function password_func($password, $password2)
{
// Do passwords match ?
if ($password != $password2) {
throw new Exception('Passwords do not match.');
}
// Passwords can not contain special characters
if (bad_chars($password)) {
throw new Exception("Passwords can't contain spaces or the following special characters: ' \" = % ; < > --");
}
// Password complexity
if (!(strlen($password) >= 7 && preg_match('/^(?=.*[a-z])(?=.*[A-Z])((?=.*\\d)|(?=.*\\W)).+$/', $password))) {
$ERROR = "Password does not meet complexity requirements: <br />\n";
$ERROR .= "Minimum 7 characters with at least one capital letter, one lowercase letter";
$ERROR .= " and one number or one approved special character. {$test}\n";
throw new Exception("{$ERROR}");
}
// Create hash
$salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
$hash = crypt($password, '$2a$12$' . $salt);
return $hash;
}
html_break(2);
html_link_back();
} elseif ($delete) {
for ($i = 0; $i != $numoffiles; $i++) {
if ($fileman[$i]) {
if ($GLOBALS['phpgw']->vfs->delete(array('string' => $fileman[$i]))) {
html_text_summary(lang('Deleted %1', $disppath . '/' . $fileman[$i]), $fileinfo['size']);
} else {
$GLOBALS['phpgw']->common->error_list(array(lang('Could not delete %1', $disppath . '/' . $fileman[$i])));
}
}
}
html_break(2);
html_link_back();
} elseif ($newdir && $createdir) {
if ($badchar = bad_chars($createdir, True, True)) {
echo $GLOBALS['phpgw']->common->error_list(array(html_encode(lang('Directory names cannot contain "%1"', $badchar), 1)));
html_break(2);
html_link_back();
html_page_close();
}
if ($createdir[strlen($createdir) - 1] == ' ' || $createdir[0] == ' ') {
echo $GLOBALS['phpgw']->common->error_list(array(lang('Cannot create directory because it begins or ends in a space')));
html_break(2);
html_link_back();
html_page_close();
}
$ls_array = $GLOBALS['phpgw']->vfs->ls(array('string' => $path . '/' . $createdir, 'relatives' => array(RELATIVE_NONE), 'checksubdirs' => False, 'nofiles' => True));
$fileinfo = $ls_array[0];
if ($fileinfo['name']) {
if ($fileinfo['mime_type'] != 'Directory') {
break;
}
}
// If not in a group then give error
if (!isset($login)) {
$error = "Login Failed.";
}
} else {
$error = "Login Failed.";
}
break;
default:
// Connect to DB
try {
// If any bad chars in post contents dont allow DB lookup
if (bad_chars($_POST["username"]) || bad_chars($_POST["password"])) {
throw new Exception("Input will not accept those special characters!");
}
// is user valid ??
$sth = $dbh->prepare("SELECT count(HASH) FROM USERS WHERE NAME = ?");
$sth->bindParam(1, $_POST["username"]);
$sth->execute();
$user_valid = $sth->fetchColumn();
$sth = null;
if ($user_valid) {
// if user is valid get hash
$sth = $dbh->prepare("SELECT HASH,ROLE FROM USERS WHERE NAME = ?");
$sth->bindParam(1, $_POST["username"]);
$sth->execute();
$row = $sth->fetch();
$db_hash = $row['HASH'];
<?php
$title = "Add Device";
// Check for certain SQL chars
function bad_chars($input)
{
if (preg_match('/([\'\\"%=;<>\\s]|--)/', $input)) {
return 1;
} else {
return 0;
}
}
// If post then update DB
if ($_SERVER['REQUEST_METHOD'] == "POST" && $_POST["change"] == "Add") {
// If input contains bad chars then give errors
if (bad_chars($_POST["name"]) || bad_chars($_POST["ip"])) {
$contents .= "Device name or IP address can't contain spaces or the following special characters: ' \" = % ; < > --";
} else {
$name = $_POST["name"];
$ip = $_POST["ip"];
if (isset($_POST["dns"])) {
$ip = "NULL";
}
// Are there any blank fields ?
if ($name != "" && $ip != "") {
// If all checks pass then insert into DB
//if ($error == 0) {
$time = time();
$sth = $dbcore->prepare("INSERT INTO DEVICES ('NAME','IP','DATE_ADDED','CID_TIME','LAST_DATE') \n\t\t\t\t\t\t\t\t\t\tVALUES (:name,:ip,{$time},0,0)");
$sth->bindValue(':name', $name);
$sth->bindValue(':ip', $ip);
