function install_website($title, $description, $keywords, $realmlist, $db_ip, $db_user, $db_password, $db_re_password, $db_auth)
{
if (check_pass($db_password, $db_re_password) == false) {
echo '<h5 style="color:#FF0000;">Passwords does not match</h5>';
} else {
$cnf_file = fopen("engine/global_config.php", 'w');
$txt = '<?php
//--Powered by DarkCoreCMS
//--Website: http://mmltools.com
//--Author: Marco aka (Darksoke)
';
$txt .= '$title = "' . $title . '"; //Your Website Title
';
$txt .= '$description = "' . $description . '"; //Your Website Description
';
$txt .= '$keywords = "' . $keywords . '"; //Your Website Keywords
';
$txt .= '$realmlist = "' . $realmlist . '"; //Your Realmlist
';
$txt .= '//Database Connection
';
$txt .= '$db_ip = "' . $db_ip . '";
';
$txt .= '$db_user = "******";
';
$txt .= '$db_password = "******";
';
$txt .= '$db_auth = "' . $db_auth . '";
?>';
fwrite($cnf_file, $txt);
fclose($cnf_file);
echo "<script> window.location.href = 'index.php' </script>";
}
}
include_once DOC_ROOT . '/includes/authorization.php';
if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'signup') {
$valid = true;
if (empty($_POST['fullname']) && $valid) {
Project::getInstance()->getSmarty()->assign('error_message', 'Fullname is empty!');
$valid = false;
}
if (!preg_match('/^[A-z]{1}[0-9A-z]{2,}/', $_POST['login']) && $valid) {
Project::getInstance()->getSmarty()->assign('error_message', 'Invalid login!');
$valid = false;
}
if (User::loginExist($_POST['login']) && $valid) {
Project::getInstance()->getSmarty()->assign('error_message', 'This login is already in use!');
$valid = false;
}
if (!check_pass($_POST['password'], 6) && $valid) {
Project::getInstance()->getSmarty()->assign('error_message', 'Password is very simple!');
$valid = false;
}
if ($_POST['password'] != $_POST['repassword'] && $valid) {
Project::getInstance()->getSmarty()->assign('error_message', 'Passwords doesn\'t match!');
$valid = false;
}
if (LOGIN_PIN && !preg_match('/\\d{' . $GLOBALS['TPL_CFG']['login_pin']['length'] . '}/', $_POST['secpin_signup']) && $valid) {
Project::getInstance()->getSmarty()->assign('error_message', 'Not valid Login pin!');
$valid = false;
}
if (MASTER_PIN && !preg_match('/\\d{' . $GLOBALS['TPL_CFG']['master_pin']['length'] . '}/', $_POST['masterpin_signup']) && $valid) {
Project::getInstance()->getSmarty()->assign('error_message', 'Not valid Security pin!');
$valid = false;
}
function update_entry($dbh)
{
# Get script parameters; trim whitespace from the ID, but not
# from the password, because the password must match exactly,
# or from the row, because it is an array.
$member_id = trim(script_param("member_id"));
$password = script_param("password");
$row = script_param("row");
$member_id = trim($member_id);
if (empty($member_id)) {
die("No member ID was specified\n");
}
if (!ctype_digit($member_id)) {
# must look like integer
die("Invalid member ID was specified (must be an integer)\n");
}
if (!check_pass($dbh, $member_id, $password) && !check_pass($dbh, 0, $password)) {
die("Invalid password\n");
}
# Examine the metadata for the member table to determine whether
# each column allows NULL values. (Make sure nullability is
# retrieved in uppercase.)
$stmt = "SELECT COLUMN_NAME, UPPER(IS_NULLABLE)\n FROM INFORMATION_SCHEMA.COLUMNS\n WHERE TABLE_SCHEMA = ? AND TABLE_NAME = ?";
$sth = $dbh->prepare($stmt);
$sth->execute(array("sampdb", "member"));
$nullable = array();
while ($info = $sth->fetch()) {
$nullable[$info[0]] = $info[1] == "YES";
}
# Iterate through each field in the form, using the values to
# construct an UPDATE statement that contains placeholders, and
# the array of data values to bind to the placeholders.
$stmt = "UPDATE member ";
$delim = "SET";
$params = array();
foreach ($row as $col_name => $val) {
$stmt .= "{$delim} {$col_name}=?";
$delim = ",";
# if a form value is empty, update the corresponding column value
# with NULL if the column is nullable. This prevents trying to
# put an empty string into the expiration date column when it
# should be NULL, for example.
$val = trim($val);
if (empty($val)) {
if ($nullable[$col_name]) {
$params[] = NULL;
} else {
$params[] = "";
}
# enter empty string
} else {
$params[] = $val;
}
}
$stmt .= " WHERE member_id = ?";
$params[] = $member_id;
$sth = $dbh->prepare($stmt);
$sth->execute($params);
printf("<br /><a href=\"%s\">Edit another member record</a>\n", script_name());
}
SET
secpin="' . $_POST['secpin'] . '"
WHERE id="' . Project::getInstance()->getCurUser()->id . '"');
}
} else {
Project::getInstance()->showPage('user/secpin.tpl');
}
} elseif ($_REQUEST['change'] == 'password') {
if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'save') {
if (MASTER_PIN && $_POST['masterpin'] !== Project::getInstance()->getCurUser()->masterpin) {
location($_SERVER['PHP_SELF'] . '?change=password', '<p class=imp><strong>Alert:</strong> Bad Security pin!</p>');
}
if ($_POST['oldpassword'] !== Project::getInstance()->getCurUser()->password) {
location($_SERVER['PHP_SELF'] . '?change=password', '<p class=imp><strong>Alert:</strong> Bad old password!</p>');
}
if (!check_pass($_POST['password'], 6)) {
location($_SERVER['PHP_SELF'] . '?change=password', '<p class=imp><strong>Alert:</strong> Password is not strong enough!</p>');
}
$_POST = sql_escapeArray($_POST);
sql_query('
UPDATE users
SET
password="******"
WHERE id="' . Project::getInstance()->getCurUser()->id . '"');
Project::getInstance()->resetCurUser();
if (Project::getInstance()->getCurUser()->change_notify) {
include_once LIB_ROOT . '/emails.class.php';
//%user_fullname%, %user_login%, %access_ip%, %access_time%, %project_name%, %project_email%
$params = array('%user_fullname%' => htmlspecialchars(Project::getInstance()->getCurUser()->fullname), '%user_login%' => Project::getInstance()->getCurUser()->login, '%access_ip%' => $_SERVER['REMOTE_ADDR'], '%project_name%' => get_setting('project_name'), '%project_email%' => get_setting('project_email'), '%access_time%' => date('M d, Y H:i', Project::getInstance()->getNow()));
$email = new Emails(Project::getInstance()->getCurUser()->id, 'change_notify', $params);
$email->send();
$res = mysql_query($sql, $connection) or die("Error checking old password." . mysql_error());
// Actually, the user's email doesn't exist, but here we print Invalid Password. hehehe
if (mysql_num_rows($res) == "0") {
die("Invalid Password.");
}
// Get password object
$i = mysql_fetch_object($res);
$curr_pass = "******";
// Ensure the passphrase match before being able to change their passphrase
$check = generateHash($curr_password, $curr_pass);
// The real password check.
if ($check != $curr_pass) {
die("Invalid Password.");
}
// Check passphrase requirements on the new passphrase <-- Hey I used passphrase. Note to self: stop commenting in the code to yourself.
$test_pass = check_pass($password, $confirm_pass);
if ($test_pass == "Strong.") {
} else {
echo "Your password doesn't meet all security requirements.<br />";
echo "{$test_pass}";
exit;
}
// Syntax to change passphrase. <- there is that word again.
// openssl rsa -in mykey.pem.new -des3 -passin pass:cpassword -passout pass:password -out userkey.pem.new
/**** PHP Doesn't have a method to change the passphrase so this is the best option, I think */
// Write existing private key to a file
$username = preg_replace("/@/", "", $username);
$currPrivateKey = "/tmp/{$username}.txt";
if (file_exists($currPrivateKey)) {
unlink($currPrivateKey);
}
$_REQUEST["email"] = substr(trim($_REQUEST["email"]), 0, 30);
}
if (isset($_REQUEST["ip"])) {
$_REQUEST["ip"] = substr(trim($_REQUEST["ip"]), 0, 40);
}
if (isset($_REQUEST["email"])) {
if (isValidEmail($_REQUEST["email"]) && check_user($_REQUEST["email"])) {
$Err_email = false;
} else {
$Err_email = true;
}
} else {
$Err_email = true;
}
if (isset($_REQUEST["pass"])) {
if (check_pass($_REQUEST["email"], $_REQUEST["pass"])) {
$Err_pass = false;
} else {
$Err_pass = true;
}
} else {
$Err_pass = true;
}
if (isset($_REQUEST["ip"])) {
if (validateIPv4($_REQUEST["ip"]) || validateIPv6($_REQUEST["ip"])) {
$Err_ip = false;
} else {
$Err_ip = true;
}
} else {
$Err_ip = true;
session_start();
}
if (!isset($_SESSION['loggedin'])) {
$_SESSION['loggedin'] = null;
}
$err = array();
if (isset($_POST['login'])) {
if (!$_POST['username'] || !$_POST['password']) {
$err[] = 'All the fields must be filled in!';
}
if (!count($err)) {
if ($_POST['username'] == credential(0) && check_pass($_POST['password'], credential(1))) {
$_SESSION['loggedin'] = 1;
header('location: ' . $_SERVER['HTTP_REFERER']);
} else {
if ($_POST['username'] != credential(0) || !check_pass($_POST['password'], credential(1))) {
$err[] = 'Wrong username and/or password!';
}
}
}
}
/* End Auth */
/* Initiate Program */
$keywords = '';
if (isset($_GET['q']) && $_GET['q'] != '') {
$h1 = search_title();
$title = search_title();
$body_class = 'search';
$keywords = 'search, search result, search results, tìm kiếm, kết quả tìm kiếm';
} else {
if (!isset($_GET['p']) || $_GET['p'] == 'home') {
ossim_valid($c_pass, OSS_PASSWORD, OSS_NULLABLE, 'illegal:' . _('Current Password'));
ossim_valid($pass_1, OSS_PASSWORD, OSS_NULLABLE, 'illegal:' . _('Password'));
ossim_valid($pass_2, OSS_PASSWORD, OSS_NULLABLE, 'illegal:' . _('Rewrite Password'));
ossim_valid($flag, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Flag'));
ossim_valid($changeadmin, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Change Admin Password'));
ossim_valid($expired, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Expired'));
if (ossim_error()) {
die(ossim_error());
}
$version = $conf->get_conf('ossim_server_version');
$opensource = !preg_match("/.*pro.*/i", $version) && !preg_match("/.*demo.*/i", $version) ? TRUE : FALSE;
if ($flag != '') {
/* Connect to db */
$db = new ossim_db();
$conn = $db->connect();
$res = check_pass($conn, $user, $c_pass, $pass_1, $pass_2);
if ($res !== TRUE) {
$msg = $res;
} else {
$_SESSION['_user'] = $_SESSION['_backup_user'];
unset($_SESSION['_backup_user']);
$res = Session::change_pass($conn, $user, $pass_1, $c_pass);
if ($res > 0) {
Session::disable_first_login($conn, $user);
//Relogin user
$session = new Session($user, $pass_1, '');
$is_disabled = $session->is_user_disabled();
$login_return = FALSE;
if ($is_disabled == FALSE) {
$login_return = $session->login();
}
$password = '';
if (isset($_POST['username'])) {
$username = ldapspecialchars($_POST['username']);
$username = $purifier->purify($username);
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
}
if (isset($_POST['np1'])) {
$np1 = $_POST['np1'];
}
if (isset($_POST['np2'])) {
$np2 = $_POST['np2'];
}
if ($username != '') {
$is_auth = check_pass($username, $password);
if ($is_auth != null) {
if ($np1 == $np2) {
$result = change_pass($username, $np1);
if ($result == "") {
notice(msg('password_changed'));
} else {
notice($result);
notice(msg('password_change_failed'));
}
} else {
notice(msg('wrong_new_pass'));
include 'form-chpass.php';
}
} else {
notice(msg('wrong_pass'));
function invalid_member($email, $password)
{
$path = realpath($_SERVER['DOCUMENT_ROOT']) . '/member/' . $email;
if (is_dir($path)) {
$db_path = $path . '/member.db';
$db_sql = 'SELECT password FROM "member"';
try {
$db = new PDO('sqlite:' . $db_path);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db_query = $db->prepare($db_sql);
$db_query->execute();
if ($db_query) {
$retrieved_password = $db_query->fetchColumn();
}
} catch (PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}
if (check_pass($password, $retrieved_password)) {
return false;
} else {
return true;
}
} else {
return true;
}
}
