/**
* gen encoded password
* @param string $password_raw
* @param string $salt
* @return encoded password
*/
public static function gen_salt_password($password_raw, $salt = NULL, $len = 40)
{
$len = in_array($len, array(32, 40)) ? $len : 32;
$encfunc = $len == 40 ? 'sha1' : 'md5';
$password_enc = preg_match("/^\\w{{$len}}\$/", $password_raw) ? $password_raw : $encfunc($password_raw);
if (!isset($salt)) {
$salt = gen_salt();
}
return strtoupper($encfunc($password_enc . $salt));
}
$g_params['changes_required'] = TRUE;
}
}
}
if ($g_stage == 4) {
$g_params['updated'] = FALSE;
$g_params['success'] = '';
if (isset($_POST['next'])) {
$_SESSION['stage'] = $g_stage = 5;
unset($_POST['next']);
} elseif (isset($_POST['update'])) {
$g_params['ran_update'] = TRUE;
$g_params['error'] = FALSE;
$g_params['updated'] = FALSE;
$msg = '';
$salt = gen_salt();
$result = upgrade_config_file($salt);
//var_dump($result);
if ($result['success'] === FALSE) {
$g_params['error'] = $result['error'];
}
if ($result['upgraded']) {
$g_params['updated'] = "The config file was updated to include these missing settings: '" . implode("', '", $result['missing']) . "'<br/>";
}
//var_dump($g_params);
}
}
if ($g_stage == 5) {
if (isset($_POST['next'])) {
$_SESSION['stage'] = $g_stage = 6;
unset($_POST['next']);
<label>Passwort wiederholen: <input type="password" id="p2" name="passwordconfirm"></label><br />
<input type="hidden" name="step2" value="2">
<button type="submit">Weiter</button>
</form>
<?php
}
} else {
if (isset($_POST['step2'])) {
// step2: create user
if ($_POST['password'] !== $_POST['passwordconfirm']) {
echo "<p>The passwords did not match</p>";
goto hell;
// the goto keyword was introduced in PHP 5.3... so why don't use it?
}
$sql_str = "INSERT INTO `config` (`key`, `value`) VALUES ('sitename', '" . $sql->real_escape_string($_POST['sitename']) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('username', '" . $sql->real_escape_string($_POST['username']) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('password', '" . $sql->real_escape_string(crypt_password($_POST['password'], gen_salt(22))) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('recent_public', 'false'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('recent_count', '5');";
if (!$sql->multi_query($sql_str)) {
?>
<h2>Ein Fehler ist aufgetreten</h2>
<pre><?php
echo $sql->error;
?>
</pre>
<form method="POST">
<label>Seiten Name: <input type="text" name="sitename" value="<?php
echo htmlspecialchars($_POST['sitename']);
?>
"></label><br />
<label>User Name: <input type="text" name="username" value="<?php
echo htmlspecialchars($_POST['username']);
?>
$num = 0;
} else {
error("Failed to find or get sites hosted on same server from: <a class='navbar' href='http://www.yougetsignal.com/tools/web-sites-on-web-server/'>www.yougetsignal.com</a>!<br>Additional Message:<br>{$message}");
}
echo "</font><br>";
}
//Encrypt string
if (isset($_GET['encrypt'])) {
echo "<form action='' method='post'>\n<center><font color='#14ab00'>\n<input type='text' name='en_string' class='text'>\n<input type='submit' name='do_encrypt' value='Encrypt String'>\n</form>\n</font></center>";
}
if (isset($_POST['do_encrypt'])) {
$vbsalt = gen_salt("30");
$vbsalt2 = gen_salt("3");
$mybbsalt = gen_salt("8");
$ipbsalt = gen_salt("5");
$joomlasalt = gen_salt("32");
$password = $_POST['en_string'];
$md5 = md5($password);
$md52 = md5(md5($password));
$md53 = md5(md5(md5($password)));
$sha1 = sha1($password);
$sha256 = hash('sha256', $password);
$vbalg = md5(md5($password) . $vbsalt);
$vbalg2 = md5(md5($password) . $vbsalt2);
$mybbalg = md5(md5($mybbsalt) . $password);
$ipbalg = md5(md5($ipbsalt) . md5($password));
$joomlaalg = md5($password . $joomlasalt);
$en_result = "Hashes for string: {$password}\nMD5: {$md5}\nmd5(md5(pass)): {$md52}\nmd5(md5(md5(pass))): {$md53}\nSHA-1: {$sha1}\nSHA-256: {$sha256}\nvBulletin 4: {$vbalg}:{$vbsalt}\nvBulletin 3: {$vbalg2}:{$vbsalt2}\nMyBB: {$mybbalg}:{$mybbsalt}\nIPB: {$ipbalg}:{$ipbsalt}\nJoomla 1.0.13+: {$joomlaalg}:{$joomlasalt}\n";
echo "<center>\n<textarea rows='20' cols='150' style='color:#000'>\n{$en_result}\n</textarea>\n</center><br>";
}
//Py Symlink Stuff
function hash_password($password, $salt = null)
{
$salt = isset($salt) ? $salt : gen_salt();
$hash_password = pbkdf2('SHA256', $password, $salt, 8000, 512);
return array($hash_password, $salt);
}
$g_params['absolute_path'] = $abs;
$g_params['absolute_avatar_path'] = $abs_avatar;
if (isset($_SESSION['server'])) {
$g_params['name'] = $_SESSION['server']['name'];
$g_params['url'] = $_SESSION['server']['url'];
$g_params['absolute_path'] = $_SESSION['server']['abs'];
$g_params['absolute_avatar_path'] = $_SESSION['server']['abs_avatar'];
}
}
if ($g_stage == 3) {
if (isset($_POST['next'])) {
$user = $_POST['username'];
$pass = $_POST['password'];
$email = $_POST['email'];
$_SESSION['admin'] = array('user' => $user, 'pass' => $pass, 'email' => $email);
$_SESSION['password_salt'] = gen_salt();
$g_stage = 4;
$_SESSION['stage'] = 4;
unset($_POST['next']);
} elseif (isset($_POST['back'])) {
$_SESSION['stage'] = $g_stage = 2;
$g_params['name'] = $_SESSION['server']['name'];
$g_params['url'] = $_SESSION['server']['url'];
$g_params['absolute_path'] = $_SESSION['server']['abs'];
$g_params['absolute_avatar_path'] = $_SESSION['server']['abs_avatar'];
}
if (isset($_SESSION['admin'])) {
$g_params['user'] = $_SESSION['admin']['user'];
$g_params['pass'] = $_SESSION['admin']['pass'];
$g_params['email'] = $_SESSION['admin']['email'];
} else {
function read_file($action)
{
global $file, $login, $passwd;
$found = false;
if (!$file) {
$file = DEFAULT_AUTH_FILE;
}
$fp = fopen($file, "r");
$contents = fread($fp, filesize($file));
$tmp = explode("\n", $contents);
for ($i = 1; $i < count($tmp); $i++) {
$xp = explode(":", $tmp[$i]);
if ($action == "check") {
if (strcmp($xp[0], $login) == 0) {
$found = true;
}
} else {
if ($action == "mod") {
if (strcmp($xp[0], $login) == 0) {
$salt = gen_salt();
$crypt_pwd = crypt_pass($passwd, $salt);
$tmp[$i] = $login . ":" . $crypt_pwd . "\n";
}
}
}
$str .= $tmp[$i];
}
if ($action == "mod") {
replace_pwd($str);
}
close_file($fp);
return $found;
}
$sql->query("UPDATE `config` SET `value`='false' WHERE `key`='recent_public'");
}
if (isset($_POST['recent_count'])) {
if (is_numeric($_POST['recent_count'])) {
$sql->query("UPDATE `config` SET `value`='" . (int) $_POST['recent_count'] . "' WHERE `key`='recent_count'");
}
}
$_SESSION['flash'] = "Änderungen erfolgreich gespeichert.";
header('Location: ucp.php?page=settings');
exit;
break;
case "password":
if (isset($_POST['password_change']) && isset($_POST['password_verify'])) {
if ($_POST['password_change'] === $_POST['password_verify']) {
if (strlen($_POST['password_change']) > 3) {
$sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(crypt_password($_POST['password_change'], gen_salt(22))) . "' WHERE `key`='password';");
$_SESSION['flash'] = "Passwort erfolgreich geändert.";
header('Location: ucp.php?page=settings');
exit;
}
}
}
$_SESSION['flash'] = "Das Passwort stimmt nicht überein oder ist zu kurz.";
header('Location: ucp.php?page=settings');
exit;
break;
default:
$tpl->draw("settings");
}
}
break;
/**
* 创建一个新用户
*
* @param array $data
* @param string $from 用户来源
* @return boolean|number
*/
public static function createUser(array $data, $from = 'weixin')
{
if (empty($data)) {
return FALSE;
}
$now = simphp_time();
$salt = gen_salt();
$data = array_merge($data, ['regip' => Request::ip(), 'regtime' => $now, 'posttime' => $now, 'salt' => $salt, 'state' => 1, 'from' => $from]);
$uid = D()->insert('member', $data);
if ($uid > 0) {
if (empty($data['username'])) {
$data['username'] = $uid;
D()->update('member', ['username' => $uid], ['uid' => $uid]);
}
/*
//~ 插入ecshop数据表users
$ecdata = [];
$ecdata['member_platform'] = APP_PLATFORM;
$ecdata['member_id'] = $uid;
$ecdata['user_name'] = $data['username'] . '@' . $from;
if (isset($data['nickname'])) {
$ecdata['nick_name'] = $data['nickname'];
}
if (isset($data['email'])) {
$ecdata['email'] = $data['email'];
}
if (isset($data['password'])) {
$ecdata['password'] = $data['password'];
}
if (isset($data['sex'])) {
$ecdata['sex'] = $data['sex'];
}
if (isset($data['city']) || isset($data['province']) || isset($data['country'])) {
$ecdata['address_id'] = self::getECRegionId($data['city'],$data['province'],$data['country']);
}
$ecdata['reg_time'] = simphp_time();
$ecdata['ec_salt'] = $salt;
if (!empty($ecdata)) {
D()->insert(ectable('users'), $ecdata, 1, TRUE);
}
*/
return $uid;
}
return FALSE;
}
