROM {$config->userFrameworkUsersTableName} u\nWHERE LOWER(u.name) = '{$name}'\nAND u.status = 1\n"; $query = $dbDrupal->query($sql); $row = $query->fetchRow(DB_FETCHMODE_ASSOC); if ($row) { $fakeDrupalAccount = drupal_anonymous_user(); $fakeDrupalAccount->name = $name; $fakeDrupalAccount->pass = $row['pass']; $passwordCheck = user_check_password($password, $fakeDrupalAccount); if ($passwordCheck) { $userUid = $row['uid']; $userMail = $row['mail']; } } } if ($userUid && $userMail) { CRM_Core_BAO_UFMatch::synchronizeUFMatch($account, $userUid, $userMail, 'Drupal'); $contactID = CRM_Core_BAO_UFMatch::getContactId($userUid); if (!$contactID) { return FALSE; } return array($contactID, $userUid, mt_rand()); } return FALSE; }
function user_change_email($post) { $r = sql_fetch_array(sql_query("SELECT user_name FROM users WHERE user_id = " . $_SESSION['user_id'] . " LIMIT 1")); $login = $r['user_name']; $email = strtolower(trim($post['email'])); if (is_user_openid($_SESSION['user_id']) || user_check_password($login, $post['passwd'])) { if (is_valid_email($email)) { $res = sql_pe("SELECT user_id FROM users WHERE user_email=? LIMIT 1", array($email)); if (sizeof($res) > 0) { return 4; } sql_pe("UPDATE `users` SET `user_email`=? WHERE `user_id`=? LIMIT 1", array($email, $_SESSION['user_id'])); return 1; } else { return 3; } } else { return 2; } }
if (isset($_GET['all_forms'])) { $all_forms = (bool) $_GET['all_forms']; } else { $all_forms = false; } $answer['answer'] = get_search_results($_GET['query'], !$all_forms); foreach ($answer['answer']['results'] as &$res) { $parts = array(); foreach (get_book_parents($res['book_id'], true) as $p) { $parts[] = $p['title']; } $res['text_fullname'] = join(': ', array_reverse($parts)); } break; case 'login': $user_id = user_check_password($_POST['login'], $_POST['password']); if ($user_id) { $token = remember_user($user_id, false, false); $answer['answer'] = array('user_id' => $user_id, 'token' => $token); } else { $answer['error'] = 'Incorrect login or password'; } break; case 'get_available_morph_tasks': $answer['answer'] = array('tasks' => get_available_tasks($user_id, true)); break; case 'get_morph_task': if (empty($_POST['pool_id']) || empty($_POST['size'])) { throw new UnexpectedValueException("Wrong args"); } // timeout is in seconds
function prooveLogin($form) { $res = db_query("select * from {cdb_person} where (email=:email or cmsuserid=:email or id=:email) and archiv_yn=0", array(":email" => $form->fields["email"]->getValue())); $account_inactive = false; $account_errorcountlogin = false; $wrong_email = true; // Hier ist eine Schleife, da E-Mail-Adressen von Familienmitgliedern mehrfach benutzt werden k�nnen. foreach ($res as $ret) { $wrong_email = false; if ($ret->loginerrorcount > 6) { $account_errorcountlogin = true; } else { if (user_check_password($form->fields["password"]->getValue(), $ret)) { if ($ret->active_yn == 0) { $account_inactive = true; } else { if (!isset($form->fields["rememberMe"])) { login_user($ret, false); } else { login_user($ret, $form->fields["rememberMe"]->getValue()); } return null; } } else { db_query("update {cdb_person} set loginerrorcount=loginerrorcount+1 where id={$ret->id}"); } } } if ($wrong_email) { $form->fields["email"]->setError(t('email.or.username.unknown')); ct_log("Login failed: wrong email " . $form->fields["email"]->getValue(), 2, "-1", "login"); return false; } else { if ($account_inactive) { $form->fields["email"]->setError(t('account.was.locked')); ct_log("Login failed: Access locked " . $form->fields["email"]->getValue(), 1, "-1", "login"); return false; } else { if ($account_errorcountlogin) { $form->fields["email"]->setError(t('account.was.locked.cause.of.to.many.trials')); ct_log("Login failed: To many trials " . $form->fields["email"]->getValue(), 1, "-1", "login"); return false; } else { $form->fields["password"]->setError(t('wrong.password') . ' <a href="#" id="newpwd">' . t('forgot.password') . '</a>'); ct_log("Login failed: " . $form->fields["email"]->getValue() . " wrong password", 2, "-1", "login"); return false; } } } }
/** * validate login form * TODO: is there a difference between returning false or null? * @param CTForm $form * @return bool or null? */ function validateLogin($form) { $res = db_query("SELECT * FROM {cdb_person}\n WHERE (email=:email OR cmsuserid=:email OR id=:email) AND archiv_yn=0", array(":email" => $form->fields["email"]->getValue())); $accountInactive = false; $tooMuchLogins = false; $wrongEmail = true; // foreach because family emails may be used for more then one user foreach ($res as $u) { $wrongEmail = false; if ($u->loginerrorcount > 6) { $tooMuchLogins = true; } else { if (user_check_password($form->fields["password"]->getValue(), $u)) { if (!$u->active_yn) { $accountInactive = true; } else { login_user($u, isset($form->fields["rememberMe"]) ? $form->fields["rememberMe"]->getValue() : false); return null; } } else { db_query("UPDATE {cdb_person} SET loginerrorcount=loginerrorcount+1\n WHERE id=:id", array(':id' => $u->id)); } } } if ($wrongEmail) { $form->fields["email"]->setError(t('email.or.username.unknown')); ct_log("Login failed: wrong email " . $form->fields["email"]->getValue(), 2, "-1", "login"); return false; } else { if ($accountInactive) { $form->fields["email"]->setError(t('account.was.locked')); ct_log("Login failed: Access locked " . $form->fields["email"]->getValue(), 1, "-1", "login"); return false; } else { if ($tooMuchLogins) { $form->fields["email"]->setError(t('account.was.locked.cause.of.to.many.trials')); ct_log("Login failed: To many trials " . $form->fields["email"]->getValue(), 1, "-1", "login"); return false; } else { $form->fields["password"]->setError(t('wrong.password') . ' <a href="#" id="newpwd">' . t('forgot.password') . '</a>'); ct_log("Login failed: " . $form->fields["email"]->getValue() . " wrong password", 2, "-1", "login"); return false; } } } }
/** * Handle login request. * * @return the url to display when complete. */ function command_login() { global $esc_post; //Check to see if there was an @ sign in the 'username'. This will signify that the user //probably entered their email, and not their username. if (strpos($_POST['username'], "@") === False) { //there is not an "@" in the 'username', so we will assume the user entered their username $user_opts = array('filter' => array('username' => $_POST['username'])); $users = user_data($user_opts); } else { //There was an "@" in the 'username',so we will assume the user entered their email address $user_opts = array('filter' => array('email' => $_POST['username'])); $users = user_data($user_opts); } // Check for user if (sizeof($users) < 1) { error_register('No user found'); error_register('Invalid username/password'); $next = crm_url('login'); return; } // Check password $user = $users[0]; $valid = user_check_password($_POST['password'], $user); if ($valid) { user_login($user['cid']); $next = crm_url(); } else { error_register('Invalid username/password'); $next = crm_url('login'); } // Redirect to index return $next; }
public function checkUserCredentials($username, $password) { $account = user_load_by_name($username); if (!$account) { // An email address might have been supplied instead of the username. $account = user_load_by_mail($username); } if ($account && $account->status) { require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); return user_check_password($password, $account); } return FALSE; }