function encryptionDemo($password) { //your password $getpass = $password; //generate unique string of 32 chars $salt = genRandomPassword(32); //this function encypt your password with generated salt $crypt = getCryptedPassword($getpass, $salt); //salt encrypted password $encrypted_password = $crypt . ':' . $salt; return $encrypted_password; }
function WriteAdmin($uid, $database) { $user = new user($uid); $salt = genRandomPassword(32); $crypt = getCryptedPassword($user->password, $salt); $cryptpass = $crypt . ':' . $salt; $nullDate = null; $installdate = date('Y-m-d H:i:s'); $q = new mysql(); $sql = "SELECT gid FROM jos_users WHERE id=62"; $ligne = @mysql_fetch_array($q->QUERY_SQL($sql, 'artica_backup')); if ($ligne["gid"] == 0) { $query = "INSERT INTO jos_users VALUES (62, 'Administrator', '{$user->uid}', '{$user->mail}', '{$cryptpass}', 'Super Administrator', 0, 1, 25, '{$installdate}', '{$nullDate}', '', '')"; $q->QUERY_SQL($query, $database); if (!$q->ok) { write_events("set admin/password failed..."); } $query = "INSERT INTO jos_core_acl_aro VALUES (10,'users','62',0,'Administrator',0)"; $q->QUERY_SQL($query, $database); if (!$q->ok) { write_events("set admin/password failed..."); } $query = "INSERT INTO jos_core_acl_groups_aro_map VALUES (25,'',10)"; $q->QUERY_SQL($query, $database); if (!$q->ok) { write_events("set admin/password failed..."); } } else { write_events("updating {$uid}/password..."); $sql = "UPDATE jos_users SET password='******' WHERE id=62"; $q->QUERY_SQL($query, $database); if (!$q->ok) { write_events("set admin/password failed..."); } } }
echo json_encode(array("message" => "0")); /*************** wrong email *************/ } } else { $email = $_REQUEST['email']; ############################ CHECKING USERNAME EXIST OR NOT ################## $sql_username = "******" . $prefix . "users where email = '" . $email . "' "; $rs_username = mysql_query($sql_username); $num_rows = mysql_num_rows($rs_username); if ($num_rows > 0) { ############### send email for token ############## $records = mysql_fetch_assoc($rs_username); $id = $records['id']; $secret = 'JfXAcjoH0jbAMqF4'; // Generate a new token $random = genRandomPassword(); $randpasstemp = ''; for ($ik = 0; $ik < 4; $ik++) { $randpasstemp .= chr(mt_rand(48, 57)); } $token = md5($randpasstemp); $salt = getSalt('crypt-md5'); $hashedToken = md5($token . $salt) . ':' . $salt; $query = "UPDATE " . $prefix . "users SET activation = '" . $token . "' WHERE id = " . $id . " "; mysql_query($query); /*$msg .= "Hello,'.$records['id']"; $msg .= "<br><br>A request has been made to reset your account password. To reset your password, you will need to submit this verification code in order to verify that the request was legitimate."; $msg .= "<br><br>The verification code is ".$randpasstemp."<br><br>";