`ip` varchar(90) NOT NULL, `iscustom` varchar(4) NOT NULL, `user` tinytext NOT NULL, `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `country` tinytext NOT NULL, `theme` varchar(65) NOT NULL, `clicks` int(11) NOT NULL, `pw` int(120) NOT NULL, `etc` text, `etc2` text, PRIMARY KEY (`rid`), KEY `baseval` (`baseval`), KEY `ip` (`ip`), KEY `iscustom` (`iscustom`) );'); $acctpass = hashpass($_POST['acctpass']); $nr = sha1(rstr(50)); sqlrun("INSERT INTO auth (username,email,password,rkey,valid,role) VALUES ('{$_POST['acct']}','{$_POST['acctemail']}','{$acctpass}','{$nr}','1','adm') "); echo "You are now finished Polr Setup. You can now close this window, and login to your account <a href='index.php'>here</a> (login form @ top right). <br><br>If you need help, click <a href=\"http://webchat.freenode.net/?channels=#polr\">here</a><br>" . "<br><br><b>Clueless? Read the docs. <a href='https://github.com/Cydrobolt/polr/blob/master/README.md'>https://github.com/Cydrobolt/polr/blob/master/README.md</a></b>"; } else { include 'version.php'; echo "<form name=\"Config Creation\" style='margin:0 auto; width: 650px' method=\"post\" action=\"" . 'setup.php' . "\">"; // DB Config echo "<b style=\"text-align:center\">Database Configuration</b><br />"; echo "Database Host: <input type=\"text\" class='form-control' style='width:650px' name=\"dbserver\" value=\"localhost\"><br>"; echo "Database User: <input type=\"text\" class='form-control' style='width:650px' name=\"dbuser\" value=\"root\"><br>"; echo "Database Pass: <input type=\"password\" class='form-control' style='width:650px' name=\"dbpass\" value=\"password\"><br>"; echo "Database Name: <input type=\"text\" class='form-control' style='width:650px' name=\"dbname\" value=\"polr\"><br>"; // App Config echo "<br /><b style=\"text-align:center\">Application Settings</b><br />"; echo "Application Name: <input type=\"text\" class='form-control' style='width:650px' name=\"appname\" value=\"Polr\"><br>";
<?php session_start(); require 'util.php'; $con = get_con(); $email = ""; if (isset($_POST['pass']) && isset($_POST['email'])) { $email = $_POST['email']; $hashed = hashpass($_POST['pass']); $query = "select password, id from users \n where email='{$_POST['email']}'"; $result = query_or_die($query, $con); $row = mysql_fetch_row($result); if (!$row) { $no_user = "******"; $help_text_user = "******"; } else { if ($row[0] == $hashed) { $_SESSION['email'] = $email; if (isset($_SESSION['user_id'])) { //Anon user pattern, merge delete merge_users($_SESSION['user_id'], $row[1]); delete_user($_SESSION['user_id']); } $_SESSION['user_id'] = $row[1]; $_SESSION['msg'] = array("type" => "success", "text" => "Welcome {$email}!"); go_home(); } else { $bad_pass = "******"; $help_text_pass = "******"; } }
<?php require 'util.php'; $con = get_con(); $email = ''; $new_password = generatePassword(9, 1); $hash_new_password = hashpass($new_password); if (isset($_POST['email'])) { $email = $_POST['email']; $new_query = "select password from users \n where email='{$_POST['email']}'"; $result = query_or_die($new_query, $con); $row = mysql_fetch_row($result); if (!$row) { $no_user = "******"; $help_text_user = "******"; } } $adminemail = '*****@*****.**'; if (isset($_POST['email'])) { $query = "UPDATE users SET password = '******' where email='{$_POST['email']}'"; $result = query_or_die($query, $con); } function generatePassword($length, $strength) { $vowels = 'aeuy'; $consonants = 'bdghjmnpqrstvz'; if ($strength & 1) { $consonants .= 'BDGHJLMNPQRSTVWXZ'; } if ($strength & 2) { $vowels .= "AEUY";
$dbpass = getenv("MYSQL_ENV_MYSQL_PASSWORD"); } $db = getenv("DB_DATABASE"); if (!$db) { $db = getenv("MYSQL_ENV_MYSQL_DATABASE"); } $appurl = getenv("APP_URL"); $appname = getenv("APP_NAME"); $setuppass = hashpass(getenv("SETUP_PASSWORD")); $regtype = getenv("REG_TYPE"); $ipmethod = getenv("IP_METHOD"); $recovery = "false"; $private = getenv("PRIVATE"); $theme = getenv("THEME"); $adminuser = getenv("ADMIN_USER"); $adminpass = hashpass(getenv("ADMIN_PASSWORD")); $adminemail = getenv("ADMIN_EMAIL"); $data = '<?php ' . '$host="' . $dbhost . '";' . '$user="******";' . '$passwd="' . $dbpass . '";' . '$db="' . $db . '";' . '$wsa="' . $appurl . '";' . '$wsn="' . $appname . '";' . '$wsb="' . date("F d Y") . '";' . '$ppass=\'' . $setuppass . '\';' . '$ip=\'' . $ipmethod . '\';' . '$hp="' . sha1(rstr(30)) . '";' . '$regtype=\'' . $regtype . '\';' . '$path="/";' . '$fpass='******';' . '$li_shorten_only=' . $private . ';' . '$theme="' . $theme . '";' . '$unstr="' . rstr(50) . '";' . "?>\n"; file_put_contents("config.php", $data); $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db); $mysqli->query(' CREATE TABLE `api` ( `valid` tinyint(1) NOT NULL, `email` varchar(50) NOT NULL, `apikey` varchar(70) NOT NULL, `quota` int(11) NOT NULL, PRIMARY KEY (`apikey`), UNIQUE KEY `email` (`email`), KEY `email_2` (`email`), KEY `valid` (`valid`), KEY `aindex` (`valid`,`email`)
} elseif ($key == "img") { $param_keys[] = "img = ?"; } elseif ($key == "info") { $param_keys[] = "info = ?"; } } $sql_q = "UPDATE users SET " . implode(',', $param_keys) . " WHERE id = ?"; $sql_s = $mysql->prepare($sql_q); $params = new BindParam(); foreach ($change as $key => $value) { if ($key == "username") { $params->add('s', $value); } elseif ($key == "email") { $params->add('s', $value); } elseif ($key == "password") { $passhash = hashpass($value); $params->add('s', $params); } elseif ($key == "img") { $params->add('s', $value); } elseif ($key == "info") { $params->add('s', $value); } } $params->add('i', $uid); call_user_func_array(array($sql_s, "bind_param"), refValues($params->get())); $sql_s->execute(); $sql_s->close(); if (isset($change['password'])) { $change['password'] = '******'; } log_api_action($api_caller['id'], "editing user: "******" change data: " . http_build_query($change));
$login = false; // Old Password hashing method check $stmt = $mysql->prepare("SELECT state,password,password_salt,id from users where (username = ? or email = ?)"); $stmt->bind_param('ss', $username, $username); $stmt->execute(); $stmt->bind_result($method, $password_h, $password_salt, $uid); $stmt->fetch(); $stmt->close(); if (isValidMd5($password_h)) { $cv_hash = cv_hash($password); if ($password_h == $cv_hash) { updatePassword($uid, $password); $login = true; } } elseif ($method != 3) { $nc_hash = hashpass($password); if ($password_h == $nc_hash) { updatePassword($uid, $password); $login = true; } } else { $options = ['cost' => 11, 'salt' => $password_salt]; $pwd_h = password_hash($password, PASSWORD_BCRYPT, $options); if ($password_h == $pwd_h) { $login = true; } } if ($login) { $ip = stripslashes($_SERVER['REMOTE_ADDR']); $login_q = $mysql->prepare("SELECT users.id as id,username,email,rank,user_titles.title as title from users left join user_titles on user_titles.id = users.rank where users.id = ?"); $login_q->bind_param('i', $uid);
public function auth_user($login, $password) { global $USERSTABLE; $_SESSION['LOGIN_REALM'] = 'local'; //LDAP if (ldap_auth($login, $password)) { //if password is valid in LDAP, we only have to check if user exists in the DB $sql = "SELECT `userID` FROM `{$USERSTABLE}` WHERE login='******' AND act=1;"; } else { //if LDAP didn't work, we check both login and passwd $password = hashpass($password); $sql = "SELECT `userID` FROM `{$USERSTABLE}` WHERE login='******' AND pass='******' AND act=1;"; } //END LDAP $result = db_query($sql); $ileadmin = count($result); if ($ileadmin == 1) { return $result[0][0]; } return -1; }
<?php session_start(); require 'util.php'; $p1 = $_POST['password']; $p2 = $_POST['confirm_password']; $password = hashpass($p1); $email = $_POST['email']; $con = get_con(); /*TODO: * check to make sure email doesn't exist * password not emtpy * passwords match (password1, password2) * sanitize inputs */ if ($p1 == $p2 && !email_exists($email, $con)) { $uid = add_user($email, $password, $con); if ($uid) { $_SESSION['msg'] = array("type" => "success", "text" => "Signup Sucessful!"); $_SESSION['email'] = $_POST['email']; if (isset($_SESSION['user_id'])) { //Anon user pattern, merge delete merge_users($_SESSION['user_id'], $uid); delete_user($_SESSION['user_id']); } $_SESSION['user_id'] = $uid; go_home(); } else { die('Error: ' . mysql_error()); } } else {