function check_encrypted_password($dbHandle, $username, $password)
{
$password2 = '';
$verdict = FALSE;
// READ PASSWORD FROM DATABASE
$username_quoted = $dbHandle->quote($username);
$result = $dbHandle->query("SELECT password FROM users WHERE username="******"UPDATE users SET password="******" WHERE username=" . $username_quoted);
}
return $verdict;
}
$quoted_password = $dbHandle->quote(generate_encrypted_password($_POST['pass']));
// Update the database.
$dbHandle->exec("UPDATE userdatabase.users SET password="******" WHERE username="******"ROLLBACK");
sendError('Username already exists.');
}
} else {
// Encrypt the password.
$quoted_password = $dbHandle->quote(generate_encrypted_password($_POST['pass']));
// Save the user to database.
$dbHandle->exec("INSERT INTO userdatabase.users (username,password,permissions) VALUES (" . $quoted_user . "," . $quoted_password . ",'" . $permissions . "')");
// Get user ID.
$id = $dbHandle->lastInsertId();
// Write session vars.
session_regenerate_id(true);
$_SESSION['user_id'] = $id;
$_SESSION['user'] = $_POST['user'];
$_SESSION['permissions'] = $permissions;
$_SESSION['auth'] = true;
}
$dbHandle->exec("COMMIT TRANSACTION");
$dbHandle->exec("DETACH DATABASE userdatabase");
$dbHandle = null;
die('OK');
$is_admin = intval($fb_fetch['is_admin']);
try {
$fb_update = "UPDATE `members` SET `access` = :access_date, `fb_id` = :temp_fb_id WHERE `id` = :userid";
$fb_update_do = $db->prepare($fb_update);
$fb_update_do->bindParam(':access_date', $access_date, PDO::PARAM_STR);
$fb_update_do->bindParam(':temp_fb_id', $temp_fb_id, PDO::PARAM_INT);
$fb_update_do->bindParam(':userid', $userid, PDO::PARAM_INT);
$fb_update_do->execute();
} catch (PDOException $e) {
/* catch and log errors over here. */
}
} else {
/* creating a random key for the user */
$temp_key = getGuid();
$temp_password = createRandomPassword();
$temp_password = generate_encrypted_password($temp_password);
/* fetching the user's first and last name from their facebook profile. */
$first_name = $user->first_name;
$last_name = $user->last_name;
try {
$fb_insert = "INSERT INTO `members`(`first_name`, `last_name`, `password`, `email`, `key`, `verified`, `join`, `access`, `fb_id`) VALUE(:first_name, :last_name, :temp_password, :fb_email, :temp_key, 1, :access_date, :access_date, :temp_fb_id)";
$fb_insert_do = $db->prepare($fb_insert);
$fb_insert_do->bindParam(':first_name', $first_name, PDO::PARAM_STR);
$fb_insert_do->bindParam(':last_name', $last_name, PDO::PARAM_STR);
$fb_insert_do->bindParam(':temp_password', $temp_password, PDO::PARAM_STR);
$fb_insert_do->bindParam(':fb_email', $fb_email, PDO::PARAM_STR);
$fb_insert_do->bindParam(':temp_key', $temp_key, PDO::PARAM_STR);
$fb_insert_do->bindParam(':access_date', $access_date, PDO::PARAM_STR);
$fb_insert_do->bindParam(':temp_fb_id', $temp_fb_id, PDO::PARAM_INT);
$fb_insert_do->execute();
$last_insert = $db->lastInsertId();
$_GET['username'] = str_replace($slashes, "", $_GET['username']);
database_connect(IL_USER_DATABASE_PATH, 'users');
$username_query = $dbHandle->quote($_GET['username']);
$id_query = $dbHandle->quote($_GET['id']);
$rename = $dbHandle->exec("UPDATE users SET username={$username_query} WHERE userID={$id_query}");
$error = $dbHandle->errorInfo();
$dbHandle = null;
if ($rename !== 1) {
die('Error! User was not renamed correctly. Database error: ' . $error[2]);
}
}
// FORCE NEW PASSWORD FOR EXISTING USER
if (!empty($_GET['force_password']) && !empty($_GET['id']) && !empty($_GET['new_password'])) {
database_connect(IL_USER_DATABASE_PATH, 'users');
$id_query = $dbHandle->quote($_GET['id']);
$password_query = $dbHandle->quote(generate_encrypted_password($_GET['new_password']));
$update = $dbHandle->exec("UPDATE users SET password={$password_query} WHERE userID={$id_query}");
$error = $dbHandle->errorInfo();
$dbHandle = null;
if ($update !== 1) {
die('Error! Password was not saved correctly. Database error: ' . $error[2]);
}
}
print '<form action="users.php" method="GET">';
print '<table border="0" cellpadding="0" cellspacing="0" style="width: 100%">';
print "<tr><td class=\"details alternating_row\"><b>Change password for user " . htmlspecialchars($_SESSION['user']) . "</b></td></tr>";
print "<tr><td class=\"details\">";
print "Old Password: <input type=\"password\" size=\"10\" name=\"old_password\">\n New Password: <input type=\"password\" size=\"10\" name=\"new_password1\">\n Re-type New Password: <input type=\"password\" size=\"10\" name=\"new_password2\"><br>";
print "</td></tr>";
print "<tr><td class=\"details\">";
print "<input type=\"submit\" name=\"change_password\" value=\"Change\">";
mysql_query($query);
}
unset($query);
fclose($file);
$update_s1 = mysql_query("UPDATE `settings` SET `option_value` = '{$websitepath}' WHERE `option_name` = 'website'") or die(mysql_error());
$update_s2 = mysql_query("UPDATE `settings` SET `option_value` = '{$adminemail}' WHERE `option_name` = 'admin_email'") or die(mysql_error());
$update_s3 = mysql_query("UPDATE `settings` SET `option_value` = '{$adminemail}' WHERE `option_name` = 'sending_email'") or die(mysql_error());
$join = date("Y-m-d H:i:s");
/*
getGuid() function generates a random unique 32 character unique key.
*/
$key = getGuid();
/*
encrypting the password using the required format.
*/
$adminpass = generate_encrypted_password($adminpass);
/*
create first user with the admin rights.
*/
$create_admin = "INSERT INTO `members`(`first_name`, `last_name`, `password`, `email`, `key`, `verified`, `join`, `is_admin`) VALUE('Site', 'Admin', '{$adminpass}', '{$adminemail}', '{$key}', 1, '{$join}', 1)";
$execute_query = mysql_query($create_admin) or die(mysql_error());
if ($execute_query) {
?>
<div class="page-header">
<h1>Final Step</h1>
</div>
<div class="alert alert-success"><strong>Installation Completed.</strong><br/>You have just finished installing <i>AuthManager</i> on your server. Please complete the final step before you can start using the app.</div>
<p>Open file <strong>'user/database.php'</strong> and copy the text from below and replace it with the text already there:<br/>
<pre>$db_server = "<?php
echo $host;
*/
include "../init.php";
include "header.php";
/* extra js file to be included for the show password option (jquery). */
$js = "<script type=\"text/javascript\" src=\"{$website}/" . JS_DIRECTORY . "/jquery.showpassword.js\"></script>\n<script type=\"text/javascript\">\n\$(function() {\n\t\$('#new_password').showPassword('#showpass');\n});\n</script>";
subheader(_("Change Password"), null, $js);
if ($sesslife == true) {
echo "<div class=\"page-header\"><h1>" . _("Change Password") . "</h1></div>";
if (isset($_POST["changepassword"])) {
$current_password = cleanInput($_POST["current_password"]);
$new_password = cleanInput($_POST["new_password"]);
if (!empty($current_password) && !empty($new_password)) {
/* changing the current password to the encrypted format. */
$current_password = generate_encrypted_password($current_password);
if ($current_password == $userpass) {
$new_password = generate_encrypted_password($new_password);
try {
$q = "UPDATE `members` SET `password` = :new_password WHERE `id` = :userid";
$q_do = $db->prepare($q);
$q_do->bindParam(':new_password', $new_password, PDO::PARAM_STR);
$q_do->bindParam(':userid', $userid, PDO::PARAM_INT);
$confirm_do = $q_do->execute();
} catch (PDOException $e) {
$log->logError($e . " - " . basename(__FILE__));
}
if (!empty($confirm_do)) {
echo "<meta http-equiv=\"refresh\" content=\"0;url={$website}/" . USER_DIRECTORY . "/logout\">";
} else {
$err = "<div class=\"alert alert-error\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong>" . _("Unable to process.") . "</strong><br/>" . _("We are unable to process your request at this time. Please try again later.") . "</div>";
}
} else {
