function dummyUser($db) { $pass = hashPassword("admin"); $key = generateRandomString(); $sql = "INSERT INTO users VALUES (NULL,'admin','{$pass}','{$key}',NULL);"; execSql($db, $sql, "add admin user"); }
function login($email, $password) { $mysqli = new Connection(); $db = $mysqli->connect(); //hash the password $password = hashPassword($password); //prepare the query $query = $db->prepare("SELECT id FROM users WHERE email = ? AND password = ? LIMIT 1") or die("error"); $query->bind_param('ss', $email, $password); //excuting $query->execute(); //store results $query->store_result(); //bind results $query->bind_result($id); $query->fetch(); //get the num rows if ($query->num_rows == 1) { $user_browser = $_SERVER['HTTP_USER_AGENT']; session_start(); $_SESSION['login_string'] = array(); $_SESSION['login_string']['browserInfo'] = hash('sha512', $user_browser); $_SESSION['login_string']['id'] = hash('sha512', $id); return TRUE; } else { return FALSE; } //close the query $db->close(); }
function insertUser($user, $conn) { $salt = createSalt(); $password = hashPassword($user['password'], $salt); $sql = "INSERT INTO users(username, salt, password, f_name, l_name, email, group, permissions) \n\t\t\tVALUES(:username, :salt, :password, :f_name, :l_name, :email, :group, :permissions)"; $psql = $conn->prepare($sql); $psql->execute(array(":username" => $user['username'], ":salt" => $salt, ":password" => $password, ":f_name" => $user['f_name'], ":l_name" => $user['l_name'], ":email" => $user['email'], ":group" => $user['group'], ":permissions" => $user['permissions'])); }
function testPassword($password, $db_password) { $hashedPassword = hashPassword($password); if (strcmp($hashedPassword, $db_password) == 0) { return true; } else { return false; } }
/** * LDAP Password Driver * * Driver for passwords stored in LDAP * This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2). * * @version 1.0 (2009-06-24) * @author Edouard MOREAU <*****@*****.**> * * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). * */ function password_save($curpass, $passwd) { $rcmail = rcmail::get_instance(); require_once 'Net/LDAP2.php'; // Building user DN $userDN = str_replace('%login', $_SESSION['username'], $rcmail->config->get('password_ldap_userDN_mask')); $parts = explode('@', $_SESSION['username']); if (count($parts) == 2) { $userDN = str_replace('%name', $parts[0], $userDN); $userDN = str_replace('%domain', $parts[1], $userDN); } if (empty($userDN)) { return PASSWORD_CONNECT_ERROR; } // Connection Method switch ($rcmail->config->get('password_ldap_method')) { case 'user': $binddn = $userDN; $bindpw = $curpass; break; case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break; default: $binddn = $userDN; $bindpw = $curpass; break; // default is user mode } // Configuration array $ldapConfig = array('binddn' => $binddn, 'bindpw' => $bindpw, 'basedn' => $rcmail->config->get('password_ldap_basedn'), 'host' => $rcmail->config->get('password_ldap_host'), 'port' => $rcmail->config->get('password_ldap_port'), 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version')); // Connecting using the configuration array $ldap = Net_LDAP2::connect($ldapConfig); // Checking for connection error if (PEAR::isError($ldap)) { return PASSWORD_CONNECT_ERROR; } // Crypting new password $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); if (!$newCryptedPassword) { return PASSWORD_CRYPT_ERROR; } // Writing new crypted password to LDAP $userEntry = $ldap->getEntry($userDN); if (Net_LDAP2::isError($userEntry)) { return PASSWORD_CONNECT_ERROR; } if (!$userEntry->replace(array($rcmail->config->get('password_ldap_pwattr') => $newCryptedPassword), $rcmail->config->get('password_ldap_force_replace'))) { return PASSWORD_CONNECT_ERROR; } if (Net_LDAP2::isError($userEntry->update())) { return PASSWORD_CONNECT_ERROR; } // All done, no error return PASSWORD_SUCCESS; }
/** * LDAP Password Driver * * Driver for passwords stored in LDAP * This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2). * * @version 1.1 (2010-04-07) * @author Edouard MOREAU <*****@*****.**> * * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). * */ function password_save($curpass, $passwd) { $rcmail = rcmail::get_instance(); require_once 'Net/LDAP2.php'; // Building user DN if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) { $userDN = substitute_vars($userDN); } else { $userDN = search_userdn($rcmail); } if (empty($userDN)) { return PASSWORD_CONNECT_ERROR; } // Connection Method switch ($rcmail->config->get('password_ldap_method')) { case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break; case 'user': default: $binddn = $userDN; $bindpw = $curpass; break; } // Configuration array $ldapConfig = array('binddn' => $binddn, 'bindpw' => $bindpw, 'basedn' => $rcmail->config->get('password_ldap_basedn'), 'host' => $rcmail->config->get('password_ldap_host'), 'port' => $rcmail->config->get('password_ldap_port'), 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version')); // Connecting using the configuration array $ldap = Net_LDAP2::connect($ldapConfig); // Checking for connection error if (PEAR::isError($ldap)) { return PASSWORD_CONNECT_ERROR; } // Crypting new password $newCryptedPassword = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); if (!$newCryptedPassword) { return PASSWORD_CRYPT_ERROR; } // Writing new crypted password to LDAP $userEntry = $ldap->getEntry($userDN); if (Net_LDAP2::isError($userEntry)) { return PASSWORD_CONNECT_ERROR; } $pwattr = $rcmail->config->get('password_ldap_pwattr'); $force = $rcmail->config->get('password_ldap_force_replace'); if (!$userEntry->replace(array($pwattr => $newCryptedPassword), $force)) { return PASSWORD_CONNECT_ERROR; } if (Net_LDAP2::isError($userEntry->update())) { return PASSWORD_CONNECT_ERROR; } // All done, no error return PASSWORD_SUCCESS; }
function checkUserPassword($username, $givenPassword) { $rep = false; if (isset($username) && isset($givenPassword)) { if (checkUserExists($username)) { if (getPassword($username) == hashPassword($username, $givenPassword)) { $rep = true; } } } return $rep; }
function changePassword($email, $pass) { $hash = hashPassword($pass); $con = connectDatabase(); while (1) { $stmt = $con->prepare("CALL changePassword(?,?)"); $stmt->bind_param("ss", $email, $hash); $stmt->execute(); $stmt->close(); break; } $con->close(); }
function validateUser($pUsername, $pPassword) { // See if the username and password are valid. $sql = "SELECT username FROM user_data\n\t\tWHERE username = '******' AND password = '******' LIMIT 1"; $query = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); // If one row was returned, the user was logged in! if (mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); $_SESSION['username'] = $row['username']; $_SESSION['loggedin'] = true; return true; } return false; }
function submitPassword($username, $newPassword) { try { $connection = new PDO("mysql:host=" . DB_HOST_NAME . ";dbname=" . DB_NAME . ";charset=utf8", DB_USER_NAME, DB_PASSWORD); // Exceptions fire when occur $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $accountInformationUpdate = $connection->prepare('UPDATE ' . ADMIN_CREDENTIAL_TABLE . ' SET PASSWORD = :newPassword WHERE EMAIL = :username'); $accountInformationUpdate->execute(array(':newPassword' => hashPassword($newPassword), ':username' => $username)); } catch (PDOException $e) { echo "\r\n <div>\r\n Error: " . $e->getMessage() . "</div>"; return FALSE; } return TRUE; }
function logUserIn($name, $password, $keepLog = false) { $name = secureString($name); $password = hashPassword(secureString($password), getUserData(array('name' => $name))['salt']); $userData = getUserData(array('name' => $name, 'password' => $password)); if ($userData) { setSessionVar('login', true); setSessionVar('userID', $userData['id']); if ($keepLog) { setSessionVar('saveKeepLog', true); } return true; } else { return false; } }
function addInformation($mysql_host, $mysql_username, $mysql_password, $mysql_database, $account_email, $account_pass) { $conn = mysql_connect($mysql_host, $mysql_username, $mysql_password) or die('Error connecting to MySQL server: ' . mysql_error()); mysql_select_db($mysql_database, $conn); $sql = "INSERT INTO lb_sys_accounts(account_email,account_password,account_created_date,account_status) VALUES ('" . $account_email . "','" . hashPassword($account_pass) . "','" . Date("Y-m-d H:i:s") . "',1)"; if (mysql_query($sql)) { $sql = "Select * from lb_sys_accounts"; $result = mysql_query($sql); $row = mysql_fetch_array($result); $id = $row['account_id']; $sql = "INSERT INTO lb_sys_account_profiles(account_id,account_profile_given_name) VALUES (" . $id . ",'Admin')"; mysql_query($sql); // add subcription $sql1 = "INSERT INTO lb_sys_account_subscriptions(account_id,account_subscription_package_id,account_subscription_start_date,account_subscription_status_id,subscription_name) VALUES (" . $id . ",0,'" . Date("Y-m-d H:i:s") . "',1,'My Company')"; mysql_query($sql1); } }
public function add() { if ($_POST) { $this->form_validation->set_rules('first_name', 'First Name', 'trim|required|max_length[12]'); $this->form_validation->set_rules('last_name', 'Last Name', 'trim|required|max_length[24]'); $this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]'); $this->form_validation->set_rules('password', 'Password', 'required|min_length[8]|matches[confirm_password]'); $this->form_validation->set_rules('confirm_password', 'Confirm Password', 'required'); $this->form_validation->set_rules('phone', 'Phone', 'required'); $this->form_validation->set_rules('mobile', 'Mobile', 'required'); $this->form_validation->set_rules('company', 'Company', 'required'); $this->form_validation->set_rules('position', 'Position', 'required'); $this->form_validation->set_message('is_unique', 'The %s is already exist'); if ($this->_data['type'] == 'superadmin') { $this->form_validation->set_rules('type', 'Type', 'required'); } if ($this->form_validation->run()) { $info['first_name'] = $_POST['first_name']; $info['last_name'] = $_POST['last_name']; $info['email'] = $_POST['email']; $info['salt'] = $salt = salt(); $info['password'] = hashPassword($_POST['password'], $salt); $info['phone'] = $_POST['phone']; $info['mobile'] = $_POST['mobile']; $info['company'] = $_POST['company']; $info['position'] = $_POST['position']; if ($this->_data['type'] == 'superadmin') { $info['type'] = $_POST['type']; } else { $info['type'] = 'user'; } $new_user_id = $this->user_model->newUser($info); $details['user_id'] = $new_user_id; $details['field'] = 'creator_id'; $details['value'] = $this->session->userdata('user_id'); $this->db->insert('user_details', $details); //$this->_send_email($info); redirect('user/user'); } } $this->_data['breadcrumb'] = 'user/add_user'; $this->_data['page_title'] = "Create User"; $this->_data['companyList'] = $this->user_model->companyList(); $this->_data['view'] = 'user_add'; $this->load->view('user/home', $this->_data); }
public function chk_user() { $val = $this->db->get_where('users', array('email' => $_POST['username']))->row(); $salt = $val->salt; $pass = hashPassword($_POST['password'], $salt); $user = $this->db->get_where('users', array('email' => $_POST['username'], 'password' => $pass)); if ($user->num_rows() > 0) { $user = $user->row_array(); $type = $user['type']; if ($user['status'] != 'Y') { $this->form_validation->set_message('chk_user', 'Your account is not active'); return false; } return true; } else { $this->form_validation->set_message('chk_user', "Invalid Email or Password"); return false; } }
public function login($username, $password, $remember_me, $CONF) { $result = $this->db->select("users", "username=? AND password=?", array($username, $password)); if ($result) { $user = new User($result, $this->db); $_SESSION[$CONF['session_prefix'] . "user"] = serialize($user); $_SESSION[$CONF['session_prefix'] . "logged_in"] = 1; if ($remember_me) { $identifier = hashPassword($username, $this->conf); $token = bin2hex(openssl_random_pseudo_bytes(20)); $data = array("user_id" => $user->id, "identifier" => $identifier, "token" => $token, "timeout" => date("Y-m-d H:i:s", time() + 60 * 60 * 24 * 7)); $this->db->insert($data, "sessions"); setcookie($CONF['session_prefix'] . 'auth', "{$identifier}:{$token}", time() + 60 * 60 * 24 * 7, '/', '.' . $this->conf['host']); } return true; } else { return false; } }
public function actionRun() { //First need to check has_install or not ? if (file_exists(COMMON_FOLDER . DIRECTORY_SEPARATOR . '.locked')) { echo 'Remove locked file for install first bro!'; Yii::app()->end(); } else { //Start working with Yii Database Components $connection = Yii::app()->db; // assuming you have configured a "db" connection // If not, you may explicitly create a connection: // $connection=new CDbConnection($dsn,$username,$password); // Get SQL Script $sql = file_get_contents(COMMON_FOLDER . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'data.sql', true); if ($sql) { //Replace some default attributes $sql = str_replace("{{SITE_NAME}}", serialize(SITE_NAME), $sql); $sql = str_replace("{{SUPPORT_EMAIL}}", serialize(SUPPORT_EMAIL), $sql); $sql = str_replace("{{SLOGAN}}", serialize(SLOGAN), $sql); $sql = str_replace("{{time}}", time(), $sql); $sql = str_replace("{{password_salt}}", USER_SALT, $sql); //Generate password 123456 $password = hashPassword('123456', USER_SALT); $sql = str_replace("{{password}}", $password, $sql); $command = $connection->createCommand($sql); if ($command->execute() !== false) { echo "Install successfully"; //Create lock file in COMMON folder if (!file_put_contents(COMMON_FOLDER . DIRECTORY_SEPARATOR . '.locked', 'installed')) { echo "Error while creating locking install file!"; } } else { echo "Error while installing! Please check config file and try again"; } } else { echo "Can't file data.sql file in COMMON FOLDER"; } Yii::app()->end(); } }
/** * Register a user */ public function register($username, $password, $password2, $emailAddress) { $database = new \Database(); // Test if logged in if (isset($_SESSION['userID']) and $database->doesUserExist($_SESSION['userID'])) { $this->registerMessage = ' <div class="alert alert-danger"><strong>You are already logged in.</strong></div>'; return false; } // Test if username already exists if ($database->doesUserNameExist($username)) { $this->registerMessage = '<div class="alert alert-danger"><strong>Username already exists, please choose a different one.</strong></div>'; return false; } // Test if username is too short if (strlen($username) <= 3) { $this->registerMessage = '<div class="alert alert-danger"><strong>Your username must be longer than 3 characters.</strong></div>'; return false; } // Test if passwords are the same if ($password != $password2) { $this->registerMessage = '<div class="alert alert-danger"><strong>Passwords do not match.</strong></div>'; return false; } // Test if password is too short if (strlen($password) <= 3) { $this->registerMessage = '<div class="alert alert-danger"><strong>Your password must be longer than 3 characters.</strong></div>'; return false; } // Test if email address is valid if (!filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) { $this->registerMessage = '<div class="alert alert-danger"><strong>Your emailaddress is invalid.</strong></div>'; return false; } $salt = $this->generateSalt(); $hashedPassword = hashPassword($password, $salt); $id = $database->registerUser($username, $salt, $hashedPassword, $emailAddress); $this->registerMessage = '<div class="alert alert-success">Congratulations, account was successfully created.</strong></div>'; return true; }
public function updatePassword() { $user_id = $this->session->userdata('user_id'); $user = $this->db->get_where('users', array('id' => $user_id))->row_array(); $current_password = $_POST['current_password']; $password = $_POST['password']; $confirm_password = $_POST['confirm_password']; $data = array(); if (hashPassword($current_password, $user['salt']) == $user['password']) { if ($password == $confirm_password) { $new_password = hashPassword($password, $user['salt']); $this->db->update('users', array('password' => $new_password), array('id' => $user_id)); $data['error'] = 0; } else { $data['error'] = 1; $data['error_type'] = 'passwor_confirm_did_not_matched'; } } else { $data['error'] = 1; $data['error_type'] = 'password_not_matched'; } echo json_encode($data); }
function validate() { global $dbh; $type = $_POST['type']; $email = $_POST['email']; $password = $_POST['password']; $code = ''; if (!empty($_POST['code'])) { $code = $_POST['code']; } if (empty($_POST['email']) || empty($_POST['password'])) { $_SESSION['notification']['type'] = 'error'; $_SESSION['notification']['message'] = '<strong>Oops!</strong> Looks like you missed some details.'; header("Location: " . $_SERVER['HTTP_REFERER']); exit; } if ($type == 'login') { $query = $dbh->prepare("select * from users where email = ? and password = ? and active = 1"); $query->execute(array($email, hashPassword($password))); $account = $query->fetch(); if (!empty($account['id'])) { $_SESSION['user']['loggedin'] = $account['id']; $_SESSION['user']['email'] = $account['email']; $_SESSION['user']['type'] = $account['type']; header("Location: " . BASE_URL); exit; } else { $_SESSION['notification']['type'] = 'error'; $_SESSION['notification']['message'] = '<strong>Oops!</strong> Looks like your login information is incorrect.'; header("Location: " . $_SERVER['HTTP_REFERER']); exit; } } else { if ($type == 'register') { $query = $dbh->prepare("select * from users"); $query->execute(array()); $accounts = $query->fetchAll(); foreach ($accounts as $account) { if (!empty($account['id'])) { error404(); } } $query = $dbh->prepare("select * from users where email = ?"); $query->execute(array($email)); $account = $query->fetch(); if (!empty($account['id'])) { $_SESSION['notification']['type'] = 'error'; $_SESSION['notification']['message'] = 'Looks like you already have an account. Please use our forgot password facility.'; header("Location: " . $_SERVER['HTTP_REFERER']); exit; } $sql = "INSERT INTO users (email,password,active,type) VALUES (?,?,?,?)"; $query = $dbh->prepare($sql); $query->execute(array($email, hashPassword($password), 1, 1)); $_SESSION['user']['loggedin'] = $dbh->lastInsertId(); $_SESSION['user']['email'] = $email; $_SESSION['user']['type'] = 1; header("Location: " . BASE_URL); exit; } else { if ($type == 'invite') { $query = $dbh->prepare("select * from users where email = ?"); $query->execute(array($email)); $account = $query->fetch(); if (!empty($account['id'])) { $_SESSION['notification']['type'] = 'error'; $_SESSION['notification']['message'] = 'Looks like you already have an account. We currently support only 1 team per email, sorry!'; header('Location: ' . $_SERVER['HTTP_REFERER']); exit; } $sql = "INSERT INTO users (email,password,active,type) VALUES (?,?,?,?)"; $query = $dbh->prepare($sql); $query->execute(array($email, hashPassword($password), 1, 100)); $_SESSION['user']['loggedin'] = $dbh->lastInsertId(); $_SESSION['user']['email'] = $email; $_SESSION['user']['type'] = 150; header("Location: " . BASE_URL); exit; } } } }
$row = $psql->fetch(); // validate that it should be inserted $status = "failed"; $query = false; if ($username == "" || $password == "" || $password2 == "" || $fname == "" || $lname == "" || $email == "" || $groupName == "") { // passwords don't match $errorMessage = "One or more fields are blank!"; } else { if ($password != $password2) { // passwords don't match $errorMessage = "Passwords don't match"; } else { if ($row[0] != '0') { // username exists $errorMessage = "Username " . $username . " already exists!"; } else { $salt = createSalt(); $password = hashPassword($data['password'], $salt); $sql = "INSERT INTO Users (username, salt, password, fname, lname, email, groupName, permissions) \n\t\t\tVALUES (:username,:salt,:password,:fname,:lname,:email,:groupName,:permissions)"; $psql = $conn->prepare($sql); $query = $psql->execute(array(":username" => $data['username'], ":salt" => $salt, ":password" => $password, ":fname" => $data['fname'], ":lname" => $data['lname'], ":email" => $data['email'], ":groupName" => $data['groupName'], ":permissions" => $data['permissions'])); if ($query) { $status = "inserted"; } else { $status = "not inserted"; } //check to make sure the query happened!!! } } } echo json_encode(array("username" => $username, "status" => $status, "errorMessage" => $errorMessage, "password" => $password));
if ($_POST['email']) { $email = $_POST['email']; } //Er moet ook een paswoord gegenereerd worden. $generatedPassword = generatePassword(TRUE, TRUE, TRUE, TRUE, 14); } if (isset($_POST['submit'])) { foreach ($_POST as $key => $value) { switch ($key) { case 'submit': // Wanneer de key submit is, moet er niets gebeuren (dit is de key van de submit-knop) break; case 'password': // Wanneer de key het paswoord is, moet deze eerst gehashed worden alvorens deze verder te gebruiken. // Dit is het veiligst omdat het paswoord dan op geen enkel moment blootgesteld staat $_SESSION['registration'][$key] = hashPassword(mysql_real_escape_string($value)); break; default: //Wanneer de key niet gelijk is aan password of submit, mag deze zo in de sessie geplaatst worden (bv. bij e-mail) $_SESSION['registration'][$key] = mysql_real_escape_string($value); } } header('location: phpoefening030-registration-complete.php'); } //Registratieveld $dump .= '<h1>Registreer online</h1>'; if (isset($_SESSION['registrationNotification'])) { //Wanneer iemand van de log-outpagina komt of wanneer er iemand foutief inlogt, moet een boodschap getoond worden. //Wanneer iemand refresht moet deze boodschap verdwijnen. Werk daarom met de session en unset de key wanneer de boodschap wordt getoond. $dump .= '<p>' . $_SESSION['registrationNotification'] . '</p>'; unset($_SESSION['registrationNotification']);
/** * LDAP Password Driver * * Driver for passwords stored in LDAP * This driver use the PEAR Net_LDAP2 class (http://pear.php.net/package/Net_LDAP2). * * @version 1.1 (2010-04-07) * @author Edouard MOREAU <*****@*****.**> * * function hashPassword based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). * function randomSalt based on code from the phpLDAPadmin development team (http://phpldapadmin.sourceforge.net/). * */ function password_save($curpass, $passwd) { $rcmail = rcmail::get_instance(); require_once 'Net/LDAP2.php'; // Building user DN if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) { $userDN = substitute_vars($userDN); } else { $userDN = search_userdn($rcmail); } if (empty($userDN)) { return PASSWORD_CONNECT_ERROR; } // Connection Method switch ($rcmail->config->get('password_ldap_method')) { case 'admin': $binddn = $rcmail->config->get('password_ldap_adminDN'); $bindpw = $rcmail->config->get('password_ldap_adminPW'); break; case 'user': default: $binddn = $userDN; $bindpw = $curpass; break; } // Configuration array $ldapConfig = array('binddn' => $binddn, 'bindpw' => $bindpw, 'basedn' => $rcmail->config->get('password_ldap_basedn'), 'host' => $rcmail->config->get('password_ldap_host'), 'port' => $rcmail->config->get('password_ldap_port'), 'starttls' => $rcmail->config->get('password_ldap_starttls'), 'version' => $rcmail->config->get('password_ldap_version')); // Connecting using the configuration array $ldap = Net_LDAP2::connect($ldapConfig); // Checking for connection error if (PEAR::isError($ldap)) { return PASSWORD_CONNECT_ERROR; } $crypted_pass = hashPassword($passwd, $rcmail->config->get('password_ldap_encodage')); $force = $rcmail->config->get('password_ldap_force_replace'); $pwattr = $rcmail->config->get('password_ldap_pwattr'); $lchattr = $rcmail->config->get('password_ldap_lchattr'); $smbpwattr = $rcmail->config->get('password_ldap_samba_pwattr'); $smblchattr = $rcmail->config->get('password_ldap_samba_lchattr'); $samba = $rcmail->config->get('password_ldap_samba'); // Support password_ldap_samba option for backward compat. if ($samba && !$smbpwattr) { $smbpwattr = 'sambaNTPassword'; $smblchattr = 'sambaPwdLastSet'; } // Crypt new password if (!$crypted_pass) { return PASSWORD_CRYPT_ERROR; } // Crypt new samba password if ($smbpwattr && !($samba_pass = hashPassword($passwd, 'samba'))) { return PASSWORD_CRYPT_ERROR; } // Writing new crypted password to LDAP $userEntry = $ldap->getEntry($userDN); if (Net_LDAP2::isError($userEntry)) { return PASSWORD_CONNECT_ERROR; } if (!$userEntry->replace(array($pwattr => $crypted_pass), $force)) { return PASSWORD_CONNECT_ERROR; } // Updating PasswordLastChange Attribute if desired if ($lchattr) { $current_day = (int) (time() / 86400); if (!$userEntry->replace(array($lchattr => $current_day), $force)) { return PASSWORD_CONNECT_ERROR; } } // Update Samba password and last change fields if ($smbpwattr) { $userEntry->replace(array($smbpwattr => $samba_pass), $force); } // Update Samba password last change field if ($smblchattr) { $userEntry->replace(array($smblchattr => time()), $force); } if (Net_LDAP2::isError($userEntry->update())) { return PASSWORD_CONNECT_ERROR; } // All done, no error return PASSWORD_SUCCESS; }
<?php /** * Created by PhpStorm. * User: Tuan * Date: 10/14/2015 * Time: 16:52 */ if (isLoggedIn()) { redirect('index'); } if (isPostRequest()) { $email = _post('email'); $password = hashPassword(_post('password')); $user = findUser($email); if (!empty($user) && $user['password'] == $password) { loggedIn($user); redirect('index'); } else { $G['errors'][] = 'login fail'; } } render('login', array('header' => false, 'footer' => false));
<td><font color=white>New Email Address:</font></td> <td><input type="text" name="email"></td> </table> <div class="subBtn"> <input type="submit" class="btn rc05 f10 p05 dk blue" value="Change Details" name="submit"/> </div> </table> </div> </form> <?php if (isset($_POST['submit'])) { $username = secureForDB($_POST['user']); $password = hashPassword(secureForDB($_POST['password'])); $email = secureForDB($_POST['email']); $somethingChanged = false; $id = getUserData($username, "id"); $newUsername = secureForDB($_POST['newUsername']); $newMail = ""; $newPassword = ""; if (!$_SESSION['account_position'] == "Admin") { if ($_SESSION['CurrentUser'] == $username) { die("<font color=\"red\">You cannot edit your own details</font>"); } } if (getUserData($username, "account_position") == "Admin") { die("<br><font color=\"red\">You cannot edit an administrator's details.</font>"); } if (isset($user)) {
function addInformation($mysql_host, $mysql_username, $mysql_password, $mysql_database, $account_email, $account_pass, $lang, $financial_day, $financial_month, $currency_symbol, $thousand_separator, $decimal_separator, $tax_name, $tax_value, $tax_checkbox, $company_name, $company_regis, $company_website, $company_address_1, $compnay_address_2, $company_city, $company_country, $company_postal, $company_state, $company_phone, $company_fax) { $conn = mysql_connect($mysql_host, $mysql_username, $mysql_password) or die('Error connecting to MySQL server: ' . mysql_error()); mysql_select_db($mysql_database, $conn); $sql = "INSERT INTO lb_sys_accounts(account_email,account_password,account_created_date,account_status) VALUES ('" . $account_email . "','" . hashPassword($account_pass) . "','" . Date("Y-m-d H:i:s") . "',1)"; if (mysql_query($sql)) { $sql = "Select * from lb_sys_accounts"; $result = mysql_query($sql); $row = mysql_fetch_array($result); $id = $row['account_id']; $sql = "INSERT INTO lb_sys_account_profiles(account_id,account_profile_given_name) VALUES (" . $id . ",'Admin')"; mysql_query($sql); // add subcription $sql1 = "INSERT INTO lb_sys_account_subscriptions(account_id,account_subscription_package_id,account_subscription_start_date,account_subscription_status_id,subscription_name) VALUES (" . $id . ",0,'" . Date("Y-m-d H:i:s") . "',1,'My Company')"; mysql_query($sql1); $sql2 = "INSERT INTO lb_language_user(lb_user_id,lb_language_name) VALUES (" . $id . ",'" . $lang . "')"; mysql_query($sql2); // $sql3 = "INSERT INTO lb_user_list(system_list_code,system_list_item_day,system_list_item_month) VALUES ('financial_year','".$financial_day."','".$financial_month."')"; $sql3 = "INSERT INTO lb_user_list(system_list_code,system_list_item_code,system_list_item_name,system_list_item_active,system_list_item_day,system_list_item_month) VALUES ('financial_year','financial_year','Financial Year',1,'" . $financial_day . "','" . $financial_month . "')"; mysql_query($sql3); $sql4 = "INSERT INTO lb_genera(lb_genera_currency_symbol, lb_thousand_separator, lb_decimal_symbol) VALUE ('" . $currency_symbol . "','" . $thousand_separator . "','" . $decimal_separator . "')"; mysql_query($sql4); $sql5 = "INSERT INTO lb_taxes(lb_tax_name, lb_tax_value, lb_tax_is_default) VALUE ('" . $tax_name . "','" . $tax_value . "','" . $tax_checkbox . "')"; mysql_query($sql5); $sql6 = "INSERT INTO lb_customers(lb_customer_name, lb_customer_registration, lb_customer_website_url) VALUE ('" . $company_name . "','" . $company_regis . "','" . $company_website . "')"; if (mysql_query($sql6)) { $q = "Select * from lb_customers"; $r = mysql_query($q); $row1 = mysql_fetch_array($r); $customer_id = $row1['lb_record_primary_key']; $sql7 = "INSERT INTO lb_customer_addresses (lb_customer_id, lb_customer_address_line_1, lb_customer_address_2, lb_customer_address_city, lb_customer_address_state, lb_customer_address_country, lb_customer_address_postal_code, lb_customer_address_phone_1, lb_customer_address_fax) VALUE ('" . $customer_id . "','" . $company_address_1 . "','" . $compnay_address_2 . "','" . $company_city . "','" . $company_state . "','" . $company_country . "','" . $company_postal . "','" . $company_phone . "','" . $company_fax . "')"; mysql_query($sql7); } } }
if (!$tables['user']) { $stmt = $db->prepare('CREATE TABLE "user" (id integer NOT NULL, email character varying(255) NOT NULL, password character varying(255), name character varying(255))'); $stmt->execute(); $stmt = $db->prepare('CREATE SEQUENCE user_id_seq_' . $t . ' START WITH 1 INCREMENT BY 1 NO MINVALUE NO MAXVALUE CACHE 1'); $stmt->execute(); $stmt = $db->prepare('ALTER SEQUENCE user_id_seq_' . $t . ' OWNED BY "user".id'); $stmt->execute(); $stmt = $db->prepare('ALTER TABLE ONLY "user" ALTER COLUMN id SET DEFAULT nextval(\'user_id_seq_' . $t . '\'::regclass)'); $stmt->execute(); $stmt = $db->prepare('ALTER TABLE ONLY "user" ADD CONSTRAINT user_email_key_' . $t . ' UNIQUE (email)'); $stmt->execute(); $stmt = $db->prepare('ALTER TABLE ONLY "user" ADD CONSTRAINT user_pkey_' . $t . ' PRIMARY KEY (id)'); $stmt->execute(); // first user admin/test $stmt = $db->prepare('INSERT INTO "user"("email","password","name") VALUES (:email,:password,:name)'); $stmt->execute(array(':email' => 'admin', ':password' => hashPassword('test'), 'name' => 'Admin')); } if (!$tables['post']) { $stmt = $db->prepare('CREATE TABLE post (id integer NOT NULL, title text, abstract text, content text, file1 text, up_file1 text, file2 text, up_file2 text, file3 text, up_file3 text, file4 text, up_file4 text, file5 text, up_file5 text, status integer, created_author integer, modified_author integer, created_date integer, updated_date integer)'); $stmt->execute(); $stmt = $db->prepare('CREATE SEQUENCE post_id_seq_' . $t . ' START WITH 1 INCREMENT BY 1 NO MINVALUE NO MAXVALUE CACHE 1'); $stmt->execute(); $stmt = $db->prepare('ALTER SEQUENCE post_id_seq_' . $t . ' OWNED BY post.id'); $stmt->execute(); $stmt = $db->prepare('ALTER TABLE ONLY post ALTER COLUMN id SET DEFAULT nextval(\'post_id_seq_' . $t . '\'::regclass)'); $stmt->execute(); $stmt = $db->prepare('ALTER TABLE ONLY post ADD CONSTRAINT post_pkey_' . $t . ' PRIMARY KEY (id);'); $stmt->execute(); } ?> <h3>INSTALL SUCCESSFULLY</h3>
function validateUser_Name($pName, $pPassword) { global $dbc; // See if the email and password are valid. //$sql = "SELECT username FROM nctf_accounts WHERE mail = '" . mysqli_real_escape_string($dbc,$pEmail) . "' AND password = '******' LIMIT 1"; $sql = "SELECT username,user_id FROM nctf_accounts WHERE username = '******' AND password = '******' LIMIT 1"; $query = mysqli_query($dbc, $sql) or trigger_error("Query Failed: " . mysql_error()); // If one row was returned, the user was logged in! if (mysqli_num_rows($query) == 1) { $row = mysqli_fetch_assoc($query); $_SESSION['username'] = $row['username']; $_SESSION['user_id'] = $row['user_id']; $_SESSION['loggedin'] = true; return true; } return false; }
/** * Checks if a username and password are valid and updates the last login date & time * * @param string $username * @param string $password * * @return null */ function checkLogin($username, $password) { global $mysql; // See if we have a valid user $select = "SELECT * FROM users WHERE Username = '******'"; $result = mysql_query($select, $mysql); if ($result && mysql_num_rows($result) === 1) { // See if the password matches $user = mysql_fetch_assoc($result); $passwordSalt = $user['PasswordSalt']; if ($user['PasswordHash'] === hashPassword($password, $passwordSalt)) { // Update the last login $today = date('Y-m-d H:i:s', time()); $update = "UPDATE users SET LastLogin = '******' WHERE UserID = " . $user['UserID']; mysql_query($update, $mysql); // Finally, provide the caller with the UserID return $user['UserID']; } } return null; }
<?php include_once 'database.php'; include_once 'hash.php'; session_start(); $connection = @new mysqli($host, $db_user, $db_password, $db_name); if ($connection->connect_errno != 0) { $_SESSION['userAdderMessage'] = "Error" . $connection->connect_errno . $connection->connect_error; } else { $token = htmlentities($_POST['token'], ENT_QUOTES, "UTF-8"); $password = htmlentities($_POST['password'], ENT_QUOTES, "UTF-8"); if ($result = @$connection->query(sprintf("SELECT * FROM users WHERE token='{$token}'", mysqli_real_escape_string($connection, $token)))) { if ($result->num_rows > 0) { $row = $result->fetch_assoc(); $token_time = $row['tokentime']; $old_token = $row['token']; $result->free_result(); if (time() - $token_time <= 100) { $token = md5(uniqid(mt_rand(), true)); $hashedPassword = hashPassword(mysqli_real_escape_string($connection, $password)); $result = @$connection->query(sprintf("UPDATE users SET password = '******' , token='%s' WHERE token='%s' ", $hashedPassword, $token, $old_token)); $_SESSION['reset'] = "Hasło zostało zrestartowane"; } else { $_SESSION['reset'] = "Link wygasł wygeneruj ponownie"; } } } $connection->close(); } header('Location: ../restarter.php');
} } do { if ($r = $server->store_result()) { $r->free(); } } while ($server->more_results() && $server->next_result()); $result = $server->query("SELECT id FROM settings WHERE name='title'"); if ($result->num_rows == 1) { if (!@chmod('../install', 0777)) { echo "PLEASE DELETE install/ FOLDER MANUALLY. THEN GO TO yourwebsite.com/feedback/admin/ TO LOG IN."; exit; } unlink('index.php'); unlink('install1.php'); unlink('database_tables.sql'); unlink('index2.php'); unlink('install2.php'); header('Location: ../admin'); exit; } else { $server->query("INSERT INTO users(id,name,email,pass,votes,isadmin,banned) VALUES('','" . $_POST['adminname'] . "','" . $_POST['adminemail'] . "','" . hashPassword($_POST['adminpass']) . "', 20, 3,0)"); if (!@chmod('../install', 0777)) { echo "PLEASE DELETE install/index.php, install/install1.php AND install/database_tables.sql FILES MANUALLY.<br />\n THEN GO TO yourwebsite.com/feedback/install/index2.php TO CONTINUE THE INSTALLATION."; exit; } unlink('index.php'); unlink('install1.php'); unlink('database_tables.sql'); header('Location: index2.php'); }