public function ok_f() { $_back = $this->get("_back"); if (!$_back) { $_back = $this->url; $error_url = $this->url('login'); } else { $error_url = $this->url('login', '', '_back=' . rawurlencode($_back)); } if ($_SESSION["user_id"]) { error(P_Lang('您已是本站会员,不需要再次登录'), $_back); } if ($this->config['is_vcode'] && function_exists('imagecreate')) { $code = $this->get('_chkcode'); if (!$code) { error(P_Lang('验证码不能为空'), $error_url, 'error'); } $code = md5(strtolower($code)); if ($code != $_SESSION['vcode']) { error(P_Lang('验证码填写不正确'), $error_url, 'error'); } unset($_SESSION['vcode']); } //获取登录信息 $user = $this->get("user"); if (!$user) { error(P_Lang('账号不能为空'), $error_url, 'error'); } $pass = $this->get("pass"); if (!$pass) { error(P_Lang('会员密码不能为空'), $error_url, 'error'); } //多种登录方式 $user_rs = $this->model('user')->get_one($user, 'user'); if (!$user_rs) { $user_rs = $this->model('user')->get_one($user, 'email'); if (!$user_rs) { $user_rs = $this->model('user')->get_one($user, 'mobile'); if (!$user_rs) { error(P_Lang('会员信息不存在'), $error_url, 'error'); } } } if (!$user_rs['status']) { error(P_Lang('会员审核中,暂时不能登录'), $error_url, 'error'); } if ($user_rs['status'] == '2') { error(P_Lang('会员被管理员锁定,请联系管理员解锁'), $error_url, 'error'); } if (!password_check($pass, $user_rs["pass"])) { error(P_Lang('登录密码不正确'), $error_url, 'error'); } $_SESSION["user_id"] = $user_rs['id']; $_SESSION["user_gid"] = $user_rs['group_id']; $_SESSION["user_name"] = $user_rs["user"]; error(P_Lang('会员登录成功'), $_back, 'ok'); }
function check_f() { if ($_SESSION['admin_id']) { $this->json(P_Lang('您已成功登录,无需再次验证')); } $user = $this->get('user'); if (!$user) { $this->json(P_Lang('管理员账号不能为空')); } $pass = $this->get('pass'); if (!$pass) { $this->json(P_Lang('密码不能为空')); } //验证码检测 if ($this->config['is_vcode'] && function_exists('imagecreate')) { $code = $this->get("_code"); if (!$code) { $this->json(P_Lang('验证码不能为空')); } $code = md5(strtolower($code)); if ($code != $_SESSION['vcode_admin']) { $this->json(P_Lang('验证码填写不正确')); } } $rs = $this->model('admin')->get_one_from_name($user); if (!$rs) { $this->json(P_Lang('管理员信息不存在')); } if (!password_check($pass, $rs["pass"])) { $this->json(P_Lang('管理员密码输入不正确')); } if (!$rs["status"]) { $this->json(P_Lang("管理员账号已被锁定,请联系超管!")); } //获取管理员的权限 if (!$rs["if_system"]) { $popedom_list = $this->model('admin')->get_popedom_list($rs["id"]); if (!$popedom_list) { $this->json(P_Lang('你的管理权限未设置好,请联系超级管理员进行设置')); } $_SESSION["admin_popedom"] = $popedom_list; //非系统管理员,判断都有哪些站点权限 $site_id = $this->model('popedom')->get_site_id($popedom_list); if (!$site_id) { $this->json(P_Lang('你的管理权限未设置好,请联系超级管理员进行设置')); } $_SESSION["admin_site_id"] = $site_id; } else { $_SESSION["admin_site_id"] = $this->site['id']; } $_SESSION["admin_id"] = $rs["id"]; $_SESSION["admin_account"] = $rs["account"]; $_SESSION["admin_rs"] = $rs; unset($_SESSION['vcode_admin']); $this->json(true); }
public function save_f() { if ($_SESSION['user_id']) { $this->json(P_Lang('您已是本站会员,不需要再次登录')); } if ($this->config['is_vcode'] && function_exists('imagecreate')) { $code = $this->get('_chkcode'); if (!$code) { $this->json(P_Lang('验证码不能为空')); } $code = md5(strtolower($code)); if ($code != $_SESSION['vcode']) { $this->json(P_Lang('验证码填写不正确')); } unset($_SESSION['vcode']); } $user = $this->get("user"); if (!$user) { $this->json(P_Lang('账号不能为空')); } $pass = $this->get("pass"); if (!$pass) { $this->json(P_Lang('会员密码不能为空')); } //多种登录方式 $user_rs = $this->model('user')->get_one($user, 'user'); if (!$user_rs) { $user_rs = $this->model('user')->get_one($user, 'email'); if (!$user_rs) { $user_rs = $this->model('user')->get_one($user, 'mobile'); if (!$user_rs) { $this->json(P_Lang('会员信息不存在')); } } } if (!$user_rs['status']) { $this->json(P_Lang('会员审核中,暂时不能登录')); } if ($user_rs['status'] == '2') { $this->json(P_Lang('会员被管理员锁定,请联系管理员解锁')); } if (!password_check($pass, $user_rs["pass"])) { $this->json(P_Lang('登录密码不正确')); } $_SESSION["user_id"] = $user_rs['id']; $_SESSION["user_gid"] = $user_rs['group_id']; $_SESSION["user_name"] = $user_rs["user"]; $this->json(true); }
function attempt_login($username, $password) { $find_user = find_user_by_username($username); $user = $find_user[0]; if (isset($user)) { if (password_check($password, $user['password'])) { // password matches return $user; } else { // password does not match return false; } } else { // user not found return false; } }
function attempt_login($username, $hashed_password) { $admin = find_admin_by_username($username); if ($admin_set) { // found admin, now check password if (password_check($hashed_password, $admin_set["hashed_password"])) { // password matches return $admin_set; } else { // password does not match return false; } } else { // admin not found return false; } }
function submit_f() { $oldpass = $this->get("oldpass"); if (!$oldpass) { error(P_Lang('管理员密码验证不能为空'), $this->url("me", "setting"), "error"); } $rs = $this->model('admin')->get_one($_SESSION["admin_id"]); if (!password_check($oldpass, $rs["pass"])) { error(P_Lang("管理员密码不正确"), $this->url("me", "setting"), "error"); } $name = $this->get('name'); $array = array('email' => $this->get('email')); $update_login = false; $admin = $this->model('admin')->get_one($_SESSION['admin_id'], 'id'); $tip = P_Lang('信息修改成功'); if ($name && $name != $admin['account']) { //修改管理员账号 $check = $this->model('admin')->check_account($name, $_SESSION['admin_id']); if ($check) { error(P_Lang('管理员账号已经存在,请重新设置'), $this->url('me', 'setting'), 'error'); } $array['account'] = $name; $update_login = true; $tip = P_Lang('管理员账号信息变更成功,请重新登录'); } $newpass = $this->get("newpass"); if ($newpass) { $chkpass = $this->get("chkpass"); if ($newpass != $chkpass) { error(P_Lang("两次输入的新密码不一致"), $this->url("me", "setting"), "error"); } $array['pass'] = password_create($newpass); $tip = P_Lang('密码修改成功,请下次登录后使用新密码登录!'); } $array['fullname'] = $this->get('fullname'); $array['close_tip'] = $this->get('close_tip'); $this->model('admin')->save($array, $_SESSION['admin_id']); if ($update_login) { error($tip, $this->url('logout'), 'ok'); } else { $info = $this->model('admin')->get_one($_SESSION['admin_id'], 'id'); $_SESSION['admin_rs'] = $info; $html = '<input type="button" value=" ' . P_Lang('确定') . ' " class="submit" onclick="$.dialog.close();" />'; error_open($tip, "ok", $html); } }
function attempt_login($username, $password) { $admin = find_user_by_username($username); if ($admin) { if (password_check($password, $admin)) { return $admin; } else { echo "<div id=\"error\">"; echo " password does not match"; echo "</div>"; return false; } } else { // user not found return false; } }
function validate_user($username, $password) { global $connection; $safe_username = mysql_prep($username); $query = "SELECT password FROM user_auth WHERE user_id = '{$username}' LIMIT 1"; $password_set = mysqli_query($connection, $query); $fetched_password = mysqli_fetch_assoc($password_set); if (isset($fetched_password)) { if (password_check($password, $fetched_password['password'])) { return true; } else { return false; } } else { return false; } }
public static function authenticate($username = "", $password = "") { global $database; if ($result_set = self::find_by_field("username", $username)) { $user = array_shift($result_set); } else { $user = false; } $password = $database->escape_value($password); if ($user) { if (password_check($password, $user->password)) { return $user; } else { return false; } } else { return false; } }
function user_authenticate($Username, $Password) { lib('Passwords'); global $pdo; $stmt = $pdo->prepare(' SELECT `password` FROM `users` WHERE `username` = :username '); $stmt->bindValue(':username', $Username); $stmt->execute(); if (!($row = $stmt->fetch())) { return false; } if (password_check($Password, $row['password'])) { $GLOBALS['user'] = new User($Username); return true; } else { return false; } }
function attempt_login($username, $pword) { //echo 'attempt_login ' . $password . ' — ' . $username . '<br/>'; //var_dump($password); //hash password $password = crypt($pword, CRYPT_BLOWFISH); $find_user = find_user_by_username($username); $user = $find_user[0]; //echo '<br/><br/>$user: '******'<br/>password_check called'; if (password_check($password, $user['password'])) { // password matches return $user; } else { // password does not match return false; } } else { // user not found return false; } }
function attempt_login_user($username, $password) { $user = find_user_by_username($username); if ($user) { if (password_check($password, $user["hashed_password"])) { return $user; } else { return false; } } else { return false; } }
printf('<input type="hidden" name="attr" value="%s" />', $request['attribute']); echo '<table class="forminput" width="100%" border="0">'; echo '<tr>'; printf('<td class="heading">%s</td>', _('Compare')); printf('<td><input type="%s" name="hash" id="hash" value="%s" /></td>', obfuscate_password_display($request['enc_type']) ? 'password' : 'text', htmlspecialchars($request['hash'])); echo '</tr>'; echo '<tr>'; printf('<td class="heading">%s</td>', _('To')); printf('<td><input type="password" name="check_password" value="%s" /></td>', htmlspecialchars($request['password'])); echo '</tr>'; echo '<tr>'; echo '<td> </td>'; echo '<td><input type="submit" value="Compare" />'; if ($request['action'] == 'compare') { echo ' <b>'; if (password_check($request['hash'], $request['password'], $request['attribute'])) { printf('<span class="good">%s</span>', _('Passwords match!')); } else { printf('<span class="bad">%s</span>', _('Passwords do not match!')); } echo '</b>'; } echo '</td>'; echo '</tr>'; echo '</table>'; echo '</form>'; # Pull our password from the form that opened this window. if ($request['componentid']) { echo '<script type="text/javascript">'; printf('var c = window.opener.document.getElementById("%s");', $request['componentid']); printf('var h = document.getElementById("%s");', 'hash');
var_dump(get_container("dc=com")); echo "<br>\n"; echo "Should be null: "; var_dump(get_container("Fred")); echo "<br>\n"; } // tests pla_explode_dn() if (false) { var_dump(pla_explode_dn("cn=<stuff>,dc=example,dc=<com>")); } if (false) { $password = '******'; foreach (array('md5', 'md5crypt', 'sha', 'ssha', 'smd5', 'crypt', 'clear') as $enc_type) { $crypted_password = password_hash($password, $enc_type); print "[" . $enc_type . "] " . $crypted_password . "<br />"; print " Test: " . (password_check($crypted_password, $password) ? "passed" : "failed"); print "\n"; //unset($crypted_password); flush(); } } if (true) { $secret = "foobar"; $passwords = array('fun!244A', 'asdf', 'dc=stuff,ou=things', 'y()ikes'); $passwords_encrypted = array(); foreach ($passwords as $password) { $passwords_encrypted[] = pla_blowfish_encrypt($password, $secret); } $passwords_decrypted = array(); foreach ($passwords_encrypted as $password) { $passwords_decrypted[] = pla_blowfish_decrypt($password, $secret);
function attempt_login($username, $password) { $user = find_user($username); if ($user) { /* user found, now verify password */ if (password_check($password, $user["user_pass"])) { /* password matches */ return $user; } else { /* password does not match */ return false; } } else { /* user not verified */ return false; } }
break; } $redirect .= $post_reportid ? '&post_reportid=$post_reportid' : ''; redirect(append_sid("login.{$phpEx}?redirect=posting.{$phpEx}&" . $redirect, true)); } // // Password check // if (!$is_auth['auth_mod'] && $userdata['user_level'] != ADMIN) { $redirect = str_replace("&", "&", preg_replace('#.*?([a-z]+?\\.' . $phpEx . '.*?)$#i', '\\1', htmlspecialchars($HTTP_SERVER_VARS['REQUEST_URI']))); if ($HTTP_POST_VARS['cancel']) { redirect(append_sid("index.{$phpEx}")); } else { if ($HTTP_POST_VARS['pass_login']) { if ($post_info['forum_password'] != '') { password_check('forum', $forum_id, $HTTP_POST_VARS['password'], $redirect); } } } if ($post_info['forum_password'] != '') { $passdata = isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_fpass']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_fpass'])) : ''; if ($passdata[$forum_id] != md5($post_info['forum_password'])) { password_box('forum', $redirect); } } } // // END: Password check // // // Set toggles for various options
<h4 class="text-center"><mark><a href="<?php echo $_SERVER["PHP_SELF"]; ?> ">my modele</a> </mark></h4> <?php $admin = find_admin_by_username("kamy"); //foreach($admin as $key=>$val){ // echo $key." :".$val."<br>"; //} echo " database hashed :<br>" . $admin["hashed_password"] . "<br>"; $existing_password = $admin["hashed_password"]; $password = "******"; $existing_password = password_encrypt($password); echo " password encrypt :<br>" . $existing_password . "<br>"; $existing_password = password_encrypt($password); echo " password encrypt :<br>" . $existing_password . "<br>"; $check = password_check($password, $existing_password); echo "<br>"; if ($check) { echo "password match"; } else { echo "password did not match"; } //var_dump($admin); ?> <?php include "../includes/layouts/footer_2.php";
function attempt_login($username, $password) { $admin = find_admin_by_username($username); if ($admin) { //admin found,check password if (password_check($password, $admin['password'])) { //password matches return $admin; } else { return false; } } else { ///return false, admin not found return false; } }
function phpok_user_login($id, $pass = "", $field = 'id') { if (!$id) { return P_Lang('未指定会员账号或Email或手机号或ID号'); } $rs = $GLOBALS['app']->model('user')->get_one($id, $field); if (!$rs) { return P_Lang('会员信息不存在'); } if (!$rs["status"]) { return P_Lang('会员账号未审核'); } if ($rs['status'] == '2') { return P_Lang('会员账号被锁定,请联系管理员'); } if ($pass && !password_check($pass, $rs["pass"])) { return P_Lang('会员账号验证不通过,密码不正确'); } $_SESSION["user_id"] = $id; $_SESSION["user_gid"] = $rs['group_id']; $_SESSION["user_name"] = $rs["user"]; return 'ok'; }
function attempt_login($username, $password) { //used in login page...provided the username and password from user $admin = find_admin_by_username($username); if ($admin) { // found admin, now check password if (password_check($password, $admin["hashed_password"])) { // password matches return $admin; } else { // password does not match return false; } } else { // admin not found return false; } }
/** * This will attempt login with given credentials * @param password & email as entered by user on form */ function attempt_login($username, $password) { $user = find_user_by_username($username); if ($user) { // found admin, now check password if (password_check($password, $user["hashed_password"])) { // password matches return $user; } else { // password does not match return false; } } else { // admin not found return false; } }
function attempt_employee_login($user, $password) { $user1 = find_employee_by_email($user); if ($user1) { // found user, now check password if (password_check($password, $user1["Password"])) { // password matches return $user1; } else { // password does not match return false; } } else { // user not found return false; } }
function attempt_student_login($student_username, $student_password) { $student = find_student_by_username($student_username); if ($student) { //found admin, now check password if (password_check($student_password, $student["hashed_password"])) { // password matches return $student; } else { // password does not match return false; } } else { // admin not found return false; } }
function attempt_login($username, $password) { $admin = find_admin_by_username($username); if ($admin) { if (password_check($password, $admin["hashed_password"])) { return $admin; } else { return false; } } else { return false; } }
/** * Generates passwords till 5th level of strength, 6-7 - only for humans:) * * @param int $length * @param int $strength In range [1..5], but it must be smaller, than $length<br><br> * <b>1</b> - numbers<br> * <b>2</b> - numbers + letters<br> * <b>3</b> - numbers + letters in different registers<br> * <b>4</b> - numbers + letters in different registers + special symbol<br> * <b>5</b> - numbers + letters in different registers + special symbols (more than one) * * @return string */ function password_generate($length = 10, $strength = 5) { static $special = ['~', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '_', '=', '+', '|', '\\', '/', ';', ':', ',', '.', '?', '[', ']', '{', '}']; static $small, $capital; if ($length < 4) { $length = 4; } if ($strength < 1) { $strength = 1; } elseif ($strength > $length) { $strength = $length; } if ($strength > 5) { $strength = 5; } if (!isset($small)) { $small = range('a', 'z'); } if (!isset($capital)) { $capital = range('A', 'Z'); } $password = []; $symbols = range(0, 9); if ($strength > 5) { $strength = 5; } if ($strength > $length) { $strength = $length; } if ($strength > 3) { $symbols = array_merge($symbols, $special); } if ($strength > 2) { $symbols = array_merge($symbols, $capital); } if ($strength > 1) { $symbols = array_merge($symbols, $small); } $size = count($symbols) - 1; while (true) { for ($i = 0; $i < $length; ++$i) { $password[] = $symbols[mt_rand(0, $size)]; } shuffle($password); if (password_check(implode('', $password)) == $strength) { return implode('', $password); } $password = []; } return ''; }
} unset($item, $value, $columns); if ($_POST['user']['block_until'] > TIME) { $block_until = $user_data['block_until']; $block_until = explode('T', $block_until); $block_until[0] = explode('-', $block_until[0]); $block_until[1] = explode(':', $block_until[1]); $user_data['block_until'] = mktime($block_until[1][0], $block_until[1][1], 0, $block_until[0][1], $block_until[0][2], $block_until[0][0]); unset($block_until); } else { $user_data['block_until'] = 0; } if ($user_data['password']) { if (strlen($user_data['password']) < $Config->core['password_min_length']) { $Page->warning($L->password_too_short); } elseif (password_check($user_data['password'], $Config->core['password_min_length']) < $Config->core['password_min_strength']) { $Page->warning($L->password_too_easy); } else { $user_data['password_hash'] = hash('sha512', hash('sha512', $user_data['password']) . Core::instance()->public_key); } } unset($user_data['password']); if ($user_data['login'] && $user_data['login'] != $User->get('login', $id) && (!filter_var($user_data['login'], FILTER_VALIDATE_EMAIL) && $User->get_id(hash('sha224', $user_data['login'])) === false || $user_data['login'] == $user_data['email'])) { $user_data['login_hash'] = hash('sha224', $user_data['login']); } else { if ($user_data['login'] != $User->get('login', $id)) { $Page->warning($L->login_occupied_or_is_not_valid); } unset($user_data['login']); } if ($user_data['email']) {
function attempt_login($username, $password) { $admin = find_admin_by_username($username); if ($admin) { // found admin in database if (password_check($password, $admin["hashed_password"])) { // password matches return $admin; } else { return false; } } else { return false; } }
function phpraid_login() { global $db_raid, $phpraid_config; global $db_user_id, $db_user_name, $db_user_email, $db_user_password, $table_prefix, $db_table_user_name; $username = $password = ""; if (isset($_POST['username'])) { // User is logging in, set encryption flag to 0 to identify login with plain text password. $pwdencrypt = FALSE; $username = mb_strtolower(scrub_input($_POST['username']), "UTF-8"); $password = $_POST['password']; } elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) { // User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password. $pwdencrypt = TRUE; $username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8"); $password = $_COOKIE['password']; } else { phpraid_logout(); } $sql = "SELECT * FROM " . $phpraid_config['db_prefix'] . "profile"; $sql = sprintf("SELECT " . $db_user_id . " , " . $db_user_name . " , " . $db_user_email . " , " . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username)); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); while ($data = $db_raid->sql_fetchrow($result, true)) { if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) { // User is properly logged in and is allowed to use WRM, go ahead and process his login. $autologin = scrub_input($_POST['autologin']); if (isset($autologin)) { // they want automatic logins so set the cookie // set to expire in one month setcookie('username', $data[$db_user_name], time() + 2629743); setcookie('password', $cmspass, time() + 2629743); } // set user profile variables $_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8"); $_SESSION['session_logged_in'] = 1; $_SESSION['profile_id'] = $data[$db_user_id]; $_SESSION['email'] = $data[$db_user_email]; // get user permissions get_permissions(); // ******************** // * NOTE * IUMS Auth does not do profile checking like external bridges do. // ******************** /* if($phpraid_config['default_group'] != 'nil') $user_priv = $phpraid_config['default_group']; else $user_priv = '0'; */ // User is all logged in and setup, the session is initialized properly. Now we need to create the users // profile in the WRM database if it does not already exist. /* $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s", quote_smart($_SESSION['profile_id']) ); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); if ($data = $db_raid->sql_fetchrow($result)) {*/ //We found the profile in the database, update. /* $sql = sprintf( "UPDATE " . $phpraid_config['db_prefix'] . "profile ". " SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']),quote_smart($wrmuserpassword), quote_smart(time()),quote_smart($_SESSION['profile_id']) ); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); } else { //Profile not found in the database or DB Error, insert. $sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)", quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmuserpassword), quote_smart($user_priv), quote_smart(strtolower($_SESSION['username'])), quote_smart(time()) ); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); }*/ $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET last_login_time=%s WHERE profile_id=%s", quote_smart(time()), quote_smart($_SESSION['profile_id'])); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); //security fix unset($username); unset($password); unset($cmspass); return 1; } } return 0; }
function phpraid_login() { global $db_user_id, $db_group_id, $db_user_name, $db_user_email, $db_user_password, $db_table_user_name; global $db_table_group_name, $auth_user_class, $auth_alt_user_class, $table_prefix, $db_raid, $phpraid_config; $username = $password = ""; if (isset($_POST['username'])) { // User is logging in, set encryption flag to 0 to identify login with plain text password. $pwdencrypt = FALSE; $username = mb_strtolower(scrub_input($_POST['username']), "UTF-8"); $password = $_POST['password']; $wrmpass = md5($_POST['password']); } elseif (isset($_COOKIE['username']) && isset($_COOKIE['password'])) { // User is not logging in but processing cooking, set encryption flag to 1 to identify login with encrypted password. $pwdencrypt = TRUE; $username = mb_strtolower(scrub_input($_COOKIE['username']), "UTF-8"); $password = $_COOKIE['password']; $wrmpass = ''; } else { phpraid_logout(); } // from site/page/.. change pwd (testing) //if(isset($_POST['username2'])){ // $username = scrub_input(strtolower($_POST['username2'])); //$password = $pwd_hasher->HashPassword($_POST['password2']); // $password = md5($_POST['password2']); //} //database $sql = sprintf("SELECT " . $db_user_id . "," . $db_user_name . "," . $db_user_email . "," . $db_user_password . " FROM " . $table_prefix . $db_table_user_name . " WHERE " . $db_user_name . " = %s", quote_smart($username)); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); //WRM database //$sql = sprintf("SELECT username, password FROM " . $phpraid_config['db_prefix'] . "profile WHERE username = %s", // quote_smart($username) // ); //$result2 = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); //if ($data2 = $db_raid->sql_fetchrow($result2)) //{ // $wrmuserpassword = $data2['password']; //} while ($data = $db_raid->sql_fetchrow($result, true)) { //$testVal = password_check($password, $data[$db_user_id]); //echo "<br>Processing: " . $data[$db_user_name] . " : Password Check: " . $testVal; if ($username == mb_strtolower($data[$db_user_name], "UTF-8") && ($cmspass = password_check($password, $data[$db_user_id], $pwdencrypt))) { // The user has a matching username and proper password in the phpbb database. // We need to validate the users group. If it does not contain the user group that has been set as // authorized to use WRM, we need to fail the login with a proper message. if ($auth_user_class != 0) { $FoundUserInGroup = FALSE; $sql = sprintf("SELECT " . $db_user_id . "," . $db_group_id . " FROM " . $table_prefix . $db_table_group_name . " WHERE " . $db_user_id . " = %s", quote_smart($data[$db_user_id])); $resultgroup = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); while ($datagroup = $db_raid->sql_fetchrow($resultgroup, true)) { if ($datagroup[$db_group_id] == $auth_user_class or $datagroup[$db_group_id] == $auth_alt_user_class) { $FoundUserInGroup = TRUE; } } if ($FoundUserInGroup == FALSE) { phpraid_logout(); return -1; } } // User is properly logged in and is allowed to use WRM, go ahead and process his login. $autologin = scrub_input($_POST['autologin']); if (isset($autologin)) { // they want automatic logins so set the cookie // set to expire in one month setcookie('username', $data[$db_user_name], time() + 2629743); setcookie('password', $cmspass, time() + 2629743); } // set user profile variables $_SESSION['username'] = mb_strtolower($data[$db_user_name], "UTF-8"); $_SESSION['session_logged_in'] = 1; $_SESSION['profile_id'] = $data[$db_user_id]; $_SESSION['email'] = $data[$db_user_email]; if ($phpraid_config['default_group'] != 'nil') { $user_priv = $phpraid_config['default_group']; } else { $user_priv = '0'; } // User is all logged in and setup, the session is initialized properly. Now we need to create the users // profile in the WRM database if it does not already exist. $sql = sprintf("SELECT * FROM " . $phpraid_config['db_prefix'] . "profile WHERE profile_id = %s", quote_smart($_SESSION['profile_id'])); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); if ($data = $db_raid->sql_fetchrow($result)) { //We found the profile in the database, update. if ($wrmpass != '') { $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, password = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart(time()), quote_smart($_SESSION['profile_id'])); } else { $sql = sprintf("UPDATE " . $phpraid_config['db_prefix'] . "profile SET email = %s, last_login_time = %s WHERE profile_id = %s", quote_smart($_SESSION['email']), quote_smart(time()), quote_smart($_SESSION['profile_id'])); } $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); } else { //Profile not found in the database or DB Error, insert. $sql = sprintf("INSERT INTO " . $phpraid_config['db_prefix'] . "profile VALUES (%s, %s, %s, %s, %s, %s)", quote_smart($_SESSION['profile_id']), quote_smart($_SESSION['email']), quote_smart($wrmpass), quote_smart($user_priv), quote_smart(mb_strtolower($_SESSION['username'], "UTF-8")), quote_smart(time())); $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); } get_permissions(); //security fix unset($username); unset($password); unset($cmspass); unset($wrmpass); return 1; } } return 0; }
function attempt_login($username, $password) { $admin = find_admin_by_username($username); if ($admin) { // found admin, now check password. if (password_check($password, $admin['hashed_password'])) { // Password matches. return $admin; } else { // Password does not match. return false; } } else { // admin not found. return false; } }