private function _setAdminPassword()
{
global $locale, $defender;
if ($this->_getPasswordInput("user_admin_password")) {
// if submit current admin password
$this->_userAdminPassword = $this->_getPasswordInput("user_admin_password");
// var1
$this->_newUserAdminPassword = $this->_getPasswordInput("user_admin_password1");
// var2
$this->_newUserAdminPassword2 = $this->_getPasswordInput("user_admin_password2");
// var3
$passAuth = new PasswordAuth();
//print_p($this->_userAdminPassword); // this is not available if no password exist
//print_p($this->_newUserAdminPassword);
//print_p($this->_newUserAdminPassword2);
if (!$this->userData['user_admin_password'] && !$this->userData['user_admin_salt']) {
// New Admin
$valid_current_password = 1;
$passAuth->inputPassword = '******';
$passAuth->inputNewPassword = $this->_userAdminPassword;
$passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
} else {
// Old Admin
// Intialize password auth
$passAuth->inputPassword = $this->_userAdminPassword;
// var1
$passAuth->inputNewPassword = $this->_newUserAdminPassword;
// var2
$passAuth->inputNewPassword2 = $this->_newUserAdminPassword2;
// var3
$passAuth->currentPasswordHash = $this->userData['user_admin_password'];
$passAuth->currentAlgo = $this->userData['user_admin_algo'];
$passAuth->currentSalt = $this->userData['user_admin_salt'];
$valid_current_password = $passAuth->isValidCurrentPassword();
}
if ($valid_current_password) {
$this->_isValidCurrentAdminPassword = 1;
// authenticated. now do the integrity check
$_isValidNewPassword = $passAuth->isValidNewPassword();
switch ($_isValidNewPassword) {
case '0':
// New password is valid
$new_admin_password = $passAuth->getNewHash();
$new_admin_salt = $passAuth->getNewSalt();
$new_admin_algo = $passAuth->getNewAlgo();
$this->data['user_admin_algo'] = $new_admin_algo;
$this->data['user_admin_salt'] = $new_admin_salt;
$this->data['user_admin_password'] = $new_admin_password;
break;
case '1':
// new password is old password
$defender->stop();
$defender->setInputError('user_admin_password');
$defender->setInputError('user_admin_password1');
$defender->setErrorText('user_admin_password', $locale['u144'] . $locale['u146'] . $locale['u133']);
$defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u146'] . $locale['u133']);
break;
case '2':
// The two new passwords are not identical
$defender->stop();
$defender->setInputError('user_admin_password1');
$defender->setInputError('user_admin_password2');
$defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u148a']);
$defender->setErrorText('user_admin_password2', $locale['u144'] . $locale['u148a']);
break;
case '3':
// New password contains invalid chars / symbols
$defender->stop();
$defender->setInputError('user_admin_password1');
$defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']);
break;
}
} else {
$defender->stop();
$defender->setInputError('user_admin_password');
$defender->setErrorText('user_admin_password', $locale['u149a']);
}
} else {
// check db only - admin cannot save profile page without password
if (iADMIN) {
$require_valid_password = $this->userData['user_admin_password'] ? TRUE : FALSE;
if (!$require_valid_password) {
// 149 for admin
$defender->stop();
$defender->setInputError('user_admin_password');
$defender->setErrorText('user_admin_password', $locale['u149a']);
}
}
}
}
private function _isValidCurrentPassword($loginPass = true, $skipCurrentPass = false)
{
if ($loginPass && !$skipCurrentPass) {
$this->_userHash = $this->_getPasswordInput("user_hash");
$this->_userPassword = $this->_getPasswordInput("user_password");
$password = $this->_userPassword;
$hash = $this->userData['user_password'];
$salt = $this->userData['user_salt'];
$algo = $this->userData['user_algo'];
} elseif ($loginPass == false && !$skipCurrentPass) {
$this->_userAdminPassword = $this->_getPasswordInput("user_admin_password");
$password = $this->_userAdminPassword;
$hash = $this->userData['user_admin_password'];
$salt = $this->userData['user_admin_salt'];
$algo = $this->userData['user_admin_algo'];
}
if ($skipCurrentPass == false) {
// Check user auth
if ($loginPass && $this->_userHash != $hash) {
redirect(BASEDIR . "index.php");
}
// Intialize password auth
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $password;
$passAuth->currentAlgo = $algo;
$passAuth->currentSalt = $salt;
$passAuth->currentPasswordHash = $hash;
// Check if password is correct
if ($passAuth->isValidCurrentPassword(false)) {
return true;
} else {
return false;
}
} else {
return true;
}
}
public static function setAdminCookie($inputPassword)
{
global $userdata;
if (iADMIN) {
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $userdata['user_admin_algo'];
$passAuth->currentSalt = $userdata['user_admin_salt'];
$passAuth->currentPasswordHash = $userdata['user_admin_password'];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(TRUE)) {
$userdata['user_admin_algo'] = $passAuth->getNewAlgo();
$userdata['user_admin_salt'] = $passAuth->getNewSalt();
$userdata['user_admin_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE);
return TRUE;
}
}
return FALSE;
}
public static function setAdminCookie($inputPassword)
{
global $userdata;
if (iADMIN) {
require_once CLASSES . "PasswordAuth.class.php";
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $userdata['user_admin_algo'];
$passAuth->currentSalt = $userdata['user_admin_salt'];
$passAuth->currentPasswordHash = $userdata['user_admin_password'];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(true)) {
$userdata['user_admin_algo'] = $passAuth->getNewAlgo();
$userdata['user_admin_salt'] = $passAuth->getNewSalt();
$userdata['user_admin_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false);
}
}
}
} else {
redirect(BASEDIR . "login.php?ulogin_error");
}
}
if (isset($_POST['ex_user_save'])) {
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $_POST['user_name'] . "'");
if (dbrows($result)) {
$user = dbarray($result);
require_once CLASSES . "PasswordAuth.class.php";
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $user['user_algo'];
$passAuth->currentSalt = $user['user_salt'];
$passAuth->currentPasswordHash = $user['user_password'];
$passAuth->inputPassword = $_POST['user_pass'];
if ($passAuth->isValidCurrentPassword(false)) {
$result = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_user, ulogin_identity, ulogin_network, ulogin_fullname) VALUES ('" . $user['user_id'] . "','" . $_POST['identity'] . "','" . $_POST['network'] . "', '" . iconv($locale['charset'], "UTF-8", $_POST['full_name']) . "')");
$auth = new Authenticate($_POST['user_name'], $_POST['user_pass'], true);
unset($auth);
if ($result) {
redirect($_POST['url']);
}
} else {
redirect(BASEDIR . "login.php?ulogin_error");
}
} else {
redirect(BASEDIR . "login.php?ulogin_error");
}
}
if (isset($_POST['action']) && $_POST['action'] == "gettoken") {
require_once INFUSIONS . "ulogin/lib/uloginAPI2.class.php";
