private function onRegister() { $form = $this->getForm(); $errorsA = $errorsB = ''; if (false !== ($errorsA = $form->validate($this->module)) || false !== ($errorsB = $this->onRegisterB())) { return $errorsA . $errorsB . $this->templateForm(); } $username = Common::getPost('username'); $password = Common::getPost('password'); $email = Common::getPost('email'); $birthdate = sprintf('%04d%02d%02d', Common::getPost('birthdatey'), Common::getPost('birthdatem'), Common::getPost('birthdated')); $default_country = $this->module->cfgDetectCountry() ? GWF_IP2Country::detectCountryID() : 0; $countryid = $form->getVar('countryid', $default_country); require_once GWF_CORE_PATH . 'module/Register/GWF_UserActivation.php'; $token = GWF_UserActivation::generateToken(); $ua = new GWF_UserActivation(array('username' => $username, 'email' => $email, 'token' => $token, 'birthdate' => $birthdate, 'countryid' => $countryid, 'password' => GWF_Password::hashPasswordS($password), 'timestamp' => time(), 'ip' => GWF_IP6::getIP(GWF_IP_EXACT))); if (false === $ua->insert()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateForm(); } if ($this->module->wantEmailActivation()) { return $this->sendEmail($username, $email, $token, $password); } else { GWF_Website::redirect(GWF_WEB_ROOT . 'quick_activate/' . $token); } return $this->module->message('msg_registered'); }
private static function insert_bot($botname) { $user = new GWF_User(array('user_id' => 0, 'user_options' => GWF_User::BOT | GWF_User::WEBSPIDER, 'user_name' => $botname, 'user_password' => GWF_Password::hashPasswordS('webspider'), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT, '127.0.0.1'), 'user_email' => '', 'user_gender' => 'no_gender', 'user_lastlogin' => 0, 'user_lastactivity' => 0, 'user_birthdate' => '00000000', 'user_avatar_v' => 0, 'user_countryid' => 0, 'user_langid' => 0, 'user_langid2' => 0, 'user_level' => 0, 'user_title' => '', 'user_settings' => NULL, 'user_data' => NULL, 'user_credits' => 0.0)); if (false === $user->insert()) { return false; } echo "Inserted new Bot: {$botname}<br/>"; return $user; }
private function onCrossRegister($username) { $options = 0; $password = GWF_Random::randomKey(); $user = new GWF_User(array('user_id' => 0, 'user_options' => $options, 'user_name' => $username, 'user_password' => GWF_Password::hashPasswordS($password), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT), 'user_email' => '', 'user_gender' => 'no_gender', 'user_lastlogin' => time(), 'user_lastactivity' => time(), 'user_birthdate' => '00000000', 'user_avatar_v' => 0, 'user_countryid' => 0, 'user_langid' => 1, 'user_langid2' => 0, 'user_level' => 0, 'user_title' => '', 'user_settings' => '', 'user_data' => '', 'user_credits' => '0.00')); if (false === $user->insert()) { return false; } return true; }
public static function convert(GWF_User $user, $password) { if (false === ($row = self::table(__CLASS__)->getRow($user->getID()))) { return true; } $oldHash = self::oldHash($password); if ($oldHash !== $row->getVar('pmap_password')) { return GWF_Module::getModule('WeChall')->error('err_password'); } $row->delete(); $user->saveVar('user_password', GWF_Password::hashPasswordS($password)); return true; }
public function onSetup() { $form = $this->getFormSetup(); if (false !== ($error = $form->validate($this->module))) { return $error . $this->templatePrompt(); } $plain = $newpass = $form->getVar('new_pass'); if ($newpass !== '') { $newpass = GWF_Password::hashPasswordS($newpass); } $this->module->cfgSaveSuperhash($newpass); $key = $newpass === '' ? 'msg_pass_cleared' : 'msg_pass_set'; return $this->module->message($key, array($plain)); }
private function onChangePass(GWF_AccountChange $ac) { $form = $this->getForm(); if (false !== ($errors = $form->validate($this->module))) { return $errors . $this->templateChange($ac); } $user = $ac->getUser(); $password = $form->getVar('password'); GWF_Hook::call(GWF_Hook::CHANGE_PASSWD, $user, array($password, '')); $ac->delete(); if (false === $user->saveVar('user_password', GWF_Password::hashPasswordS($password))) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } return $this->module->message('msg_pass_changed'); }
private function displayLogin() { if (GWF_Session::isLoggedIn()) { return ''; } $formhash = '_username_password_bind_ip'; $formhash = GWF_Password::getToken($formhash); $username = $this->module->lang('th_user_name'); $password = $this->module->lang('th_password'); $bind_ip = $this->module->lang('th_bind_ip'); $register = $this->module->lang('menu_register'); $forgot = $this->module->lang('btn_forgot_pw'); $login = $this->module->lang('btn_login'); $box = '<form action="' . GWF_WEB_ROOT . 'login" method="post" id="wc_toplogin">' . PHP_EOL . '<div><img src="' . GWF_WEB_ROOT . 'tpl/wc4/img/icon_user.gif" title="' . $username . '" alt="' . $username . ':" /> <input type="text" name="username" value="" /></div>' . PHP_EOL . '<div><img src="' . GWF_WEB_ROOT . 'tpl/wc4/img/icon_pass.gif" title="' . $password . '" alt="' . $password . ':" /> <input type="password" name="password" value="" /></div>' . PHP_EOL . '<div class="le">' . $bind_ip . ' <input type="checkbox" name="bind_ip" checked="checked" /></div>' . PHP_EOL . '<div class="le"><input type="submit" name="login" value="' . $login . '" /></div>' . PHP_EOL . '<div><a href="' . GWF_WEB_ROOT . 'register">' . $register . '</a> <a href="' . GWF_WEB_ROOT . 'recovery">' . $forgot . '</a></div>' . PHP_EOL . '</form>' . PHP_EOL; // '</div>'.PHP_EOL; return $this->sidebox($this->module->lang('ft_signup') . $this->getHideButton(), $box); }
public function onLogin($doValidate = true) { require_once GWF_CORE_PATH . 'module/Login/GWF_LoginFailure.php'; $isAjax = isset($_GET['ajax']); $form = $this->getForm(); if ($doValidate) { if (false !== ($errors = $form->validate($this->module, $isAjax))) { if ($isAjax) { return $errors; } else { return $errors . $this->form(); } } } $username = Common::getPostString('username'); $password = Common::getPostString('password'); $users = GDO::table('GWF_User'); if (false === ($user = $users->selectFirstObject('*', sprintf('user_name=\'%s\' AND user_options&%d=0', $users->escape($username), GWF_User::DELETED)))) { if ($isAjax) { return $this->module->error('err_login'); } else { return $this->module->error('err_login') . $this->form(); } } elseif (true !== ($error = $this->checkBruteforce($user, $isAjax))) { if ($isAjax) { return $error; } else { return $error . $this->form(); } } elseif (false === GWF_Hook::call(GWF_HOOK::LOGIN_PRE, $user, array($password, ''))) { return ''; #GWF_HTML::err('ERR_GENERAL', array( __FILE__, __LINE__)); } elseif (false === GWF_Password::checkPasswordS($password, $user->getVar('user_password'))) { if ($isAjax) { return $this->onLoginFailed($user, $isAjax); } else { return $this->onLoginFailed($user, $isAjax) . $this->form(); } } GWF_Password::clearMemory('password'); return $this->onLoggedIn($user, $isAjax); }
private static function fixWeChallUser(Module_WeChall $module) { if (false === ($user = GWF_User::getByName('WeChall'))) { $user = new GWF_User(array('user_name' => 'WeChall', 'user_email' => '*****@*****.**', 'user_password' => GWF_Password::hashPasswordS('wechallbot'), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT, '127.0.0.1'), 'user_lastactivity' => time(), 'user_options' => GWF_User::BOT)); if (false === $user->insert()) { echo GWF_HTML::error('WeChall Install', 'Can not find user WeChall'); $uid = 0; } else { $uid = $user->getID(); } } else { $uid = $user->getID(); } if (false === $module->saveModuleVar('wc_uid', $uid)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return ''; }
require 'key2.key'; $key2 = ob_get_contents(); ob_end_clean(); chdir("../../../"); require_once "challenge/html_head.php"; $title = '2013 New Years Special'; html_head("Install: {$title}"); if (!GWF_User::isAdminS()) { return htmlSendToLogin("Better be admin !"); } $solution = false; $score = 4; $url = "challenge/quangntenemy/2013NYS/index.php"; $creators = "quangntenemy"; $tags = 'Special,Crypto'; WC_Challenge::installChallenge($title, $solution, $score, $url, $creators, $tags, true, WC_Challenge::CHALL_CASE_I); if (!($user = GWF_User::getByName('Rudolph2013'))) { $user = new GWF_User(array('user_id' => '0', 'user_options' => GWF_User::BOT | GWF_User::MAIL_APPROVED | GWF_User::EMAIL_GPG, 'user_name' => 'Rudolph2013', 'user_password' => GWF_Password::hashPasswordS('quangster'), 'user_regdate' => GWF_Time::getDate(), 'user_email' => '*****@*****.**')); $user->insert(); } else { $user->saveOption(GWF_User::EMAIL_GPG, true); } GWF_PublicKey::updateKey($user->getID(), $key1); if (!($user = GWF_User::getByName('Silvester2013'))) { $user = new GWF_User(array('user_id' => '0', 'user_options' => GWF_User::BOT | GWF_User::MAIL_APPROVED | GWF_User::EMAIL_GPG, 'user_name' => 'Silvester2013', 'user_password' => GWF_Password::hashPasswordS('quangster'), 'user_regdate' => GWF_Time::getDate(), 'user_email' => '*****@*****.**')); $user->insert(); } else { $user->saveOption(GWF_User::EMAIL_GPG, true); } GWF_PublicKey::updateKey($user->getID(), $key2); require_once "challenge/html_foot.php";
public static function displayHeaderLoginBROKEN(Module_WeChall $module) { if (GWF_User::isLoggedIn() || !GWF_Session::haveCookies()) { return ''; } if (false === ($mod_login = GWF_Module::loadModuleDB('Login', false, true))) { return ''; } $formhash = GWF_Password::getToken('_username_password_bind_ip_login'); return '<form action="' . GWF_WEB_ROOT . 'login" method="post" id="wc_toplogin">' . '<div>' . GWF_CSRF::hiddenForm($formhash) . '</div>' . '<div>' . $mod_login->lang('th_username') . ' <input type="text" name="username" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_password') . ' <input type="password" name="password" value="" />' . '</div>' . '<div>' . $mod_login->lang('th_bind_ip') . ' <input type="checkbox" name="bind_ip" checked="checked" />' . '<input type="submit" name="login" value="' . $mod_login->lang('btn_login') . '" />' . '</div>' . '</form>'; }
private function onEditPassword($newpass) { $user = $this->user; if ($newpass === '') { return array(); } unset($_POST['password']); if (false === $user->saveVar('user_password', GWF_Password::hashPasswordS($newpass))) { GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__), true, true); return array(); } GWF_Hook::call(GWF_Hook::CHANGE_PASSWD, $user, array($newpass, '')); return array($this->module->lang('msg_userpass_changed', array($user->displayUsername(), GWF_HTML::display($newpass)))); }
public function validate_check_pass(Module_Admin $module, $arg) { return GWF_Password::checkPasswordS($arg, $this->module->cfgSuperHash()) ? false : $this->module->lang('err_check_pass'); }
####conf retryout,u,l,i,7 $lang = array('en' => array('help' => 'Usage: %CMD% <password>. Logs you in. ', 'already' => 'You are already logged in, maybe by NickServ?', 'not_reg' => 'You are not registered. Try %T%register <password> in private first.', 'paswrng' => 'Your password is wrong. This incident is beeing reported.', 'wait' => 'Please wait %s and try again.', 'logedin' => 'Welcome back! You are now logged in.', 'conf_retryout' => 'Specifies the timeout between two consecutive login attempts.'), 'de' => array('help' => 'Nutze: %CMD% <passwort>. Authentifiziert Dich mit %BOT%.', 'already' => 'Du bist bereits eingeloggt, eventuell durch NickServ?', 'not_reg' => 'Du hast Dich noch nicht registriert. Nutze %T%register <passwort> im query mit %BOT%.', 'paswrng' => 'Falsches Passwort. Davon wird der Weihnachtsmann erfahren!', 'wait' => 'Bitte warte %s und versuche es noch einmal.', 'logedin' => 'Willkommen zurück! Du bist nun authentifiziert.', 'conf_retryout' => 'Die Zeit zwischen zwei Login versuchen.')); $plugin = Dog::getPlugin(); $user = Dog::getUser(); $argv = $plugin->argv(); $wait = $plugin->getConf('retryout'); $uid = $user->getID(); $t = microtime(true); # Attmepts global $DOG_RLOGIN_ATTEMPTS; if (!isset($DOG_RLOGIN_ATTEMPTS)) { $DOG_RLOGIN_ATTEMPTS = array(); } # TODO: Cleanup attempts. if (count($argv) !== 1) { $plugin->showHelp(); } elseif ($user->isLoggedIn()) { $plugin->rply('already'); } elseif (!$user->isRegistered()) { $plugin->rply('not_reg'); } elseif (isset($DOG_RLOGIN_ATTEMPTS[$uid]) && $DOG_RLOGIN_ATTEMPTS[$uid] > $t - $wait) { $duration = round($wait - ($t - $DOG_RLOGIN_ATTEMPTS[$uid]) + 0.5); $plugin->rply('wait', array(GWF_Time::humanDuration($duration))); } elseif (!GWF_Password::checkPasswordS($argv[0], $user->getPass())) { $DOG_RLOGIN_ATTEMPTS[$uid] = $t; $plugin->rply('paswrng'); } else { $user->setLoggedIn(); $plugin->rply('logedin'); }
public function getToken() { return GWF_Password::getToken($this->getVar('post_date') . $this->getVar('post_title')); }
public static function createAdmin($username, $password, $email, &$output) { if (false === ($user = GWF_User::getByName($username))) { $user = new GWF_User(array('user_name' => $username, 'user_email' => $email, 'user_password' => GWF_Password::hashPasswordS($password), 'user_regdate' => GWF_Time::getDate(GWF_Date::LEN_SECOND), 'user_regip' => GWF_IP6::getIP(GWF_IP_EXACT), 'user_lastactivity' => time())); if (false === $user->insert()) { return false; } } $userid = $user->getID(); if (false === GWF_UserGroup::addToGroup($userid, GWF_Group::getByName(GWF_Group::ADMIN)->getID())) { return false; } if (false === GWF_UserGroup::addToGroup($userid, GWF_Group::getByName(GWF_Group::STAFF)->getID())) { return false; } $output .= GWF_HTML::message('Install Wizard', sprintf('Added new admin user: %s - Password: [censored]', $username)); return true; }
public function getToken() { return GWF_Password::getToken($this->getVar('thread_title') . $this->getVar('thread_lastdate')); }
$user = Dog::getUser(); $plugin = Dog::getPlugin(); $argv = $plugin->argv(); $argc = count($argv); $plen = $plugin->getConf('passlen'); if ($argc === 0) { $plugin->showHelp(); } elseif ($argc === 1) { if ($user->isRegistered()) { return $plugin->rply('already'); } elseif (strlen($argv[0]) < $plen) { $plugin->rply('pasweak', array($plen)); } else { $user->saveVar('user_pass', GWF_Password::hashPasswordS($plugin->argv(0))); // Dog_ModuleGWF::executeHook('register', $user); $user->setLoggedIn(); return $plugin->rply('success'); } } elseif ($argc === 2) { if (!GWF_Password::checkPasswordS($argv[0], $user->getPass())) { return $plugin->rply('failed'); } elseif (strlen($argv[1]) < $plen) { $plugin->rply('pasweak', array($plen)); } else { $user->saveVar('user_pass', GWF_Password::hashPasswordS($argv[1])); $user->setLoggedIn(); return $plugin->rply('changed'); } } else { $plugin->showHelp(); }
private function onLogin(IWebSocketConnection $user, $message) { $data = explode(' ', $message); if (count($data) !== 3) { return false; } $ename = GDO::escape($data[1]); $table = GDO::table('Dog_User'); if (false === ($dog_user = $table->selectFirstObject('*', "user_name='{$ename}'"))) { $this->sendToUser($user->getId(), 'XLIN2,Unknown username!'); return false; } if (false === GWF_Password::checkPasswordS($data[2], $dog_user->getVar('user_pass'))) { $this->sendToUser($user->getId(), 'XLIN3,Wrong password!'); return false; } $this->sendToUser($user->getId(), 'XLIN1'); $this->users[$user->getId()] = $dog_user; $this->addToQueue($user, $dog_user, 'PRIVMSG Dog :.login ' . $data[2]); return true; }
public static function hash($string) { return substr(GWF_Password::md5($string), 0, 16) . substr(GWF_Password::hashSHA1($string), 0, 16) . substr(GWF_Password::hashCRC32($string), 0, 8); }
public function getLinkToken($userid, $onsitename) { return GWF_Password::md5(GWF_SECRET_SALT . $this->getAuthKey() . $userid . $this->getID() . $onsitename . GWF_SECRET_SALT); }