private function verif_sessions() { if (isset($_SESSION['__member']['id'], $_SESSION['__member']['key'], $_SESSION['__member']['pseudo'])) { $verifKey = _hash($_SESSION['__member']['id'] . $_SESSION['__member']['pseudo'], 'XTC_CMS'); if ($verifKey == $_SESSION['__member']['key']) { $this->status = 'on'; $this->pseudo = $_SESSION['__member']['pseudo']; $this->idMember = $_SESSION['__member']['id']; return true; } } $this->idMember = 0; $this->pseudo = NULL; $this->status = 'off'; return false; }
require_once '../../kernel/begin.php'; $lang->setModule('membres', 'inscription'); $form = new Form(translate('title_form'), 'post'); $form->add_fieldset(); $form->add_input('login', 'login', translate('login_form')); $form->add_input('password', 'password', translate('password_form'), 'password'); $form->add_input('password_confirm', 'password_confirm', translate('password_confirm'), 'password'); $form->add_input('email', 'email', translate('email_form')); $form->add_button(); $fh = new FormHandle($form); $fh->handle(); if ($fh->okay()) { $login = $fh->get('login'); $password = _hash($fh->get('password')); $password_confirm = _hash($fh->get('password_confirm')); $email = $fh->get('email'); if ($password != $password_confirm) { $error = new Error(); $error->add_error(translate('two_passwords_not'), ERROR_PAGE, __FILE__, __LINE__); } else { $params = array($login, $email, $password, time(), time()); $bdd->query('INSERT INTO ' . TABLE_MEMBERS . ' ( membre_login, membre_email, membre_password, membre_register, membre_last_up ) VALUES( ?, ?, ?, ?, ? )', $params); $error = new Error(); $error->add_error(translate('inscription_ok'), ERROR_PAGE, __FILE__, __LINE__); tpl_begin(); echo '<p>' . translate('welcome') . '</p>'; tpl_end(); exit; } }
/** * 根据明文创建一个需要提交的Hash密码 * @param $plain * @return string */ public static function MakeHashChar($plain) { $sort = str_split($plain); sort($sort); return _hash($plain . md5(join('', $sort))); }
/** * 修改用户密码 * @param User $user * @param string $old * @param string $new */ public function edit_user_password($user, $old, $new) { $l = strlen(_hash("")); if ($l !== strlen($old) || $l !== strlen($new)) { $this->throwMsg(-7); } lib()->load("UserCheck"); if ($user->getPassword() !== UserCheck::CreatePassword($old, $user->getSalt())) { $this->throwMsg(-8); } $list = ['salt' => salt(64)]; $list['password'] = UserCheck::CreatePassword($new, $list['salt']); $user->set($list); }
function decrypt($string, $cc_encryption_hash) { $key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash); $hash_key = _hash($key); $hash_length = strlen($hash_key); $string = base64_decode($string); $tmp_iv = substr($string, 0, $hash_length); $string = substr($string, $hash_length, strlen($string) - $hash_length); $iv = $out = ''; $c = 0; while ($c < $hash_length) { $iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c])); ++$c; } $key = $iv; $c = 0; while ($c < strlen($string)) { if ($c != 0 and $c % $hash_length == 0) { $key = _hash($key . substr($out, $c - $hash_length, $hash_length)); } $out .= chr(ord($key[$c % $hash_length]) ^ ord($string[$c])); ++$c; } return $out; }
/** * @param $user * @param $password */ public function create_user($user, $password) { $salt = salt(40); $password = salt_hash(_hash($password), $salt); var_dump(db()->insert("user", array('user' => $user, 'password' => $password, 'salt' => $salt, 'token' => _hash($password . salt(50))))); var_dump(db()->error()); }
protected function _create_home() { global $user; $v = $tree = $this->init(); $z = $this->__(w('zmode')); if (_button()) { $v_ary = array('subject', 'content'); if ($user->v('is_founder')) { $v_ary = array_merge($v_ary, array('node' => 0, 'parent' => 0, 'level' => 0, 'module' => 0, 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent' => 0, 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'description', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published', 'move')); } $v = $this->__($v_ary); /* $v = $this->__(array( 'node' => 0, 'parent' => 0, 'level' => 0, 'module' => 0, 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent' => 0, 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'subject', 'content', 'description', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published', 'move' )); */ // $v['edited'] = time(); foreach (w('node level parent module') as $row) { $v[$row] = $tree['tree_' . $row]; } if ($z['zmode'] == 'create') { $v['parent'] = $tree['tree_id']; $v['level']++; if (!$v['node']) { $v['node'] = $v['parent']; } } // Parse vars foreach ($v as $row_k => $row_v) { switch ($row_k) { case 'subject': $row_v = $this->html($row_v, 'strong'); break; case 'content': $row_v = $this->html($row_v); break; case 'alias': $row_v = _alias($row_v, w('_'), '-'); break; case 'checksum': $row_v = _hash($v['content']); break; case 'published': $row_v = dvar($row_v, date('d m Y')); $e_date = explode(' ', $row_v); $row_v = _timestamp($e_date[1], $e_date[0], $e_date[2]); break; } $v[$row_k] = $row_v; } if ($z['zmode'] == 'modify' && $tree['tree_alias'] == 'home' && $v['alias'] != 'home') { $v['alias'] = 'home'; } if (f($v['alias'])) { $sql = 'SELECT tree_id FROM _tree WHERE tree_alias = ? AND tree_id <> ?'; if (_fieldrow(sql_filter($sql, $v['alias'], $tree['tree_id']))) { $this->_error('#ALIAS_IN_USE'); } } if ($z['zmode'] == 'modify') { if ($v['move']) { $mv_field = !is_numb($v['move']) ? 'alias' : 'id'; $sql = 'SELECT * FROM _tree WHERE tree_?? = ?'; if ($mv_tree = _fieldrow(sql_filter($sql, $mv_field, $v['move']))) { $mv_insert = array('module' => $mv_tree['module_id'], 'node' => $mv_tree['tree_node'], 'parent' => $mv_tree['tree_id'], 'level' => $mv_tree['tree_level'] + 1); $sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $mv_insert)) . sql_filter(' WHERE article_id = ?', $tree['tree_id']); _sql($sql); $sql = 'UPDATE _tree SET tree_childs = tree_childs - 1 WHERE tree_id = ?'; _sql(sql_filter($sql, $tree['tree_parent'])); $sql = 'UPDATE _tree SET tree_childs = tree_childs + 1 WHERE tree_id = ?'; _sql(sql_filter($sql, $mv_tree['tree_id'])); } } unset($v['move']); // Check input values against database foreach ($v as $row_k => $row_v) { if ($tree['tree_' . $row_k] == $row_v) { unset($v[$row_k]); } } if (!(count($v) - 1)) { unset($v['edited']); } } else { unset($v['move']); } // $u_tree = _rewrite($tree); if (count($v)) { if (isset($v['content']) && $v['content']) { $v['content'] = str_replace(w('< >'), w('< >'), $v['content']); } if ($z['zmode'] == 'create') { $sql = 'INSERT INTO _tree' . _build_array('INSERT', prefix('tree', $v)); } else { $sql = 'UPDATE _tree SET ' . _build_array('UPDATE', prefix('tree', $v)) . sql_filter(' WHERE tree_id = ?', $tree['tree_id']); } _sql($sql); if ($z['zmode'] == 'create') { $u_tree = f($v['alias']) ? $v['alias'] : _nextid(); $sql = 'UPDATE _tree SET tree_childs = tree_childs + 1 WHERE tree_id = ?'; _sql(sql_filter($sql, $tree['tree_id'])); } } redirect(_link($u_tree)); } // // Show fieldset /*$v_fieldset = array( 'subject', 'content', 'description', 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent', 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published' ); */ $v_fieldset = array('subject', 'content'); if ($user->v('is_founder')) { $v_fieldset = array_merge($v_fieldset, array('description', 'alias', 'child_hide' => 0, 'child_order', 'nav' => 0, 'nav_hide' => 0, 'css_parent', 'css_var', 'quickload' => 0, 'dynamic' => 0, 'tags', 'template', 'redirect', 'allow_comments' => 0, 'approve_comments' => 0, 'form' => 0, 'form_email', 'published')); } $is_modify = $z['zmode'] == 'modify'; foreach (_array_keys($v_fieldset, '') as $k => $row) { $name = 'tree_' . $k; $cp_lang = _lang('CP_' . $k); $value = $is_modify ? isset($v[$k]) ? $v[$k] : (isset($tree[$name]) ? $tree[$name] : '') : ''; $checked = is_numb($row) && $is_modify && $tree[$name] ? ' checked="checked"' : ''; if (f($value)) { switch ($k) { case 'published': $value = date('d m Y', $value); break; } } $type = 'text'; if (is_numb($row)) { $value = 1; $type = 'checkbox'; } $tag = 'input'; if ($k == 'content') { $tag = 'textarea'; } _style('field', array('NAME' => $k, 'ID' => $k, 'TAG' => $tag, 'TYPE' => $type, 'VALUE' => $value, 'LANG' => $cp_lang, 'CHECKED' => $checked)); if ($k == 'template') { $i = 0; $fp = @opendir('./style/custom/'); while ($row_d = @readdir($fp)) { if (_extension($row_d) != 'htm') { continue; } if (!$i) { _style('field.templated'); _style('field.templated.row', array('V' => '', 'FILE' => _lang('NONE'))); } $v_file = str_replace('.htm', '', $row_d); _style('field.templated.row', array('V' => $v_file, 'FILE' => $v_file)); $i++; } @closedir($fp); } // } $cp_format = !$is_modify ? 'CREATE' : 'MODIFY'; v_style(array('CP_PAGE' => sprintf(_lang('CP_PAGE_' . $cp_format), $tree['tree_subject']))); return; }
$bdd = new bdd(array('host' => $hostBDD, 'login' => $loginBDD, 'database' => $databaseBDD, 'password' => $passwordBDD, 'displayErrors' => false)); $bdd->query(str_replace('#_PREFIX_#', $prefixeBDD, file_get_contents(ROOT . 'install/db/install.sql'))); $bdd->query('INSERT INTO `' . $table_members . '` ( membre_login, membre_email, membre_password, membre_register, membre_last_up, membre_rank, membre_design, membre_lang ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ? ) ', array($admin_login, $admin_email, $admin_password, time(), time(), RANK_ADMIN, NULL, NULL)); unset($_SESSION['__install']); if (isset($_POST['delete_dir'])) { $_SESSION['__delete_dir_install'] = true; } break; case 4: if (isset($_POST['login'], $_POST['password'], $_POST['passwordConfirm'], $_POST['email'])) { $login = $_POST['login']; $password = $_POST['password']; $passwordconfirm = $_POST['passwordConfirm']; $email = $_POST['email']; if ($password == $passwordconfirm) { $passwordHash = _hash($password); if (check_email($email) === 1) { if (check_pseudo($login)) { $_SESSION['__install'][3] = array('login' => $login, 'password' => $passwordHash, 'email' => $email); break; } else { $error = new error(); $error->addError('L\'email n\'est pas à un format conventionnel.', ERROR_PAGE, 'install.php', __LINE__); $step = 3; } } else { $error = new error(); $error->addError('L\'email n\'est pas à un format conventionnel.', ERROR_PAGE, 'install.php', __LINE__); $step = 3; } } else {
/** * 通过加盐生成hash值 * @param $hash * @param $salt * @return string */ function salt_hash($hash, $salt) { $count = count($salt); return _hash(substr($salt, 0, $count / 3) . $hash . $salt); }
function _generate_iv() { global $cc_encryption_hash; srand((double) microtime() * 1000000); $iv = md5(strrev(substr($cc_encryption_hash, 13)) . substr($cc_encryption_hash, 0, 13)); $iv .= rand(0, getrandmax()); $iv .= serialize(array("key" => md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash))); return _hash($iv); }
$form = new Form(translate('title_form'), 'post'); $form->add_fieldset(); $form->add_input('login', 'login', translate('login_form')); $form->add_input('password', 'password', translate('password_form'), 'password'); $form->add_button(); $fh = new FormHandle($form); $fh->handle(); if ($fh->okay()) { $login = $fh->get('login'); $password = _hash($fh->get('password')); $params = array($login, $password); $cSql = $bdd->count_sql(TABLE_MEMBERS, 'WHERE membre_login = ? AND membre_password = ?', $params); if ($cSql == 0) { $error = new Error(); $error->add_error(translate('inexistant_member'), ERROR_PAGE, __FILE__, __LINE__); } else { $requete = $bdd->query('SELECT * FROM ' . TABLE_MEMBERS . ' WHERE membre_login = ? AND membre_password = ?', $params); $resultats = $bdd->fetch($requete); $hashKey = _hash($resultats['membre_id'] . $login, 'XTC_CMS'); $sessions->add_session('pseudo', $login, '__member')->add_session('id', $resultats['membre_id'], '__member')->add_session('key', $hashKey, '__member')->add_session('isConnected', true, '__member'); $member->log_in($resultats['membre_id']); $error = new Error(); $error->add_error(translate('connexion_ok'), ERROR_GLOBAL, __FILE__, __LINE__, ROOTU . 'modules/accueil/index.php'); } } } tpl_begin(); if (isset($form)) { $form->build_all(); } tpl_end();
/** * 设置加密密钥 * @param $key string */ public function setKey($key) { $this->key = _hash($key . @$_SERVER['HTTP_USER_AGENT'] . COOKIE_KEY, true); }