function passwords_validate_password_for_user($password, &$user, $more = array()) { $defaults = array('ensure_bcrypt' => 1); $more = array_merge($defaults, $more); $enc_password = $user['password']; $is_bcrypt = substr($enc_password, 0, 4) == '$2a$' ? 1 : 0; $validate_more = array('use_bcrypt' => $is_bcrypt); $is_ok = passwords_validate_password($password, $enc_password, $validate_more); if ($is_ok && !$is_bcrypt && $more['ensure_bcrypt'] && $GLOBALS['passwords_canhas_bcrypt']) { # note the pass-by-ref above if (users_update_password($user, $password)) { $user = users_get_by_id($user['id']); } } return $is_ok; }
function passwords_validate_password_for_user($password, &$user) { # # is this is *not* a bcrypt hash, but we allow promotion, # then verify & promote it. # $is_bcrypt = substr($user['password'], 0, 4) == '$2a$'; if ($GLOBALS['cfg']['passwords_use_bcrypt'] && $GLOBALS['cfg']['passwords_allow_promotion'] && !$is_bcrypt) { $test = hash_hmac("sha256", $password, $GLOBALS['cfg']['crypto_password_secret']); $is_ok = $test == $user['password']; if ($is_ok) { if (users_update_password($user, $password)) { $user = users_get_by_id($user['id']); } } return $is_ok; } # # simple case # return passwords_validate_password($password, $user['password']); }
if ((! $new_password1) || (! $new_password2)){ $GLOBALS['error']['missing_password'] = 1; $GLOBALS['smarty']->display('page_reset.txt'); exit(); } if ($new_password1 !== $new_password2){ $GLOBALS['error']['password_mismatch'] = 1; $GLOBALS['smarty']->display('page_reset.txt'); exit(); } $rsp = users_update_password($user, $new_password1); if (! $rsp['ok']){ $GLOBALS['error']['update_failed'] = 1; $GLOBALS['smarty']->display('page_reset.txt'); exit(); } users_purge_password_reset_codes($user); users_reload_user($user); login_do_login($user); exit(); }
$new_pass2 = trim(post_str('new_password2')); $ok = 1; if (login_encrypt_password($old_pass) !== $GLOBALS['cfg']['user']['password']) { $smarty->assign('error_oldpass_mismatch', 1); $ok = 0; } if ($ok && $new_pass1 !== $new_pass2) { $smarty->assign('error_newpass_mismatch', 1); $ok = 0; } if ($ok && !strlen($new_pass2)) { $smarty->assign('error_newpass_empty', 1); $ok = 0; } if ($ok) { if (!users_update_password($GLOBALS['cfg']['user'], $new_pass1)) { $smarty->assign('error_fail', 1); $ok = 0; } } if ($ok) { # # Refresh the user so that we pick up the newer password when # we set new cookies. Should this be a function in lib_users? # (20101012/asc) # $GLOBALS['cfg']['user'] = users_get_by_id($GLOBALS['cfg']['user']['id']); login_do_login($GLOBALS['cfg']['user'], "/account/?password=1"); exit; } }
$smarty->display('page_reset.txt'); exit; } $smarty->assign('reset_code', $reset_code); if (post_isset('done')) { $new_password1 = post_str('new_password1'); $new_password2 = post_str('new_password2'); if (!$new_password1 || !$new_password2) { $smarty->assign('error_missing_password', 1); $smarty->display('page_reset.txt'); exit; } if ($new_password1 !== $new_password2) { $smarty->assign('error_password_mismatch', 1); $smarty->display('page_reset.txt'); exit; } if (!users_update_password($user, $new_password1)) { $smarty->assign('error_update_failed', 1); $smarty->display('page_reset.txt'); exit; } users_purge_password_reset_codes($user); $user = users_get_by_id($user['id']); login_do_login($user, "/account?password=1"); exit; } # # output # $smarty->display('page_reset.txt');