function vInsertIntoOwnerLoginTable($SafeFirstName, $SafeLastName, $SafeEmail, $SafePWD) { global $mysqli; $UserID = $SafeFirstName . $SafeLastName; $iOwnerExists = iCheckIfOwnerEmailExists($SafeEmail); #if this is the first claim. if ($iOwnerExists == 0) { #Obtain a cryption and save it in the DB. $salt = salt(); #Hash a string that is comprised of password and a salt. #Save it as a password. This will create a second level of security. $hash = getHash($SafePWD, $salt); # The folloing is for email activation of validation. $email_code = md5($SafeEmail + microtime()); if (DEBUG) { echo "salt =" . $salt . "<br>"; echo "SafePWD =" . $SafePWD . "<br>"; echo "hash =" . $hash . "<br>"; } #user_id is also email address. $mysqli->autocommit(FALSE); $InsertCommand = "INSERT INTO \r\n login_table ( id, user_id, salt, password, email_address, email_code, type )\r\n\t\t\t\t values ( NULL, '" . $SafeEmail . "', '" . $salt . "', '" . $hash . "', '" . $SafeEmail . "', '" . $email_code . "', 'O' )"; $add_post_res = $mysqli->query($InsertCommand); # or die($mysqli->error); if (!$mysqli->commit()) { $mysqli->rollback(); } SendActivateEmailNotice($SafeEmail, $email_code); echo "Please activate your email to complete the registration. Please respond to your email. Thanks."; } else { /*popup( "You have already registere!", OWNER_LOGIN_PAGE ); */ echo "You have already registered!"; } }
function encrypt($string) { $crypt = ''; $salt1 = salt(21); $salt2 = salt(rand(20, 23)); switch (rand(1, 5)) { case 1: $crypt = crypt1($string); break; case 2: $crypt = crypt2($string); break; case 3: $crypt = crypt3($string); break; case 4: $crypt = crypt4($string); break; case 5: $crypt = crypt4($string); break; } $crypt = $salt1 . $crypt . $salt2; return base64_encode($crypt); }
public function create($username, $email, $password, $sendConfirmation = true, $group = USER_GROUP_DEFAULT_SIGNUP) { global $sDB, $sTemplate; $salt = salt(); $passwordHash = crypt($password, '$6$rounds=5000$' . $salt . '$'); $dateAdded = time(); $sDB->execUsers("INSERT INTO `users` (`userId`, `userName`, `email`, `group`, `password`, `salt`, `dateAdded`) VALUES\n (NULL, '" . mysql_real_escape_string($username) . "', '" . mysql_real_escape_string($email) . "', '" . i($group) . "', '" . mysql_real_escape_string($passwordHash) . "', '" . mysql_real_escape_string($salt) . "', '" . i($dateAdded) . "');"); if (mysql_affected_rows()) { $this->userId = mysql_insert_id(); $this->userName = $username; $this->email = $email; $this->password = $passwordHash; $this->salt = $salt; $this->dateAdded = $dateAdded; $this->group = $group; if ($sendConfirmation) { $confirmationCode = md5(time()); $confirmationLink = $sTemplate->getRoot() . "confirmation.php?userId=" . $this->userId . "&confirmationCode=" . $confirmationCode; $this->addConfirmationCode("CONFIRMATION_TYPE_EMAIL", $confirmationCode); $subject = $sTemplate->getString("SIGNUP_CONFIRMATION_EMAIL_SUBJECT"); $message = $sTemplate->getString("SIGNUP_CONFIRMATION_EMAIL_BODY", array("[USERNAME]", "[PASSWORD]", "[CONFIRMATION_LINK]"), array($this->userName, $password, $confirmationLink)); $mail = new HTMLMail($this->email, $this->email, SENDMAIL_FROM_NAME, SENDMAIL_FROM); $mail->buildMessage($subject, $message); $mail->sendmail(); } return true; } else { return false; } }
function genrandom($len, $salt = null) { if (empty($salt)) { $salt = salt('a', 'z') . salt('A', 'Z') . salt('0', '9'); } $str = ""; for ($i = 0; $i < $len; $i++) { $index = rand(0, strlen($salt) - 1); $str .= $salt[$index]; } return $str; }
function m_login($user, $password) { $link = newdb(); $stmt = $link->prepare("SELECT salt,password FROM players WHERE player=?"); $stmt->bind_param('s', $user); $stmt->execute(); $stmt->bind_result($salt, $password2); if (!$stmt->fetch()) { return FALSE; } if (salt($salt, $password) == $password2) { return TRUE; } return FALSE; }
public function add() { if ($_POST) { $this->form_validation->set_rules('first_name', 'First Name', 'trim|required|max_length[12]'); $this->form_validation->set_rules('last_name', 'Last Name', 'trim|required|max_length[24]'); $this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]'); $this->form_validation->set_rules('password', 'Password', 'required|min_length[8]|matches[confirm_password]'); $this->form_validation->set_rules('confirm_password', 'Confirm Password', 'required'); $this->form_validation->set_rules('phone', 'Phone', 'required'); $this->form_validation->set_rules('mobile', 'Mobile', 'required'); $this->form_validation->set_rules('company', 'Company', 'required'); $this->form_validation->set_rules('position', 'Position', 'required'); $this->form_validation->set_message('is_unique', 'The %s is already exist'); if ($this->_data['type'] == 'superadmin') { $this->form_validation->set_rules('type', 'Type', 'required'); } if ($this->form_validation->run()) { $info['first_name'] = $_POST['first_name']; $info['last_name'] = $_POST['last_name']; $info['email'] = $_POST['email']; $info['salt'] = $salt = salt(); $info['password'] = hashPassword($_POST['password'], $salt); $info['phone'] = $_POST['phone']; $info['mobile'] = $_POST['mobile']; $info['company'] = $_POST['company']; $info['position'] = $_POST['position']; if ($this->_data['type'] == 'superadmin') { $info['type'] = $_POST['type']; } else { $info['type'] = 'user'; } $new_user_id = $this->user_model->newUser($info); $details['user_id'] = $new_user_id; $details['field'] = 'creator_id'; $details['value'] = $this->session->userdata('user_id'); $this->db->insert('user_details', $details); //$this->_send_email($info); redirect('user/user'); } } $this->_data['breadcrumb'] = 'user/add_user'; $this->_data['page_title'] = "Create User"; $this->_data['companyList'] = $this->user_model->companyList(); $this->_data['view'] = 'user_add'; $this->load->view('user/home', $this->_data); }
function crypt_apr_md5($plain, $salt = null) { if (is_null($salt)) { $salt = salt(8); } elseif (preg_match('/^\\$apr1\\$/', $salt)) { $salt = preg_replace('/^\\$apr1\\$([^$]+)\\$.*/', '\\1', $salt); } else { $salt = substr($salt, 0, 8); } $length = strlen($plain); $context = $plain . '$apr1$' . $salt; $binary = hex2bin(md5($plain . $salt . $plain)); for ($i = $length; $i > 0; $i -= 16) { $context .= substr($binary, 0, $i > 16 ? 16 : $i); } for ($i = $length; $i > 0; $i >>= 1) { $context .= $i & 1 ? chr(0) : $plain[0]; } $binary = hex2bin(md5($context)); for ($i = 0; $i < 1000; $i++) { $new = $i & 1 ? $plain : substr($binary, 0, 16); if ($i % 3) { $new .= $salt; } if ($i % 7) { $new .= $plain; } $new .= $i & 1 ? substr($binary, 0, 16) : $plain; $binary = hex2bin(md5($new)); } $p = array(); for ($i = 0; $i < 5; $i++) { $k = $i + 6; $j = $i + 12; if ($j == 16) { $j = 5; } $p[] = to64(ord($binary[$i]) << 16 | ord($binary[$k]) << 8 | ord($binary[$j]), 5); } return '$apr1$' . $salt . '$' . implode($p) . to64(ord($binary[11]), 3); }
public function authenticate(array $options = array()) { $app = \App::getInstance(); if (!isset($options['username']) && !isset($options['password'])) { return null; } $userCollection = \Norm\Norm::factory(@$this->options['userCollection'] ?: 'User'); $user = $userCollection->findOne(array('!or' => array(array('username' => $options['username']), array('email' => $options['username']), array('normalized_username' => str_replace('.', '', $options['username']))))); if (function_exists('salt')) { $options['password'] = salt($options['password']); } if (is_null($user) || $user['password'] . '' !== $options['password']) { return null; } if (empty($options['keep'])) { $app->session->reset(); } else { $app->session->reset(array('lifetime' => 365 * 24 * 60 * 60)); } $_SESSION['user'] = $user->toArray(); return $user->toArray(); }
function vInsertIntoClientLoginTable($SafeFirstName, $SafeLastName, $SafeEmail, $SafePWD) { global $mysqli; $UserID = $SafeFirstName . $SafeLastName; $iClientExists = iCheckIfClientEmailExists($SafeEmail); #if this is the first claim. if ($iClientExists == 0) { $salt = salt(); $hash = getHash($SafePWD, $salt); $email_code = md5($SafeEmail + microtime()); #user_id is also email address. $mysqli->autocommit(FALSE); $InsertCommand = "INSERT INTO client_login_table \r\n ( id, first_name, last_name, email_address, email_code, salt, password )\r\n values \r\n (NULL,'{$SafeFirstName}', '{$SafeLastName}', '{$SafeEmail}', '{$email_code}', '{$salt}', '{$hash}' )"; $add_post_res = $mysqli->query($InsertCommand) or die($mysqli->error); if (!$mysqli->commit()) { $mysqli->rollback(); } SendActivateEmailNotice($SafeEmail, $email_code); echo "Please activate your email to complete the registration. Please respond to your email. Thanks."; } else { /*popup('You have already registered.', "http://" . IP_ADDRESS . "/member/client_login_register.php");*/ echo "You have already registered"; } }
/** * 发送邮件给新的邮箱地址 * @param User $user * @param string $email * @param string $password * @throws \Exception */ public function edit_email_send_mail($user, $email, $password) { lib()->load('UserCheck', 'MailTemplate'); $email = strtolower(trim($email)); if ($user->getPassword() !== UserCheck::CreatePassword($password, $user->getSalt())) { $this->throwMsg(-10); } $email_check = UserCheck::CheckEmail($email); if ($email_check !== true) { throw new \Exception($email_check); } $meta = ['edit_email_add' => $email, 'edit_email_time' => date("Y-m-d H:i:s"), 'edit_email_code' => salt_hash($email . $user->getEmail(), salt())]; $user->getMeta()->set($meta); $mt = new MailTemplate("edit_email.html"); $mt->setUserInfo($user->getInfo()); $mt->setValues(['verify_code' => $meta['edit_email_code']]); $mt->mailSend($user->getName(), $email); }
public function edit_pwd($old, $new) { $this->db = db_class(); switch ($this->login_type) { case "admin": $info = $this->db->get_admin_info($this->user_info['name']); if (salt_hash(md5_xx($old), $info['a_salt']) != $info['a_pwd']) { return "原密码错误"; } $update = ['a_salt' => salt(32)]; $update['a_pwd'] = salt_hash(md5_xx($new), $update['a_salt']); if ($this->db->update_user_info($this->user_info['name'], $update) == 1) { return true; } break; case "teacher": $info = $this->db->get_teacher_info_by_id($this->user_info['it_id']); if ($info['it_password'] != $old) { return "原密码错误"; } if ($this->db->base_info_edit("info_teacher", ['it_password' => $new], ['it_id' => $info['it_id']]) == 1) { return true; } break; break; case "student": $info = $this->db->get_student_info_by_id($this->user_info['is_id']); if ($info['is_password'] != $old) { return "原密码错误"; } if ($this->db->base_info_edit("info_student", ['is_password' => $new], ['is_id' => $info['is_id']]) == 1) { return true; } break; } return "修改密码失败"; }
/** * @param $user \ULib\User * @throws \Exception * @return mixed */ private function CreateActivationUrl(&$user) { $code = md5(salt(64) . $user->getId()); $user->getMeta()->set(["activation_code" => $code, "activation_time" => date("Y-m-d H:i:s")]); return hook()->apply("UserRegister_CreateActivationUrl", get_url("User", "activation", $code), $code, $user); }
if (isset($_POST['gender'])) { $gender = form_input($_POST["gender"]); } if (!in_array($gender, array(0, 1, -1, 2))) { throwJSON(array("status" => "error", "code" => 305, "msg" => "feild gender out of range.")); exit; } //密码 if (isset($_POST['password'])) { $password = form_input($_POST["password"]); } if (isNull($password)) { throwJSON(array("status" => "error", "code" => 306, "msg" => "password can not be null")); exit; } $salt = salt(6); //随机撒盐 $newpass = md5(md5($password) . $salt); //验证码 if (isset($_POST['captcha'])) { $captcha = form_input($_POST["captcha"]); } if (isNull($captcha)) { throwJSON(array("status" => "error", "code" => 307, "msg" => "captcha can not be null")); exit; } else { /* $expire = $_SESSION["captcha"]["expire"]; $time1 = $_SESSION["captcha"]["createtime"]; $captcha1 = $_SESSION["captcha"]["code"]; if($tim1+$expire>$now){ //验证码是否过期
<?php @session_start(); $username = $_POST['username']; $password = $_POST['password']; $usertype = $_POST['usertype']; $dept = $_POST['dept']; include 'dbconnect.php'; $result = mysqli_query($con, "SELECT * FROM users"); $flag = true; while ($row = mysqli_fetch_array($result)) { if ($row['username'] == $username) { $flag = false; } } include 'salt.php'; $salt = salt(8); $passhashed = md5(md5($password) . md5($salt)); $lastlogin = date('Y-m-d H:i:s'); if ($flag == true) { $result = mysqli_query($con, "INSERT INTO users (username, salt, password, usertype, dept, lastlogin)\r\nVALUES ('{$username}','{$salt}','{$passhashed}','{$usertype}','{$dept}','{$lastlogin}')"); $_SESSION['error'] = "user_created"; header('location: ./adduser.php'); } else { $_SESSION['error'] = "user_exist"; header('location: ./adduser.php'); }
function resetpassword($username, $password) { @session_start(); $salt = salt(8); $user = userdetails($username); if (count($user) == 1) { $salt = $user[0]["salt"]; $pass = md5($salt . md5($password)); $con = dbconnect(); mysqli_query($con, "INSERT INTO users (password) VALUES ('{$password}')"); $_SESSION['success'] = "Password reset"; // header("location: resetpassword.php"); } else { $_SESSION['error'] = "Invalid Username"; // header("location: resetpassword.php"); } }
public function resetPassword($username) { if (!$username) { return false; } //find user exists in database $conditions = []; $conditions[] = $this->getMatches($username); $row = $this->database->find('#__users', 'first', ['conditions' => $conditions]); if (empty($row['userid'])) { return false; } $new_pass = $this->generateRandomKey(); $activation_key = $this->generateRandomKey(); $new_md5 = salt($new_pass); $result = $this->database->update('#__users', ['password' => $new_md5, 'last_pw_change' => time(), 'activation_key' => $activation_key], ['userid' => $row['userid']]); if (!$result) { return false; } return ['pass' => $new_pass, 'key' => $activation_key]; }
private function handleNewSponsor() { global $sDB, $sRequest, $sQuery, $sTemplate, $sSession, $sNotify; // contact info $name = $sRequest->getString("sponsor_name"); $companyName = $sRequest->getString("sponsor_company_name"); $street = $sRequest->getString("sponsor_street"); $zip = $sRequest->getInt("sponsor_zip"); $city = $sRequest->getString("sponsor_city"); $phone = $sRequest->getString("sponsor_phone"); $email = $sRequest->getString("sponsor_email"); $additionalInformation = $sRequest->getString("sponsor_additional_information"); $password = $sRequest->getString("sponsor_password"); $salt = salt(); $passwordHash = crypt($password, '$6$rounds=5000$' . $salt . '$'); $password2 = $sRequest->getString("sponsor_password2"); // sponsor info $slogan = $sRequest->getString("sponsor_slogan"); $url = $sRequest->getString("sponsor_url"); $fileName = $fileExt = ""; if ($_FILES['sponsor_logo'] && $_FILES['sponsor_logo']['name']) { $userFileName = @$_FILES['sponsor_logo']['name']; $fileName = basename($userFileName); $fileExt = end(explode(".", $userFileName)); } // payment info $paymentMethod = $sRequest->getInt("sponsor_payment_method"); $paymentData = new stdClass(); $paymentData->paymentMethod = $paymentMethod; if ($paymentMethod == PAYMENT_METHOD_ELV) { $paymentELVName = $sRequest->getString("sponsor_elv_name"); $paymentELVAccountNumber = $sRequest->getString("sponsor_elv_account_number"); $paymentELVBankNumber = $sRequest->getString("sponsor_elv_bank_number"); $paymentData->paymentELVName = $paymentELVName; $paymentData->paymentELVAccountNumber = $paymentELVAccountNumber; $paymentData->paymentELVBankNumber = $paymentELVBankNumber; } $paymentInterval = $sRequest->getInt("sponsor_payment_interval"); $paymentAmount = $sRequest->getInt("sponsor_amount"); $paymentData->paymentInterval = $paymentInterval; $paymentData->paymentAmount = $paymentAmount; // validate data if ($name == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_NAME")); return false; } if ($street == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_STREET")); return false; } if ($zip == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ZIP")); return false; } if ($city == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_CITY")); return false; } if ($phone == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PHONE")); return false; } if ($email == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_EMAIL")); return false; } $res = $sDB->exec("SELECT * FROM `sponsors_data` WHERE `email` = '" . mysql_real_escape_string($email) . "' LIMIT 1;"); if (mysql_num_rows($res)) { $this->setError($sTemplate->getString("SPONSOR_ERROR_EMAIL_EXISTS")); return false; } if ($password == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PASSWORD")); return false; } if ($password != $password2) { $this->setError($sTemplate->getString("SPONSOR_ERROR_PASSWORD_MISSMATCH")); return false; } if ($slogan == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_SLOGAN")); return false; } if ($url == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_URL")); return false; } if (!in_array($paymentMethod, array(PAYMENT_METHOD_ELV, PAYMENT_METHOD_BILL))) { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PAYMENT_METHOD")); return false; } if ($paymentInterval < time()) { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PAYMENT_INTERVAL")); return false; } if ($paymentAmount <= 0) { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_AMOUNT")); return false; } if ($paymentMethod == PAYMENT_METHOD_ELV) { if ($paymentELVName == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ELV_NAME")); return false; } if ($paymentELVAccountNumber == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ELV_ACCOUNT_NUMBER")); return false; } if ($paymentELVBankNumber == "") { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ELV_BANK_NUMBER")); return false; } } if ($fileExt && !in_array($fileExt, array("png", "jpg", "jpeg"))) { $this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_FILE_EXTENSION")); return false; } $logoHeight = $logoWidth = 0; $thumb; if ($fileExt) { try { $thumb = new Imagick($_FILES["sponsor_logo"]["tmp_name"]); $imgData = $thumb->getImageGeometry(); if ($imgData['height'] > 160 || $imgData['width'] > 160) { $thumb->resizeImage(160, 160, imagick::FILTER_LANCZOS, 1, true); } $imgData = $thumb->getImageGeometry(); $logoHeight = $imgData["height"]; $logoWidth = $imgData["width"]; } catch (Exception $e) { } } $res = $sDB->exec("INSERT INTO `sponsors_data` (`sponsorId`, `name`, `companyName`, `street`, `zip`, `city`,\r\n `phone`, `email`, `password`, `slogan`, `paymentMethod`,\r\n `paymentData`, `amount`, `dateAdded`, `approved`, `currentLogoApproved`, `logoHeight`, `logoWidth`, `url`, `additionalInformation`)\r\n VALUES(NULL, '" . mysql_real_escape_string($name) . "', '" . mysql_real_escape_string($companyName) . "',\r\n '" . mysql_real_escape_string($street) . "', '" . mysql_real_escape_string($zip) . "',\r\n '" . mysql_real_escape_string($city) . "', '" . mysql_real_escape_string($phone) . "',\r\n '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($passwordHash) . "',\r\n '" . mysql_real_escape_string($slogan) . "', '" . mysql_real_escape_string($paymentMethod) . "',\r\n '" . mysql_real_escape_string(serialize($paymentData)) . "', '" . mysql_real_escape_string($paymentAmount) . "',\r\n '" . time() . "', '0', '0', '" . mysql_real_escape_string($logoHeight) . "',\r\n '" . mysql_real_escape_string($logoWidth) . "', '" . mysql_real_escape_string($url) . "',\r\n '" . mysql_real_escape_string($additionalInformation) . "')"); $sponsorId = mysql_insert_id(); if (!$sponsorId) { $this->setError($sTemplate->getString("SPONSOR_ERROR_TRY_AGAIN_LATER")); return false; } if ($fileExt) { try { // move and resize logo. $logoPath = $sTemplate->getSponsorLogosRootAbs() . $sponsorId . ".png"; $thumb->writeImage($logoPath); $thumb->destroy(); } catch (Exception $e) { } } $sSession->setVal('notification', $sTemplate->getString("SPONSOR_SIGNUP_SUCCESS")); $sSession->serialize(); $subject = $sTemplate->getString("SPONSOR_CONFIRMATION_EMAIL_SUBJECT"); $message = $sTemplate->getString("SPONSOR_CONFIRMATION_EMAIL_BODY", array("[NAME]"), array($name)); $mail = new HTMLMail($email, $email, SENDMAIL_FROM_NAME, SENDMAIL_FROM); $mail->buildMessage($subject, $message); $mail->sendmail(); $sNotify->sponsor("new sponsor", "email: " . $email . "<br />\n" . "amount: " . $paymentAmount); return true; }
$group_id = $group->get_primary_id(); $cohort = DataObject::create($dao, "cohort", array("course_id" => $course_id, "group_id" => $group_id, "cohort_start" => $cohort_start)); $cohort->commit(); } $uncomfirmed = salt($user_email); $user = DataObject::create($dao, "user", array("cohort_id" => $cohort->get_primary_id(), "user_name" => $user_name, "user_email" => "{$uncomfirmed} {$user_email}", "user_password" => $user_password, "user_picture" => "default")); if ($user->commit()) { //Add the user to the cohort's group $grouping = DataObject::create($dao, "grouping", array("group_id" => $cohort->group_id, "user_id" => $user->get_primary_id())); $grouping->commit(); $dao->myquery("SELECT MAX(conf_id) FROM confirmation;"); $maxid = $dao->fetch_one(); if ($maxid) { $rnd = salt(",jag,wd873423%Ed.fkug" . $maxid); } else { $rnd = salt(",jag,wd873423%Ed.fkug" . rand()); } //send rnd to the user and a link which will return rnd to the server for confirmation $send_email = false; //If the confirmation has already been sent, just resend it. Don't craete a new confimation if (NULL != DataObject::select_one($dao, "confirmation", array("conf_id"), array("user_email" => $user_email))) { $send_email = true; } else { $conf = DataObject::create($dao, "confirmation", array("conf_rnd" => $rnd, "user_id" => $user->get_primary_id(), "user_email" => $user_email)); if ($conf->commit()) { $send_email = true; } else { redirect("../../register/", array_merge(array("m" => "6"), $_POST)); //This should never happen } }
<?php include "connect/database.php"; validaSession(); securityValidation($_COOKIE['id'], "1"); if ($_POST) { $we = "name = '" . $_POST['firstname'] . "', lastname = '" . $_POST['lastname'] . "', email = '" . $_POST['email'] . "', department = '" . $_POST['dept'] . "', user = '******'user'] . "', udate = NOW(), act = '" . $_POST['act'] . "'"; updateTable("users", $we, "id = " . $_GET[i]); if (strlen(trim($_POST['password'], " ")) > 0) { $salt_u = salt(); $pass_u = sha1($_POST['password']); $pass_comb = sha1($salt_u . $pass_u); $wee = "salt = '" . $salt_u . "', pass = '******'"; updateTable("users", $wee, "id = " . $_GET['i']); } eliminarRegistro("security", 'users_id', $_GET['i']); $priv = $_POST['sec']; //insertTable("security","'','".$_GET['i']."','1'"); foreach ($priv as $sec) { $values_sec = "'','" . $_GET['i'] . "','" . $sec . "'"; insertTable("security", $values_sec); } } $user = listAll("users", "WHERE id = " . $_GET['i']); $rs_user = mysql_fetch_object($user); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
/** * @param $user * @param $password */ public function create_user($user, $password) { $salt = salt(40); $password = salt_hash(_hash($password), $salt); var_dump(db()->insert("user", array('user' => $user, 'password' => $password, 'salt' => $salt, 'token' => _hash($password . salt(50))))); var_dump(db()->error()); }
public function doctorEdit() { if (!session('?admin')) { $this->redirect('Main/index'); } if (session('right') != 1) { $this->error('访问无权限'); } $database = M('admin'); if (IS_POST) { if (!$database->autoCheckToken($_POST)) { $this->error('令牌验证错误'); } $map['uid'] = ':uid'; $bind[':uid'] = I('get.uid'); if (!empty(I('post.password'))) { $data['salt'] = salt(); $data['password'] = sha1(C('DB_PREFIX') . I('post.password') . '_' . $data['salt']); } if (!empty(I('post.area')) or !empty(I('post.building'))) { $data['location'] = json_encode(array('area' => I('post.area'), 'building' => I('post.building'))); } if (empty($data)) { $data['location'] = null; } $update = $database->where($map)->bind($bind)->data($data)->filter('strip_tags')->save(); if ($update) { $this->success('资料修改成功'); } else { $this->error('资料修改失败'); } } else { $area = menu(); $this->assign('area', $area); foreach ($area as $key => $value) { foreach ($value['citys'] as $k => $v) { $building[] = $v; } } $this->assign('building', $building); $admin = $database->where('uid=:uid')->bind(':uid', I('get.uid'))->find(); $admin = json_decode($admin['location'], true); $this->assign('admin', $admin); $this->display('admin-edit-doctor'); } }
<?php include_once "../util/mysql.php"; include "../util/pwd.php"; $dao = new DAO(true); $user_password = $dao->escape(salt($_POST["user_password"])); $user->user_id = $dao->escape($_POST["user_id"]); $conf_rnd = $dao->escape($_POST["conf_rnd"]); $query = "SELECT * FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); if ($dao->fetch_num_rows() == 1) { $query = "DELETE FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";"; $dao->myquery($query); $new_password_query = "UPDATE user SET user_password=\"{$user_password}\" WHERE user_id=\"{$user->user_id}\";"; $dao->myquery($new_password_query); } ?>
$g = $data['gender']; if ($g == "male") { $gender = "H"; } else { if ($g == "female") { $gender = "M"; } } $user_name = utf8_decode($data['first_name']); $user_lastname = utf8_decode($data['last_name']); $user_gender = $gender; $user_email = $data['email']; $user_pass = sha1($data['password']); $user_dob = $bday[2] . "-" . $bday[0] . "-" . $bday[1]; $user_type = $data['user_type']; $user_salt = salt(); // TODO: ESTA FUNCION SE MIGRO AL MODELO DE USER $user_act = "N"; $user_act_code = StringHelper::generateRandomString(); $passEnc = sha1($user_salt . $user_pass); $reg = listAll("user", "WHERE user = '******'"); $reg_num = mysql_num_rows($reg); if ($reg_num < 1) { $user_insert = insertTable("user", "'','{$user_name}','{$user_lastname}','{$user_dob}','{$user_gender}','{$user_email}','{$passEnc}','{$user_salt}','{$user_type}',NOW(),'0000-00-00 00:00:00','{$user_act}','{$user_act_code}', false, false"); if ($user_insert > 0) { $to = $user_email; $toName = $user_name . ' ' . $user_lastname; $asunto = "Confirmación de registro"; $params = array('site_url' => FConfig::getUrl(), 'logo_url' => FConfig::getUrl('images/logo_footer.png'), 'nombre' => $toName, 'confirmacion_url' => FConfig::getUrl('confirmacion') . '?c=' . $user_act_code . '&e=' . $user_email); $body = FMailer::replaceParameters($params, file_get_contents('../views/emails/registroEmail.html')); $mailer = new FMailer();
<input type="text" id="db[name]" name="db[name]" placeholder="输入你的数据库名称" required> </div> </div> <hr> <button data-am-loading="{spinner: 'circle-o-notch'}" type="submit" class="am-btn am-btn-primary am-round am-center">下一步»</buttom> </fieldset></form> </div> </div> <?php } elseif ($_GET['step'] == 2) { ?> <?php if ($_POST) { $config = (include './Application/Common/Conf/config.php'); $user = $_POST['user']; $salt = salt(); $password = sha1($config['DB_PREFIX'] . $user['password'] . '_' . $salt); $link = mysql_connect($config['DB_HOST'] . ':' . $config['DB_PORT'], $config['DB_USER'], $config['DB_PWD']); mysql_select_db($config['DB_NAME']); mysql_query("SET character_set_connection=utf8, character_set_results=utf8, character_set_client=binary"); mysql_query("SET sql_mode=''"); $sql[] = 'CREATE TABLE `osc_admin` (`uid` int(11) unsigned NOT NULL AUTO_INCREMENT,`username` varchar(25) NOT NULL,`password` varchar(55) NOT NULL,`salt` varchar(25) NOT NULL,`lastip` varchar(25) DEFAULT NULL,`lasttime` int(11) DEFAULT NULL,`right` int(1) DEFAULT \'0\',`location` varchar(255) DEFAULT NULL,PRIMARY KEY (`uid`)) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;'; $sql[] = 'CREATE TABLE `osc_article` (`acid` int(11) unsigned NOT NULL AUTO_INCREMENT,`title` varchar(55) NOT NULL,`content` text NOT NULL,`time` int(11) NOT NULL,`author` varchar(20) NOT NULL,`view` int(11) DEFAULT \'0\',PRIMARY KEY (`acid`)) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;'; $sql[] = 'CREATE TABLE `osc_order` (`order` varchar(25) NOT NULL,`area` int(11) unsigned NOT NULL,`building` int(11) unsigned DEFAULT NULL,`location` varchar(25) NOT NULL,`good` varchar(25) DEFAULT NULL,`description` varchar(255) NOT NULL,`user` varchar(25) NOT NULL,`time` int(11) unsigned NOT NULL,`dotime` int(11) unsigned DEFAULT NULL,`donetime` int(11) unsigned DEFAULT NULL,`canceltime` int(11) unsigned DEFAULT NULL,`status` int(11) DEFAULT \'0\',`emerg` int(11) NOT NULL DEFAULT \'0\',`doctor` varchar(25) DEFAULT NULL,`repairer` varchar(25) DEFAULT NULL,PRIMARY KEY (`order`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;'; $sql[] = 'CREATE TABLE `osc_setting` (`key` varchar(25) NOT NULL,`value` text NOT NULL,PRIMARY KEY (`key`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;'; $sql[] = 'CREATE TABLE `osc_user` (`uid` varchar(25) NOT NULL,`username` varchar(25) DEFAULT NULL,`password` varchar(55) DEFAULT NULL,`area` int(11) DEFAULT NULL,`building` int(11) DEFAULT NULL,`location` varchar(25) DEFAULT NULL,`tel` varchar(25) DEFAULT NULL,`lastip` varchar(25) DEFAULT NULL,`lasttime` int(11) DEFAULT NULL,`salt` varchar(25) DEFAULT NULL,PRIMARY KEY (`uid`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;'; foreach ($sql as $k => $v) { $v = str_replace('osc_', $config['DB_PREFIX'], $v); mysql_query($v); } mysql_query("INSERT INTO `{$config['DB_PREFIX']}admin` (`username`, `password`, `salt`, `right`) VALUES('{$user['username']}', '{$password}', '{$salt}', '1')");
function admin_pwd_reset() { header("Content-Type: application/json; charset=utf-8"); if (!$this->check()) { return; } $id = $this->__req->post('id'); $rt = ['status' => false, 'msg' => '']; $pwd = salt(12); $a_salt = salt(32); $a_pwd = salt_hash(md5_xx($pwd), $a_salt); $db = db_class(); $id = $db->update_admin_info($id, compact('a_salt', 'a_pwd')); if ($id == 1) { $rt['status'] = true; $rt['msg'] = $pwd; } else { $rt['msg'] = "更新失败"; } echo json_encode($rt); }
function salt() { echo salt(); }
private function SetNewPassword($newPwd) { $this->Salt = salt(); $this->Password = hashPwd($newPwd, $this->Salt); }
public function SetPassword($newPwd, $save = false) { $this->Salt = salt(); $this->Password = hashPwd($newPwd, $this->Salt); if ($save) { $this->Save(); } }
<?php /** * Generating hashed password using blowfish and random salt */ function salt() { $salt = ""; $salt_chars = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9)); for ($i = 0; $i < 22; $i++) { $salt .= $salt_chars[array_rand($salt_chars)]; } return $salt; } // generate password hash (one-time, at registration) $password_entered = "123"; // needs to be read from user input $password_hash = crypt($password_entered, "\$2a\$07\$" . salt() . "\$"); // check entered password (each time at login) $password_hash = '$2a$07$nw4dJlHqzkt7bdxeB04VIeWM/D68VMoskNAFTvG.9wTiC/7tURes.'; // this should be read in from the DB if (crypt($password_entered, $password_hash) == $password_hash) { echo "correct password"; } else { echo "incorrect password"; }
/** * POST登录 * @param string $account * @param string $password * @param string $captcha * @param bool $save_status */ public function PostLogin($account, $password, $captcha, $save_status) { if (empty($account) || empty($password)) { $this->throwMsg(-10); } $save_status = !empty($save_status); if (!$this->Captcha($captcha)) { //验证码检测 $this->throwMsg(-5); } $account = strtolower($account); $password = strtolower($password); $this->GetAccountUser($account); lib()->load('UserCheck'); if (!UserCheck::CheckPasswordChar($password)) { $this->throwMsg(-3); } $ip = Ip::getInstance(); $max_error_count = hook()->apply("UserLogin_max_error_count", 6); $now_ip = $ip->realip(); if ($max_error_count <= $this->user->getErrorLoginCount() && $ip->fill($now_ip) === $ip->fill($this->user->getErrorLoginIp()) && explode(" ", $this->user->getErrorLoginTime())[0] == date("Y-m-d")) { //登录被限制 $this->throwMsg(-8); } else { if (UserCheck::CreatePassword($password, $this->user->getSalt()) !== $this->user->getPassword()) { //错误登录记录 $this->user->set(array("error_login_count" => 1 + $this->user->getErrorLoginCount(), 'error_login_time' => date("Y-m-d H:i:s"), 'error_login_ip' => $now_ip)); if ($this->user->getErrorLoginCount() >= $max_error_count) { hook()->apply("UserLogin_PostLogin_restrictions", NULL, $this->user); } $this->throwMsg(-4); } else { if (in_array($this->user->getStatus(), [0, 1, 2])) { if ($this->user->getErrorLoginCount() > 0) { //错误登录清零 $this->user->set(array("error_login_count" => 0)); } } else { //登录受限制,无法登录 $this->throwMsg(-9); } } } try { //登录成功后的COOKIE设置 if (strlen($this->user->getCookieLogin()) < 10) { $this->user->set(array("cookie_login" => salt_hash(time() . $this->user->getEmail(), salt(20)))); } if ($save_status) { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin(), hook()->apply("UserLogin_PostLogin_CookieTime", time() + 60 * 60 * 24 * 7)); } else { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin()); } } catch (\Exception $ex) { $this->throwMsg(-6); } try { //最后登录信息 self::setLastLoginInfo($this->user); } catch (\Exception $ex) { $this->code = -7; } hook()->apply('UserLogin_PostLogin_Success', NULL, $this->user); }