function admin_pwd_reset() { header("Content-Type: application/json; charset=utf-8"); if (!$this->check()) { return; } $id = $this->__req->post('id'); $rt = ['status' => false, 'msg' => '']; $pwd = salt(12); $a_salt = salt(32); $a_pwd = salt_hash(md5_xx($pwd), $a_salt); $db = db_class(); $id = $db->update_admin_info($id, compact('a_salt', 'a_pwd')); if ($id == 1) { $rt['status'] = true; $rt['msg'] = $pwd; } else { $rt['msg'] = "更新失败"; } echo json_encode($rt); }
$result = $stmt->execute(); $rows = 0; while ($row = $result->fetchArray()) { $salt = $row['salt']; $rows++; } if ($rows < 1) { $_SESSION['error'] = TRUE; $_SESSION['error_log'] = 'Invalid username, password or citizen card.'; redirect('../login.php'); exit; } $bi = getbi(); $query = "SELECT * FROM users WHERE name = :name and pass = :pass and serial = '" . $bi . "'"; $stmt = $db->prepare($query); $stmt->bindValue(':name', $_POST['username']); $stmt->bindValue(':pass', salt_hash($_POST['password'], $salt)); $result = $stmt->execute(); $rows = 0; while ($row = $result->fetchArray()) { $rows++; } if ($rows < 1) { $_SESSION['error'] = TRUE; $_SESSION['error_log'] = 'Invalid username, password or citizen card.'; redirect('../login.php'); exit; } $_SESSION['on'] = TRUE; $_SESSION['username'] = $_POST['username']; redirect('../index.php');
public function login($user, $password) { $user = trim($user); $password = trim($password); $info = $this->db->get_admin_info($user); if (isset($info['a_name']) && $info['a_name'] === $user) { if (salt_hash(md5_xx($password), $info['a_salt']) == $info['a_pwd']) { if ($info['a_status'] == 1) { return "账户被禁用"; } else { $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : NULL; if ($this->ip_filter($info['a_ip'], $ip)) { $this->status = true; $this->set_session($info, $ip); return true; } else { return "当前IP{" . ($ip ? $ip : "{NULL}") . "}禁止登陆"; } } } else { return "用户名或密码错误"; } } else { return "用户名不存在"; } }
/** * 发送邮件给新的邮箱地址 * @param User $user * @param string $email * @param string $password * @throws \Exception */ public function edit_email_send_mail($user, $email, $password) { lib()->load('UserCheck', 'MailTemplate'); $email = strtolower(trim($email)); if ($user->getPassword() !== UserCheck::CreatePassword($password, $user->getSalt())) { $this->throwMsg(-10); } $email_check = UserCheck::CheckEmail($email); if ($email_check !== true) { throw new \Exception($email_check); } $meta = ['edit_email_add' => $email, 'edit_email_time' => date("Y-m-d H:i:s"), 'edit_email_code' => salt_hash($email . $user->getEmail(), salt())]; $user->getMeta()->set($meta); $mt = new MailTemplate("edit_email.html"); $mt->setUserInfo($user->getInfo()); $mt->setValues(['verify_code' => $meta['edit_email_code']]); $mt->mailSend($user->getName(), $email); }
require_once '../utils/function.php'; if (!isset($_SESSION['on'])) { redirect('../login.php'); exit; } if (!isset($_POST['renew'])) { redirect('../secure/accounts.php'); exit; } if (!can_create_account($_SESSION['username'])) { $_SESSION['error'] = TRUE; $_SESSION['error_log'] = 'You are not authorized to renew Linux accounts.'; redirect('../secure/accounts.php'); exit; } $days = config_days(); $length = config_length(); $pin = genpin($length); $expdate = time() + 24 * 60 * 60 * $days; $salt = gensalt(); $query = "UPDATE passwd SET password = '******', salt = '" . $salt . "', expflag = 0, expdate =" . $expdate . ", retrycount = 0 WHERE username = :renewList"; $stmt = $db->prepare($query); $stmt->bindValue(':renewList', $_POST['renewList']); $result = $stmt->execute(); $_SESSION['pin'] = $pin; $_SESSION['account'] = $_POST['renewList']; $_SESSION['has_pin'] = TRUE; $_SESSION['account_state'] = 'Renewed'; $_SESSION['error'] = TRUE; $_SESSION['error_log'] = 'Account ' . $_POST['deleteList'] . ' renewed.'; redirect('../secure/account.php');
/** * @param $user * @param $password */ public function create_user($user, $password) { $salt = salt(40); $password = salt_hash(_hash($password), $salt); var_dump(db()->insert("user", array('user' => $user, 'password' => $password, 'salt' => $salt, 'token' => _hash($password . salt(50))))); var_dump(db()->error()); }
/** * POST登录 * @param string $account * @param string $password * @param string $captcha * @param bool $save_status */ public function PostLogin($account, $password, $captcha, $save_status) { if (empty($account) || empty($password)) { $this->throwMsg(-10); } $save_status = !empty($save_status); if (!$this->Captcha($captcha)) { //验证码检测 $this->throwMsg(-5); } $account = strtolower($account); $password = strtolower($password); $this->GetAccountUser($account); lib()->load('UserCheck'); if (!UserCheck::CheckPasswordChar($password)) { $this->throwMsg(-3); } $ip = Ip::getInstance(); $max_error_count = hook()->apply("UserLogin_max_error_count", 6); $now_ip = $ip->realip(); if ($max_error_count <= $this->user->getErrorLoginCount() && $ip->fill($now_ip) === $ip->fill($this->user->getErrorLoginIp()) && explode(" ", $this->user->getErrorLoginTime())[0] == date("Y-m-d")) { //登录被限制 $this->throwMsg(-8); } else { if (UserCheck::CreatePassword($password, $this->user->getSalt()) !== $this->user->getPassword()) { //错误登录记录 $this->user->set(array("error_login_count" => 1 + $this->user->getErrorLoginCount(), 'error_login_time' => date("Y-m-d H:i:s"), 'error_login_ip' => $now_ip)); if ($this->user->getErrorLoginCount() >= $max_error_count) { hook()->apply("UserLogin_PostLogin_restrictions", NULL, $this->user); } $this->throwMsg(-4); } else { if (in_array($this->user->getStatus(), [0, 1, 2])) { if ($this->user->getErrorLoginCount() > 0) { //错误登录清零 $this->user->set(array("error_login_count" => 0)); } } else { //登录受限制,无法登录 $this->throwMsg(-9); } } } try { //登录成功后的COOKIE设置 if (strlen($this->user->getCookieLogin()) < 10) { $this->user->set(array("cookie_login" => salt_hash(time() . $this->user->getEmail(), salt(20)))); } if ($save_status) { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin(), hook()->apply("UserLogin_PostLogin_CookieTime", time() + 60 * 60 * 24 * 7)); } else { cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin()); } } catch (\Exception $ex) { $this->throwMsg(-6); } try { //最后登录信息 self::setLastLoginInfo($this->user); } catch (\Exception $ex) { $this->code = -7; } hook()->apply('UserLogin_PostLogin_Success', NULL, $this->user); }
public static function login($username, $password) { $user = User::load($username); if ($user->pass_hash !== salt_hash($password)) { return false; } $_SESSION["user"] = $user; return $user; }
$result = $db->query($query); $row = $result->fetchArray(); $uid = $row['uid'] + 1; } else { $uid = 10000; } $length = config_length(); $pin = genpin($length); $days = config_days(); $account = $_POST['account']; $gid = 10000; $home = '/home/' . $_POST['account']; $bash = '/bin/bash'; $expdate = time() + 86400 * $days; $expflag = 0; $retrycount = 0; $salt = gensalt(); $query = "INSERT INTO passwd (uid, gid, username, password, salt, home, bash, expdate, expflag, retrycount) VALUES (" . $uid . ", " . $gid . ", :account, '" . salt_hash($pin, $salt) . "', '" . $salt . "', :home, '" . $bash . "', " . $expdate . ", " . $expflag . ", '" . $retrycount . "')"; $stmt = $db->prepare($query); $stmt->bindValue(':account', $account); $stmt->bindValue(':home', $home); $result = $stmt->execute(); $query = "INSERT INTO useraccounts (username, account) VALUES ( '" . $_SESSION['username'] . "', :account)"; $stmt = $db->prepare($query); $stmt->bindValue(':account', $_POST['account']); $result = $stmt->execute(); $_SESSION['pin'] = $pin; $_SESSION['account'] = $_POST['account']; $_SESSION['has_pin'] = TRUE; $_SESSION['account_state'] = 'Created'; redirect('../secure/account.php');