function validateUser($user, $pass, $pass_confirm)
{
$valueToRetun = 0;
$validUsernameOrNot = validUsername($user);
$validPasswordOrNot = validPassword($pass);
//check to see if username exists
$sqlQuery = "SELECT * FROM users WHERE username = '******'";
$result = mysqli_query($connection, $sqlQuery);
$row = mysqli_fetch_assoc($result);
if ($row != "") {
$valueToReturn = 1;
} else {
if ($validUsernameOrNot && $validPasswordOrNot) {
$valueToReturn = 2;
//Username and password is valid
} else {
if (!$validUsernameOrNot) {
$valueToReturn = 3;
//Username is not valid format
} else {
if (!$validPasswordOrNot) {
$valueToReturn = 4;
//Password is not valid format
} else {
if (strcmp($pass, $pass_confirm) !== 0) {
$valueToReturn = 5;
//Password confirmation is incorrect
}
}
}
}
}
mysql_free_result($result);
return $valueToReturn;
}
public function changePassword($id, $original_password, $password, $confirm_password)
{
$user = $this->userModel->find($id);
if (ucenter_md5($original_password, C("MD5_SECRET_KEY")) !== $user['password']) {
$this->setError("password_error");
return false;
}
if ($password != $confirm_password) {
$this->setError("confirm_password_error");
return false;
}
if (!validPassword($password)) {
$this->setError("new_password_error");
return false;
}
// $this->userModel->password=ucenter_md5($password, C("MD5_SECRET_KEY"));
$this->userModel->where(array("id" => $id))->setField("password", ucenter_md5($password, C("MD5_SECRET_KEY")));
return true;
}
if (!empty($_GET["code"])) {
verifyUser($_GET['email'], $_GET["code"], $DATABASE);
die;
}
//TODO: Refactor this section
//if any of these are not set, the page will die
if (empty($_POST["email"]) || empty($_POST["password"]) || empty($_POST["password2"]) || empty($_POST["first-name"]) || empty($_POST["last-name"]) || empty($_POST["zip"]) || empty($_POST["phone"])) {
error("Missing Field", "You tried to register without completing a required field");
}
if ($_POST["password"] !== $_POST["password2"]) {
error("Passwords Don't Match", "Your passwords did not match");
}
if (!validEmail($_POST["email"])) {
error("Invalid Email", "Your email " . $_POST["email"] . " is invalid");
}
if (!validPassword($_POST["password"])) {
error("Invalid Password", "Your password must be longer than 8 characters in length");
}
//evaluate mailing preferences
$mailing = 1;
if (!isset($_POST["mailing"])) {
$mailing = 0;
}
//cryptify the password
$password = $_POST["password"];
$hash = password_hash($password, PASSWORD_BCRYPT);
$veriRaw = randomString();
//repackaged for easier imploding later, when creating a new user
$options = [$_POST["email"], $hash, $_POST["first-name"], $_POST["last-name"], $_POST["zip"], $_POST["phone"], $mailing, $veriRaw];
//escape all the data in the array
$db = new DB();
function updateAccount($user_id, $oldPassword, $newPassword, $newPasswordConfirm, $newEmail)
{
$user_id = escape($user_id);
$oldPassword = escape($oldPassword);
$newPassword = escape($newPassword);
$newPasswordConfirm = escape($newPasswordConfirm);
$newEmail = escape($newEmail);
$result = verifyLogin($_SESSION['user_id'], $_POST['old_password']);
if ($result === TRUE) {
$set_string = "";
//decrypt the password if needed
require_once includePath() . "/crypto.php";
$newPassword = decryptPassword($newPassword);
$newPasswordConfirm = decryptPassword($newPasswordConfirm);
if (strlen($newPassword) > 0 || strlen($newPasswordConfirm) > 0) {
if (strlen($newPassword) >= 6) {
//enforce minimum password length of six
if ($newPassword == $newPasswordConfirm) {
$validPassword = validPassword($newPassword);
if ($validPassword == 0) {
$gen_salt = secure_random_bytes(20);
$db_salt = escape(bin2hex($gen_salt));
$set_string .= "password = '******', salt = '{$db_salt}', ";
} else {
return $validPassword;
}
} else {
return 11;
}
} else {
return 1;
}
}
if (strlen($newEmail) > 0) {
if (validEmail($newEmail)) {
$set_string .= "email = '" . escape($newEmail) . "', ";
} else {
return 10;
}
}
if (strlen($set_string) > 0) {
$set_string = substr($set_string, 0, strlen($set_string) - 2);
//get rid of trailing comma and space
mysql_query("UPDATE users SET " . $set_string . " WHERE id='{$user_id}'");
}
return 0;
} else {
return $result;
}
}
<title>Insert title here</title>
</head>
<body>
<?php
function validPassword($password)
{
if (!preg_match('/[^A-Za-z0-9]+/', $password) || strlen($password) < 8) {
echo "Password should be at least 8 chars long and should have at least 1 non-alphanumeric symbol!";
} else {
return hash('md5', $password);
}
}
if ($_POST['password'] != $_POST['repeatPassword']) {
echo "Passwords do not match!";
} else {
validPassword($password);
}
?>
<div>
<form action="" method="post">
<div>
<label for="username">Username</label>
<input type="text" id="username" name="username" />
</div>
<div>
<label for="password">Enter password</label>
<input type="password" id="password" name="password"/>
</div>
<div>
<label for="repear_password">Repeat password</label>
<input type="password" id="repeatPassword" name="repeatPassword"/>
* @package Helios Calendar
* @license GNU General Public License version 2 or later; see LICENSE
*/
define('hcAdmin', true);
include '../loader.php';
action_headers();
post_only();
$token = isset($_POST['token']) ? cIn(strip_tags($_POST['token'])) : '';
if (!check_form_token($token)) {
go_home();
}
$a = isset($_POST['a']) ? cIn(strip_tags($_POST['a'])) : 0;
$b = isset($_POST['b']) ? cIn(strip_tags($_POST['b'])) : 0;
$pass1 = isset($_POST['pass1']) ? cIn(strip_tags($_POST['pass1'])) : '';
$pass2 = isset($_POST['pass2']) ? cIn(strip_tags($_POST['pass2'])) : '';
$valid = $hc_cfg[91] == 1 ? validPassword($pass1) : true;
$target = !$valid ? 'Location: ' . AdminRoot . '/index.php?lp=2&k=' . $b . '&lmsg=6' : 'Location: ' . AdminRoot . '/';
$result = doQuery("SELECT PkID, Email, LoginCnt, Passwrd FROM " . HC_TblPrefix . "admin WHERE PCKey = '" . $b . "'");
if (hasRows($result) && $valid) {
if (md5(mysql_result($result, 0, 0) . mysql_result($result, 0, 1) . mysql_result($result, 0, 2)) == $a) {
$target = 'Location: ' . AdminRoot . '/index.php?lp=2&k=' . $b . '&lmsg=5';
if ($pass1 == $pass2) {
if (md5(md5($pass1) . mysql_result($result, 0, 1)) == mysql_result($result, 0, 3)) {
$target = 'Location: ' . AdminRoot . '/index.php?lp=2&k=' . $b . '&lmsg=6';
} else {
doQuery("UPDATE " . HC_TblPrefix . "admin SET Passwrd = '" . md5(md5($pass1) . mysql_result($result, 0, 1)) . "', PCKey = NULL, PAge = '" . date("Y-m-d") . "' WHERE PkID = '" . mysql_result($result, 0, 0) . "'");
$target = 'Location: ' . AdminRoot . '/index.php?lmsg=4';
}
}
} else {
doQuery("UPDATE " . HC_TblPrefix . "admin SET PCKey = NULL WHERE PkID = '" . mysql_result($result, 0, 0) . "'");