/**
* Handle User Password Input and Validation
*/
private function _setPassword()
{
global $defender;
$locale = fusion_get_locale();
if ($this->_method == 'validate_insert') {
$this->_newUserPassword = self::_getPasswordInput('user_password1');
$this->_newUserPassword2 = self::_getPasswordInput('user_password2');
if (!empty($this->_newUserPassword)) {
$passAuth = new PasswordAuth();
$passAuth->inputNewPassword = $this->_newUserPassword;
$passAuth->inputNewPassword2 = $this->_newUserPassword2;
$_isValidNewPassword = $passAuth->isValidNewPassword();
switch ($_isValidNewPassword) {
case '0':
// New password is valid
$this->_newUserPasswordHash = $passAuth->getNewHash();
$this->_newUserPasswordAlgo = $passAuth->getNewAlgo();
$this->_newUserPasswordSalt = $passAuth->getNewSalt();
$this->data['user_algo'] = $this->_newUserPasswordAlgo;
$this->data['user_salt'] = $this->_newUserPasswordSalt;
$this->data['user_password'] = $this->_newUserPasswordHash;
$this->_isValidCurrentPassword = 1;
if (!defined('ADMIN_PANEL') && !$this->skipCurrentPass) {
Authenticate::setUserCookie($this->userData['user_id'], $passAuth->getNewSalt(), $passAuth->getNewAlgo(), FALSE);
}
break;
case '1':
// New Password equal old password
$defender->stop();
$defender->setInputError('user_password2');
$defender->setInputError('user_password2');
$defender->setErrorText('user_password', $locale['u134'] . $locale['u146'] . $locale['u133']);
$defender->setErrorText('user_password2', $locale['u134'] . $locale['u146'] . $locale['u133']);
break;
case '2':
// The two new passwords are not identical
$defender->stop();
$defender->setInputError('user_password1');
$defender->setInputError('user_password2');
$defender->setErrorText('user_password1', $locale['u148']);
$defender->setErrorText('user_password2', $locale['u148']);
break;
case '3':
// New password contains invalid chars / symbols
$defender->stop();
$defender->setInputError('user_password1');
$defender->setErrorText('user_password1', $locale['u134'] . $locale['u142'] . "<br />" . $locale['u147']);
break;
}
} else {
$defender->stop();
$defender->setInputError('user_password1');
$defender->setErrorText('user_password1', $locale['u134'] . $locale['u143a']);
}
} elseif ($this->_method == 'validate_update') {
$this->_userPassword = self::_getPasswordInput('user_password');
$this->_newUserPassword = self::_getPasswordInput('user_password1');
$this->_newUserPassword2 = self::_getPasswordInput('user_password2');
if ($this->_userPassword) {
/**
* Validation of Password
*/
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $this->_userPassword;
$passAuth->inputNewPassword = $this->_newUserPassword;
$passAuth->inputNewPassword2 = $this->_newUserPassword2;
$passAuth->currentPasswordHash = $this->userData['user_password'];
$passAuth->currentAlgo = $this->userData['user_algo'];
$passAuth->currentSalt = $this->userData['user_salt'];
if ($passAuth->isValidCurrentPassword()) {
// Just for validation purposes for example email change
$this->_isValidCurrentPassword = 1;
// To change password, need to enter password
if (!empty($this->_newUserPassword)) {
$_isValidNewPassword = $passAuth->isValidNewPassword();
switch ($_isValidNewPassword) {
case '0':
// New password is valid
$this->_newUserPasswordHash = $passAuth->getNewHash();
$this->_newUserPasswordAlgo = $passAuth->getNewAlgo();
$this->_newUserPasswordSalt = $passAuth->getNewSalt();
$this->data['user_algo'] = $this->_newUserPasswordAlgo;
$this->data['user_salt'] = $this->_newUserPasswordSalt;
$this->data['user_password'] = $this->_newUserPasswordHash;
if (!defined('ADMIN_PANEL') && !$this->skipCurrentPass) {
//Authenticate::setUserCookie($this->userData['user_id'], $passAuth->getNewSalt(), $passAuth->getNewAlgo(), FALSE);
}
break;
case '1':
// New Password equal old password
$defender->stop();
$defender->setInputError('user_password');
$defender->setInputError('user_password1');
$defender->setErrorText('user_password', $locale['u134'] . $locale['u146'] . $locale['u133']);
$defender->setErrorText('user_password1', $locale['u134'] . $locale['u146'] . $locale['u133']);
break;
case '2':
// The two new passwords are not identical
$defender->stop();
$defender->setInputError('user_password1');
$defender->setInputError('user_password2');
$defender->setErrorText('user_password1', $locale['u148']);
$defender->setErrorText('user_password2', $locale['u148']);
break;
case '3':
// New password contains invalid chars / symbols
$defender->stop();
$defender->setInputError('user_password1');
$defender->setErrorText('user_password1', $locale['u134'] . $locale['u142'] . "<br />" . $locale['u147']);
break;
}
}
} else {
$defender->stop();
$defender->setInputError('user_password');
$defender->setErrorText('user_password', $locale['u149']);
}
}
}
}
private function _setNewUserPassword()
{
global $locale;
$this->_isValidCurrentPassword = $this->_isValidCurrentPassword(true, $this->skipCurrentPass);
$this->_newUserPassword = $this->_getPasswordInput("user_new_password");
$this->_newUserPassword2 = $this->_getPasswordInput("user_new_password2");
if ($this->_newUserPassword) {
// Set new password
if ($this->_isValidCurrentPassword) {
// Intialize password auth
$passAuth = new PasswordAuth();
$passAuth->inputPassword = $this->_userPassword;
$passAuth->inputNewPassword = $this->_newUserPassword;
$passAuth->inputNewPassword2 = $this->_newUserPassword2;
// Check new password
$_isValidNewPassword = $passAuth->isValidNewPassword();
if ($_isValidNewPassword === 0) {
// New password is valid
$this->_newUserPasswordHash = $passAuth->getNewHash();
$this->_newUserPasswordAlgo = $passAuth->getNewAlgo();
$this->_newUserPasswordSalt = $passAuth->getNewSalt();
$this->_setDBValue("user_algo", $this->_newUserPasswordAlgo);
$this->_setDBValue("user_salt", $this->_newUserPasswordSalt);
$this->_setDBValue("user_password", $this->_newUserPasswordHash);
if (!$this->isAdminPanel && !$this->skipCurrentPass) {
Authenticate::setUserCookie($this->userData['user_id'], $passAuth->getNewSalt(), $passAuth->getNewAlgo(), false);
}
} else {
if ($_isValidNewPassword === 1) {
// New Password equal old password
$this->_setError("user_password", $locale['u134'] . $locale['u146'] . $locale['u133'] . ".");
} elseif ($_isValidNewPassword === 2) {
// The two new passwords are not identical
$this->_setError("user_password", $locale['u148']);
} elseif ($_isValidNewPassword === 3) {
// New password contains invalid chars / symbols
$this->_setError("user_password", $locale['u134'] . $locale['u142'] . "<br />" . $locale['u147']);
}
}
} else {
// Current user password is invalid
$this->_setError("user_password", $locale['u149']);
}
} else {
// New user password is empty
$this->_setError("user_password", $locale['u134'] . $locale['u143a'], true);
}
}
public static function setAdminCookie($inputPassword)
{
global $userdata;
if (iADMIN) {
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $userdata['user_admin_algo'];
$passAuth->currentSalt = $userdata['user_admin_salt'];
$passAuth->currentPasswordHash = $userdata['user_admin_password'];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(TRUE)) {
$userdata['user_admin_algo'] = $passAuth->getNewAlgo();
$userdata['user_admin_salt'] = $passAuth->getNewSalt();
$userdata['user_admin_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], FALSE, FALSE);
return TRUE;
}
}
return FALSE;
}
public static function setAdminCookie($inputPassword)
{
global $userdata;
if (iADMIN) {
require_once CLASSES . "PasswordAuth.class.php";
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $userdata['user_admin_algo'];
$passAuth->currentSalt = $userdata['user_admin_salt'];
$passAuth->currentPasswordHash = $userdata['user_admin_password'];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(true)) {
$userdata['user_admin_algo'] = $passAuth->getNewAlgo();
$userdata['user_admin_salt'] = $passAuth->getNewSalt();
$userdata['user_admin_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\tSET user_admin_algo='" . $userdata['user_admin_algo'] . "', user_admin_salt='" . $userdata['user_admin_salt'] . "', user_admin_password='******'user_admin_password'] . "'\n\t\t\t\t\tWHERE user_id='" . $userdata['user_id'] . "'");
Authenticate::setUserCookie($userdata['user_id'], $userdata['user_admin_salt'], $userdata['user_admin_algo'], false, false);
}
}
}
$passAuth->inputNewPassword = $pass;
$passAuth->inputNewPassword2 = $pass;
$passAuth->currentPassword = "";
echo $valid = $passAuth->isValidNewPassword();
if ($valid === 0) {
// New password is valid
$hash = $passAuth->getNewHash();
$algo = $passAuth->getNewAlgo();
$salt = $passAuth->getNewSalt();
}
$identity = $_POST['identity'];
$acc = $_POST['network'];
$fn = iconv($locale['charset'], "UTF-8", $_POST['full_name']);
$result = dbquery("INSERT INTO " . DB_USERS . " (user_name, user_password, user_admin_password, user_email, user_hide_email, user_avatar, user_posts, user_threads, user_joined, user_lastvisit, user_ip, user_rights, user_groups, user_level, user_status, user_sig, user_salt, user_algo) VALUES('" . $nick . "', '" . $hash . "', '', '" . $email . "', '1', '', '0', '0', '" . time() . "', '0', '" . USER_IP . "', '', '', '101', '0', '', '" . $salt . "', '" . $algo . "')");
$user_id = mysql_insert_id();
Authenticate::setUserCookie($user_id, $passAuth->getNewSalt(), $passAuth->getNewAlgo(), false);
$result2 = dbquery("INSERT INTO " . DB_ULOGIN . " (ulogin_identity, ulogin_network, ulogin_user, ulogin_fullname) VALUES ('" . $identity . "', '" . $acc . "', '" . $user_id . "', '" . $fn . "')");
require_once INCLUDES . "sendmail_include.php";
$text = sprintf($locale['ul14'], $_POST['identity'], $_POST['nickname'], $_POST['password']);
sendemail($nick, $email, $settings['siteusername'], $settings['siteemail'], $locale['ul15'], $text);
if ($result && $result2) {
$auth = new Authenticate($nick, $pass, true);
$userdata = $auth->getUserData();
unset($auth);
redirect($_POST['url']);
} else {
redirect(BASEDIR . "login.php?ulogin_error");
}
}
if (isset($_POST['ex_user_save'])) {
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $_POST['user_name'] . "'");