} } #function random,create a string of 6 random number and return the result. function Random() { $length = 6; $str = "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; $max = strlen($str) - 1; $random_str = ""; for ($i = 0; $i < $length; $i++) { $number = mt_rand(0, $max); $random_str .= substr($str, $number, 1); } return $random_str; } $random = Random(); ?> <!--start a sticky form--> <h1>Register</h1> <form action="customer_register.php" method="POST"> <p> First Name:<input type="text" name="first_name" value="<?php if (isset($_POST['first_name'])) { echo $_POST['first_name']; } ?> "> Last Name:<input type="text" name="last_name" value="<?php if (isset($_POST['last_name'])) { echo $_POST['last_name']; }
// configuration require "../includes/config.php"; // if form was submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { // validate submission if (empty($_POST["email"])) { apologize("You must provide an email address."); } // query database for user $rows = query("SELECT * FROM users WHERE email = ?", $_POST["email"]); // if we found email, if (count($rows) == 1) { // first (and only) row $row = $rows[0]; $newpass = Random(6); $MessageHTML = '<html><body> ' . '<p>Your password has been reset to: </p>' . '<p> ' . $newpass . '</p>' . 'Go to <a href="http://cybertox.net63.net">Memento</a>' . '</body></html>'; $MessageTEXT = "Your password has been reset to " . $newpass; $result = query("UPDATE users SET hash = ? WHERE email = ?", crypt($newpass), $_POST["email"]); if ($result === false) { apologize("An unexpected error occurred!"); } else { mailgun($_POST["email"], "Memento Password Reset", $MessageHTML, $MessageTEXT); apologize(null, "forgot", array("title" => "Password Reset", "email" => $_POST["email"])); //render("forgot_post.php", array("title" => "Password reset", "email" => $row["email"])); } } else { // else apologize apologize("Invalid email address."); } } else {
/** * RSA Encrypt * * Returns mod(pow($m, $e), $n), where $n should be the product of two (large) primes $p and $q and where $e * should be a number with the property that gcd($e, ($p - 1) * ($q - 1)) == 1. Could just make anything that * calls this call modexp, instead, but I think this makes things clearer, maybe... * * @see SSH1::SSH1() * @param BigInteger $m * @param Array $key * @return BigInteger * @access private */ function _rsa_crypt($m, $key) { /* if (!class_exists('RSA')) { require_once('Crypt/RSA.php'); } $rsa = new RSA(); $rsa->loadKey($key, RSA_PUBLIC_FORMAT_RAW); $rsa->setEncryptionMode(RSA_ENCRYPTION_PKCS1); return $rsa->encrypt($m); */ // To quote from protocol-1.5.txt: // The most significant byte (which is only partial as the value must be // less than the public modulus, which is never a power of two) is zero. // // The next byte contains the value 2 (which stands for public-key // encrypted data in the PKCS standard [PKCS#1]). Then, there are non- // zero random bytes to fill any unused space, a zero byte, and the data // to be encrypted in the least significant bytes, the last byte of the // data in the least significant byte. // Presumably the part of PKCS#1 they're refering to is "Section 7.2.1 Encryption Operation", // under "7.2 RSAES-PKCS1-v1.5" and "7 Encryption schemes" of the following URL: // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf $temp = chr(0) . chr(2); $modulus = $key[1]->toBytes(); $length = strlen($modulus) - strlen($m) - 3; for ($i = 0; $i < $length; $i++) { $temp .= chr(Random(1, 255)); } $temp .= chr(0) . $m; $m = new BigInteger($temp, 256); $m = $m->modPow($key[0], $key[1]); return $m->toBytes(); }
/** * Generates a random string x bytes long * * @access public * @param Integer $bytes * @param optional Integer $nonzero * @return String */ function _random($bytes, $nonzero = false) { $temp = ''; if ($nonzero) { for ($i = 0; $i < $bytes; $i++) { $temp .= chr(Random(1, 255)); } } else { $ints = $bytes + 1 >> 2; for ($i = 0; $i < $ints; $i++) { $temp .= pack('N', Random()); } $temp = substr($temp, 0, $bytes); } return $temp; }
/** * Sends Binary Packets * * See '6. Binary Packet Protocol' of rfc4253 for more info. * * @param String $data * @see SSH2::_get_binary_packet() * @return Boolean * @access private */ function _send_binary_packet($data) { if (feof($this->fsock)) { user_error('Connection closed prematurely', E_USER_NOTICE); return false; } //if ($this->compress) { // // the -4 removes the checksum: // // http://php.net/function.gzcompress#57710 // $data = substr(gzcompress($data), 0, -4); //} // 4 (packet length) + 1 (padding length) + 4 (minimal padding amount) == 9 $packet_length = strlen($data) + 9; // round up to the nearest $this->encrypt_block_size $packet_length += ($this->encrypt_block_size - 1) * $packet_length % $this->encrypt_block_size; // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length $padding_length = $packet_length - strlen($data) - 5; $padding = ''; for ($i = 0; $i < $padding_length; $i++) { $padding .= chr(Random(0, 255)); } // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding); $hmac = $this->hmac_create !== false ? $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)) : ''; $this->send_seq_no++; if ($this->encrypt !== false) { $packet = $this->encrypt->encrypt($packet); } $packet .= $hmac; $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838 $result = strlen($packet) == fputs($this->fsock, $packet); $stop = strtok(microtime(), ' ') + strtok(''); if (defined('SSH2_LOGGING')) { $temp = isset($this->message_numbers[ord($data[0])]) ? $this->message_numbers[ord($data[0])] : 'UNKNOWN (' . ord($data[0]) . ')'; $this->message_number_log[] = '-> ' . $temp . ' (' . round($stop - $start, 4) . 's)'; if (SSH2_LOGGING == SSH2_LOG_COMPLEX) { $this->message_log[] = substr($data, 1); } } return $result; }