function password_check($oldpassword, $profile_id, $encryptflag) { global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name; global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config; global $db_user_salt; $sql_passchk = sprintf("SELECT " . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_id . " = %s", quote_smart($profile_id)); $result_passchk = $db_raid->sql_query($sql_passchk) or print_error($sql_passchk, mysql_error(), 1); if (mysql_num_rows($result_passchk) != 1) { //user not found in CMS DB, Fail return 2; } $data_passchk = $db_raid->sql_fetchrow($result_passchk, true); $db_pass = $data_passchk[$db_user_password]; if ($encryptflag) { // Encrypted Password Sent in, Check directly against DB. if ($oldpassword == $db_pass) { return $db_pass; } else { return FALSE; } } else { // Non-encrypted password sent in, encrypt and check against DB. //We have the password now, now for WBB Specific Password Mangling // See Top of File for Information. $sql_salt = sprintf("SELECT " . $db_user_salt . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_id . " = %s", quote_smart($profile_id)); $result_salt = $db_raid->sql_query($sql_salt) or print_error($sql_salt, mysql_error(), 1); $data_salt = $db_raid->sql_fetchrow($result_salt, true); $salt = $data_salt[$db_user_salt]; $dbusernewpassword = getDoubleSaltedHash($oldpassword, $salt); if ($dbusernewpassword == $db_pass) { return $db_pass; } else { return FALSE; } } }
function chatLogin($userName, $userPass) { $userid = 0; if (filter_var($userName, FILTER_VALIDATE_EMAIL)) { $sql = "SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE email ='" . $userName . "'"; } else { $sql = "SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE username ='******'"; } $result = mysql_query($sql); $row = mysql_fetch_array($result); include_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'options.inc.php'; function getSaltedHash($value, $salt) { if (!defined('ENCRYPTION_ENABLE_SALTING') || ENCRYPTION_ENABLE_SALTING) { $hash = ''; if (!defined('ENCRYPTION_SALT_POSITION') || ENCRYPTION_SALT_POSITION == 'before') { $hash .= $salt; } if (!defined('ENCRYPTION_ENCRYPT_BEFORE_SALTING') || ENCRYPTION_ENCRYPT_BEFORE_SALTING) { $hash .= encrypt($value); } else { $hash .= $value; } if (defined('ENCRYPTION_SALT_POSITION') && ENCRYPTION_SALT_POSITION == 'after') { $hash .= $salt; } return encrypt($hash); } else { return encrypt($value); } } function getDoubleSaltedHash($value, $salt) { return encrypt($salt . getSaltedHash($value, $salt)); } function encrypt($value) { if (defined('ENCRYPTION_METHOD')) { switch (ENCRYPTION_METHOD) { case 'sha1': return sha1($value); case 'md5': return md5($value); case 'crc32': return crc32($value); case 'crypt': return crypt($value); } } return sha1($value); } $password = getDoubleSaltedHash($userPass, $row['salt']); if ($row['password'] == $password) { $userid = $row['userID']; } if ($row['password'] == $password) { $userid = $row['userID']; } return $userid; }