function check_encrypted_password($dbHandle, $username, $password) { $password2 = ''; $verdict = FALSE; // READ PASSWORD FROM DATABASE $username_quoted = $dbHandle->quote($username); $result = $dbHandle->query("SELECT password FROM users WHERE username="******"UPDATE users SET password="******" WHERE username=" . $username_quoted); } return $verdict; }
$quoted_password = $dbHandle->quote(generate_encrypted_password($_POST['pass'])); // Update the database. $dbHandle->exec("UPDATE userdatabase.users SET password="******" WHERE username="******"ROLLBACK"); sendError('Username already exists.'); } } else { // Encrypt the password. $quoted_password = $dbHandle->quote(generate_encrypted_password($_POST['pass'])); // Save the user to database. $dbHandle->exec("INSERT INTO userdatabase.users (username,password,permissions) VALUES (" . $quoted_user . "," . $quoted_password . ",'" . $permissions . "')"); // Get user ID. $id = $dbHandle->lastInsertId(); // Write session vars. session_regenerate_id(true); $_SESSION['user_id'] = $id; $_SESSION['user'] = $_POST['user']; $_SESSION['permissions'] = $permissions; $_SESSION['auth'] = true; } $dbHandle->exec("COMMIT TRANSACTION"); $dbHandle->exec("DETACH DATABASE userdatabase"); $dbHandle = null; die('OK');
$is_admin = intval($fb_fetch['is_admin']); try { $fb_update = "UPDATE `members` SET `access` = :access_date, `fb_id` = :temp_fb_id WHERE `id` = :userid"; $fb_update_do = $db->prepare($fb_update); $fb_update_do->bindParam(':access_date', $access_date, PDO::PARAM_STR); $fb_update_do->bindParam(':temp_fb_id', $temp_fb_id, PDO::PARAM_INT); $fb_update_do->bindParam(':userid', $userid, PDO::PARAM_INT); $fb_update_do->execute(); } catch (PDOException $e) { /* catch and log errors over here. */ } } else { /* creating a random key for the user */ $temp_key = getGuid(); $temp_password = createRandomPassword(); $temp_password = generate_encrypted_password($temp_password); /* fetching the user's first and last name from their facebook profile. */ $first_name = $user->first_name; $last_name = $user->last_name; try { $fb_insert = "INSERT INTO `members`(`first_name`, `last_name`, `password`, `email`, `key`, `verified`, `join`, `access`, `fb_id`) VALUE(:first_name, :last_name, :temp_password, :fb_email, :temp_key, 1, :access_date, :access_date, :temp_fb_id)"; $fb_insert_do = $db->prepare($fb_insert); $fb_insert_do->bindParam(':first_name', $first_name, PDO::PARAM_STR); $fb_insert_do->bindParam(':last_name', $last_name, PDO::PARAM_STR); $fb_insert_do->bindParam(':temp_password', $temp_password, PDO::PARAM_STR); $fb_insert_do->bindParam(':fb_email', $fb_email, PDO::PARAM_STR); $fb_insert_do->bindParam(':temp_key', $temp_key, PDO::PARAM_STR); $fb_insert_do->bindParam(':access_date', $access_date, PDO::PARAM_STR); $fb_insert_do->bindParam(':temp_fb_id', $temp_fb_id, PDO::PARAM_INT); $fb_insert_do->execute(); $last_insert = $db->lastInsertId();
$_GET['username'] = str_replace($slashes, "", $_GET['username']); database_connect(IL_USER_DATABASE_PATH, 'users'); $username_query = $dbHandle->quote($_GET['username']); $id_query = $dbHandle->quote($_GET['id']); $rename = $dbHandle->exec("UPDATE users SET username={$username_query} WHERE userID={$id_query}"); $error = $dbHandle->errorInfo(); $dbHandle = null; if ($rename !== 1) { die('Error! User was not renamed correctly. Database error: ' . $error[2]); } } // FORCE NEW PASSWORD FOR EXISTING USER if (!empty($_GET['force_password']) && !empty($_GET['id']) && !empty($_GET['new_password'])) { database_connect(IL_USER_DATABASE_PATH, 'users'); $id_query = $dbHandle->quote($_GET['id']); $password_query = $dbHandle->quote(generate_encrypted_password($_GET['new_password'])); $update = $dbHandle->exec("UPDATE users SET password={$password_query} WHERE userID={$id_query}"); $error = $dbHandle->errorInfo(); $dbHandle = null; if ($update !== 1) { die('Error! Password was not saved correctly. Database error: ' . $error[2]); } } print '<form action="users.php" method="GET">'; print '<table border="0" cellpadding="0" cellspacing="0" style="width: 100%">'; print "<tr><td class=\"details alternating_row\"><b>Change password for user " . htmlspecialchars($_SESSION['user']) . "</b></td></tr>"; print "<tr><td class=\"details\">"; print "Old Password: <input type=\"password\" size=\"10\" name=\"old_password\">\n New Password: <input type=\"password\" size=\"10\" name=\"new_password1\">\n Re-type New Password: <input type=\"password\" size=\"10\" name=\"new_password2\"><br>"; print "</td></tr>"; print "<tr><td class=\"details\">"; print "<input type=\"submit\" name=\"change_password\" value=\"Change\">";
mysql_query($query); } unset($query); fclose($file); $update_s1 = mysql_query("UPDATE `settings` SET `option_value` = '{$websitepath}' WHERE `option_name` = 'website'") or die(mysql_error()); $update_s2 = mysql_query("UPDATE `settings` SET `option_value` = '{$adminemail}' WHERE `option_name` = 'admin_email'") or die(mysql_error()); $update_s3 = mysql_query("UPDATE `settings` SET `option_value` = '{$adminemail}' WHERE `option_name` = 'sending_email'") or die(mysql_error()); $join = date("Y-m-d H:i:s"); /* getGuid() function generates a random unique 32 character unique key. */ $key = getGuid(); /* encrypting the password using the required format. */ $adminpass = generate_encrypted_password($adminpass); /* create first user with the admin rights. */ $create_admin = "INSERT INTO `members`(`first_name`, `last_name`, `password`, `email`, `key`, `verified`, `join`, `is_admin`) VALUE('Site', 'Admin', '{$adminpass}', '{$adminemail}', '{$key}', 1, '{$join}', 1)"; $execute_query = mysql_query($create_admin) or die(mysql_error()); if ($execute_query) { ?> <div class="page-header"> <h1>Final Step</h1> </div> <div class="alert alert-success"><strong>Installation Completed.</strong><br/>You have just finished installing <i>AuthManager</i> on your server. Please complete the final step before you can start using the app.</div> <p>Open file <strong>'user/database.php'</strong> and copy the text from below and replace it with the text already there:<br/> <pre>$db_server = "<?php echo $host;
*/ include "../init.php"; include "header.php"; /* extra js file to be included for the show password option (jquery). */ $js = "<script type=\"text/javascript\" src=\"{$website}/" . JS_DIRECTORY . "/jquery.showpassword.js\"></script>\n<script type=\"text/javascript\">\n\$(function() {\n\t\$('#new_password').showPassword('#showpass');\n});\n</script>"; subheader(_("Change Password"), null, $js); if ($sesslife == true) { echo "<div class=\"page-header\"><h1>" . _("Change Password") . "</h1></div>"; if (isset($_POST["changepassword"])) { $current_password = cleanInput($_POST["current_password"]); $new_password = cleanInput($_POST["new_password"]); if (!empty($current_password) && !empty($new_password)) { /* changing the current password to the encrypted format. */ $current_password = generate_encrypted_password($current_password); if ($current_password == $userpass) { $new_password = generate_encrypted_password($new_password); try { $q = "UPDATE `members` SET `password` = :new_password WHERE `id` = :userid"; $q_do = $db->prepare($q); $q_do->bindParam(':new_password', $new_password, PDO::PARAM_STR); $q_do->bindParam(':userid', $userid, PDO::PARAM_INT); $confirm_do = $q_do->execute(); } catch (PDOException $e) { $log->logError($e . " - " . basename(__FILE__)); } if (!empty($confirm_do)) { echo "<meta http-equiv=\"refresh\" content=\"0;url={$website}/" . USER_DIRECTORY . "/logout\">"; } else { $err = "<div class=\"alert alert-error\"><button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong>" . _("Unable to process.") . "</strong><br/>" . _("We are unable to process your request at this time. Please try again later.") . "</div>"; } } else {