$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.'); $salt = sprintf("\$2a\$%02d\$", $cost) . $salt; $hash = crypt($password, $salt); $token = storeUsername($username, $hash); $token = updatePassword($username, $hash); $user = getUserRecord($username); setcookie("user_id", $user['user_id']); setcookie("username", $username); setcookie("token", $token); header("Location: index.php"); exit; } else { $error = "Username and password do not match."; } } else { $user = getUserRecord($username); if (crypt($password, $user['hash']) == $user['hash']) { setcookie("user_id", $user['user_id']); setcookie("username", $username); setcookie("token", $user['token']); header("Location: index.php"); exit; } else { $error = "Username and password do not match."; } } } include 'include/header.php'; ?> <div class="content-overlay-box">
<?php require_once 'init.php'; require_once 'user.utils.php'; if ($arg['loggedIn'] && $arg['isAdmin']) { try { // Retreive user account details $userRecord = getUserRecord($i, $_POST['id']); // If user is changing password, verify integrity (must come in hashed) if (isset($_POST['password'])) { verifyPasswordIntegrity($_POST['password']); $userRecord['password'] = $_POST['password']; } // Apply other changed fields if (isset($_POST['username']) && $_POST['username'] != "") { $userRecord['username'] = $_POST['username']; } if (isset($_POST['isAdmin'])) { $userRecord['isAdmin'] = filter_var($_POST['isAdmin'], FILTER_VALIDATE_BOOLEAN); } // Do the update $updatedUserRecord = updateUserRecord($i, $userRecord['public_id'], $userRecord['username'], $userRecord['password'], $userRecord['isAdmin']); echo json_encode(array("success" => true, "userData" => $updatedUserRecord)); } catch (mysqli_sql_exception $exc) { tossError($exc, "There was an internal error while updating the user"); } } else { echo error("Access Denied"); }
<?php require_once 'init.php'; require_once 'user.utils.php'; if ($arg['loggedIn'] && $arg['isAdmin']) { try { // Move storage directory to trash $userRecord = getUserRecord($i, $_GET['i']); try { evacuateUserUploadsDirectory("uploads/", $userRecord['public_id']); } catch (RuntimeException $exc) { tossError($exc, "Could not remoe user's uploads directory"); } // Delete user record (file records will delete via cascade) deleteUserRecord($i, $userRecord['public_id']); echo success("User deleted successfully"); } catch (mysql_sql_exception $exc) { tossError($exc, "There was an internal error while deleting the user"); } } else { echo error("Access Denied"); }
<?php if (isset($_COOKIE['user_id']) && isset($_COOKIE['token']) && isset($_COOKIE['username'])) { $user = getUserRecord($_COOKIE['username']); if ($_COOKIE['user_id'] != $user['user_id'] || $_COOKIE['token'] != $user['token']) { header("Location: login.php"); exit; } } else { header("Location: login.php"); exit; }
$password = ""; $new_password = ""; $confirm_password = ""; if (isset($_POST["password"])) { $password = $_POST["password"]; } if (isset($_POST["new_password"])) { $new_password = $_POST["new_password"]; } if (isset($_POST["confirm_password"])) { $confirm_password = $_POST["confirm_password"]; } if ($new_password != $confirm_password) { $error = "Passwords do not match."; } else { $user = getUserRecord($_COOKIE["username"]); if (crypt($password, $user['hash']) != $user['hash']) { $error = "Invalid current password"; } else { $cost = 10; $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.'); $salt = sprintf("\$2a\$%02d\$", $cost) . $salt; $hash = crypt($new_password, $salt); $token = updatePassword($_COOKIE["username"], $hash); setcookie("token", $token); header("Location: index.php"); exit; } } } include 'include/header.php';