function nss_init_admin()
{
global $nss;
$permissionError = testFilePermissions();
if ($nss->get('plugin_mode') != 'wordpress') {
activatePluginMode('wordpress');
}
$dynpw = NSS_WP_URL . LOGGED_IN_KEY . date('d') . AUTH_KEY;
$_SESSION['nss_admin_password'] = $dynpw;
if (!is_logged_in($nss)) {
updatePassword($dynpw, false);
}
add_menu_page('neosmart-stream-admin', 'neosmart STREAM', 'manage_options', 'neosmart-stream', 'nss_dashboard', NSS_WP_URL . '/nss-core/nss-icon-16x16.png', 100.3);
}
<?php
include '../../settings.php';
include '../../inc/login_functions.php';
include '../../inc/helper.php';
include 'functions.php';
$logedIn = access($mysqli);
$userData = getUserData($mysqli, $_SESSION['userId']);
$updateEmail = updateEmail($mysqli, $_SESSION['userId']);
$updateProfile = updateProfile($mysqli, $_SESSION['userId']);
$updatePassword = updatePassword($mysqli, $_SESSION['userId']);
if ($updateProfile == 1 || $updatePassword == 1 || $updateEmail == 1) {
header("Location: updateRedirect.php");
exit;
}
if ($updatePassword == 2 || $updateEmail == 2) {
header("Location: ../../404.php");
exit;
}
include "../../inc/header.php";
include "../../inc/topNavbar.php";
?>
<section id="main-container">
<?php
include "../../inc/leftNavbar.php";
?>
<!--Page main section start-->
<section id="min-wrapper">
if ($envoi == 1) {
updateInfosPerso($_SESSION['ID'], $_POST['nom'], $_POST['prenom'], $_POST['mail'], $_POST['adresse'], $_POST['codepostal'], $_POST['ville'], $_POST['pays']);
if ($_POST['changePassword'] != '' or $_POST['changePassword2'] != '') {
$envoi2 = 1;
//vérification du password
$send[] = verificationFormulaire($_POST['changePassword'], $rgxPassword, 'Erreur dans votre mot de passe. Les modifications de profil ont été envoyés mais votre mot de passe n\'a pas été modifié !', false);
//vérif correspondance password 1 & 2
if ($_POST['changePassword'] != $_POST['changePassword2']) {
$send[] = 'Les deux nouveaux mots de passe ne correspondent pas. Les modifications de profil ont été envoyés mais votre mot de passe n\'a pas été modifié !';
}
//vérif old password
$passwordOld = sha1($_POST['changePasswordOld']);
$verifOldPwdArray = selectIDmembre($_SESSION['pseudo'], $passwordOld);
if (!$verifOldPwdArray) {
$send[] = 'Erreur dans votre ancien mot de passe. Les modifications de profil ont été envoyés mais votre mot de passe n\'a pas été modifié !';
}
foreach ($send as $element) {
if ($element != '') {
$envoi2 = 0;
break;
}
}
if ($envoi2 == 1) {
//on crypte le mot de passe si le champs a été correctement rempli
$password = sha1($_POST['changePassword']);
include_once 'modele/membre/panel_updatePassword.php';
updatePassword($_SESSION['ID'], $password);
}
}
}
include_once 'vue/membre/panelEnvoi.php';
<?php require 'controller.php'; $email = $_POST['email']; $password = $_POST['password']; $message = updatePassword($email, $password); echo $message;
if (isset($_POST["password"])) {
$password = $_POST["password"];
}
if ($LDAP) {
$ldapuser = $username;
if ($LDAP_DOMAIN != "") {
$ldapuser = $LDAP_DOMAIN . "\\" . $username;
}
$ldap = ldap_connect($LDAP_SERVER);
if ($bind = ldap_bind($ldap, $ldapuser, $password)) {
$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
$hash = crypt($password, $salt);
$token = storeUsername($username, $hash);
$token = updatePassword($username, $hash);
$user = getUserRecord($username);
setcookie("user_id", $user['user_id']);
setcookie("username", $username);
setcookie("token", $token);
header("Location: index.php");
exit;
} else {
$error = "Username and password do not match.";
}
} else {
$user = getUserRecord($username);
if (crypt($password, $user['hash']) == $user['hash']) {
setcookie("user_id", $user['user_id']);
setcookie("username", $username);
setcookie("token", $user['token']);
$newPasswordConfirm = $_POST['NewPasswordConfirm'];
}
// On vérifie si des champs sont vides
if (empty($newPassword) || empty($newPasswordConfirm)) {
$error_fieldsempty = '- Un ou plusieurs champs de texte sont vides. Veuillez les remplir. \\n';
$i++;
}
// Si le mot de passe et sa confirmation ne correspondent pas
if ($newPassword != $newPasswordConfirm) {
$error_passwordconfirm = '- Le mot de passe et sa confirmation sont différents. \\n';
$i++;
}
// Si le mot de passe est trop petit
if (strlen($newPassword) < 6 && !empty($newPassword)) {
$error_passwordwrongsize = '- Votre mot de passe doit contenir au minimum huit caractères. \\n';
$i++;
}
// S'il n'y a aucune erreur
if ($i == 0) {
updatePassword($noUser, createHash($newPassword));
header('Location: ../view/view_update_password.php');
$_SESSION['success_update_password'] = "******";
} else {
setErrors();
header('Location: ../view/view_update_password.php');
}
function setErrors()
{
global $error_passwordconfirm, $error_fieldsempty, $error_passwordwrongsize;
$_SESSION['errors_update_password'] = '******' . $error_passwordconfirm . $error_fieldsempty . $error_passwordwrongsize;
}
checkSession();
$user_data = getUserData($_SESSION['gebruiker_id']);
//voor wachtwoord wijzigen
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//checken als er gegevens ingevoerd zijn
if (isset($_POST['wijzigen'])) {
$match = password_verify($_POST["huidig"], $user_data["wachtwoord"]);
if ($match === FALSE) {
$_SESSION["message"] = "Wachtwoord onjuist";
} else {
$nieuw = $_POST["nieuw"];
$nieuwheraal = $_POST["nieuwheraal"];
if (passTest($nieuw, $nieuwheraal) === TRUE) {
$user_id = $_SESSION['gebruiker_id'];
$nieuw = password_hash($nieuw, PASSWORD_BCRYPT);
updatePassword($nieuw, $user_id);
$_SESSION['message-success'] = 'Uw wachtwoord is gewijzigd!';
}
}
}
}
$pagename = "settings";
?>
<?php
include ROOT_PATH . "includes/templates/header.php";
//als docent ingelogd is sidebar-docent anders sidebar-leerling
if (checkRole($_SESSION['gebruiker_id']) == 2) {
include ROOT_PATH . "includes/templates/sidebar-docent.php";
} else {
include ROOT_PATH . "includes/templates/sidebar-leerling.php";
//}
switch ($action) {
case 'login':
login();
break;
case 'logout':
logout();
break;
case 'register':
register();
break;
case 'update':
update();
break;
case 'updatePassword':
updatePassword();
break;
case 'addImage':
addImage();
break;
case 'updateGroupImage':
updateGroupImage();
break;
case 'createGroup':
createGroup();
break;
case 'acceptGroupRequest':
acceptGroupRequest();
break;
case 'declineGroupRequest':
declineGroupRequest();
$stmt = $mysql->prepare("SELECT state,password,password_salt,id from users where (username = ? or email = ?)");
$stmt->bind_param('ss', $username, $username);
$stmt->execute();
$stmt->bind_result($method, $password_h, $password_salt, $uid);
$stmt->fetch();
$stmt->close();
if (isValidMd5($password_h)) {
$cv_hash = cv_hash($password);
if ($password_h == $cv_hash) {
updatePassword($uid, $password);
$login = true;
}
} elseif ($method != 3) {
$nc_hash = hashpass($password);
if ($password_h == $nc_hash) {
updatePassword($uid, $password);
$login = true;
}
} else {
$options = ['cost' => 11, 'salt' => $password_salt];
$pwd_h = password_hash($password, PASSWORD_BCRYPT, $options);
if ($password_h == $pwd_h) {
$login = true;
}
}
if ($login) {
$ip = stripslashes($_SERVER['REMOTE_ADDR']);
$login_q = $mysql->prepare("SELECT users.id as id,username,email,rank,user_titles.title as title from users left join user_titles on user_titles.id = users.rank where users.id = ?");
$login_q->bind_param('i', $uid);
$login_q->execute();
$login_q->bind_result($id, $qusername, $qemail, $qrank, $qtitle);
<?php
include_once '../connection/connection.php';
include_once '../connection/dbFogetPassword.php';
if (isset($_POST['changePassword'])) {
$conn = connect();
if ($conn->connect_error) {
die("Connection failed:" . $conn->connect_error);
} else {
echo "ghfh";
updatePassword($_POST);
header('location:signin.php');
}
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../css/style.css">
</head>
<body>
<div class=upperHeader> Reset Password</div>
<form method='Post' action=''>
<table>
<tr>
<td> Enter your Email address
</td>
<td>
<input type=text name=email>
</td>
</tr>
updatePassword($result["id"], $result["password"]);
echo json_encode(array("id" => $result["id"], "message" => "Add user successfully"));
} catch (Exception $e) {
echo $e->getMessage();
}
});
/* User Update */
$app->put('/user/:id/:jsondata', function ($id, $jsondata) use($app, $db) {
try {
$updateUserData = json_decode($jsondata, true);
$app->response()->header('Content-Type', 'application/json');
$user = $db->users()->where('id', $id);
if ($user) {
$result = $user->update($updateUserData);
if ($user->update(['password' => $user->update($updateUserData)])) {
updatePassword($id, $updateUserData["password"]);
}
echo json_encode(array("status" => (bool) $result, "message" => "User updated successfully"));
} else {
echo json_encode(array("status" => false, "message" => "User id {$id} does not exist"));
}
} catch (Exception $e) {
echo $e->getMessage();
}
});
/* User Delete */
$app->delete('/user/:id', function ($id) use($app, $db) {
try {
$app->response()->header('Content-Type', 'application/json');
$user = $db->users()->where('id', $id);
if ($user->fetch()) {
require "lib/menu.php";
?>
<script src="js/accountVerif.js" type="text/javascript"></script>
<section class="main" id="account">
<?php
if (!isConnect()) {
echo "<h2>Vous n'êtes pas connecté</h2>\n</section>\n</body>\n</html>\n";
exit;
}
if (isset($_POST['validPassword'])) {
if (isset($errorPassword)) {
echo "<ul>\n{$errorPassword}</ul>\n";
} else {
if (updatePassword($login, $newpass)) {
echo "<h2>Changement de mot de passe réussi</h2>";
} else {
echo "<h2>Une erreur s'est produite. Veuillez recommencer, s'il vous plait !</h2>";
}
}
}
if (isset($_POST['validIdentity'])) {
if (isset($errorIdentity)) {
echo "<ul>\n{$errorIdentity}</ul>\n";
} else {
if (count($changes) == 0) {
echo "<h2>Aucune modification de l'identité</h2>";
} else {
if (updateIdentity($login, $_POST['name'], $_POST['firstname'], $changes)) {
echo "<h2>Changement d'identité réussi</h2>";
<?php
require "manageDB.php";
$email = $_POST['email'];
// definisco mittente e destinatario della mail
$nome_mittente = "OpenIdeas";
$mail_mittente = "";
$mail_destinatario = "{$email}";
// definisco il subject
$mail_oggetto = "Recupero password";
$newPassword = randomPassword();
updatePassword($email, $newPassword);
// definisco il messaggio formattato in HTML
$mail_corpo = <<<HTML
<html>
<head>
<title>Recupero password portale OpenIdeas</title>
</head>
<body>
La tua password è stata reimpostata a: {$newPassword}
</body>
</html>
HTML;
// aggiusto un po' le intestazioni della mail
// E' in questa sezione che deve essere definito il mittente (From)
// ed altri eventuali valori come Cc, Bcc, ReplyTo e X-Mailer
$mail_headers = "From: " . $nome_mittente . " <" . $mail_mittente . ">\r\n";
$mail_headers .= "Reply-To: " . $mail_mittente . "\r\n";
$mail_headers .= "X-Mailer: PHP/" . phpversion() . "\r\n";
// Aggiungo alle intestazioni della mail la definizione di MIME-Version,
// Content-type e charset (necessarie per i contenuti in HTML)
function handleUpdatePW($data)
{
$uid = $data['userId'];
$prePW = $data['prePassword'];
//检查密码是否正确
$users = queryUid($uid);
$truePW = 0;
while ($row = mysql_fetch_array($users)) {
$truePW = $row['password'];
}
if (strcmp($prePW ^ key, $truePW)) {
$Response['status'] = 'failed';
$Response['message'] = '当前密码错误';
return $Response;
}
$newPW = addslashes($data['newPassword'] ^ key);
$result = updatePassword($uid, $newPW);
if (!$result) {
$Response['status'] = 'success';
$Response['message'] = '修改密码成功';
} else {
$Response['status'] = 'error';
$Response['message'] = $result;
}
return $Response;
}
along with Cybermin; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
2006 Namont Nicolas
include/post_moncompte.php V0.1
*/
// Fichier de post de mon compte / modification du mot de passe
if (isset($_POST["submit"])) {
$pass1 = $_POST["pass1"];
$pass2 = $_POST["pass2"];
if ($pass1 != "" and $pass2 != "") {
if ($pass1 != $pass2) {
$mess = getError(7);
} else {
$result = updatePassword($_SESSION["iduser"], $pass1);
if ($result == FALSE) {
$mess = getError(0);
} else {
$mess = getError(8);
}
}
}
///inscription a la newsletter
if (FALSE == updateNewsletter($_SESSION["iduser"], $_POST["newsletter"])) {
$mess = getError(0);
} else {
$mess = getError(8);
}
}
$user_group = $rowOp->user_group;
$type_log = 'CONNEXION';
if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
require_once 'require/function_users.php';
updatePassword($login, $mdp);
}
} else {
$login_successful = $l->g(180);
$type_log = 'BAD CONNEXION';
}
} else {
$reqOp = "SELECT id,user_group,passwd FROM operators WHERE id='%s'";
$arg_reqOp = array($login);
$resOp = mysql2_query_secure($reqOp, $_SESSION['OCS']["readServer"], $arg_reqOp);
$rowOp = mysqli_fetch_object($resOp);
if (isset($rowOp->id) && password_verify($mdp, $rowOp->passwd)) {
if ($oldpassword) {
require_once 'require/function_users.php';
updatePassword($login, $mdp);
}
$login_successful = "OK";
$user_group = $rowOp->user_group;
$type_log = 'CONNEXION';
} else {
$login_successful = $l->g(180);
$type_log = 'BAD CONNEXION';
}
}
$value_log = 'USER:' . $login;
$cnx_origine = "LOCAL";
addLog($type_log, $value_log);
function resetSubmit()
{
if (!empty($_POST['passwordOne']) && !empty($_POST['passwordTwo']) && isset($_POST['submit'])) {
if ($_POST['passwordOne'] == $_POST['passwordTwo']) {
//Check passwords match.
updatePassword();
}
} else {
echo '<p class="server-message">Your Passwords did not match, please try again from the link...</p>';
}
}
function updatePassword($username, $password)
{
global $dbConn;
$sql = "UPDATE users SET password = :password WHERE username = :username";
$stmt = $dbConn->prepare($sql);
$stmt->execute(array(":password" => $password, ":username" => $username));
return $stmt;
}
if (isset($_POST['newPassword']) && isset($_POST['confirmPassword'])) {
$newPassword = $_POST['newPassword'];
$confirmPassword = $_POST['confirmPassword'];
if (strlen($newPassword) == 0) {
print "<center><br><br>Invalid password, <a href='javascript:history.back()'>try again</a><center>";
} else {
if ($newPassword == $confirmPassword) {
updatePassword($_SESSION['user'], $newPassword);
print "<center><br><br>Password was updated, click <a href='http://www.skafia.com/cst336/assignments/4/index.php'>here</a> to continue</center>";
} else {
print "<center><br><br>Passwords do not match, <a href='javascript:history.back()'>try again</a><center>";
}
}
}
} else {
if (isset($_POST['cancelButton'])) {
header("Location: http://www.skafia.com/cst336/assignments/4/index.php");
}
}
if (!isset($_POST['newPassword'])) {
print "\n\t<body>\n\t<center>\n\t<form action=\"updatepassword.php\" method=\"post\">\n\t\t<table>\n\t\t\t<tr><td colspan=2 align=center><h3>Update Password<h3></td></tr>\n\t\t\t<tr><td colspan=2 align=center> </td></tr>\n\t\t\t<tr><td>New Password:</td><td><input type=\"password\" name=\"newPassword\"></td></tr>\n\t\t\t<tr><td>Confirm:</td><td><input type=\"password\" name=\"confirmPassword\"></td></tr>\n\t\t\t<tr><td align=center colspan=2><input type=\"submit\" name=submitButton><input type=\"submit\" \n\t\t\tvalue=\"Cancel\" name=cancelButton></td></tr>\n\t\t</table>\n\t</form>\n\t</body>\n\t</center>";
}
?>
}
if (!isset($_SESSION['account_activated']) and !isset($pass)) {
$_SESSION['message'] = 'Toegang geweigerd.';
header('Location: ' . BASE_URL);
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$pass = $_POST['pass'];
$pass_confirm = $_POST['pass_confirm'];
if (passTest($pass, $pass_confirm) === TRUE) {
if (isset($_SESSION['gebruiker_id'])) {
$user_id = $_SESSION['gebruiker_id'];
}
$password = password_hash($pass, PASSWORD_BCRYPT);
//wachtwoord invoeren in de database en activate_account op 1 zetten ( dus geactiveerd )
updatePassword($password, $user_id);
unset($_SESSION['account_activated']);
if (isset($user_id, $email_code)) {
//nieuwe email code aanmaken en opslaan.
$email_code = md5($user_id + microtime());
update_email_code($user_id, $email_code);
$_SESSION['message-success'] = 'Uw wachtwoord is gewijzigd!';
header('Location: ' . BASE_URL);
exit;
} else {
header('Location: ' . BASE_URL . 'dashboard/');
exit;
}
}
}
?>
<?php
$formMessage = '';
$formStatus = "info";
if (isset($_POST['submit']) && 'changePassword' == $_POST['action']) {
if (empty($_POST['newPassword']) || empty($_POST['confirmPassword'])) {
$formMessage = "Password cannot be empty!";
$formStatus = "danger";
} else {
$newPassword = $_POST['newPassword'];
$confirmPassword = $_POST['confirmPassword'];
$newPassword = stripslashes($newPassword);
$confirmPassword = stripslashes($confirmPassword);
if ($newPassword == $confirmPassword) {
if (updatePassword($loggedInUser, $newPassword)) {
$formMessage = "Password has been changed.";
$formStatus = "success";
} else {
$formMessage = "Unable to change the password.";
$formStatus = "danger";
}
} else {
$formMessage = "Passwords are not equal.";
$formStatus = "danger";
}
}
}
?>
<form action="" method="post" role="form">
/**
\brief User bearbeiten
Ändert die Daten eines Users
*/
function User_edit()
{
#check rights
$rank = $this->userdata['rights']['useredit']['rank'];
if (!$rank) {
#no permission
$this->_header("", "no permission");
}
$page = param_num("page", 1);
$id = param_num("id");
if (!$id) {
$this->_header();
}
$return = getUserByID($id);
if (!$return) {
$this->_header();
}
#check rights
if ($rank > 1 && $this->userdata['aid'] != $return['aid'] || $rank > 2 && $this->userdata['gala'] != $return['gala']) {
#no permission
$this->_header("", "no permission");
}
$data = $_SESSION['steps'];
#information message, step 2
if ($data['useredit']) {
#save step
unset($data['useredit']);
$_SESSION['steps'] = $data;
$this->forms['information']['url'] = $this->backtracking->backlink();
$this->forms['information']['title'] = "Benutzerdaten ändern";
$this->forms['information']['message'] = "Änderung erfolgreich";
$this->forms['information']['style'] = "green";
$this->show('message_information', "Benutzerdaten ändern");
}
#formular send
if ($this->userdata['rights']['changegroup']) {
$grouplist = getGroupList($this->userdata['rights']['changegroup']['rank']);
if ($return['gid']) {
for ($i = 0; $i < count($grouplist); $i++) {
if ($grouplist[$i]['gid'] == $return['gid']) {
$canchangegroup = true;
break;
}
}
} else {
$canchangegroup = true;
}
}
if ($canchangegroup) {
$this->template->assign("changegroup", 1);
} else {
$this->template->assign("group", $return['groupname']);
}
if ($rank == 1) {
$allylist = getAllyList();
} else {
$this->template->assign("ally", $this->userdata['tag']);
}
$this->template->assign("rank", $rank);
$galalist = array();
if ($_REQUEST['send']) {
$items['login']['value'] = param_str("login", true);
$items['nick']['value'] = param_str("nick", true);
$items['ircauth']['value'] = param_str("ircauth", true);
$items['pos']['value'] = param_num("pos", null, true);
$items['gala']['value'] = param_num("gala", null, true);
$password = param_str("password", true);
if ($rank == 1) {
$items['aid']['value'] = param_num("ally", 0, true);
#check allyid
if ($items['aid']['value']) {
$ally = 0;
for ($i = 0; $i < count($allylist); $i++) {
if ($items['aid']['value'] == $allylist[$i]['aid']) {
$ally =& $allylist[$i];
$ally['selected'] = "selected";
break;
}
}
}
if (!$ally) {
$this->_header("", "Ungültige Allianzid!");
}
} else {
$items['aid']['value'] = $this->userdata['aid'];
}
#check gala
if ($rank < 3) {
$galalist = getGalaListbyAlly($items['aid']['value']);
if (!$galalist) {
$errors[] = "Die Allianz hat keine Galaxien!";
$galalist[] = array("gala" => "keine");
}
} else {
$items['gala']['value'] = $this->userdata['gala'];
$this->template->assign("gala", $this->userdata['gala']);
}
if ($_REQUEST['next_x']) {
if (!$items['nick']['value']) {
$errors[] = "Nickname darf nicht leer sein!";
$items['nick']['bgrd'] = '_error';
}
if (!$items['login']['value']) {
$errors[] = "Login darf nicht leer sein!";
$items['login']['bgrd'] = '_error';
}
if (!$items['pos']['value']) {
$items['pos']['bgrd'] = '_error';
$errors[] = "Die Position darf nicht leer sein!";
}
if ($canchangegroup) {
#check gid
$items['gid']['value'] = param_num('group', 0, true);
if ($items['gid']['value']) {
$group = 0;
for ($i = 0; $i < count($grouplist); $i++) {
if ($items['gid']['value'] == $grouplist[$i]['gid']) {
$group =& $grouplist[$i];
$group['selected'] = "selected";
break;
}
}
if (!$group) {
$this->_header();
}
}
} else {
$items['gid']['value'] = $return['gid'];
}
#check nickname
if ($items['nick']['value'] && strtolower($items['nick']['value']) != strtolower($return['nick']) && getUserByNick($items['nick']['value'])) {
$errors[] = 'User existiert bereits!';
$items['nick']['bgrd'] = '_error';
}
#check login
if ($items['login']['value'] && strtolower($items['login']['value']) != strtolower($return['login']) && getUserByLogin($items['login']['value'])) {
$errors[] = 'Login existiert bereits!';
$items['login']['bgrd'] = '_error';
}
#check galaid
if ($items['gala']['value'] && $rank < 3) {
$galaxy = 0;
for ($i = 0; $i < count($galalist); $i++) {
if ($items['gala']['value'] == $galalist[$i]['gala']) {
$galaxy =& $galalist[$i];
$galaxy['selected'] = "selected";
break;
}
}
if (!$galaxy) {
$this->_header("index.php", "Ungültige Galaid!");
}
}
if (!$errors && ($return['gala'] != $items['gala']['value'] || $return['pos'] != $items['pos']['value'])) {
$chkuser = getUserByPos($items['gala']['value'], $items['pos']['value']);
if ($chkuser) {
$errors[] = "User existiert bereits, <a href=\"admin.php?action=userdetails&id=" . $chkuser['uid'] . "\">" . $chkuser['nick'] . " (" . $chkuser['gala'] . ":" . $chkuser['pos'] . ")</a>";
$items['pos']['bgrd'] = '_error';
}
}
if (!$errors) {
#save step
$data['useredit'] = 1;
$_SESSION['steps'] = $data;
if ($password) {
#eigenes pw geändert
if ($return['uid'] == $this->userdata['uid']) {
updateUserPassword($return['uid'], $password);
$sessionuserdata['id'] = $this->userdata['uid'];
$sessionuserdata['password'] = md5($password);
$_SESSION['sessionuserdata'] = $sessionuserdata;
} else {
updatePassword($return['uid'], $password);
}
addToLogfile("Passwort von " . $return['nick'] . " geändert", "Admin", $this->userdata['uid']);
}
addToLogfile("User " . $return['nick'] . " bearbeitet", "Admin", $this->userdata['uid']);
updateAdminUser($return['uid'], $items['nick']['value'], $items['login']['value'], $items['gala']['value'], $items['pos']['value'], $items['gid']['value'], $items['ircauth']['value']);
$this->_header("admin.php?action=edituser&id=" . $return['uid'] . "&send");
}
}
} else {
if ($return['gid'] && $this->userdata['rights']['changegroup']) {
for ($i = 0; $i < count($grouplist); $i++) {
if ($return['gid'] == $grouplist[$i]['gid']) {
$grouplist[$i]['selected'] = "selected";
break;
}
}
}
if ($rank == 1) {
#select ally
for ($i = 0; $i < count($allylist); $i++) {
if ($return['aid'] == $allylist[$i]['aid']) {
$ally =& $allylist[$i];
$ally['selected'] = "selected";
break;
}
}
}
if ($rank < 3) {
$galalist = getGalaListbyAlly($return['aid']);
if (!$galalist) {
$errors[] = "Die Allianz hat keine Galaxien!";
$galalist[] = array("gala" => "keine");
} else {
#select gala
for ($i = 0; $i < count($galalist); $i++) {
if ($return['gala'] == $galalist[$i]['gala']) {
$galalist[$i]['selected'] = "selected";
break;
}
}
}
} else {
$this->template->assign("gala", $this->userdata['gala']);
}
$items['ircauth']['value'] = $return['ircauth'];
$items['nick']['value'] = $return['nick'];
$items['login']['value'] = $return['login'];
$items['pos']['value'] = $return['pos'];
}
$this->template->assign("errors", $errors);
$this->template->assign("galalist", $galalist);
$this->template->assign("allylist", $allylist);
if (!$items['ircauth']['value']) {
$items['ircauth']['bgrd'] = "_optional";
}
if (!$items['password']['value']) {
$items['password']['bgrd'] = "_optional";
}
$this->template->assign("items", $items);
$this->template->assign("grouplist", $grouplist);
$this->template->assign("id", $return['uid']);
$this->template->assign("username", $return['nickname']);
$this->show('user_edit_form', "Benutzerdaten ändern");
}
$envoi = 0;
break;
}
}
if ($envoi == 1) {
updateMembre($_POST['ID_membre'], $_POST['nom'], $_POST['prenom'], $_POST['mail'], $_POST['adresse'], $_POST['codepostal'], $_POST['ville'], $_POST['pays'], $admin);
if ($_POST['changePassword'] != '' or $_POST['changePassword2'] != '') {
$envoi2 = 1;
//vérification du password
$send[] = verificationFormulaire($_POST['changePassword'], $rgxPassword, 'Erreur dans le mot de passe. Les modifications de profil ont été envoyés mais votre mot de passe n\'a pas été modifié !', false);
//vérif correspondance password 1 & 2
if ($_POST['changePassword'] != $_POST['changePassword2']) {
$send[] = 'Les deux nouveaux mots de passe ne correspondent pas. Les modifications de profil ont été envoyés mais votre mot de passe n\'a pas été modifié !';
}
foreach ($send as $element) {
if ($element != '') {
$envoi2 = 0;
break;
}
}
if ($envoi2 == 1) {
//on crypte le mot de passe si le champs a été correctement rempli
$password = sha1($_POST['changePassword']);
echo $_POST['ID_membre'];
echo $password;
include_once 'modele/membre/panel_updatePassword.php';
updatePassword($_POST['ID_membre'], $password);
}
}
}
include_once 'vue/membre/admin/envoi.php';
/**
* @param $firstname
* @param $lastname
* @param $email
* @param $userpass
* @return bool|object
* Register a new user.
*/
function register($firstname, $lastname, $email, $userpass)
{
$success = true;
$msg = "";
$insertid = "";
$checkemail = "";
if ($email == "" || $userpass == "" || $lastname == "" || $firstname == "") {
return false;
}
$oldpass = $userpass;
$email = convertForInsert($email);
$userpass = convertForInsert($userpass);
$lastname = convertForInsert($lastname);
$firstname = convertForInsert($firstname);
$sql = "SELECT Email FROM tbl_users WHERE Email = " . $email;
$mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname);
$rs = $mysqli->query($sql);
while ($row = $rs->fetch_assoc()) {
$checkemail = $row['Email'];
}
$rs->free();
$mysqli->close();
if ($checkemail != "") {
//we have an email address already, bail
$success = false;
$msg = "Email already exists.";
}
if ($success) {
$sql = "INSERT INTO tbl_users\n (UserID, LastName, FirstName, Email, Password) VALUES\n (NULL, {$lastname}, {$firstname}, {$email}, {$userpass})";
$mysqli = new mysqli(Database::dbserver, Database::dbuser, Database::dbpass, Database::dbname);
$mysqli->query($sql);
$userid = $mysqli->insert_id;
$salt = generateSalt($userid);
$salted = encryptPassword($oldpass, $salt);
updatePassword($salted, $userid);
$mysqli->close();
}
$data = array("success" => $success, "message" => $msg, "id" => $insertid);
return json_encode($data);
}
<?php
include "header.php";
if (isset($_GET['action'])) {
//
switch (strtolower($_GET['action'])) {
//
case 'updatepass':
//
if (isset($_POST['username']) && isset($_POST['password'])) {
//
if (updatePassword($_POST['username'], $_POST['password'])) {
//
unset($_GET['action']);
} else {
?>
<div class="main">
<span class="shadow-top"></span>
<!-- shell -->
<div class="shell">
<div class="container">
<!-- testimonial -->
<section class="testimonial">
<h2>Final Fantasy XI Private Server!</h2>
<p><strong>“</strong>Your password was update successfuly!.</p>
<p>in a few moments you will be redirected to your profile, and again Thank you for your patience.</p>
<META http-equiv="refresh" content="10;URL=profile.php">
</section>
<!-- testimonial -->
</div>
} catch (Exception $e) {
header_status(500);
$response['status'] = 'Error';
$response['message'] = $e->getMessage();
echo json_encode($response);
die;
}
$json = file_get_contents('php://input');
$data = json_decode($json);
$headers = apache_request_headers();
$header = str_replace("Bearer ", "", $headers['Authorization']);
$JWT = new JWT();
try {
$decoded_token = $JWT->decode($header, $key, array($alg));
if ($data->location === 'update_password') {
updatePassword($data, $db);
}
} catch (DomainException $e) {
header_status(401);
$response['status'] = 'Error';
$response['message'] = $e->getMessage();
echo json_encode($response);
die;
}
function updatePassword($data, $db)
{
$response = array();
try {
$search = 'SELECT password FROM users WHERE BINARY id=? ';
$search_stmt = $db->stmt_init();
if (!$search_stmt->prepare($search)) {
if (!$_SESSION["username"]) {
$url = $_SERVER['REQUEST_URI'];
echo "<meta http-equiv=\"refresh\" content=\"0;url=Login.php?url={$url}\">";
}
$uid = $_SESSION['id'];
$q = mysql_query("SELECT * FROM `userList` where `uid`='{$uid}'") or die(mysql_error());
$row = mysql_fetch_assoc($q);
$name = $row['Name'];
$uname = $row['UserName'];
$text = $row['About'];
$email = $row['Email'];
$pic = $row['ProfilePicture'];
if (isset($_POST['updatePass'])) {
if (strlen($_POST['password']) > 5 && strlen($_POST['password_check']) > 5) {
if (strcmp($_POST['password'], $_POST['password_check']) == 0) {
updatePassword($_POST['password'], $uid);
} else {
echo "<script language=\"javascript\" type=\"text/javascript\">";
echo "alert('The Passwords not matching! Try again.Thank you')";
echo "</script>";
}
} else {
echo "<script language=\"javascript\" type=\"text/javascript\">";
echo "alert('Password should have minimum length of 6')";
echo "</script>";
}
}
if (isset($_POST['updateAbout'])) {
if (!empty($_POST['about'])) {
updateAbout($_POST['about'], $uid);
} else {
$message = insertWord($conn, $userID, $word, $translation, $description, $wordBase, $list, $forceInsert);
break;
case "get":
$message["action"] = "check";
break;
case "userinfo":
$message["user"] = getUserInfo($conn, $userID);
break;
case "userdetail":
$message["user"] = getUserDetail($conn, $userID);
break;
case "updateuserdetail":
$message["status"] = updateUserDetail($conn, $userID, $_POST["firstname"], $_POST["lastname"], $_POST["nickname"]);
break;
case "updatepassword":
$message["update"] = updatePassword($conn, $userID, $_POST["password"], $_POST["newpassword"], $passwordSalt);
break;
case "wordlist":
$filter = "%";
if (isset($_POST["filter"])) {
$filter = $_POST["filter"];
}
$message["wordcount"] = getWordsCount($conn, $_POST["lists"], $userID, $filter);
$message["words"] = getWordsList($conn, $userID, $_POST["lists"], $_POST["first"], $_POST["last"], $filter);
break;
case "wordcount":
$message["wordcount"] = getWordsCount($conn, $_GET["list"], $userID);
break;
case "logout":
$message["logout"] = logUserOut($conn, $_GET["token"]);
// remove all session variables
/****************************************************************************
* Actions
*****************************************************************************/
if (array_key_exists('action', $_POST)) {
switch ($_POST['action']) {
case 'update_base_url':
saveBaseURL('../');
break;
case 'update_config':
updateConfig();
break;
case 'update_feedback':
updateFeedback();
break;
case 'update_password':
$passwordError = updatePassword($_POST['admin_password']);
break;
case 'update_translation':
updateTranslation();
break;
case 'update_theme':
updateTheme();
break;
case 'update_channels':
updateChannels();
break;
case 'total_reset':
$total_reset = totalReset();
break;
}
}
<?php
require '../model/database.php';
require '../model/userLogin_db.php';
$oldPassword = $_POST['oldPassword'];
$currentPassword = $_POST['currentPassword'];
$newPassword = $_POST['newPassword'];
$userId = $_POST['userId'];
if ($oldPassword == $currentPassword) {
updatePassword($newPassword, $userId);
header("Location: successChangeP.php");
} else {
header("Location: failChangeP.php");
}
}
if (isset($_POST["confirm_password"])) {
$confirm_password = $_POST["confirm_password"];
}
if ($new_password != $confirm_password) {
$error = "Passwords do not match.";
} else {
$user = getUserRecord($_COOKIE["username"]);
if (crypt($password, $user['hash']) != $user['hash']) {
$error = "Invalid current password";
} else {
$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
$hash = crypt($new_password, $salt);
$token = updatePassword($_COOKIE["username"], $hash);
setcookie("token", $token);
header("Location: index.php");
exit;
}
}
}
include 'include/header.php';
?>
<div class="content-overlay-box">
<div id="devices-container">
<div>
<div class="header-summary">
<div class="summary-text">
<div class="device-name" title="Register">Change password</div>
