/**
* @param array $data
* @return SS_HTTPResponse|void
*/
function doChangePassword(array $data)
{
try {
$token = Session::get('AutoLoginHash');
$member = $this->password_manager->changePassword($token, @$data['NewPassword1'], @$data['NewPassword2']);
Session::clear('AutoLoginHash');
$back_url = isset($_REQUEST['BackURL']) ? $_REQUEST['BackURL'] : '/';
return OpenStackIdCommon::loginMember($member, $back_url);
} catch (InvalidResetPasswordTokenException $ex1) {
Session::clear('AutoLoginHash');
Controller::curr()->redirect('login');
} catch (EmptyPasswordException $ex2) {
$this->clearMessage();
$this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad");
Controller::curr()->redirectBack();
} catch (PasswordMismatchException $ex3) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad");
Controller::curr()->redirectBack();
} catch (InvalidPasswordException $ex4) {
$this->clearMessage();
$this->sessionMessage(sprintf(_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: %s"), nl2br("\n" . $ex4->getMessage())), "bad");
Controller::curr()->redirectBack();
}
}
function try_login($user, $password, $remember)
{
$this->pClear();
db_connect();
$query = "select user_id,username from user where username = '******';";
$wynik = db_query($query);
$wiersz = mysql_fetch_assoc($wynik);
$user_id = $wiersz['user_id'];
if ($user_id) {
/* User exists. Is the password correct? */
$pm = new PasswordManager($user_id);
if (!$pm->verify($password)) {
$user_id = null;
}
}
if (!empty($user_id)) {
$_SESSION['username'] = $wiersz['username'];
$_SESSION['user_id'] = $user_id;
$query = "SELECT now() as now, uuid() as uuid";
$wynik = db_query($query);
$rekord = mysql_fetch_assoc($wynik);
$dzis = $rekord['now'];
$uuid = $rekord['uuid'];
$query = "update user set last_login_mobile = '" . $dzis . "' where user_id='" . $user_id . "';";
db_query($query);
$this->userid = $user_id;
$this->username = $user;
$this->lastlogin = $dzis;
$this->sessionid = $uuid;
$this->verified = true;
if ($remember == 1) {
$this->pStoreCookie();
}
$query = "update user set uuid_mobile ='" . $uuid . "', last_login_mobile='" . $dzis . "' where user_id='" . $user_id . "';";
db_query($query);
}
return;
}
/**
* @return string
*/
public function changepassword()
{
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
$tmpPage->ID = -1;
// Set the page ID to -1 so we dont get the top level pages as its children
$controller = new Page_Controller($tmpPage);
$controller->init();
try {
$former_hash = Session::get('AutoLoginHash');
// if we have the token and the member redirect back to clear those values and avoid leaking
// on referer header
if (isset($_REQUEST['t']) && isset($_REQUEST['m'])) {
// if we dont have a former autologin hash, generate it ...
if (empty($former_hash)) {
$new_hash = $this->password_manager->verifyToken((int) @$_REQUEST['m'], @$_REQUEST['t']);
Session::set('AutoLoginHash', $new_hash);
}
return $this->redirect($this->Link('changepassword'));
}
if (!empty($former_hash)) {
// Subsequent request after the "first load with hash"
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
if (Member::currentUser()) {
// Logged in user requested a password change form.
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
return;
}
}
} catch (InvalidPasswordResetLinkException $ex1) {
$customisedController = $controller->customise(array('Content' => sprintf('<p>This link is no longer valid as a newer request for a password reset has been made. Please check your mailbox for the most recent link</p><p>You can request a new one <a href="%s">here', $this->Link('lostpassword'))));
}
return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController'));
}
public function testOracle()
{
$this->assertTrue(PasswordManager::validateOracleUsername('ambackstrom'));
$this->assertTrue(PasswordManager::validateOracleUsername('j_thibeault'));
$this->assertTrue(PasswordManager::validateOracleUsername('j_thibeault1'));
$this->assertFalse(PasswordManager::validateOracleUsername('_thibeault1'));
$this->assertFalse(PasswordManager::validateOracleUsername('1thibeault1'));
$password = '';
for ($i = 0; $i < 128; $i++) {
if ($i != 34) {
$password .= chr($i);
}
}
$this->assertTrue(PasswordManager::validateOraclePassword($password));
$this->assertFalse(PasswordManager::validateOraclePassword($password . '"'));
}
function try_login($user, $password, $permanent)
{
$this->pClear();
// check the number of logins in the last hour ...
sql("DELETE FROM `sys_logins` WHERE `timestamp`<'&1'", date('Y-m-d H:i:s', time() - 3600));
$logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "'", 0);
if ($logins_count > 24) {
return LOGIN_TOOMUCHLOGINS;
}
// delete old sessions
$min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
sql("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent);
// compare $user with email and username, if both match, use email
$rsUser = sql("\n SELECT\n `user_id`, `username`, 2 AS `prio`, `is_active_flag`,\n `permanent_login_flag`, `admin`\n FROM `user`\n WHERE `username` LIKE '&1'\n\n UNION\n\n SELECT\n `user_id`, `username`, 1 AS `prio`, `is_active_flag`,\n `permanent_login_flag`, `admin`\n FROM `user`\n WHERE\n `email` LIKE '&1'\n\n ORDER BY `prio` ASC\n LIMIT 1\n ", mb_strtolower($user));
$rUser = sql_fetch_assoc($rsUser);
sql_free_result($rsUser);
if ($rUser) {
/* User exists. Is the password correct? */
$pm = new PasswordManager($rUser['user_id']);
if (!$pm->verify($password)) {
$rUser = null;
}
}
if ($rUser) {
if ($permanent == null) {
$permanent = $rUser['permanent_login_flag'] == 1;
}
// ok, there is a valid login
if ($rUser['is_active_flag'] != 0) {
// begin session
$uuid = sqlValue('SELECT UUID()', '');
sql("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], $permanent != false ? 1 : 0);
sql("UPDATE `user` SET `last_login`=NOW() WHERE `user_id`='&1'", $rUser['user_id']);
$this->userid = $rUser['user_id'];
$this->username = $rUser['username'];
$this->permanent = $permanent;
$this->lastlogin = date('Y-m-d H:i:s');
$this->sessionid = $uuid;
$this->admin = $rUser['admin'] == 1;
$this->verified = true;
$retval = LOGIN_OK;
} else {
$retval = LOGIN_USERNOTACTIVE;
}
} else {
// sorry, bad login
$retval = LOGIN_BADUSERPW;
}
sql("INSERT INTO `sys_logins` (`remote_addr`, `success`, `timestamp`) VALUES ('&1', '&2', NOW())", $_SERVER['REMOTE_ADDR'], $rUser === false ? 0 : 1);
// store to cookie
$this->pStoreCookie();
return $retval;
}
private static function require_connection()
{
if (self::$db == null) {
self::$db = new PDO('sqlite:' . __DIR__ . '\\db.sqlite');
}
}
<?php
//These vars may be changed to fit your needs.
//User executing the script must have write access to the file directory.
define("PASSWORD_FILE", "pw");
define("RECORD_FILE", "RecordFile.data.php");
define("TIMEOUT", 60);
include "lib/PasswordManager.class.php";
include "lib/RecordManager.class.php";
$pm = new PasswordManager();
//Check if password exists. If it doesn't exist create the password form for the user
//to input their passwords.
if (!file_exists(PASSWORD_FILE)) {
$error = "";
$message = "";
if (!empty($_POST)) {
$error = $pm->validatePasswords($_POST);
if (empty($error)) {
$pm->savePasswords($_POST);
header("Location: DirectoryServer.php");
exit;
}
}
echo $pm->generateCss();
echo $error;
echo $pm->generatePasswordForm();
} else {
//If the password file exists use controller logic
$rm = new RecordManager();
$passwords = $pm->getPasswords();
$rm->expireRecords();
tpl_set_var('email_message', $emailnotexist);
} else {
if ($record['new_pw_code'] == $code) {
if (time() - $record['new_pw_date'] < 259200) {
if (!mb_ereg_match(User::REGEX_PASSWORD, $password)) {
//no valid password
tpl_set_var('code', $code);
tpl_set_var('pw_message', $pw_not_ok);
} else {
if ($password !== $rp_pass) {
//both pw's dont match
tpl_set_var('code', $code);
tpl_set_var('pw_message', $pw_no_match);
} else {
//set new pw
$pm = new PasswordManager($record['user_id']);
$pm->change($password);
XDb::xSql("UPDATE `user` SET `new_pw_date`=0, `new_pw_code`=NULL, `last_modified`=NOW()\n WHERE `email`= ? LIMIT 1", $email);
tpl_set_var('message', $pw_changed);
}
}
} else {
//code timed out
tpl_set_var('message', $code_timed_out);
}
} else {
//wrong code
tpl_set_var('code_message', $code_not_ok);
}
}
} else {
$targets[$option] = explode(',', strtolower($value));
} elseif ($option === 'username' || $option === 'password') {
${$option} = $value;
} elseif ($option === 'username-base64' || $option === 'password-base64') {
$option = substr($option, 0, strpos($option, '-'));
${$option} = base64_decode($value);
}
}
if (empty($username)) {
die("username may not be left blank\n");
}
if (empty($password)) {
die("password may not be left blank\n");
}
//
// Update oracle passwords
//
if (!PasswordManager::validateOracleUsername($username)) {
echo "Oracle: username is invalid, skipping\n";
} elseif (!PasswordManager::validateOraclePassword($password)) {
echo "Oracle: password is invalid, skipping\n";
} else {
foreach ($targets['oracle'] as $server) {
echo "Oracle: Setting password for {$username} on {$server}... ";
if (PasswordManager::setOraclePassword(PSU::db($server), $username, $password)) {
echo "success\n";
} else {
echo "failure\n";
}
}
}
$site = request_isset('site');
$url = request_isset('url');
$username = request_isset('username');
$password = request_isset('password');
switch ($page_action) {
case 'update_by_id':
$db_update_success = PasswordManager::updateRecord($PASSMAN_ID, $USER_ID, $site, $url, $username, $password);
break;
case 'add_password':
$db_add_success = PasswordManager::addRecord($USER_ID, $site, $url, $username, $password);
break;
case 'delete_by_id':
$db_delete_success = PasswordManager::deleteRecord($PASSMAN_ID, $USER_ID);
break;
}
$passman_records = PasswordManager::getAllRecords($USER_ID);
$page_title = 'PassMan';
$alt_menu = getAddButton();
// build add view
$addView = new AddView('Add', 'add_password');
$addView->addRow('site', 'Site');
$addView->addRow('url', 'URL');
$addView->addRow('username', 'Username');
$addView->addRow('password', 'Password');
// build table view
$tableView = new TableView(array('Site', 'Username', 'Password', ''));
foreach ($passman_records as $record) {
$tableView->addRow(array(TableView::createCell('site', '<a href="' . $record->getUrl() . '" target="_blank">' . $record->getSite() . '</a>'), TableView::createCell('username', $record->getUsername()), TableView::createCell('password', '<span class="mask">************</span><span class="password-actual">' . $record->getPassword() . '</span>'), TableView::createEdit($record->getPassmanId())));
}
// load views to be used in front end
$views_to_load = array();
<?php
require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
$PASSMAN_ID = request_isset('id');
$passwordManager = new PasswordManager();
$record = $passwordManager->getRecord($PASSMAN_ID, $USER_ID);
$page_title = 'Edit | PassMan';
// build edit view
$editModel = new EditModel('Edit', 'update_by_id', $PASSMAN_ID);
$editModel->addRow('site', 'Site', $record->getSite());
$editModel->addRow('url', 'URL', $record->getUrl());
$editModel->addRow('username', 'Username', $record->getUsername());
$editModel->addRow('password', 'Password', $record->getPassword());
$views_to_load = array();
$views_to_load[] = ' ' . EditView2::render($editModel);
include $relative_base_path . 'views/_generic.php';
}
require_once '../../lib/language.inc.php';
require 'settings.inc.php';
$userid = isset($_REQUEST['userid']) ? $_REQUEST['userid'] : '';
$loginid = isset($_REQUEST['sessionid']) ? $_REQUEST['sessionid'] : '';
// MD5 encoded
db_connect();
if ($dblink === false) {
echo 'DB error';
exit;
}
$rs = mysql_query('SELECT user_id, username, login_id FROM `user` WHERE user_id=\'' . addslashes($userid) . '\'', $dblink);
if (mysql_num_rows($rs) == 0) {
echo $loginbox_form;
} else {
$r = mysql_fetch_array($rs);
$pm = new PasswordManager($userid);
if ($pm->verify($loginid)) {
echo str_replace('{username}', htmlspecialchars($r['username']), $loginbox_loggedin);
} else {
echo $loginbox_form;
}
}
mysql_free_result($rs);
function db_connect()
{
global $dblink, $dbpconnect, $dbusername, $dbname, $dbserver, $dbpasswd, $dbpconnect;
//connect to the database by the given method - no php error reporting!
if ($dbpconnect == true) {
$dblink = @mysql_pconnect($dbserver, $dbusername, $dbpasswd);
} else {
$dblink = @mysql_connect($dbserver, $dbusername, $dbpasswd);
