} } fclose($fr); if (!rename($file_write, '../inc/config.php')) { sendBack('Failed to move config file'); } } else { if (!is_readable($file_read)) { die('Config file is not readable or writeable'); } } } else { die('Config file does not exist'); } ## Setup the random information for the original admin user ## $user_salt = genSalt(12); $user_pw = randPass(10); $pass_hash = genPw($user_pw, $user_salt); ## Add user to the database $result = $dbl->addUser('admin', 'Admin', $email, $pass_hash, $user_salt, 2, 1); if (!$result) { sendBack('Their was a problem adding the admin user to the admin tables, please check the users table exists in your Echelon database'); } ## Send the admin their email ## $body = '<html><body>'; $body .= '<h2>Echelon Admin User Information</h2>'; $body .= 'This is the admin user login informtion.<br />'; $body .= 'Username: <b>admin</b><br />'; $body .= 'Password: <b>' . $user_pw . "</b><br />"; $body .= 'If you have not already, please entirely remove the install folder from Echelon (/echelon/install/).<br />'; $body .= 'Thank you for downloading and installing Echelon, <br />';
function hashPass($pass) { // A higher "cost" is more secure but consumes more processing power $cost = 5; // Create a random salt $salt = genSalt(); // Prefix information about the hash so PHP knows how to verify it later. // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter. $salt = sprintf("\$2a\$%02d\$", $cost) . $salt; // Hash the password with the salt $hash = crypt($pass, $salt); return $hash; }
function encrypt_password($password, $EncryptInfoInOutput = TRUE, $existing_password = FALSE) { switch (PASSWD_ENC) { case "clear": # do nothing $encryption_Info = ''; break; case "crypt": // old not correct crypt: if ($existing_password !== FALSE and !empty($existing_password)) { $password = crypt($password, $existing_password); NConf_DEBUG::set("Encrypting password using existing password as salt(" . $existing_password . "): " . $password, 'DEBUG', "encrypt_password"); } elseif ($existing_password === FALSE) { $password = crypt($password, genSalt()); NConf_DEBUG::set("Encrypting password: "******"encrypt_password"); } else { NConf_DEBUG::set("error", 'DEBUG', "encrypt_password"); } $encryption_Info = "{CRYPT}"; break; case "md5": $password = md5($password); NConf_DEBUG::set("Encrypting password: "******"encrypt_password"); $encryption_Info = "{MD5}"; break; case "sha": $password = sha1($password); NConf_DEBUG::set("Encrypting password: "******"encrypt_password"); $encryption_Info = "{SHA1}"; break; } if ($EncryptInfoInOutput) { $password = $encryption_Info . $password; } return $password; }
function genPass($para_arr, $hash = 'DES') { if ($hash == 'SHA') { return '{SHA}' . base64_encode(pack('H*', sha1($para_arr['passwd']))); //return ('{SHA}' . base64_encode(sha1($para_arr['passwd'], TRUE)) ); } if ($hash == 'MD5') { return cryptMD5Pass($para_arr['passwd'], $para_arr['salt']); } if ($hash == 'DES') { return md5($para_arr['user'] . ':' . $para_arr['realm'] . ':' . $para_arr['passwd']); } if (!$passwd) { // Return what we were given // If calling this directly, do something like // $enc_pass = $Htpasswd->cryptPass($pass); // if (empty($enc_pass)) { BARF! } // You should really verify the data before calling // this though - I do. return ""; } if (!empty($salt)) { //# Make sure only use 2 chars $salt = substr($salt, 0, 2); } else { // If no salt, generate a (pseudo) random one $salt = genSalt(); } return crypt($passwd, $salt); }
emptyInput($display, 'display name'); emptyInput($username, 'username'); emptyInput($pw1, 'your new password'); // check the new email address is a valid email address if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { sendBack('That email address is not valid'); } ## Check if key and email are valid ## $valid_key = $dbl->verifyRegKey($key, $email, $key_expire); if (!$valid_key && key == "0") { // if the key sent is a valid one sendBack('The key or email you submitted are not valid.'); } ## Add user to users table ## // generate a new salt for the user $salt = genSalt(); // find the hash of the supplied password and the new salt $password = genPW($pw1, $salt); if ($valid_key) { $results = $dbl->getGroupAndIdWithKey($key); // find the permissions for the user that are assoc with the sent key $group = $results[0]; // perms for user $admin_id = $results[1]; // id of the admin who added this user } else { //self registered if ($config['cosmos']['self_reg'] != 'true') { sendBack('Self registration is disabled!'); } $group = 1;
/** * Creates a new account * @param string $username * @param string $password * @param array $specialArr More information key=db-column values=value * @param string $language * @return bool, int on failure */ public function create_user($username, $password, $specialArr = array(), $language = 'default') { global $db; if ($language == 'default') { $language = $this->_config['defaultlang']; } //TODO check if language exists if ($this->userExists($username)) { return -1; } $pwsalt = genSalt($password); $names = '`username`, `password`, `password_salt`'; $values = "'" . $db->escape($username) . "', '" . $pwsalt[0] . "', '" . $pwsalt[1] . "'"; $result = $db->query("INSERT INTO `user` (" . $names . ") VALUES (" . $values . ")"); if (!$db->Affected_Rows()) { return -2; } return true; }
/** * Takes password and generates salt and hash. Then updates their password in the DB * * @param string $password - the new password the user * @param int $user_id - the id of the user that is being edited * @param int $min_pw_len - min len of password * @return bool(true)/string(error) */ function genAndSetNewPW($password, $user_id, $min_pw_len) { // get the DB instance pointer $dbl = DBL::getInstance(); // check that the supplied password meets the required password policy for strong passwords if (!$this->pwStrength($password, $min_pw_len)) { // false: not strong enough return 'The password you supplied is not strong enough, a password must be longer than ' . $min_pw_len . ' character and should follow this <a href="http://echelon.bigbrotherbot.net/pw/" title="Echelon Password Policy">policy</a>.'; } // generate a new salt for the user $salt_new = genSalt(); // find the hash of the supplied password and the new salt $password_hash = genPW($password, $salt_new); // update the user with new password and new salt $results_pw = $dbl->editMePW($password_hash, $salt_new, $user_id); if ($results_pw == false) { return 'There was an error changing your password'; } else { return true; } }
//code by Eric A. Meyer, license CC BY-SA echo '<script type="text/javascript">function encode() { var obj = document.getElementById("dencoder"); var unencoded = obj.value; obj.value = encodeURIComponent(unencoded); } function decode() { var obj = document.getElementById("dencoder"); var encoded = obj.value; obj.value = decodeURIComponent(encoded.replace(/\\+/g, " ")); } </script>'; echo "<font color='blue'>---> Text encoderz/decoderz</font><br><br>"; echo "fast URL-encoder:<br>"; echo '<form onsubmit="return false;" action="javascript;"><textarea cols="80" rows="4" id="dencoder"></textarea><div><input type="button" onclick="decode()" value="Decode"> <input type="button" onclick="encode()" value="Encode"></div></form>'; echo "<br>other encoders: "; $cryptform = "<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">\n <input name=\"p\" type=\"hidden\" value=\"e\">\n <textarea name=\"text\" cols=\"80\" rows=\"4\">"; if (isset($_POST["text"])) { $cryptform .= $_POST["text"]; $hash = $_POST['hash']; $hash1 = $_POST['hash1']; $hash2 = $_POST['hash2']; } else { $hash = genSalt('zxcv', 8); $hash1 = genSalt('zxcv', 8); $hash2 = genSalt('zxcv', 6, 1); } $cryptform .= "</textarea><br>\n <select name=\"cryptmethod\"> \n <option value=\"asc2hex\"" . ($_POST["cryptmethod"] == "asc2hex" ? " selected" : "") . ">ASCII to Hex</option> \n <option value=\"hex2asc\"" . ($_POST["cryptmethod"] == "hex2asc" ? " selected" : "") . ">Hex to ASCII</option> \n <option value=\"b64enc\"" . ($_POST["cryptmethod"] == "b64enc" ? " selected" : "") . ">Base64 Encode</option> \n <option value=\"b64dec\"" . ($_POST["cryptmethod"] == "b64dec" ? " selected" : "") . ">Base64 Decode</option> \n <option value=\"crypt\"" . ($_POST["cryptmethod"] == "crypt" ? " selected" : "") . ">DES</option> \n <option value=\"entityenc\"" . ($_POST["cryptmethod"] == "entityenc" ? " selected" : "") . ">HTML Entities Encode</option> \n <option value=\"entitydec\"" . ($_POST["cryptmethod"] == "entitydec" ? " selected" : "") . ">HTML Entities Decode</option> \n <option value=\"md5\"" . ($_POST["cryptmethod"] == "md5" ? " selected" : "") . ">MD5</option>\n <option value=\"md5md5\"" . ($_POST["cryptmethod"] == "md5md5" ? " selected" : "") . ">MD5(MD5)</option>\n <option value=\"md5unix\"" . ($_POST["cryptmethod"] == "md5unix" ? " selected" : "") . ">MD5(Unix - \$1\$)</option>\n <option value=\"md5wp\"" . ($_POST["cryptmethod"] == "md5wp" ? " selected" : "") . ">MD5(WordPress - \$P\$B)</option>\n <option value=\"md5bb\"" . ($_POST["cryptmethod"] == "md5bb" ? " selected" : "") . ">MD5(PHPBB3 - \$H\$9)</option>\n <option value=\"md5apr\"" . ($_POST["cryptmethod"] == "md5apr" ? " selected" : "") . ">MD5(APR1 - \$apr1\$)</option>\n <option value=\"blowfish\"" . ($_POST["cryptmethod"] == "blowfish" ? " selected" : "") . ">Blowfish - \$2a\$</option>\n <option value=\"sha1\"" . ($_POST["cryptmethod"] == "sha1" ? " selected" : "") . ">SHA1</option>\n <option value=\"sha256\"" . ($_POST["cryptmethod"] == "sha256" ? " selected" : "") . ">SHA256 - \$5\$</option>\n <option value=\"sha512\"" . ($_POST["cryptmethod"] == "sha512" ? " selected" : "") . ">SHA512 - \$6\$</option>\n <option value=\"mysql4\"" . ($_POST["cryptmethod"] == "mysql4" ? " selected" : "") . ">MySQL4</option>\n <option value=\"mysql5\"" . ($_POST["cryptmethod"] == "mysql5" ? " selected" : "") . ">MySQL5</option>\n </select> salt: <input type=\"text\" name=\"hash\" size=\"9\" maxlength=\"8\" value=\"" . $hash . "\"> <input type=\"text\" name=\"hash1\" size=\"9\" maxlength=\"8\" value=\"" . $hash1 . "\"> <input type=\"text\" name=\"hash2\" size=\"7\" maxlength=\"6\" value=\"" . $hash2 . "\"> <font color=\"gray\">(salt needed for: md5(unix,wordpress,phpbb3,apr1) - 8 symbols, sha(256,512) - 16 symbols, and blowfish - 22 symbols. ignore these fields if you use other algorithms)</font><br>\n <input type=\"submit\" name=\"crypt\" value=\"go\"> \n </form>"; echo $cryptform; if (isset($_POST['crypt'])) { $text = $_POST['text']; if ($text == '') { die("<p>empty form</p>\n" . $pageend . ""); } $hash = $_POST['hash']; $hash1 = $_POST['hash1']; $hash2 = $_POST['hash2']; echo "--><br><textarea cols=\"80\" rows=\"4\">"; switch ($_POST['cryptmethod']) { case "asc2hex": $text = asc2hex($text);
<?php session_start(); require_once "Mail.php"; include "inc/conn.php"; include "inc/functions.php"; include 'Smarty.class.php'; $q = $dbh->prepare("SELECT tytul FROM film"); $q->execute(); $total = $q->rowCount(); $site = new Smarty(); $site->assign('site_title', 'Baza filmów'); $site->assign('total_cnt', $total); try { if (isset($_POST["login"], $_POST["pass"], $_POST["repass"], $_POST["email"])) { if ($_POST["pass"] == $_POST["repass"]) { $md5_pass = encPass(genSalt(), $_POST["pass"]); $confirm_code = genConfirmCode(); $query = $dbh->prepare("INSERT INTO users(login,pass,email,aktywny,confirm) VALUES(?,?,?,?,?)"); $query->execute(array($_POST["login"], $md5_pass, $_POST["email"], 0, $confirm_code)); sendConfirmURL($_POST["email"], 'newuser', $confirm_code, $_POST["login"], $_POST["pass"]); $site->assign('result', 'success'); } else { $site->assign('result', 'fail'); } } } catch (PDOException $e) { echo 'Connection failed: ', $e->getMessage(); } $site->display('register.tpl');
echo "connect is fail!"; } else { if (strlen($pass) > 0 && strlen($newPass) > 0 && strlen($reNewPass) > 0) { $pass = clean($pass); $newPass = clean($newPass); $reNewPass = clean($reNewPass); $return_pass = $dbContoller->selectPassword(); if ($return_pass) { echo $return_pass["salt"]; $salt = $return_pass["salt"]; //echo $salt . "<br/>"; $hash_string = createHash($salt, $pass); if ($hash_string == $return_pass["password"]) { echo $hash_string; if ($newPass == $reNewPass) { $newSalt = genSalt(); $newPass = createHash($newSalt, $newPass); $update = $dbContoller->updatePassword($newPass, $newSalt); if ($update) { header("location: index.html"); } else { echo "fail"; } } $dbContoller->dbClose(); } else { echo "Pass invalid..."; } } else { echo "Connect is fail...."; }