private function authenticate($column, $loginstr, $password) { $fromTable = $this->_websoccer->getConfig('db_prefix') . '_user'; // get user data $columns = 'id, passwort, passwort_neu, passwort_salt'; $wherePart = $column . ' = \'%s\' AND status = 1'; $parameter = $loginstr; $result = $this->_db->querySelect($columns, $fromTable, $wherePart, $parameter); $userdata = $result->fetch_array(); $result->free(); // user does not exist if (!$userdata['id']) { return FALSE; } // check password $inputPassword = SecurityUtil::hashPassword($password, $userdata['passwort_salt']); if ($inputPassword != $userdata['passwort'] && $inputPassword != $userdata['passwort_neu']) { return FALSE; } // update password after a generated one if ($userdata['passwort_neu'] == $inputPassword) { $columns = array('passwort' => $inputPassword, 'passwort_neu_angefordert' => 0, 'passwort_neu' => ''); $whereCondition = 'id = %d'; $parameter = $userdata['id']; $this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter); } return $userdata['id']; }
/** * (non-PHPdoc) * @see IActionController::executeAction() */ public function executeAction($parameters) { $user = $this->_websoccer->getUser(); $columns = array(); // save new password if ($parameters["newpassword"] != null) { // always create new salt (in order to invalid old cookies) $salt = SecurityUtil::generatePasswordSalt(); $hashedPassword = SecurityUtil::hashPassword($parameters["newpassword"], $salt); $columns["passwort_salt"] = $salt; $columns["passwort"] = $hashedPassword; } // handle new e-mail if ($parameters["newemail"] != null) { $activationKey = SecurityUtil::generatePassword(); $columns["schluessel"] = $activationKey; $columns["status"] = 2; $columns["email"] = $parameters["newemail"]; $user->email = $parameters["newemail"]; // send e-mail $querystr = "key=" . $columns["schluessel"] . "&userid=" . $user->id; $tplparameters["activationlink"] = $this->_websoccer->getInternalActionUrl("activate", $querystr, "activate-user", TRUE); // send e-mail EmailHelper::sendSystemEmailFromTemplate($this->_websoccer, $this->_i18n, $user->email, $this->_i18n->getMessage("activation_changedemail_subject"), "changed_email_activation", $tplparameters); $this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_WARNING, $this->_i18n->getMessage("profile_changedemail_message_title"), $this->_i18n->getMessage("profile_changedemail_message_content"))); } $columns["name"] = $parameters["realname"]; $columns["wohnort"] = $parameters["place"]; $columns["land"] = $parameters["country"]; $columns["beruf"] = $parameters["occupation"]; $columns["interessen"] = $parameters["interests"]; $columns["lieblingsverein"] = $parameters["favorite_club"]; $columns["homepage"] = $parameters["homepage"]; $columns["c_hideinonlinelist"] = $parameters["c_hideinonlinelist"]; if ($parameters["birthday"]) { $dateObj = DateTime::createFromFormat($this->_websoccer->getConfig("date_format"), $parameters["birthday"]); $columns["geburtstag"] = $dateObj->format("Y-m-d"); } // update record if (count($columns)) { $fromTable = $this->_websoccer->getConfig("db_prefix") . "_user"; $whereCondition = "id = %d"; $this->_db->queryUpdate($columns, $fromTable, $whereCondition, $user->id); } // success message $this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_SUCCESS, $this->_i18n->getMessage("saved_message_title"), "")); return "profile"; }
public function executeAction($parameters) { if (!$this->_websoccer->getConfig("login_allow_sendingpassword")) { throw new Exception("Action is disabled."); } // check captcha if ($this->_websoccer->getConfig("register_use_captcha") && strlen($this->_websoccer->getConfig("register_captcha_publickey")) && strlen($this->_websoccer->getConfig("register_captcha_privatekey"))) { include_once BASE_FOLDER . "/lib/recaptcha/recaptchalib.php"; $captchaResponse = recaptcha_check_answer($this->_websoccer->getConfig("register_captcha_privatekey"), $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$captchaResponse->is_valid) { throw new Exception($this->_i18n->getMessage("registration_invalidcaptcha")); } } $email = $parameters["useremail"]; $fromTable = $this->_websoccer->getConfig("db_prefix") . "_user"; // get user $columns = "id, passwort_salt, passwort_neu_angefordert"; $wherePart = "UPPER(email) = '%s' AND status = 1"; $result = $this->_db->querySelect($columns, $fromTable, $wherePart, strtoupper($email)); $userdata = $result->fetch_array(); $result->free(); if (!isset($userdata["id"])) { sleep(5); throw new Exception($this->_i18n->getMessage("forgot-password_email-not-found")); } $now = $this->_websoccer->getNowAsTimestamp(); $timeBoundary = $now - 24 * 3600; if ($userdata["passwort_neu_angefordert"] > $timeBoundary) { throw new Exception($this->_i18n->getMessage("forgot-password_already-sent")); } // create new password $salt = $userdata["passwort_salt"]; if (!strlen($salt)) { $salt = SecurityUtil::generatePasswordSalt(); } $password = SecurityUtil::generatePassword(); $hashedPassword = SecurityUtil::hashPassword($password, $salt); // update user $columns = array("passwort_salt" => $salt, "passwort_neu_angefordert" => $now, "passwort_neu" => $hashedPassword); $whereCondition = "id = %d"; $parameter = $userdata["id"]; $this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter); $this->_sendEmail($email, $password); $this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_SUCCESS, $this->_i18n->getMessage("forgot-password_message_title"), $this->_i18n->getMessage("forgot-password_message_content"))); return "login"; }
/** * @see IConverter::toDbValue() */ public function toDbValue($value) { if (isset($_POST['id']) && $_POST['id']) { $db = DbConnection::getInstance(); $columns = 'passwort, passwort_salt'; $fromTable = $this->_websoccer->getConfig('db_prefix') . '_admin'; $whereCondition = 'id = %d'; $result = $db->querySelect($columns, $fromTable, $whereCondition, $_POST['id'], 1); $admin = $result->fetch_array(); $result->free(); if (strlen($value)) { $passwort = SecurityUtil::hashPassword($value, $admin['passwort_salt']); } else { $passwort = $admin['passwort']; } } else { $passwort = SecurityUtil::hashPassword($value, ''); } return $passwort; }
function actionSaveUser() { global $errors; global $messages; $requiredFields = array("name", "password", "email"); foreach ($requiredFields as $requiredField) { if (!isset($_POST[$requiredField]) || !strlen($_POST[$requiredField])) { $errors[] = $messages["requires_value"] . ": " . $messages["label_" . $requiredField]; } } if (count($errors)) { return "printCreateUserForm"; } $salt = SecurityUtil::generatePasswordSalt(); $password = SecurityUtil::hashPassword($_POST["password"], $salt); $columns["name"] = $_POST["name"]; $columns["passwort"] = $password; $columns["passwort_salt"] = $salt; $columns["email"] = $_POST["email"]; $columns["r_admin"] = "1"; include CONFIGFILE; $db = DbConnection::getInstance(); $db->connect($conf["db_host"], $conf["db_user"], $conf["db_passwort"], $conf["db_name"]); $db->queryInsert($columns, $conf["db_prefix"] . "_admin"); return "printFinalPage"; }
if ($_POST['newpassword'] != $_POST['repeatpassword']) { $err[] = $i18n->getMessage("profile_validationerror_wrong_repeated_password"); } if ($admin['r_demo']) { $err[] = $i18n->getMessage("validationerror_no_changes_as_demo"); } if (isset($err)) { include "validationerror.inc.php"; } else { echo "<h1>" . $mainTitle . " » " . $i18n->getMessage("subpage_save_title") . "</h1>"; $fromTable = $conf['db_prefix'] . "_admin"; $whereCondition = "id = %d"; $parameter = $admin['id']; if ($_POST['newpassword']) { // create new salt if (!strlen($admin["passwort_salt"])) { $salt = SecurityUtil::generatePasswordSalt(); $db->queryUpdate(array("passwort_salt" => $salt), $fromTable, $whereCondition, $parameter); } else { $salt = $admin["passwort_salt"]; } $passwort = SecurityUtil::hashPassword(trim($_POST['newpassword']), $salt); } else { $passwort = $admin['passwort']; } $columns = array("passwort" => $passwort, "email" => $_POST['email'], "lang" => $_POST['language']); $db->queryUpdate($columns, $fromTable, $whereCondition, $parameter); echo createSuccessMessage($i18n->getMessage("alert_save_success"), ""); echo "<p>» <a href=\"?site=" . $site . "\">" . $i18n->getMessage("back_label") . "</a></p>\n"; } }
private function _createUser($parameters, $fromTable) { $dbcolumns = array(); $dbcolumns["nick"] = $parameters["nick"]; $dbcolumns["email"] = strtolower($parameters["email"]); $dbcolumns["passwort_salt"] = SecurityUtil::generatePasswordSalt(); $dbcolumns["passwort"] = SecurityUtil::hashPassword($parameters["pswd"], $dbcolumns["passwort_salt"]); $dbcolumns["datum_anmeldung"] = $this->_websoccer->getNowAsTimestamp(); $dbcolumns["schluessel"] = str_replace("&", "_", SecurityUtil::generatePassword()); $dbcolumns["status"] = 2; $dbcolumns["lang"] = $this->_i18n->getCurrentLanguage(); if ($this->_websoccer->getConfig("premium_initial_credit")) { $dbcolumns["premium_balance"] = $this->_websoccer->getConfig("premium_initial_credit"); } $this->_db->queryInsert($dbcolumns, $fromTable); // get user id $columns = "id"; $wherePart = "email = '%s'"; $result = $this->_db->querySelect($columns, $fromTable, $wherePart, $dbcolumns["email"]); $newuser = $result->fetch_array(); $result->free(); $querystr = "key=" . $dbcolumns["schluessel"] . "&userid=" . $newuser["id"]; $tplparameters["activationlink"] = $this->_websoccer->getInternalActionUrl("activate", $querystr, "activate-user", TRUE); // send e-mail EmailHelper::sendSystemEmailFromTemplate($this->_websoccer, $this->_i18n, $dbcolumns["email"], $this->_i18n->getMessage("activation_email_subject"), "useractivation", $tplparameters); // trigger plug-ins $event = new UserRegisteredEvent($this->_websoccer, $this->_db, $this->_i18n, $newuser["id"], $dbcolumns["nick"], $dbcolumns["email"]); PluginMediator::dispatchEvent($event); }
$now = $website->getNowAsTimestamp(); if (count($errors) == 0) { // correct Pwd? $columns = array('id', 'passwort_neu_angefordert', 'name', 'passwort_salt'); $fromTable = $conf['db_prefix'] . '_admin'; $whereCondition = 'email = \'%s\''; $parameters = $inputEmail; $result = $db->querySelect($columns, $fromTable, $whereCondition, $parameters); $admin = $result->fetch_array(); if ($result->num_rows < 1) { $errors['inputEmail'] = $i18n->getMessage('sendpassword_admin_usernotfound'); } elseif ($admin['passwort_neu_angefordert'] > $now - 120 * 60) { $errors['inputEmail'] = $i18n->getMessage('sendpassword_admin_alreadysent'); } else { $newPassword = SecurityUtil::generatePassword(); $hashedPw = SecurityUtil::hashPassword($newPassword, $admin['passwort_salt']); // store new PW $columns = array('passwort_neu' => $hashedPw, 'passwort_neu_angefordert' => $now); $fromTable = $conf['db_prefix'] . '_admin'; $whereCondition = 'id = %d'; $parameter = $admin['id']; $db->queryUpdate($columns, $fromTable, $whereCondition, $parameter); try { _sendEmail($inputEmail, $newPassword, $website, $i18n); header('location: login.php?newpwd=1'); die; } catch (Exception $e) { $errors['inputEmail'] = $e->getMessage(); } } $result->free();