function install_website($title, $description, $keywords, $realmlist, $db_ip, $db_user, $db_password, $db_re_password, $db_auth) { if (check_pass($db_password, $db_re_password) == false) { echo '<h5 style="color:#FF0000;">Passwords does not match</h5>'; } else { $cnf_file = fopen("engine/global_config.php", 'w'); $txt = '<?php //--Powered by DarkCoreCMS //--Website: http://mmltools.com //--Author: Marco aka (Darksoke) '; $txt .= '$title = "' . $title . '"; //Your Website Title '; $txt .= '$description = "' . $description . '"; //Your Website Description '; $txt .= '$keywords = "' . $keywords . '"; //Your Website Keywords '; $txt .= '$realmlist = "' . $realmlist . '"; //Your Realmlist '; $txt .= '//Database Connection '; $txt .= '$db_ip = "' . $db_ip . '"; '; $txt .= '$db_user = "******"; '; $txt .= '$db_password = "******"; '; $txt .= '$db_auth = "' . $db_auth . '"; ?>'; fwrite($cnf_file, $txt); fclose($cnf_file); echo "<script> window.location.href = 'index.php' </script>"; } }
include_once DOC_ROOT . '/includes/authorization.php'; if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'signup') { $valid = true; if (empty($_POST['fullname']) && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'Fullname is empty!'); $valid = false; } if (!preg_match('/^[A-z]{1}[0-9A-z]{2,}/', $_POST['login']) && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'Invalid login!'); $valid = false; } if (User::loginExist($_POST['login']) && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'This login is already in use!'); $valid = false; } if (!check_pass($_POST['password'], 6) && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'Password is very simple!'); $valid = false; } if ($_POST['password'] != $_POST['repassword'] && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'Passwords doesn\'t match!'); $valid = false; } if (LOGIN_PIN && !preg_match('/\\d{' . $GLOBALS['TPL_CFG']['login_pin']['length'] . '}/', $_POST['secpin_signup']) && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'Not valid Login pin!'); $valid = false; } if (MASTER_PIN && !preg_match('/\\d{' . $GLOBALS['TPL_CFG']['master_pin']['length'] . '}/', $_POST['masterpin_signup']) && $valid) { Project::getInstance()->getSmarty()->assign('error_message', 'Not valid Security pin!'); $valid = false; }
function update_entry($dbh) { # Get script parameters; trim whitespace from the ID, but not # from the password, because the password must match exactly, # or from the row, because it is an array. $member_id = trim(script_param("member_id")); $password = script_param("password"); $row = script_param("row"); $member_id = trim($member_id); if (empty($member_id)) { die("No member ID was specified\n"); } if (!ctype_digit($member_id)) { # must look like integer die("Invalid member ID was specified (must be an integer)\n"); } if (!check_pass($dbh, $member_id, $password) && !check_pass($dbh, 0, $password)) { die("Invalid password\n"); } # Examine the metadata for the member table to determine whether # each column allows NULL values. (Make sure nullability is # retrieved in uppercase.) $stmt = "SELECT COLUMN_NAME, UPPER(IS_NULLABLE)\n FROM INFORMATION_SCHEMA.COLUMNS\n WHERE TABLE_SCHEMA = ? AND TABLE_NAME = ?"; $sth = $dbh->prepare($stmt); $sth->execute(array("sampdb", "member")); $nullable = array(); while ($info = $sth->fetch()) { $nullable[$info[0]] = $info[1] == "YES"; } # Iterate through each field in the form, using the values to # construct an UPDATE statement that contains placeholders, and # the array of data values to bind to the placeholders. $stmt = "UPDATE member "; $delim = "SET"; $params = array(); foreach ($row as $col_name => $val) { $stmt .= "{$delim} {$col_name}=?"; $delim = ","; # if a form value is empty, update the corresponding column value # with NULL if the column is nullable. This prevents trying to # put an empty string into the expiration date column when it # should be NULL, for example. $val = trim($val); if (empty($val)) { if ($nullable[$col_name]) { $params[] = NULL; } else { $params[] = ""; } # enter empty string } else { $params[] = $val; } } $stmt .= " WHERE member_id = ?"; $params[] = $member_id; $sth = $dbh->prepare($stmt); $sth->execute($params); printf("<br /><a href=\"%s\">Edit another member record</a>\n", script_name()); }
SET secpin="' . $_POST['secpin'] . '" WHERE id="' . Project::getInstance()->getCurUser()->id . '"'); } } else { Project::getInstance()->showPage('user/secpin.tpl'); } } elseif ($_REQUEST['change'] == 'password') { if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'save') { if (MASTER_PIN && $_POST['masterpin'] !== Project::getInstance()->getCurUser()->masterpin) { location($_SERVER['PHP_SELF'] . '?change=password', '<p class=imp><strong>Alert:</strong> Bad Security pin!</p>'); } if ($_POST['oldpassword'] !== Project::getInstance()->getCurUser()->password) { location($_SERVER['PHP_SELF'] . '?change=password', '<p class=imp><strong>Alert:</strong> Bad old password!</p>'); } if (!check_pass($_POST['password'], 6)) { location($_SERVER['PHP_SELF'] . '?change=password', '<p class=imp><strong>Alert:</strong> Password is not strong enough!</p>'); } $_POST = sql_escapeArray($_POST); sql_query(' UPDATE users SET password="******" WHERE id="' . Project::getInstance()->getCurUser()->id . '"'); Project::getInstance()->resetCurUser(); if (Project::getInstance()->getCurUser()->change_notify) { include_once LIB_ROOT . '/emails.class.php'; //%user_fullname%, %user_login%, %access_ip%, %access_time%, %project_name%, %project_email% $params = array('%user_fullname%' => htmlspecialchars(Project::getInstance()->getCurUser()->fullname), '%user_login%' => Project::getInstance()->getCurUser()->login, '%access_ip%' => $_SERVER['REMOTE_ADDR'], '%project_name%' => get_setting('project_name'), '%project_email%' => get_setting('project_email'), '%access_time%' => date('M d, Y H:i', Project::getInstance()->getNow())); $email = new Emails(Project::getInstance()->getCurUser()->id, 'change_notify', $params); $email->send();
$res = mysql_query($sql, $connection) or die("Error checking old password." . mysql_error()); // Actually, the user's email doesn't exist, but here we print Invalid Password. hehehe if (mysql_num_rows($res) == "0") { die("Invalid Password."); } // Get password object $i = mysql_fetch_object($res); $curr_pass = "******"; // Ensure the passphrase match before being able to change their passphrase $check = generateHash($curr_password, $curr_pass); // The real password check. if ($check != $curr_pass) { die("Invalid Password."); } // Check passphrase requirements on the new passphrase <-- Hey I used passphrase. Note to self: stop commenting in the code to yourself. $test_pass = check_pass($password, $confirm_pass); if ($test_pass == "Strong.") { } else { echo "Your password doesn't meet all security requirements.<br />"; echo "{$test_pass}"; exit; } // Syntax to change passphrase. <- there is that word again. // openssl rsa -in mykey.pem.new -des3 -passin pass:cpassword -passout pass:password -out userkey.pem.new /**** PHP Doesn't have a method to change the passphrase so this is the best option, I think */ // Write existing private key to a file $username = preg_replace("/@/", "", $username); $currPrivateKey = "/tmp/{$username}.txt"; if (file_exists($currPrivateKey)) { unlink($currPrivateKey); }
$_REQUEST["email"] = substr(trim($_REQUEST["email"]), 0, 30); } if (isset($_REQUEST["ip"])) { $_REQUEST["ip"] = substr(trim($_REQUEST["ip"]), 0, 40); } if (isset($_REQUEST["email"])) { if (isValidEmail($_REQUEST["email"]) && check_user($_REQUEST["email"])) { $Err_email = false; } else { $Err_email = true; } } else { $Err_email = true; } if (isset($_REQUEST["pass"])) { if (check_pass($_REQUEST["email"], $_REQUEST["pass"])) { $Err_pass = false; } else { $Err_pass = true; } } else { $Err_pass = true; } if (isset($_REQUEST["ip"])) { if (validateIPv4($_REQUEST["ip"]) || validateIPv6($_REQUEST["ip"])) { $Err_ip = false; } else { $Err_ip = true; } } else { $Err_ip = true;
session_start(); } if (!isset($_SESSION['loggedin'])) { $_SESSION['loggedin'] = null; } $err = array(); if (isset($_POST['login'])) { if (!$_POST['username'] || !$_POST['password']) { $err[] = 'All the fields must be filled in!'; } if (!count($err)) { if ($_POST['username'] == credential(0) && check_pass($_POST['password'], credential(1))) { $_SESSION['loggedin'] = 1; header('location: ' . $_SERVER['HTTP_REFERER']); } else { if ($_POST['username'] != credential(0) || !check_pass($_POST['password'], credential(1))) { $err[] = 'Wrong username and/or password!'; } } } } /* End Auth */ /* Initiate Program */ $keywords = ''; if (isset($_GET['q']) && $_GET['q'] != '') { $h1 = search_title(); $title = search_title(); $body_class = 'search'; $keywords = 'search, search result, search results, tìm kiếm, kết quả tìm kiếm'; } else { if (!isset($_GET['p']) || $_GET['p'] == 'home') {
ossim_valid($c_pass, OSS_PASSWORD, OSS_NULLABLE, 'illegal:' . _('Current Password')); ossim_valid($pass_1, OSS_PASSWORD, OSS_NULLABLE, 'illegal:' . _('Password')); ossim_valid($pass_2, OSS_PASSWORD, OSS_NULLABLE, 'illegal:' . _('Rewrite Password')); ossim_valid($flag, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Flag')); ossim_valid($changeadmin, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Change Admin Password')); ossim_valid($expired, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _('Expired')); if (ossim_error()) { die(ossim_error()); } $version = $conf->get_conf('ossim_server_version'); $opensource = !preg_match("/.*pro.*/i", $version) && !preg_match("/.*demo.*/i", $version) ? TRUE : FALSE; if ($flag != '') { /* Connect to db */ $db = new ossim_db(); $conn = $db->connect(); $res = check_pass($conn, $user, $c_pass, $pass_1, $pass_2); if ($res !== TRUE) { $msg = $res; } else { $_SESSION['_user'] = $_SESSION['_backup_user']; unset($_SESSION['_backup_user']); $res = Session::change_pass($conn, $user, $pass_1, $c_pass); if ($res > 0) { Session::disable_first_login($conn, $user); //Relogin user $session = new Session($user, $pass_1, ''); $is_disabled = $session->is_user_disabled(); $login_return = FALSE; if ($is_disabled == FALSE) { $login_return = $session->login(); }
$password = ''; if (isset($_POST['username'])) { $username = ldapspecialchars($_POST['username']); $username = $purifier->purify($username); } if (isset($_POST['password'])) { $password = $_POST['password']; } if (isset($_POST['np1'])) { $np1 = $_POST['np1']; } if (isset($_POST['np2'])) { $np2 = $_POST['np2']; } if ($username != '') { $is_auth = check_pass($username, $password); if ($is_auth != null) { if ($np1 == $np2) { $result = change_pass($username, $np1); if ($result == "") { notice(msg('password_changed')); } else { notice($result); notice(msg('password_change_failed')); } } else { notice(msg('wrong_new_pass')); include 'form-chpass.php'; } } else { notice(msg('wrong_pass'));
function invalid_member($email, $password) { $path = realpath($_SERVER['DOCUMENT_ROOT']) . '/member/' . $email; if (is_dir($path)) { $db_path = $path . '/member.db'; $db_sql = 'SELECT password FROM "member"'; try { $db = new PDO('sqlite:' . $db_path); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db_query = $db->prepare($db_sql); $db_query->execute(); if ($db_query) { $retrieved_password = $db_query->fetchColumn(); } } catch (PDOException $e) { echo 'ERROR: ' . $e->getMessage(); } if (check_pass($password, $retrieved_password)) { return false; } else { return true; } } else { return true; } }