protected function getSalt()
{
if (isset($_POST['password'])) {
return getSalt();
} else {
return false;
}
}
function getPasswordHash($id, $password, $fixedsalt)
{
$salt = getSalt($id, $fixedsalt);
$hash = '';
//ストレッチング
for ($i = 0; $i < 1000; $i++) {
$hash = hash('sha256', $hash . $password . $salt);
}
return $hash;
}
function set_address($id, $address)
{
#Sets address of user with id
$id = mysql_real_escape_string($id);
$address = mysql_real_escape_string($address);
global $aes_password;
$salt = getSalt($id);
$ret = true;
$query = "UPDATE users SET enc_address = AES_ENCRYPT('{$address}', '{$aes_password}{$salt}') WHERE id = {$id}";
mysql_query($query) or $ret = false;
return $ret;
}
function changePassword($username, $newPassword)
{
$userArray = [];
include "getUsersFromJSON.php";
if (!empty($userArray)) {
for ($i = 0; $i < sizeof($userArray); $i++) {
if ($userArray[$i]->{'username'} == $username) {
$userArray[$i]->{'password'} = crypt($newPassword, getSalt());
break;
}
}
$path_config_users = "";
include "paths.php";
file_put_contents($path_config_users, json_encode($userArray, JSON_PRETTY_PRINT));
}
}
function passwd($oldpwd, $newpwd)
{
global $session;
global $dbh;
if (!valid_passwd($oldpwd) || !valid_user($session['user'], $oldpwd, $privilege)) {
echo "&error 3";
return;
}
if (valid_passwd($newpwd)) {
$query = sprintf("UPDATE users SET pass=%s WHERE user=%s", $dbh->quote(crypt($newpwd, getSalt())), $dbh->quote($session['user']));
if ($dbh->exec($query) == 1) {
echo "&end";
return;
} else {
echo "&error 5";
}
} else {
echo "&error 4";
}
}
public function login()
{
//Gather data from AJAX
$data = json_decode(file_get_contents('php://input'), true);
$return['error'] = -3;
$return['value'] = null;
//Sanitise inputs
$result = $this->checkInput($data, array('username', 'password'));
if ($result == '') {
//Check if UID exists
$uid = getUserUID($data['username']);
if ($uid == null) {
$return['error'] = -2;
$return['value'] = "Invalid credentials";
} else {
$saltedPw = crypt($data['password'], getSalt($data['username']));
if (checkSaltedPass($data['username'], $saltedPw)) {
//Generates salt for username
$salt = $this->generateSalt();
//Authenticated token
$token = $data['username'] . $salt;
//Authentication information
$cookievars['username'] = $data['username'];
$cookievars['salt'] = $salt;
//Creates cookie with name of authenticated token,
setcookie(user_encrypt($token), json_encode($cookievars), 0, "/");
//Returns with authenticated token
$return['error'] = 0;
$return['value'] = user_encrypt($token);
} else {
$return['error'] = -2;
$return['value'] = "Invalid credentials";
}
}
} else {
$return['error'] = -1;
$return['value'] = $result;
}
$jsonstring = json_encode($return);
echo $jsonstring;
}
function overrideUserProperties($username, $password, $forbiddenProjects, $accountType, $newUsername)
{
$userArray = [];
include "getUsersFromJSON.php";
$path_config_users = "";
include "paths.php";
if (!empty($userArray)) {
for ($i = 0; $i < sizeof($userArray); $i++) {
if ($userArray[$i]->{'username'} == $username) {
if ($username != "admin" && $username != "public") {
if ($username == "New User" && $newUsername != "admin" && $newUsername != "public") {
$username = $newUsername;
}
if (isset($newUsername) && $newUsername != "admin" && $newUsername != "public") {
$username = $newUsername;
}
$userArray[$i]->{'username'} = $username;
$userArray[$i]->{'forbiddenProjects'} = $forbiddenProjects;
$userArray[$i]->{'accountType'} = $accountType;
} elseif ($username == "public") {
$userArray[$i]->{'username'} = "public";
$userArray[$i]->{'forbiddenProjects'} = $forbiddenProjects;
$userArray[$i]->{'accountType'} = "user";
} elseif ($username == "admin") {
$userArray[$i]->{'username'} = "admin";
$userArray[$i]->{'accountType'} = "admin";
$userArray[$i]->{'forbiddenProjects'} = "[]";
}
if (isset($password) && $password != "" && !is_null($password) && $username != "public") {
$userArray[$i]->{'password'} = crypt($password, getSalt());
}
include_once "functions.php";
file_put_contents($path_config_users, json_encode(getSortedUserArray($userArray), JSON_PRETTY_PRINT));
break;
}
}
}
}
function password($pass)
{
// following CakePHP hash method
return sha1(getSalt() . $pass);
}
$userArray = [];
include "getUsersFromJSON.php";
for ($i = 0; $i < sizeof($userArray); $i++) {
if ($userArray[$i]->{'username'} == $username) {
if ($userArray[$i]->{'password'} == $password) {
$_SESSION['loggedIn'] = $username;
$returnValue = $userArray[$i]->{'accountType'};
} else {
//wrong password --> returnValue doesn't need to be changed!
}
break;
}
}
echo $returnValue;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($username) && isset($password) && $username != "" && $password != "") {
include_once "functions.php";
$password = crypt($password, getSalt());
if (file_exists($path_config_users)) {
checkLoginData($username, $password);
} else {
echo 'failure';
//file doesn't exist
}
} else {
echo "wrongInput";
}
}
</form>
<?php
if (isset($_POST['username']) && isset($_POST['g-recaptcha-response'])) {
if (isValid()) {
if (strlen($_POST['username']) >= 8) {
if (strlen($_POST['phone']) == countDigits($_POST['phone'])) {
$con = mysqli_connect("localhost", "root", "PASS", "secure_login");
if (mysqli_connect_errno()) {
die('Could not connect: ' . mysqli_connect_error());
}
$result = mysqli_query($con, "SELECT username FROM members WHERE username='******'username'] . "'");
if (mysqli_num_rows($result) == 0) {
$result = mysqli_query($con, "SELECT email FROM members WHERE email='" . strtolower($_POST['email']) . "'");
if (mysqli_num_rows($result) == 0) {
mysqli_query($con, "INSERT INTO members (username, password, email, phone, salt, recoveryid, recoveryValid) VALUES ('" . $_POST['username'] . "','" . strtoupper(getSalt()) . "','" . strtolower($_POST['email']) . "','" . $_POST['phone'] . "','" . strtoupper(getSalt()) . "','" . generateRandomString(16) . "','" . date("d/m/Y") . "')");
send_mail();
mysqli_close($con);
$pieces = explode("@", $_POST['email']);
echo "Thank you for your registration. <br/>";
echo "Please check <a href=\"" . $pieces[1] . "\">your email</a> to activate your account.";
} else {
echo "There is already an account associated with this email. <a href=\"index.php\">Login</a>";
}
} else {
echo "This username is already in use. Please try another username.";
}
} else {
echo 'The entered phone number does not seem to be valid. Please check it and try again. ([0-9])';
}
} else {
function getCryptedPassword($plaintext, $salt = '', $encryption = 'md5-hex', $show_encrypt = false)
{
// Get the salt to use.
$salt = getSalt($encryption, $salt, $plaintext);
// Encrypt the password.
switch ($encryption) {
case 'plain':
return $plaintext;
case 'sha':
$encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext));
return $show_encrypt ? '{SHA}' . $encrypted : $encrypted;
case 'crypt':
case 'crypt-des':
case 'crypt-md5':
case 'crypt-blowfish':
return ($show_encrypt ? '{crypt}' : '') . crypt($plaintext, $salt);
case 'md5-base64':
$encrypted = base64_encode(mhash(MHASH_MD5, $plaintext));
return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
case 'ssha':
$encrypted = base64_encode(mhash(MHASH_SHA1, $plaintext . $salt) . $salt);
return $show_encrypt ? '{SSHA}' . $encrypted : $encrypted;
case 'smd5':
$encrypted = base64_encode(mhash(MHASH_MD5, $plaintext . $salt) . $salt);
return $show_encrypt ? '{SMD5}' . $encrypted : $encrypted;
case 'aprmd5':
$length = strlen($plaintext);
$context = $plaintext . '$apr1$' . $salt;
$binary = JUserHelper::_bin(md5($plaintext . $salt . $plaintext));
for ($i = $length; $i > 0; $i -= 16) {
$context .= substr($binary, 0, $i > 16 ? 16 : $i);
}
for ($i = $length; $i > 0; $i >>= 1) {
$context .= $i & 1 ? chr(0) : $plaintext[0];
}
$binary = JUserHelper::_bin(md5($context));
for ($i = 0; $i < 1000; $i++) {
$new = $i & 1 ? $plaintext : substr($binary, 0, 16);
if ($i % 3) {
$new .= $salt;
}
if ($i % 7) {
$new .= $plaintext;
}
$new .= $i & 1 ? substr($binary, 0, 16) : $plaintext;
$binary = JUserHelper::_bin(md5($new));
}
$p = array();
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) {
$j = 5;
}
$p[] = JUserHelper::_toAPRMD5(ord($binary[$i]) << 16 | ord($binary[$k]) << 8 | ord($binary[$j]), 5);
}
return '$apr1$' . $salt . '$' . implode('', $p) . JUserHelper::_toAPRMD5(ord($binary[11]), 3);
case 'md5-hex':
default:
$encrypted = $salt ? md5($plaintext . $salt) : md5($plaintext);
return $show_encrypt ? '{MD5}' . $encrypted : $encrypted;
}
}
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
include 'functions.php';
if (isset($_GET['email']) && isset($_GET['password'])) {
$con = mysqli_connect("localhost", "root", "PASS", "secure_login");
if (mysqli_connect_errno()) {
die('Could not connect: ' . mysqli_connect_error());
}
$result = mysqli_query($con, "SELECT email FROM members WHERE email='" . strtolower($_GET['email']) . "'");
if (mysqli_num_rows($result) != 0) {
$result = mysqli_fetch_assoc(mysqli_query($con, "SELECT * FROM members WHERE email='" . strtolower($_GET['email']) . "'"));
if (strtoupper(hash('sha512', $_GET['password'] . $result['salt'])) == $result['password']) {
$_SESSION['login'] = getSalt();
$_SESSION['loginTime'] = date('H:i:s');
$_SESSION['loginDate'] = date('Y/m/d ');
$_SESSION['email'] = $_GET['email'];
$_SESSION['username'] = $result['username'];
$_SESSION['phone'] = $result['phone'];
mysqli_query($con, "DELETE FROM `sessions` WHERE `sessions`.`email` = '" . strtolower($_GET['email']) . "'");
mysqli_query($con, "INSERT INTO sessions (email, sessionId, loginTime, loginDate) VALUES ('" . strtolower($_GET['email']) . "', '" . $_SESSION['login'] . "', '" . $_SESSION['loginTime'] . "', '" . $_SESSION['loginDate'] . "')");
if (check_login() == 0) {
echo 'LOGIN_SUCCESS<br />' . $_SESSION['login'] . '<br />' . $_SESSION['username'] . '<br />' . $_SESSION['email'] . '<br />' . $_SESSION['phone'];
} else {
if (check_login() == 1) {
echo 'ERROR_EXPIRED';
session_destroy();
}
}
<?php
if (!isset($_SESSION)) {
session_start();
}
include_once "functions.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$oldPassword = $_POST['oldPassword'];
$username = $_SESSION['loggedIn'];
$password = $_POST['password'];
if (isUserAdmin($username) || isset($oldPassword) && crypt($oldPassword, getSalt()) == getPassword($username)) {
include_once "functions.php";
changePassword($username, $password);
} else {
echo "denied";
}
}
function checkCookies(&$forceLogin, &$error, $ignoreBlanks)
{
$forceLogin = TRUE;
$error = "";
global $sessionDuration;
dbgSquirt("==============Function: checkCoookies ==============");
dbgSquirt('Cookie --' . dbgShowFile($_COOKIE));
if (isset($_COOKIE['user']) && !empty($_COOKIE['user']) && isset($_COOKIE['authentication']) && !empty($_COOKIE['authentication'])) {
// both user and authentication cookies are set and non-blank
// dbgSquirt("Cookies set and non-empty");
$userCookie = $_COOKIE['user'];
$authenticationCookie = $_COOKIE['authentication'];
$time = time();
// dbgSquirt("Getting salt");
if (getSalt($salt)) {
// dbgSquirt("...salt gotten");
// dbgSquirt("Encrypting");
if (sha1($userCookie . $salt) == $authenticationCookie) {
// authentication passed
// so reset expiration on cookies
// dbgSquirt("Cookie matches encryption");
// dbgSquirt("Resetting cookies");
// dbgSquirt("Time -- $time");
// dbgSquirt("Time + Duration -- ". ($time+$sessionDuration));
$result = setcookie("user", $userCookie, $time + $sessionDuration);
$result1 = setcookie("authentication", $authenticationCookie, $time + $sessionDuration);
if (TRUE == $result && TRUE == $result1) {
// everything worked
// dbgSquirt("Everything worked ... no need to forceLogin");
$forceLogin = FALSE;
} else {
$error = "Internal error -- problem while creating cookies. Please contact an administrator.";
}
} else {
// credentials in cookies don't match.
// dbgSquirt("Cookie does NOT match encryption");
$error = "Authentication error -- The supplied credentials don't match our stored values. Please reauthenticate and try again.";
}
} else {
// dbgSquirt("...error while getting salt");
// error while trying to get salt value
$error = "Internal error -- unable to validate supplied credentials. Please reauthenticate and try again.";
}
} else {
// cookies were unset or contained empty values
// dbgSquirt("Cookies unset or empty");
if (FALSE == $ignoreBlanks) {
$error = "Please log in.";
}
}
dbgSquirt("Returning -- " . empty($error));
return empty($error);
}
public function getHashedPassword($userName, $password)
{
$salt = getSalt($userName);
$passwordHashed = crypt($password, $salt);
return substr($passwordHashed, strlen($salt));
}
$username = $_POST['username'];
$password = $_POST['password'];
$encryptedPassword = createPassword($username, $password);
$state = validateUser($username, $encryptedPassword);
if ("N" == $state) {
dbgSquirt('Not a valid user');
$error = "Authentication error -- Invalid username/password combination.";
} else {
if ("A" == $state) {
// active account and username/password match
dbgSquirt('Active account matched.');
// if we haven't already looked up the salt, do so now
$result = TRUE;
if (empty($salt)) {
dbgSquirt('Getting salt');
$result = getSalt($salt);
}
if (FALSE == $result) {
// uh-oh ... we got an error getting the salt
dbgSquirt('Error in getSalt');
$error = "Internal error -- failure while processing login. Please contact an administrator.";
} else {
dbgSquirt('Extending cookies');
dbgSquirt("Time -- {$time}");
dbgSquirt("Time + Duration -- " . ($time + $sessionDuration));
$result = setcookie("user", $username, $time + $sessionDuration);
$result1 = setcookie("authentication", sha1($username . $salt), $time + $sessionDuration);
if (TRUE == $result && TRUE == $result1) {
// everything worked
dbgSquirt('Everything worked.');
$forceLogin = FALSE;
public function chgpwd()
{
if (!$this->isPost()) {
$this->user('修改密码');
exit;
}
$id = getUserId();
$oldpassword = $this->_post('oldpassword', 'mysql_escape_string');
$password = $this->_post('password', 'mysql_escape_string');
$model = D("User");
$data = $model->where("id={$id}")->find();
//校验
if ($data['password'] == pwdHash($oldpassword . $data['salt'])) {
$data['salt'] = getSalt();
$data['password'] = pwdHash($password . $data['salt']);
$model->where("id={$id}")->save($data);
$this->success($model->getError());
} else {
$this->error("原密码错误!");
}
}
function hashPasswd($password)
{
return md5($password . getSalt());
}
}
mq("UPDATE users SET firstname='" . addslashes($_POST["firstname"]) . "', lastname='" . addslashes($_POST["lastname"]) . "', login='******', email='" . addslashes($_POST["email"]) . "' WHERE id='" . intval($_POST["id"]) . "';");
$_REQUEST["msg"] = _("Account edited successfully");
$_REQUEST["action"] = "";
}
break;
case "docreate":
// CREATE
// search for existing login :
$already = mqone("SELECT * FROM users WHERE login='******';");
if ($already) {
$_REQUEST["error"] = _("This login is already used, please choose another one");
$_REQUEST["action"] = "create";
} else {
$pass = mkpass();
mq("INSERT INTO users SET firstname='" . addslashes($_POST["firstname"]) . "', lastname='" . addslashes($_POST["lastname"]) . "', login='******', email='" . addslashes($_POST["email"]) . "', pass='******', role=0;");
// FIXME: set the default role
// Send the new password to the user's email :
mail($_POST["email"], sprintf(_("Account created on https://%s"), $_SERVER["HTTP_HOST"]), sprintf(_("Hello,\nYour new account has just been created on https://%s\nPlease go there to login and change your password.\nYour login is %s\nand your password is %s\n\nThanks\n"), $_SERVER["HTTP_HOST"], $_REQUEST["login"], $pass));
$_REQUEST["msg"] = _("Account created successfully");
$_REQUEST["action"] = "";
}
break;
}
// SWITCH
require_once "head.php";
require_once "menu.php";
require "messagebox.php";
?>
<div class="container-fluid main">
//$_SESSION['token'] = $results[SP::TOKEN];
$loggedIn = true;
break;
default:
// We don't care WHAT went wrong; this just means that the user's not logged in, which is all we need to know right now.
header("Location: logout.php?error=" . $results[SP::ERROR]);
break;
}
}
if ($loggedIn) {
// Already logged in
header("Location: profile.php");
exit;
}
$username = $_POST['username'];
$results = getSalt($db, $username);
switch ($results[SP::ERROR]) {
case ERR::OK:
$password = $_POST['password'];
$hash = hashPasswordCustomSalt($password, $results[LOGIN::SALT]);
$results = login($db, $username, $hash);
$loginToken = $results[SP::TOKEN];
switch ($results[SP::ERROR]) {
case ERR::OK:
$results = getUserID($db, $username);
switch ($results[SP::ERROR]) {
case ERR::OK:
$_SESSION['token'] = $loginToken;
$_SESSION['id'] = $results[USER::ID];
$_SESSION['permission'] = $results[PERMISSION::LEVEL];
header("Location: profile.php");
if ($width3 > 1440 or $height3 > 900) {
$nationalIDCardScan = "";
$imageFail = TRUE;
}
}
if ($citizenship1PassportScan != "") {
$size4 = getimagesize($path . "/" . $citizenship1PassportScan);
$width4 = $size4[0];
$height4 = $size4[1];
if ($width4 > 1440 or $height4 > 900) {
$citizenship1PassportScan = "";
$imageFail = TRUE;
}
}
}
$salt = getSalt();
$passwordStrong = hash("sha256", $salt . $password);
//Write to database
try {
$data = array("title" => $title, "surname" => $surname, "firstName" => $firstName, "preferredName" => $preferredName, "officialName" => $officialName, "nameInCharacters" => $nameInCharacters, "gender" => $gender, "username" => $username, "passwordStrong" => $passwordStrong, "passwordStrongSalt" => $salt, "status" => $status, "canLogin" => $canLogin, "passwordForceReset" => $passwordForceReset, "gibbonRoleIDPrimary" => $gibbonRoleIDPrimary, "gibbonRoleIDAll" => $gibbonRoleIDPrimary, "dob" => $dob, "email" => $email, "emailAlternate" => $emailAlternate, "address1" => $address1, "address1District" => $address1District, "address1Country" => $address1Country, "address2" => $address2, "address2District" => $address2District, "address2Country" => $address2Country, "phone1Type" => $phone1Type, "phone1CountryCode" => $phone1CountryCode, "phone1" => $phone1, "phone2Type" => $phone2Type, "phone2CountryCode" => $phone2CountryCode, "phone2" => $phone2, "phone3Type" => $phone3Type, "phone3CountryCode" => $phone3CountryCode, "phone3" => $phone3, "phone4Type" => $phone4Type, "phone4CountryCode" => $phone4CountryCode, "phone4" => $phone4, "website" => $website, "languageFirst" => $languageFirst, "languageSecond" => $languageSecond, "languageThird" => $languageThird, "countryOfBirth" => $countryOfBirth, "ethnicity" => $ethnicity, "citizenship1" => $citizenship1, "citizenship1Passport" => $citizenship1Passport, "citizenship1PassportScan" => $citizenship1PassportScan, "citizenship2" => $citizenship2, "citizenship2Passport" => $citizenship2Passport, "religion" => $religion, "nationalIDCardNumber" => $nationalIDCardNumber, "nationalIDCardScan" => $nationalIDCardScan, "residencyStatus" => $residencyStatus, "visaExpiryDate" => $visaExpiryDate, "emergency1Name" => $emergency1Name, "emergency1Number1" => $emergency1Number1, "emergency1Number2" => $emergency1Number2, "emergency1Relationship" => $emergency1Relationship, "emergency2Name" => $emergency2Name, "emergency2Number1" => $emergency2Number1, "emergency2Number2" => $emergency2Number2, "emergency2Relationship" => $emergency2Relationship, "profession" => $profession, "employer" => $employer, "jobTitle" => $jobTitle, "attachment1" => $attachment1, "gibbonHouseID" => $gibbonHouseID, "studentID" => $studentID, "dateStart" => $dateStart, "gibbonSchoolYearIDClassOf" => $gibbonSchoolYearIDClassOf, "lastSchool" => $lastSchool, "transport" => $transport, "transportNotes" => $transportNotes, "lockerNumber" => $lockerNumber, "vehicleRegistration" => $vehicleRegistration, "privacy" => $privacy, "agreements" => $agreements, "dayType" => $dayType);
$sql = "INSERT INTO gibbonPerson SET title=:title, surname=:surname, firstName=:firstName, preferredName=:preferredName, officialName=:officialName, nameInCharacters=:nameInCharacters, gender=:gender, username=:username, password='', passwordStrong=:passwordStrong, passwordStrongSalt=:passwordStrongSalt, status=:status, canLogin=:canLogin, passwordForceReset=:passwordForceReset, gibbonRoleIDPrimary=:gibbonRoleIDPrimary, gibbonRoleIDAll=:gibbonRoleIDAll, dob=:dob, email=:email, emailAlternate=:emailAlternate, address1=:address1, address1District=:address1District, address1Country=:address1Country, address2=:address2, address2District=:address2District, address2Country=:address2Country, phone1Type=:phone1Type, phone1CountryCode=:phone1CountryCode, phone1=:phone1, phone2Type=:phone2Type, phone2CountryCode=:phone2CountryCode, phone2=:phone2, phone3Type=:phone3Type, phone3CountryCode=:phone3CountryCode, phone3=:phone3, phone4Type=:phone4Type, phone4CountryCode=:phone4CountryCode, phone4=:phone4, website=:website, languageFirst=:languageFirst, languageSecond=:languageSecond, languageThird=:languageThird, countryOfBirth=:countryOfBirth, ethnicity=:ethnicity, citizenship1=:citizenship1, citizenship1Passport=:citizenship1Passport, citizenship2=:citizenship2, citizenship2Passport=:citizenship2Passport, religion=:religion, nationalIDCardNumber=:nationalIDCardNumber, nationalIDCardScan=:nationalIDCardScan, citizenship1PassportScan=:citizenship1PassportScan, residencyStatus=:residencyStatus, visaExpiryDate=:visaExpiryDate, emergency1Name=:emergency1Name, emergency1Number1=:emergency1Number1, emergency1Number2=:emergency1Number2, emergency1Relationship=:emergency1Relationship, emergency2Name=:emergency2Name, emergency2Number1=:emergency2Number1, emergency2Number2=:emergency2Number2, emergency2Relationship=:emergency2Relationship, profession=:profession, employer=:employer, jobTitle=:jobTitle, image_240=:attachment1, gibbonHouseID=:gibbonHouseID, studentID=:studentID, dateStart=:dateStart, gibbonSchoolYearIDClassOf=:gibbonSchoolYearIDClassOf, lastSchool=:lastSchool, transport=:transport, transportNotes=:transportNotes, lockerNumber=:lockerNumber, vehicleRegistration=:vehicleRegistration, privacy=:privacy, studentAgreements=:agreements, dayType=:dayType";
$result = $connection2->prepare($sql);
$result->execute($data);
} catch (PDOException $e) {
//Fail 2
$URL .= "&addReturn=fail2";
header("Location: {$URL}");
break;
}
//Unlock tables
try {
<?php
$salt_names = array('Filename', 'SaltKey', 'Session');
/**
* Get a random and unique salt string of the length specified
*
* @param $length_bits The number of bits to generate
*
* @return A random salt
*/
function getSalt($length_bits = 256)
{
$bytes = openssl_random_pseudo_bytes($length_bits / 8);
$hex = bin2hex($bytes);
return $hex;
}
if (file_exists(__DIR__ . '\\salts.php')) {
print "An existing salts.php file was found, keeping existing values.\n";
require __DIR__ . '\\salts.php';
}
$fileContent = file_get_contents(__DIR__ . '\\salts.template.php');
foreach ($salt_names as $saltName) {
$value = getSalt();
if (defined("Config_Salts::{$saltName}")) {
$value = constant("Config_Salts::{$saltName}");
} else {
print "{$saltName} does not exist in old file, adding it.\n";
}
$fileContent = str_replace('%' . $saltName . '%', $value, $fileContent);
}
file_put_contents(__DIR__ . '\\salts.php', $fileContent);
