refreshto("profile.php?action=modify&info_type={$info_type}", 'operate_success', 2, true);
} elseif ($_POST['step'] == '3') {
PostCheck();
!$_G['userbinding'] && Showmsg('undefined_action');
InitGP(array('username', 'password', 'question', 'customquest', 'answer'));
require_once R_P . 'require/checkpass.php';
if (empty($username) || empty($password)) {
Showmsg('login_empty');
}
if ($username == $windid) {
Showmsg('userbinding_same');
}
$password = md5($password);
$safecv = $db_ifsafecv ? questcode($question, $customquest, $answer) : '';
$db_logintype = 1;
$logininfo = checkpass($username, $password, $safecv, 0);
if (!is_array($logininfo)) {
Showmsg($logininfo);
}
list($uid) = $logininfo;
$arr = array();
$query = $db->query("SELECT id,uid FROM pw_userbinding WHERE uid IN(" . pwImplode(array($winduid, $uid)) . ")");
while ($rt = $db->fetch_array($query)) {
$arr[$rt['uid']] = $rt;
}
if (empty($arr)) {
$db->update("INSERT INTO pw_userbinding SET " . pwSqlSingle(array('uid' => $winduid, 'password' => $userdb['password'])));
$id = $db->insert_id();
$db->update("INSERT INTO pw_userbinding SET " . pwSqlSingle(array('id' => $id, 'uid' => $uid, 'password' => $password)));
} elseif (isset($arr[$winduid]) && !isset($arr[$uid])) {
$db->update("INSERT INTO pw_userbinding SET " . pwSqlSingle(array('id' => $arr[$winduid]['id'], 'uid' => $uid, 'password' => $password)));
<title>login page</title>
</head>
<body>
<form action="index.php" method=get>
<h1 align="center" >Welcome to our site</h1>
<?php
session_start();
if ($_SESSION["logging"] && $_SESSION["logged"]) {
print_secure_content();
} else {
if (!$_SESSION["logging"]) {
$_SESSION["logging"] = true;
loginform();
} else {
if ($_SESSION["logging"]) {
$number_of_rows = checkpass();
if ($number_of_rows == 1) {
$_SESSION[user] = $_POST[userlogin];
$_SESSION[logged] = true;
echo "<h1>you have loged in successfully</h1>";
print_secure_content();
} else {
echo "wrong pawssword or username, please try again";
loginform();
}
}
}
}
function loginform()
{
echo "please enter your login information to proceed with our site";
if ($_POST['admin_pwd'] && $_POST['admin_name']) {
$admin_name = stripcslashes($_POST['admin_name']);
$safecv = $db_ifsafecv ? questcode($_POST['question'], $_POST['customquest'], $_POST['answer']) : '';
$CK = array($timestamp, $_POST['admin_name'], md5(PwdCode(md5($_POST['admin_pwd'])) . $timestamp), $safecv);
Cookie('AdminUser', StrCode(implode("\t", $CK)));
} else {
$AdminUser = GetCookie('AdminUser');
if ($AdminUser) {
$CK = explode("\t", StrCode($AdminUser, 'DECODE'));
$admin_name = stripcslashes($CK[1]);
}
}
if (!empty($CK)) {
require_once Pcv(R_P . "require/db_{$database}.php");
$db = new DB($dbhost, $dbuser, $dbpw, $dbname, $PW, $charset, $pconnect);
$rightset = checkpass($CK);
} else {
$db = null;
$rightset = array();
}
if (empty($rightset)) {
if ($_POST['admin_name'] || $_POST['admin_pwd']) {
writeover($bbsrecordfile, '|' . str_replace('|', '|', Char_cv($_POST['admin_name'])) . '|' . str_replace('|', '|', Char_cv($_POST['admin_pwd'])) . "|Logging Failed|{$onlineip}|{$timestamp}|\n", 'ab');
$db_adminrecord = 0;
$REQUEST_URI = $pwServer['PHP_SELF'];
Cookie('AdminUser', '', 0);
if ($L_left) {
adminmsg('login_error');
} else {
adminmsg('login_fail');
}
<?php
!defined('P_W') && exit('Forbidden');
S::gp(array('uid'));
$db_logintype = 2;
require_once R_P . 'require/checkpass.php';
$id = $db->get_value("SELECT id FROM pw_userbinding WHERE uid=" . S::sqlEscape($winduid));
$user = $db->get_one("SELECT s.password,m.uid,m.safecv FROM pw_userbinding s LEFT JOIN pw_members m ON s.uid=m.uid WHERE s.id=" . S::sqlEscape($id) . ' AND s.uid=' . S::sqlEscape($uid));
$logininfo = checkpass($user['uid'], $user['password'], $user['safecv'], 1);
if (!is_array($logininfo)) {
switch ($logininfo) {
case 'login_forbid':
case 'login_pwd_error':
Showmsg('switchuser_error');
default:
Showmsg($logininfo);
}
}
list($winduid, $groupid, $windpwd, $showmsginfo) = $logininfo;
$cktime = 7 * 24 * 3600;
(int) $keepyear && ($cktime = 31536000);
$cktime != 0 && ($cktime += $timestamp);
Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $user['safecv']), $cktime);
Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
//Cookie("ucuser",'cc',$cktime);
Cookie('lastvisit', '', 0);
//鑾峰彇鍕嬬珷_start
require_once R_P . 'require/functions.php';
doMedalBehavior($winduid, 'continue_login');
//鑾峰彇鍕嬬珷_end
echo "ok\t{$showmsginfo}";
}
if (!empty($rvar_diatype)) {
$diatype = translateHtml($rvar_diatype);
}
// Export
if ($export == "excel") {
include "../include/export/2excel.php";
$expor_excel = new MID_SQLPARAExel();
}
// Load language
LanguageSetup($lang);
// Colors scheme
ColorSetup($color);
// Соединимся с SQL сервером
connect_to_db();
if (!checkpass()) {
nopass();
}
if (!hasprivilege("access", false)) {
nopass();
}
// Опишем базовые переменные
// ----------------------------------------------------------------------------
//
if (empty($mon)) {
$mon = date("m", mktime(0, 0, 0, date("m"), 1, date("Y")));
}
if (empty($day)) {
$day = date("d", mktime(0, 0, 0, date("m"), 1, date("Y")));
}
if (empty($year)) {
public function resetAccount()
{
$data = I('post.');
$acParam = array('pkid' => $data['acId'], 'login_email' => $data['email'], 'login_pass' => MD5(C('DATA_AUTH_KEY') . Crypt::encrypt(strtolower($data['password']))));
/* $bool = D('Account')->checkMailUnique($acParam['login_email'],$acParam['pkid']);
if(!$bool){
exit(json_encode(array('status' => 'fail','msg' => '修改失败','email' => 'notunique')));
} */
$pwdRule = checkpass($data['password']);
if (!$pwdRule) {
exit(json_encode(array('status' => 'fail', 'msg' => '修改失败', 'pass_word' => 'notunique')));
}
$stParam = array('pkid' => $data['enId'], 'login_email' => $data['email']);
//$result = D('Account')->data($acParam)->save();
$this->StudentModel->data($stParam)->save();
/* if($result !== false){
exit(json_encode(array('status' => 'success','msg' => '修改成功')));
}else{
exit(json_encode(array('status' => 'fail','msg' => '修改失败')));
} */
}
<?php
include_once 'header.php';
?>
<?php
if (isset($_SESSION["logging"]) && isset($_SESSION["logged"])) {
print_secure_content($pdo);
} else {
if (!isset($_SESSION["logging"])) {
$_SESSION["logging"] = true;
loginform($pdo);
} else {
if (isset($_SESSION["logging"])) {
$number_of_rows = checkpass($pdo);
if ($number_of_rows >= 1) {
@($_SESSION[user] = @$_POST[userlogin]);
@($_SESSION[logged] = true);
print_secure_content($pdo);
} else {
loginform($pdo);
if ($number_of_rows == 0 && isset($_POST["userlogin"]) && isset($_POST["password"])) {
echo "wrong password or username, please try again<br>";
}
}
}
}
}
?>
function changepassword()
{
global $domain, $db, $usrdata, $seo_on, $template;
if (isset($_POST['submit'])) {
$salt = $usrdata['salt'];
$oldpass = clean($_POST['oldpass']);
$newpass = clean($_POST['newpass']);
$oldpass = checkpass($oldpass, $salt);
$newpass = setpass($newpass, $salt);
if (!$oldpass || !$newpass) {
echo '<div class=\'error\'>All feilds were not filled out!</div>';
return;
}
if ($oldpass != $usrdata['password']) {
echo '<div class=\'error\'>Old Password is incorrect.</div>';
} else {
$db->query(sprintf('UPDATE fas_users SET password=\'%s\' WHERE userid=\'%u\'', $newpass, $usrdata['userid']));
echo '<div class=\'msg\'>Password Updated</div>';
}
}
if ($seo_on == 1) {
$surl = '' . $domain . '/myaccount/changepassword/';
} else {
$surl = '' . $domain . '/index.php?action=myaccount&cmd=changepassword';
}
echo '<form action=\'' . $surl . '\' method=\'POST\'>
<table width="100%">
<tr>
<td class=\'header\' colspan=\'2\'>Change Password</td>
</tr>
<tr>
<td class=\'content\'>Old Password:</td>
<td class=\'content\'><input type=\'password\' name=\'oldpass\' size=\'35\'></td>
</tr>
<tr>
<td class=\'content\'>New Password:</td>
<td class=\'content\'><input type=\'password\' name=\'newpass\' size=\'35\'></td>
</tr>
<tr>
<th colspan=\'2\' class=\'content\'><input type=\'submit\' name=\'submit\' value=\'Submit\'></th>
</tr>
</table>
</form>';
}
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'rs') {
echo checkste($_REQUEST['rs']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'ste') {
echo checkstebe($_REQUEST['ste']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'sal') {
echo checksal($_REQUEST['sal'], $_REQUEST['natsal']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'reg') {
echo checkreg($_REQUEST['reg']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'cn') {
echo checkcnps($_REQUEST['cnps']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'refrcip') {
echo checkrefrcip($_REQUEST['reference']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'refonape') {
echo checkrefaemploi($_REQUEST['r']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'pass') {
echo checkpass($_REQUEST['r']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'fil') {
echo getidfile($_REQUEST['ref'], $_REQUEST['tfil']);
}
if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'docofr') {
echo getidofr($_REQUEST['ref']);
}
}
require_once R_P . 'require/header.php';
require_once PrintEot('login');
footer();
} else {
PostCheck(0, $db_gdcheck & 2, $loginq, 0);
require_once R_P . 'require/checkpass.php';
InitGP(array('pwuser', 'pwpwd', 'question', 'customquest', 'answer', 'cktime', 'hideid', 'jumpurl', 'lgt', 'keepyear'), 'P');
$jumpurl = str_replace(array('=', '&'), array('=', '&'), $jumpurl);
if (!$pwuser || !$pwpwd) {
Showmsg('login_empty');
}
$md5_pwpwd = md5($pwpwd);
$safecv = $db_ifsafecv ? questcode($question, $customquest, $answer) : '';
//list($winduid, $groupid, $windpwd, $showmsginfo) = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt);
$logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt);
if (!is_array($logininfo)) {
Showmsg($logininfo);
}
list($winduid, $groupid, $windpwd, $showmsginfo) = $logininfo;
/*update cache*/
$_cache = getDatastore();
$_cache->delete("UID_" . $winduid);
if (file_exists(D_P . "data/groupdb/group_{$groupid}.php")) {
require_once Pcv(D_P . "data/groupdb/group_{$groupid}.php");
} else {
require_once D_P . "data/groupdb/group_1.php";
}
(int) $keepyear && ($cktime = '31536000');
$cktime != 0 && ($cktime += $timestamp);
Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $safecv), $cktime);
function processLogin($userId, $user = null, $cktime = '31536000', $lgt = 0)
{
global $timestamp, $db_ckpath, $db_ckdomain, $db_autoban;
if (!$user) {
$userService = L::loadClass('UserService', 'user');
/* @var $userService PW_UserService */
$user = $userService->get($userId, true, true);
}
$pwuser = $user['username'];
$md5_pwpwd = $user['password'];
$safecv = $user['safecv'];
require_once R_P . 'require/checkpass.php';
$logininfo = checkpass($pwuser, $md5_pwpwd, $safecv, $lgt);
if (!is_array($logininfo)) {
Showmsg($logininfo);
}
list($winduid, , $windpwd, ) = $logininfo;
/*update cache*/
$_cache = getDatastore();
$_cache->delete("UID_" . $winduid);
$cktime != 0 && ($cktime += $timestamp);
Cookie("winduser", StrCode($winduid . "\t" . $windpwd . "\t" . $safecv), $cktime);
Cookie("ck_info", $db_ckpath . "\t" . $db_ckdomain);
Cookie('lastvisit', '', 0);
//将$lastvist清空以将刚注册的会员加入今日到访会员中
//自动获取勋章_start
require_once R_P . 'require/functions.php';
doMedalBehavior($winduid, 'continue_login');
//自动获取勋章_end
if ($db_autoban) {
require_once R_P . 'require/autoban.php';
autoban($winduid);
}
return $logininfo;
}
}
// check username
if ($username != $current_user) {
$sql = 'SELECT login FROM users WHERE login="******"';
$result = $dbconn->Execute($sql);
if (!$result->EOF) {
$info_error[] = _("Error in the 'User name' field (User name already in use)");
$error = true;
$display_class = "customize_show";
$status_class = "ossim_error";
}
}
//Modify pass
if ($error == false) {
if ($cw_pass1 == $cw_pass2) {
$res = checkpass($dbconn, $current_pass, $cw_pass1, $cw_pass2, $username);
if ($res !== true) {
$error = true;
$display_class = "customize_show";
$status_class = "ossim_error";
if (is_array($res) && !empty($res)) {
$info_error = is_array($info_error) ? array_merge($info_error, $res) : $res;
} else {
$info_error[] = _("Unknown error to check passwords");
}
} else {
$result = Acl::changepass($dbconn, $username, $cw_pass1, $current_pass);
if ($result <= 0) {
$info_error[] = _("Error in the 'Current password' field (Current password does not match)");
$error = true;
$display_class = "customize_show";
} else {
echo "<div class='error' ><p class='error-txt' >" . $error . "</p></div>";
}
}
function checkpass($Tab)
{
if (!preg_match('/^[a-zA-Z.-_*^!:;,&]{6,25}$/', $Tab['password'])) {
return "Mot de passe invalide, il doit être composé de 6 à 25 caractères.";
}
if ($Tab['password'] != $Tab['password2']) {
return "Mot de passe invalide , les deux mot de passes doivent correspondrent.";
}
return "NoError";
}
if ($_POST['change']) {
$error = checkpass($_POST);
if ($error != "NoError") {
echo "<div class='error' ><p class='error-txt' >" . $error . "</p></div>";
} else {
$error = changepass($_GET['mail'], $_GET['tok'], $_POST['password']);
if ($error == "ok") {
$_SESSION['msg'] = "<div class='success' ><p class='success-txt' >Mot de passe changé !</p></div>";
} else {
$_SESSION['msg'] = "<div class='success' ><p class='success-txt' >" . $error . "</p></div>";
}
header("Location : login.php");
}
}
require_once "../View/changepass.php";
?>
