function LoadConfig()
{
global $config;
$configTxt = file_get_contents("config/config.txt");
$lines = explode("\n", $configTxt);
$linesUpdated = array();
foreach ($lines as $i => $line) {
$line = trim($line);
if (StartsWith($line, "#")) {
//Comment
continue;
}
$linePair = explode("|", $line);
if (count($linePair) == 2) {
//key-value pair
$key = trim($linePair[0]);
$value = trim($linePair[1]);
$config[$key] = $value;
//Validate line
switch ($key) {
case "PEPPER":
if (strlen($value) < 1) {
//Generate pepper if none exists (first time site launch).
$config[$key] = GenerateSalt();
$lines[$i] = "{$key} | " . $config[$key];
file_put_contents("config/config.txt", implode("\n", $lines));
}
break;
case "SESSION_PASSWORD_ITERATIONS":
if (strlen($value) < 1) {
//Generate pepper if none exists (first time site launch).
$config[$key] = rand(10000, 20000);
$lines[$i] = "{$key} | " . $config[$key];
file_put_contents("config/config.txt", implode("\n", $lines));
} else {
$config[$key] = intval($value);
}
break;
default:
$linesUpdated[] = $line;
break;
}
}
}
}
function InitiateSession($database, $email)
{
$query = "SELECT id,pw_salt FROM users WHERE email='{$email}'";
$result = MySqlDatabaseQuery($database, $query);
$id = $result[0]['id'];
$salt = $result[0]['pw_salt'];
$_SESSION['session_key'] = GenerateSalt();
$query = "SELECT * FROM sessions WHERE id='{$id}'";
$result = MySqlDatabaseQuery($database, $query);
if (count($result) > 0) {
$query = "DELETE FROM sessions WHERE id='{$id}';INSERT INTO sessions SET id='{$id}', session_key='" . HashPassword($_SESSION['session_key'], $salt) . "';";
MySqlMultiQuery($database, $query, TRUE);
} else {
$query = "INSERT INTO sessions SET id='{$id}', session_key='" . HashPassword($_SESSION['session_key'], $salt) . "'";
MySqlDatabaseQuery($database, $query, TRUE);
}
setcookie("email", $email);
}
function EditUserPassword($username, $newPassword1, $newPassword2)
{
global $users, $dbConn;
//Authorize user (is admin)
if (IsAdmin() === false) {
die("Only admins can edit entries.");
}
$newPassword1 = trim($newPassword1);
$newPassword2 = trim($newPassword2);
if ($newPassword1 != $newPassword2) {
die("passwords don't match");
}
$password = $newPassword1;
//Check password length
if (strlen($password) < 8) {
die("password must be longer than 8 characters");
}
//Check that the user exists
if (!isset($users[$username])) {
die("User does not exist");
return;
}
//Generate new salt, number of iterations and hashed password.
$newUserSalt = GenerateSalt();
$newUserPasswordIterations = intval(rand(10000, 20000));
$newPasswordHash = HashPassword($password, $newUserSalt, $newUserPasswordIterations);
$users[$loggedInUser["username"]]["salt"] = $newUserSalt;
$users[$loggedInUser["username"]]["password_hash"] = $newPasswordHash;
$users[$loggedInUser["username"]]["password_iterations"] = $newUserPasswordIterations;
$newUserSaltClean = mysqli_real_escape_string($dbConn, $newUserSalt);
$newPasswordHashClean = mysqli_real_escape_string($dbConn, $newPasswordHash);
$newUserPasswordIterationsClean = mysqli_real_escape_string($dbConn, $newUserPasswordIterations);
$usernameClean = mysqli_real_escape_string($dbConn, $username);
$sql = "\t\n\t\tUPDATE user\n\t\tSET\n\t\tuser_password_salt = '{$newUserSaltClean}',\n\t\tuser_password_iterations = '{$newUserPasswordIterationsClean}',\n\t\tuser_password_hash = '{$newPasswordHashClean}'\n\t\tWHERE user_username = '******';\n\t";
$data = mysqli_query($dbConn, $sql);
$sql = "";
LoadUsers();
$loggedInUser = IsLoggedIn(TRUE);
}
FROM `users`
WHERE `login`='{$login}'
LIMIT 1";
$sql = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($sql)==1)
{
$error = true;
$errort .= 'Login already used.<br />';
}
// если ошибок нет, то добавляем юзаре в таблицу
if (!$error)
{
// генерируем соль и пароль
$salt = GenerateSalt();
$hashed_password = md5(md5($password) . $salt);
$query = "INSERT
INTO `users`
SET
`login`='{$login}',
`password`='{$hashed_password}',
`salt`='{$salt}'";
$sql = mysql_query($query) or die(mysql_error());
$query = "INSERT INTO `logs`(`action`, `user`, `timestamp`) VALUES ('REGISTER ADMIN: {$login}','{$_SESSION['login']}',NOW())";
$sql2 = mysql_query($query) or die(mysql_error());
?>
<!-- start message-green -->
<div id="msg">
function LoadConfig()
{
global $config, $dictionary, $configSettings;
$config = array();
//Clear any existing configuration.
$dictionary["CONFIG"] = array();
//Clear any config entries in the dictionary
$configTxt = file_get_contents("config/config.txt");
$lines = explode("\n", $configTxt);
$linesUpdated = array();
foreach ($lines as $i => $line) {
$line = trim($line);
if (StartsWith($line, "#")) {
//Comment
continue;
}
$linePair = explode("|", $line);
if (count($linePair) > 2) {
//Value includes | delimiter, merge value together into a single string.
$key = $linePair[0];
$properValue = $linePair[1];
for ($j = 2; $j < count($linePair); $j++) {
$properValue .= "|" . $linePair[$j];
}
$linePair = array();
$linePair[] = $key;
$linePair[] = $properValue;
}
if (count($linePair) == 2) {
//key-value pair
$key = trim($linePair[0]);
$value = trim($linePair[1]);
$config[$key] = $value;
//Store marked config entries into the site dictionary for use in templates.
if (StartsWith($key, "LANG_")) {
$dictKey = str_replace("LANG_", "CONFIG_", $key);
$dictionary[$dictKey] = $value;
}
//Store key-value pairs in the CONFIG part of the dictionary.
$configEntry = array("KEY" => $key, "VALUE" => htmlentities($value), "NAME" => $configSettings[$key]["NAME"]);
if ($configSettings[$key]["EDITABLE"] == FALSE) {
$configEntry["DISABLED"] = 1;
}
if ($configSettings[$key]["REQUIRED"] == TRUE) {
$configEntry["REQUIRED"] = 1;
}
switch ($configSettings[$key]["TYPE"]) {
case "TEXT":
$configEntry["TYPE_TEXT"] = 1;
break;
case "NUMBER":
$configEntry["TYPE_NUMBER"] = 1;
break;
case "TEXTAREA":
$configEntry["TYPE_TEXTAREA"] = 1;
break;
}
$dictionary["CONFIG"][] = $configEntry;
//Validate line
switch ($key) {
case "PEPPER":
if (strlen($value) < 1) {
//Generate pepper if none exists (first time site launch).
$config[$key] = GenerateSalt();
$lines[$i] = "{$key} | " . $config[$key];
file_put_contents("config/config.txt", implode("\n", $lines));
}
break;
case "SESSION_PASSWORD_ITERATIONS":
if (strlen($value) < 1) {
//Generate pepper if none exists (first time site launch).
$config[$key] = rand(10000, 20000);
$lines[$i] = "{$key} | " . $config[$key];
file_put_contents("config/config.txt", implode("\n", $lines));
} else {
$config[$key] = intval($value);
}
break;
default:
$linesUpdated[] = $line;
break;
}
}
}
}
function LogInUser($username, $password)
{
global $config;
$users = json_decode(file_get_contents("data/users.json"), true);
$username = strtolower(trim($username));
$password = trim($password);
//Check username length
if (strlen($username) < 2 || strlen($username) > 20) {
die("username must be between 2 and 20 characters");
}
//Check password length
if (strlen($password) < 8 || strlen($password) > 20) {
die("password must be between 8 and 20 characters");
}
if (!isset($users[$username])) {
die("User does not exist");
}
$user = $users[$username];
$correctPasswordHash = $user["password_hash"];
$userSalt = $user["salt"];
$userPasswordIterations = intval($user["password_iterations"]);
$passwordHash = HashPassword($password, $userSalt, $userPasswordIterations);
if ($correctPasswordHash == $passwordHash) {
//User password correct!
$sessionID = "" . GenerateSalt();
$pepper = isset($config["PEPPER"]) ? $config["PEPPER"] : "BetterThanNothing";
$sessionIDHash = HashPassword($sessionID, $pepper, $config["SESSION_PASSWORD_ITERATIONS"]);
setcookie("sessionID", $sessionID, time() + 60 * 60 * 24 * 30);
$_COOKIE["sessionID"] = $sessionID;
$sessions = array();
if (file_exists("data/sessions.json")) {
$sessions = json_decode(file_get_contents("data/sessions.json"), true);
}
$sessions[$sessionIDHash]["username"] = $username;
$sessions[$sessionIDHash]["datetime"] = time();
file_put_contents("data/sessions.json", json_encode($sessions));
} else {
//User password incorrect!
die("Incorrect username / password combination.");
}
}
/**
* генерация токена
* @param string $str
* @return string
*/
function GenerateSecurityToken($str)
{
// способ хэширования взят из форума и модуля Drupal vbbridge
$salt = GenerateSalt();
$token = md5(md5($str) . $salt);
return $token;
}
function PasswordEncrypt($password)
{
$hash_format = "\$2y\$10\$";
// Tells PHP to use Blowfish with a "cost" of 10
$salt_length = 22;
// Blowfish salts should be 22-characters or more
$salt = GenerateSalt($salt_length);
$format_and_salt = $hash_format . $salt;
$hash = crypt($password, $format_and_salt);
return $hash;
}
