/**
* Logs in a user. Returns boolean indicating the result.
*
* @param string $userName Username of the person logging in.
* @param string $password Password in plain text of the person logging in.
**/
function LoginUser($userName, $password)
{
if ($stmt = $this->dbConnect->prepare("SELECT password FROM usersinfo WHERE username=?")) {
$stmt->bind_param("s", $userName);
$stmt->execute();
$stmt->bind_result($hashedPassword);
$stmt->fetch();
$stmt->close();
$pwdHasher = new PasswordHash(8, FALSE);
$hashString = $pwdHasher->HashPassword($password);
// Tests to determine if hashing is the issue with the login problem.
/*
$hashString = $pwdHasher->HashPassword($password);
echo "The password entered is " . $password . "<br />";
echo "The hashed string is " . $hashString . "<br />";
echo "The hashed password to compare against is " . $hashedPassword;
*/
//if($pwdHasher->CheckPassword($password, $hashedPassword))
if ($pwdHasher->CheckPassword($hashString, $hashedPassword)) {
}
echo $userName;
$_SESSION['username'] = $userName;
return true;
}
return false;
}
function do_x_post_password_cb()
{
//snag from wp-login.php:386-393
require_once ABSPATH . 'wp-includes/class-phpass.php';
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
// 10 days
setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['pass'])), time() + 864000, COOKIEPATH);
//fake it so it's available in the loop below
$_COOKIE['wp-postpass_' . COOKIEHASH] = $wp_hasher->HashPassword(stripslashes($_POST['pass']));
$q = new WP_Query("p={$_POST['pid']}");
if ($q->have_posts()) {
while ($q->have_posts()) {
$q->the_post();
// verifies password hash
if (post_password_required()) {
wp_send_json_error('Invalid password');
}
// get post title
ob_start();
the_title(sprintf('<a href="%s" rel="bookmark">', esc_url(get_permalink())), '</a>');
$title = ob_get_clean();
// get post content
ob_start();
the_content();
$content = ob_get_clean();
}
}
wp_reset_postdata();
$return = array('title' => $title, 'content' => $content);
wp_send_json_success($return);
}
static function is_password_protected()
{
global $post;
$private_post = array('allowed' => false, 'error' => '');
if (isset($_POST['submit_password'])) {
// when we have a submision check the password and its submision
if (isset($_POST['submit_password_nonce']) && wp_verify_nonce($_POST['submit_password_nonce'], 'password_protection')) {
if (isset($_POST['post_password']) && !empty($_POST['post_password'])) {
// some simple checks on password
// finally test if the password submitted is correct
if ($post->post_password === $_POST['post_password']) {
$private_post['allowed'] = true;
// ok if we have a correct password we should inform wordpress too
// otherwise the mad dog will put the password form again in the_content() and other filters
global $wp_hasher;
if (empty($wp_hasher)) {
require_once ABSPATH . 'wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash(8, true);
}
setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['post_password'])), 0, COOKIEPATH);
} else {
$private_post['error'] = '<h4 class="text--error">Wrong Password</h4>';
}
}
}
}
if (isset($_COOKIE['wp-postpass_' . COOKIEHASH]) && get_permalink() == wp_get_referer()) {
$private_post['error'] = '<h4 class="text--error">Wrong Password</h4>';
}
return $private_post;
}
function on_before_validate($values)
{
if ($values['username'] == "" || $values['username'] == NULL) {
$this->password_in_clear = $password = $this->random_password();
$ci = CI_Controller::get_instance();
$ci->load->helper('url');
$ci->load->library('session');
$ci->load->library('extemplate');
$ci->load->library("email");
$ci->load->config('tank_auth', TRUE);
$hasher = new PasswordHash($ci->config->item('phpass_hash_strength', 'tank_auth'), $ci->config->item('phpass_hash_portable', 'tank_auth'));
$hashed_password = $hasher->HashPassword($password);
$values["password"] = $hashed_password;
$values["created"] = datetime_now();
$values['username'] = trim($values['email']);
$values["last_ip"] = $_SERVER['REMOTE_ADDR'];
$data = $values;
$data['site_name'] = 'http://www.ressphere.com';
$data['password'] = $this->password_in_clear;
if ($ci->config->item('email_account_details')) {
base::_begin_send_email('Welcome to', $data['email'], $data, $ci);
}
}
return parent::on_before_validate($values);
}
function wp_new_user_notification($user_id, $deprecated = null, $notify = '')
{
if ($deprecated !== null) {
_deprecated_argument(__FUNCTION__, '4.3.1');
}
// `$deprecated was pre-4.3 `$plaintext_pass`. An empty `$plaintext_pass` didn't sent a user notifcation.
if ('admin' === $notify || empty($deprecated) && empty($notify)) {
return;
}
global $wpdb, $wp_hasher;
$user = get_userdata($user_id);
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
// Generate something random for a password reset key.
$key = wp_generate_password(20, false);
/** This action is documented in wp-login.php */
do_action('retrieve_password_key', $user->user_login, $key);
// Now insert the key, hashed, into the DB.
if (empty($wp_hasher)) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash(8, true);
}
$hashed = time() . ':' . $wp_hasher->HashPassword($key);
$wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login));
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= __('To set your password, visit the following address:') . "\r\n\r\n";
$message .= '<' . network_site_url("wp-login.php?action=rp&key={$key}&login="******">\r\n\r\n";
$message .= wp_login_url() . "\r\n";
wp_mail($user->user_email, sprintf(__('[%s] Your username and password info'), $blogname), $message);
}
public function run()
{
$tpl = new template();
$id = (int) $_GET['id'];
$users = new users();
$clients = new clients();
if ($id && $id > 0) {
$lead = $this->getLead($id);
$contact = $this->getLeadContact($id);
$values = array('user' => $contact['email'], 'password' => '', 'firstname' => '', 'lastname' => '', 'phone' => $contact['phone'], 'role' => 3, 'clientId' => $lead['clientId']);
if (isset($_POST['save'])) {
if (isset($_POST['user']) && isset($_POST['firstname']) && isset($_POST['lastname'])) {
$hasher = new PasswordHash(8, TRUE);
$values = array('user' => $_POST['user'], 'password' => $hasher->HashPassword($_POST['password']), 'firstname' => $_POST['firstname'], 'lastname' => $_POST['lastname'], 'phone' => $_POST['phone'], 'role' => $_POST['role'], 'clientId' => $_POST['clientId']);
if ($users->usernameExist($values['user']) !== true) {
$users->addUser($values);
$tpl->setNotification('USER_CREATED', 'success');
} else {
$tpl->setNotification('USERNAME_EXISTS', 'error');
}
} else {
$tpl->setNotification('MISSING_FIELDS', 'error');
}
}
$tpl->assign('values', $values);
$tpl->assign('clients', $clients->getAll());
$tpl->assign('roles', $users->getRoles());
$tpl->display('leads.convertToUser');
} else {
$tpl->display('general.error');
}
}
/**
* Check that the supplied password or key is valid for this user.
*
* @param string $password The password to verify
* @return boolean
*/
public function checkPassword($password){
$hasher = new \PasswordHash(datastore::HASH_ITERATIONS);
// The password for datastores are stored in the datastore.
$currentpass = $this->_usermodel->get('password');
return $hasher->checkPassword($password, $currentpass);
}
function check_login($user_id, $password)
{
session_destroy();
session_start();
$wp_host = "127.0.0.1";
$wp_port = "3306";
$wp_user = "******";
$wp_pass = "******";
$wp_db = "jol";
$wp_conn = mysql_connect($wp_host . ":" . $wp_port, $wp_user, $wp_pass);
//$password=HashPassword($password);
$ret = false;
$wp_pre = "wp_";
$sql = "select * from " . $wp_pre . "users where user_login='******'";
if ($wp_conn) {
mysql_select_db($wp_db, $wp_conn);
$result = mysql_query($sql, $wp_conn);
$row = mysql_fetch_array($result);
if ($row) {
$wp_hasher = new PasswordHash(8, TRUE);
if ($wp_hasher->CheckPassword($password, $row['user_pass'])) {
$ret = $user_id;
$sql = "insert into users(user_id,ip,nick,school) values('" . mysql_real_escape_string($user_id) . "','','','') on DUPLICATE KEY UPDATE nick='" . mysql_real_escape_string($user_id) . "'";
mysql_query($sql);
}
}
}
return $ret;
}
function phpass_check($user, $auth)
{
$CI =& get_instance();
$CI->load->library('PasswordHash');
$hasher = new PasswordHash(HASH_COST_LOG2, HASH_PORTABLE);
return $hasher->CheckPassword($auth['password'], $user['password']);
}
/**
* Email login credentials to a newly-registered user.
*
* A new user registration notification is also sent to admin email.
*
* @since 2.0.0
* @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`.
*
* @param int $user_id User ID.
* @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty
* string (admin only), or 'both' (admin and user). The empty string value was kept
* for backward-compatibility purposes with the renamed parameter. Default empty.
*/
function wp_new_user_notification($user_id, $notify = '')
{
global $wpdb;
$user = get_userdata($user_id);
// The blogname option is escaped with esc_html on the way into the database in sanitize_option
// we want to reverse this for the plain text arena of emails.
$blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES);
$message = sprintf(__('New user registration on your site %s:'), $blogname) . "\r\n\r\n";
$message .= sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= sprintf(__('E-mail: %s'), $user->user_email) . "\r\n";
@wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message);
if ('admin' === $notify || empty($notify)) {
return;
}
// Generate something random for a password reset key.
$key = wp_generate_password(20, false);
/** This action is documented in wp-login.php */
do_action('retrieve_password_key', $user->user_login, $key);
// Now insert the key, hashed, into the DB.
if (empty($wp_hasher)) {
require_once ABSPATH . WPINC . '/class-phpass.php';
$wp_hasher = new PasswordHash(8, true);
}
$hashed = time() . ':' . $wp_hasher->HashPassword($key);
$wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login));
$message = sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n";
$message .= __('To set your password, visit the following address:') . "\r\n\r\n";
$message .= network_site_url("wp-login.php?action=rp&key={$key}&login="******"\r\n\r\n";
// $message .= wp_login_url() . "\r\n";
$message .= __('Make sure you click the RESET PASSWORD button to save your password.') . "\r\n\r\n";
wp_mail($user->user_email, sprintf(__('[%s] Your username and password info'), $blogname), $message);
}
public static function setHash($uid, $password)
{
$partHash = self::getPreHash($uid, $password);
$tHasher = new PasswordHash(self::PASSWORD_HASH_ITERATION_COUNT, FALSE);
$hash = $tHasher->HashPassword($partHash);
return $hash;
}
function install()
{
if ($this->config->is_loaded) {
die("Oops, there's already a config.php file. You'll need to remove it to run this installer.");
}
$password_min_length = 5;
$password_max_length = 72;
$form = new \Leeflets\Form($this->config, $this->router, $this->settings, 'install-form', array('elements' => array('credentials' => array('type' => 'fieldset', 'elements' => array('username' => array('type' => 'email', 'placeholder' => 'Email Address', 'class' => 'input-block-level', 'required' => true), 'password1' => array('type' => 'password', 'placeholder' => 'Password', 'class' => 'input-block-level', 'required' => true, 'validation' => array(array('callback' => 'min_length', 'msg' => 'Sorry, your password must be at least ' . $password_min_length . ' characters in length.', 'args' => array($password_min_length)), array('callback' => 'max_length', 'msg' => 'Sorry, your password can be no longer than ' . $password_max_length . ' characters in length.', 'args' => array($password_max_length)))), 'password2' => array('type' => 'password', 'placeholder' => 'Confirm Password', 'class' => 'input-block-level', 'required' => true, 'validation' => array(array('callback' => array($this, 'matching_passwords'), 'msg' => 'Your passwords do not match. Please enter matching passwords.', 'args' => array($_POST['password2'])))))))));
if (!$this->filesystem->have_direct_access()) {
$elements['warning'] = array('type' => 'html', 'value' => $this->view->get_partial('ftp-warning'));
$elements['connection'] = $this->filesystem->get_connection_fields(array($this, '_check_connection'), true);
}
$elements['buttons'] = array('type' => 'fieldset', 'elements' => array('submit' => array('type' => 'button', 'button-type' => 'submit', 'class' => 'btn btn-primary', 'value' => 'Install Leeflets')));
$form->add_elements($elements);
if ($form->validate()) {
$hasher = new \PasswordHash(8, false);
$data = array('username' => $_POST['credentials']['username'], 'password' => $hasher->HashPassword($_POST['credentials']['password1']));
$this->config->write($this->filesystem, $data);
$htaccess = new \Leeflets\Htaccess($this->filesystem, $this->router, $this->config);
$htaccess->write();
if (isset($_POST['connection']['type'])) {
$this->settings->save_connection_info($_POST, $this->filesystem);
}
\Leeflets\Router::redirect($this->router->admin_url('/user/login/'));
exit;
}
$args = compact('form');
$args['page-title'] = 'Install';
$args['layout'] = 'logged-out';
return $args;
}
function correct_credentials($username, $password)
{
$rightPassword = false;
try {
// Pull in the password hash from the DB for this user
$db = new PDO("sqlite:database/noiseFactionDatabase.db");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$statement = $db->prepare("select passwordHash from Account where username = ?;");
$result = $statement->execute(array($username));
if ($result != 1) {
throw new pdoDbException("Something's gone wrong with the prepared statement");
} else {
$userTuple = $statement->fetch(PDO::FETCH_ASSOC);
// If $userTuple is null, there is no account under that name
if ($userTuple !== null) {
$passwordHash = $userTuple["passwordHash"];
$hasher = new PasswordHash(8, FALSE);
// This comes from PasswordHash.php
$rightPassword = $hasher->CheckPassword($attempt, $passwordHash);
} else {
// What should we do here?
$rightPassword = false;
}
}
$db = null;
} catch (PDOException $e) {
echo 'Exception: ' . $e->getMessage();
}
return $rightPassword;
}
function register($email, $password, $first, $last)
{
global $db;
$db->Prepare('SELECT id FROM `users` WHERE email=\'$0\'');
$db->Execute($email);
if ($db->RowCount() > 0) {
return -1;
}
$hasher = new PasswordHash(8, false);
$password = $hasher->HashPassword($password);
$firstname = ucfirst($first);
$lastname = ucfirst($last);
$db->Prepare("INSERT INTO users (email, password, first_name, last_name, activated) VALUES ('\$0', '\$1', '\$2', '\$3', '\$4')");
$db->Execute(trim($email), $password, trim($firstname), trim($lastname), 0);
$db->Prepare("SELECT LAST_INSERT_ID()");
$db->Execute();
$id = $db->Fetch();
$id = implode($id, "");
$db->Prepare("SELECT UUID()");
$db->Execute();
$uuid = $db->Fetch();
$uuid = str_replace("-", "", implode($uuid, ""));
$uuid = substr($uuid, 0, 16);
$db->Prepare("INSERT INTO activation_keys (`key`, user_id) VALUES ('\$0', '\$1')");
$db->Execute($uuid, $id);
return $uuid;
}
function newFund($username, $password, $xml_url, $user_email, $fundName, $numMembers, $stateLaw, $fundAddressCareOf, $fundAddressLevel, $fundAddressStreet, $fundAddressSuburb, $fundAddressState, $fundAddressPostcode, $teeMtgAddressLevel, $teeMtgAddressStreet, $teeMtgAddressSuburb, $teeMtgAddressState, $teeMtgAddressPostcode, $m1MemberNamePrefix, $m1MemberGivenNames, $m1MemberFamilyName, $m1MemberDOB, $m1MemberTFN, $m1AddressLevel, $m1AddressStreet, $m1AddressSuburb, $m1AddressState, $m1AddressPostcode, $m2MemberNamePrefix, $m2MemberGivenNames, $m2MemberFamilyName, $m2MemberDOB, $m2MemberTFN, $m2AddressLevel, $m2AddressStreet, $m2AddressSuburb, $m2AddressState, $m2AddressPostcode, $m3MemberNamePrefix, $m3MemberGivenNames, $m3MemberFamilyName, $m3MemberDOB, $m3MemberTFN, $m3AddressLevel, $m3AddressStreet, $m3AddressSuburb, $m3AddressState, $m3AddressPostcode, $m4MemberNamePrefix, $m4MemberGivenNames, $m4MemberFamilyName, $m4MemberDOB, $m4MemberTFN, $m4AddressLevel, $m4AddressStreet, $m4AddressSuburb, $m4AddressState, $m4AddressPostcode, $t2NonMemberNamePrefix, $t2NonMemberGivenNames, $t2NonMemberFamilyName, $t2NonMemberAddressLevel, $t2NonMemberAddressStreet, $t2NonMemberAddressSuburb, $t2NonMemberAddressState, $t2NonMemberAddressPostcode, $corpTeeName, $corpTeeACN, $corpTeeAddressCareOf, $corpTeeAddressLevel, $corpTeeAddressStreet, $corpTeeAddressSuburb, $corpTeeAddressState, $corpTeeAddressPostcode, $d2NonMemberNamePrefix, $d2NonMemberGivenNames, $d2NonMemberFamilyName, $d2NonMemberAddressLevel, $d2NonMemberAddressStreet, $d2NonMemberAddressSuburb, $d2NonMemberAddressState, $d2NonMemberAddressPostcode, $chairmanTrustee)
{
$ch = curl_init();
$timeout = 3600;
curl_setopt($ch, CURLOPT_URL, $xml_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
// $response = curl_getinfo($ch);
curl_close($ch);
$xml = simplexml_load_string($data);
if (!simplexml_load_string($data) && !$xml) {
global $wpdb;
$wp_hasher = new PasswordHash(8, TRUE);
$sql = "SELECT * FROM wp_users WHERE user_login = '******' ";
$resultuser = $wpdb->get_results($sql);
if ($resultuser) {
foreach ($resultuser as $results) {
if ($wp_hasher->CheckPassword($password, $results->user_pass)) {
$unique = trim(com_create_guid(), '{}');
$result = $wpdb->insert('service_nsf', array('unique_code' => $unique, 'user_email' => $user_email, 'fundName' => $fundName, 'numMembers' => $numMembers, 'stateLaw' => $stateLaw, 'fundAddressCareOf' => $fundAddressCareOf, 'fundAddressLevel' => $fundAddressLevel, 'fundAddressStreet' => $fundAddressStreet, 'fundAddressSuburb' => $fundAddressSuburb, 'fundAddressState' => $fundAddressState, 'fundAddressPostcode' => $fundAddressPostcode, 'teeMtgAddressLevel' => $teeMtgAddressLevel, 'teeMtgAddressStreet' => $teeMtgAddressStreet, 'teeMtgAddressSuburb' => $teeMtgAddressSuburb, 'teeMtgAddressState' => $teeMtgAddressState, 'teeMtgAddressPostcode' => $teeMtgAddressPostcode, 'm1MemberNamePrefix' => $m1MemberNamePrefix, 'm1MemberGivenNames' => $m1MemberGivenNames, 'm1MemberFamilyName' => $m1MemberFamilyName, 'm1MemberDOB' => $m1MemberDOB, 'm1MemberTFN' => $m1MemberTFN, 'm1AddressLevel' => $m1AddressLevel, 'm1AddressStreet' => $m1AddressStreet, 'm1AddressSuburb' => $m1AddressSuburb, 'm1AddressState' => $m1AddressState, 'm1AddressPostcode' => $m1AddressPostcode, 'm2MemberNamePrefix' => $m2MemberNamePrefix, 'm2MemberGivenNames' => $m2MemberGivenNames, 'm2MemberFamilyName' => $m2MemberFamilyName, 'm2MemberDOB' => $m2MemberDOB, 'm2MemberTFN' => $m2MemberTFN, 'm2AddressLevel' => $m2AddressLevel, 'm2AddressStreet' => $m2AddressStreet, 'm2AddressSuburb' => $m2AddressSuburb, 'm2AddressState' => $m2AddressState, 'm2AddressPostcode' => $m2AddressPostcode, 'm3MemberNamePrefix' => $m3MemberNamePrefix, 'm3MemberGivenNames' => $m3MemberGivenNames, 'm3MemberFamilyName' => $m3MemberFamilyName, 'm3MemberDOB' => $m3MemberDOB, 'm3MemberTFN' => $m3MemberTFN, 'm3AddressLevel' => $m3AddressLevel, 'm3AddressStreet' => $m3AddressStreet, 'm3AddressSuburb' => $m3AddressSuburb, 'm3AddressState' => $m3AddressState, 'm3AddressPostcode' => $m3AddressPostcode, 'm4MemberNamePrefix' => $m4MemberNamePrefix, 'm4MemberGivenNames' => $m4MemberGivenNames, 'm4MemberFamilyName' => $m4MemberFamilyName, 'm4MemberDOB' => $m4MemberDOB, 'm4MemberTFN' => $m4MemberTFN, 'm4AddressLevel' => $m4AddressLevel, 'm4AddressStreet' => $m4AddressStreet, 'm4AddressSuburb' => $m4AddressSuburb, 'm4AddressState' => $m4AddressState, 'm4AddressPostcode' => $m4AddressPostcode, 't2NonMemberNamePrefix' => $t2NonMemberNamePrefix, 't2NonMemberGivenNames' => $t2NonMemberGivenNames, 't2NonMemberFamilyName' => $t2NonMemberFamilyName, 't2NonMemberAddressLevel' => $t2NonMemberAddressLevel, 't2NonMemberAddressStreet' => $t2NonMemberAddressStreet, 't2NonMemberAddressSuburb' => $t2NonMemberAddressSuburb, 't2NonMemberAddressState' => $t2NonMemberAddressState, 't2NonMemberAddressPostcode' => $t2NonMemberAddressPostcode, 'corpTeeName' => $corpTeeName, 'corpTeeACN' => $corpTeeACN, 'corpTeeAddressCareOf' => $corpTeeAddressCareOf, 'corpTeeAddressLevel' => $corpTeeAddressLevel, 'corpTeeAddressStreet' => $corpTeeAddressStreet, 'corpTeeAddressSuburb' => $corpTeeAddressSuburb, 'corpTeeAddressState' => $corpTeeAddressState, 'corpTeeAddressPostcode' => $corpTeeAddressPostcode, 'd2NonMemberNamePrefix' => $d2NonMemberNamePrefix, 'd2NonMemberGivenNames' => $d2NonMemberGivenNames, 'd2NonMemberFamilyName' => $d2NonMemberFamilyName, 'd2NonMemberAddressLevel' => $d2NonMemberAddressLevel, 'd2NonMemberAddressStreet' => $d2NonMemberAddressStreet, 'd2NonMemberAddressSuburb' => $d2NonMemberAddressSuburb, 'd2NonMemberAddressState' => $d2NonMemberAddressState, 'd2NonMemberAddressPostcode' => $d2NonMemberAddressPostcode, 'chairmanTrustee' => $chairmanTrustee), array('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s'));
return array('unique_code' => $unique);
} else {
return array('username' => 'Invalid username or password1');
}
}
} else {
return array('username' => 'Invalid username or password2' . $result);
}
} else {
return @nsf_parser($username, $password, $xml_url);
}
}
public function authenticate()
{
error_log("authenticating", 0);
$is_authenticated = 0;
$associatedUserId = -1;
if (isset($_POST["mac"])) {
error_log("mac address auth:" . $_POST["mac"], 0);
$mac = $_POST["mac"];
$this->load->model("usermodel");
$associatedUserId = $this->usermodel->getUserIdFromMACAddress($mac);
}
if ($associatedUserId > 0) {
$is_authenticated = 1;
} else {
if (isset($_POST['u']) && isset($_POST['p'])) {
$password = $_POST['p'];
$this->db->where('user_login', $_POST['u']);
$query = $this->db->get('wpmember_users');
$results = $query->result();
if (count($results) > 0) {
$hash = $results[0]->user_pass;
require_once MEMBERINCLUDEPATH . '/wp-includes/class-phpass.php';
$wp_hasher = new PasswordHash(8, TRUE);
$check = $wp_hasher->CheckPassword($password, $hash);
$is_authenticated = $check;
error_log("authentication" . $check, 0);
}
}
}
echo $is_authenticated;
}
public function authenticate()
{
$passwordHasher = new PasswordHash(Yii::app()->params['phpass']['iteration_count_log2'], Yii::app()->params['phpass']['portable_hashes']);
if (null === $this->_user) {
$this->errorCode = self::ERROR_NOT_FOUND;
} else {
if (User::DISABLED === $this->_user->status) {
$this->errorCode = self::ERROR_DISABLED;
} else {
if (null === $this->_user->password_hash) {
$this->errorCode = self::ERROR_PASSWORD_NOT_SET;
} else {
if ($passwordHasher->CheckPassword($this->_user->password_hash, $this->_password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->errorCode = self::ERROR_NONE;
}
}
}
}
if (self::ERROR_NONE !== $this->errorCode) {
return $this->errorCode;
}
$this->setState('isAdmin', $this->_user->is_admin);
return self::ERROR_NONE;
}
private function _authenticate($queryWhereCondition, $loginStr, $password)
{
// query user in Joomla table
$result = $this->_db->querySelect('user_login,user_email,user_pass', $this->_websoccer->getConfig('wordpresslogin_tableprefix') . 'users', 'user_status = 0 AND ' . $queryWhereCondition, $loginStr);
$wpUser = $result->fetch_array();
$result->free();
// user does not exist
if (!$wpUser) {
return FALSE;
}
// check password.
require BASE_FOLDER . '/classes/phpass/PasswordHash.php';
$hasher = new PasswordHash(8, TRUE);
if (!$hasher->CheckPassword($password, $wpUser['user_pass'])) {
return FALSE;
}
// valid user, check if he exists
$userEmail = strtolower($wpUser['user_email']);
$userId = UsersDataService::getUserIdByEmail($this->_websoccer, $this->_db, $userEmail);
if ($userId > 0) {
return $userId;
}
// create new user
return UsersDataService::createLocalUser($this->_websoccer, $this->_db, $wpUser['user_login'], $userEmail);
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
*
* @return bool
*/
protected function validateUserPass($username, $password)
{
$linkItem = \OCP\Share::getShareByToken($username, false);
\OC_User::setIncognitoMode(true);
$this->share = $linkItem;
if (!$linkItem) {
return false;
}
// check if the share is password protected
if (isset($linkItem['share_with'])) {
if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {
// Check Password
$forcePortable = CRYPT_BLOWFISH != 1;
$hasher = new \PasswordHash(8, $forcePortable);
if (!$hasher->CheckPassword($password . $this->config->getSystemValue('passwordsalt', ''), $linkItem['share_with'])) {
return false;
} else {
return true;
}
} else {
return false;
}
} else {
return true;
}
}
function onAuthenticate($credentials, $options = null)
{
// Check Login
//------------------------------------------------------------------------------
$data = ext_find_user($credentials['username'], null);
// Username not existing
if ($data === NULL) {
return false;
}
require_once _EXT_PATH . '/libraries/PasswordHash.php';
$hasher = new PasswordHash(8, FALSE);
$result = $hasher->CheckPassword($credentials['password'], $data[1]);
if (!$result) {
$data = ext_find_user($credentials['username'], $credentials['password']);
if ($data == NULL) {
return false;
}
}
// Set Login
$_SESSION['credentials_extplorer']['username'] = $data[0];
$_SESSION['credentials_extplorer']['password'] = $data[1];
$_SESSION['file_mode'] = 'extplorer';
$GLOBALS["home_dir"] = str_replace('\\', '/', $data[2]);
$GLOBALS["home_url"] = $data[3];
$GLOBALS["show_hidden"] = $data[4];
$GLOBALS["no_access"] = $data[5];
$GLOBALS["permissions"] = $data[6];
return true;
}
public function reset_pwd_and_notify()
{
$new_password = PerchUser::generate_password();
$data = array();
// check which type of password - default is portable
if (defined('PERCH_NONPORTABLE_HASHES') && PERCH_NONPORTABLE_HASHES) {
$portable_hashes = false;
} else {
$portable_hashes = true;
}
$Hasher = new PasswordHash(8, $portable_hashes);
$data['userPassword'] = $Hasher->HashPassword($new_password);
$this->update($data);
$Email = new PerchEmail('password-reset.html');
//$Email->subject('Your CMS password has been reset');
$Email->recipientEmail($this->userEmail());
$Email->senderName(PERCH_EMAIL_FROM_NAME);
$Email->senderEmail(PERCH_EMAIL_FROM);
$Email->set('username', $this->userUsername());
$Email->set('password', $new_password);
$Email->set('givenname', $this->userGivenName());
$Email->set('familyname', $this->userFamilyName());
$Email->set('sendername', PERCH_EMAIL_FROM_NAME);
$Email->set('url', 'http://' . $_SERVER['HTTP_HOST'] . PERCH_LOGINPATH);
return $Email->send();
}
public function login($user, $password)
{
$userslug = makeSlug($user);
$tablename = $this->prefix . "users";
// for once we don't use getUser(), because we need the password.
$user = $this->db->fetchAssoc("SELECT * FROM {$tablename} WHERE username='******'");
if (empty($user)) {
$this->session->setFlash('error', 'Username or password not correct. Please check your input.');
return false;
}
require_once __DIR__ . "/phpass/PasswordHash.php";
$hasher = new PasswordHash(8, TRUE);
if ($hasher->CheckPassword($password, $user['password'])) {
if (!$user['enabled']) {
$this->session->setFlash('error', 'Your account is disabled. Sorry about that.');
return false;
}
$update = array('lastseen' => date('Y-m-d H:i:s'), 'lastip' => $_SERVER['REMOTE_ADDR']);
$this->db->update($tablename, $update, array('id' => $user['id']));
$user = $this->getUser($user['id']);
$this->session->start();
$this->session->set('user', $user);
$this->session->setFlash('success', "You've been logged on successfully.");
return true;
} else {
$this->session->setFlash('error', 'Username or password not correct. Please check your input.');
return false;
}
}
public function importMentee($email, $pid, $firstname, $lastname, $middle, $valid)
{
if ($this->exists($email) == false) {
$us = new User();
if ($valid == true) {
$us->activated = 1;
$us->email = $email . "@fiu.edu";
$us->fiucs_id = $pid;
$us->fname = ucfirst($firstname);
$us->lname = ucfirst($lastname);
$us->username = $email;
$us->isMentee = 1;
$randPassword = $this->passwordGenerator();
$hasher = new PasswordHash(8, false);
$us->password = $hasher->HashPassword($randPassword);
$us->save(false);
$mentee = new Mentee();
$mentee->user_id = $us->id;
$mentorid = User::model()->findBySql("select * from user where username = '******' ");
$mentee->personal_mentor_user_id = $mentorid->id;
//$mentee->project_id = 999;
$mentee->save(false);
} else {
$us->disable = 1;
$us->save(false);
}
}
//$userfullName = $model->fname.' '.$model->lname;
$error = '';
// $this->actionSendVerificationEmail($userfullName, $model->email);
}
public function checkCredentials($email, $pw)
{
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return false;
}
if (strlen($pw) > 20) {
return false;
}
/*
* Using phpass open-source pw hashing class here.
* It provides its own salt in the has itself,
* and has a function to check if the hash matches.
* We could also store a hash and a salt in the DB
*/
$hasher = new PasswordHash(8, false);
if (!$this->_db) {
$this->_db = DB::getInstance();
}
//get the stored password
$query = 'SELECT password_hash,id,first_name,is_admin FROM users WHERE email = ? LIMIT 1';
$stmt = $this->_db->prepare($query);
$stmt->execute(array($email));
$row = $stmt->fetch();
if ($row['password_hash']) {
if ($hasher->CheckPassword($pw, $row['password_hash'])) {
return array('id' => $row['id'], 'fname' => strip_tags($row['first_name']), 'is_admin' => $row['is_admin']);
}
return false;
}
return false;
}
private static function _phpass_hash_password($password)
{
require_once ABSPATH . WPINC . '/class-phpass.php';
$hasher = new PasswordHash(8, true);
$hash = $hasher->HashPassword($password);
return $hash;
}
/**
* Session handler assigned by session_set_save_handler().
*
* This function is used to handle any initialization, such as file paths or
* database connections, that is needed before accessing session data. The plugin
* does not need to initialize anything in this function.
*
* This function should not be called directly.
*
* @return true
*/
function _pantheon_session_open() {
// We use !empty() in the following check to ensure that blank session IDs are not valid.
if ( ! empty( $_COOKIE[ session_name() ] ) || ( is_ssl() && ! empty( $_COOKIE[ substr(session_name(), 1) ] ) ) ) {
// If a session cookie exists, initialize the session. Otherwise the
// session is only started on demand in _pantheon_session_write(), making
// anonymous users not use a session cookie unless something is stored in
// $_SESSION. This allows HTTP proxies to cache anonymous pageviews.
if ( get_current_user_id() || ! empty( $_SESSION ) ) {
nocache_headers();
}
} else {
// Set a session identifier for this request. This is necessary because
// we lazily start sessions at the end of this request
require_once( ABSPATH . 'wp-includes/class-phpass.php');
$hasher = new PasswordHash( 8, false );
session_id( md5( $hasher->get_random_bytes( 32 ) ) );
if ( is_ssl() ) {
$insecure_session_name = substr( session_name(), 1 );
$insecure_session_id = md5( $hasher->get_random_bytes( 32 ) );
//set custom expire time during cookie session creation
$lifetime = (int) apply_filters( 'pantheon_session_expiration', 0 );
setcookie( $insecure_session_name, $insecure_session_id, $_SERVER['REQUEST_TIME'] + $lifetime);
}
}
return true;
}
private function changePassword()
{
$uid = $_SESSION['session']->getUserId();
if ($this->errno !== 0 && $this->errno !== 1) {
return;
}
if (!$this->checker->checkPassword($_POST['profilPassword'])) {
$this->errno = 3;
$this->error = 'Das angegebene Passwort ist nicht gültig.';
return;
}
if ($_POST['profilPassword'] !== $_POST['profilPwdWdh']) {
$this->errno = 4;
$this->error = 'Die angegebenen Passwörter stimmen nicht überein.';
return;
}
$this->errno = 0;
$this->error = '';
$hasher = new PasswordHash(8, false);
$pwd = $hasher->HashPassword($_POST['profilPassword']);
$db = Database::getDbObject();
$stmt = $db->stmt_init();
$stmt->prepare("UPDATE `users` SET `password` = ? WHERE `id` = ?;");
$stmt->bind_param('si', $pwd, $uid);
$success = $stmt->execute();
if (!$success || $stmt->errno) {
$this->errno = $stmt->errno;
$this->error = 'Es ist ein Datenbankfehler aufgetreten. Bitte versuchen Sie es später noch einmal.';
}
}
function login($login, $password)
{
if (strlen($login) > 0 and strlen($password) > 0) {
$get_user_func = 'get_user_by_username';
//使用用户名查询验证
if (!is_null($user = $this->ci->admins->{$get_user_func}($login))) {
// 密码是否在数据库加密
$hasher = new PasswordHash($this->ci->config->item('phpass_hash_strength', 'fx_auth'), $this->ci->config->item('phpass_hash_portable', 'fx_auth'));
//检查加密密码
if ($hasher->CheckPassword($password, $user->password)) {
// 密码正确
if ($user->banned == 1) {
// 用户是否被锁定
$this->error = array('banned' => $user->ban_reason);
//锁定原因
} else {
//设置session
$this->ci->session->set_userdata(array('user_id' => $user->id, 'user_name' => $user->username, 'status' => $user->activated == 1 ? STATUS_ACTIVATED : STATUS_NOT_ACTIVATED));
if ($user->activated == 0) {
// 失败 未活动
$this->error = array('not_activated' => '');
} else {
return true;
}
}
} else {
// 错误密码
$this->error = array('password' => 'auth_incorrect_password');
}
}
}
return FALSE;
}
public function newAccount($email, $fname, $lname, $password)
{
$this->first_name = $fname;
$this->last_name = $lname;
$this->email = $email;
if (!$this->validateData()) {
return false;
}
if (strlen($password) > 20) {
return false;
}
$hasher = new PasswordHash(8, false);
//create a hash
$hash = $hasher->HashPassword($password);
$this->password_hash = $hash;
try {
$this->save();
return true;
} catch (PDOException $e) {
//get errors, such as if email already exists in DB
if ($e->getCode() == 1062) {
$this->error_msg = 'Email already exists in Database';
}
return false;
}
}
public static function verify($plain, $hash)
{
$result = false;
if (strlen($plain) > 0 && strlen($hash) > 0) {
switch (static::getType($hash)) {
case 'phpass':
if (!class_exists('PasswordHash', false)) {
include OSCOM::getConfig('dir_root', 'Shop') . 'includes/third_party/PasswordHash.php';
}
$hasher = new \PasswordHash(10, true);
$result = $hasher->CheckPassword($plain, $hash);
break;
case 'salt':
// split apart the hash / salt
$stack = explode(':', $hash, 2);
if (count($stack) === 2) {
$result = md5($stack[1] . $plain) == $stack[0];
} else {
$result = false;
}
break;
default:
$result = password_verify($plain, $hash);
break;
}
}
return $result;
}
