/** * gen encoded password * @param string $password_raw * @param string $salt * @return encoded password */ public static function gen_salt_password($password_raw, $salt = NULL, $len = 40) { $len = in_array($len, array(32, 40)) ? $len : 32; $encfunc = $len == 40 ? 'sha1' : 'md5'; $password_enc = preg_match("/^\\w{{$len}}\$/", $password_raw) ? $password_raw : $encfunc($password_raw); if (!isset($salt)) { $salt = gen_salt(); } return strtoupper($encfunc($password_enc . $salt)); }
$g_params['changes_required'] = TRUE; } } } if ($g_stage == 4) { $g_params['updated'] = FALSE; $g_params['success'] = ''; if (isset($_POST['next'])) { $_SESSION['stage'] = $g_stage = 5; unset($_POST['next']); } elseif (isset($_POST['update'])) { $g_params['ran_update'] = TRUE; $g_params['error'] = FALSE; $g_params['updated'] = FALSE; $msg = ''; $salt = gen_salt(); $result = upgrade_config_file($salt); //var_dump($result); if ($result['success'] === FALSE) { $g_params['error'] = $result['error']; } if ($result['upgraded']) { $g_params['updated'] = "The config file was updated to include these missing settings: '" . implode("', '", $result['missing']) . "'<br/>"; } //var_dump($g_params); } } if ($g_stage == 5) { if (isset($_POST['next'])) { $_SESSION['stage'] = $g_stage = 6; unset($_POST['next']);
<label>Passwort wiederholen: <input type="password" id="p2" name="passwordconfirm"></label><br /> <input type="hidden" name="step2" value="2"> <button type="submit">Weiter</button> </form> <?php } } else { if (isset($_POST['step2'])) { // step2: create user if ($_POST['password'] !== $_POST['passwordconfirm']) { echo "<p>The passwords did not match</p>"; goto hell; // the goto keyword was introduced in PHP 5.3... so why don't use it? } $sql_str = "INSERT INTO `config` (`key`, `value`) VALUES ('sitename', '" . $sql->real_escape_string($_POST['sitename']) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('username', '" . $sql->real_escape_string($_POST['username']) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('password', '" . $sql->real_escape_string(crypt_password($_POST['password'], gen_salt(22))) . "'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('recent_public', 'false'); " . "INSERT INTO `config` (`key`, `value`) VALUES ('recent_count', '5');"; if (!$sql->multi_query($sql_str)) { ?> <h2>Ein Fehler ist aufgetreten</h2> <pre><?php echo $sql->error; ?> </pre> <form method="POST"> <label>Seiten Name: <input type="text" name="sitename" value="<?php echo htmlspecialchars($_POST['sitename']); ?> "></label><br /> <label>User Name: <input type="text" name="username" value="<?php echo htmlspecialchars($_POST['username']); ?>
$num = 0; } else { error("Failed to find or get sites hosted on same server from: <a class='navbar' href='http://www.yougetsignal.com/tools/web-sites-on-web-server/'>www.yougetsignal.com</a>!<br>Additional Message:<br>{$message}"); } echo "</font><br>"; } //Encrypt string if (isset($_GET['encrypt'])) { echo "<form action='' method='post'>\n<center><font color='#14ab00'>\n<input type='text' name='en_string' class='text'>\n<input type='submit' name='do_encrypt' value='Encrypt String'>\n</form>\n</font></center>"; } if (isset($_POST['do_encrypt'])) { $vbsalt = gen_salt("30"); $vbsalt2 = gen_salt("3"); $mybbsalt = gen_salt("8"); $ipbsalt = gen_salt("5"); $joomlasalt = gen_salt("32"); $password = $_POST['en_string']; $md5 = md5($password); $md52 = md5(md5($password)); $md53 = md5(md5(md5($password))); $sha1 = sha1($password); $sha256 = hash('sha256', $password); $vbalg = md5(md5($password) . $vbsalt); $vbalg2 = md5(md5($password) . $vbsalt2); $mybbalg = md5(md5($mybbsalt) . $password); $ipbalg = md5(md5($ipbsalt) . md5($password)); $joomlaalg = md5($password . $joomlasalt); $en_result = "Hashes for string: {$password}\nMD5: {$md5}\nmd5(md5(pass)): {$md52}\nmd5(md5(md5(pass))): {$md53}\nSHA-1: {$sha1}\nSHA-256: {$sha256}\nvBulletin 4: {$vbalg}:{$vbsalt}\nvBulletin 3: {$vbalg2}:{$vbsalt2}\nMyBB: {$mybbalg}:{$mybbsalt}\nIPB: {$ipbalg}:{$ipbsalt}\nJoomla 1.0.13+: {$joomlaalg}:{$joomlasalt}\n"; echo "<center>\n<textarea rows='20' cols='150' style='color:#000'>\n{$en_result}\n</textarea>\n</center><br>"; } //Py Symlink Stuff
function hash_password($password, $salt = null) { $salt = isset($salt) ? $salt : gen_salt(); $hash_password = pbkdf2('SHA256', $password, $salt, 8000, 512); return array($hash_password, $salt); }
$g_params['absolute_path'] = $abs; $g_params['absolute_avatar_path'] = $abs_avatar; if (isset($_SESSION['server'])) { $g_params['name'] = $_SESSION['server']['name']; $g_params['url'] = $_SESSION['server']['url']; $g_params['absolute_path'] = $_SESSION['server']['abs']; $g_params['absolute_avatar_path'] = $_SESSION['server']['abs_avatar']; } } if ($g_stage == 3) { if (isset($_POST['next'])) { $user = $_POST['username']; $pass = $_POST['password']; $email = $_POST['email']; $_SESSION['admin'] = array('user' => $user, 'pass' => $pass, 'email' => $email); $_SESSION['password_salt'] = gen_salt(); $g_stage = 4; $_SESSION['stage'] = 4; unset($_POST['next']); } elseif (isset($_POST['back'])) { $_SESSION['stage'] = $g_stage = 2; $g_params['name'] = $_SESSION['server']['name']; $g_params['url'] = $_SESSION['server']['url']; $g_params['absolute_path'] = $_SESSION['server']['abs']; $g_params['absolute_avatar_path'] = $_SESSION['server']['abs_avatar']; } if (isset($_SESSION['admin'])) { $g_params['user'] = $_SESSION['admin']['user']; $g_params['pass'] = $_SESSION['admin']['pass']; $g_params['email'] = $_SESSION['admin']['email']; } else {
function read_file($action) { global $file, $login, $passwd; $found = false; if (!$file) { $file = DEFAULT_AUTH_FILE; } $fp = fopen($file, "r"); $contents = fread($fp, filesize($file)); $tmp = explode("\n", $contents); for ($i = 1; $i < count($tmp); $i++) { $xp = explode(":", $tmp[$i]); if ($action == "check") { if (strcmp($xp[0], $login) == 0) { $found = true; } } else { if ($action == "mod") { if (strcmp($xp[0], $login) == 0) { $salt = gen_salt(); $crypt_pwd = crypt_pass($passwd, $salt); $tmp[$i] = $login . ":" . $crypt_pwd . "\n"; } } } $str .= $tmp[$i]; } if ($action == "mod") { replace_pwd($str); } close_file($fp); return $found; }
$sql->query("UPDATE `config` SET `value`='false' WHERE `key`='recent_public'"); } if (isset($_POST['recent_count'])) { if (is_numeric($_POST['recent_count'])) { $sql->query("UPDATE `config` SET `value`='" . (int) $_POST['recent_count'] . "' WHERE `key`='recent_count'"); } } $_SESSION['flash'] = "Änderungen erfolgreich gespeichert."; header('Location: ucp.php?page=settings'); exit; break; case "password": if (isset($_POST['password_change']) && isset($_POST['password_verify'])) { if ($_POST['password_change'] === $_POST['password_verify']) { if (strlen($_POST['password_change']) > 3) { $sql->query("UPDATE `config` SET `value`='" . $sql->real_escape_string(crypt_password($_POST['password_change'], gen_salt(22))) . "' WHERE `key`='password';"); $_SESSION['flash'] = "Passwort erfolgreich geändert."; header('Location: ucp.php?page=settings'); exit; } } } $_SESSION['flash'] = "Das Passwort stimmt nicht überein oder ist zu kurz."; header('Location: ucp.php?page=settings'); exit; break; default: $tpl->draw("settings"); } } break;
/** * 创建一个新用户 * * @param array $data * @param string $from 用户来源 * @return boolean|number */ public static function createUser(array $data, $from = 'weixin') { if (empty($data)) { return FALSE; } $now = simphp_time(); $salt = gen_salt(); $data = array_merge($data, ['regip' => Request::ip(), 'regtime' => $now, 'posttime' => $now, 'salt' => $salt, 'state' => 1, 'from' => $from]); $uid = D()->insert('member', $data); if ($uid > 0) { if (empty($data['username'])) { $data['username'] = $uid; D()->update('member', ['username' => $uid], ['uid' => $uid]); } /* //~ 插入ecshop数据表users $ecdata = []; $ecdata['member_platform'] = APP_PLATFORM; $ecdata['member_id'] = $uid; $ecdata['user_name'] = $data['username'] . '@' . $from; if (isset($data['nickname'])) { $ecdata['nick_name'] = $data['nickname']; } if (isset($data['email'])) { $ecdata['email'] = $data['email']; } if (isset($data['password'])) { $ecdata['password'] = $data['password']; } if (isset($data['sex'])) { $ecdata['sex'] = $data['sex']; } if (isset($data['city']) || isset($data['province']) || isset($data['country'])) { $ecdata['address_id'] = self::getECRegionId($data['city'],$data['province'],$data['country']); } $ecdata['reg_time'] = simphp_time(); $ecdata['ec_salt'] = $salt; if (!empty($ecdata)) { D()->insert(ectable('users'), $ecdata, 1, TRUE); } */ return $uid; } return FALSE; }