function login_form() { global $vars, $phpc_script; $submit_data = tag('td', attributes('colspan="2"'), create_hidden('action', 'login'), create_submit(__('Log in'))); if (!empty($vars['lasturl'])) { $submit_data->prepend(create_hidden('lasturl', escape_entities(urlencode($vars['lasturl'])))); } return tag('form', attributes("action=\"{$phpc_script}\"", 'method="post"'), tag('table', tag('caption', __('Log in')), tag('thead', tag('tr', tag('th', attributes('colspan="2"'), __('You must have cookies enabled to login.')))), tag('tfoot', tag('tr', $submit_data)), tag('tbody', tag('tr', tag('th', __('Username')), tag('td', create_text('username'))), tag('tr', tag('th', __('Password')), tag('td', create_password('password')))))); }
function display_form() { global $phpc_script, $phpc_token, $phpcdb; $groups = array(); foreach ($phpcdb->get_groups() as $group) { $groups[$group['gid']] = $group['name']; } $size = sizeof($groups); if ($size > 6) { $size = 6; } return tag('form', attributes("action=\"{$phpc_script}\"", 'method="post"'), tag('table', attributes("class=\"phpc-container\""), tag('caption', __('Create User')), tag('tfoot', tag('tr', tag('td', attributes('colspan="2"'), create_hidden('phpc_token', $phpc_token), create_hidden('action', 'user_create'), create_hidden('submit_form', 'submit_form'), create_submit(__('Submit'))))), tag('tbody', tag('tr', tag('th', __('User Name')), tag('td', create_text('user_name'))), tag('tr', tag('th', __('Password')), tag('td', create_password('password1'))), tag('tr', tag('th', __('Confirm Password')), tag('td', create_password('password2'))), tag('tr', tag('th', __('Make Admin')), tag('td', create_checkbox('make_admin', '1', false, __('Admin')))), tag('tr', tag('th', __('Groups')), tag('td', create_select('groups[]', $groups, false, attrs('multiple', "size=\"{$size}\""))))))); }
function login_form() { global $vars, $phpc_script, $day, $year, $month; $lastaction = empty($vars['lastaction']) ? '' : $vars['lastaction']; $submit_data = tag('td', attributes('colspan="2"'), create_hidden('action', 'login'), create_submit(_('Log in'))); if (!empty($vars['lastaction'])) { $submit_data->prepend(create_hidden('lastaction', $vars['lastaction'])); } if (!empty($vars['day'])) { $submit_data->prepend(create_hidden('day', $day)); } if (!empty($vars['month'])) { $submit_data->prepend(create_hidden('month', $month)); } if (!empty($vars['year'])) { $submit_data->prepend(create_hidden('year', $year)); } return tag('form', attributes("action=\"{$phpc_script}\"", 'method="post"'), tag('table', attributes('class="phpc-main"'), tag('caption', _('Log in')), tag('thead', tag('tr', tag('th', attributes('colspan="2"'), _('You must have cookies enabled to login.')))), tag('tfoot', tag('tr', $submit_data)), tag('tbody', tag('tr', tag('th', _('Username') . ':'), tag('td', create_text('username'))), tag('tr', tag('th', _('Password') . ':'), tag('td', create_password('password')))))); }
/** * 获取验证码 * @param string username 手机号码 * @param int forget 忘记密码的手机号码 */ public function verifily_post() { $telphone = PUT('username'); $forget = PUT('forget'); $type = PUT('type'); if ($forget) { if (empty($forget)) { $this->error('手机号码不能为空'); } if (!$this->model->checkMobile($forget)) { $this->error('该手机号码没有注册'); } $telphone = $forget; } else { if (empty($telphone)) { $this->error('手机号码不能为空'); } if ($this->model->checkMobile($telphone)) { $this->error('该手机号码已经注册'); } } $verifily = create_password(); // session('verifily',$verifily); // $this->success('验证码发送成功',$verifily); // exit; //$result = curl(C('SMS.sms_url'),C('SMS.sms_key'),array('mobile'=>$telphone,'message'=>'验证码:'.$verifily.C('SMS.sms_company'))); $msg = '验证码:' . $verifily . C('SMS.sms_company'); $result = Luosimao::send($type, $telphone, $verifily); if ($result['error'] == 0) { $this->success('验证码发送成功', $verifily); } else { $this->error($result['msg']); } // $res = json_decode($result,true); // if($res['error']==0){ // session('verifily',$verifily); // $this->success('验证码发送成功',$verifily); // }else{ // $this->error('验证码发送失败'); // } }
function store($config, $webid, $mbox, $password, $active, $mbox_sha1sum, $authreqissuer = NULL) { if ($active == 'on') { $active = 1; } else { $active = 0; } if ($mbox_sha1sum == 'on') { $mbox_sha1sum = 1; } else { $mbox_sha1sum = 0; } // set up db $db = new db_class(); $db->connect('localhost', $config['db_user'], $config['db_pwd'], $config['db_name']); $sql = "select mbox from passwords where webid = '" . $webid . "' and mbox = '" . $mbox . "' and verified_mbox = 1"; $results = $db->select($sql); if ($row = mysql_fetch_assoc($results)) { $mbox = $row['mbox']; $verified_mbox = 1; } else { $password = create_password(50, true, true, false); $verified_mbox = 0; $to = $mbox; $subject = $_SERVER["SERVER_NAME"] . ' - Email Verifier'; $message = "https://" . $_SERVER["SERVER_NAME"] . "/?action=verify&access_token=" . urlencode($password); $headers = 'From: password.manager@' . $_SERVER["SERVER_NAME"] . "\r\n" . 'Reply-To: password.manager@' . $_SERVER["SERVER_NAME"] . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); } $x509 = $_SERVER['SSL_CLIENT_CERT']; if (isset($password) && $password != '') { $sql = 'INSERT INTO passwords (webid, mbox, password, verified_mbox, active, publish_mbox_sha1sum, X509_public_key) VALUES ("' . $webid . '","' . $mbox . '","' . $password . '",' . $verified_mbox . ',' . $active . ',' . $mbox_sha1sum . ',"' . $x509 . '") ON DUPLICATE KEY UPDATE mbox="' . $mbox . '", password="******", verified_mbox=' . $verified_mbox . ', active=' . $active . ', publish_mbox_sha1sum=' . $mbox_sha1sum . ', X509_public_key="' . $x509 . '"'; } else { $sql = 'INSERT INTO passwords (webid, mbox, verified_mbox, active, publish_mbox_sha1sum, X509_public_key) VALUES ("' . $webid . '","' . $mbox . '",' . $verified_mbox . ',' . $active . ',' . $mbox_sha1sum . ',"' . $x509 . '") ON DUPLICATE KEY UPDATE mbox="' . $mbox . '", verified_mbox=' . $verified_mbox . ', active=' . $active . ', publish_mbox_sha1sum=' . $mbox_sha1sum . ', X509_public_key="' . $x509 . '"'; } // print $sql . "<br/>"; $results = $db->update_sql($sql); if (!isset($authreqissuer)) { main(); } else { webid_redirect($authreqissuer, $webid); } }
<?php function create_password($pw_length) { $randpwd = ""; for ($i = 0; $i < $pw_length; $i++) { $randpwd .= chr(mt_rand(33, 126)); } return $randpwd; } echo create_password(6); ?>
} if (count($messages)) { $response = json_encode($messages); return; } $query = "INSERT INTO nf_users(\n email\n , phone\n , password\n , username\n , first_name\n , last_name\n , lang\n \n ) VALUES (\n '" . $data['email'] . "'\n , '" . $data['phone'] . "'\n , '" . create_password($data['password']) . "'\n , '" . $data['username'] . "'\n , '" . $data['first_name'] . "'\n , '" . $data['last_name'] . "'\n , '" . $data['lang'] . "'\n )\n "; if (!mysqli_query($MV, $query)) { $messages['error'] = '!!!_DB Error_!!!'; $response = json_encode($messages); return; } $to = $admin_email; $subject = "New user: "******" " . $data['last_name']; $message = "<html>\n <head>\n <title>New user: "******" " . $data['last_name'] . "</title>\n </head>\n <body>\n Name: " . $data['first_name'] . " " . $data['last_name'] . "<br>\n Username: "******"<br>\n Email: " . $data['email'] . "<br>\n Phone: " . $data['phone'] . "<br>\n Please add user to the system.<hr><br>\n Don't reply to this message.\n </body>\n </html>"; if (!my_send_mail($to, $subject, $message)) { $messages['error'] = '!!!_Send email Error._!!!'; $response = json_encode($messages); return; } $conf_link = PROTOCOL . DOMAIN . $root_folder . $data['lang'] . "/email-confirmation/?e=" . base64_encode($data['email'] . DOMAIN . create_password($data['password'])); $to = $data['email']; $subject = "!!!_Dear_!!! " . $data['first_name'] . " " . $data['last_name']; $message = "<html>\n <head>\n <title>" . $subject . "</title>\n </head>\n <body>\n !!!_Your registration request has been successfully submitted. We will review your request and soon you will receive your registration confirmation email. Please confirm your email address clicking link below or copy this link and paste it in your browser address field. _!!!<br><a href='" . $conf_link . "'>" . $conf_link . "</a><hr><br>\n !!!_Don't reply to this message._!!!\n </body>\n </html>"; if (!my_send_mail($to, $subject, $message)) { $messages['error'] = '!!!_Send email Error._!!!'; $response = json_encode($messages); return; } $messages['success'] = '!!!_Your registration request has been successfully submitted. You will recieve an email._!!!'; $response = json_encode($messages); }
exit('CK Faild!'); } include_once 'hand.php'; if (!isset($username)) { echo "Faild!1un"; exit; } if (!isset($email)) { echo "Faild!2"; exit; } if (!isset($password)) { echo "Faild!3"; exit; } else { $password = create_password(10); } $docait = '2'; /*UC邮箱绑定*/ if (isset($_SESSION["btsbd"], $_POST["pwd"], $_SESSION["email"], $_SESSION["Ibh"], $_SESSION["username"])) { if ($_SESSION["btsbd"] == '1') { unset($_SESSION["btsbd"]); $Uusername = $_SESSION["username"]; $email = $_SESSION["email"]; $password = $_POST["pwd"]; $Ibh = $_SESSION["Ibh"]; $Udm = $_SESSION["Udm"]; $bdjg = handdl($email, $password, 1, 1); if (!isset($bdjg["jg"])) { echo 'Faild!1bd' . $bdjg . $email; exit;
<?php if (isset($_POST['do'])) { require "../include/my_func.inc.php"; require "../include/db_info.inc.php"; for ($i = $_POST['user_id']; $i <= $_POST['fin_user_id']; $i++) { $user_id = "team" . $i; $length = $_POST['length']; $passwd = $passwd_bak = create_password($length); if (get_magic_quotes_gpc()) { $user_id = stripslashes($user_id); $passwd = stripslashes($passwd); } $user_id = mysql_real_escape_string($user_id); $passwd = pwGen($passwd); $sql = "update `users` set `password`='{$passwd}' where `user_id`='{$user_id}' and user_id not in( select user_id from privilege where rightstr='administrator') "; mysql_query($sql); $data[$i][0] = $user_id; $data[$i][1] = $passwd_bak; $data[$i][2] = $_POST['addin']; } $title = array('报名号', '密码', '注释'); exportexcel($data, $title, $_POST['xls_name']); }
</nav> <!-- nav ends --> <!-- forms --> <div id="learn-more" class="container documents"> <div class="example"> <div class="row"> <div class='container'> <h1>xkcd Password Generator</h1> <h2>The button below will generate a random phrase consisting of four common words. According to xkcd strip, such phrases are hard to guess (even by brute force), but easy to remember, making them interesting password choices.</h2> <p class='password'> <?php echo create_password($fwords, $fnumber, $fsymbol, $fupcase); ?> </p> <form action="<?php echo $_SERVER['PHP_SELF']; ?> " method='POST'> <p class='options'> <label for='number_of_words'># of Words</label> <input maxlength=1 type='text' name='number_of_words' id='number_of_words' value='<?php echo $fwords; ?> ' /> (Max 9) <br>
function change_password($stored_password, $old_password, $new_password, $new_salt = null, $legacy_password_validator = null) { // Check old password is valid. No need to update strategem as we are going to change it anyway. if (validate_password($stored_password, $old_password, false, $legacy_password_validator)) { return create_password($new_password, $new_salt); } return false; }
/** * 用户登录 * @param string $username 用户名 * @param string $password 密码 * @return array {-2;密码错误;-1:用户不存在;array(userinfo):用户信息} */ public function login() { $this->password = isset($this->data['password']) ? $this->data['password'] : ''; $this->email = isset($this->data['email']) ? $this->data['email'] : ''; if($this->email) { $userinfo = $this->db->get_one(array('email'=>$this->email)); } else { $userinfo = $this->db->get_one(array('username'=>$this->username)); } if ($this->config['ucuse']) { pc_base::load_config('uc_config'); require_once PHPCMS_PATH.'api/uc_client/client.php'; list($uid, $uc['username'], $uc['password'], $uc['email']) = uc_user_login($this->username, $this->password, 0); } if($userinfo) { //ucenter登陆部份 if ($this->config['ucuse']) { if($uid == -1) { //uc不存在该用户,调用注册接口注册用户 $uid = uc_user_register($this->username , $this->password, $userinfo['email'], $userinfo['random']); if($uid >0) { $this->db->update(array('ucuserid'=>$uid), array('username'=>$this->username)); } } } } else { //用户在phpsso中不存在 //ucenter登陆部份 if ($this->config['ucuse']) { if ($uid < 0) { //用户不存在或者密码错误 exit('-1'); } else { //当前使用只在uc中存在,在PHPSSO中是不存在的。需要进行注册。 pc_base::load_sys_class('uc_model', 'model', 0); $db_config = get_uc_database(); $uc_db = new uc_model($db_config); //获取UC中用户的信息 $r = $uc_db->get_one(array('uid'=>$uid)); $datas = $data = array('username'=>$r['username'], 'password'=>$r['password'], 'random'=>$r['salt'], 'email'=>$r['email'], 'regip'=>$r['regip'], 'regdate'=>$r['regdate'], 'lastdate'=>$r['lastlogindate'], 'appname'=>'ucenter', 'type'=>'app'); $datas['ucuserid'] = $uid; $datas['lastip'] = $r['lastloginip']; if ($data['uid'] = $this->db->insert($datas, true)) { //向所有的应用中发布新用户注册通知 messagequeue::add('member_add', $data); } $userinfo = $data; } } else { exit('-1'); } } //如果开启phpcms_2008_sp4兼容模式,根据sp4规则验证密码,如果不成功再根据phpsso规则验证密码 $setting_sp4 = getcache('settings_sp4', 'admin'); if($setting_sp4['sp4use']) { if(!empty($userinfo) && $userinfo['password'] == md5($setting_sp4['sp4_password_key'].$this->password)) { //登录成功更新用户最近登录时间和ip $this->db->update(array('lastdate'=>SYS_TIME, 'lastip'=>ip()), array('uid'=>$userinfo['uid'])); exit(serialize($userinfo)); } } if(!empty($userinfo) && $userinfo['password'] == create_password($this->password, $userinfo['random'])) { //登录成功更新用户最近登录时间和ip $this->db->update(array('lastdate'=>SYS_TIME, 'lastip'=>ip()), array('uid'=>$userinfo['uid'])); exit(serialize($userinfo)); } else { exit('-2'); } }
break; } if (strchr($input['reset'], '@')) { $query = "select login, email from users where email='{$input['reset']}'"; } else { $query = "select login, email from users where login='******'reset']}'"; } $result = mysql_query($query, $DBconnection) or die("Could not execute query !"); if (mysql_num_rows($result) == 0) { print "That login or e-mail address is not valid, please <a href=\"index.php?action=showresetform\">re-enter</a> the one you want to reset...<br>\n"; break; } $login = mysql_result($result, 0, 'login'); $email = mysql_result($result, 0, 'email'); # --- reset the password --- $password = create_password(); $passhash = md5($password); $query = "update users set password='******' where login = '******'"; mysql_query($query, $DBconnection) or die("Could not execute query !"); # --- mail user --- $mail_login = $login; $mail_password = $password; include "../include/mail-changedpassword.inc.php"; mail($email, $subject, $body, "from: {$from}"); print "Your new password has been mailed to the address you provided. Click <a href=\"index.php?action=showloginform\">here</a> to login !\n"; break; case "changepwd": $input = validateinput($_GET, $fields_def, array('id')); if (!$input) { break; }
function new_user_form() { global $phpc_script; return tag('form', attributes("action=\"{$phpc_script}\"", 'method="post"'), tag('table', attributes('class="phpc-main"'), tag('caption', _('Create/Modify User')), tag('tfoot', tag('tr', tag('td', attributes('colspan="2"'), create_hidden('action', 'new_user_submit'), create_submit(_('Submit'))))), tag('tbody', tag('tr', tag('th', _('User Name') . ':'), tag('td', create_text('user_name'))), tag('tr', tag('th', _('Password') . ':'), tag('td', create_password('password1'))), tag('tr', tag('th', _('Confirm Password') . ':'), tag('td', create_password('password2'))), tag('tr', tag('th', _('Make Admin') . ':'), tag('td', create_checkbox('make_admin', '1')))))); }
/** * 添加/修改用户数据 */ public function ajaxUpdateUser() { $id = intval(true == isset($_POST['id']) ? $_POST['id'] : 0); $this->load->library('form'); $this->form->setHandler('filter_strip_tags_and_clear_space|filter_replace_escape_char'); $this->load->helper('form/userform'); $this->load->model('user_model'); if ($id) { $postData = $this->form->check(userupdateform_get_selector()); $errors = $this->form->getLastMessage(); if (false == empty($errors)) { response_to_json(5, $errors); } $data = array('username' => $postData['username']['value'], 'provice_sid' => $postData['provice_sid']['value'], 'city_sid' => $postData['city_sid']['value'], 'provice_name' => $postData['provice_name']['value'], 'city_name' => $postData['city_name']['value']); // 判断重名 $usernameexist = $this->user_model->getUser(array('username' => $postData['username']['value'], 'status' => array(1, -2), 'id' => array('$ne', $id))); if ($usernameexist) { response_to_json(4, '名字已被占用!'); } $affected = $this->user_model->updateUser(array('id' => $id), $data); $errors = $this->user_model->getLastMessage(); $code = 0 == $affected || false == empty($errors) ? 4 : 0; $message = false == empty($errors) ? $errors : (0 == $affected ? '操作失败' : '操作成功'); } else { $this->load->helper('encrypt'); $postData = $this->form->check(useraddform_get_selector()); $errors = $this->form->getLastMessage(); if (false == empty($errors)) { response_to_json(5, $errors); } // 判断此手机号是否存在 $user_ifexist = $this->user_model->getUser(array('tel' => $postData['tel']['value'])); if ($user_ifexist) { response_to_json(4, '此手机号已经存在!'); } $this->load->helper('encrypt'); $data['username'] = '******' . generate_username(6); $data['passwd'] = encrypt_md5(create_password(9)); $data['tel'] = $postData['tel']['value']; $data['usertype'] = $postData['usertype']['value']; $data['createtime'] = date('Y-m-d H:i:s', time()); //判断新注册的手机号是否存在预关系 $inventdetail = $this->user_model->getinventrel(['phone' => $postData['tel']['value']]); if ($inventdetail) { $data['ref_userid'] = $inventdetail['uid']; } $id = $this->user_model->createUser($data); $errors = $this->user_model->getLastMessage(); $code = 0 == $id || false == empty($errors) ? 4 : 0; $message = false == empty($errors) ? $errors : (0 == $id ? '操作失败' : '操作成功'); } response_to_json($code, $message); }
if (strtotime($_res['date']) + 7200 >= time()) { if ($data['password'] == "") { $messages['#forgot-password'] = '******'; $response = json_encode($messages); return; } elseif (strlen($data['password']) < 5) { $messages['#forgot-password'] = '******'; $response = json_encode($messages); return; } if ($data['password'] !== $data['confirm_pass']) { $messages['#forgot-confirm-password'] = '******'; $response = json_encode($messages); return; } $qyery = "\n UPDATE nf_users\n SET(\n password='******'password']) . "'\n )\n WHERE user_id=" . $_res['user_id'] . "\n "; if (mysqli_query($MV, $query)) { $query = "\n DELETE FROM nf_rec_pass\n WHERE user_id='" . $_res['user_id'] . "'\n "; if (mysqli_query($MV, $query)) { $messages['success'] = '!!!_You have successfully changed your password._!!!'; } else { $messages['error'] = '!!!_Error. Something goes wrong..._!!!'; } } else { $messages['error'] = '!!!_Error. Something goes wrong..._!!!'; } } else { $msg = '!!!_Sorry but your link has expired._!!!'; } } else { $messages['error'] = '!!!_Error. Something goes wrong..._!!!';
function createperson($email, $password, $firstname, $middlename, $lastname, $sex, $adr1, $adr2, $streetno, $floor, $adr3, $zip, $city, $country, $languagepref, $tel, $mobil, $email, $birthday, $club, $status1 ='', $status2='', $status3='') { global $db_conn; $now_time = time(); $created = strftime("%Y-%m-%d", $now_time); $changed = strftime("%Y-%m-%d", $now_time); $rights = 100000; $firstname = addslashes($firstname); $middlename = addslashes($middlename); $lastname = addslashes($lastname); $sex = addslashes($sex); $adr1 = addslashes($adr1); $adr2 = addslashes($adr2); $streetno = addslashes($streetno); $floor = addslashes($floor); $adr3 = addslashes($adr3); $zip = addslashes($zip); $city = addslashes($city); $country = addslashes($country); $languagepref = addslashes($languagepref); $tel = addslashes($tel); $mobil = addslashes($mobil); $email = addslashes($email); $club = addslashes($club); $password = addslashes($password); $status1 = addslashes($status1); $status2 = addslashes($status2); $status3 = addslashes($status3); $rights = addslashes($rights); $privacy = addslashes($privacy); // Trim blanks $firstname = trim($firstname); $middlename = trim($middlename); $lastname = trim($lastname); $sex = trim($sex); $adr1 = trim($adr1); $adr2 = trim($adr2); $streetno = trim($streetno); $floor = trim($floor); $adr3 = trim($adr3); $zip = trim($zip); $city = trim($city); $country = trim($country); $languagepref = trim($languagepref); $tel = trim($tel); $mobil = trim($mobil); $email = trim($email); $club = trim($club); $password = trim($password); $status1 = trim($status1); $status2 = trim($status2); $status3 = trim($status3); $rights = trim($rights); $privacy = trim($privacy); $firstname = my_ucwords($firstname, $is_name=true); $middlename = my_ucwords($middlename, $is_name=true); $lastname = my_ucwords($lastname, $is_name=true); if ($country == '') { $country = 'DK'; } if ($password == "") { $password = create_password("$firstname$email"); } $fields = "firstname, middlename, lastname, sex, adr1, adr2, streetno, floor, adr3, zip, city, country, languagepref, tel, mobil, email, birthday, club, password, status1, status2, status3, rights, privacy, ownupdate, created, changed, uid"; $values = "'$firstname', '$middlename', '$lastname', '$sex', '$adr1', '$adr2', '$streetno', '$floor', '$adr3', '$zip', '$city', '$country', '$languagepref', '$tel', '$mobil', '$email', '$birthday', '$club', '$password', '$status1', '$status2', '$status3', '$rights', '$privacy', '$ownupdate', '$created', '$changed', '$uid'"; $query = "insert into ff_persons ($fields) values ($values)"; $query = mac2ibm($query); if(!($result = @mysql_query($query, $db_conn))) { echo("Error : $errstr\n"); exit; } // get puid $query = "SELECT LAST_INSERT_ID()"; if(!($result = @mysql_query($query, $db_conn))) { echo("Error : $errstr\n"); exit; } if (mysql_num_rows($result)>0) { $row = mysql_fetch_row($result); $uid = doubleval($row[0]); return($uid); } // end get puid }
printf("<br> <br><font color=green>配置文件可写</font><br> <br>"); } ?> <?php if (isset($_POST['install'])) { $config = sprintf("<?php\n\n define(\"SQL_HOST\",\"%s\");\n\n define(\"SQL_NAME\",\"%s\");\n\n define(\"SQL_PASS\",\"%s\");\n\n define(\"SQL_DB\",\"%s\");\n\n ?>", $_POST['db_host'], $_POST['db_user'], $_POST['db_pass'], $_POST['db_dbname']); $pfile = fopen($sqlcfg_file, "w+"); fwrite($pfile, $config); fclose($pfile); //include 'sql/user_info.hpp'; include 'sql.inc'; $db = new mysqli(SQL_HOST, SQL_NAME, SQL_PASS, SQL_DB); if (mysqli_connect_errno()) { printf("数据库连接失败! 请返回上一页检查连接参数<a href=install.php>返回修改</a>"); } else { $new_install_script_name = sprintf("install.php.%s", create_password(16)); printf("数据库连接成功!<br>install.php重命名为%s", $new_install_script_name); rename("install.php", $new_install_script_name); } } else { printf("<form action=\"\" method=\"POST\"> \n\n 填写主机:<input type=\"text\" class=\"username\" name=\"db_host\" \n placeholder=\"请输入服务器地址!\" value=\"localhost\"/><br> <br> \n\n 用 户 名:<input type=\"text\" class=\"username\" name=\"db_user\" \n placeholder=\"请输入数据库用户名!\" value=\"root\"/><br> <br> \n \n 密 码:<input type=\"text\" class=\"username\" name=\"db_pass\" \n placeholder=\"请输入数据库密码!\" value=\"\"/><br> <br> \n\n 数据库名:<input type=\"text\" class=\"username\" name=\"db_dbname\" \n placeholder=\"请输入数据库名称!\" value=\"WPUSERDATA\"/><br> <br> \n\n <button type=submit name=install>下一步</button> \n\n </form>"); } ?> <div class="error"> <span>+</span> </div> </div> <div class="connect"> <p>By:WProtect NetLicensorService</p> </div>
$messages['error_password'] = ""; $messages['error'] = ""; $empty = false; $data = json_decode(base64_decode($_POST['data']), true); if (!isset($data['login']) || $data['login'] == "") { $messages['error_login'] = '******'; $empty = true; } if (!isset($data['password']) || $data['password'] == "") { $messages['error_password'] = '******'; $empty = true; } if (!$empty) { $login = mysqli_real_escape_string($MV, htmlspecialchars(trim($data['login']))); $pass = mysqli_real_escape_string($MV, htmlspecialchars(trim($data['password']))); $query = "SELECT u.user_id\n FROM nf_users u\n WHERE (u.email = '" . $login . "' OR u.username = '******' OR u.phone = '" . $login . "')\n AND u.password = '******'\n "; if ($res = @mysqli_query($MV, $query)) { if ($_res = @mysqli_fetch_assoc($res)) { //user id $userid = $_res['user_id']; //generate token $users_token = create_token(); $ua = getBrowser(); $browser = $ua['name'] . "," . $ua['version'] . "," . $ua['platform']; $ip_address = get_ip(); $query = "INSERT INTO nf_users_tokens(\n users_token\n , user_id\n , start_time\n , end_time\n , last_activity\n , ip_address\n , browser\n ) VALUES (\n '" . $users_token . "'\n , '" . $userid . "'\n , NOW()\n , '" . date('Y-m-d H:i:s', $cookie_exp) . "'\n , NOW()\n , '" . $ip_address . "'\n , '" . $browser . "'\n \n )\n "; if (@mysqli_query($MV, $query)) { setcookie("tkn", $users_token, $cookie_exp, '/', '.' . DOMAIN); //set cookie until cookie_expire } else { $messages['error'] = '!!!_BD Error_!!!';
function password_form() { global $phpc_script, $phpc_token; $form = tag('form', attributes("action=\"{$phpc_script}\"", 'method="post"'), tag('div', attrs('class="phpc-sub-title"'), __('Change Password')), tag('table', attrs('class="phpc-form"'), tag('tbody', tag('tr', tag('th', __('Old Password')), tag('td', create_password('old_password'))), tag('tr', tag('th', __('New Password')), tag('td', create_password('password1'))), tag('tr', tag('th', __('Confirm New Password')), tag('td', create_password('password2'))))), create_hidden('phpc_token', $phpc_token), create_hidden('action', 'password_submit'), create_submit(__('Submit'))); return tag('div', attrs('id="phpc-password"'), $form); }
public static function create_password($password, $salt = null) { return create_password($password, $salt); }