/** * Logs in a user. Returns boolean indicating the result. * * @param string $userName Username of the person logging in. * @param string $password Password in plain text of the person logging in. **/ function LoginUser($userName, $password) { if ($stmt = $this->dbConnect->prepare("SELECT password FROM usersinfo WHERE username=?")) { $stmt->bind_param("s", $userName); $stmt->execute(); $stmt->bind_result($hashedPassword); $stmt->fetch(); $stmt->close(); $pwdHasher = new PasswordHash(8, FALSE); $hashString = $pwdHasher->HashPassword($password); // Tests to determine if hashing is the issue with the login problem. /* $hashString = $pwdHasher->HashPassword($password); echo "The password entered is " . $password . "<br />"; echo "The hashed string is " . $hashString . "<br />"; echo "The hashed password to compare against is " . $hashedPassword; */ //if($pwdHasher->CheckPassword($password, $hashedPassword)) if ($pwdHasher->CheckPassword($hashString, $hashedPassword)) { } echo $userName; $_SESSION['username'] = $userName; return true; } return false; }
function do_x_post_password_cb() { //snag from wp-login.php:386-393 require_once ABSPATH . 'wp-includes/class-phpass.php'; // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); // 10 days setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['pass'])), time() + 864000, COOKIEPATH); //fake it so it's available in the loop below $_COOKIE['wp-postpass_' . COOKIEHASH] = $wp_hasher->HashPassword(stripslashes($_POST['pass'])); $q = new WP_Query("p={$_POST['pid']}"); if ($q->have_posts()) { while ($q->have_posts()) { $q->the_post(); // verifies password hash if (post_password_required()) { wp_send_json_error('Invalid password'); } // get post title ob_start(); the_title(sprintf('<a href="%s" rel="bookmark">', esc_url(get_permalink())), '</a>'); $title = ob_get_clean(); // get post content ob_start(); the_content(); $content = ob_get_clean(); } } wp_reset_postdata(); $return = array('title' => $title, 'content' => $content); wp_send_json_success($return); }
static function is_password_protected() { global $post; $private_post = array('allowed' => false, 'error' => ''); if (isset($_POST['submit_password'])) { // when we have a submision check the password and its submision if (isset($_POST['submit_password_nonce']) && wp_verify_nonce($_POST['submit_password_nonce'], 'password_protection')) { if (isset($_POST['post_password']) && !empty($_POST['post_password'])) { // some simple checks on password // finally test if the password submitted is correct if ($post->post_password === $_POST['post_password']) { $private_post['allowed'] = true; // ok if we have a correct password we should inform wordpress too // otherwise the mad dog will put the password form again in the_content() and other filters global $wp_hasher; if (empty($wp_hasher)) { require_once ABSPATH . 'wp-includes/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($_POST['post_password'])), 0, COOKIEPATH); } else { $private_post['error'] = '<h4 class="text--error">Wrong Password</h4>'; } } } } if (isset($_COOKIE['wp-postpass_' . COOKIEHASH]) && get_permalink() == wp_get_referer()) { $private_post['error'] = '<h4 class="text--error">Wrong Password</h4>'; } return $private_post; }
function on_before_validate($values) { if ($values['username'] == "" || $values['username'] == NULL) { $this->password_in_clear = $password = $this->random_password(); $ci = CI_Controller::get_instance(); $ci->load->helper('url'); $ci->load->library('session'); $ci->load->library('extemplate'); $ci->load->library("email"); $ci->load->config('tank_auth', TRUE); $hasher = new PasswordHash($ci->config->item('phpass_hash_strength', 'tank_auth'), $ci->config->item('phpass_hash_portable', 'tank_auth')); $hashed_password = $hasher->HashPassword($password); $values["password"] = $hashed_password; $values["created"] = datetime_now(); $values['username'] = trim($values['email']); $values["last_ip"] = $_SERVER['REMOTE_ADDR']; $data = $values; $data['site_name'] = 'http://www.ressphere.com'; $data['password'] = $this->password_in_clear; if ($ci->config->item('email_account_details')) { base::_begin_send_email('Welcome to', $data['email'], $data, $ci); } } return parent::on_before_validate($values); }
function wp_new_user_notification($user_id, $deprecated = null, $notify = '') { if ($deprecated !== null) { _deprecated_argument(__FUNCTION__, '4.3.1'); } // `$deprecated was pre-4.3 `$plaintext_pass`. An empty `$plaintext_pass` didn't sent a user notifcation. if ('admin' === $notify || empty($deprecated) && empty($notify)) { return; } global $wpdb, $wp_hasher; $user = get_userdata($user_id); // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); // Generate something random for a password reset key. $key = wp_generate_password(20, false); /** This action is documented in wp-login.php */ do_action('retrieve_password_key', $user->user_login, $key); // Now insert the key, hashed, into the DB. if (empty($wp_hasher)) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } $hashed = time() . ':' . $wp_hasher->HashPassword($key); $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login)); $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n"; $message .= __('To set your password, visit the following address:') . "\r\n\r\n"; $message .= '<' . network_site_url("wp-login.php?action=rp&key={$key}&login="******">\r\n\r\n"; $message .= wp_login_url() . "\r\n"; wp_mail($user->user_email, sprintf(__('[%s] Your username and password info'), $blogname), $message); }
public function run() { $tpl = new template(); $id = (int) $_GET['id']; $users = new users(); $clients = new clients(); if ($id && $id > 0) { $lead = $this->getLead($id); $contact = $this->getLeadContact($id); $values = array('user' => $contact['email'], 'password' => '', 'firstname' => '', 'lastname' => '', 'phone' => $contact['phone'], 'role' => 3, 'clientId' => $lead['clientId']); if (isset($_POST['save'])) { if (isset($_POST['user']) && isset($_POST['firstname']) && isset($_POST['lastname'])) { $hasher = new PasswordHash(8, TRUE); $values = array('user' => $_POST['user'], 'password' => $hasher->HashPassword($_POST['password']), 'firstname' => $_POST['firstname'], 'lastname' => $_POST['lastname'], 'phone' => $_POST['phone'], 'role' => $_POST['role'], 'clientId' => $_POST['clientId']); if ($users->usernameExist($values['user']) !== true) { $users->addUser($values); $tpl->setNotification('USER_CREATED', 'success'); } else { $tpl->setNotification('USERNAME_EXISTS', 'error'); } } else { $tpl->setNotification('MISSING_FIELDS', 'error'); } } $tpl->assign('values', $values); $tpl->assign('clients', $clients->getAll()); $tpl->assign('roles', $users->getRoles()); $tpl->display('leads.convertToUser'); } else { $tpl->display('general.error'); } }
/** * Check that the supplied password or key is valid for this user. * * @param string $password The password to verify * @return boolean */ public function checkPassword($password){ $hasher = new \PasswordHash(datastore::HASH_ITERATIONS); // The password for datastores are stored in the datastore. $currentpass = $this->_usermodel->get('password'); return $hasher->checkPassword($password, $currentpass); }
function check_login($user_id, $password) { session_destroy(); session_start(); $wp_host = "127.0.0.1"; $wp_port = "3306"; $wp_user = "******"; $wp_pass = "******"; $wp_db = "jol"; $wp_conn = mysql_connect($wp_host . ":" . $wp_port, $wp_user, $wp_pass); //$password=HashPassword($password); $ret = false; $wp_pre = "wp_"; $sql = "select * from " . $wp_pre . "users where user_login='******'"; if ($wp_conn) { mysql_select_db($wp_db, $wp_conn); $result = mysql_query($sql, $wp_conn); $row = mysql_fetch_array($result); if ($row) { $wp_hasher = new PasswordHash(8, TRUE); if ($wp_hasher->CheckPassword($password, $row['user_pass'])) { $ret = $user_id; $sql = "insert into users(user_id,ip,nick,school) values('" . mysql_real_escape_string($user_id) . "','','','') on DUPLICATE KEY UPDATE nick='" . mysql_real_escape_string($user_id) . "'"; mysql_query($sql); } } } return $ret; }
function phpass_check($user, $auth) { $CI =& get_instance(); $CI->load->library('PasswordHash'); $hasher = new PasswordHash(HASH_COST_LOG2, HASH_PORTABLE); return $hasher->CheckPassword($auth['password'], $user['password']); }
/** * Email login credentials to a newly-registered user. * * A new user registration notification is also sent to admin email. * * @since 2.0.0 * @since 4.3.0 The `$plaintext_pass` parameter was changed to `$notify`. * * @param int $user_id User ID. * @param string $notify Optional. Type of notification that should happen. Accepts 'admin' or an empty * string (admin only), or 'both' (admin and user). The empty string value was kept * for backward-compatibility purposes with the renamed parameter. Default empty. */ function wp_new_user_notification($user_id, $notify = '') { global $wpdb; $user = get_userdata($user_id); // The blogname option is escaped with esc_html on the way into the database in sanitize_option // we want to reverse this for the plain text arena of emails. $blogname = wp_specialchars_decode(get_option('blogname'), ENT_QUOTES); $message = sprintf(__('New user registration on your site %s:'), $blogname) . "\r\n\r\n"; $message .= sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n"; $message .= sprintf(__('E-mail: %s'), $user->user_email) . "\r\n"; @wp_mail(get_option('admin_email'), sprintf(__('[%s] New User Registration'), $blogname), $message); if ('admin' === $notify || empty($notify)) { return; } // Generate something random for a password reset key. $key = wp_generate_password(20, false); /** This action is documented in wp-login.php */ do_action('retrieve_password_key', $user->user_login, $key); // Now insert the key, hashed, into the DB. if (empty($wp_hasher)) { require_once ABSPATH . WPINC . '/class-phpass.php'; $wp_hasher = new PasswordHash(8, true); } $hashed = time() . ':' . $wp_hasher->HashPassword($key); $wpdb->update($wpdb->users, array('user_activation_key' => $hashed), array('user_login' => $user->user_login)); $message = sprintf(__('Username: %s'), $user->user_login) . "\r\n\r\n"; $message .= __('To set your password, visit the following address:') . "\r\n\r\n"; $message .= network_site_url("wp-login.php?action=rp&key={$key}&login="******"\r\n\r\n"; // $message .= wp_login_url() . "\r\n"; $message .= __('Make sure you click the RESET PASSWORD button to save your password.') . "\r\n\r\n"; wp_mail($user->user_email, sprintf(__('[%s] Your username and password info'), $blogname), $message); }
public static function setHash($uid, $password) { $partHash = self::getPreHash($uid, $password); $tHasher = new PasswordHash(self::PASSWORD_HASH_ITERATION_COUNT, FALSE); $hash = $tHasher->HashPassword($partHash); return $hash; }
function install() { if ($this->config->is_loaded) { die("Oops, there's already a config.php file. You'll need to remove it to run this installer."); } $password_min_length = 5; $password_max_length = 72; $form = new \Leeflets\Form($this->config, $this->router, $this->settings, 'install-form', array('elements' => array('credentials' => array('type' => 'fieldset', 'elements' => array('username' => array('type' => 'email', 'placeholder' => 'Email Address', 'class' => 'input-block-level', 'required' => true), 'password1' => array('type' => 'password', 'placeholder' => 'Password', 'class' => 'input-block-level', 'required' => true, 'validation' => array(array('callback' => 'min_length', 'msg' => 'Sorry, your password must be at least ' . $password_min_length . ' characters in length.', 'args' => array($password_min_length)), array('callback' => 'max_length', 'msg' => 'Sorry, your password can be no longer than ' . $password_max_length . ' characters in length.', 'args' => array($password_max_length)))), 'password2' => array('type' => 'password', 'placeholder' => 'Confirm Password', 'class' => 'input-block-level', 'required' => true, 'validation' => array(array('callback' => array($this, 'matching_passwords'), 'msg' => 'Your passwords do not match. Please enter matching passwords.', 'args' => array($_POST['password2']))))))))); if (!$this->filesystem->have_direct_access()) { $elements['warning'] = array('type' => 'html', 'value' => $this->view->get_partial('ftp-warning')); $elements['connection'] = $this->filesystem->get_connection_fields(array($this, '_check_connection'), true); } $elements['buttons'] = array('type' => 'fieldset', 'elements' => array('submit' => array('type' => 'button', 'button-type' => 'submit', 'class' => 'btn btn-primary', 'value' => 'Install Leeflets'))); $form->add_elements($elements); if ($form->validate()) { $hasher = new \PasswordHash(8, false); $data = array('username' => $_POST['credentials']['username'], 'password' => $hasher->HashPassword($_POST['credentials']['password1'])); $this->config->write($this->filesystem, $data); $htaccess = new \Leeflets\Htaccess($this->filesystem, $this->router, $this->config); $htaccess->write(); if (isset($_POST['connection']['type'])) { $this->settings->save_connection_info($_POST, $this->filesystem); } \Leeflets\Router::redirect($this->router->admin_url('/user/login/')); exit; } $args = compact('form'); $args['page-title'] = 'Install'; $args['layout'] = 'logged-out'; return $args; }
function correct_credentials($username, $password) { $rightPassword = false; try { // Pull in the password hash from the DB for this user $db = new PDO("sqlite:database/noiseFactionDatabase.db"); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $statement = $db->prepare("select passwordHash from Account where username = ?;"); $result = $statement->execute(array($username)); if ($result != 1) { throw new pdoDbException("Something's gone wrong with the prepared statement"); } else { $userTuple = $statement->fetch(PDO::FETCH_ASSOC); // If $userTuple is null, there is no account under that name if ($userTuple !== null) { $passwordHash = $userTuple["passwordHash"]; $hasher = new PasswordHash(8, FALSE); // This comes from PasswordHash.php $rightPassword = $hasher->CheckPassword($attempt, $passwordHash); } else { // What should we do here? $rightPassword = false; } } $db = null; } catch (PDOException $e) { echo 'Exception: ' . $e->getMessage(); } return $rightPassword; }
function register($email, $password, $first, $last) { global $db; $db->Prepare('SELECT id FROM `users` WHERE email=\'$0\''); $db->Execute($email); if ($db->RowCount() > 0) { return -1; } $hasher = new PasswordHash(8, false); $password = $hasher->HashPassword($password); $firstname = ucfirst($first); $lastname = ucfirst($last); $db->Prepare("INSERT INTO users (email, password, first_name, last_name, activated) VALUES ('\$0', '\$1', '\$2', '\$3', '\$4')"); $db->Execute(trim($email), $password, trim($firstname), trim($lastname), 0); $db->Prepare("SELECT LAST_INSERT_ID()"); $db->Execute(); $id = $db->Fetch(); $id = implode($id, ""); $db->Prepare("SELECT UUID()"); $db->Execute(); $uuid = $db->Fetch(); $uuid = str_replace("-", "", implode($uuid, "")); $uuid = substr($uuid, 0, 16); $db->Prepare("INSERT INTO activation_keys (`key`, user_id) VALUES ('\$0', '\$1')"); $db->Execute($uuid, $id); return $uuid; }
function newFund($username, $password, $xml_url, $user_email, $fundName, $numMembers, $stateLaw, $fundAddressCareOf, $fundAddressLevel, $fundAddressStreet, $fundAddressSuburb, $fundAddressState, $fundAddressPostcode, $teeMtgAddressLevel, $teeMtgAddressStreet, $teeMtgAddressSuburb, $teeMtgAddressState, $teeMtgAddressPostcode, $m1MemberNamePrefix, $m1MemberGivenNames, $m1MemberFamilyName, $m1MemberDOB, $m1MemberTFN, $m1AddressLevel, $m1AddressStreet, $m1AddressSuburb, $m1AddressState, $m1AddressPostcode, $m2MemberNamePrefix, $m2MemberGivenNames, $m2MemberFamilyName, $m2MemberDOB, $m2MemberTFN, $m2AddressLevel, $m2AddressStreet, $m2AddressSuburb, $m2AddressState, $m2AddressPostcode, $m3MemberNamePrefix, $m3MemberGivenNames, $m3MemberFamilyName, $m3MemberDOB, $m3MemberTFN, $m3AddressLevel, $m3AddressStreet, $m3AddressSuburb, $m3AddressState, $m3AddressPostcode, $m4MemberNamePrefix, $m4MemberGivenNames, $m4MemberFamilyName, $m4MemberDOB, $m4MemberTFN, $m4AddressLevel, $m4AddressStreet, $m4AddressSuburb, $m4AddressState, $m4AddressPostcode, $t2NonMemberNamePrefix, $t2NonMemberGivenNames, $t2NonMemberFamilyName, $t2NonMemberAddressLevel, $t2NonMemberAddressStreet, $t2NonMemberAddressSuburb, $t2NonMemberAddressState, $t2NonMemberAddressPostcode, $corpTeeName, $corpTeeACN, $corpTeeAddressCareOf, $corpTeeAddressLevel, $corpTeeAddressStreet, $corpTeeAddressSuburb, $corpTeeAddressState, $corpTeeAddressPostcode, $d2NonMemberNamePrefix, $d2NonMemberGivenNames, $d2NonMemberFamilyName, $d2NonMemberAddressLevel, $d2NonMemberAddressStreet, $d2NonMemberAddressSuburb, $d2NonMemberAddressState, $d2NonMemberAddressPostcode, $chairmanTrustee) { $ch = curl_init(); $timeout = 3600; curl_setopt($ch, CURLOPT_URL, $xml_url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET'); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); $data = curl_exec($ch); // $response = curl_getinfo($ch); curl_close($ch); $xml = simplexml_load_string($data); if (!simplexml_load_string($data) && !$xml) { global $wpdb; $wp_hasher = new PasswordHash(8, TRUE); $sql = "SELECT * FROM wp_users WHERE user_login = '******' "; $resultuser = $wpdb->get_results($sql); if ($resultuser) { foreach ($resultuser as $results) { if ($wp_hasher->CheckPassword($password, $results->user_pass)) { $unique = trim(com_create_guid(), '{}'); $result = $wpdb->insert('service_nsf', array('unique_code' => $unique, 'user_email' => $user_email, 'fundName' => $fundName, 'numMembers' => $numMembers, 'stateLaw' => $stateLaw, 'fundAddressCareOf' => $fundAddressCareOf, 'fundAddressLevel' => $fundAddressLevel, 'fundAddressStreet' => $fundAddressStreet, 'fundAddressSuburb' => $fundAddressSuburb, 'fundAddressState' => $fundAddressState, 'fundAddressPostcode' => $fundAddressPostcode, 'teeMtgAddressLevel' => $teeMtgAddressLevel, 'teeMtgAddressStreet' => $teeMtgAddressStreet, 'teeMtgAddressSuburb' => $teeMtgAddressSuburb, 'teeMtgAddressState' => $teeMtgAddressState, 'teeMtgAddressPostcode' => $teeMtgAddressPostcode, 'm1MemberNamePrefix' => $m1MemberNamePrefix, 'm1MemberGivenNames' => $m1MemberGivenNames, 'm1MemberFamilyName' => $m1MemberFamilyName, 'm1MemberDOB' => $m1MemberDOB, 'm1MemberTFN' => $m1MemberTFN, 'm1AddressLevel' => $m1AddressLevel, 'm1AddressStreet' => $m1AddressStreet, 'm1AddressSuburb' => $m1AddressSuburb, 'm1AddressState' => $m1AddressState, 'm1AddressPostcode' => $m1AddressPostcode, 'm2MemberNamePrefix' => $m2MemberNamePrefix, 'm2MemberGivenNames' => $m2MemberGivenNames, 'm2MemberFamilyName' => $m2MemberFamilyName, 'm2MemberDOB' => $m2MemberDOB, 'm2MemberTFN' => $m2MemberTFN, 'm2AddressLevel' => $m2AddressLevel, 'm2AddressStreet' => $m2AddressStreet, 'm2AddressSuburb' => $m2AddressSuburb, 'm2AddressState' => $m2AddressState, 'm2AddressPostcode' => $m2AddressPostcode, 'm3MemberNamePrefix' => $m3MemberNamePrefix, 'm3MemberGivenNames' => $m3MemberGivenNames, 'm3MemberFamilyName' => $m3MemberFamilyName, 'm3MemberDOB' => $m3MemberDOB, 'm3MemberTFN' => $m3MemberTFN, 'm3AddressLevel' => $m3AddressLevel, 'm3AddressStreet' => $m3AddressStreet, 'm3AddressSuburb' => $m3AddressSuburb, 'm3AddressState' => $m3AddressState, 'm3AddressPostcode' => $m3AddressPostcode, 'm4MemberNamePrefix' => $m4MemberNamePrefix, 'm4MemberGivenNames' => $m4MemberGivenNames, 'm4MemberFamilyName' => $m4MemberFamilyName, 'm4MemberDOB' => $m4MemberDOB, 'm4MemberTFN' => $m4MemberTFN, 'm4AddressLevel' => $m4AddressLevel, 'm4AddressStreet' => $m4AddressStreet, 'm4AddressSuburb' => $m4AddressSuburb, 'm4AddressState' => $m4AddressState, 'm4AddressPostcode' => $m4AddressPostcode, 't2NonMemberNamePrefix' => $t2NonMemberNamePrefix, 't2NonMemberGivenNames' => $t2NonMemberGivenNames, 't2NonMemberFamilyName' => $t2NonMemberFamilyName, 't2NonMemberAddressLevel' => $t2NonMemberAddressLevel, 't2NonMemberAddressStreet' => $t2NonMemberAddressStreet, 't2NonMemberAddressSuburb' => $t2NonMemberAddressSuburb, 't2NonMemberAddressState' => $t2NonMemberAddressState, 't2NonMemberAddressPostcode' => $t2NonMemberAddressPostcode, 'corpTeeName' => $corpTeeName, 'corpTeeACN' => $corpTeeACN, 'corpTeeAddressCareOf' => $corpTeeAddressCareOf, 'corpTeeAddressLevel' => $corpTeeAddressLevel, 'corpTeeAddressStreet' => $corpTeeAddressStreet, 'corpTeeAddressSuburb' => $corpTeeAddressSuburb, 'corpTeeAddressState' => $corpTeeAddressState, 'corpTeeAddressPostcode' => $corpTeeAddressPostcode, 'd2NonMemberNamePrefix' => $d2NonMemberNamePrefix, 'd2NonMemberGivenNames' => $d2NonMemberGivenNames, 'd2NonMemberFamilyName' => $d2NonMemberFamilyName, 'd2NonMemberAddressLevel' => $d2NonMemberAddressLevel, 'd2NonMemberAddressStreet' => $d2NonMemberAddressStreet, 'd2NonMemberAddressSuburb' => $d2NonMemberAddressSuburb, 'd2NonMemberAddressState' => $d2NonMemberAddressState, 'd2NonMemberAddressPostcode' => $d2NonMemberAddressPostcode, 'chairmanTrustee' => $chairmanTrustee), array('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')); return array('unique_code' => $unique); } else { return array('username' => 'Invalid username or password1'); } } } else { return array('username' => 'Invalid username or password2' . $result); } } else { return @nsf_parser($username, $password, $xml_url); } }
public function authenticate() { error_log("authenticating", 0); $is_authenticated = 0; $associatedUserId = -1; if (isset($_POST["mac"])) { error_log("mac address auth:" . $_POST["mac"], 0); $mac = $_POST["mac"]; $this->load->model("usermodel"); $associatedUserId = $this->usermodel->getUserIdFromMACAddress($mac); } if ($associatedUserId > 0) { $is_authenticated = 1; } else { if (isset($_POST['u']) && isset($_POST['p'])) { $password = $_POST['p']; $this->db->where('user_login', $_POST['u']); $query = $this->db->get('wpmember_users'); $results = $query->result(); if (count($results) > 0) { $hash = $results[0]->user_pass; require_once MEMBERINCLUDEPATH . '/wp-includes/class-phpass.php'; $wp_hasher = new PasswordHash(8, TRUE); $check = $wp_hasher->CheckPassword($password, $hash); $is_authenticated = $check; error_log("authentication" . $check, 0); } } } echo $is_authenticated; }
public function authenticate() { $passwordHasher = new PasswordHash(Yii::app()->params['phpass']['iteration_count_log2'], Yii::app()->params['phpass']['portable_hashes']); if (null === $this->_user) { $this->errorCode = self::ERROR_NOT_FOUND; } else { if (User::DISABLED === $this->_user->status) { $this->errorCode = self::ERROR_DISABLED; } else { if (null === $this->_user->password_hash) { $this->errorCode = self::ERROR_PASSWORD_NOT_SET; } else { if ($passwordHasher->CheckPassword($this->_user->password_hash, $this->_password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { $this->errorCode = self::ERROR_NONE; } } } } if (self::ERROR_NONE !== $this->errorCode) { return $this->errorCode; } $this->setState('isAdmin', $this->_user->is_admin); return self::ERROR_NONE; }
private function _authenticate($queryWhereCondition, $loginStr, $password) { // query user in Joomla table $result = $this->_db->querySelect('user_login,user_email,user_pass', $this->_websoccer->getConfig('wordpresslogin_tableprefix') . 'users', 'user_status = 0 AND ' . $queryWhereCondition, $loginStr); $wpUser = $result->fetch_array(); $result->free(); // user does not exist if (!$wpUser) { return FALSE; } // check password. require BASE_FOLDER . '/classes/phpass/PasswordHash.php'; $hasher = new PasswordHash(8, TRUE); if (!$hasher->CheckPassword($password, $wpUser['user_pass'])) { return FALSE; } // valid user, check if he exists $userEmail = strtolower($wpUser['user_email']); $userId = UsersDataService::getUserIdByEmail($this->_websoccer, $this->_db, $userEmail); if ($userId > 0) { return $userId; } // create new user return UsersDataService::createLocalUser($this->_websoccer, $this->_db, $wpUser['user_login'], $userEmail); }
/** * Validates a username and password * * This method should return true or false depending on if login * succeeded. * * @param string $username * @param string $password * * @return bool */ protected function validateUserPass($username, $password) { $linkItem = \OCP\Share::getShareByToken($username, false); \OC_User::setIncognitoMode(true); $this->share = $linkItem; if (!$linkItem) { return false; } // check if the share is password protected if (isset($linkItem['share_with'])) { if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) { // Check Password $forcePortable = CRYPT_BLOWFISH != 1; $hasher = new \PasswordHash(8, $forcePortable); if (!$hasher->CheckPassword($password . $this->config->getSystemValue('passwordsalt', ''), $linkItem['share_with'])) { return false; } else { return true; } } else { return false; } } else { return true; } }
function onAuthenticate($credentials, $options = null) { // Check Login //------------------------------------------------------------------------------ $data = ext_find_user($credentials['username'], null); // Username not existing if ($data === NULL) { return false; } require_once _EXT_PATH . '/libraries/PasswordHash.php'; $hasher = new PasswordHash(8, FALSE); $result = $hasher->CheckPassword($credentials['password'], $data[1]); if (!$result) { $data = ext_find_user($credentials['username'], $credentials['password']); if ($data == NULL) { return false; } } // Set Login $_SESSION['credentials_extplorer']['username'] = $data[0]; $_SESSION['credentials_extplorer']['password'] = $data[1]; $_SESSION['file_mode'] = 'extplorer'; $GLOBALS["home_dir"] = str_replace('\\', '/', $data[2]); $GLOBALS["home_url"] = $data[3]; $GLOBALS["show_hidden"] = $data[4]; $GLOBALS["no_access"] = $data[5]; $GLOBALS["permissions"] = $data[6]; return true; }
public function reset_pwd_and_notify() { $new_password = PerchUser::generate_password(); $data = array(); // check which type of password - default is portable if (defined('PERCH_NONPORTABLE_HASHES') && PERCH_NONPORTABLE_HASHES) { $portable_hashes = false; } else { $portable_hashes = true; } $Hasher = new PasswordHash(8, $portable_hashes); $data['userPassword'] = $Hasher->HashPassword($new_password); $this->update($data); $Email = new PerchEmail('password-reset.html'); //$Email->subject('Your CMS password has been reset'); $Email->recipientEmail($this->userEmail()); $Email->senderName(PERCH_EMAIL_FROM_NAME); $Email->senderEmail(PERCH_EMAIL_FROM); $Email->set('username', $this->userUsername()); $Email->set('password', $new_password); $Email->set('givenname', $this->userGivenName()); $Email->set('familyname', $this->userFamilyName()); $Email->set('sendername', PERCH_EMAIL_FROM_NAME); $Email->set('url', 'http://' . $_SERVER['HTTP_HOST'] . PERCH_LOGINPATH); return $Email->send(); }
public function login($user, $password) { $userslug = makeSlug($user); $tablename = $this->prefix . "users"; // for once we don't use getUser(), because we need the password. $user = $this->db->fetchAssoc("SELECT * FROM {$tablename} WHERE username='******'"); if (empty($user)) { $this->session->setFlash('error', 'Username or password not correct. Please check your input.'); return false; } require_once __DIR__ . "/phpass/PasswordHash.php"; $hasher = new PasswordHash(8, TRUE); if ($hasher->CheckPassword($password, $user['password'])) { if (!$user['enabled']) { $this->session->setFlash('error', 'Your account is disabled. Sorry about that.'); return false; } $update = array('lastseen' => date('Y-m-d H:i:s'), 'lastip' => $_SERVER['REMOTE_ADDR']); $this->db->update($tablename, $update, array('id' => $user['id'])); $user = $this->getUser($user['id']); $this->session->start(); $this->session->set('user', $user); $this->session->setFlash('success', "You've been logged on successfully."); return true; } else { $this->session->setFlash('error', 'Username or password not correct. Please check your input.'); return false; } }
public function importMentee($email, $pid, $firstname, $lastname, $middle, $valid) { if ($this->exists($email) == false) { $us = new User(); if ($valid == true) { $us->activated = 1; $us->email = $email . "@fiu.edu"; $us->fiucs_id = $pid; $us->fname = ucfirst($firstname); $us->lname = ucfirst($lastname); $us->username = $email; $us->isMentee = 1; $randPassword = $this->passwordGenerator(); $hasher = new PasswordHash(8, false); $us->password = $hasher->HashPassword($randPassword); $us->save(false); $mentee = new Mentee(); $mentee->user_id = $us->id; $mentorid = User::model()->findBySql("select * from user where username = '******' "); $mentee->personal_mentor_user_id = $mentorid->id; //$mentee->project_id = 999; $mentee->save(false); } else { $us->disable = 1; $us->save(false); } } //$userfullName = $model->fname.' '.$model->lname; $error = ''; // $this->actionSendVerificationEmail($userfullName, $model->email); }
public function checkCredentials($email, $pw) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { return false; } if (strlen($pw) > 20) { return false; } /* * Using phpass open-source pw hashing class here. * It provides its own salt in the has itself, * and has a function to check if the hash matches. * We could also store a hash and a salt in the DB */ $hasher = new PasswordHash(8, false); if (!$this->_db) { $this->_db = DB::getInstance(); } //get the stored password $query = 'SELECT password_hash,id,first_name,is_admin FROM users WHERE email = ? LIMIT 1'; $stmt = $this->_db->prepare($query); $stmt->execute(array($email)); $row = $stmt->fetch(); if ($row['password_hash']) { if ($hasher->CheckPassword($pw, $row['password_hash'])) { return array('id' => $row['id'], 'fname' => strip_tags($row['first_name']), 'is_admin' => $row['is_admin']); } return false; } return false; }
private static function _phpass_hash_password($password) { require_once ABSPATH . WPINC . '/class-phpass.php'; $hasher = new PasswordHash(8, true); $hash = $hasher->HashPassword($password); return $hash; }
/** * Session handler assigned by session_set_save_handler(). * * This function is used to handle any initialization, such as file paths or * database connections, that is needed before accessing session data. The plugin * does not need to initialize anything in this function. * * This function should not be called directly. * * @return true */ function _pantheon_session_open() { // We use !empty() in the following check to ensure that blank session IDs are not valid. if ( ! empty( $_COOKIE[ session_name() ] ) || ( is_ssl() && ! empty( $_COOKIE[ substr(session_name(), 1) ] ) ) ) { // If a session cookie exists, initialize the session. Otherwise the // session is only started on demand in _pantheon_session_write(), making // anonymous users not use a session cookie unless something is stored in // $_SESSION. This allows HTTP proxies to cache anonymous pageviews. if ( get_current_user_id() || ! empty( $_SESSION ) ) { nocache_headers(); } } else { // Set a session identifier for this request. This is necessary because // we lazily start sessions at the end of this request require_once( ABSPATH . 'wp-includes/class-phpass.php'); $hasher = new PasswordHash( 8, false ); session_id( md5( $hasher->get_random_bytes( 32 ) ) ); if ( is_ssl() ) { $insecure_session_name = substr( session_name(), 1 ); $insecure_session_id = md5( $hasher->get_random_bytes( 32 ) ); //set custom expire time during cookie session creation $lifetime = (int) apply_filters( 'pantheon_session_expiration', 0 ); setcookie( $insecure_session_name, $insecure_session_id, $_SERVER['REQUEST_TIME'] + $lifetime); } } return true; }
private function changePassword() { $uid = $_SESSION['session']->getUserId(); if ($this->errno !== 0 && $this->errno !== 1) { return; } if (!$this->checker->checkPassword($_POST['profilPassword'])) { $this->errno = 3; $this->error = 'Das angegebene Passwort ist nicht gültig.'; return; } if ($_POST['profilPassword'] !== $_POST['profilPwdWdh']) { $this->errno = 4; $this->error = 'Die angegebenen Passwörter stimmen nicht überein.'; return; } $this->errno = 0; $this->error = ''; $hasher = new PasswordHash(8, false); $pwd = $hasher->HashPassword($_POST['profilPassword']); $db = Database::getDbObject(); $stmt = $db->stmt_init(); $stmt->prepare("UPDATE `users` SET `password` = ? WHERE `id` = ?;"); $stmt->bind_param('si', $pwd, $uid); $success = $stmt->execute(); if (!$success || $stmt->errno) { $this->errno = $stmt->errno; $this->error = 'Es ist ein Datenbankfehler aufgetreten. Bitte versuchen Sie es später noch einmal.'; } }
function login($login, $password) { if (strlen($login) > 0 and strlen($password) > 0) { $get_user_func = 'get_user_by_username'; //使用用户名查询验证 if (!is_null($user = $this->ci->admins->{$get_user_func}($login))) { // 密码是否在数据库加密 $hasher = new PasswordHash($this->ci->config->item('phpass_hash_strength', 'fx_auth'), $this->ci->config->item('phpass_hash_portable', 'fx_auth')); //检查加密密码 if ($hasher->CheckPassword($password, $user->password)) { // 密码正确 if ($user->banned == 1) { // 用户是否被锁定 $this->error = array('banned' => $user->ban_reason); //锁定原因 } else { //设置session $this->ci->session->set_userdata(array('user_id' => $user->id, 'user_name' => $user->username, 'status' => $user->activated == 1 ? STATUS_ACTIVATED : STATUS_NOT_ACTIVATED)); if ($user->activated == 0) { // 失败 未活动 $this->error = array('not_activated' => ''); } else { return true; } } } else { // 错误密码 $this->error = array('password' => 'auth_incorrect_password'); } } } return FALSE; }
public function newAccount($email, $fname, $lname, $password) { $this->first_name = $fname; $this->last_name = $lname; $this->email = $email; if (!$this->validateData()) { return false; } if (strlen($password) > 20) { return false; } $hasher = new PasswordHash(8, false); //create a hash $hash = $hasher->HashPassword($password); $this->password_hash = $hash; try { $this->save(); return true; } catch (PDOException $e) { //get errors, such as if email already exists in DB if ($e->getCode() == 1062) { $this->error_msg = 'Email already exists in Database'; } return false; } }
public static function verify($plain, $hash) { $result = false; if (strlen($plain) > 0 && strlen($hash) > 0) { switch (static::getType($hash)) { case 'phpass': if (!class_exists('PasswordHash', false)) { include OSCOM::getConfig('dir_root', 'Shop') . 'includes/third_party/PasswordHash.php'; } $hasher = new \PasswordHash(10, true); $result = $hasher->CheckPassword($plain, $hash); break; case 'salt': // split apart the hash / salt $stack = explode(':', $hash, 2); if (count($stack) === 2) { $result = md5($stack[1] . $plain) == $stack[0]; } else { $result = false; } break; default: $result = password_verify($plain, $hash); break; } } return $result; }