Esempio n. 1
0
<?php

require_once 'lib-core.php';
$ruser = $_GET['user'];
$rusersan = $mysqli->real_escape_string($ruser);
$rkey = $_GET['key'];
//$nrkey = sha1(mcrypt_create_iv(23, MCRYPT_DEV_URANDOM));
function noMc($length = 10)
{
    return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
}
//Please read the message concerning the use of NoMC @ handle-register.php
$nrkey = sha1(noMc(rand(40, 60)));
$rkeys = $mysqli->real_escape_string($rkey);
$a = "SELECT rkey FROM auth WHERE username='******'";
$b = $mysqli->query($a) or showerror();
$c = mysqli_fetch_assoc($b);
$iv = $c['rkey'];
if ($iv == $rkey) {
    $qr = "UPDATE auth SET valid='1', rkey='{$nrkey}' WHERE username='******';";
    $rr = $mysqli->query($qr) or showerror();
    require_once 'layout-headerlg.php';
    echo "You have successfully activated your account. You may now login (top right)";
    require_once 'layout-footerlg.php';
    die;
} else {
    require_once 'layout-headerlg.php';
    echo "The key/username you specified is incorrect.";
    require_once 'layout-footerlg.php';
    die;
}
Esempio n. 2
0
    header('Location: index.php');
}
require_once '../lib-auth.php';
$polrauth = new polrauth();
$islogged = $polrauth->islogged();
$action = $mysqli->real_escape_string($_POST['action']);
$username = $mysqli->real_escape_string($_SESSION['username']);
if ($action == 'changepw') {
    $currpw = $mysqli->real_escape_string($_POST['currpw']);
    $newpw = $mysqli->real_escape_string($_POST['newpw']);
    require_once '../lib-password.php';
    function noMc($length = 23)
    {
        return substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
    }
    $salt = noMc();
    $opts = array('cost' => 10, 'salt' => $salt);
    $hashed = password_hash($newpw, PASSWORD_BCRYPT, $opts);
    $sqr = "SELECT `password` FROM `auth` WHERE `username`='{$username}';";
    $res = $mysqli->query($sqr);
    $fetch = mysqli_fetch_assoc($res);
    $hpw = $fetch['password'];
    $islegit = $polrauth->processlogin($username, $currpw);
    if (!$islegit) {
        require_once 'header.php';
        echo "Invalid current password. <a href=\"index.php\">Back</a>";
        require_once 'layout-footerlg.php';
        die;
    }
    $sqr = "UPDATE auth SET password = '******' WHERE `username`='{$username}';";
    $res = $mysqli->query($sqr);