/** * @param InputInterface $input * @param OutputInterface $output * @throws \Exception * @return int|void */ protected function execute(InputInterface $input, OutputInterface $output) { $this->detectContao($output); if ($this->initContao()) { $dialog = $this->getHelperSet()->get('dialog'); if (($id = $input->getArgument('id')) == null) { $id = $dialog->ask($output, '<question>Username or Email:</question>'); } $user = \UserModel::findBy('username', $id); if (!$user) { $user = \UserModel::findBy('email', $id); } if (!$user) { $output->writeln('<error>User was not found</error>'); return; } // Password if (($password = $input->getArgument('password')) == null) { $password = $dialog->ask($output, '<question>Password:</question>'); } try { $user->password = \Encryption::hash($password); $user->save(); $output->writeln('<info>Password successfully changed</info>'); } catch (\Exception $e) { $output->writeln('<error>' . $e->getMessage() . '</error>'); } } }
/** * @param \Symfony\Component\Console\Input\InputInterface $input * @param \Symfony\Component\Console\Output\OutputInterface $output * @return int|void */ protected function execute(InputInterface $input, OutputInterface $output) { $this->detectContao($output, true); if ($this->initContao()) { // Username if (($username = $input->getArgument('username')) === null) { $dialog = $this->getHelperSet()->get('dialog'); $username = $dialog->ask($output, '<question>Username:</question>'); } // Email if (($email = $input->getArgument('email')) === null) { $dialog = $this->getHelperSet()->get('dialog'); $email = $dialog->ask($output, '<question>Email:</question>'); } // Password if (($password = $input->getArgument('password')) === null) { $dialog = $this->getHelperSet()->get('dialog'); $password = $dialog->ask($output, '<question>Password:</question>'); } // Name if (($name = $input->getArgument('name')) === null) { $dialog = $this->getHelperSet()->get('dialog'); $name = $dialog->ask($output, '<question>Name:</question>'); } // create new user $user = new \UserModel(); $user->setRow(array('username' => $username, 'name' => $name, 'email' => $email, 'password' => \Encryption::hash($password), 'admin' => 1))->save(); $user->save(); $output->writeln('<info>User <comment>' . $username . '</comment> successfully created</info>'); } }
/** * Run the controller and parse the password template */ public function run() { /** @var \BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_password'); if (\Input::post('FORM_SUBMIT') == 'tl_password') { $pw = \Input::postUnsafeRaw('password'); $cnf = \Input::postUnsafeRaw('confirm'); // The passwords do not match if ($pw != $cnf) { \Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']); } elseif (utf8_strlen($pw) < \Config::get('minPasswordLength')) { \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength'))); } elseif ($pw == $this->User->username) { \Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']); } else { // Make sure the password has been changed if (\Encryption::verify($pw, $this->User->password)) { \Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']); } else { $this->loadDataContainer('tl_user'); // Trigger the save_callback if (is_array($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'])) { foreach ($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $pw = $this->{$callback[0]}->{$callback[1]}($pw); } elseif (is_callable($callback)) { $pw = $callback($pw); } } } $objUser = \UserModel::findByPk($this->User->id); $objUser->pwChange = ''; $objUser->password = \Encryption::hash($pw); $objUser->save(); \Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']); $this->redirect('' . $GLOBALS['TL_CONFIG']['backendPath'] . '/main.php'); } } $this->reload(); } $objTemplate->theme = \Backend::getTheme(); $objTemplate->messages = \Message::generate(); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->headline = $GLOBALS['TL_LANG']['MSC']['pw_change']; $objTemplate->submitButton = specialchars($GLOBALS['TL_LANG']['MSC']['continue']); $objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0]; $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0]; $objTemplate->output(); }
/** * Run the controller and parse the password template */ public function run() { $this->Template = new BackendTemplate('be_password'); if (Input::post('FORM_SUBMIT') == 'tl_password') { $pw = Input::post('password', true); $cnf = Input::post('confirm', true); // The passwords do not match if ($pw != $cnf) { Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']); } elseif (utf8_strlen($pw) < $GLOBALS['TL_CONFIG']['minPasswordLength']) { Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], $GLOBALS['TL_CONFIG']['minPasswordLength'])); } elseif ($pw == $this->User->username) { Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']); } else { // Make sure the password has been changed if (crypt($pw, $this->User->password) == $this->User->password) { Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']); } else { $objUser = UserModel::findByPk($this->User->id); $objUser->pwChange = ''; $objUser->password = Encryption::hash($pw); $objUser->save(); Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']); $this->redirect('contao/main.php'); } } $this->reload(); } $this->Template->theme = $this->getTheme(); $this->Template->messages = Message::generate(); $this->Template->base = Environment::get('base'); $this->Template->language = $GLOBALS['TL_LANGUAGE']; $this->Template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']); $this->Template->charset = $GLOBALS['TL_CONFIG']['characterSet']; $this->Template->action = ampersand(Environment::get('request')); $this->Template->headline = $GLOBALS['TL_LANG']['MSC']['pw_change']; $this->Template->submitButton = specialchars($GLOBALS['TL_LANG']['MSC']['continue']); $this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0]; $this->Template->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0]; $this->Template->output(); }
/** * @param null $dc * @throws \Exception */ public function setAutoPassword($dc = null) { // Front end call if (!$dc instanceof \DataContainer) { return; } if ($this->isDisabledAccountMail($dc)) { return; } $intId = $dc->id; if (\Input::get('act') == 'overrideAll' && \Input::get('fields') && $intId === null) { // Define indicator for given or not given password on overrideAll mode if (!isset($GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'])) { $strPassword = $this->getPostPassword(); $GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'] = $strPassword == '' || $strPassword == '*****' ? true : false; if ($GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'] === true) { // Set password, that no error occurs with "password not set" $strNewPassword = substr(str_shuffle('abcdefghkmnpqrstuvwxyzABCDEFGHKMNOPQRSTUVWXYZ0123456789'), 0, 8); $this->setPostPassword($strNewPassword); } \Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']); } return; } $strPassword = $this->getPostPassword($intId); if ($strPassword !== null && $strPassword == '') { $strModel = \Model::getClassFromTable($dc->table); $objAccount = $strModel::findByPk($intId); if ($objAccount !== null) { $strNewPassword = substr(str_shuffle('abcdefghkmnpqrstuvwxyzABCDEFGHKMNOPQRSTUVWXYZ0123456789'), 0, 8); $this->setPostPassword($strNewPassword, $intId); \Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']); $objAccount->password = \Encryption::hash($strNewPassword); $objAccount->save(); } } }
/** * Create an admin user */ protected function createAdminUser() { try { $objAdmin = $this->Database->execute("SELECT COUNT(*) AS count FROM tl_user WHERE admin=1"); if ($objAdmin->count > 0) { $this->Template->adminCreated = true; } elseif (\Input::post('FORM_SUBMIT') == 'tl_admin') { // Do not allow special characters in usernames if (preg_match('/[#()\\/<=>]/', \Input::post('username', true))) { $this->Template->usernameError = $GLOBALS['TL_LANG']['ERR']['extnd']; } elseif (strpos(\Input::post('username', true), ' ') !== false) { $this->Template->usernameError = sprintf($GLOBALS['TL_LANG']['ERR']['noSpace'], $GLOBALS['TL_LANG']['MSC']['username']); } elseif (!\Validator::isEmail(\Input::post('email', true))) { $this->Template->emailError = $GLOBALS['TL_LANG']['ERR']['email']; } elseif (\Input::post('pass', true) != \Input::post('confirm_pass', true)) { $this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordMatch']; } elseif (utf8_strlen(\Input::post('pass', true)) < \Config::get('minPasswordLength')) { $this->Template->passwordError = sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')); } elseif (\Input::post('pass', true) == \Input::post('username', true)) { $this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordName']; } elseif (\Input::post('name') != '' && \Input::post('email', true) != '' && \Input::post('username', true) != '') { $time = time(); $strPassword = \Encryption::hash(\Input::post('pass', true)); $this->Database->prepare("INSERT INTO tl_user (tstamp, name, email, username, password, language, backendTheme, admin, showHelp, useRTE, useCE, thumbnails, dateAdded) VALUES ({$time}, ?, ?, ?, ?, ?, ?, 1, 1, 1, 1, 1, {$time})")->execute(\Input::post('name'), \Input::post('email', true), \Input::post('username', true), $strPassword, str_replace('-', '_', $GLOBALS['TL_LANGUAGE']), \Config::get('backendTheme')); \Config::persist('adminEmail', \Input::post('email', true)); // Scan the upload folder (see #6134) if ($this->Database->tableExists('tl_files') && $this->Database->query("SELECT COUNT(*) AS count FROM tl_files")->count < 1) { $this->import('Database\\Updater', 'Updater'); $this->Updater->scanUploadFolder(); } $this->reload(); } $this->Template->adminName = \Input::post('name'); $this->Template->adminEmail = \Input::post('email', true); $this->Template->adminUser = \Input::post('username', true); } } catch (\Exception $e) { $this->Template->adminCreated = false; } }
public static function updatePersonalInfo($info) { global $CFG; if (!($CFG->session_active && ($CFG->token_verified || $CFG->email_2fa_verified))) { return false; } if (!is_array($info)) { return false; } $update['pass'] = !empty($info['pass']) ? preg_replace($CFG->pass_regex, "", $info['pass']) : false; //$update['first_name'] = preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$info['first_name']); //$update['last_name'] = preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$info['last_name']); //$update['country'] = preg_replace("/[^0-9]/", "",$info['country']); $update['email'] = preg_replace("/[^0-9a-zA-Z@\\.\\!#\$%\\&\\*+_\\~\\?\\-]/", "", $info['email']); $update['default_currency'] = preg_replace("/[^0-9]/", "", $info['default_currency']); if (!$update['pass']) { unset($update['pass']); } if (!empty($update['pass']) && mb_strlen($update['pass'], 'utf-8') < $CFG->pass_min_chars || !$update['email']) { return false; } self::deleteCache(); if ($CFG->session_id) { $sql = "DELETE FROM sessions WHERE user_id = " . User::$info['id'] . " AND session_id != {$CFG->session_id}"; db_query($sql); $sql = "DELETE FROM change_settings WHERE site_user = " . User::$info['id']; db_query($sql); } if (!empty($update['pass'])) { $update['pass'] = Encryption::hash($update['pass']); } return db_update('site_users', User::$info['id'], $update); }
protected function createNewUser($arrData) { $arrData['tstamp'] = time(); $arrData['login'] = $this->reg_allowLogin; $arrData['activation'] = md5(uniqid(mt_rand(), true)); $arrData['dateAdded'] = $arrData['tstamp']; $pw = $this->getRandomPassword(6); $arrData['password'] = \Encryption::hash($pw["clear"]); $arrData['username'] = strtolower($arrData['email']); $arrData['email'] = strtolower($arrData['email']); // Set default groups if (!array_key_exists('groups', $arrData)) { $arrData['groups'] = $this->reg_groups; } // // Disable account // $arrData['disable'] = 1; // Send activation e-mail if ($this->reg_activate) { $arrChunks = array(); $strConfirmation = $this->reg_text; preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks); foreach ($arrChunks[0] as $strChunk) { $strKey = substr($strChunk, 2, -2); switch ($strKey) { case 'domain': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation); break; case 'gen_pw': $strConfirmation = str_replace($strChunk, $pw["clear"], $strConfirmation); break; case 'link': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $arrData['activation'], $strConfirmation); break; // HOOK: support newsletter subscriptions // HOOK: support newsletter subscriptions case 'channel': case 'channels': if (!in_array('newsletter', \ModuleLoader::getActive())) { break; } // Make sure newsletter is an array if (!is_array($arrData['newsletter'])) { if ($arrData['newsletter'] != '') { $arrData['newsletter'] = array($arrData['newsletter']); } else { $arrData['newsletter'] = array(); } } // Replace the wildcard if (!empty($arrData['newsletter'])) { $objChannels = \NewsletterChannelModel::findByIds($arrData['newsletter']); if ($objChannels !== null) { $strConfirmation = str_replace($strChunk, implode("\n", $objChannels->fetchEach('title')), $strConfirmation); } } else { $strConfirmation = str_replace($strChunk, '', $strConfirmation); } break; default: $strConfirmation = str_replace($strChunk, $arrData[$strKey], $strConfirmation); break; } } $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['emailSubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $strConfirmation; $objEmail->sendTo($arrData['email']); } // Make sure newsletter is an array if (isset($arrData['newsletter']) && !is_array($arrData['newsletter'])) { $arrData['newsletter'] = array($arrData['newsletter']); } // Create the user $objNewUser = new \MemberModel(); $objNewUser->setRow($arrData); $objNewUser->save(); $insertId = $objNewUser->id; // Assign home directory if ($this->reg_assignDir) { $objHomeDir = \FilesModel::findByUuid($this->reg_homeDir); if ($objHomeDir !== null) { $this->import('Files'); $strUserDir = standardize($arrData['username']) ?: 'user_' . $insertId; // Add the user ID if the directory exists while (is_dir(TL_ROOT . '/' . $objHomeDir->path . '/' . $strUserDir)) { $strUserDir .= '_' . $insertId; } // Create the user folder new \Folder($objHomeDir->path . '/' . $strUserDir); $objUserDir = \FilesModel::findByPath($objHomeDir->path . '/' . $strUserDir); // Save the folder ID $objNewUser->assignDir = 1; $objNewUser->homeDir = $objUserDir->uuid; $objNewUser->save(); } } // HOOK: send insert ID and user data if (isset($GLOBALS['TL_HOOKS']['createNewUser']) && is_array($GLOBALS['TL_HOOKS']['createNewUser'])) { foreach ($GLOBALS['TL_HOOKS']['createNewUser'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($insertId, $arrData, $this); } } // Inform admin if no activation link is sent if (!$this->reg_activate) { $this->sendAdminNotification($insertId, $arrData); } // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
/** * Validate input and set value * * @param mixed $varInput * * @return string */ protected function validator($varInput) { $this->blnSubmitInput = false; if (($varInput == '' || $varInput == '*****') && $this->varValue != '') { return '*****'; } if (utf8_strlen($varInput) < \Config::get('minPasswordLength')) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength'))); } if ($varInput != $this->getPost($this->strName . '_confirm')) { $this->addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']); } if ($varInput == $GLOBALS['TL_USERNAME']) { $this->addError($GLOBALS['TL_LANG']['ERR']['passwordName']); } $varInput = parent::validator($varInput); if (!$this->hasErrors()) { $this->blnSubmitInput = true; \Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']); return \Encryption::hash($varInput); } return ''; }
/** * Try to login the current user * * @return boolean True if the user could be logged in */ public function login() { \System::loadLanguageFile('default'); // Do not continue if username or password are missing if (empty($_POST['username']) || empty($_POST['password'])) { return false; } // Load the user object if ($this->findBy('username', \Input::post('username', true)) == false) { $blnLoaded = false; // HOOK: pass credentials to callback functions if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) { foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) { $this->import($callback[0], 'objImport', true); $blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable); // Load successfull if ($blnLoaded === true) { break; } } } // Return if the user still cannot be loaded if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) { \Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']); $this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS); return false; } } $time = time(); // Set the user language if (\Input::post('language')) { $this->language = \Input::post('language'); } // Lock the account if there are too many login attempts if ($this->loginCount < 1) { $this->locked = $time; $this->loginCount = \Config::get('loginCount'); $this->save(); // Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444) $this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS); \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60))); // Send admin notification if (\Config::get('adminEmail') != '') { $objEmail = new \Email(); $objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0]; $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60)); $objEmail->sendTo(\Config::get('adminEmail')); } return false; } // Check the account status if ($this->checkAccountStatus() == false) { return false; } // The password has been generated with crypt() if (\Encryption::test($this->password)) { $blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password); } else { list($strPassword, $strSalt) = explode(':', $this->password); $blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password')); // Store a SHA-512 encrpyted version of the password if ($blnAuthenticated) { $this->password = \Encryption::hash(\Input::postUnsafeRaw('password')); } } // HOOK: pass credentials to callback functions if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) { foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) { $this->import($callback[0], 'objAuth', true); $blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this); // Authentication successfull if ($blnAuthenticated === true) { break; } } } // Redirect if the user could not be authenticated if (!$blnAuthenticated) { --$this->loginCount; $this->save(); \Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']); $this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS); return false; } $this->setUserFromDb(); // Update the record $this->lastLogin = $this->currentLogin; $this->currentLogin = $time; $this->loginCount = \Config::get('loginCount'); $this->save(); // Generate the session $this->generateSession(); $this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS); // HOOK: post login callback if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) { foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) { $this->import($callback[0], 'objLogin', true); $this->objLogin->{$callback[1]}($this); } } return true; }
/** * Validate input and set value * * @param mixed $varInput The user input * * @return mixed The validated user input */ protected function validator($varInput) { $this->blnSubmitInput = false; if (!strlen($varInput) && (strlen($this->varValue) || !$this->mandatory)) { return ''; } if (utf8_strlen($varInput) < \Config::get('minPasswordLength')) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength'))); } if ($varInput != $this->getPost($this->strName . '_confirm')) { $this->addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']); } $varInput = parent::validator($varInput); if (!$this->hasErrors()) { $this->blnSubmitInput = true; return \Encryption::hash($varInput); } return ''; }
protected function registerUser($username) { if (utf8_strlen(\Input::post('password')) < \Config::get('minPasswordLength')) { $_SESSION['LOGIN_ERROR'] = sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')); return; } $arrData = array('username' => $username, 'password' => \Encryption::hash(\Input::post('password')), 'email' => $username); // clean up previous registrations if (($objMember = MemberPlusMemberModel::findInactiveByUsername($username)) !== null) { $objMember->delete(); } // user with this username already exists if (($objMember = MemberPlusMemberModel::findBy('username', $username)) !== null) { $_SESSION['LOGIN_ERROR'] = $GLOBALS['TL_LANG']['MSC']['usernameTaken']; return; } $_SESSION['LOGIN_INFO'] = sprintf($GLOBALS['TL_LANG']['MSC']['activationEmailSent'], $username); $this->createNewUser($arrData); }
/** * Create an admin user */ protected function createAdminUser() { try { $objAdmin = $this->Database->execute("SELECT COUNT(*) AS count FROM tl_user WHERE admin=1"); if ($objAdmin->count > 0) { $this->Template->adminCreated = true; } elseif (Input::post('FORM_SUBMIT') == 'tl_admin') { // Do not allow special characters in usernames if (preg_match('/[#\\(\\)\\/<=>]/', Input::post('username', true))) { $this->Template->usernameError = $GLOBALS['TL_LANG']['ERR']['extnd']; } elseif (strpos(Input::post('username', true), ' ') !== false) { $this->Template->usernameError = sprintf($GLOBALS['TL_LANG']['ERR']['noSpace'], $GLOBALS['TL_LANG']['MSC']['username']); } elseif (Input::post('pass', true) != Input::post('confirm_pass', true)) { $this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordMatch']; } elseif (utf8_strlen(Input::post('pass', true)) < $GLOBALS['TL_CONFIG']['minPasswordLength']) { $this->Template->passwordError = sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], $GLOBALS['TL_CONFIG']['minPasswordLength']); } elseif (Input::post('pass', true) == Input::post('username', true)) { $this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordName']; } elseif (Input::post('name') != '' && Input::post('email', true) != '' && Input::post('username', true) != '') { $time = time(); $strPassword = Encryption::hash(Input::post('pass', true)); $this->Database->prepare("INSERT INTO tl_user (tstamp, name, email, username, password, admin, showHelp, useRTE, useCE, thumbnails, dateAdded) VALUES ({$time}, ?, ?, ?, ?, 1, 1, 1, 1, 1, {$time})")->execute(Input::post('name'), Input::post('email', true), Input::post('username', true), $strPassword); $this->Config->update("\$GLOBALS['TL_CONFIG']['adminEmail']", Input::post('email', true)); // Scan the upload folder $this->import('Database\\Updater', 'Updater'); $this->Updater->scanUploadFolder(); $this->reload(); } $this->Template->adminName = Input::post('name'); $this->Template->adminEmail = Input::post('email', true); $this->Template->adminUser = Input::post('username', true); } } catch (Exception $e) { $this->Template->adminCreated = false; } }
public static function savePassword($info) { global $CFG; if (!$CFG->session_active || !is_array($info)) { return false; } $status = false; $errors = array(); $error_fields = array(); $invalid_login = false; $info['pass'] = preg_replace($CFG->pass_regex, '', $info['pass']); $info['pass1'] = preg_replace($CFG->pass_regex, '', $info['pass1']); $info['current_pass'] = preg_replace($CFG->pass_regex, '', $info['current_pass']); $invalid_pass = !Encryption::verify_hash($info['current_pass'], User::$info['pass']); if ($invalid_pass) { $errors[] = 'Su contraseña actual no es la correcta.'; $error_fields[] = 'current_pass'; } if (!empty($info['pass']) && $info['pass'] != $info['pass1']) { $errors[] = 'La contraseña no es idéntica a su verificación.'; $error_fields[] = 'pass'; $error_fields[] = 'pass1'; } if (empty($info['pass']) || mb_strlen($info['pass'], 'utf-8') < $CFG->pass_min_chars) { $errors[] = 'Su contraseña debe tener más de ' . $CFG->pass_min_chars . ' caracteres.'; $error_fields[] = 'pass'; } if (count($errors) > 0) { return array('errors' => $errors, 'error_fields' => $error_fields); } db_update('site_users', User::$info['id'], array('pass' => Encryption::hash($info['pass']))); $email = SiteEmail::getRecord('update-password'); Email::send($CFG->contact_email, $info['email'], $email['title'], $CFG->form_email_from, false, $email['content'], $info); return array('messages' => array('¡Su contraseña ha sido actualizada!')); }