예제 #1
0
function test_decode_password()
{
    # assume following passed in via the login request from the Access Point:
    $RA = "2590CC8A3930DB222781921A8F8B88B1";
    $encoded_pw = "D8A7B0E4A6122A73705C4640E86CD62EA499201D98C5F436103448C39A537B07";
    # and the shared secret
    $secret = "verysecretstring";
    echo '$RA = ' . $RA . "<br/>";
    echo '$encoded_pw = ' . $encoded_pw . "<br/>";
    echo 'strlen($encoded) = ' . strlen($encoded_pw) . "<br/>";
    echo '$secret = ' . $secret . "<br/>";
    $password = decode_password($RA, $encoded_pw, $secret);
    echo "decoded password = "******"123456abcdefghijklmnopqrs"
    if (strcmp($password, "123456abcdefghijklmnopqrs") == 0) {
        echo "DECODING WAS SUCCESSFUL";
    } else {
        echo "DECODING FAILED";
    }
}
예제 #2
0
<?php

checkauthentication();
$table = "xuser_pegawai";
$field = array("username", "password", "reset");
$p_next = 55;
if (@$_POST['xuser']) {
    extract($_POST);
    if ($oldpassword != "") {
        if ($password != "") {
            if ($retrypassword != "") {
                $ocheck = xuser("password", "username = '******'");
                $check = mysql_fetch_array($ocheck);
                $len = strlen($oldpassword);
                if (md5($oldpassword) == decode_password($check['password'], $len)) {
                    if ($password == $retrypassword) {
                        $username = $susername;
                        $len = strlen($password);
                        $password = encode_password(md5($password), $len);
                        $reset = "0";
                        foreach ($field as $k => $val) {
                            $value[$k] = ${$val};
                        }
                        $sql = sql_update($table, $field, $value);
                        $sql = str_replace("''", "NULL", $sql);
                        $query = mysql_query($sql);
                        if ($query == 1) {
                            $msg = "Ubah kata sandi berhasil. Id = " . $susername . ".";
                            update_log($msg, $table, $susername, 1);
                            $_SESSION['errmsg'] = $msg;
                        } else {
예제 #3
0
파일: login.php 프로젝트: abbeet/server39
#@
session_start();
include_once "includes.php";
$xlogin = @$_POST['xlogin'];
$xusername = @$_POST['xusername'];
$xpassword = @$_POST['xpassword'];
if ($xlogin == "28B60A2D") {
    if ($xusername != "") {
        if ($xpassword != "") {
            $ouser = xuser("username, password, unit, aktif, reset, kunci", "username = '******'");
            $nuser = mysql_num_rows($ouser);
            if ($nuser == 1) {
                $xuser = mysql_fetch_array($ouser);
                if ($xuser['aktif'] == "1") {
                    $len = strlen($xpassword);
                    if (decode_password($xuser['password'], $len) == md5($xpassword)) {
                        $session_name = "Kh41r4";
                        $_SESSION[$session_name] = 1;
                        $_SESSION['xusername_' . $session_name] = $xuser['username'];
                        $_SESSION['xunit_' . $session_name] = $xuser['unit'];
                        $_SESSION['kunci_' . $session_name] = $xuser['kunci'];
                        $ouserlevel = xuserlevel("level", "username = '******'username'] . "'");
                        $xuserlevel = mysql_fetch_array($ouserlevel);
                        $_SESSION['xlevel_' . $session_name] = $xuserlevel['level'];
                        $msg = "Login berhasil.";
                        update_log($msg, 'xlogin', $xuser['username'], 1);
                        last_login($xuser['username']);
                        if ($xuser['reset'] == "0") {
                            ?>
							
								<meta http-equiv="refresh" content="0;URL=../index.php" /><?php 
예제 #4
0
            $j++;
        }
    }
    if ($j > 0) {
        $password = substr($password, 0, strlen($password) - $j);
    }
    return $password;
}
/* copy request authenticator */
if (array_key_exists('ra', $_GET) && strlen($_GET['ra']) == 32 && ($ra = hex2bin($_GET['ra'])) !== FALSE && strlen($ra) == 16) {
    $response['RA'] = $_GET['ra'];
}
/* decode password when available */
$password = FALSE;
if (array_key_exists('username', $_GET) && array_key_exists('password', $_GET)) {
    $password = decode_password($response, $_GET['password'], $secret);
}
/* store mac when available */
$mac = FALSE;
if (array_key_exists('mac', $_GET)) {
    $mac = $_GET['mac'];
}
/* decode request */
if (array_key_exists('type', $_GET)) {
    $type = $_GET['type'];
    switch ($type) {
        case 'login':
            if ($password === FALSE) {
                break;
            }
            if ($password == 'ThisIsThePassword' && $_GET['username'] == 'testuser') {