$userPass->inputNewPassword = isset($_POST['password1']) ? stripinput(trim($_POST['password1'])) : ""; $userPass->inputNewPassword2 = isset($_POST['password2']) ? stripinput(trim($_POST['password2'])) : ""; $returnValue = $userPass->isValidNewPassword(); if ($returnValue == 0) { $userPassword = $userPass->getNewHash(); $userSalt = $userPass->getNewSalt(); } elseif ($returnValue == 2) { $error .= $locale['071'] . "<br /><br />\n"; $error_pass = "******"; } elseif ($returnValue == 3) { $error .= $locale['072'] . "<br /><br />\n"; } $adminPass = new PasswordAuth(); $adminPass->inputNewPassword = isset($_POST['admin_password1']) ? stripinput(trim($_POST['admin_password1'])) : ""; $adminPass->inputNewPassword2 = isset($_POST['admin_password2']) ? stripinput(trim($_POST['admin_password2'])) : ""; $returnValue = $adminPass->isValidNewPassword(); if ($returnValue == 0) { $adminPassword = $adminPass->getNewHash(); $adminSalt = $adminPass->getNewSalt(); } elseif ($returnValue == 2) { $error .= $locale['073'] . "<br /><br />\n"; $error_pass = "******"; } elseif ($returnValue == 3) { $error .= $locale['075'] . "<br /><br />\n"; } if ($userPass->inputNewPassword == $adminPass->inputNewPassword) { $error .= $locale['074'] . "<br /><br />\n"; $error_pass = "******"; } $email = isset($_POST['email']) ? stripinput(trim($_POST['email'])) : ""; if ($email == "") {
private function _setAdminPassword() { global $locale, $defender; if ($this->_getPasswordInput("user_admin_password")) { // if submit current admin password $this->_userAdminPassword = $this->_getPasswordInput("user_admin_password"); // var1 $this->_newUserAdminPassword = $this->_getPasswordInput("user_admin_password1"); // var2 $this->_newUserAdminPassword2 = $this->_getPasswordInput("user_admin_password2"); // var3 $passAuth = new PasswordAuth(); //print_p($this->_userAdminPassword); // this is not available if no password exist //print_p($this->_newUserAdminPassword); //print_p($this->_newUserAdminPassword2); if (!$this->userData['user_admin_password'] && !$this->userData['user_admin_salt']) { // New Admin $valid_current_password = 1; $passAuth->inputPassword = '******'; $passAuth->inputNewPassword = $this->_userAdminPassword; $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; } else { // Old Admin // Intialize password auth $passAuth->inputPassword = $this->_userAdminPassword; // var1 $passAuth->inputNewPassword = $this->_newUserAdminPassword; // var2 $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; // var3 $passAuth->currentPasswordHash = $this->userData['user_admin_password']; $passAuth->currentAlgo = $this->userData['user_admin_algo']; $passAuth->currentSalt = $this->userData['user_admin_salt']; $valid_current_password = $passAuth->isValidCurrentPassword(); } if ($valid_current_password) { $this->_isValidCurrentAdminPassword = 1; // authenticated. now do the integrity check $_isValidNewPassword = $passAuth->isValidNewPassword(); switch ($_isValidNewPassword) { case '0': // New password is valid $new_admin_password = $passAuth->getNewHash(); $new_admin_salt = $passAuth->getNewSalt(); $new_admin_algo = $passAuth->getNewAlgo(); $this->data['user_admin_algo'] = $new_admin_algo; $this->data['user_admin_salt'] = $new_admin_salt; $this->data['user_admin_password'] = $new_admin_password; break; case '1': // new password is old password $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setInputError('user_admin_password1'); $defender->setErrorText('user_admin_password', $locale['u144'] . $locale['u146'] . $locale['u133']); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u146'] . $locale['u133']); break; case '2': // The two new passwords are not identical $defender->stop(); $defender->setInputError('user_admin_password1'); $defender->setInputError('user_admin_password2'); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u148a']); $defender->setErrorText('user_admin_password2', $locale['u144'] . $locale['u148a']); break; case '3': // New password contains invalid chars / symbols $defender->stop(); $defender->setInputError('user_admin_password1'); $defender->setErrorText('user_admin_password1', $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']); break; } } else { $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setErrorText('user_admin_password', $locale['u149a']); } } else { // check db only - admin cannot save profile page without password if (iADMIN) { $require_valid_password = $this->userData['user_admin_password'] ? TRUE : FALSE; if (!$require_valid_password) { // 149 for admin $defender->stop(); $defender->setInputError('user_admin_password'); $defender->setErrorText('user_admin_password', $locale['u149a']); } } } }
private function _setNewAdminPassword() { global $locale; // Only accept if user is admin, updating his profile (not admin panel) if (iADMIN && $this->_method == "validate_update" && !$this->isAdminPanel) { if ($this->_getPasswordInput("user_admin_password") == "") { if ($this->userData['user_admin_password'] == "") { $this->_isValidCurrentAdminPassword = true; $showError = false; } else { $this->_isValidCurrentAdminPassword = false; $showError = true; } } else { $this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false); $showError = true; } //$this->_isValidCurrentAdminPassword = $this->_isValidCurrentPassword(false, false); $this->_newUserAdminPassword = $this->_getPasswordInput("user_new_admin_password"); $this->_newUserAdminPassword2 = $this->_getPasswordInput("user_new_admin_password2"); // Require current password if ($this->_isValidCurrentAdminPassword) { // Require current admin password if ($this->_isValidCurrentPassword) { if ($this->_userAdminPassword != $this->_userPassword) { // Intialize password auth $passAuth = new PasswordAuth(); $passAuth->inputPassword = $this->_userAdminPassword; $passAuth->inputNewPassword = $this->_newUserAdminPassword; $passAuth->inputNewPassword2 = $this->_newUserAdminPassword2; // Check admin new password $_isValidNewPassword = $passAuth->isValidNewPassword(); if ($_isValidNewPassword === 0) { // New password is valid $this->_setDBValue("user_admin_algo", $passAuth->getNewAlgo()); $this->_setDBValue("user_admin_salt", $passAuth->getNewSalt()); $this->_setDBValue("user_admin_password", $passAuth->getNewHash()); } else { if ($_isValidNewPassword === 1) { // New Password equal old password $this->_setError("user_password", $locale['u144'] . $locale['u146'] . $locale['u131']); } elseif ($_isValidNewPassword === 2) { // The two new passwords are not identical $this->_setError("user_password", $locale['u148a']); } elseif ($_isValidNewPassword === 3) { // New password contains invalid chars / symbols $this->_setError("user_password", $locale['u144'] . $locale['u142'] . "<br />" . $locale['u147']); } } } else { // New admin password equal Login password $this->_setError("user_admin_password", $locale['u144'] . $locale['u146'] . $locale['u133']); } } else { // Current login password is invalid $this->_setError("user_admin_password", $locale['u149b']); } } else { // Current admin password is invalid $this->_setError("user_admin_password", $locale['u149a'], $showError); } } }
while ($data = dbarray($result)) { $loginPassIsReset = false; $adminPassIsReset = false; $adminPass = new PasswordAuth(); $newLoginPass = ""; $newAdminPass = $adminPass->getNewPassword(12); $adminPass->inputNewPassword = $newAdminPass; $adminPass->inputNewPassword2 = $newAdminPass; $adminPassIsReset = $adminPass->isValidNewPassword() === 0 ? true : false; if (isset($_POST['reset_login']) && $_POST['reset_login'] == 1) { $loginPass = new PasswordAuth(); $newLoginPass = $loginPass->getNewPassword(12); $loginPass->inputNewPassword = $newLoginPass; $loginPass->inputNewPassword2 = $newLoginPass; $message = str_replace(array("[USER_NAME]", "[NEW_PASS]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newLoginPass, $newAdminPass, $userdata['user_name'], $reset_message), $locale['409']); $loginPassIsReset = $loginPass->isValidNewPassword() === 0 ? true : false; } else { $message = str_replace(array("[USER_NAME]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array($data['user_name'], $newAdminPass, $userdata['user_name'], $reset_message), $locale['408']); $loginPassIsReset = true; } if ($loginPassIsReset && $adminPassIsReset && sendemail($data['user_name'], $data['user_email'], $userdata['user_name'], $userdata['user_email'], $locale['407'] . $settings['sitename'], $message)) { $result2 = dbquery("UPDATE " . DB_USERS . " SET\n\t\t\t\t\t\t" . ($newLoginPass ? "user_algo='" . $loginPass->getNewAlgo() . "', user_salt='" . $loginPass->getNewSalt() . "', \n\t\t\t\t\t\t\t\t\t\t\tuser_password='******', " : "") . "\n\t\t\t\t\t\tuser_admin_algo='" . $adminPass->getNewAlgo() . "', user_admin_salt='" . $adminPass->getNewSalt() . "', \n\t\t\t\t\t\tuser_admin_password='******'\n\t\t\t\t\tWHERE user_id='" . $data['user_id'] . "'"); $reset_success[] = array($data['user_id'], $data['user_name'], $data['user_email']); } else { $reset_failed[] = array($data['user_id'], $data['user_name'], $data['user_email']); } } opentable($locale['410']); $sucess = count($reset_success); $sucess_ids = ""; $failed = count($reset_failed);
} if (preg_check("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $email)) { $check1 = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_email='" . $email . "'"); $check2 = dbquery("SELECT * FROM " . DB_RM_USERS . " WHERE rmuser_useremail='" . $email . "'"); if (dbrows($check1) || dbrows($check2)) { redirect(BASEDIR . "register.php?msg=3"); } } else { redirect(BASEDIR . "register.php?msg=4"); } require_once CLASSES . "PasswordAuth.class.php"; $passAuth = new PasswordAuth(); $passAuth->inputNewPassword = $password1; $passAuth->inputNewPassword2 = $password2; $passAuth->currentPassword = ""; $valid = $passAuth->isValidNewPassword(); if ($valid === 0) { $password = $password1; } else { redirect(BASEDIR . "register.php?msg=5"); } } else { redirect(BASEDIR . "register.php"); } } require_once INCLUDES . "bbcode_include.php"; // finish doublecheck - start app opentable($locale['ar9']); $form = dbquery("SELECT * FROM " . DB_RM_FORM_FIELDS . " ORDER BY ff_order ASC"); echo "<form name='inputform' method='post' action='register.php?step=4'><table width='100%'>"; while ($ff = dbarray($form)) {
while ($data = dbarray($result)) { $loginPassIsReset = FALSE; $adminPassIsReset = FALSE; $adminPass = new PasswordAuth(); $newLoginPass = ""; $newAdminPass = $adminPass->getNewPassword(12); $adminPass->inputNewPassword = $newAdminPass; $adminPass->inputNewPassword2 = $newAdminPass; $adminPassIsReset = $adminPass->isValidNewPassword() === 0 ? TRUE : FALSE; if (isset($_POST['reset_login']) && $_POST['reset_login'] == 1) { $loginPass = new PasswordAuth(); $newLoginPass = $loginPass->getNewPassword(12); $loginPass->inputNewPassword = $newLoginPass; $loginPass->inputNewPassword2 = $newLoginPass; $message = str_replace(array("[SITEURL]", "[USER_NAME]", "[NEW_PASS]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array("<a href='" . fusion_get_settings("siteurl") . "'>" . fusion_get_settings("sitename") . "</a>", $data['user_name'], $newLoginPass, $newAdminPass, $userdata['user_name'], $reset_message), $locale['409']); $loginPassIsReset = $loginPass->isValidNewPassword() === 0 ? TRUE : FALSE; } else { $message = str_replace(array("[SITEURL]", "[USER_NAME]", "[NEW_ADMIN_PASS]", "[ADMIN]", "[RESET_MESSAGE]"), array("<a href='" . fusion_get_settings("siteurl") . "'>" . fusion_get_settings("sitename") . "</a>", $data['user_name'], $newAdminPass, $userdata['user_name'], $reset_message), $locale['408']); $loginPassIsReset = TRUE; } if ($loginPassIsReset && $adminPassIsReset && sendemail($data['user_name'], $data['user_email'], $userdata['user_name'], $userdata['user_email'], $locale['407'] . $settings['sitename'], $message)) { $result2 = dbquery("UPDATE " . DB_USERS . " SET\n\t\t\t\t\t\t" . ($newLoginPass ? "user_algo='" . $loginPass->getNewAlgo() . "', user_salt='" . $loginPass->getNewSalt() . "',\n\t\t\t\t\t\t\t\t\t\t\tuser_password='******', " : "") . "\n\t\t\t\t\t\tuser_admin_algo='" . $adminPass->getNewAlgo() . "', user_admin_salt='" . $adminPass->getNewSalt() . "',\n\t\t\t\t\t\tuser_admin_password='******'\n\t\t\t\t\tWHERE user_id='" . $data['user_id'] . "'"); $reset_success[] = array($data['user_id'], $data['user_name'], $data['user_email']); } else { $reset_failed[] = array($data['user_id'], $data['user_name'], $data['user_email']); } } opentable($locale['410']); $sucess = count($reset_success); $sucess_ids = ""; $failed = count($reset_failed);