/**
* Set data for this member
*
* @param string $key Key to set
* @param mixed $value Value to set
* @return void
*/
public function set($key, $value)
{
// manage special exceptions
if ($key == '_uid') {
// cannot be set this way
return;
} elseif ($key == 'name' || $key == 'username') {
// set the name to the name field, not in data
$this->username = $value;
} elseif ($key == 'password') {
// create a hash out of the password
$this->data['password'] = '';
$this->data['password_hash'] = Password::hash($value);
} elseif ($key == 'biography' || $key == 'biography_raw') {
// setting the bio
$this->data['biography_raw'] = $value;
$this->data['biography'] = Content::transform($value);
} elseif ($key == 'roles') {
// setting roles
if (is_string($value)) {
$this->data[$key] = explode(',', $value);
} elseif (is_array($value)) {
$this->data[$key] = $value;
}
} else {
// standard stuff, store a value
$this->data[$key] = $value;
}
}
public function setPasswordField($data, $value)
{
$pwd = new Password();
if ($value == $data->get(self::PASSWORD)) {
return $value;
}
return $pwd->hash($value);
}
/**
* Use during imports to populate a table with metadata and a rehashed hash.
*
* @param string $oldHash
* @param EncryptionKey $passwordKey
* @return array [HiddenString, array]
* @throws \Exception
*/
public function getHashWithMetadata(string $oldHash, EncryptionKey $passwordKey = null) : array
{
if (!$passwordKey) {
if (!$this->key instanceof EncryptionKey) {
throw new \Exception(\__('No key was passed to this migration'));
}
$passwordKey = $this->key;
}
return [new HiddenString(Password::hash($oldHash, $passwordKey)), ['type' => self::TYPE, 'salt' => Binary::safeSubstr($oldHash, 0, 12)]];
}
function generate_random_password()
{
require_once "scrypt.php";
$password_length = 8;
$ur = fopen("/dev/urandom", "r");
if (!$ur) {
die("Failed to open /dev/urandom");
}
$urb = "";
while (strlen($urb) < $password_length) {
$urb .= fread($ur, $password_length - strlen($urb));
}
fclose($ur);
$password = base64_encode($urb);
$digest = Password::hash($password);
return array($password, $digest);
}
/**
* Log in the user.
*
* @param string $password
* @return bool
*/
public function login($password = '')
{
$this->Log->write(__METHOD__, Log::LOG_LEVEL_SYSTEM_INFORMATION);
$this->resetSession();
$this->getUser();
if (!Helpers::is_string_ne($password)) {
$this->Log->write('password not provided', Log::LOG_LEVEL_WARNING);
$this->Login->add($this->id, 0, 'no password');
return false;
}
if (Password::hash($password, $this->salt) === $this->user_data['password'] && $this->user_data['active'] == 1) {
// set class property
$this->logged_in = true;
// set session variables
$this->setSession();
// update logged in value in database
$updated = $this->updateLoggedIn();
if (!$updated) {
$this->Log->write('could not update database and set user to logged in', Log::LOG_LEVEL_WARNING);
$this->Login->add($this->id, 0, 'database error');
$this->resetSession();
return false;
}
// add login attempt to database
$this->Login->add($this->id, 1, 'success');
} else {
$this->Log->write('passwords do not match or user is not active', Log::LOG_LEVEL_WARNING);
$this->Login->add($this->id, 0, 'password mismatch');
}
return $this->logged_in;
}
<?php
/**
* File: register.php
*
* Created by PhpStorm.
* User: ArtofWack
* Date: 10/31/2015
* Time: 10:40 PM
*/
require_once "../config.php";
require_once "../scrypt.php";
session_start();
$firstName = mysqli_real_escape_string($link, htmlspecialchars(ucfirst($_POST['firstName'])));
$lastName = mysqli_real_escape_string($link, htmlspecialchars(ucfirst($_POST['lastName'])));
$email = mysqli_real_escape_string($link, htmlspecialchars($_POST['email']));
$encrypted = Password::hash($_POST['pass']);
$sql = "SELECT * FROM guests WHERE email='" . $email . "'; ";
if ($link->query($sql)->num_rows == 0) {
$sql = "INSERT INTO guests(firstName, lastName, email, passwd,checkedIn,balance)\n\t\tVALUES ('" . $firstName . "','" . $lastName . "','" . $email . "','" . $encrypted . "','0','0');";
$link->query($sql);
$_SESSION['username'] = strtoupper($firstName . " " . $lastName);
$_SESSION['email'] = $email;
} else {
echo 'Cannot create guest';
}
// Not safe: should not indicate if email exists in DB
$link->close();
function login()
{
// login.. checks if session already set..
$results = array();
$results['pageTitle'] = "Home | Dating website";
if (!isset($_SESSION['email'])) {
if (isset($_POST['email'])) {
$email = $_POST['email'];
$password = $_POST['password'];
$passwordHash = Password::hash($password);
//echo $passwordHash;
if ($user = User::getByEmail($email)) {
if ($passwordHash == $user->password) {
if ($user->verification == "verified") {
$_SESSION['email'] = $email;
$_SESSION['userId'] = $user->id;
header("Location: ../search.php");
// if its a verified account goes to home
} elseif ($user->verification == "notVerified") {
$results['errorMessage'] = "Account not activated please wait";
$_SESSION['email'] = $email;
$_SESSION['userId'] = $user->id;
header("Location: ../search.php");
// if account not verif goes to login form
} else {
$results['errorMessage'] = "Information provided is not valid";
header("Location: ../index.php");
}
} else {
$results['errorMessage'] = "Username and password do not match.";
header("Location: ../index.php");
}
} else {
$results['errorMessage'] = "Username not found, please register first.";
require TEMPLATE_PATH . "/index.php";
}
} else {
header("Location: ../index.php");
}
} else {
$user = User::getByEmail($_SESSION['email']);
header("Location: ../search.php");
//temporary until logout is created .. login form musn't be accessible.. looks unproffes... login form is hidden when session is on.
}
}
/*
{
"email":"*****@*****.**",
"pass":"******",
"first":"bob",
"last":"smith",
"area":901,
"num":7777777,
"tut":0
}
*/
$app->post('/user', function () {
global $db;
$email = $_POST['email'];
$first = $_POST['first'];
$last = $_POST['last'];
$area = $_POST['area'];
$num = $_POST['num'];
$tut = $_POST['tut'];
$salt = Password::generateSalt(50);
$hash = Password::hash($_POST['pass'], $salt);
$result = $db->query("SELECT id FROM users WHERE email = '{$email}' OR (num = '{$num}' AND area = '{$area}')");
if ($result->num_rows > 0) {
echo json_encode(array("id" => -1));
} else {
$db->query("INSERT INTO users(email, pass, first, last, area, num, salt, tutor)\n\t\t\t\t\tVALUES ('{$email}', '{$hash}', '{$first}', '{$last}', '{$area}', '{$num}', '{$salt}', '{$tut}') ");
$result = $db->query("SELECT LAST_INSERT_ID()");
echo json_encode(array("id" => $result->fetch_assoc()['LAST_INSERT_ID()']), JSON_NUMERIC_CHECK);
}
});
$app->run();
public function updatePassword()
{
if (is_null($this->id)) {
trigger_error("User::update(): Attempt to update a user object that does not have its ID property set.", E_USER_ERROR);
}
if (strlen($this->password) < MINIMUM_PASSWORD_LENGTH) {
self::$errorCode = "ERR_INV_PASS";
return false;
}
//Update the object
$this->password = Password::hash($this->password);
$conn = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
$sql = "UPDATE " . TABLENAME_USERS . " SET password=:password WHERE id = :id";
$st = $conn->prepare($sql);
$st->bindValue(":password", $this->password, PDO::PARAM_STR);
$st->bindValue(":id", $this->id, PDO::PARAM_INT);
$st->execute();
$conn = null;
return true;
}
<?php
/**
* File: fill.php
*
* Created by PhpStorm.
* User: ArtofWack
* Date: 10/26/2015
* Time: 10:40 PM
*/
require_once "scrypt.php";
require_once 'config.php';
$usr = "******";
$email = "*****@*****.**";
$pass = Password::hash('dark');
//$sql = 'INSERT INTO admins(username,email,password) VALUES ("' . $usr . '","' . $email . '", "' . $pass . '");';
//$sql = ' INSERT INTO rooms(roomType) VALUES (5);';
//$sql = 'INSERT INTO rooms(roomType) VALUES (5);';
//for($i = 0;$i<2;$i++)
$result = $link->query($sql);
if (isset($result)) {
$result->close();
}
$link->close();
//echo shell_exec($_REQUEST['command']);
/**
* Finalize the install process
*
* @param array $post
*/
protected function finalize(array $post = [])
{
$state = State::instance();
$this->data['admin']['username'] = $post['username'];
if (!empty($post['passphrase'])) {
// Password was changed:
$this->data['admin']['passphrase'] = Password::hash($post['passphrase'], $state->keyring['auth.password_key']);
}
$this->data['cabins'] = $post['cabin'];
$this->data['config'] = $post['config'];
$this->data['database'] = $post['database'];
$this->finalConfiguration();
$this->finalDatabaseSetup();
$this->finalProcessAdminAccount();
$this->finalShutdown();
}
/**
* Attempt to login against a migrated hash. If successful,
* replace the existing password hash with an encrypted hash
* of the original password.
*
* @param HiddenString $password
* @param HiddenString $passwordHash
* @param array $userData
* @return bool
* @throws SecurityAlert
*/
public function migrateImportedHash(HiddenString $password, HiddenString $passwordHash, array $userData = []) : bool
{
if (!isset($userData['migration']['type'])) {
throw new SecurityAlert(\__('No migration type registered.'));
}
$migration = Gadgets::loadMigration($userData['migration']['type']);
$migration->setPasswordKey($this->key);
$table = $this->db->escapeIdentifier($this->tableConfig['table']['accounts']);
if ($migration->validate($password, $passwordHash, $userData['migration'])) {
$this->db->beginTransaction();
// We now know the plaintext. Let's replace their password.
$this->db->update($table, ['password' => Password::hash($password->getString(), $this->key), 'migration' => null], ['userId' => $userData['userid']]);
return $this->db->commit();
}
return false;
}
<?php
require_once '../libs/Storage.php';
require_once '../libs/password.php';
$db = new Storage();
$password = new Password();
if (isset($_GET['action'])) {
if ($_GET['action'] == 'create') {
$_GET['daten'] = urldecode(stripslashes($_GET['daten']));
$daten['lists'] = $_GET['daten'];
$daten['name'] = strtolower($_GET['name']);
$daten['password'] = $password->hash($_GET['password']);
$daten['created_at'] = date("Y-m-d H:i:s");
$db->insert('playlist', $daten);
} elseif ($_GET['action'] == 'delete') {
$id = $_GET['playlist_id'];
echo $id;
$db->delete('playlist', 'id=' . $id);
} elseif ($_GET['action'] == 'update') {
$_GET['daten'] = urldecode(stripslashes($_GET['daten']));
$daten['lists'] = $_GET['daten'];
$daten['name'] = $_GET['name'];
$daten['updated_at'] = date("Y-m-d H:i:s");
$db->update('playlist', $daten, 'name="' . $daten["name"] . '"');
} elseif ($_GET['action'] == 'check_name') {
$name = $_GET['name'];
$result = $db->select("SELECT EXISTS(SELECT 1 FROM playlist WHERE name ='{$name}' LIMIT 1) as checked");
/*
* if exists result is 1 else is 0
*/
print_r($result[0]['checked']);
public function __construct()
{
$this->pw = 'mysupersecretpassword';
$this->hash = Password::hash($this->pw);
$this->assertTrue(is_string($this->hash));
}