private function _setAdminPassword() { global $locale, $defender; if ($this->_getPasswordInput("user_admin_password")) { // if submit current admin password $this->_userAdminPassword = $this->_getPasswordInput("user_admin_password"); // var1 $this->_newUserAdminPassword = $this->_getPasswordInput("user_admin_password1"); // var2 $this->_newUserAdminPassword2 = $this->_getPasswordInput("user_admin_password2"); // var3 $passAuth = new PasswordAuth(); //print_p($this->_userAdminPassword); // this is not available if no password exist //print_p($this->_newUserAdminPassword); //print_p($this->_newUserAdminPassword2); if (!$this->userData['user_admin_password'] && !$this->userData['user_admin_salt']) { // New Admin $valid_current_password = 1; $passAuth->inputPassword = '******'; $passAuth->inputNewPassword = $this->_userAdminPassword; $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; } else { // Old Admin // Intialize password auth $passAuth->inputPassword = $this->_userAdminPassword; // var1 $passAuth->inputNewPassword = $this->_newUserAdminPassword; // var2 $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; // var3 $passAuth->currentPasswordHash = $this->userData['user_admin_password']; $passAuth->currentAlgo = $this->userData['user_admin_algo']; $passAuth->currentSalt = $this->userData['user_admin_salt']; $valid_current_password = $passAuth->isValidCurrentPassword(); } if ($valid_current_password) { $this->_isValidCurrentAdminPassword = 1; // authenticated. now do the integrity check $_isValidNewPassword = $passAuth->isValidNewPassword(); switch ($_isValidNewPassword) { case '0': // New password is valid $new_admin_password = $passAuth->getNewHash(); $new_admin_salt = $passAuth->getNewSalt(); $new_admin_algo = $passAuth->getNewAlgo(); $this->data['user_admin_algo'] = $new_admin_algo; $this->data['user_admin_salt'] = $new_admin_salt; $this->data['user_admin_password'] = $new_admin_password; break; case '1': // new password is old password $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setInputError('user_admin_password1'); $defender->setErrorText('user_admin_password', $locale['u144'] . $locale['u146'] . $locale['u133']); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u146'] . $locale['u133']); break; case '2': // The two new passwords are not identical $defender->stop(); $defender->setInputError('user_admin_password1'); $defender->setInputError('user_admin_password2'); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u148a']); $defender->setErrorText('user_admin_password2', $locale['u144'] . $locale['u148a']); break; case '3': // New password contains invalid chars / symbols $defender->stop(); $defender->setInputError('user_admin_password1'); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']); break; } } else { $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setErrorText('user_admin_password', $locale['u149a']); } } else { // check db only - admin cannot save profile page without password if (iADMIN) { $require_valid_password = $this->userData['user_admin_password'] ? TRUE : FALSE; if (!$require_valid_password) { // 149 for admin $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setErrorText('user_admin_password', $locale['u149a']); } } } }
private function _isValidCurrentPassword($loginPass = true, $skipCurrentPass = false) { if ($loginPass && !$skipCurrentPass) { $this->_userHash = $this->_getPasswordInput("user_hash"); $this->_userPassword = $this->_getPasswordInput("user_password"); $password = $this->_userPassword; $hash = $this->userData['user_password']; $salt = $this->userData['user_salt']; $algo = $this->userData['user_algo']; } elseif ($loginPass == false && !$skipCurrentPass) { $this->_userAdminPassword = $this->_getPasswordInput("user_admin_password"); $password = $this->_userAdminPassword; $hash = $this->userData['user_admin_password']; $salt = $this->userData['user_admin_salt']; $algo = $this->userData['user_admin_algo']; } if ($skipCurrentPass == false) { // Check user auth if ($loginPass && $this->_userHash != $hash) { redirect(BASEDIR . "index.php"); } // Intialize password auth $passAuth = new PasswordAuth(); $passAuth->inputPassword = $password; $passAuth->currentAlgo = $algo; $passAuth->currentSalt = $salt; $passAuth->currentPasswordHash = $hash; // Check if password is correct if ($passAuth->isValidCurrentPassword(false)) { return true; } else { return false; } } else { return true; } }
public static function setAdminCookie($inputPassword) { global $userdata; if (iADMIN) { // Initialize password auth $passAuth = new PasswordAuth(); $passAuth->currentAlgo = $userdata['user_admin_algo']; $passAuth->currentSalt = $userdata['user_admin_salt']; $passAuth->currentPasswordHash = $userdata['user_admin_password']; $passAuth->inputPassword = $inputPassword; // Check if input password is valid if ($passAuth->isValidCurrentPassword(TRUE)) { $userdata['user_admin_algo'] = $passAuth->getNewAlgo(); $userdata['user_admin_salt'] = $passAuth->getNewSalt(); $userdata['user_admin_password'] = $passAuth->getNewHash(); $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'"); Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE); return TRUE; } } return FALSE; }
public static function setAdminCookie($inputPassword) { global $userdata; if (iADMIN) { require_once CLASSES . "PasswordAuth.class.php"; // Initialize password auth $passAuth = new PasswordAuth(); $passAuth->currentAlgo = $userdata['user_admin_algo']; $passAuth->currentSalt = $userdata['user_admin_salt']; $passAuth->currentPasswordHash = $userdata['user_admin_password']; $passAuth->inputPassword = $inputPassword; // Check if input password is valid if ($passAuth->isValidCurrentPassword(true)) { $userdata['user_admin_algo'] = $passAuth->getNewAlgo(); $userdata['user_admin_salt'] = $passAuth->getNewSalt(); $userdata['user_admin_password'] = $passAuth->getNewHash(); $result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'"); Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false); } } }
} else { redirect(BASEDIR . "login.php?ulogin_error"); } } if (isset($_POST['ex_user_save'])) { $result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $_POST['user_name'] . "'"); if (dbrows($result)) { $user = dbarray($result); require_once CLASSES . "PasswordAuth.class.php"; // Initialize password auth $passAuth = new PasswordAuth(); $passAuth->currentAlgo = $user['user_algo']; $passAuth->currentSalt = $user['user_salt']; $passAuth->currentPasswordHash = $user['user_password']; $passAuth->inputPassword = $_POST['user_pass']; if ($passAuth->isValidCurrentPassword(false)) { $result = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_user, ulogin_identity, ulogin_network, ulogin_fullname) VALUES ('" . $user['user_id'] . "','" . $_POST['identity'] . "','" . $_POST['network'] . "', '" . iconv($locale['charset'], "UTF-8", $_POST['full_name']) . "')"); $auth = new Authenticate($_POST['user_name'], $_POST['user_pass'], true); unset($auth); if ($result) { redirect($_POST['url']); } } else { redirect(BASEDIR . "login.php?ulogin_error"); } } else { redirect(BASEDIR . "login.php?ulogin_error"); } } if (isset($_POST['action']) && $_POST['action'] == "gettoken") { require_once INFUSIONS . "ulogin/lib/uloginAPI2.class.php";