<?php // start session session_start(); // including functions include '../phpFunctions/functions.php'; // print $_POST array in log error file (for testing purposes) file_put_contents('php://stderr', print_r($_POST, TRUE)); // placing username and email into local variables $username = $_POST['username']; $email = $_POST['email']; if ($_POST["pass"] !== $_POST["conf"]) { $result = array('status' => 'passError'); echo json_encode($result); } else { if (testPassword($_POST["pass"]) < 3) { $result = array('status' => 'weakPass'); echo json_encode($result); } else { // hashing password $hash = password_hash($_POST["pass"], PASSWORD_DEFAULT); // check if e-mail address is well-formed if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $result = array('status' => 'emailError'); echo json_encode($result); } else { // establish connection with database $connection = db_connect(); // inserting new user into database $new_user = db_query("INSERT INTO `users` (`username`, `email`, `hash`) \n\t\t\tVALUES ('{$username}', '{$email}', '{$hash}')"); // return error if username is already taken
if ($length >= 8 && $length <= 15) { $strength += 1; } /*** check if lenth is 16 - 35 chars ***/ if ($length >= 16 && $length <= 35) { $strength += 2; } /*** check if length greater than 35 chars ***/ if ($length > 35) { $strength += 3; } /*** get the numbers in the password ***/ preg_match_all('/[0-9]/', $password, $numbers); $strength += count($numbers[0]); /*** check for special chars ***/ preg_match_all("/[|!@#\$%&*\\/=?,;.:\\-_+~^\\\\]/", $password, $specialchars); $strength += sizeof($specialchars[0]); /*** get the number of unique chars ***/ $chars = str_split($password); $num_unique_chars = sizeof(array_unique($chars)); $strength += $num_unique_chars * 2; /*** strength is a number 1-10; ***/ $strength = $strength > 99 ? 99 : $strength; $strength = floor($strength / 10 + 1); return $strength; } $password = $_POST['passwordvalue']; echo testPassword($password); } else { header('location:errorpage.php'); }
$counter = $row['counter']; $timer = $row['timer']; $lasttime = $row['time']; $time = date(DATE_RFC822); $lastbrowser = $row['browser']; $browser = getBrowserFingerprint(); $result->free_result(); if (time() - $timer >= 30) { $counter = 0; } if ($counter >= 3) { $_SESSION['loginMessage'] = "Blokada logowania poczekaj chwilę"; header('Location: ../signin.php'); exit; } if (testPassword($password, $db_password) == true) { $result = @$connection->query(sprintf("UPDATE users SET counter='%d' , timer='%s' , time='%s' , lasttime='%s' , browser='%s' , lbrowser='%s' WHERE login='******'", 0, time(), $time, $lasttime, $browser, $lastbrowser, $row['login'])); $_SESSION['lasttime'] = $lasttime; $_SESSION['lastbrowser'] = $lastbrowser; $_SESSION['time'] = $time; $_SESSION['browser'] = $browser; $_SESSION['logged'] = true; $_SESSION['user'] = $login; header('Location: ../index.php'); exit; } else { $counter++; $result = @$connection->query(sprintf("UPDATE users SET counter='%d' , timer='%s' WHERE login='******'", $counter, time(), $row['login'])); } } else { $_SESSION['loginMessage'] = "Login lub hasło nieprawidłowe";
require_once "hash.php"; session_start(); if (!isset($_SESSION['logged'])) { header('Location: ../index.php'); exit; } $connection = @new mysqli($host, $db_user, $db_password, $db_name); if ($connection->connect_errno != 0) { $_SESSION['message'] = "Error" . $connection->connect_errno . $connection->connect_error; } else { $old_pass = htmlentities($_POST['old_pass'], ENT_QUOTES, "UTF-8"); $new_pass = htmlentities($_POST['new_pass'], ENT_QUOTES, "UTF-8"); $login = $_SESSION['user']; if ($result = @$connection->query(sprintf(" SELECT * FROM users WHERE login='******' ", mysqli_real_escape_string($connection, $login)))) { if ($result->num_rows > 0) { $row = $result->fetch_assoc(); $db_old_pass = $row['password']; $result->free_result(); if (testPassword($old_pass, $db_old_pass) == true) { $new_pass = hashPassword($new_pass); if ($result = @$connection->query(sprintf("UPDATE users SET password = '******' WHERE login='******' ", $new_pass, mysqli_real_escape_string($connection, $login)))) { $_SESSION['message'] = "Hasło zostało pomyślnie zmienione"; } } else { $_SESSION['message'] = "Stare hasło jest nieprawidłowe"; } } } $connection->close(); } header('Location: ../changePass.php');
#ini_set('display_startup_errors', 1); #ini_set('log_errors', 1); #ini_set('error_reporting', E_ALL); include "../includes/defaults.inc.php"; include "../config.php"; include "../includes/functions.php"; include "includes/authenticate.inc.php"; if (!$_SESSION['authenticated']) { echo "unauthenticated"; exit; } require "includes/jpgraph/src/jpgraph.php"; include "includes/jpgraph/src/jpgraph_line.php"; include "includes/jpgraph/src/jpgraph_utils.inc.php"; if ($_GET['bill_id']) { if (testPassword($_GET['bill_id'], $_GET['bill_code']) == "1") { $bill_id = $_GET['bill_id']; } else { echo "Unauthorised Access Prohibited."; exit; } } else { echo "Unauthorised Access Prohibited."; exit; } $start = $_GET[from]; $end = $_GET[to]; $xsize = $_GET[x]; $ysize = $_GET[y]; $count = $_GET[count]; $count = $count + 0;
$username = $_POST["username"]; $old_pass = $_POST["oldPass"]; $new_pass = $_POST["newPass"]; $conf = $_POST["conf"]; $user_id = $_SESSION["id"]; // for testing purposes file_put_contents('php://stderr', print_r($_SESSION['id'], TRUE)); if (empty($username) || empty($old_pass) || empty($new_pass) || empty($conf)) { $result = array("status" => "errorEmpty"); echo json_encode($result); } else { if ($new_pass !== $conf) { $result = array("status" => "confError"); echo json_encode($result); } else { if (testPassword($new_pass) < 3) { $result = array("status" => "weakPass"); echo json_encode($result); } else { // get id, username, email, and password of currently logged user $rows = db_select("SELECT * FROM `users` WHERE id='{$user_id}'"); file_put_contents('php://stderr', print_r($rows, TRUE)); // if there is no mach in database if ($rows[0]["username"] !== $username) { // send an error to js controller $result = array("status" => "errorName"); echo json_encode($result); } else { if (!password_verify($old_pass, $rows[0]["hash"])) { $result = array("status" => "errorOldPass"); echo json_encode($result);