Exemple #1
0
 static function doUpdatePassword()
 {
     global $zdbh;
     global $controller;
     runtime_csfr::Protect();
     $currentuser = ctrl_users::GetUserDetail();
     $current_pass = $controller->GetControllerRequest('FORM', 'inCurPass');
     $newpass = $controller->GetControllerRequest('FORM', 'inNewPass');
     $conpass = $controller->GetControllerRequest('FORM', 'inConPass');
     $crypto = new runtime_hash();
     $crypto->SetPassword($newpass);
     $randomsalt = $crypto->RandomSalt();
     $crypto->SetSalt($randomsalt);
     $new_secure_password = $crypto->CryptParts($crypto->Crypt())->Hash;
     $sql = $zdbh->prepare("SELECT ac_pass_vc, ac_passsalt_vc FROM x_accounts WHERE ac_id_pk= :uid");
     $sql->bindParam(':uid', $currentuser['userid']);
     $sql->execute();
     $result = $sql->fetch();
     $userpasshash = new runtime_hash();
     $userpasshash->SetPassword($current_pass);
     $userpasshash->SetSalt($result['ac_passsalt_vc']);
     $current_secure_password = $userpasshash->CryptParts($userpasshash->Crypt())->Hash;
     if (fs_director::CheckForEmptyValue($newpass)) {
         // Current password is blank!
         self::$error = "error";
     } elseif ($current_secure_password != $result['ac_pass_vc']) {
         // Current password does not match!
         self::$error = "nomatch";
     } else {
         if ($newpass == $conpass) {
             // Check for password length...
             if (strlen($newpass) < ctrl_options::GetSystemOption('password_minlength')) {
                 self::$badpassword = true;
                 return false;
             }
             // Check that the new password matches the confirmation box.
             $sql = $zdbh->prepare("UPDATE x_accounts SET ac_pass_vc=:new_secure_password, ac_passsalt_vc= :randomsalt WHERE ac_id_pk=:userid");
             $sql->bindParam(':randomsalt', $randomsalt);
             $sql->bindParam(':new_secure_password', $new_secure_password);
             $sql->bindParam(':userid', $currentuser['userid']);
             $sql->execute();
             self::$error = "ok";
         } else {
             self::$error = "error";
         }
     }
 }
Exemple #2
0
 static function CheckCreateForErrors($username, $packageid, $groupid, $email, $password = "")
 {
     global $zdbh;
     $username = strtolower(str_replace(' ', '', $username));
     // Check to make sure the username is not blank or exists before we go any further...
     if (!fs_director::CheckForEmptyValue($username)) {
         $sql = "SELECT COUNT(*) FROM x_accounts WHERE UPPER(ac_user_vc)=:user AND ac_deleted_ts IS NULL";
         $numrows = $zdbh->prepare($sql);
         $user = strtoupper($username);
         $numrows->bindParam(':user', $user);
         if ($numrows->execute()) {
             if ($numrows->fetchColumn() != 0) {
                 self::$alreadyexists = true;
                 return false;
             }
         }
         if (!self::IsValidUserName($username)) {
             self::$badname = true;
             return false;
         }
     } else {
         self::$userblank = true;
         return false;
     }
     // Check to make sure the packagename is not blank and exists before we go any further...
     if (!fs_director::CheckForEmptyValue($packageid)) {
         $sql = "SELECT COUNT(*) FROM x_packages WHERE pk_id_pk=:packageid AND pk_deleted_ts IS NULL";
         $numrows = $zdbh->prepare($sql);
         $numrows->bindParam(':packageid', $packageid);
         if ($numrows->execute()) {
             if ($numrows->fetchColumn() == 0) {
                 self::$packageblank = true;
                 return false;
             }
         }
     } else {
         self::$packageblank = true;
         return false;
     }
     // Check to make sure the groupname is not blank and exists before we go any further...
     if (!fs_director::CheckForEmptyValue($groupid)) {
         $sql = "SELECT COUNT(*) FROM x_groups WHERE ug_id_pk=:groupid";
         $numrows = $zdbh->prepare($sql);
         $numrows->bindParam(':groupid', $groupid);
         if ($numrows->execute()) {
             if ($numrows->fetchColumn() == 0) {
                 self::$groupblank = true;
                 return;
             }
         }
     } else {
         self::$groupblank = true;
         return false;
     }
     // Check for invalid characters in the email and that it exists...
     if (!fs_director::CheckForEmptyValue($email)) {
         if (!self::IsValidEmail($email)) {
             self::$bademail = true;
             return false;
         }
     } else {
         self::$emailblank = true;
         return false;
     }
     // Check that the email address is unique to the user's table
     if (!fs_director::CheckForEmptyValue($email)) {
         if (ctrl_users::CheckUserEmailIsUnique($email)) {
             self::$not_unique_email = false;
             return true;
         } else {
             self::$not_unique_email = true;
             return false;
         }
     } else {
         self::$not_unique_email = true;
         return false;
     }
     // Check for password length...
     if (!fs_director::CheckForEmptyValue($password)) {
         if (strlen($password) < ctrl_options::GetSystemOption('password_minlength')) {
             self::$badpassword = true;
             return false;
         }
     } else {
         self::$passwordblank = true;
         return false;
     }
     return true;
 }