/** * @param array $data * @return SS_HTTPResponse|void */ function doChangePassword(array $data) { try { $token = Session::get('AutoLoginHash'); $member = $this->password_manager->changePassword($token, @$data['NewPassword1'], @$data['NewPassword2']); Session::clear('AutoLoginHash'); $back_url = isset($_REQUEST['BackURL']) ? $_REQUEST['BackURL'] : '/'; return OpenStackIdCommon::loginMember($member, $back_url); } catch (InvalidResetPasswordTokenException $ex1) { Session::clear('AutoLoginHash'); Controller::curr()->redirect('login'); } catch (EmptyPasswordException $ex2) { $this->clearMessage(); $this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad"); Controller::curr()->redirectBack(); } catch (PasswordMismatchException $ex3) { $this->clearMessage(); $this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad"); Controller::curr()->redirectBack(); } catch (InvalidPasswordException $ex4) { $this->clearMessage(); $this->sessionMessage(sprintf(_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: %s"), nl2br("\n" . $ex4->getMessage())), "bad"); Controller::curr()->redirectBack(); } }
function try_login($user, $password, $remember) { $this->pClear(); db_connect(); $query = "select user_id,username from user where username = '******';"; $wynik = db_query($query); $wiersz = mysql_fetch_assoc($wynik); $user_id = $wiersz['user_id']; if ($user_id) { /* User exists. Is the password correct? */ $pm = new PasswordManager($user_id); if (!$pm->verify($password)) { $user_id = null; } } if (!empty($user_id)) { $_SESSION['username'] = $wiersz['username']; $_SESSION['user_id'] = $user_id; $query = "SELECT now() as now, uuid() as uuid"; $wynik = db_query($query); $rekord = mysql_fetch_assoc($wynik); $dzis = $rekord['now']; $uuid = $rekord['uuid']; $query = "update user set last_login_mobile = '" . $dzis . "' where user_id='" . $user_id . "';"; db_query($query); $this->userid = $user_id; $this->username = $user; $this->lastlogin = $dzis; $this->sessionid = $uuid; $this->verified = true; if ($remember == 1) { $this->pStoreCookie(); } $query = "update user set uuid_mobile ='" . $uuid . "', last_login_mobile='" . $dzis . "' where user_id='" . $user_id . "';"; db_query($query); } return; }
/** * @return string */ public function changepassword() { $tmpPage = new Page(); $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password'); $tmpPage->URLSegment = 'Security'; $tmpPage->ID = -1; // Set the page ID to -1 so we dont get the top level pages as its children $controller = new Page_Controller($tmpPage); $controller->init(); try { $former_hash = Session::get('AutoLoginHash'); // if we have the token and the member redirect back to clear those values and avoid leaking // on referer header if (isset($_REQUEST['t']) && isset($_REQUEST['m'])) { // if we dont have a former autologin hash, generate it ... if (empty($former_hash)) { $new_hash = $this->password_manager->verifyToken((int) @$_REQUEST['m'], @$_REQUEST['t']); Session::set('AutoLoginHash', $new_hash); } return $this->redirect($this->Link('changepassword')); } if (!empty($former_hash)) { // Subsequent request after the "first load with hash" $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm())); } else { if (Member::currentUser()) { // Logged in user requested a password change form. $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm())); } else { self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!')); return; } } } catch (InvalidPasswordResetLinkException $ex1) { $customisedController = $controller->customise(array('Content' => sprintf('<p>This link is no longer valid as a newer request for a password reset has been made. Please check your mailbox for the most recent link</p><p>You can request a new one <a href="%s">here', $this->Link('lostpassword')))); } return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController')); }
public function testOracle() { $this->assertTrue(PasswordManager::validateOracleUsername('ambackstrom')); $this->assertTrue(PasswordManager::validateOracleUsername('j_thibeault')); $this->assertTrue(PasswordManager::validateOracleUsername('j_thibeault1')); $this->assertFalse(PasswordManager::validateOracleUsername('_thibeault1')); $this->assertFalse(PasswordManager::validateOracleUsername('1thibeault1')); $password = ''; for ($i = 0; $i < 128; $i++) { if ($i != 34) { $password .= chr($i); } } $this->assertTrue(PasswordManager::validateOraclePassword($password)); $this->assertFalse(PasswordManager::validateOraclePassword($password . '"')); }
function try_login($user, $password, $permanent) { $this->pClear(); // check the number of logins in the last hour ... sql("DELETE FROM `sys_logins` WHERE `timestamp`<'&1'", date('Y-m-d H:i:s', time() - 3600)); $logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "'", 0); if ($logins_count > 24) { return LOGIN_TOOMUCHLOGINS; } // delete old sessions $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT); sql("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent); // compare $user with email and username, if both match, use email $rsUser = sql("\n SELECT\n `user_id`, `username`, 2 AS `prio`, `is_active_flag`,\n `permanent_login_flag`, `admin`\n FROM `user`\n WHERE `username` LIKE '&1'\n\n UNION\n\n SELECT\n `user_id`, `username`, 1 AS `prio`, `is_active_flag`,\n `permanent_login_flag`, `admin`\n FROM `user`\n WHERE\n `email` LIKE '&1'\n\n ORDER BY `prio` ASC\n LIMIT 1\n ", mb_strtolower($user)); $rUser = sql_fetch_assoc($rsUser); sql_free_result($rsUser); if ($rUser) { /* User exists. Is the password correct? */ $pm = new PasswordManager($rUser['user_id']); if (!$pm->verify($password)) { $rUser = null; } } if ($rUser) { if ($permanent == null) { $permanent = $rUser['permanent_login_flag'] == 1; } // ok, there is a valid login if ($rUser['is_active_flag'] != 0) { // begin session $uuid = sqlValue('SELECT UUID()', ''); sql("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], $permanent != false ? 1 : 0); sql("UPDATE `user` SET `last_login`=NOW() WHERE `user_id`='&1'", $rUser['user_id']); $this->userid = $rUser['user_id']; $this->username = $rUser['username']; $this->permanent = $permanent; $this->lastlogin = date('Y-m-d H:i:s'); $this->sessionid = $uuid; $this->admin = $rUser['admin'] == 1; $this->verified = true; $retval = LOGIN_OK; } else { $retval = LOGIN_USERNOTACTIVE; } } else { // sorry, bad login $retval = LOGIN_BADUSERPW; } sql("INSERT INTO `sys_logins` (`remote_addr`, `success`, `timestamp`) VALUES ('&1', '&2', NOW())", $_SERVER['REMOTE_ADDR'], $rUser === false ? 0 : 1); // store to cookie $this->pStoreCookie(); return $retval; }
private static function require_connection() { if (self::$db == null) { self::$db = new PDO('sqlite:' . __DIR__ . '\\db.sqlite'); } }
<?php //These vars may be changed to fit your needs. //User executing the script must have write access to the file directory. define("PASSWORD_FILE", "pw"); define("RECORD_FILE", "RecordFile.data.php"); define("TIMEOUT", 60); include "lib/PasswordManager.class.php"; include "lib/RecordManager.class.php"; $pm = new PasswordManager(); //Check if password exists. If it doesn't exist create the password form for the user //to input their passwords. if (!file_exists(PASSWORD_FILE)) { $error = ""; $message = ""; if (!empty($_POST)) { $error = $pm->validatePasswords($_POST); if (empty($error)) { $pm->savePasswords($_POST); header("Location: DirectoryServer.php"); exit; } } echo $pm->generateCss(); echo $error; echo $pm->generatePasswordForm(); } else { //If the password file exists use controller logic $rm = new RecordManager(); $passwords = $pm->getPasswords(); $rm->expireRecords();
tpl_set_var('email_message', $emailnotexist); } else { if ($record['new_pw_code'] == $code) { if (time() - $record['new_pw_date'] < 259200) { if (!mb_ereg_match(User::REGEX_PASSWORD, $password)) { //no valid password tpl_set_var('code', $code); tpl_set_var('pw_message', $pw_not_ok); } else { if ($password !== $rp_pass) { //both pw's dont match tpl_set_var('code', $code); tpl_set_var('pw_message', $pw_no_match); } else { //set new pw $pm = new PasswordManager($record['user_id']); $pm->change($password); XDb::xSql("UPDATE `user` SET `new_pw_date`=0, `new_pw_code`=NULL, `last_modified`=NOW()\n WHERE `email`= ? LIMIT 1", $email); tpl_set_var('message', $pw_changed); } } } else { //code timed out tpl_set_var('message', $code_timed_out); } } else { //wrong code tpl_set_var('code_message', $code_not_ok); } } } else {
$targets[$option] = explode(',', strtolower($value)); } elseif ($option === 'username' || $option === 'password') { ${$option} = $value; } elseif ($option === 'username-base64' || $option === 'password-base64') { $option = substr($option, 0, strpos($option, '-')); ${$option} = base64_decode($value); } } if (empty($username)) { die("username may not be left blank\n"); } if (empty($password)) { die("password may not be left blank\n"); } // // Update oracle passwords // if (!PasswordManager::validateOracleUsername($username)) { echo "Oracle: username is invalid, skipping\n"; } elseif (!PasswordManager::validateOraclePassword($password)) { echo "Oracle: password is invalid, skipping\n"; } else { foreach ($targets['oracle'] as $server) { echo "Oracle: Setting password for {$username} on {$server}... "; if (PasswordManager::setOraclePassword(PSU::db($server), $username, $password)) { echo "success\n"; } else { echo "failure\n"; } } }
$site = request_isset('site'); $url = request_isset('url'); $username = request_isset('username'); $password = request_isset('password'); switch ($page_action) { case 'update_by_id': $db_update_success = PasswordManager::updateRecord($PASSMAN_ID, $USER_ID, $site, $url, $username, $password); break; case 'add_password': $db_add_success = PasswordManager::addRecord($USER_ID, $site, $url, $username, $password); break; case 'delete_by_id': $db_delete_success = PasswordManager::deleteRecord($PASSMAN_ID, $USER_ID); break; } $passman_records = PasswordManager::getAllRecords($USER_ID); $page_title = 'PassMan'; $alt_menu = getAddButton(); // build add view $addView = new AddView('Add', 'add_password'); $addView->addRow('site', 'Site'); $addView->addRow('url', 'URL'); $addView->addRow('username', 'Username'); $addView->addRow('password', 'Password'); // build table view $tableView = new TableView(array('Site', 'Username', 'Password', '')); foreach ($passman_records as $record) { $tableView->addRow(array(TableView::createCell('site', '<a href="' . $record->getUrl() . '" target="_blank">' . $record->getSite() . '</a>'), TableView::createCell('username', $record->getUsername()), TableView::createCell('password', '<span class="mask">************</span><span class="password-actual">' . $record->getPassword() . '</span>'), TableView::createEdit($record->getPassmanId()))); } // load views to be used in front end $views_to_load = array();
<?php require_once '../../views/_secureHead.php'; require_once $relative_base_path . 'models/edit.php'; if (isset($sessionManager) && $sessionManager->isAuthorized()) { $PASSMAN_ID = request_isset('id'); $passwordManager = new PasswordManager(); $record = $passwordManager->getRecord($PASSMAN_ID, $USER_ID); $page_title = 'Edit | PassMan'; // build edit view $editModel = new EditModel('Edit', 'update_by_id', $PASSMAN_ID); $editModel->addRow('site', 'Site', $record->getSite()); $editModel->addRow('url', 'URL', $record->getUrl()); $editModel->addRow('username', 'Username', $record->getUsername()); $editModel->addRow('password', 'Password', $record->getPassword()); $views_to_load = array(); $views_to_load[] = ' ' . EditView2::render($editModel); include $relative_base_path . 'views/_generic.php'; }
require_once '../../lib/language.inc.php'; require 'settings.inc.php'; $userid = isset($_REQUEST['userid']) ? $_REQUEST['userid'] : ''; $loginid = isset($_REQUEST['sessionid']) ? $_REQUEST['sessionid'] : ''; // MD5 encoded db_connect(); if ($dblink === false) { echo 'DB error'; exit; } $rs = mysql_query('SELECT user_id, username, login_id FROM `user` WHERE user_id=\'' . addslashes($userid) . '\'', $dblink); if (mysql_num_rows($rs) == 0) { echo $loginbox_form; } else { $r = mysql_fetch_array($rs); $pm = new PasswordManager($userid); if ($pm->verify($loginid)) { echo str_replace('{username}', htmlspecialchars($r['username']), $loginbox_loggedin); } else { echo $loginbox_form; } } mysql_free_result($rs); function db_connect() { global $dblink, $dbpconnect, $dbusername, $dbname, $dbserver, $dbpasswd, $dbpconnect; //connect to the database by the given method - no php error reporting! if ($dbpconnect == true) { $dblink = @mysql_pconnect($dbserver, $dbusername, $dbpasswd); } else { $dblink = @mysql_connect($dbserver, $dbusername, $dbpasswd);