private function _setNewAdminPassword()
{
global $locale;
// Only accept if user is admin, updating his profile (not admin panel)
if (iADMIN && $this->_method == "validate_update" && !$this->isAdminPanel) {
if ($this->_getPasswordInput("user_admin_password") == "") {
if ($this->userData['user_admin_password'] == "") {
$this->_isValidCurrentAdminPassword = true;
$showError = false;
} else {
$this->_isValidCurrentAdminPassword = false;
$showError = true;
}
} else {
$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false);
$showError = true;
}
//$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false);
$this->_newUserAdminPassword = $this->_getPasswordInput("user_new_admin_password");
$this->_newUserAdminPassword2 = $this->_getPasswordInput("user_new_admin_password2");
// Require current password
if ($this->_isValidCurrentAdminPassword) {
// Require current admin password
if ($this->_isValidCurrentPassword) {
if ($this->_userAdminPassword != $this->_userPassword) {
// Intialize password auth
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $this->_userAdminPassword;
$passAuth->inputNewPassword = $this->_newUserAdminPassword;
$passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
// Check admin new password
$_isValidNewPassword = $passAuth->isValidNewPassword();
if ($_isValidNewPassword === 0) {
// New password is valid
$this->_setDBValue("user_admin_algo", $passAuth->getNewAlgo());
$this->_setDBValue("user_admin_salt", $passAuth->getNewSalt());
$this->_setDBValue("user_admin_password", $passAuth->getNewHash());
} else {
if ($_isValidNewPassword === 1) {
// New Password equal old password
$this->_setError("user_password", $locale['u144'] . $locale['u146'] . $locale['u131']);
} elseif ($_isValidNewPassword === 2) {
// The two new passwords are not identical
$this->_setError("user_password", $locale['u148a']);
} elseif ($_isValidNewPassword === 3) {
// New password contains invalid chars / symbols
$this->_setError("user_password", $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']);
}
}
} else {
// New admin password equal Login password
$this->_setError("user_admin_password", $locale['u144'] . $locale['u146'] . $locale['u133']);
}
} else {
// Current login password is invalid
$this->_setError("user_admin_password", $locale['u149b']);
}
} else {
// Current admin password is invalid
$this->_setError("user_admin_password", $locale['u149a'], $showError);
}
}
}
private function _setAdminPassword()
{
global $locale, $defender;
if ($this->_getPasswordInput("user_admin_password")) {
// if submit current admin password
$this->_userAdminPassword = $this->_getPasswordInput("user_admin_password");
// var1
$this->_newUserAdminPassword = $this->_getPasswordInput("user_admin_password1");
// var2
$this->_newUserAdminPassword2 = $this->_getPasswordInput("user_admin_password2");
// var3
$passAuth = new PasswordAuth();
//print_p($this->_userAdminPassword); // this is not available if no password exist
//print_p($this->_newUserAdminPassword);
//print_p($this->_newUserAdminPassword2);
if (!$this->userData['user_admin_password'] && !$this->userData['user_admin_salt']) {
// New Admin
$valid_current_password = 1;
$passAuth->inputPassword = '******';
$passAuth->inputNewPassword = $this->_userAdminPassword;
$passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
} else {
// Old Admin
// Intialize password auth
$passAuth->inputPassword = $this->_userAdminPassword;
// var1
$passAuth->inputNewPassword = $this->_newUserAdminPassword;
// var2
$passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
// var3
$passAuth->currentPasswordHash = $this->userData['user_admin_password'];
$passAuth->currentAlgo = $this->userData['user_admin_algo'];
$passAuth->currentSalt = $this->userData['user_admin_salt'];
$valid_current_password = $passAuth->isValidCurrentPassword();
}
if ($valid_current_password) {
$this->_isValidCurrentAdminPassword = 1;
// authenticated. now do the integrity check
$_isValidNewPassword = $passAuth->isValidNewPassword();
switch ($_isValidNewPassword) {
case '0':
// New password is valid
$new_admin_password = $passAuth->getNewHash();
$new_admin_salt = $passAuth->getNewSalt();
$new_admin_algo = $passAuth->getNewAlgo();
$this->data['user_admin_algo'] = $new_admin_algo;
$this->data['user_admin_salt'] = $new_admin_salt;
$this->data['user_admin_password'] = $new_admin_password;
break;
case '1':
// new password is old password
$defender->stop();
$defender->setInputError('user_admin_password');
$defender->setInputError('user_admin_password1');
$defender->setErrorText('user_admin_password', $locale['u144'] . $locale['u146'] . $locale['u133']);
$defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u146'] . $locale['u133']);
break;
case '2':
// The two new passwords are not identical
$defender->stop();
$defender->setInputError('user_admin_password1');
$defender->setInputError('user_admin_password2');
$defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u148a']);
$defender->setErrorText('user_admin_password2', $locale['u144'] . $locale['u148a']);
break;
case '3':
// New password contains invalid chars / symbols
$defender->stop();
$defender->setInputError('user_admin_password1');
$defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']);
break;
}
} else {
$defender->stop();
$defender->setInputError('user_admin_password');
$defender->setErrorText('user_admin_password', $locale['u149a']);
}
} else {
// check db only - admin cannot save profile page without password
if (iADMIN) {
$require_valid_password = $this->userData['user_admin_password'] ? TRUE : FALSE;
if (!$require_valid_password) {
// 149 for admin
$defender->stop();
$defender->setInputError('user_admin_password');
$defender->setErrorText('user_admin_password', $locale['u149a']);
}
}
}
}
$adminPass->inputNewPassword = $newAdminPass;
$adminPass->inputNewPassword2 = $newAdminPass;
$adminPassIsReset = $adminPass->isValidNewPassword() === 0 ? true : false;
if (isset($_POST['reset_login']) && $_POST['reset_login'] == 1) {
$loginPass = new PasswordAuth();
$newLoginPass = $loginPass->getNewPassword(12);
$loginPass->inputNewPassword = $newLoginPass;
$loginPass->inputNewPassword2 = $newLoginPass;
$message = str_replace(array("[USER_NAME]", "[NEW_PASS]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newLoginPass, $newAdminPass, $userdata['user_name'], $reset_message), $locale['409']);
$loginPassIsReset = $loginPass->isValidNewPassword() === 0 ? true : false;
} else {
$message = str_replace(array("[USER_NAME]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newAdminPass, $userdata['user_name'], $reset_message), $locale['408']);
$loginPassIsReset = true;
}
if ($loginPassIsReset && $adminPassIsReset && sendemail($data['user_name'], $data['user_email'], $userdata['user_name'], $userdata['user_email'], $locale['407'] . $settings['sitename'], $message)) {
$result2 = dbquery("UPDATE " . DB_USERS . " SET\n\t\t\t\t\t\t" . ($newLoginPass ? "user_algo='" . $loginPass->getNewAlgo() . "', user_salt='" . $loginPass->getNewSalt() . "', \n\t\t\t\t\t\t\t\t\t\t\tuser_password='******', " : "") . "\n\t\t\t\t\t\tuser_admin_algo='" . $adminPass->getNewAlgo() . "', user_admin_salt='" . $adminPass->getNewSalt() . "', \n\t\t\t\t\t\tuser_admin_password='******'\n\t\t\t\t\tWHERE user_id='" . $data['user_id'] . "'");
$reset_success[] = array($data['user_id'], $data['user_name'], $data['user_email']);
} else {
$reset_failed[] = array($data['user_id'], $data['user_name'], $data['user_email']);
}
}
opentable($locale['410']);
$sucess = count($reset_success);
$sucess_ids = "";
$failed = count($reset_failed);
$failed_ids = "";
echo "<table cellpadding='0' cellspacing='0' width='70%' class='admin-reset tbl-border center'>\n";
for ($i = 0; $i < $sucess; $i++) {
$sucess_ids .= $sucess_ids != "" ? "." . $reset_success[$i][0] : $reset_success[$i][0];
echo "<tr>\n";
echo "<td class='tbl1' width='250'><strong>" . ($i == 0 ? "Admins reset:" : "") . "</strong></td>\n";
sendemail($uinfo['user_name'], $uinfo['user_email'], $settings['siteusername'], $settings['siteemail'], $locale['eml1'], $msg, "html");
redirect(BASEDIR . "register.php?msg=8");
} else {
$name = $app['username'];
$email = $app['useremail'];
$password = $app['password'];
require_once CLASSES . "PasswordAuth.class.php";
$passAuth = new PasswordAuth();
$passAuth->inputNewPassword = $password;
$passAuth->inputNewPassword2 = $password;
$passAuth->currentPassword = "";
echo $valid = $passAuth->isValidNewPassword();
if ($valid === 0) {
// New password is valid
$hash = $passAuth->getNewHash();
$algo = $passAuth->getNewAlgo();
$salt = $passAuth->getNewSalt();
}
$code = md5($name . $email);
$ins_rm_user = dbquery("INSERT INTO " . DB_RM_USERS . " (rmuser_username, rmuser_useremail, rmuser_password, rmuser_algo, rmuser_salt, rmuser_code, rmuser_verified, rmuser_approved) VALUES ('" . $name . "', '" . $email . "', '" . $hash . "', '" . $algo . "', '" . $salt . "', '" . $code . "', '0', '0')");
$rm_user_id = mysql_insert_id();
$ins_app = dbquery("INSERT INTO " . DB_RM_APPS . " (app_rm_user, app_user, app_form, app_voted, app_votes_yes, app_votes_no, app_date, app_status, app_username, app_useremail) VALUES ('" . $rm_user_id . "', '0', '" . $appp_id . "', '', '0', '0', '" . $time . "', '0', '" . $name . "', '" . $email . "')");
// sendmail, verify user
require_once INCLUDES . "sendmail_include.php";
$msg = sprintf($locale['eml3'], $code);
sendemail($name, $email, $settings['siteusername'], $settings['siteemail'], $locale['eml1'], $msg, "html");
redirect(BASEDIR . "register.php?msg=8");
}
} else {
redirect(BASEDIR . "register.php?msg=7");
}
public static function setAdminCookie($inputPassword)
{
global $userdata;
if (iADMIN) {
require_once CLASSES . "PasswordAuth.class.php";
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $userdata['user_admin_algo'];
$passAuth->currentSalt = $userdata['user_admin_salt'];
$passAuth->currentPasswordHash = $userdata['user_admin_password'];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(true)) {
$userdata['user_admin_algo'] = $passAuth->getNewAlgo();
$userdata['user_admin_salt'] = $passAuth->getNewSalt();
$userdata['user_admin_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false);
}
}
}
public static function setAdminCookie($inputPassword)
{
global $userdata;
if (iADMIN) {
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $userdata['user_admin_algo'];
$passAuth->currentSalt = $userdata['user_admin_salt'];
$passAuth->currentPasswordHash = $userdata['user_admin_password'];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(TRUE)) {
$userdata['user_admin_algo'] = $passAuth->getNewAlgo();
$userdata['user_admin_salt'] = $passAuth->getNewSalt();
$userdata['user_admin_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE);
return TRUE;
}
}
return FALSE;
}
} else {
require_once "../locale/Russian_frontend.php";
}
$nick = trim(stripinput($_POST['nickname']));
$email = trim(stripinput($_POST['email']));
$pass = trim(stripinput($_POST['password']));
require_once CLASSES . "PasswordAuth.class.php";
$passAuth = new PasswordAuth();
$passAuth->inputNewPassword = $pass;
$passAuth->inputNewPassword2 = $pass;
$passAuth->currentPassword = "";
echo $valid = $passAuth->isValidNewPassword();
if ($valid === 0) {
// New password is valid
$hash = $passAuth->getNewHash();
$algo = $passAuth->getNewAlgo();
$salt = $passAuth->getNewSalt();
}
$identity = $_POST['identity'];
$acc = $_POST['network'];
$fn = iconv($locale['charset'], "UTF-8", $_POST['full_name']);
$result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status, user_sig, user_salt, user_algo) VALUES('" . $nick . "', '" . $hash . "', '', '" . $email . "', '1', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '101', '0', '', '" . $salt . "', '" . $algo . "')");
$user_id = mysql_insert_id();
Authenticate::setUserCookie($user_id, $passAuth->getNewSalt(), $passAuth->getNewAlgo(), false);
$result2 = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_identity, ulogin_network, ulogin_user, ulogin_fullname) VALUES ('" . $identity . "', '" . $acc . "', '" . $user_id . "', '" . $fn . "')");
require_once INCLUDES . "sendmail_include.php";
$text = sprintf($locale['ul14'], $_POST['identity'], $_POST['nickname'], $_POST['password']);
sendemail($nick, $email, $settings['siteusername'], $settings['siteemail'], $locale['ul15'], $text);
if ($result && $result2) {
$auth = new Authenticate($nick, $pass, true);
$userdata = $auth->getUserData();
