function checkCredentials($username, $password) { $link = retrieve_mysqli(); //Test to see if their credentials are valid $queryString = 'SELECT salt, hashed_password FROM user WHERE username = ?'; if ($stmt = mysqli_prepare($link, $queryString)) { //Get the stored salt and hash as $dbSalt and $dbHash mysqli_stmt_bind_param($stmt, "s", $username); mysqli_stmt_execute($stmt); mysqli_stmt_bind_result($stmt, $dbSalt, $dbHash); mysqli_stmt_fetch($stmt); mysqli_stmt_close($stmt); // close prepared statement mysqli_close($link); /* close connection */ //Generate the local hash to compare against $dbHash $localhash = generateHash($dbSalt . $password); //Compare the local hash and the database hash to see if they're equal if ($localhash == $dbHash) { return true; } // password hashes matched, this is a valid user } return false; // password hashes did not match or username didn't exist }
public function updatePassword() { if (!isset($this->clean->password) || !isValid($this->clean->password, 'password')) { $this->data['message'] = reset(array_values(formatErrors(602))); } else { // Check current password $current_password = isset($this->clean->current_password) ? $this->clean->current_password : null; $res = $this->user->read($this->user_id, 1, 1, 'email,password'); if (!isset($res->password)) { $this->data['message'] = 'We could not verify your current password.'; } elseif (verifyHash($current_password, $res->password) != $res->password) { $this->data['message'] = 'Your current password does not match what we have on record.'; } else { $password = generateHash($this->clean->password); $user = $this->user->update($this->user_id, array('password' => $password)); if (isset($user->password) && $user->password == $password) { $this->data['success'] = true; // Send email $this->load->library('email'); $this->email->initialize(); $sent = $this->email->updatePassword($user->email); } else { $this->data['message'] = 'Your password could not be updated at this time. Please try again.'; } } } $this->renderJSON(); }
function LdapAuthenticationPlugin($input) { include_once "ldap_settings.php"; global $LDAPSynchUser; // Authenticate the user. $authenticated = $this->authenticate($input["username"], $input["password"]); if ($authenticated) { $_SESSION["Authenticated"] = true; if (isset($LDAPSynchUser) && $LDAPSynchUser) { global $db; // Check to see if the user exists in the Pligg DB $user = $db->get_row("SELECT user_id FROM " . table_users . " WHERE user_login = '******'"); $saltedpass = generateHash($input["password"]); if ($user->user_id > 0) { // User exists in system so update the Pligg DB with the latest email & password for the user mysql_query("UPDATE " . table_users . " SET user_email = '" . $this->email . "' WHERE user_id = {$user->user_id} LIMIT 1"); mysql_query("UPDATE " . table_users . " SET user_pass = '******' WHERE user_id = {$user->user_id} LIMIT 1"); } else { // User doesn't exist so dump it into the Pligg DB $username = $db->escape(trim($input["username"])); $userip = $_SERVER['REMOTE_ADDR']; $email = $db->escape(trim($this->email)); $strsql = "INSERT INTO " . table_users . " (user_login, user_email, user_pass, user_date, user_ip) VALUES ('{$username}', '{$email}', '{$saltedpass}', now(), '{$userip}')"; $db->query($strsql); } } } }
public function userCakeAddUser() { global $db, $emailActivation, $websiteUrl, $db_table_prefix; //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateActivationToken(); //Do we need to send out an activation email? if ($emailActivation) { //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = lang("ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->unclean_username)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "Επιβεβαιώστε την εγγραφή σας στο Σύλλογο Αποφοίτων")) { $this->mail_failure = true; } } } else { //Instant account activation $this->user_active = 1; } //Insert the user into the database providing no errors have been found. $sql = "INSERT INTO `" . $db_table_prefix . "Users` (\n\t\t\t\t`Username`,\n\t\t\t\t`Username_Clean`,\n\t\t\t\t`Password`,\n\t\t\t\t`Email`,\n\t\t\t\t`ActivationToken`,\n\t\t\t\t`LastActivationRequest`,\n\t\t\t\t`LostPasswordRequest`, \n\t\t\t\t`Active`,\n\t\t\t\t`Group_ID`,\n\t\t\t\t`SignUpDate`,\n\t\t\t\t`LastSignIn`\n\t\t\t\t)\n\t\t \t\tVALUES (\n\t\t\t\t'" . $db->sql_escape($this->unclean_username) . "',\n\t\t\t\t'" . $db->sql_escape($this->clean_username) . "',\n\t\t\t\t'" . $secure_pass . "',\n\t\t\t\t'" . $db->sql_escape($this->clean_email) . "',\n\t\t\t\t'" . $this->activation_token . "',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'0',\n\t\t\t\t'" . $this->user_active . "',\n\t\t\t\t'1',\n\t\t\t\t'" . time() . "',\n\t\t\t\t'0'\n\t\t\t\t)"; return $db->sql_query($sql); }
function Authenticate($username, $pass, $remember = false, $already_salted_pass = '') { global $db; $dbusername = sanitize($db->escape($username), 4); check_actions('login_start', $vars); $user = $db->get_row("SELECT * FROM " . table_users . " WHERE user_login = '******' or user_email= '{$dbusername}' "); if ($already_salted_pass == '') { $saltedpass = generateHash($pass, substr($user->user_pass, 0, SALT_LENGTH)); } else { $saltedpass = $already_salted_pass; } if ($user->user_id > 0 && $user->user_pass === $saltedpass && $user->user_lastlogin != "0000-00-00 00:00:00" && $user->user_enabled) { $this->user_login = $user->user_login; $this->user_id = $user->user_id; $vars = array('user' => serialize($this), 'can_login' => true); check_actions('login_pass_match', $vars); if ($vars['can_login'] != true) { return false; } $this->authenticated = TRUE; $this->md5_pass = md5($user->user_pass); $this->SetIDCookie(1, $remember); require_once mnminclude . 'check_behind_proxy.php'; $lastip = check_ip_behind_proxy(); $sql = "UPDATE " . table_users . " SET user_lastip = '{$lastip}', user_lastlogin = now() WHERE user_id = {$user->user_id} LIMIT 1"; $db->query($sql); return true; } return false; }
public function userCakeAddUser() { global $mysqli, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateActivationToken(); //Do we need to send out an activation email? if ($emailActivation == "true") { //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->displayname)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2"); } else { //Instant account activation $this->user_active = 1; $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1"); } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $user = new UcUsers(); $user->setUserName($this->username); $user->setDisplayName($this->displayname); $user->setPassword($secure_pass); $user->setEmail($this->clean_email); $user->setActivationToken($this->activation_token); $user->setLastActivationRequest(time()); $user->setLostPasswordRequest(0); $user->setActive($this->user_active); $user->setTitle('New Member'); $user->setSignUpStamp(time()); $user->setLastSignInStamp(0); $user->save(); $inserted_id = $user->getId(); //Insert default permission into matches table $permission = new UcUserPermissionMatches(); $permission->setUserId($inserted_id); $permission->setPermissionId(1); $permission->save(); } } }
public function updatePassword($pass) { $secure_pass = generateHash($pass); $query = UcUsersQuery::create()->findById($this->user_id); $user = $query[0]; $user->setPassword($secure_pass); $user->save(); }
public function updatePassword($pass) { global $pdo; $secure_pass = generateHash($pass); $this->hash_pw = $secure_pass; $stmt = $pdo->prepare("UPDATE users\n\t\t\tSET\n\t\t\tpassword = :pass \n\t\t\tWHERE\n\t\t\tid = :id"); $stmt->execute(array("pass" => $secure_pass, "id" => $this->user_id)); }
public function updatePassword($pass) { global $db, $db_table_prefix; $secure_pass = generateHash($pass); $this->hash_pw = $secure_pass; $sql = "UPDATE " . $db_table_prefix . "Users SET Password = '******' WHERE User_ID = '" . (int) $this->user_id . "'"; return $db->sql_query($sql); }
public function updatePassword($pass) { global $db, $db_table_prefix; $secure_pass = generateHash($pass); $this->hash_pw = $secure_pass; $sql = "UPDATE " . $db_table_prefix . "Users\r\r\n\t\t SET\r\r\n\t\t\t Password = '******' \r\r\n\t\t\t WHERE\r\r\n\t\t\t User_ID = '" . $db->sql_escape($this->user_id) . "'"; return $db->sql_query($sql); }
public function userCakeAddUser() { global $mysqli, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password and pin $secure_pass = generateHash($this->clean_password); $secure_pin = generateHash($this->clean_pin); //Construct a unique activation token $this->activation_token = generateActivationToken(); //Do we need to send out an activation email? if ($emailActivation == "true") { //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = lang("ACCOUNT_ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->displayname)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE2"); } else { //Email the admins: $themsg = "A new user has signed up, " . $this->clean_email . "\r\nBusiness: " . $this->displayname . "\r\nLocation: " . $this->location . "\r\nAbout: " . $this->about; $mail = new userCakeMail(); $mail->sendMail("*****@*****.**", "New User", $themsg); //Instant account activation $this->user_active = 1; $this->success = lang("ACCOUNT_REGISTRATION_COMPLETE_TYPE1"); } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $stmt = $mysqli->prepare("INSERT INTO " . $db_table_prefix . "users (\r\n\t\t\t\t\tuser_name,\r\n\t\t\t\t\tdisplay_name,\r\n\t\t\t\t\tpassword,\r\n\t\t\t\t\tpin_hash,\r\n\t\t\t\t\temail,\r\n\t\t\t\t\tactivation_token,\r\n\t\t\t\t\tlast_activation_request,\r\n\t\t\t\t\tlost_password_request, \r\n\t\t\t\t\tactive,\r\n\t\t\t\t\ttitle,\r\n\t\t\t\t\tsign_up_stamp,\r\n\t\t\t\t\tlast_sign_in_stamp\r\n\t\t\t\t\t)\r\n\t\t\t\t\tVALUES (\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'" . time() . "',\r\n\t\t\t\t\t'0',\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'New Member',\r\n\t\t\t\t\t'" . time() . "',\r\n\t\t\t\t\t'0'\r\n\t\t\t\t\t)"); $stmt->bind_param("ssssssi", $this->username, $this->displayname, $secure_pass, $secure_pin, $this->clean_email, $this->activation_token, $this->user_active); $stmt->execute(); $inserted_id = $mysqli->insert_id; $this->userid = $inserted_id; $stmt->close(); add_new_address($inserted_id, 'BOTH'); //Insert default permission into matches table $stmt = $mysqli->prepare("INSERT INTO " . $db_table_prefix . "user_permission_matches (\r\n\t\t\t\t\tuser_id,\r\n\t\t\t\t\tpermission_id\r\n\t\t\t\t\t)\r\n\t\t\t\t\tVALUES (\r\n\t\t\t\t\t?,\r\n\t\t\t\t\t'3'\r\n\t\t\t\t\t)"); $stmt->bind_param("s", $inserted_id); $stmt->execute(); $stmt->close(); } } }
public function updatePassword($pass) { global $mysqli, $db_table_prefix; $secure_pass = generateHash($pass); $this->hash_pw = $secure_pass; $stmt = $mysqli->prepare("UPDATE " . $db_table_prefix . "users\n\t\t\tSET\n\t\t\tpassword = ? \n\t\t\tWHERE\n\t\t\tid = ?"); $stmt->bind_param("si", $secure_pass, $this->user_id); $stmt->execute(); $stmt->close(); }
public function updatepassword($pass) { global $db, $db_table_prefix; $secure_pass = generateHash($pass); $this->hash_pw = $secure_pass; if ($this->remember_me == 1) { updateSessionObj(); } $sql = "UPDATE " . $db_table_prefix . "users\n\t\t SET\n\t\t\t password = '******' \n\t\t\t WHERE\n\t\t\t user_id = '" . $db->sql_escape($this->user_id) . "'"; return $db->sql_query($sql); }
public function updatepassword($pass) { global $db; $secure_pass = generateHash($pass); $this->hash_pw = $secure_pass; if ($this->remember_me == 1) { updateSessionObj(); } $sql = "UPDATE {$db->users} SET password = '******' WHERE user_id = '" . $db->sql_escape($this->user_id) . "'"; return $db->sql_query($sql); }
function newPlayer($wallet) { generate_: $hash = generateHash(32); if (mysql_num_rows(mysql_query("SELECT `id` FROM `players` WHERE `hash`='{$hash}' LIMIT 1")) != 0) { goto generate_; } $alias = 'Player_'; $alias_i = mysql_fetch_array(mysql_query("SELECT `autoalias_increment` AS `data` FROM `system` LIMIT 1")); $alias_i = $alias_i['data']; mysql_query("UPDATE `system` SET `autoalias_increment`=`autoalias_increment`+1 LIMIT 1"); mysql_query("INSERT INTO `players` (`hash`,`alias`,`time_last_active`,`server_seed`) VALUES ('{$hash}','" . $alias . $alias_i . "',NOW(),'" . generateServerSeed() . "')"); header('Location: ./?unique=' . $hash . '# Do Not Share This URL!'); exit; }
function SignInWithCredentials($mysqli) { $requestBody = file_get_contents('php://input'); $xml = simplexml_load_string($requestBody); $emailAddress = escapeURLData($xml->emailAddress); $password = escapeURLData($xml->password); $appId = escapeURLData($_REQUEST["appId"]); // Check for a matching guid before proceeding. $stmt = $mysqli->prepare("SELECT guid FROM app_ids WHERE app_id = ?"); $stmt->bind_param("s", $appId); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($guid); $stmt->fetch(); if (!$guid) { returnErrorResponse(); exit; } // Get the salt value for this guid and name. $stmt = $mysqli->prepare("SELECT salt, password FROM users WHERE guid = ? AND name = ?"); $stmt->bind_param("ss", $guid, $emailAddress); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($salt, $hashedPassword); $stmt->fetch(); if ($stmt->num_rows == 0) { // Invalid name so no salt. returnErrorResponse(); exit; } if (generateHash($password, $salt) != $hashedPassword) { // password does not match the hashed password. returnErrorResponse(); exit; } else { // Create and insert a new authToken. $authToken = createAuthToken($emailAddress . $appId); $stmt = $mysqli->prepare("UPDATE users SET auth_token = ? WHERE guid = ? AND name = ? "); $stmt->bind_param("sss", $authToken, $guid, $emailAddress); $stmt->execute(); // Output the success xml. header("Content-Type: application/xml"); $xml = simplexml_load_string("<result/>"); $xml->addAttribute("httpResponseCode", '200'); $xml->addChild("authToken", $authToken); echo $xml->asXML(); } }
public function userPieAddUser() { global $db, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateactivationtoken(); if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $sql = "INSERT INTO `" . $db_table_prefix . "users` (\n\t\t\t\t\t\t\t`username`,\n\t\t\t\t\t\t\t`username_clean`,\n\t\t\t\t\t\t\t`password`,\n\t\t\t\t\t\t\t`email`,\n\t\t\t\t\t\t\t`activationtoken`,\n\t\t\t\t\t\t\t`last_activation_request`,\n\t\t\t\t\t\t\t`LostpasswordRequest`, \n\t\t\t\t\t\t\t`active`,\n\t\t\t\t\t\t\t`group_id`,\n\t\t\t\t\t\t\t`sign_up_date`,\n\t\t\t\t\t\t\t`last_sign_in`\n\t\t\t\t\t\t\t)\n\t\t\t\t\t \t\tVALUES (\n\t\t\t\t\t\t\t'" . $db->sql_escape($this->unclean_username) . "',\n\t\t\t\t\t\t\t'" . $db->sql_escape($this->clean_username) . "',\n\t\t\t\t\t\t\t'" . $secure_pass . "',\n\t\t\t\t\t\t\t'" . $db->sql_escape($this->clean_email) . "',\n\t\t\t\t\t\t\t'" . $this->activation_token . "',\n\t\t\t\t\t\t\t'" . time() . "',\n\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t'1',\n\t\t\t\t\t\t\t'1',\n\t\t\t\t\t\t\t'" . time() . "',\n\t\t\t\t\t\t\t'0'\n\t\t\t\t\t\t\t)"; return $db->sql_query($sql); } } }
/** * This function compares the submitted email & password to those in the user * table for a match and starts a session with ['loggedIn'} = TRUE if found. * @return boolean */ function userIsLoggedIn() { $salt = generateSalt($_POST['email']); $password = generateHash($salt, $_POST['password']); if (databaseContainsUser($_POST['email'], $password)) { $_SESSION['loggedIn'] = TRUE; $_SESSION['email'] = $_POST['email']; $_SESSION['password'] = $password; return TRUE; } else { unset($_SESSION['loggedIn']); unset($_SESSION['email']); unset($_SESSION['password']); return FALSE; } }
public function userCakeAddUser() { global $db, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Do we need to send out an activation email? if ($emailActivation) { //Construct a unique activation token $this->activation_token = generateActivationToken(); //User must activate their account first $this->user_active = 0; $mail = new userCakeMail(); //Build the activation message $activation_message = "<p>You will need first activate your account before you can login, follow the below link to activate your account.</p>"; $activation_message .= "<p><a href='" . $websiteUrl . "activate-account.php?token=" . $this->activation_token . "'>Activate my account!</a></p>"; //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->unclean_username)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } } else { //Instant account activation $this->user_active = 1; } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $sql = "INSERT INTO `" . $db_table_prefix . "Users` (`Username`, `Username_Clean`, `Password`, `Email`, `ActivationToken`, `LastActivationRequest`, `LostPasswordRequest`, `Active`, `Group_ID`, `SignUpDate`, `LastSignIn`)\r\n\t\t\t\t\t VALUES ('" . $db->sql_escape($this->unclean_username) . "', '" . $db->sql_escape($this->clean_username) . "', '" . $secure_pass . "', '" . $db->sql_escape($this->clean_email) . "','" . $this->activation_token . "','" . time() . "', 0, '" . $this->user_active . "', '1', '" . time() . "', '0')"; $db->sql_query($sql); if ($db->sql_affectedrows() <= 0) { $this->sql_failure = true; } else { $this->sql_failure = false; } } } }
function store() { global $db, $current_user; if (!$this->date) { $this->date = time(); } $user_login = $db->escape($this->username); $user_level = $this->level; $user_karma = $this->karma; $user_date = $this->date; $user_pass = $db->escape($this->pass); $user_lang = $this->lang; $user_email = $db->escape($this->email); $user_names = $db->escape($this->names); $user_url = $db->escape(htmlentities($this->url)); $user_public_email = $db->escape($this->public_email); $user_location = $db->escape($this->location); $user_occupation = $db->escape($this->occupation); $user_aim = $db->escape($this->aim); $user_msn = $db->escape($this->msn); $user_yahoo = $db->escape($this->yahoo); $user_gtalk = $db->escape($this->gtalk); $user_skype = $db->escape($this->skype); $user_irc = $db->escape(htmlentities($this->irc)); $user_avatar_source = $db->escape($this->avatar_source); if (strlen($user_pass) < 49) { $saltedpass = generateHash($user_pass); } else { $saltedpass = $user_pass; } if ($this->id === 0) { $this->id = $db->insert_id; } else { // Username is never updated $sql = "UPDATE " . table_users . " set user_avatar_source='{$user_avatar_source}' "; $extra_vars = $this->extra; if (is_array($extra_vars)) { foreach ($extra_vars as $varname => $varvalue) { $sql .= ", " . $varname . " = '" . $varvalue . "' "; } } $sql .= " , user_login='******', user_occupation='{$user_occupation}', user_location='{$user_location}', public_email='{$user_public_email}', user_level='{$user_level}', user_karma={$user_karma}, user_date=FROM_UNIXTIME({$user_date}), user_pass='******', user_lang={$user_lang}, user_email='{$user_email}', user_names='{$user_names}', user_url='{$user_url}', user_aim='{$user_aim}', user_msn='{$user_msn}', user_yahoo='{$user_yahoo}', user_gtalk='{$user_gtalk}', user_skype='{$user_skype}', user_irc='{$user_irc}' WHERE user_id={$this->id}"; //die($sql); $db->query($sql); } }
/** * Login processor for admin panel */ function login() { $this->set("title", "Sevasetu | Login Processor"); initiateSession(); $username = sqlSafe($_POST['username']); $password = sqlSafe($_POST['password']); $adminData = $this->Admin->getAdminByUsername($username); if ($adminData == false) { $this->set("message", "Database error"); return; } if (generateHash($password . $adminData['admins_salt']) == $adminData['admins_password']) { setSessionData("admin_hash", md5($adminData['admins_salt'])); $this->set("message", "Login Successful. You will be redirected in a moment... If not then click here"); } else { $this->set("message", "Username/Password Incorrect"); } }
public function index() { $this->redirectIfInvalidCSRF(); $this->data['success'] = false; // Find user $this->load->model('users_model', 'user'); $user = $this->user->read("email = '" . $this->db_clean->email . "'", 1, 1); if (!isset($user->user_id)) { $this->data['message'] = sprintf(_('The email address `%s` was not found.'), $this->clean->email); } elseif (!isset($user->active) || empty($user->active)) { $this->data['message'] = _('Your account is no longer active. Please contact support.'); } else { // Check proper password if (strlen($user->password) == 32) { $match = md5($this->clean->password) == $user->password ? true : false; // Try to update to new password security since they are on old MD5 $hash = generateHash($this->clean->password); // If hash is valid and match is valid // Upgrade users to new encryption routine if ($hash !== false && $match === true) { $res = $this->user->update("user_id = '" . $user->user_id . "'", array('password' => $hash)); } } else { $match = verifyHash($this->clean->password, $user->password) == $user->password ? true : false; } // Check if passwords match if ($match === false) { $this->data['message'] = _('Your password is incorrect. Please try again.'); } else { // At this point we are clear for takeoff // Regenerate session // Set session variables and send user on their way $add_redirect = $this->session->userdata('add_redirect'); $redirect = empty($add_redirect) ? '/marks' : $add_redirect; $this->session->unset_userdata('add_redirect'); $user->email = $this->clean->email; $this->session->sess_update(true); $this->sessionAddUser($user); $this->data['success'] = true; $this->data['redirect_url'] = $redirect; } } $this->renderJSON(); }
function isLoggedIn() { if (empty($_SESSION)) { return false; } else { if (empty($_SESSION[SESSION_KEY]) || empty($_SESSION[SESSION_KEY]['iLogin'])) { return false; } else { if (empty($_SESSION[SESSION_KEY]['strKey'])) { return false; } else { if ($_SESSION[SESSION_KEY]['strKey'] !== generateHash($_SESSION[SESSION_KEY]['username'] . $_SESSION[SESSION_KEY]['loginDate'])) { return false; } } } } return true; }
public function notify($requestArray) { // $this->debug('notify()', $requestArray); if (array_key_exists('CpiResultsCode', $requestArray) == false || $requestArray['CpiResultsCode'] != 0 || array_key_exists('OrderHash', $requestArray) == false) { return new TransactionError('Transaction declined', $requestArray); } $data = $_POST; unset($data['OrderHash']); if ($requestArray['OrderHash'] != generateHash(array_values($data), $this->getConfigValue('key'))) { return new TransactionError('Transaction declined', $requestArray); } $result = new TransactionResult(); $result->gatewayTransactionID->set($requestArray['OrderId']); $result->amount->set($requestArray['PurchaseAmount'] / 100); $result->currency->set(self::currencyFromNumeric3($requestArray['PurchaseCurrency'])); $result->rawResponse->set($requestArray); $result->setTransactionType(TransactionResult::TYPE_SALE); return $result; }
function Authenticate($username, $pass, $remember = false) { global $db; $dbusername = $db->escape($username); $user = $db->get_row("SELECT user_id, user_pass, user_login FROM " . table_users . " WHERE user_login = '******'"); $saltedpass = generateHash($pass, substr($user->user_pass, 0, SALT_LENGTH)); if ($user->user_id > 0 && $user->user_pass === $saltedpass) { $this->user_login = $user->user_login; $this->user_id = $user->user_id; $this->authenticated = TRUE; $this->md5_pass = md5($user->user_pass); $this->SetIDCookie(1, $remember); $lastip = $_SERVER['REMOTE_ADDR']; mysql_query("UPDATE " . table_users . " SET user_lastip = '{$lastip}' WHERE user_id = {$user->user_id} LIMIT 1"); mysql_query("UPDATE " . table_users . " SET user_lastlogin = now() WHERE user_id = {$user->user_id} LIMIT 1"); return true; } return false; }
function createUser($username, $password) { global $db; $stmt = $db->prepare('SELECT username FROM User WHERE username = :username'); $stmt->bindParam(':username', $username, PDO::PARAM_STR); $stmt->execute(); $result = $stmt->fetchAll(); if (count($result) > 0) { return false; } $password = generateHash($password); $stmt = $db->prepare('INSERT INTO User(username,password) VALUES(:username, :password)'); $stmt->bindParam(':username', $username, PDO::PARAM_STR); $stmt->bindParam(':password', $password, PDO::PARAM_STR); try { $stmt->execute(); } catch (PDOException $e) { return -1; } return true; }
public function userPieAddUser() { global $db, $emailActivation, $websiteUrl, $db_table_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateactivationtoken(); //Do we need to send out an activation email? if ($emailActivation) { //User must activate their account first $this->user_active = 0; $mail = new userPieMail(); //Build the activation message $activation_message = lang("ACTIVATION_MESSAGE", array($websiteUrl, $this->activation_token)); //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-MESSAGE", "#ACTIVATION-KEY", "#USERNAME#"), "subjectStrs" => array($activation_message, $this->activation_token, $this->unclean_username)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.txt", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } } else { //Instant account activation $this->user_active = 1; } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $sql = "INSERT INTO " . $db_table_prefix . "profiles (\n\t\t\t\t\t\t\tid,\n\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\tbirthday,\n\t\t\t\t\t\t\tgender,\n\t\t\t\t\t\t\tpermission_id,\n\n\t\t\t\t\t\t\tusername,\n\t\t\t\t\t\t\tusername_clean,\n\t\t\t\t\t\t\tpassword,\n\t\t\t\t\t\t\temail,\n\t\t\t\t\t\t\tactivationtoken,\n\t\t\t\t\t\t\tlast_activation_request,\n\t\t\t\t\t\t\tLostpasswordRequest,\n\t\t\t\t\t\t\tactive,\n\t\t\t\t\t\t\tgroup_id,\n\t\t\t\t\t\t\tsign_up_date,\n\t\t\t\t\t\t\tlast_sign_in\n\t\t\t\t\t\t\t)\n\t\t\t\t\t \t\tVALUES (\n\t\t\t\t\t \t\t'" . time() . "',\n\t\t\t\t\t \t\t'" . $db->sql_escape($this->clean_name) . "',\n\t\t\t\t\t \t\t'2011-01-01',\n\t\t\t\t\t \t\t'm',\n\t\t\t\t\t \t\t'1',\n\n\t\t\t\t\t\t\t'" . $db->sql_escape($this->unclean_username) . "',\n\t\t\t\t\t\t\t'" . $db->sql_escape($this->clean_username) . "',\n\t\t\t\t\t\t\t'" . $secure_pass . "',\n\t\t\t\t\t\t\t'" . $db->sql_escape($this->clean_email) . "',\n\t\t\t\t\t\t\t'" . $this->activation_token . "',\n\t\t\t\t\t\t\t'" . time() . "',\n\t\t\t\t\t\t\t'0',\n\t\t\t\t\t\t\t'" . $this->user_active . "',\n\t\t\t\t\t\t\t'1',\n\t\t\t\t\t\t\t'" . time() . "',\n\t\t\t\t\t\t\t'0'\n\t\t\t\t\t\t\t)"; return $db->sql_query($sql); } } }
public function create($options = array()) { if (!isValid($options['email'], 'email')) { return formatErrors(604); } if (!isValid($options['password'], 'password')) { return formatErrors(602); } // Make sure email does not exist already $total = $this->count("email = '" . $options['email'] . "'"); if ($total > 0) { return formatErrors(603); } // If you made it this far, we need to add the record to the DB $options['password'] = generateHash($options['password']); $options['created_on'] = date("Y-m-d H:i:s"); // Create user token do { $options['user_token'] = generateToken(30) . md5(time()); $total = $this->count("user_token = '" . $options['user_token'] . "'"); // If by some freak chance there is a collision // Report it if ($total > 0) { log_message('debug', 'User token collision detected on key of `' . $options['user_token'] . '`'); } } while ($total > 0); // Add record $q = $this->db->insert_string('users', $options); $res = $this->db->query($q); // Check for errors $this->sendException(); if ($res === true) { $user_id = $this->db->insert_id(); return $this->read($user_id); } else { return formatErrors(500); } }
public function UserAdminAddUser() { global $db, $emailActivation, $websiteUrl, $websiteName, $db_prefix; //Prevent this function being called if there were construction errors if ($this->status) { //Construct a secure hash for the plain text password $secure_pass = generateHash($this->clean_password); //Construct a unique activation token $this->activation_token = generateactivationtoken(); //Do we need to send out an activation email? $user_count = $db->sql_query("SELECT * FROM {$db->users}"); if ($emailActivation && isset($user_count->num_rows) && $user_count->num_rows > 0) { //User must activate their account first $this->user_active = 0; $mail = new UserAdminMail(); $activation_url = $websiteUrl . "lobby/activate-account.php?token=" . $this->activation_token; //Define more if you want to build larger structures $hooks = array("searchStrs" => array("#ACTIVATION-URL#", "#USERNAME#", "#WEBSITENAME#", "#WEBSITEURL#"), "subjectStrs" => array($activation_url, $this->unclean_username, $websiteName, $websiteUrl)); /* Build the template - Optional, you can just use the sendMail function Instead to pass a message. */ if (!$mail->newTemplateMsg("new-registration.html", $hooks)) { $this->mail_failure = true; } else { //Send the mail. Specify users email here and subject. //SendMail can have a third parementer for message if you do not wish to build a template. if (!$mail->sendMail($this->clean_email, "New User")) { $this->mail_failure = true; } } } if (!$this->mail_failure) { //Insert the user into the database providing no errors have been found. $sql = "INSERT INTO {$db->users} (\r\n `username`,\r\n `username_clean`,\r\n `password`,\r\n `email`,\r\n `activationtoken`,\r\n `last_activation_request`,\r\n `LostpasswordRequest`, \r\n `active`,\r\n `group_id`,\r\n `sign_up_date`,\r\n `last_sign_in`\r\n )\r\n VALUES (\r\n '" . $db->sql_escape($this->unclean_username) . "',\r\n '" . $db->sql_escape($this->clean_username) . "',\r\n '" . $secure_pass . "',\r\n '" . $db->sql_escape($this->clean_email) . "',\r\n '" . $this->activation_token . "',\r\n '" . time() . "',\r\n '0',\r\n '" . $this->user_active . "',\r\n '" . $this->group_id . "',\r\n '" . time() . "',\r\n '0'\r\n )"; return $db->sql_query($sql); } } }
unset($_SESSION['user_id']); // To Log the user out // If the user requested cancel go back to index.php if (isset($_POST['cancel'])) { header('Location: index.php'); exit; } function generateHash($password) { if (defined("CRYPT_BLOWFISH") && CRYPT_BLOWFISH) { $salt = '$2y$11$' . substr(md5(uniqid(rand(), true)), 0, 22); return crypt($password, $salt); } } if (isset($_POST['uname']) && isset($_POST['email']) && isset($_POST['pass'])) { $password = generateHash($_POST['pass']); $sql = "INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"; $stmt = $pdo->prepare($sql); $stmt->execute(array(":name" => $_POST['uname'], ":email" => $_POST['email'], ":password" => $password)); header("Location: index.php"); exit; } ?> <!DOCTYPE html> <html> <head> <title>Register Page</title> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css"> <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap-theme.min.css"> </head>