function password_check($oldpassword, $profile_id, $encryptflag)
{
global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name;
global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config;
global $db_user_salt;
$sql_passchk = sprintf("SELECT " . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_id . " = %s", quote_smart($profile_id));
$result_passchk = $db_raid->sql_query($sql_passchk) or print_error($sql_passchk, mysql_error(), 1);
if (mysql_num_rows($result_passchk) != 1) {
//user not found in CMS DB, Fail
return 2;
}
$data_passchk = $db_raid->sql_fetchrow($result_passchk, true);
$db_pass = $data_passchk[$db_user_password];
if ($encryptflag) {
// Encrypted Password Sent in, Check directly against DB.
if ($oldpassword == $db_pass) {
return $db_pass;
} else {
return FALSE;
}
} else {
// Non-encrypted password sent in, encrypt and check against DB.
//We have the password now, now for WBB Specific Password Mangling
// See Top of File for Information.
$sql_salt = sprintf("SELECT " . $db_user_salt . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_id . " = %s", quote_smart($profile_id));
$result_salt = $db_raid->sql_query($sql_salt) or print_error($sql_salt, mysql_error(), 1);
$data_salt = $db_raid->sql_fetchrow($result_salt, true);
$salt = $data_salt[$db_user_salt];
$dbusernewpassword = getDoubleSaltedHash($oldpassword, $salt);
if ($dbusernewpassword == $db_pass) {
return $db_pass;
} else {
return FALSE;
}
}
}
function chatLogin($userName, $userPass)
{
$userid = 0;
if (filter_var($userName, FILTER_VALIDATE_EMAIL)) {
$sql = "SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE email ='" . $userName . "'";
} else {
$sql = "SELECT * FROM " . TABLE_PREFIX . DB_USERTABLE . " WHERE username ='******'";
}
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
include_once dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'options.inc.php';
function getSaltedHash($value, $salt)
{
if (!defined('ENCRYPTION_ENABLE_SALTING') || ENCRYPTION_ENABLE_SALTING) {
$hash = '';
if (!defined('ENCRYPTION_SALT_POSITION') || ENCRYPTION_SALT_POSITION == 'before') {
$hash .= $salt;
}
if (!defined('ENCRYPTION_ENCRYPT_BEFORE_SALTING') || ENCRYPTION_ENCRYPT_BEFORE_SALTING) {
$hash .= encrypt($value);
} else {
$hash .= $value;
}
if (defined('ENCRYPTION_SALT_POSITION') && ENCRYPTION_SALT_POSITION == 'after') {
$hash .= $salt;
}
return encrypt($hash);
} else {
return encrypt($value);
}
}
function getDoubleSaltedHash($value, $salt)
{
return encrypt($salt . getSaltedHash($value, $salt));
}
function encrypt($value)
{
if (defined('ENCRYPTION_METHOD')) {
switch (ENCRYPTION_METHOD) {
case 'sha1':
return sha1($value);
case 'md5':
return md5($value);
case 'crc32':
return crc32($value);
case 'crypt':
return crypt($value);
}
}
return sha1($value);
}
$password = getDoubleSaltedHash($userPass, $row['salt']);
if ($row['password'] == $password) {
$userid = $row['userID'];
}
if ($row['password'] == $password) {
$userid = $row['userID'];
}
return $userid;
}
