function authenticate($username, $password) { $encrypted_old = md5($password); $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username)); if ($row['username'] && $row['username'] == $username) { // Migrate from old, unhashed password if ($row['password'] == $encrypted_old) { $row = dbFetchRow("DESCRIBE `users` `password`"); if ($row['Type'] == 'varchar(34)') { auth_change_password($username, $password); } return 1; } if ($row['password'] == crypt($password, $row['password'])) { return 1; } } session_logout(); return 0; }
include_once "auth.inc.php"; $result = array("error" => ""); $action = $_POST["action"]; if (!is_admin()) { $result["error"] = "musisz być administratorem"; die(json_encode($result)); } switch ($action) { case "remove": $username = $_POST["username"]; auth_remove_user($username); break; case "edit": $username = $_POST["username"]; $password = $_POST["password"]; $is_admin = $_POST["is_admin"]; if (!empty($password)) { auth_change_password($username, $password); } auth_change_is_admin($username, $is_admin == "true" ? 1 : 0); break; case "add": $username = $_POST["username"]; $password = $_POST["password"]; $is_admin = $_POST["is_admin"]; auth_add_user($username, $password, $is_admin == "true" ? 1 : 0); break; default: $result["error"] = "unknown command '{$action}'"; } echo utf8_encode(json_encode($result));
<?php include_once "auth.inc.php"; $result = array("error" => ""); $action = $_POST["action"]; switch ($action) { case "change_password": $old_password = $_POST["old_password"]; $new_password = $_POST["new_password"]; if (!is_logged()) { $result["error"] = "musisz się zalogować"; break; } if (!auth_check_password(username(), $old_password)) { $result["error"] = "stare hasło nie pasuje"; break; } auth_change_password(username(), $new_password); break; default: $result["error"] = "unknown command '{$action}'"; } echo utf8_encode(json_encode($result));
</div> </div> </div> </form> <?php if ($vars['user_id']) { if ($vars['action'] == "deleteuser") { include "pages/edituser/deleteuser.inc.php"; } else { // Perform actions if requested if (auth_can_change_password($user_data['username']) && $vars['action'] == "changepass") { if ($vars['new_pass'] == "" || $vars['new_pass2'] == "") { print_warning("密码不能留空."); } elseif ($vars['new_pass'] == $vars['new_pass2']) { auth_change_password($user_data['username'], $vars['new_pass']); print_message("密码已更改."); } else { print_error("密码不匹配!"); } } // FIXME broken PoS code. if ($vars['action'] == "becomeuser") { $_SESSION['origusername'] = $_SESSION['username']; $_SESSION['username'] = $user_data['username']; header('位置: ' . $config['base_url']); dbInsert(array('user' => $_SESSION['origusername'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => '成为 ' . $_SESSION['username']), 'authlog'); include "includes/authenticate.inc.php"; } if ($vars['action'] == "perm_del") { if (dbFetchCell("SELECT COUNT(*) FROM `entity_permissions` WHERE `entity_type` = ? AND `entity_id` = ? AND `user_id` = ?", array($vars['entity_type'], $vars['entity_id'], $vars['user_id']))) {
$navbar['options_right']['add']['url'] = '#add_contact_modal'; $navbar['options_right']['add']['link_opts'] = 'data-toggle="modal"'; $navbar['options_right']['add']['text'] = 'Add Contact'; $navbar['options_right']['add']['icon'] = 'oicon-mail--plus'; */ // Print out the navbar defined above print_navbar($navbar); unset($navbar); // Change password if ($vars['password'] == "save") { if (authenticate($_SESSION['username'], $vars['old_pass'])) { if ($vars['new_pass'] == "" || $vars['new_pass2'] == "") { print_warning("Password must not be blank."); } else { if ($vars['new_pass'] == $vars['new_pass2']) { auth_change_password($_SESSION['username'], $vars['new_pass']); print_success("Password Changed."); } else { print_warning("Passwords don't match."); } } } else { print_warning("Incorrect password"); } } unset($prefs); if (is_numeric($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; $prefs = get_user_prefs($user_id); // Reset RSS/Atom key if ($vars['atom_key'] == "toggle") {
* Copyright (C) 2006-2014, Adam Armstrong - http://www.observium.org * * @package observium * @subpackage webui * @author Adam Armstrong <*****@*****.**> * @copyright (C) 2006-2014 Adam Armstrong * */ $pagetitle[] = "User preferences"; // Change password if ($_POST['password'] == "save") { if (authenticate($_SESSION['username'], $_POST['old_pass'])) { if ($_POST['new_pass'] == "" || $_POST['new_pass2'] == "") { print_warning("Password must not be blank."); } elseif ($_POST['new_pass'] == $_POST['new_pass2']) { auth_change_password($_SESSION['username'], $_POST['new_pass']); print_success("Password Changed."); } else { print_warning("Passwords don't match."); } } else { print_warning("Incorrect password"); } } unset($prefs); if (is_numeric($_SESSION['user_id'])) { $user_id = $_SESSION['user_id']; $prefs = get_user_prefs($user_id); // Reset RSS/Atom key if ($_POST['atom_key'] == "toggle") { if (set_user_pref($user_id, 'atom_key', md5(strgen()))) {
</div> </div> </div> </form> <?php if ($vars['user_id']) { if ($vars['action'] == "deleteuser") { include "pages/edituser/deleteuser.inc.php"; } else { // Perform actions if requested if (auth_can_change_password($user_data['username']) && $vars['action'] == "changepass") { if ($_POST['new_pass'] == "" || $_POST['new_pass2'] == "") { print_warning("Password cannot be blank."); } elseif ($_POST['new_pass'] == $_POST['new_pass2']) { auth_change_password($user_data['username'], $_POST['new_pass']); print_message("Password Changed."); } else { print_error("Passwords don't match!"); } } // FIXME broken PoS code. if ($vars['action'] == "becomeuser") { $_SESSION['origusername'] = $_SESSION['username']; $_SESSION['username'] = $user_data['username']; header('Location: ' . $config['base_url']); dbInsert(array('user' => $_SESSION['origusername'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Became ' . $_SESSION['username']), 'authlog'); include "includes/authenticate.inc.php"; } if ($vars['action'] == "perm_del") { if (dbFetchCell("SELECT COUNT(*) FROM `entity_permissions` WHERE `entity_type` = ? AND `entity_id` = ? AND `user_id` = ?", array($vars['entity_type'], $vars['entity_id'], $vars['user_id']))) {