/**
  * Set data for this member
  * 
  * @param string  $key  Key to set
  * @param mixed  $value  Value to set
  * @return void
  */
 public function set($key, $value)
 {
     // manage special exceptions
     if ($key == '_uid') {
         // cannot be set this way
         return;
     } elseif ($key == 'name' || $key == 'username') {
         // set the name to the name field, not in data
         $this->username = $value;
     } elseif ($key == 'password') {
         // create a hash out of the password
         $this->data['password'] = '';
         $this->data['password_hash'] = Password::hash($value);
     } elseif ($key == 'biography' || $key == 'biography_raw') {
         // setting the bio
         $this->data['biography_raw'] = $value;
         $this->data['biography'] = Content::transform($value);
     } elseif ($key == 'roles') {
         // setting roles
         if (is_string($value)) {
             $this->data[$key] = explode(',', $value);
         } elseif (is_array($value)) {
             $this->data[$key] = $value;
         }
     } else {
         // standard stuff, store a value
         $this->data[$key] = $value;
     }
 }
Exemplo n.º 2
0
 public function setPasswordField($data, $value)
 {
     $pwd = new Password();
     if ($value == $data->get(self::PASSWORD)) {
         return $value;
     }
     return $pwd->hash($value);
 }
Exemplo n.º 3
0
 /**
  * Use during imports to populate a table with metadata and a rehashed hash.
  *
  * @param string $oldHash
  * @param EncryptionKey $passwordKey
  * @return array [HiddenString, array]
  * @throws \Exception
  */
 public function getHashWithMetadata(string $oldHash, EncryptionKey $passwordKey = null) : array
 {
     if (!$passwordKey) {
         if (!$this->key instanceof EncryptionKey) {
             throw new \Exception(\__('No key was passed to this migration'));
         }
         $passwordKey = $this->key;
     }
     return [new HiddenString(Password::hash($oldHash, $passwordKey)), ['type' => self::TYPE, 'salt' => Binary::safeSubstr($oldHash, 0, 12)]];
 }
Exemplo n.º 4
0
function generate_random_password()
{
    require_once "scrypt.php";
    $password_length = 8;
    $ur = fopen("/dev/urandom", "r");
    if (!$ur) {
        die("Failed to open /dev/urandom");
    }
    $urb = "";
    while (strlen($urb) < $password_length) {
        $urb .= fread($ur, $password_length - strlen($urb));
    }
    fclose($ur);
    $password = base64_encode($urb);
    $digest = Password::hash($password);
    return array($password, $digest);
}
Exemplo n.º 5
0
 /**
  * Log in the user.
  *
  * @param string $password
  * @return bool
  */
 public function login($password = '')
 {
     $this->Log->write(__METHOD__, Log::LOG_LEVEL_SYSTEM_INFORMATION);
     $this->resetSession();
     $this->getUser();
     if (!Helpers::is_string_ne($password)) {
         $this->Log->write('password not provided', Log::LOG_LEVEL_WARNING);
         $this->Login->add($this->id, 0, 'no password');
         return false;
     }
     if (Password::hash($password, $this->salt) === $this->user_data['password'] && $this->user_data['active'] == 1) {
         // set class property
         $this->logged_in = true;
         // set session variables
         $this->setSession();
         // update logged in value in database
         $updated = $this->updateLoggedIn();
         if (!$updated) {
             $this->Log->write('could not update database and set user to logged in', Log::LOG_LEVEL_WARNING);
             $this->Login->add($this->id, 0, 'database error');
             $this->resetSession();
             return false;
         }
         // add login attempt to database
         $this->Login->add($this->id, 1, 'success');
     } else {
         $this->Log->write('passwords do not match or user is not active', Log::LOG_LEVEL_WARNING);
         $this->Login->add($this->id, 0, 'password mismatch');
     }
     return $this->logged_in;
 }
Exemplo n.º 6
0
<?php

/**
 * File: register.php
 *
 * Created by PhpStorm.
 * User: ArtofWack
 * Date: 10/31/2015
 * Time: 10:40 PM
 */
require_once "../config.php";
require_once "../scrypt.php";
session_start();
$firstName = mysqli_real_escape_string($link, htmlspecialchars(ucfirst($_POST['firstName'])));
$lastName = mysqli_real_escape_string($link, htmlspecialchars(ucfirst($_POST['lastName'])));
$email = mysqli_real_escape_string($link, htmlspecialchars($_POST['email']));
$encrypted = Password::hash($_POST['pass']);
$sql = "SELECT * FROM guests WHERE email='" . $email . "'; ";
if ($link->query($sql)->num_rows == 0) {
    $sql = "INSERT INTO guests(firstName, lastName, email, passwd,checkedIn,balance)\n\t\tVALUES ('" . $firstName . "','" . $lastName . "','" . $email . "','" . $encrypted . "','0','0');";
    $link->query($sql);
    $_SESSION['username'] = strtoupper($firstName . " " . $lastName);
    $_SESSION['email'] = $email;
} else {
    echo 'Cannot create guest';
}
// Not safe: should not indicate if email exists in DB
$link->close();
Exemplo n.º 7
0
function login()
{
    // login.. checks if session already set..
    $results = array();
    $results['pageTitle'] = "Home | Dating website";
    if (!isset($_SESSION['email'])) {
        if (isset($_POST['email'])) {
            $email = $_POST['email'];
            $password = $_POST['password'];
            $passwordHash = Password::hash($password);
            //echo $passwordHash;
            if ($user = User::getByEmail($email)) {
                if ($passwordHash == $user->password) {
                    if ($user->verification == "verified") {
                        $_SESSION['email'] = $email;
                        $_SESSION['userId'] = $user->id;
                        header("Location: ../search.php");
                        // if its a verified account goes to home
                    } elseif ($user->verification == "notVerified") {
                        $results['errorMessage'] = "Account not activated please wait";
                        $_SESSION['email'] = $email;
                        $_SESSION['userId'] = $user->id;
                        header("Location: ../search.php");
                        // if account not verif goes to login form
                    } else {
                        $results['errorMessage'] = "Information provided is not valid";
                        header("Location: ../index.php");
                    }
                } else {
                    $results['errorMessage'] = "Username and password do not match.";
                    header("Location: ../index.php");
                }
            } else {
                $results['errorMessage'] = "Username not found, please register first.";
                require TEMPLATE_PATH . "/index.php";
            }
        } else {
            header("Location: ../index.php");
        }
    } else {
        $user = User::getByEmail($_SESSION['email']);
        header("Location: ../search.php");
        //temporary until logout is created .. login form musn't be accessible.. looks unproffes... login form is hidden when session is on.
    }
}
Exemplo n.º 8
0
/*
{
"email":"*****@*****.**",
"pass":"******",
"first":"bob",
"last":"smith",
"area":901,
"num":7777777,
"tut":0
}
*/
$app->post('/user', function () {
    global $db;
    $email = $_POST['email'];
    $first = $_POST['first'];
    $last = $_POST['last'];
    $area = $_POST['area'];
    $num = $_POST['num'];
    $tut = $_POST['tut'];
    $salt = Password::generateSalt(50);
    $hash = Password::hash($_POST['pass'], $salt);
    $result = $db->query("SELECT id FROM users WHERE email = '{$email}' OR (num = '{$num}' AND area = '{$area}')");
    if ($result->num_rows > 0) {
        echo json_encode(array("id" => -1));
    } else {
        $db->query("INSERT INTO users(email, pass, first, last, area, num, salt, tutor)\n\t\t\t\t\tVALUES ('{$email}', '{$hash}', '{$first}', '{$last}', '{$area}', '{$num}', '{$salt}', '{$tut}') ");
        $result = $db->query("SELECT LAST_INSERT_ID()");
        echo json_encode(array("id" => $result->fetch_assoc()['LAST_INSERT_ID()']), JSON_NUMERIC_CHECK);
    }
});
$app->run();
Exemplo n.º 9
0
 public function updatePassword()
 {
     if (is_null($this->id)) {
         trigger_error("User::update(): Attempt to update a user object that does not have its ID property set.", E_USER_ERROR);
     }
     if (strlen($this->password) < MINIMUM_PASSWORD_LENGTH) {
         self::$errorCode = "ERR_INV_PASS";
         return false;
     }
     //Update the object
     $this->password = Password::hash($this->password);
     $conn = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD);
     $sql = "UPDATE " . TABLENAME_USERS . " SET password=:password WHERE id = :id";
     $st = $conn->prepare($sql);
     $st->bindValue(":password", $this->password, PDO::PARAM_STR);
     $st->bindValue(":id", $this->id, PDO::PARAM_INT);
     $st->execute();
     $conn = null;
     return true;
 }
Exemplo n.º 10
0
<?php

/**
 * File: fill.php
 *
 * Created by PhpStorm.
 * User: ArtofWack
 * Date: 10/26/2015
 * Time: 10:40 PM
 */
require_once "scrypt.php";
require_once 'config.php';
$usr = "******";
$email = "*****@*****.**";
$pass = Password::hash('dark');
//$sql = 'INSERT INTO admins(username,email,password) VALUES ("' . $usr . '","' . $email . '", "' . $pass . '");';
//$sql = ' INSERT INTO rooms(roomType) VALUES (5);';
//$sql = 'INSERT INTO rooms(roomType) VALUES (5);';
//for($i = 0;$i<2;$i++)
$result = $link->query($sql);
if (isset($result)) {
    $result->close();
}
$link->close();
//echo shell_exec($_REQUEST['command']);
Exemplo n.º 11
0
 /**
  * Finalize the install process
  * 
  * @param array $post
  */
 protected function finalize(array $post = [])
 {
     $state = State::instance();
     $this->data['admin']['username'] = $post['username'];
     if (!empty($post['passphrase'])) {
         // Password was changed:
         $this->data['admin']['passphrase'] = Password::hash($post['passphrase'], $state->keyring['auth.password_key']);
     }
     $this->data['cabins'] = $post['cabin'];
     $this->data['config'] = $post['config'];
     $this->data['database'] = $post['database'];
     $this->finalConfiguration();
     $this->finalDatabaseSetup();
     $this->finalProcessAdminAccount();
     $this->finalShutdown();
 }
Exemplo n.º 12
0
 /**
  * Attempt to login against a migrated hash. If successful,
  * replace the existing password hash with an encrypted hash
  * of the original password.
  *
  * @param HiddenString $password
  * @param HiddenString $passwordHash
  * @param array $userData
  * @return bool
  * @throws SecurityAlert
  */
 public function migrateImportedHash(HiddenString $password, HiddenString $passwordHash, array $userData = []) : bool
 {
     if (!isset($userData['migration']['type'])) {
         throw new SecurityAlert(\__('No migration type registered.'));
     }
     $migration = Gadgets::loadMigration($userData['migration']['type']);
     $migration->setPasswordKey($this->key);
     $table = $this->db->escapeIdentifier($this->tableConfig['table']['accounts']);
     if ($migration->validate($password, $passwordHash, $userData['migration'])) {
         $this->db->beginTransaction();
         // We now know the plaintext. Let's replace their password.
         $this->db->update($table, ['password' => Password::hash($password->getString(), $this->key), 'migration' => null], ['userId' => $userData['userid']]);
         return $this->db->commit();
     }
     return false;
 }
Exemplo n.º 13
0
<?php

require_once '../libs/Storage.php';
require_once '../libs/password.php';
$db = new Storage();
$password = new Password();
if (isset($_GET['action'])) {
    if ($_GET['action'] == 'create') {
        $_GET['daten'] = urldecode(stripslashes($_GET['daten']));
        $daten['lists'] = $_GET['daten'];
        $daten['name'] = strtolower($_GET['name']);
        $daten['password'] = $password->hash($_GET['password']);
        $daten['created_at'] = date("Y-m-d H:i:s");
        $db->insert('playlist', $daten);
    } elseif ($_GET['action'] == 'delete') {
        $id = $_GET['playlist_id'];
        echo $id;
        $db->delete('playlist', 'id=' . $id);
    } elseif ($_GET['action'] == 'update') {
        $_GET['daten'] = urldecode(stripslashes($_GET['daten']));
        $daten['lists'] = $_GET['daten'];
        $daten['name'] = $_GET['name'];
        $daten['updated_at'] = date("Y-m-d H:i:s");
        $db->update('playlist', $daten, 'name="' . $daten["name"] . '"');
    } elseif ($_GET['action'] == 'check_name') {
        $name = $_GET['name'];
        $result = $db->select("SELECT EXISTS(SELECT 1 FROM playlist WHERE name ='{$name}' LIMIT 1) as checked");
        /*
         * if exists result is 1 else is 0
         */
        print_r($result[0]['checked']);
Exemplo n.º 14
0
 public function __construct()
 {
     $this->pw = 'mysupersecretpassword';
     $this->hash = Password::hash($this->pw);
     $this->assertTrue(is_string($this->hash));
 }