function createContingent($nameParam)
{
$password = random_password();
$name = clean_string($nameParam);
$loginID = registration_id();
$db = \Udaan\Database::connect();
$sth = $db->prepare("INSERT INTO contingent_college(name,loginid,password) VALUES('{$name}','{$loginID}','{$password}')");
$sth->execute();
header('Location: college.php');
}
public static function post_login($parameters)
{
$uid = $parameters['uid'];
$samlBackend = new OC_USER_SAML();
if ($samlBackend->auth->isAuthenticated()) {
$attributes = $samlBackend->auth->getAttributes();
if (array_key_exists($samlBackend->usernameMapping, $attributes) && $attributes[$samlBackend->usernameMapping][0] == $uid) {
$attributes = $samlBackend->auth->getAttributes();
if (array_key_exists($samlBackend->mailMapping, $attributes)) {
$saml_email = $attributes[$samlBackend->mailMapping][0];
}
if (array_key_exists($samlBackend->groupMapping, $attributes)) {
$saml_groups = $attributes[$samlBackend->groupMapping];
} else {
if (!empty($samlBackend->defaultGroup)) {
$saml_groups = array($samlBackend->defaultGroup);
OC_Log::write('saml', 'Using default group "' . $samlBackend->defaultGroup . '" for the user: '******'/[^a-zA-Z0-9 _\\.@\\-]/', $uid)) {
OC_Log::write('saml', 'Invalid username "' . $uid . '", allowed chars "a-zA-Z0-9" and "_.@-" ', OC_Log::DEBUG);
return false;
} else {
$random_password = random_password();
OC_Log::write('saml', 'Creating new user: '******'saml', 'Updating data of the user: ' . $uid, OC_Log::DEBUG);
if (isset($saml_email)) {
update_mail($uid, $saml_email);
}
if (isset($saml_groups)) {
update_groups($uid, $saml_groups, $samlBackend->protectedGroups, false);
}
}
}
return true;
}
}
return false;
}
function probability($length = 8, $type = 'alpha_numeric', $max = 1000000)
{
$result = random_password($length, $type);
$iterations = 0;
while (true) {
$next = random_password($length, $type);
//printf("Probability progress: %f%s\r", $iterations / $max, '%');
if ($result === $next) {
break;
}
if ($iterations == $max) {
break;
}
$iterations++;
}
$probability = $iterations == $max ? '+' . $max : '1 / ' . $iterations;
//printf("Probability: %s\n", $probability);
return $iterations;
}
function reset_password($username, $email)
{
global $db_link;
$result = wrap_db_query("SELECT email FROM " . BOOKING_USER_TABLE . " WHERE username='******'");
if (!$result) {
return false;
// no result
} else {
if (wrap_db_num_rows($result) == 0) {
return false;
// username not in db
} else {
$fields = wrap_db_fetch_array($result);
if ($email != $fields['email']) {
return false;
// emails do not match
}
}
}
$new_passwd = random_password(6);
// crypt user password entry
$crypted_new_passwd = crypt_password($new_passwd);
// set user's password to this in database or return false
$result = wrap_db_query("UPDATE " . BOOKING_USER_TABLE . " SET passwd = '" . wrap_db_escape_string($crypted_new_passwd) . "' " . "WHERE username = '******' AND email = '" . wrap_db_escape_string($email) . "'");
if (!$result) {
return false;
// not changed
} else {
return $new_passwd;
// changed successfully
}
}
public function forget_pass()
{
if (!empty($this->data)) {
$data = $this->data['ForgetPassForm'];
if (!isset($this->Captcha)) {
//if Component was not loaded throug $components array()
App::import('Component', 'Captcha');
//load it
$this->Captcha = new CaptchaComponent();
//make instance
$this->Captcha->startup($this);
//and do some manually calling
}
$cap = $this->Captcha->getVerCode();
if ($cap == $data['code']) {
$user = $this->User->find('first', array('conditions' => array('User.username' => $data['username'], 'User.user_role_id' => $data['user_role_id'])));
if (!empty($user)) {
$Mail = new MailController();
$Mail->constructClasses();
$pass = random_password();
$this->User->id = $user['User']['id'];
$this->User->save(array('password' => encrypt($pass, SALT)));
$arr = array();
$arr['TO_EMAIL'] = $user['User']['email'];
$arr['TO_NAME'] = $user['User']['username'];
$arr['USERNAME'] = $user['User']['username'];
$arr['PASSWORD'] = $pass;
$Mail->sendMail($user['User']['id'], 'forgot_password', $arr);
echo 'success';
die;
} else {
echo 'error';
}
} else {
echo 'code';
die;
}
}
die;
}
<?php
$password = "";
function random_password($length = 8)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#\$%^&*()_-=+;:,.?";
$password = substr(str_shuffle($chars), 0, $length);
return $password;
}
$email = $_POST["email"];
$servername = "sql3.freemysqlhosting.net:3306";
$user_db = "sql382663";
$password_db = "lR7%jI1%";
$dbname = "sql382663";
$password_new = random_password();
$password_encrypted = md5($password_new);
// Create connection
$conn = new mysqli($servername, $user_db, $password_db, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql2 = "UPDATE user SET user_password='******' WHERE user_mail = '{$email}'";
$result2 = mysqli_query($conn, $sql2);
if (mysqli_affected_rows($conn) > 0) {
$to = $email;
$subject = "Senha - ACE Application";
$message = "Trocamos sua senha. Ela agora é " . $password_new . " . Enjoy! /o/";
include "sendEmail.php";
echo "<script> window.location.href='index.php' </script>";
//header("Location: index.php");
function lostPassword($email)
{
global $bdd;
global $_TABLES;
if (!is_null($bdd) && !is_null($_TABLES)) {
// Requete de verification de l'existence du compte
$objUser = new User($bdd, $_TABLES);
$user = $objUser->getExist($email);
if ($user && !is_null($user)) {
// Generation du nouveau mot de passe
$new_password = random_password();
// Mise à jour du mot de passe de l'utilisateur
$objUser->updatePassword($user->id, $new_password);
// Génération de l'email
$template = new Template(dirname(dirname(dirname(__FILE__))) . "/ressources/template/email/reset_password.html");
$content = $template->getView(array("first_name" => $first_name, "last_name" => $last_name, "new_password" => $new_password));
// Envoi de l'email de bienvenue
$objMailer = new Mailer();
$objMailer->from = "*****@*****.**";
$objMailer->fromName = "Whats Up Street";
$objMailer->to = $email;
$objMailer->toName = $first_name . ' ' . $last_name;
$objMailer->subject = "[Important] Whats Up Street : Changement mot de passe";
$objMailer->content = $content;
$objMailer->isHTML();
$objMailer->send();
// Retour 0 si tout c'est bien passé
return 0;
} else {
// Compte n'existe pas
return 1;
}
} else {
error_log("BDD ERROR : " . json_encode($bdd));
error_log("TABLES ERROR : " . json_encode($_TABLES));
}
}
<?php
include_once "model/GenericTable.php";
include_once "header.php";
function random_password($length = 8)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#\$%^&*()_-=+;:,.?";
$password = substr(str_shuffle($chars), 0, $length);
return $password;
}
if (isset($_POST)) {
$location = $_POST['location'];
$mailid = $_POST['mailid'];
$otableuser = new GenericTable($dbh, 'fb_userdetails');
$otablepassword = new GenericTable($dbh, 'fb_password');
$pass = random_password(8);
$password = md5($pass);
$updatelist = array('password' => $password, 'changepassword' => 'Y');
$clause = "where location='{$location}'";
$otableuser->updateRow($updatelist, $clause);
$plist = array('LOCNAME' => $location, 'EMAIL' => $mailid, 'PASSWORD' => $pass, 'TIMESTAMP' => time());
$otablepassword->insertRow($plist);
//Email Header
$emailheader = "From: ikure <*****@*****.**>\r\nContent-type: text/html";
$to = $mailid;
$subject = "Password Reset";
$txt = "Your account password has been reset to the following password.<BR/> Password: "******"text/javascript">
alert("Your password has been send to registered mail id.");
}
}
}
//END SIGN IN APPLICATION
//CODE FOR RESET PASSWORD
if (isset($_POST['reset_passsword'])) {
$reset_mykadNO = mysqli_real_escape_string($con, $_POST['reset_mykadNO']);
$reset_email = mysqli_real_escape_string($con, $_POST['reset_email']);
$dtc_reset_user = "******";
$dtc_reset_user_query = mysqli_query($con, $dtc_reset_user);
if (mysqli_num_rows($dtc_reset_user_query) > 0) {
$dtc_reset_user_array = mysqli_fetch_array($dtc_reset_user_query);
$user_id_reset = $dtc_reset_user_array['lu_loginID'];
$user_staff_name = $dtc_reset_user_array['us_name'];
$user_staff_email = $dtc_reset_user_array['us_email'];
$tmp_pss = random_password();
$tmp_hash_pss = md5($tmp_pss);
$dtc_error = "SELECT * FROM login_error lrr WHERE lrr.login_user_lu_loginID = '{$user_id_reset}'";
$dtc_error_query = mysqli_query($con, $dtc_error);
if (mysqli_num_rows($dtc_error_query) > 0) {
$del_error = "DELETE FROM login_error WHERE login_user_lu_loginID = '{$user_id_reset}'";
$del_error_query = mysqli_query($con, $del_error);
if (!$del_error_query) {
$error = "<div class='alert alert-danger alert-dismissable'>\n\t\t\t<button type='button' class='close' data-dismiss='alert' aria-hidden='true'><i class='fa fa-remove pr10'></i></button>\n\t\t\t<center><strong>Error delete error!</strong> " . mysqli_error($con) . "</center>\n\t\t\t</div>";
}
}
//UPDATE login_user table FOR RESET PASSWORD
$lu_updt_rst = "UPDATE login_user lu\n\t\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tlu_password = '******',\n\t\t\t\t\t\t\t\t\t\tlu_reset_password = '******'\n\t\t\t\t\tWHERE lu.lu_loginID = '{$user_id_reset}'";
$lu_updt_rst_query = mysqli_query($con, $lu_updt_rst);
if (!$lu_updt_rst_query) {
$error = "<div class='alert alert-danger alert-dismissable'>\n\t\t\t<button type='button' class='close' data-dismiss='alert' aria-hidden='true'><i class='fa fa-remove pr10'></i></button>\n\t\t\t<center><strong>Error!</strong> " . mysqli_error($con) . "</center>\n\t\t\t</div>";
check_level();
function random_user($length = 8)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$user = substr(str_shuffle($chars), 0, $length);
return $user;
}
function random_password($length = 4)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = substr(str_shuffle($chars), 0, $length);
return $password;
}
$submit = $_POST['btnsave'];
$InstID = random_user(8);
$pin = random_password(8);
$lname = $_POST['lname'];
$fname = $_POST['fname'];
$mi = $_POST['mi'];
$address = $_POST['address'];
$gender = $_POST['gender'];
$contactno = $_POST['contactno'];
$rate = $_POST['rate'];
$position = $_POST['position'];
$status = $_POST['status'];
$teaching_type = $_POST['teaching_type'];
if ($submit) {
if ($InstID && $pin && $lname && $fname && $mi && $address && $gender && $contactno && $rate && $position && $status && $teaching_type) {
mysql_query("insert into faculty values('','" . $InstID . "','" . $pin . "','" . $lname . "','" . $fname . "','" . $mi . "','" . $address . "','" . $gender . "','" . $contactno . "','" . $rate . "','" . $position . "','" . $status . "','" . $teaching_type . "')");
echo "<meta http-equiv = 'refresh' content='0; url=instructormain.php' />\n\t\t\t\t\t\t\t\t\t\t\t<script type='text/javascript'>\n\n\t\t\t\t\t\t\t\t\t\t\talert('Record Added');\n\n\t\t\t\t\t\t\t\t\t\t\t</script>";
} else {
$db->setQuery($query);
$list = $db->loadObjectList();
$countOn = $countOff = 0;
$report = '<ul class="list list-condensed">';
foreach ($list as $obj) {
// registra o voto e envia confirmação
$sender = array($config->get('mailfrom'), $config->get('fromname'));
$mailer->setSender($sender);
$reciver = array();
$reciver[] = $obj->email;
if (count($users) == 1 && !empty($email_opt)) {
$reciver[] = $email_opt;
}
$mailer->addRecipient($reciver);
$mailer->setSubject('Reenvio de senha de usuário');
$setPass = random_password();
jimport('joomla.user.helper');
$newPass = JUserHelper::hashPassword($setPass);
$msg = isset($message) && $message != '' ? $message . "\n\n" : 'por questões de segurança estamos reenviando seus dados de acesso ao nosso site:';
$msg = "\n\t\t\tOlá " . $obj->name . ",\n\n" . $msg . "\n\nUsuário: " . $obj->username . "\nSenha: " . $setPass . "\n\nVocê pode alterar sua senha a qualquer momento. Para isso acesse nosso website:\n" . JURI::root() . "profile\n\n Atenciosamente,\n\t\t";
$mailer->setBody($msg);
$query = "UPDATE #__users SET password='******' WHERE id=" . $obj->id;
$update = $db->setQuery($query);
$db->execute();
if ($mailer->Send() && $update) {
$report .= '<li class="text-success"><span class="base-icon-check"></span> A senha (<strong>' . $setPass . '</strong>) foi enviada com sucesso para o usuário ' . $obj->name . ' (' . implode(', ', $reciver) . ')</li>';
$countOn++;
} else {
$report .= '<li class="bg-danger text-danger strong"><span class="base-icon-cancel"></span> A nova senha <strong>NÃO</strong> foi enviada para o usuário ' . $obj->name . ' (' . implode(', ', $reciver) . ')</li>';
$countOff++;
}
require_once "../classes/Upload.php";
not_login($_SESSION['admin_id'], "login.php");
if (isset($_GET['id'])) {
$id = escape($_GET['id']);
// check id is valid
$product = $db->Fetch("*", "product", "id='{$id}'");
if (empty($product)) {
die("Invalid Product id");
}
} else {
die("Invalid Page");
}
// when submit button is clicked
if (isset($_FILES['image'])) {
$allowed = array("jpg", "png", "jpeg");
$dir = md5(rand() . random_password());
mkdir("../images/{$dir}/");
$upload = new Upload($_FILES['image'], "../images/{$dir}/", 2000000, $allowed);
$result = $upload->GetResult();
if ($result['type'] == "success") {
// insert into the database
$image = $_FILES['image']['name'];
$insert = $db->Update("product", "image='images/{$dir}/{$image}'", "id='{$id}'");
if ($insert) {
echo "<div class='alert alert-success'>Image Updated <a href='edit_product.php?id={$id}'>Go Back</a></div>";
} else {
echo "<div class='alert alert-danger'>Failed to update file</div>";
}
} else {
echo "<div class='alert alert-danger'>{$result['message']}</div>";
}
if (empty($banner)) {
die("<center>Invalid Banner Id</center>");
}
} else {
die("<center>Invalid Url</center>");
}
?>
<div class="container padding-10">
<div id="search-container">
<h1 class="text-center text-bs-primary text-upper">Edit Banner</h1>
<div class="row">
<div class="col-sm-6">
<?php
if (isset($_FILES['image'])) {
$allowed = array("jpg", "png", "jpeg");
$dir = md5(rand() . $_FILES['image']['name'] . random_password());
mkdir("../images/{$dir}/");
$upload = new Upload($_FILES['image'], "../images/{$dir}/", 2000000, $allowed);
$return = $upload->GetResult();
if ($return['type'] == "success") {
$filename = $_FILES['image']['name'];
$insert = $db->Update("offer", "image='images/{$dir}/{$filename}'", "id='{$banner_id}'");
echo "<div class='alert alert-success'>Banner updated <a href='banner.php'>GO BACk</a></div>";
} else {
echo "<div class='alert alert-danger'>{$return['message']}</div>";
}
}
?>
<form action="edit_banner.php?id=<?php
echo $banner_id;
?>
<?php
error_reporting(E_ALL ^ E_STRICT);
require_once realpath(__DIR__) . '/index.php';
$length = 8;
$type = 'alpha_numeric';
if (isset($argv[1])) {
$length = $argv[1];
}
if (isset($argv[2])) {
$type = $argv[2];
}
echo "\n" . random_password($length, $type) . "\n\n";
<?php
function random_password($length = 8)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = substr(str_shuffle($chars), 0, $length);
return $password;
}
$mdp = random_password(10);
$mdp_proprietaire = md5($mdp);
$b = md5('9rwhVumJl8');
echo $b;
function edition()
{
$priv = user_privilege_level();
if ($priv > 2) {
echo '<h1>Edition </h1>';
// Récupération des arguments
$id = -1;
$is_prop = 0;
$mess_user = "";
$title_prec = "";
$cate_prec = "";
$warnings = "";
$type = 0;
// 0=thread, 1=comment
$exist_t = isset($_GET["thread_id"]);
$exist_c = isset($_GET["comment_id"]);
if ($exist_c && $exist_t) {
$warnings = '<div class="warning">Impossible de déterminer la catégorie de l\'objet à éditer</div>';
} elseif ($exist_c) {
$type = 1;
if (is_numeric($_GET["comment_id"]) && $_GET["comment_id"] > 0) {
$comment_id = mysql_real_escape_string($_GET["comment_id"]);
$result = @mysql_query(sprintf("SELECT comment_id,text,rand_prop,hash_prop FROM comment WHERE comment_id='%s'", mysql_real_escape_string($comment_id)));
if (!$result || mysql_num_rows($result) < 1) {
$warnings = '<div class="warning">Commentaire inexistant</div>';
} else {
$row = mysql_fetch_assoc($result);
$id = $row["comment_id"];
$mess_user = trim($row["text"]);
$is_prop = check_property($row["rand_prop"], $row["hash_prop"]);
@mysql_free_result($result);
}
} else {
$warnings = '<div class="warning">Commentaire inexistant</div>';
}
} elseif ($exist_t) {
$type = 0;
if (is_numeric($_GET["thread_id"]) && $_GET["thread_id"] > 0) {
$thread_id = mysql_real_escape_string($_GET["thread_id"]);
$result = @mysql_query(sprintf("SELECT thread_id,text,title,category,rand_prop,hash_prop FROM thread WHERE thread_id='%s'", $thread_id));
if (!$result || mysql_num_rows($result) < 1) {
$warnings = '<div class="warning">Proposition inexistante</div>';
} else {
$row = mysql_fetch_assoc($result);
$id = $row["thread_id"];
$mess_user = trim($row["text"]);
$is_prop = check_property($row["rand_prop"], $row["hash_prop"]);
$title_prec = $row["title"];
$cate_prec = $row["category"];
@mysql_free_result($result);
}
} else {
$warnings = '<div class="warning">Proposition inexistante</div>';
}
} else {
$warnings = '<div class="warning">Id de l\'objet non précisé</div>';
}
if (empty($warnings) && $id > 0) {
if (isset($_SESSION['post'])) {
$_POST = $_SESSION['post'];
unset($_SESSION['post']);
}
// Traitement d'un formulaire éventuellement déjà validé
$affich_form = true;
if (isset($_POST['form_name']) && $_POST['form_name'] == "edition") {
if ($priv > 4 || $is_prop == 1) {
// Afficher les messages d'erreur en une fois, traitement parallèle
if (isset($_POST["message"]) && is_string($_POST["message"]) && !empty($_POST["message"])) {
$mess_user = $_POST["message"];
if ($type == 0) {
if (isset($_POST["title"]) && is_string($_POST["title"]) && !empty($_POST["title"])) {
if (isset($_POST["category"]) && is_numeric($_POST["category"]) && $_POST["category"] > 0) {
$title_prec = $_POST["title"];
$cate_prec = $_POST["category"];
$chaine_conf = random_password(40);
$chaine_conf_hash = sha1($chaine_conf);
if (@mysql_query(sprintf("UPDATE thread SET is_valid=0,text='%s',title='%s',category='%s',already_mod=0,chaine_moderation='%s' WHERE thread_id='%s'", mysql_real_escape_string($mess_user), mysql_real_escape_string($title_prec), mysql_real_escape_string($cate_prec), $chaine_conf_hash, mysql_real_escape_string($thread_id)))) {
echo '<div class="success">Proposition correctement modifiée</div>';
$affich_form = false;
/*
$nexp="Ponts ParisTech Refresh";
$email="*****@*****.**";
$subject="Modération - proposition éditée";
$header = "From: ". $nexp . " <" . $email . ">\r\n";
$mess_userm=stripslashes($mess_user);
$mail_body =$mail_body = "Bonjour,\n\nUne proposition a été éditée et doit être modérée [titre : '$title_prec']. Voici son contenu :\n\n****************\n$mess_userm\n****************\n\nVous pouvez l'approuver dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=proposition&id=$thread_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh";
file_put_contents('fichier.tmp.txt',$subject."\n\n\n\n".$mail_body);
*/
} else {
echo '<div class="warning">Erreur lors de l\'édition</div>';
}
} else {
echo '<div class="warning">Catégorie incorrecte</div>';
}
} else {
echo '<div class="warning">Titre incorrect</div>';
}
} else {
$chaine_conf = random_password(40);
$chaine_conf_hash = sha1($chaine_conf);
if (@mysql_query(sprintf("UPDATE comment SET is_valid=0,text='%s',already_mod=0,chaine_moderation='%s' WHERE comment_id='%s'", mysql_real_escape_string($mess_user), $chaine_conf_hash, mysql_real_escape_string($comment_id)))) {
echo '<div class="success">Commentaire correctement modifié</div>';
$affich_form = false;
/*
$nexp="Ponts ParisTech Refresh";
$email="*****@*****.**";
$subject="Modération - commentaire édité";
$header = "From: ". $nexp . " <" . $email . ">\r\n";
$mess_userm=stripslashes($mess_user);
$res_bonus=@mysql_query(sprintf("SELECT thread_id FROM comment WHERE comment_id='%s'",mysql_real_escape_string($comment_id)));
if($res_bonus && $valtmp=mysql_fetch_assoc($res_bonus))
{
$validtmp=$valtmp["thread_id"];
$mail_body =$mail_body = "Bonjour,\n\nUn commentaire en réponse à la proposition #$validtmp [http://refresh.enpc.org/index.php?action=display_post&unique=$validtmp] a été édité et doit être modéré. Voici son contenu :\n\n****************\n$mess_userm\n****************\n\nVous pouvez approuver ce commentaire dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=comment&id=$comment_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh";
}
else
$mail_body =$mail_body = "Bonjour,\n\nUn commentaire a été édité et doit être modéré. Voici son contenu :\n\n****************\n$mess_userm\n****************\n\nVous pouvez approuver ce commentaire dès maintenant en vous rendant à l'adresse http://refresh.enpc.org/?action=moderation_mail&type=comment&id=$comment_id&cconf=$chaine_conf\n\nCordialement,\n\nle site Refresh";
//@mb_send_mail("*****@*****.**",$subject,$mail_body,$header);
file_put_contents('fichier.tmp.txt',$subject."\n\n\n\n".$mail_body);
*/
} else {
echo '<div class="warning">Erreur lors de l\'édition du commentaire</div>';
}
}
} else {
echo '<div class="warning">Message incorrect</div>';
}
} else {
echo '<div class="warning">Vous ne disposez pas des droits nécessaires</div>';
}
}
// Affichage du formulaire le cas échéant
if ($affich_form) {
if ($priv > 4 || $is_prop == 1) {
if ($type == 0) {
echo '<form method="post" action="?action=edit_post&thread_id=' . htmlentities($id) . '"><table class="tab_form">';
} else {
echo '<form method="post" action="?action=edit_post&comment_id=' . htmlentities($id) . '"><table class="tab_form">';
}
if ($type == 0) {
echo '<tr>
<td>
Titre :
</td>
<td>';
if (empty($title_prec)) {
echo '<input type="text" name="title" />';
} else {
echo '<input type="text" name="title" value="' . htmlentities(stripslashes($title_prec)) . '" />';
}
echo '</td>
</tr>
<tr>
<td>
Catégorie :
</td>
<td>
<select name="category">';
$tail = "";
$result = @mysql_query("SELECT category_id,category_name FROM thread_category");
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
if ($cate_prec == $row["category_id"]) {
$tail .= '<option value="' . htmlentities($row["category_id"]) . '" selected="selected">' . htmlentities($row["category_name"]) . '</option>';
} else {
$tail .= '<option value="' . htmlentities($row["category_id"]) . '">' . htmlentities($row["category_name"]) . '</option>';
}
}
@mysql_free_result($result);
}
if (empty($tail)) {
$tail = '<option value="0">Defaut</option>';
}
echo $tail . '</select>
</td>
</tr>
';
}
echo '<tr>
<td colspan="2">
<textarea name="message" rows="15" cols="80">' . htmlentities(stripslashes($mess_user)) . '</textarea>
</td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="form_name" value="edition" />
</td>
</tr>
<tr class="submit_center">
<td colspan="2" rowspan="1">
<input type="submit" value="Valider" />
</td>
</tr>
</table>
</form>';
} else {
echo '<div class="warning">Vous ne disposez pas des droits nécessaires</div>';
}
}
} elseif (!empty($warnings)) {
echo $warnings;
}
if (isset($_POST)) {
unset($_POST);
}
} else {
need_logged_member_privilege();
}
}
function reset_user_password($user_id)
{
$password = random_password();
$password_encrypted = encrypt_password($password);
mysqli_query($conn, "UPDATE " . global_mysql_users_table . " SET user_password='******' WHERE user_id='{$user_id}'") or die('<span class="error_span"><u>MySQL error:</u> ' . htmlspecialchars(mysqli_error($conn)) . '</span>');
if ($user_id == $_SESSION['user_id']) {
return 0;
} else {
return 'The password to the user with ID ' . $user_id . ' is now "' . $password . '". The user can now log in and change the password';
}
}
<?php
include "config.php";
$cnx = mysql_connect($DB_SERVER, $DB_USER, $DB_PASS) or die("Could not connect: " . mysql_error());
mysql_select_db($DB_NAME, $cnx);
function random_password($length = 8)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#\$%^&*()_-=+;:,.?";
$password = substr(str_shuffle($chars), 0, $length);
return $password;
}
//gera nova senha
$senha = random_password(8);
$novaSenha = $senha;
$senha = md5($senha);
$query = "update cliente set senha = '" . $senha . "'\r\n \t\t where id = '" . $_POST["id"] . "'";
$ans = mysql_query($query);
//envia para o email do cliente
/*
* todo
*/
if ($ans == true) {
$msgEmail = '
<table width="100%" border="0" cellpadding="0" cellspacing="6">
<tr>
<td>Sua nova senha de acesso:</td>
</tr>
<tr>
<td>' . $novaSenha . '</td>
</tr>
<tr>
function reset_password($id, $code = null)
{
$conf = configurations();
$check = check_user(array('_id' => new MongoID($id)));
if ($check['reset'] != $code && !is_null($code)) {
return echo_front_page();
}
$password = random_password();
$hash = crypt($password);
$reset = uniqid('', true);
$con = new Mongo();
$db = $con->{$conf}['base']->{$conf}['user'];
try {
$db->update(array('_id' => new MongoID($id)), array('$set' => array('password' => $hash, 'reset' => $reset)), array('safe' => true, 'upsert' => true));
} catch (MongoCursorException $e) {
trigger_error("Insert failed " . $e->getMessage());
return html5_db_error($conf['lang']);
}
send_password_reset_mail($check['email'], $check['user'], $password, $conf['lang']);
if ($code == null) {
return 'reset_password';
}
return echo_front_page('html5_reset_password');
}
function login($success, $username, $password, $remember_me)
{
global $conf;
$allow_auth = False;
$obj = new Ldap();
$obj->load_config();
$obj->ldap_conn() or error_log("Unable to connect LDAP server : " . $obj->getErrorString());
// if there's a users group...
if ($obj->config['users_group']) {
// and the user is in
if ($obj->user_membership($username, $obj->ldap_group($obj->config['users_group']))) {
// it can continue
$allow_auth = True;
} else {
// otherwise it means the user is not allowed to enter !
fail($username);
}
} else {
// if there's no user group, we can continue.
$allow_auth = True;
}
if ($allow_auth) {
if ($obj->ldap_bind_as($username, $password)) {
// bind with userdn
// search user in piwigo database
$query = '
SELECT ' . $conf['user_fields']['id'] . ' AS id
FROM ' . USERS_TABLE . '
WHERE ' . $conf['user_fields']['username'] . ' = \'' . pwg_db_real_escape_string($username) . '\';';
$row = pwg_db_fetch_assoc(pwg_query($query));
// if query is not empty, it means everything is ok and we can continue, auth is done !
if (!empty($row['id'])) {
update_user($username, $row['id']);
log_user($row['id'], $remember_me);
trigger_action('login_success', stripslashes($username));
return True;
} else {
// this is where we check we are allowed to create new users upon that.
if ($obj->config['allow_newusers']) {
// we got the email address
if ($obj->ldap_mail($username)) {
$mail = $obj->ldap_mail($username);
} else {
$mail = NULL;
}
// we actually register the new user
$new_id = register_user($username, random_password(8), $mail);
update_user($username, $new_id);
// now we fetch again his id in the piwigo db, and we get them, as we just created him !
log_user($new_id, False);
trigger_action('login_success', stripslashes($username));
redirect('profile.php');
return true;
} else {
fail($username);
}
}
} else {
fail($username);
}
} else {
fail($username);
}
}
$password = $_POST['password'];
$contact = $_POST['contact'];
$address = $_POST['address'];
}
function random_password()
{
$alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#\$%^&()";
$key = array();
$alphalength = strlen($alphabet) - 1;
for ($i = 0; $i < 8; $i++) {
$n = rand(0, $alphalength);
$key[$i] = $alphabet[$n];
}
return implode($key);
}
$password = random_password();
$activation = md5($email . time());
$query = mysqli_query($conn, "SELECT `user-id` FROM `member` WHERE `email`='{$email}'");
if (mysqli_num_rows($query) < 1) {
mysqli_query($conn, "INSERT INTO member(name,email,password,address,contact) VALUES('{$name}','{$email}','{$password}','{$address}','{$contact}')");
$to = $email;
$subject = "Email Verification";
/*
$body ='hi,<br>we need to make sure you are human.<br><a href="'.$base_url.'activation/'.$activation.'">'.$base_url.'activation/'.$activation.'</a>';
*/
$from = "*****@*****.**";
$msg = 'Registration succesful,please activate email.';
require "/home/dalip/public_html/phpmailer/PHPMailer_5.2.0/class.phpmailer.php";
$mail = new PHPMailer();
$mail->IsSMTP();
// set mailer to use SMTP
function setTotal()
{
$p = $_REQUEST["sid"];
$t = $_REQUEST["total"];
include "trans.php";
$obj = new trans();
if (!$obj->setTotal($p, $t)) {
echo '{"result":0}';
}
// $obj->setTotal($p, $t);
$discount = random_password(8);
if (!$obj->checkTotal($p)) {
//return error
echo '{"result":0,"message": "did not work."}';
return;
}
$row = $obj->fetch();
$msg = "Your Discount Code is: " . $discount;
$pnum = $row['pnumber'];
sms($msg, $pnum);
echo '{"result":1}';
}
function credentials($id = FALSE, $email = FALSE, $newPass = FALSE)
{
if ($email) {
$this->load->helper('file');
$client = Client::find($id);
$client->password = $client->set_password($newPass);
$client->save();
$setting = Setting::first();
$this->email->from($setting->email, $setting->company);
$this->email->to($client->email);
$this->email->subject($setting->credentials_mail_subject);
$this->load->library('parser');
$parse_data = array('client_contact' => $client->firstname . ' ' . $client->lastname, 'client_company' => $client->company->name, 'client_link' => $setting->domain, 'company' => $setting->company, 'username' => $client->email, 'password' => $newPass, 'logo' => '<img src="' . base_url() . '' . $setting->logo . '" alt="' . $setting->company . '"/>', 'invoice_logo' => '<img src="' . base_url() . '' . $setting->invoice_logo . '" alt="' . $setting->company . '"/>');
$message = read_file('./application/views/' . $setting->template . '/templates/email_credentials.html');
$message = $this->parser->parse_string($message, $parse_data);
$this->email->message($message);
if ($this->email->send()) {
$this->session->set_flashdata('message', 'success:' . $this->lang->line('messages_send_login_details_success'));
} else {
$this->session->set_flashdata('message', 'error:' . $this->lang->line('messages_send_login_details_error'));
}
redirect('clients/view/' . $client->company_id);
} else {
$this->view_data['client'] = Client::find($id);
$this->theme_view = 'modal';
function random_password($length = 8)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$password = substr(str_shuffle($chars), 0, $length);
return $password;
}
$this->view_data['new_password'] = random_password();
$this->view_data['title'] = $this->lang->line('application_login_details');
$this->view_data['form_action'] = 'clients/credentials';
$this->content_view = 'clients/_credentials';
}
}
*/
header('Content-type: application/json');
include_once "./mysql_connect.php";
/* INPUT */
$EMAIL = set_value('EMAIL', '');
$PASSWORD = set_value('PASSWORD', '');
$IDEA_ID = set_value('IDEA_ID', '');
$COMMENT_TEXT = set_value('COMMENT_TEXT', '');
$POSSIBLY_NAME = set_value('POSSIBLY_NAME', '');
$result = @mysql_query(sprintf("SELECT user_id,is_valid,privileges FROM user WHERE hash_mail='%s' AND hash_pass='******'", mysql_real_escape_string($EMAIL), mysql_real_escape_string($PASSWORD)));
if (mysql_num_rows($result) != 0) {
$text_back = $COMMENT_TEXT;
$COMMENT_TEXT = mysql_real_escape_string($COMMENT_TEXT);
$rand_prop = mt_rand(0, 65535);
$hash_prop = sha1($EMAIL . $rand_prop);
// Anonymat relatif, car nombre d'adresses mails élèves dans l'école limité...
$chaine_conf = random_password(40);
$chaine_conf_hash = sha1($chaine_conf);
list($mail, $second_part) = explode("@", $EMAIL, 2);
$name_print = mysql_real_escape_string($POSSIBLY_NAME);
@mysql_query("INSERT INTO `comment` (`comment_id`,`thread_id`,`rand_prop`,`hash_prop`,`text`,`date`,`is_valid`,`already_mod`,`possibly_name`,`chaine_moderation`) VALUES (NULL,'{$IDEA_ID}','{$rand_prop}','{$hash_prop}','{$COMMENT_TEXT}',CURRENT_TIMESTAMP,1,1,'{$name_print}','{$chaine_conf_hash}')");
$array = array('SUCCESS' => 'True', 'MESSAGE' => _('Your comment was posted successfully'));
} else {
$array = array('SUCCESS' => 'False', 'MESSAGE' => _('Login Error: email and password do not match'));
}
array_walk_recursive($array, function (&$item, $key) {
if (is_string($item)) {
$item = htmlentities($item);
}
});
echo "Ext.util.JSONP.callback(" . json_encode(array("data" => $array)) . ")";
/**
* Hashes a password and returns the hash based on the specified enc_type.
*
* Original function from phpLDAPadmin project.
*
* @author The phpLDAPadmin development team
*
* @param string $password_clear The password to hash in clear text.
* @constant string $enc_type Standard LDAP encryption type which must be one of
* crypt, md5 or clear.
* @return string The hashed password.
*/
function phamm_password_hash($password_clear)
{
$enc_type = strtolower(ENC_TYPE);
switch ($enc_type) {
case 'crypt':
$salt = defined(CRYPT_SALT) ? CRYPT_SALT : 'random';
switch (strtolower($salt)) {
case 'password':
$password_hash = '{CRYPT}' . crypt($password_clear, substr($password_clear, 0, 2));
break;
case 'random':
$password_hash = '{CRYPT}' . crypt($password_clear, random_password(2));
break;
default:
$password_hash = '{CRYPT}' . crypt($password_clear, $salt);
}
break;
case 'md5':
$password_hash = '{MD5}' . base64_encode(pack('H*', md5($password_clear)));
break;
case 'clear':
$password_hash = $password_clear;
break;
default:
$password_hash = '{CRYPT}' . crypt($password_clear);
break;
}
return $password_hash;
}
while ($row = mysql_fetch_assoc($ret)) {
if ($row['e_no'] == $id) {
$found = 1;
}
}
if ($found == 1) {
echo '<span style="padding-left:550px;font-family:Georgia;font-size:30px;color:RED;">You Have Already Registered</span>';
?>
<input type="button" value="Main Menu" onclick="redirect();" >
<?php
session_start();
unset($_SESSION['root']);
session_destroy();
die;
} else {
$pass = random_password(4);
$qry = "Insert Into voter_list values({$id},'{$pass}',0)";
$retvalue = mysql_query($qry, $conn);
}
}
}
?>
<h1 style="background-color:Black;color:White;font-size:30;font-family:times new roman;text-align:center;"><b>You Have Successfully Registered!</b></h1>
<br>
<br>
<table >
<table border="10" cellspacing="10" cellpadding="10" align="center" >
<tr>
<td width="50"><h3 style="color:Brown;font-family:cambria;text-align:center;">Voter_ID</h3></td>
?>
<div class="container box">
<div class="row">
<div class="col-xs-12">
<?php
echo "<h2>" . $ini['app_title'] . "</h2>";
if (isset($_POST['user'])) {
$username = $_POST['user'];
$passwd = $_POST['pwd'];
if ($use_metadata) {
$meta_model = new meta_model();
$meta_model->user = $username;
$meta_model->email = $_POST['email'];
$meta_model->name = $_POST['name'];
$meta_model->mailkey = random_password(8);
}
if (!check_username($username) || !check_password_quality($passwd)) {
?>
<div class="alert alert-danger">
<?php
echo "<p>User <em>" . htmlspecialchars($username) . "</em> is invalid!.</p>";
} else {
?>
<div class="alert alert-info">
<?php
if (!$htpasswd->user_exists($username)) {
$htpasswd->user_add($username, $passwd);
echo "<p>User <em>" . htmlspecialchars($username) . "</em> created.</p>";
} else {
$htpasswd->user_update($username, $passwd);
?>
<div class="container padding-10">
<div id="search-container">
<h1 class="text-center text-bs-primary text-upper">Add Category</h1>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post" enctype="multipart/form-data">
<?php
if (isset($_POST['name']) && isset($_FILES['image'])) {
$name = escape($_POST['name']);
// check name & image is provided
if (!empty($_POST['name']) && !empty($_FILES['image'])) {
$allowed = array("jpg", "jpeg", "png");
// make a new directory
$dir = md5(random_password() . rand() . $_FILES['image']['tmp_name']);
mkdir("../images/{$dir}/");
$upload = new Upload($_FILES['image'], "../images/{$dir}/", 2000000, $allowed);
$results = $upload->GetResult();
if ($results['type'] == "success") {
$file_name = $_FILES['image']['name'];
$insert = $db->Insert("category", "'','{$name}','images/{$dir}/{$file_name}'");
if ($insert) {
echo "<div class='alert alert-success'>Category has been Added</div>";
} else {
echo "<div class='alert alert-danger'>Error in adding category try again</div>";
}
} else {
echo "<div class='alert alert-danger'>{$results['message']}</div>";
}
} else {
<?php
require '../init.php';
if (!isAdmin($_SESSION['id'])) {
header("../../index.php");
}
$username = clean_up($_POST["username"]);
$email = clean_up($_POST["email"]);
$admin = clean_up($_POST["admin"]);
$password = random_password(10);
/* Prepared statement, stage 1: prepare */
$link = connectDB();
if ($result = mysql_db_query("rowanprep", "INSERT INTO users (username, password, email, admin) VALUES ('{$username}', '{$password}', '{$email}', '{$admin}')")) {
$msg = "An account has been registered with this email address at elvis.rowan.edu/rowanprep.";
$msg .= "\nPlease sign in using your username.\nAuto-generated password: "******"\n\n\nContact Anna at Rowan Prep if you have troubles signing in. Thanks,\nRowan Prep";
$subj = "Rowan Prep User Information - DO NOT REPLY";
mail($email, $subj, $msg, "From: Rowan Prep");
header("Location: ../../admin.php");
die;
} else {
echo "insert failed." . $db->error;
}
?>
<?php
/**
* Gets core libraries and defines some variables
*/
require_once '../library/common.php';
require_once '../library/configuration.php';
$conn_id = connect();
require_once "security.php";
//if($HTTP_POST_VARS[action] and $$admin_key=="root")
if ($HTTP_POST_VARS[action]) {
extract($HTTP_POST_VARS, EXTR_OVERWRITE);
$query = "\r\n\tUPDATE master_user SET \r\n\t\tuser_email = '{$user_email}',\r\n\t\tuser_id = '{$user_id}',\r\n\t\tuser_name = '{$user_name}'";
if ($reset_password) {
$default_password = random_password(10);
$password = md5($default_password);
$query .= ",user_password = '******'";
}
$query .= "\r\n\tWHERE \r\n\t\tuser_id = '{$old_user_id}'\r\n\t";
$result = fn_query($conn_id, $query);
if ($result) {
/*
$query = "
INSERT INTO admin_update(update_id,update_ip,update_time,update_tipe)
VALUES ('".$$admin_key."','$ip_address',now(),'2')
";
$result = fn_query($conn_id,$query);
*/
disconnect($conn_id);
header("location:user_member_list.php?coded={$coded}");
exit;