function login_authenticate() { $username = $this->input->post('username'); $password = $this->input->post('password'); $uri_segment = $this->input->post('uri_segment'); log_message('error', __METHOD__); $result = $this->login_model->login_authenticate($username, encrypt_password($password), $uri_segment); if (count($result) > 0 && $result['id'] != '') { $this->session->set_userdata('user_id', $result['id']); $this->session->set_userdata('user_email', $result['email']); $this->session->set_userdata('username', $result['username']); $this->session->set_userdata('role_id', $result['role_id']); $this->session->set_userdata('link', base_url() . $uri_segment . '/'); $status = 'y'; $login_session = array('session_id' => $this->session->userdata('session_id'), 'login_ip' => $this->input->ip_address(), 'login_time' => current_timestamp_database(), 'login_client' => $this->input->user_agent(), 'user_id' => $result['id']); $this->login_model->session_details($login_session); $remember_me = $this->input->post('remember_me') ? TRUE : FALSE; if ($remember_me) { // set sess_expire_on_close to 0 or FALSE when remember me is checked. log_message('error', __METHOD__ . 'remember me called status' . $remember_me); $this->session->sess_expire_on_close = 'false'; } } else { $status = 'n'; } echo json_encode(array('status' => $status, 'uri_segment' => $uri_segment)); }
function login($username, $password) { global $pdo; if (isset($_SESSION['userid']) && $username == $_SESSION['userid']) { return TRUE; } if ($pdo == null) { open_database(); } $stmt = $pdo->prepare("SELECT * FROM users WHERE login=?"); if (!$stmt->execute(array($username))) { die('Invalid query : [' . error_database() . ']' . $pdo->errorInfo()); } $row = $stmt->fetch(PDO::FETCH_ASSOC); $stmt->closeCursor(); if (!isset($row['salt'])) { return FALSE; } $digest = encrypt_password($password, $row['salt']); if ($digest == $row['crypted_password']) { $_SESSION['userid'] = $row['id']; $_SESSION['username'] = $row['name']; $_SESSION['useraccess'] = $row['access_level']; $_SESSION['userpageaccess'] = $row['page_access_level']; return TRUE; } else { return FALSE; } }
/** * Save the new password * * @access public */ public function save() { //load model $this->load->model('account_model'); //get the post data $current_password = trim($this->input->post('password_current')); $new_password = trim($this->input->post('password_new')); $confirmation_password = trim($this->input->post('password_confirmation')); //validate the current password and the new password if (empty($current_password) || strlen($current_password) < config('ACCOUNT_PASSWORD')) { $this->message_stack->add('account_password', sprintf(lang('field_customer_password_current_error'), config('ACCOUNT_PASSWORD'))); } elseif (empty($new_password) || strlen($new_password) < config('ACCOUNT_PASSWORD')) { $this->message_stack->add('account_password', sprintf(lang('field_customer_password_new_error'), config('ACCOUNT_PASSWORD'))); } elseif (empty($confirmation_password) || $new_password != $confirmation_password) { $this->message_stack->add('account_password', lang('field_customer_password_new_mismatch_with_confirmation_error')); } //if the validation is successful, update the password if ($this->message_stack->size('account_password') === 0) { if ($this->account_model->check_account($this->customer->get_email_address(), $current_password)) { $data['customers_password'] = encrypt_password($new_password); if ($this->account_model->save($data, $this->customer->get_id())) { $this->message_stack->add_session('account', lang('success_password_updated'), 'success'); redirect(site_url('account')); } else { $this->message_stack->add('account_password', lang('error_database')); } } } //Setup view $this->template->build('account/account_password'); }
function new_user($firstName, $lastName, $email, $password, $userType) { $salt = generate_salt(); $encPassword = encrypt_password($password, $salt); $user = create_user_object($firstName, $lastName, $email, $encPassword, $salt, $userType); save_user_object($user); return $user; }
function create_user_account($username, $password) { $conn = get_conn(); $username = mysql_fix_string($conn, $username); $password = mysql_fix_string($conn, $password); $password = encrypt_password($password); $query = "insert into ajx_org_users values('{$username}', '{$password}', null)"; get_result($conn, $query); $conn->close(); }
public function save($id = false) { if ($this->perm->can_create == 'y') { if ($_POST) { $data = new User($id); // ตรวจสอบชื่อ username ซ้ำ if (@$_POST["username"]) { $chk = new User(); if ($id) { $chk->where("id !=", $id); } $chk->where("username", strip_tags(trim($_POST["username"])))->get(); if ($chk->id) { redirect("admin/settings/users"); } } // ตรวจสอบชื่อ email ซ้ำ if (@$_POST["email"]) { $chk = new User(); if ($id) { $chk->where("id !=", $id); } $chk->where("email", strip_tags(trim($_POST["email"])))->get(); if ($chk->id) { // redirect("admin/settings/users"); } } // Username // $data->username = strip_tags(trim($_POST["username"])); if (!empty($_POST["password"])) { $data->password = encrypt_password(strip_tags(trim($_POST["password"]))); } $data->titulation = strip_tags($_POST["titulation"]); $data->firstname = strip_tags($_POST["firstname"]); $data->lastname = strip_tags($_POST["lastname"]); $data->email = strip_tags($_POST["email"]); $data->tel = strip_tags($_POST["tel"]); $data->org_id = $_POST['org_id']; $data->position = strip_tags($_POST['position']); $data->user_type_id = $_POST['user_type_id']; $data->username = strip_tags($_POST['username']); $data->status = !empty($_POST['status']) ? '1' : '0'; if ($_POST['id'] == '') { $data->created_by = $this->current_user->id; } else { $data->updated_by = $this->current_user->id; } $data->save(); $action = $_POST['id'] > 0 ? 'UPDATE' : 'CREATE'; save_logs($this->menu_id, $action, @$data->id, $action . ' ' . $data->firstname . ' ' . $data->lastname . ' User Detail'); } } redirect("admin/settings/users"); }
function verify_account($dirty_username, $dirty_password, $dirty_activation_code) { $username = escape($dirty_username); $password = escape($dirty_password); $code = escape($dirty_activation_code); $validateUsrMsg = validate_username($username); if ($validateUsrMsg != "valid-username") { return; } $validatePwdMsg = validate_password($password); if ($validatePwdMsg != "valid-password") { return; } $account_id = account_id_from_code($code); $sql1 = "SELECT * FROM account_signup WHERE code='{$code}'"; $result = query($sql1); if (mysqli_num_rows($result) == 1) { $row = mysqli_fetch_assoc($result); $date_requested = $row["date_requested"]; $expires = $date_requested + 86400; if (time() > $expires) { echo "validation-expired"; return; } $encrypted_password = encrypt_password($password); $sql2 = "UPDATE account_head SET status='logged-out' WHERE account={$account_id};"; query($sql2); if (user_has_status($account_id, 'logged-out') == false) { echo 'verify-error'; return; } $sql3 = "INSERT INTO account_credentials (account, username, password)"; $sql3 .= " VALUES ({$account_id}, '{$username}', '{$encrypted_password}');"; query($sql3); if (user_has_credentials($account_id, $username, $encrypted_password) == false) { echo 'verify-error'; return; } $sql4 = "DELETE FROM account_signup WHERE account={$account_id};"; query($sql4); if (user_has_signup_pending($account_id)) { echo 'verify-error'; return; } echo "verify-success"; return; } echo 'verify-error'; }
function login($username, $password) { $CI =& get_instance(); $foo = new User(); //echo $password; //echo encrypt_password($password); $foo->where("username", $username)->where("password", encrypt_password($password))->where("status", 1)->get(1); if ($foo->id) { $CI->session->set_userdata("id", $foo->id); $CI->session->set_userdata("user_type_id", $foo->user_type_id); return TRUE; } else { return FALSE; } }
function auto_create_user($login) { if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) { $user_id = $this->find_user_by_login($login); if (!$user_id) { $login = db_escape_string($login); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); $query = "INSERT INTO ttrss_users\n\t\t\t\t\t\t(login,access_level,last_login,created,pwd_hash,salt)\n\t\t\t\t\t\tVALUES ('{$login}', 0, null, NOW(), '{$pwd_hash}','{$salt}')"; db_query($this->link, $query); return $this->find_user_by_login($login); } else { return $user_id; } } return $this->find_user_by_login($login); }
function changepassword() { $old_pw = $_POST["old_password"]; $new_pw = $_POST["new_password"]; $con_pw = $_POST["confirm_password"]; if ($old_pw == "") { print "ERROR: " . __("Old password cannot be blank."); return; } if ($new_pw == "") { print "ERROR: " . __("New password cannot be blank."); return; } if ($new_pw != $con_pw) { print "ERROR: " . __("Entered passwords do not match."); return; } $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE\n\t\t\tid = " . $_SESSION['uid']); $salt = db_fetch_result($result, 0, "salt"); if (!$salt) { $old_pw_hash1 = encrypt_password($old_pw); $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]); $query = "SELECT id FROM ttrss_users WHERE\n\t\t\t\tid = " . $_SESSION['uid'] . " AND (pwd_hash = '{$old_pw_hash1}' OR\n\t\t\t\tpwd_hash = '{$old_pw_hash2}')"; } else { $old_pw_hash = encrypt_password($old_pw, $salt, true); $query = "SELECT id FROM ttrss_users WHERE\n\t\t\t\tid = " . $_SESSION['uid'] . " AND pwd_hash = '{$old_pw_hash}'"; } $result = db_query($this->link, $query); if (db_num_rows($result) == 1) { $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $new_pw_hash = encrypt_password($new_pw, $new_salt, true); db_query($this->link, "UPDATE ttrss_users SET\n\t\t\t\tpwd_hash = '{$new_pw_hash}', salt = '{$new_salt}'\n\t\t\t\t\tWHERE id = " . $_SESSION['uid']); $_SESSION["pwd_hash"] = $new_pw_hash; print __("Password has been changed."); } else { print "ERROR: " . __('Old password is incorrect.'); } }
function __construct() { //encryption require_once "encryption.php"; if (isset($_GET['logout']) && $_GET['logout']) { $_SESSION['logged'] = FALSE; session_destroy(); } $data['invalidEmailPass'] = "******"; //Authentication logic if (isset($_POST['login'])) { //store form email and pass $email = $_POST['email']; $enc_password = encrypt_password($_POST['password']); $usersObj = new Users_model(); if ($usersObj->login($email, $enc_password)) { $_SESSION['logged'] = TRUE; $_SESSION['email'] = $email; // $_SESSION['name'] = 'Alin'; header('Location: http://188.166.119.187/workspace/ilear/MVC/part4/index.php?page=admin'); } else { $data['invalidEmailPass'] = "******"; } } // $data['condition'] = (isset($_SESSION['logged']) && $_SESSION['logged'] === TRUE); // $data['logged'] = "You are logged in!"; // // $data['unlogged'] = ""; $data['logged'] = isset($_SESSION['logged']) && $_SESSION['logged'] === TRUE ? "You are logged in!" : ""; // $data['logged'] = "You are logged in!"; $data['title'] = "LoginPage"; // $data['mailSent'] = "Note that only phone number is optional!"; $this->render('views/top.php', $data); $this->render('views/menu.php', $data); $this->render('views/login.php', $data); $this->render('views/bottom.php', $data); }
Phone No, Comments */ $cur = config::get_config_item("currency"); $row = 1; if (($handle = fopen("../../David_People.csv", "r")) !== FALSE) { while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { foreach ($data as $key => $val) { # $data[$key] = utf8_encode($data[$key]); } $person = new person(); $person->currency = $cur; $person->set_value("username", $data[0]); $person->set_value("firstName", $data[1]); $person->set_value("surname", $data[2]); $person->set_value("password", encrypt_password($data[3])); $person->set_value("emailAddress", $data[4]); $person->set_value("phoneNo1", $data[5]); $person->set_value("comments", $data[6]); $person->set_value("perms", "employee"); $person->set_value("personActive", 1); $person->set_value("personModifiedUser", $current_user->get_id()); $person->save(); $x++; echo "<br>here: " . $person->get_id() . $data[0]; if ($x > 4) { //die(); } } fclose($handle); }
static function resetUserPassword($uid, $show_password) { $result = db_query("SELECT login,email\n\t\t\t\tFROM ttrss_users WHERE id = '{$uid}'"); $login = db_fetch_result($result, 0, "login"); $email = db_fetch_result($result, 0, "email"); $salt = db_fetch_result($result, 0, "salt"); $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); db_query("UPDATE ttrss_users SET pwd_hash = '{$pwd_hash}', salt = '{$new_salt}', otp_enabled = false\n\t\t\t\tWHERE id = '{$uid}'"); if ($show_password) { print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd); } else { print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email)); } require_once 'classes/ttrssmailer.php'; if ($email) { require_once "lib/MiniTemplator.class.php"; $tpl = new MiniTemplator(); $tpl->readTemplateFromFile("templates/resetpass_template.txt"); $tpl->setVariable('LOGIN', $login); $tpl->setVariable('NEWPASS', $tmp_user_pwd); $tpl->addBlock('message'); $message = ""; $tpl->generateOutputToString($message); $mail = new ttrssMailer(); $rc = $mail->quickMail($email, $login, __("[tt-rss] Password change notification"), $message, false); if (!$rc) { print_error($mail->ErrorInfo); } } }
$test = trim(db_escape_string($_REQUEST["turing_test"])); if (!$login || !$email || !$test) { print_error(__("Your registration information is incomplete.")); print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form>"; return; } if ($test == "four" || $test == "4") { $result = db_query("SELECT id FROM ttrss_users WHERE\n\t\t\t\tlogin = '******'"); $is_registered = db_num_rows($result) > 0; if ($is_registered) { print_error(__('Sorry, this username is already taken.')); print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t</form>"; } else { $password = make_password(); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); db_query("INSERT INTO ttrss_users\n\t\t\t\t\t(login,pwd_hash,access_level,last_login, email, created, salt)\n\t\t\t\t\tVALUES ('{$login}', '{$pwd_hash}', 0, null, '{$email}', NOW(), '{$salt}')"); $result = db_query("SELECT id FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND pwd_hash = '{$pwd_hash}'"); if (db_num_rows($result) != 1) { print_error(__('Registration failed.')); print "<p><form method=\"GET\" action=\"index.php\">\n\t\t\t\t\t<input type=\"submit\" value=\"" . __("Return to Tiny Tiny RSS") . "\">\n\t\t\t\t\t</form>"; } else { $new_uid = db_fetch_result($result, 0, "id"); initialize_user($new_uid); $reg_text = "Hi!\n" . "\n" . "You are receiving this message, because you (or somebody else) have opened\n" . "an account at Tiny Tiny RSS.\n" . "\n" . "Your login information is as follows:\n" . "\n" . "Login: {$login}\n" . "Password: {$password}\n" . "\n" . "Don't forget to login at least once to your new account, otherwise\n" . "it will be deleted in 24 hours.\n" . "\n" . "If that wasn't you, just ignore this message. Thanks."; $mail = new ttrssMailer(); $mail->IsHTML(false); $rc = $mail->quickMail($email, "", "Registration information for Tiny Tiny RSS", $reg_text, false); if (!$rc) { print_error($mail->ErrorInfo); }
$password2 = db_prepare_input($_POST['Password2']); $resetcode_sent = true; if (empty($session_email) || empty($session_account_number)) { tep_redirect(get_href_link(PAGE_RESET_PASSWORD, '', 'SSL')); } $sql = "SELECT user_id, firstname, lastname,security_question,account_number FROM " . _TABLE_USERS . " WHERE (email='" . $session_email . "') and (account_number='" . $session_account_number . "')"; $account = db_fetch_array(db_query($sql)); $user_id = $account['user_id']; $ok = false; if ($validator->validateEqual('Password', $password, $password2, _ERROR_PASSWORD)) { } if ($validator->validateMinLength('Password Length', $password, 6, _ERROR_PASSWORD_MIN_LENGTH)) { } if (count($validator->errors) == 0) { $ok = true; $q = db_query("UPDATE users SET password = '******' WHERE user_id = {$user_id}"); $_html_main_content = $smarty->fetch('home/reset_password_success.html'); } else { // postAssign($smarty); $smarty->assign('validerrors', $validator->errors); //--------Add by donghp 27/03/2012- ---------------------------------- $sql = "SELECT user_id, firstname, lastname,security_question,account_number FROM " . _TABLE_USERS . " WHERE (email='" . $email . "')"; $account = db_fetch_array(db_query($sql)); $smarty->assign('email', $email); $smarty->assign('account_number', $account['account_number']); // $smarty->assign('message_err',$message_err); $_html_main_content = $smarty->fetch('home/reset_password03.html'); } $resetcode_sent = true; } }
<?php $NameFirst = my_fix($_POST['inputNameFirst']); $NameLast = my_fix($_POST['inputNameLast']); $Email = my_fix($_POST['inputEmail2']); $Blowfish = encrypt_password(random_str(16)); $Connection = get_connection(); try { $Connection->beginTransaction(); $q0 = gq_insert('framy_Personal', 'NameFirst,NameLast,Email', ':a,:b,:c'); $s0 = $Connection->prepare($q0); $s0->bindValue(':a', $NameFirst, PDO::PARAM_STR); $s0->bindValue(':b', $NameLast, PDO::PARAM_STR); $s0->bindValue(':c', $Email, PDO::PARAM_STR); $s0->execute(); $s0->closeCursor(); $PersonalId = $Connection->lastInsertId('framy_Personal_PersonalId_seq'); $q1 = gq_insert('framy_Blowfish', 'PersonalId,Blowfish', ':a,:b'); $s1 = $Connection->prepare($q1); $s1->bindValue(':a', $PersonalId, PDO::PARAM_INT); $s1->bindValue(':b', $Blowfish, PDO::PARAM_STR); $s1->execute(); $s1->closeCursor(); $Connection->commit(); } catch (Exception $e) { $Connection->rollBack(); superendsession(); exception_error($e); die; } $_SESSION['PersonalId'] = $PersonalId;
$page_load_time = (int) base64_decode($_GET['hash']); if (time() - $page_load_time > 120) { $request_expired = true; $action = 'loginform'; return; } // if((time()-$page_load_time)<6) // { // $request_toofast=true; // $action='loginform'; // return; // } } if (isset($_POST['lkey']) && isset($_POST['lurl'])) { $registration_no = strtoupper($_POST['handle']); $password = encrypt_password($_POST['password']); //check for existence of user account $query = "SELECT * FROM " . $_pre . "users WHERE registration_no='{$registration_no}' AND password='******'"; $db->setQuery($query); if ($db->foundRows == 0) { //Trigger reg no & pass did not match error message $reg_pass_no = true; $action = 'loginform'; //load login form again return; } //Get data from user row $user_row_data = $db->fetch_assoc(); //verify if user account disabled if ($user_row_data['activated'] == -1) { //Trigger account not activated error
/** * Save password * * @param $customers_id * @param $password */ public function save_password($customers_id, $password) { return $this->db->update('customers', array('customers_password' => encrypt_password($password), 'date_account_last_modified' => 'now()'), array('customers_id' => (int) $customers_id)); }
/** * Create order * * @access public * @return boolean */ public function create_order($order_status = NULL) { $pre_order_id = $this->ci->session->userdata('pre_order_id'); if ($pre_order_id !== NULL) { $prep = explode('-', $pre_order_id); if ($prep[0] == $this->ci->shopping_cart->get_cart_id()) { return $prep[1]; // order_id } else { if ($this->ci->order_model->get_order_status_id($prep[1]) === ORDERS_STATUS_PREPARING) { $this->ci->order_model->remove($prep[1]); } } } //create account if (!$this->ci->customer->is_logged_on()) { //get billing address $billing_address = $this->ci->shopping_cart->get_billing_address(); $data['customers_gender'] = $billing_address['gender']; $data['customers_firstname'] = $billing_address['firstname']; $data['customers_lastname'] = $billing_address['lastname']; $data['customers_newsletter'] = 0; $data['customers_dob'] = NULL; $data['customers_email_address'] = $billing_address['email_address']; $data['customers_password'] = encrypt_password($billing_address['password']); $data['customers_status'] = 1; //load model $this->ci->load->model('account_model'); $this->ci->load->model('address_book_model'); if ($this->ci->account_model->insert($data)) { //set data to session $this->ci->customer->set_data($data['customers_email_address']); $this->ci->address_book_model->save($billing_address, $this->ci->customer->get_id(), NULL, TRUE); //insert shipping address if (isset($address['ship_to_this_address']) && $address['ship_to_this_address'] == 'on') { $shipping_address = $this->ci->shopping_cart->get_shipping_address(); $this->ci->address_book_model->save($shipping_address, $this->ci->customer->get_id()); } } } else { //get billing address $billing_address = $this->ci->shopping_cart->get_billing_address(); //if create billing address if (isset($billing_address['create_billing_address']) && $billing_address['create_billing_address'] == 'on') { $data['entry_gender'] = $billing_address['gender']; $data['entry_firstname'] = $billing_address['firstname']; $data['entry_lastname'] = $billing_address['lastname']; $data['entry_company'] = $billing_address['company']; $data['entry_street_address'] = $billing_address['street_address']; $data['entry_suburb'] = $billing_address['suburb']; $data['entry_postcode'] = $billing_address['postcode']; $data['entry_city'] = $billing_address['city']; $data['entry_country_id'] = $billing_address['country_id']; $data['entry_zone_id'] = $billing_address['zone_id']; $data['entry_telephone'] = $billing_address['telephone_number']; $data['entry_fax'] = $billing_address['fax']; $primary = $this->ci->customer->has_default_address() ? FALSE : TRUE; //load model $this->ci->load->model('address_book_model'); //save billing address $this->ci->address_book_model->save($data, $this->ci->customer->get_id(), NULL, $primary); } $shipping_address = $this->ci->shopping_cart->get_shipping_address(); //create shipping address if (isset($shipping_address['create_shipping_address']) && $shipping_address['create_shipping_address'] == '1') { $data['entry_gender'] = $shipping_address['gender']; $data['entry_firstname'] = $shipping_address['firstname']; $data['entry_lastname'] = $shipping_address['lastname']; $data['entry_company'] = $shipping_address['company']; $data['entry_street_address'] = $shipping_address['street_address']; $data['entry_suburb'] = $shipping_address['suburb']; $data['entry_postcode'] = $shipping_address['postcode']; $data['entry_city'] = $shipping_address['city']; $data['entry_country_id'] = $shipping_address['country_id']; $data['entry_zone_id'] = $shipping_address['zone_id']; $data['entry_telephone'] = $shipping_address['telephone_number']; $data['entry_fax'] = $shipping_address['fax']; //load model $this->ci->load->model('address_book_model'); //save billing address $this->ci->address_book_model->save($data, $this->ci->customer->get_id()); } } $this->ci->load->model('order_model'); $orders_id = $this->ci->order_model->insert_order($order_status); $pre_order_id = $this->ci->shopping_cart->get_cart_id() . '-' . $orders_id; $this->ci->session->set_userdata('pre_order_id', $pre_order_id); return $orders_id; }
if (DB::isError($q)) { die("db error: " . $q->getMessage()); } while ($row = $q->fetchRow()) { if ($row["use_salt"] == "") { $salt = random_string(30); $sql_inner = "UPDATE user SET use_salt = '{$salt}' WHERE use_id = " . $row["use_id"] . " LIMIT 1"; $q_inner = $db->query($sql_inner); if (DB::isError($q)) { die("db error: " . $q->getMessage()); } } else { $salt = $row["use_salt"]; } } $db_data["use_password"] = encrypt_password($password, $salt); // make sure this password has not been used before by this user $sql = "SELECT * FROM changelog WHERE\n\tcha_table = 'user' AND\n\tcha_row = {$use_id} AND\n\tcha_field = 'use_password' AND\n\t(cha_old = '" . $db_data["use_password"] . "' OR cha_new = '" . $db_data["use_password"] . "')\n\t"; $q = $db->query($sql); if (DB::isError($q)) { die("db error: " . $q->getMessage()); } $numRows = $q->numRows(); if ($numRows != 0) { $errors[] = "This password has been used before, it is not possible to use the same password twice for this user"; echo error_message($errors); exit; } $cli_id = db_query($db_data, "UPDATE", "user", "use_id", $use_id); header("Location:" . $_SERVER['PHP_SELF']); }
function authenticate_user($link, $login, $password, $force_auth = false) { if (!SINGLE_USER_MODE) { $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); $login = db_escape_string($login); if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH && $_SERVER["REMOTE_USER"] && $login != "admin") { $login = db_escape_string($_SERVER["REMOTE_USER"]); $query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******'"; } else { $query = "SELECT id,login,access_level,pwd_hash\n\t FROM ttrss_users WHERE\n\t\t\t\t\tlogin = '******' AND (pwd_hash = '{$pwd_hash1}' OR\n\t\t\t\t\t\tpwd_hash = '{$pwd_hash2}')"; } $result = db_query($link, $query); if (db_num_rows($result) == 1) { $_SESSION["uid"] = db_fetch_result($result, 0, "id"); $_SESSION["name"] = db_fetch_result($result, 0, "login"); $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level"); db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash"); initialize_user_prefs($link, $_SESSION["uid"]); return true; } return false; } else { $_SESSION["uid"] = 1; $_SESSION["name"] = "admin"; $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"]; initialize_user_prefs($link, $_SESSION["uid"]); return true; } }
} $data['PASSWORDC'] = $_REQUEST['PASSWORDC']; if (SmartyValidate::is_valid($data, 'conf_users_edit')) { unset($data['PASSWORDC']); if (empty($id)) { $id = $db->GenID($tables['user']['name'] . '_SEQ'); } $data['ID'] = $id; if ($action == 'E') { if (empty($data['PASSWORD'])) { $data['PASSWORD'] = $db->GetOne("SELECT `PASSWORD` FROM `{$tables['user']['name']}` WHERE `ID` = " . $db->qstr($id)); } else { $data['PASSWORD'] = encrypt_password($data['PASSWORD']); } } else { $data['PASSWORD'] = encrypt_password($data['PASSWORD']); } if ($db->Replace($tables['user']['name'], $data, 'ID', true) > 0) { $tpl->assign('posted', true); if ($data['ADMIN'] != 1) { @header('Location: conf_user_permissions.php?action=N:0&u=' . $id); @exit; } else { if ($action == 'N') { $data = array(); } else { if (isset($_SESSION['return'])) { @header('Location: ' . $_SESSION['return']); @exit; } }
function module_pref_prefs($link) { global $access_level_names; $subop = $_REQUEST["subop"]; $prefs_blacklist = array("HIDE_FEEDLIST", "SYNC_COUNTERS", "ENABLE_LABELS", "ENABLE_SEARCH_TOOLBAR", "HIDE_READ_FEEDS"); $profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS", "PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP", "BLACKLISTED_TAGS", "ENABLE_FEED_ICONS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE", "DEFAULT_UPDATE_INTERVAL", "MARK_UNREAD_ON_UPDATE"); if (FORCE_ARTICLE_PURGE != 0) { array_push($prefs_blacklist, "PURGE_OLD_DAYS"); array_push($prefs_blacklist, "PURGE_UNREAD_ARTICLES"); } if ($subop == "change-password") { $old_pw = $_POST["OLD_PASSWORD"]; $new_pw = $_POST["NEW_PASSWORD"]; $con_pw = $_POST["CONFIRM_PASSWORD"]; if ($old_pw == "") { print "ERROR: " . __("Old password cannot be blank."); return; } if ($new_pw == "") { print "ERROR: " . __("New password cannot be blank."); return; } if ($new_pw != $con_pw) { print "ERROR: " . __("Entered passwords do not match."); return; } $old_pw_hash1 = encrypt_password($_POST["OLD_PASSWORD"]); $old_pw_hash2 = encrypt_password($_POST["OLD_PASSWORD"], $_SESSION["name"]); $new_pw_hash = encrypt_password($_POST["NEW_PASSWORD"], $_SESSION["name"]); $active_uid = $_SESSION["uid"]; if ($old_pw && $new_pw) { $login = db_escape_string($_SERVER['PHP_AUTH_USER']); $result = db_query($link, "SELECT id FROM ttrss_users WHERE \n\t\t\t\t\tid = '{$active_uid}' AND (pwd_hash = '{$old_pw_hash1}' OR \n\t\t\t\t\t\tpwd_hash = '{$old_pw_hash2}')"); if (db_num_rows($result) == 1) { db_query($link, "UPDATE ttrss_users SET pwd_hash = '{$new_pw_hash}' \n\t\t\t\t\t\tWHERE id = '{$active_uid}'"); $_SESSION["pwd_hash"] = $new_pw_hash; print __("Password has been changed."); } else { print "ERROR: " . __('Old password is incorrect.'); } } return; } else { if ($subop == "save-config") { # $_SESSION["prefs_op_result"] = "save-config"; $_SESSION["prefs_cache"] = false; // print_r($_POST); $orig_theme = get_pref($link, "_THEME_ID"); foreach (array_keys($_POST) as $pref_name) { $pref_name = db_escape_string($pref_name); $value = db_escape_string($_POST[$pref_name]); set_pref($link, $pref_name, $value); } if ($orig_theme != get_pref($link, "_THEME_ID")) { print "PREFS_THEME_CHANGED"; } else { print __("The configuration was saved."); } return; } else { if ($subop == "getHelp") { $pref_name = db_escape_string($_REQUEST["pn"]); $result = db_query($link, "SELECT help_text FROM ttrss_prefs\n\t\t\t\tWHERE pref_name = '{$pref_name}'"); if (db_num_rows($result) > 0) { $help_text = db_fetch_result($result, 0, "help_text"); print $help_text; } else { printf(__("Unknown option: %s"), $pref_name); } } else { if ($subop == "change-email") { $email = db_escape_string($_POST["email"]); $active_uid = $_SESSION["uid"]; db_query($link, "UPDATE ttrss_users SET email = '{$email}' \n\t\t\t\tWHERE id = '{$active_uid}'"); print __("E-mail has been changed."); return; } else { if ($subop == "reset-config") { $_SESSION["prefs_op_result"] = "reset-to-defaults"; if ($_SESSION["profile"]) { $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { $profile_qpart = "profile IS NULL"; } db_query($link, "DELETE FROM ttrss_user_prefs \n\t\t\t\tWHERE {$profile_qpart} AND owner_uid = " . $_SESSION["uid"]); initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]); print "PREFS_THEME_CHANGED"; // print __("The configuration was reset to defaults."); return; } else { set_pref($link, "_PREFS_ACTIVE_TAB", "genConfig"); if ($_SESSION["profile"]) { print_notice("Some preferences are only available in default profile."); } if (!SINGLE_USER_MODE) { $result = db_query($link, "SELECT id FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"] . " AND pwd_hash \n\t\t\t\t\t= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); if (db_num_rows($result) != 0) { print format_warning(__("Your password is at default value, \n\t\t\t\t\t\tplease change it."), "default_pass_warning"); } /* if ($_SESSION["pwd_change_result"] == "failed") { print format_warning("Could not change the password."); } if ($_SESSION["pwd_change_result"] == "ok") { print format_notice("Password was changed."); } $_SESSION["pwd_change_result"] = ""; */ /* if ($_SESSION["prefs_op_result"] == "reset-to-defaults") { print format_notice(__("The configuration was reset to defaults.")); } */ # if ($_SESSION["prefs_op_result"] == "save-config") { # print format_notice(__("The configuration was saved.")); # } $_SESSION["prefs_op_result"] = ""; print "<form onsubmit='return false' id='change_email_form'>"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td colspan='3'><h3>" . __("Personal data") . "</h3></tr></td>"; $result = db_query($link, "SELECT email,access_level FROM ttrss_users\n\t\t\t\t\tWHERE id = " . $_SESSION["uid"]); $email = db_fetch_result($result, 0, "email"); print "<tr><td width=\"40%\">" . __('E-mail') . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" name=\"email\" \n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserEmail)\"\n\t\t\t\t\tvalue=\"{$email}\"></td></tr>"; if (!SINGLE_USER_MODE) { $access_level = db_fetch_result($result, 0, "access_level"); print "<tr><td width=\"40%\">" . __('Access level') . "</td>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>"; } print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; print "<input type=\"hidden\" name=\"subop\" value=\"change-email\">"; print "</form>"; print "<p><button onclick=\"return changeUserEmail()\">" . __("Change e-mail") . "</button>"; print "<form onsubmit=\"return false\" \n\t\t\t\t\tname=\"change_pass_form\" id=\"change_pass_form\">"; print "<table width=\"100%\" class=\"prefPrefsList\">"; print "<tr><td colspan='3'><h3>" . __("Authentication") . "</h3></tr></td>"; print "<tr><td width=\"40%\">" . __("Old password") . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"OLD_PASSWORD\"></td></tr>"; print "<tr><td width=\"40%\">" . __("New password") . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"NEW_PASSWORD\"></td></tr>"; print "<tr><td width=\"40%\">" . __("Confirm password") . "</td>"; print "<td class=\"prefValue\"><input class=\"editbox\" type=\"password\"\n\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\tonblur=\"javascript:enableHotkeys();\"\n\t\t\t\t\tonkeypress=\"return filterCR(event, changeUserPassword)\"\n\t\t\t\t\tname=\"CONFIRM_PASSWORD\"></td></tr>"; print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; print "<input type=\"hidden\" name=\"subop\" value=\"change-password\">"; print "</form>"; print "<p><button\tonclick=\"return changeUserPassword()\">" . __("Change password") . "</button>"; } if ($_SESSION["profile"]) { initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]); $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { initialize_user_prefs($link, $_SESSION["uid"]); $profile_qpart = "profile IS NULL"; } $result = db_query($link, "SELECT \n\t\t\t\tttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,\n\t\t\t\tsection_name,def_value,section_id\n\t\t\t\tFROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs\n\t\t\t\tWHERE type_id = ttrss_prefs_types.id AND \n\t\t\t\t\t{$profile_qpart} AND\n\t\t\t\t\tsection_id = ttrss_prefs_sections.id AND\n\t\t\t\t\tttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND\n\t\t\t\t\tshort_desc != '' AND\n\t\t\t\t\towner_uid = " . $_SESSION["uid"] . "\n\t\t\t\tORDER BY section_id,short_desc"); print "<form onsubmit='return false' action=\"backend.php\" \n\t\t\t\tmethod=\"POST\" id=\"pref_prefs_form\">"; $lnum = 0; $active_section = ""; while ($line = db_fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { continue; } if ($_SESSION["profile"] && in_array($line["pref_name"], $profile_blacklist)) { continue; } if ($active_section != $line["section_name"]) { if ($active_section != "") { print "</table>"; } print "<p><table width=\"100%\" class=\"prefPrefsList\">"; $active_section = $line["section_name"]; print "<tr><td colspan=\"3\"><h3>" . __($active_section) . "</h3></td></tr>"; if ($line["section_id"] == 2) { print "<tr><td width=\"40%\">" . __("Select theme") . "</td>"; $user_theme = get_pref($link, "_THEME_ID"); $themes = get_all_themes(); print "<td><select name=\"_THEME_ID\">"; print "<option value=''>" . __('Default') . "</option>"; print "<option disabled>--------</option>"; foreach ($themes as $t) { $base = $t['base']; $name = $t['name']; if ($base == $user_theme) { $selected = "selected=\"1\""; } else { $selected = ""; } print "<option {$selected} value='{$base}'>{$name}</option>"; } print "</select></td></tr>"; } // print "<tr class=\"title\"> // <td width=\"25%\">Option</td><td>Value</td></tr>"; $lnum = 0; } // $class = ($lnum % 2) ? "even" : "odd"; print "<tr>"; $type_name = $line["type_name"]; $pref_name = $line["pref_name"]; $value = $line["value"]; $def_value = $line["def_value"]; $help_text = $line["help_text"]; print "<td width=\"40%\" class=\"prefName\" id=\"{$pref_name}\">" . __($line["short_desc"]); if ($help_text) { print "<div class=\"prefHelp\">" . __($help_text) . "</div>"; } print "</td>"; print "<td class=\"prefValue\">"; if ($pref_name == "DEFAULT_UPDATE_INTERVAL") { global $update_intervals_nodefault; print_select_hash($pref_name, $value, $update_intervals_nodefault); } else { if ($type_name == "bool") { // print_select($pref_name, $value, array("true", "false")); if ($value == "true") { $value = __("Yes"); } else { $value = __("No"); } print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No"))); } else { print "<input class=\"editbox\"\n\t\t\t\t\t\tonfocus=\"javascript:disableHotkeys();\" \n\t\t\t\t\t\tonblur=\"javascript:enableHotkeys();\" \n\t\t\t\t\t\tname=\"{$pref_name}\" value=\"{$value}\">"; } } print "</td>"; print "</tr>"; $lnum++; } print "</table>"; print "<input type=\"hidden\" name=\"op\" value=\"pref-prefs\">"; print "<p><button onclick=\"return validatePrefsSave()\">" . __('Save configuration') . "</button> "; print "<button onclick=\"return editProfiles()\">" . __('Manage profiles') . "</button> "; print "<button onclick=\"return validatePrefsReset()\">" . __('Reset to defaults') . "</button></p>"; print "</form>"; } } } } } }
function add_attribute($id, $id_attr, $attr_value) { # temporary map vars: $attr = array(); $attr["key"] = $id_attr; $attr["value"] = $attr_value; # get class_id of item --> for function $class_id = db_templates("get_classid_of_item", $id); # only handle integer (attribute ids) on "key" element if (is_int($attr["key"])) { # different logic for text / linked items if (!is_array($attr["value"])) { # Add text or select attribute # Lookup datatype # Password field is a encrypted, do not save $datatype = db_templates("attr_datatype", $attr["key"]); if ($datatype == "password") { $insert_attr_value = encrypt_password($attr["value"]); } else { # normal text/select $insert_attr_value = escape_string($attr["value"]); } # insert query $query = 'INSERT INTO ConfigValues (fk_id_item, attr_value, fk_id_attr) VALUES ("' . $id . '", "' . $insert_attr_value . '", "' . $attr["key"] . '") '; if (DB_NO_WRITES != 1) { $result_insert = db_handler($query, "insert", "Insert"); if ($result_insert) { NConf_DEBUG::set("Added attr " . $insert_attr_value, 'DEBUG', "Add attribute"); # add value ADDED to history history_add("added", $attr["key"], $insert_attr_value, $id, "get_attr_name"); } else { message('ERROR', 'Error when adding ' . $attr["value"], "failed"); } } } elseif (is_array($attr["value"])) { # add assign attrbibutes # counter for assign_cust_order $cust_order = 0; $attr_datatype = db_templates("attr_datatype", $attr["key"]); # save assign_one/assign_many/assign_cust_order in ItemLinks while ($many_attr = each($attr["value"])) { # if value is empty go to next one if (!$many_attr["value"]) { continue; } else { # create insert query $check = check_link_as_child_or_bidirectional($attr["key"], $class_id); if ($check === TRUE) { $query = 'INSERT INTO ItemLinks (fk_id_item, fk_item_linked2, fk_id_attr, cust_order) VALUES (' . $many_attr["value"] . ', ' . $id . ', ' . $attr["key"] . ', ' . $cust_order . ') '; } else { $query = 'INSERT INTO ItemLinks (fk_id_item, fk_item_linked2, fk_id_attr, cust_order) VALUES (' . $id . ', ' . $many_attr["value"] . ', ' . $attr["key"] . ', ' . $cust_order . ') '; } if (DB_NO_WRITES != 1) { $result_insert = db_handler($query, "insert", "Insert"); if ($result_insert) { history_add("assigned", $attr["key"], $many_attr["value"], $id, "resolve_assignment"); message('DEBUG', '', "ok"); //message ('DEBUG', 'Successfully linked "'.$many_attr["value"].'" with '.$attr["key"]); } else { message('ERROR', 'Error when linking ' . $many_attr["value"] . ' with ' . $attr["key"] . ':' . $query); } } # increase assign_cust_order if needed if ($attr_datatype == "assign_cust_order") { $cust_order++; } } } } } }
/** * Send lost password activation email request. If the email address does not exist, do nothing */ function rpass_activate() { global $db, $_pre, $_mail; $email = $_POST['rpass_email']; if (!checkEmail($email)) { system_messages(0, 'Email address invalid!'); return; } $query = "SELECT * FROM {$_pre}users WHERE email='{$email}' LIMIT 1"; $db->setQuery($query); if ($db->foundRows > 0) { $row = $db->fetch_assoc(); //Is the owner of this email address banned...? if ($row['activated'] == -1) { system_messages(2, 'Your account has been blocked by the administrators, you cannot activate it!', 'true'); return; } //Send activation email now first we need to generate another key before sending and another password $key = md5(time()); $pass = random_string(); $enc_pass = encrypt_password($pass); $query = "UPDATE {$_pre}users SET activation_key='{$key}' WHERE email='{$email}'"; $db->setQuery($query); require_once 'lib' . DS . 'mail' . DS . 'mail.php'; $subject = 'CodeZone account new password request'; $message = "{$row['nick_name']},\nYou or someone claiming to be you has requested a new password for the CodeZone account using this email address ({$email}). To reset your password, please click on the link below or cut and paste in your browser's location bar.\n Link: http://{$_SERVER['HTTP_HOST']}{$_SERVER['SCRIPT_NAME']}?a=register&do=rpass_make_active&r=" . base64_encode($row['registration_no']) . "&k={$key}&p=" . base64_encode($enc_pass) . "\nOnce you click on the link, you will login with the following details:\nLogin Name (Registration No): {$row['registration_no']}\nPassword: {$pass}\nPlease change your password once you log in for security purposes. If you are having any problems then do not hesitate to contact the admin at {$_mail}.\n\nWishing you all the best at CodeZone\n\nAdmin"; mailSend(array($email), $subject, $message); system_messages(1, 'An activation link has been sent to your email addresss', 'true'); } else { //Even if the email address does not exist, we notify the user that it has been sent. Maybe it's somebody just trying the system system_messages(1, 'Activation email has been sent'); } }
function add_user($user) { # Adds a new user account $saved_db = DbUtil::switchToGlobal(); $password = encrypt_password($user->password); $query_string = "INSERT INTO user(username, password, actualname, level, created_by, lab_config_id, email, phone, lang_id) " . "VALUES ('{$user->username}', '{$password}', '{$user->actualName}', {$user->level}, {$user->createdBy}, '{$user->labConfigId}', '{$user->email}', '{$user->phone}', '{$user->langId}')"; query_insert_one($query_string); DbUtil::switchRestore($saved_db); }
public function get_password() { $this->load->helper('email'); $this->load->model('administrators_model'); $error = FALSE; $email = $this->input->post('email_address'); if (!valid_email($email)) { $error = TRUE; $feedback = lang('ms_error_wrong_email_address'); } else { if (!$this->administrators_model->check_email($email)) { $error = TRUE; $feedback = lang('ms_error_email_not_exist'); } } if ($error === FALSE) { $password = encrypt_password('admin'); if ($this->administrators_model->update_password($email, $password)) { $error = FALSE; } } if ($error === FALSE) { $response = array('success' => TRUE, 'feedback' => lang('ms_success_action_performed')); } else { $response = array('success' => FALSE, 'feedback' => $feedback); } $this->set_output($response); }
/** * Save personal details */ function save_personal_details($post) { global $db, $_pre; if (base64_decode($post['f']) != 'save personal') { echo "{'error':'Request source unknown'}"; return; } $registration_no = $this->ud['registration_no']; list($full_name, $nick_name, $cur_passwd, $new_passwd1, $new_passwd2, $email, $unused) = assoc_to_indexed($post); $full_name = strtolower($full_name); if (strlen($full_name) < 6) { echo "{'error':'Full names invalid'}"; return; } if (strlen($nick_name) < 2) { echo "{'error':'Nick name too short'}"; return; } if (!checkAlphanumPlus($nick_name)) { echo "{'error':'nick name should contain only alphanumeric characters, a full stop or an underscore'}"; return; } //Has user shown intention to change password...? $p_query = ''; if (strlen($cur_passwd) > 0) { if ($new_passwd1 != $new_passwd2) { echo "{'error':'New password did not match'}"; return; } if (strlen($new_passwd1) < 5) { echo "{'error':'New password too short'}"; return; } if (encrypt_password($cur_passwd) != $this->ud['password']) { echo "{'error':'Current password invalid" . encrypt_password($cur_passwd) . "--" . $this->ud['password'] . "'}"; return; } $new_passwd = encrypt_password($new_passwd1); $p_query = "password='******',"; } if (!checkEmail($email)) { echo "{'error':'Email address invalid'}"; return; } //Check if the nick name provided is in use with another account $query = "SELECT * FROM {$_pre}users WHERE nick_name='{$nick_name}' AND registration_no!='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'This nick name is already in use'}"; return; } //Check if the email address provided is in use with another account $query = "SELECT * FROM " . $_pre . "users WHERE email='{$email}' AND registration_no!='{$registration_no}'"; $db->setQuery($query); if ($db->foundRows > 0) { echo "{'error':'This email account is already in use'}"; return; } $query = "UPDATE {$_pre}users SET full_names='{$full_name}',nick_name='{$nick_name}',{$p_query}email='{$email}' WHERE registration_no='{$registration_no}'"; $db->setQuery($query); //Update user session data to effect immediate changes $_SESSION['user_row_data']['full_names'] = $full_name; $_SESSION['user_row_data']['nick_name'] = $nick_name; $_SESSION['user_row_data']['email'] = $email; $_SESSION['user_row_data']['password'] = encrypt_password($new_passwd1); echo "{'success':'Personal details saved'}"; }
if ($_GET['action'] == 'process') { $admin_username = db_prepare_input(trim($_POST['admin_username'])); $admin_contactname = db_prepare_input(trim($_POST['admin_contactname'])); $admin_email = db_prepare_input($_POST['admin_email']); $admin_password = db_prepare_input(trim($_POST['admin_password'])); $confirm_password = db_prepare_input(trim($_POST['confirm_password'])); if ($validator->validateGeneral(ERROR_FIELD_ADMIN_USERNAME, $admin_username, _ERROR_FIELD_EMPTY)) { // check if the email avaible $sql_username = "******" . _TABLE_ADMINS . " WHERE admin_username='******'"; if (db_num_rows(db_query($sql_username)) > 0) { // email existed $validator->addError(ERROR_FIELD_ADMIN_USERNAME, ERROR_ADMIN_USERNAME_NOT_AVAIABLE); } } $validator->validateGeneral(ERROR_FIELD_ADMIN_CONTACTNAME, $admin_contactname, _ERROR_FIELD_EMPTY); $validator->validateEmail(ERROR_FIELD_ADMIN_EMAIL, $admin_email, _ERROR_EMAIL_ADDRESS); if ($validator->validateMinLength(ERROR_FIELD_ADMIN_PASSWORD, $admin_password, 5, sprintf(_ERROR_MIN_LENGTH, 5, strlen($admin_password)))) { $validator->validateEqual(ERROR_FIELD_ADMIN_CONFIRM_PASSWORD, $admin_password, $confirm_password, ERROR_CONFIRM_PASSWORD); } if (count($validator->errors) == 0) { // create new member // create new admin info $admin_data_array = array('admin_username' => $admin_username, 'admin_contactname' => $admin_contactname, 'admin_email' => $admin_email, 'admin_password' => encrypt_password($admin_password)); db_perform(_TABLE_ADMINS, $admin_data_array); tep_redirect(get_admin_link(PAGE_ADMIN_ACCOUNTS, 'pg=' . $pg)); } else { postAssign($smarty); $smarty->assign('validerrors', $validator->errors); } } $_html_main_content = $smarty->fetch('admins/new.html');
<?php require_once 'config.inc.php'; require_once 'include/utils/utils.php'; require_once 'include/database/PearDatabase.php'; global $adb; function encrypt_password($user_password) { $salt = '$1$rasm$'; $encrypted_password = crypt($user_password, $salt); return $encrypted_password; } $password = "******"; $salt = substr(md5(time()), 0, 4); echo $salt . "<br>"; echo time() . "<br>"; $password = md5(md5(trim($password)) . $salt); echo $password; die; $encrypted_new_password = encrypt_password("admin"); $user_hash = strtolower(md5("admin")); //set new password $query = "UPDATE ec_users SET user_password='******', user_hash='{$user_hash}',status='Active' where id='1'"; echo $query; $adb->query($query); echo "ok"; exit;