示例#1
0
 function SpawnSession()
 {
     global $TABLE_USERS, $FORUM, $rpgDB;
     // If forum software is being used for authentication, don't create sessions.
     if ($FORUM) {
         return;
     }
     // Ensure the session state is set correctly.
     $this->_is_session_valid = false;
     // Ensure we have both a username and password.
     if (!(isset($_POST['user']) && isset($_POST['pwd']))) {
         return false;
     }
     // Validate the data.
     $err = array();
     if (!(is_valid_pname($_POST['user'], $err) && is_valid_password($_POST['pwd'], $err))) {
         return false;
     }
     // Check the user against the db.
     $res = $rpgDB->query(sprintf("SELECT iplog, slength, email, dm FROM %s WHERE pname = '%s' " . "AND (pwd = PASSWORD('%s') OR pwd = OLD_PASSWORD('%s'))", $TABLE_USERS, addslashes($_POST['user']), addslashes($_POST['pwd']), addslashes($_POST['pwd'])));
     if (!$res) {
         __printFatalErr("Failed to query database.", __LINE__, __FILE__);
     }
     if ($rpgDB->num_rows() != 1) {
         return false;
     }
     $row = $rpgDB->fetch_row($res);
     // Record the userdata.
     $this->_username = $_POST['user'];
     $this->_iplog = unserialize(stripslashes($row['iplog']));
     $this->_slength = $row['slength'];
     $this->_email = $row['email'];
     $this->_dm = $row['dm'] == 'Y';
     // Update the iplog.
     $this->update_iplog();
     // Generate the sid.
     $this->_sid = $this->GenerateId();
     // Set the session cookie.
     setcookie('sid', $this->_sid);
     // Determine character access permissions.
     $this->_permission = new CharPermission($this->_username, null);
     // Update the db.
     $res = $rpgDB->query(sprintf("UPDATE %s SET iplog = '%s', ip = '%s', sid = '%s', pwd_key = NULL WHERE pname = '%s'", $TABLE_USERS, addslashes(serialize($this->_iplog)), addslashes($this->_ip), addslashes($this->_sid), addslashes($this->_username)));
     if (!$res) {
         __printFatalErr("Failed to update database.", __LINE__, __FILE__);
     }
     if ($rpgDB->num_rows() != 1) {
         __printFatalErr("Failed to update user data.", __LINE__, __FILE__);
     }
     // Now record that this session is valid.
     $this->_is_session_valid = true;
     // Return success.
     return true;
 }
示例#2
0
    $empfullname = $emp;
}
// from url or form entry
if (!$empfullname) {
    die(error_msg("Unrecognized employee."));
}
// no employee specified
$h_empfullname = htmlentities($empfullname);
$u_empfullname = rawurlencode($empfullname);
$displayname = get_employee_name($empfullname);
$h_displayname = htmlentities($displayname);
$name_header = $show_display_name == 'yes' ? $h_displayname : $h_empfullname;
// Process form submission.
if ($old_password) {
    // Validate password
    if (is_valid_password($empfullname, $old_password)) {
        // Check if new password is same as confirm password entry
        if ($new_password === $confirm_password) {
            // Save password.
            if (save_employee_password($empfullname, $new_password)) {
                $_SESSION['authenticated'] = $empfullname;
                exit_next("entry.ajax.php?emp={$u_empfullname}");
            } else {
                print error_msg("Cannot save your new password. " . mysql_error());
            }
        } else {
            print error_msg("Your new password and the confirm password do not match.<br/>Please re-enter and confirm your new password.");
        }
    } else {
        print error_msg("Password is incorrect. Please try again.");
    }
示例#3
0
 $errorString = "";
 if ($_POST['token'] != $_SESSION['token']) {
     $errorString[] = "Invalid token! (what are you doing??)<br />";
 }
 $token_age = time() - $_SESSION['token_time'];
 // force to resubmit after 5 minutes
 if ($token_age > 300) {
     $errorString[] = "Timout value exceeded, resubmit<br />";
 }
 if ($_POST['realname'] != $user->data['real_name'] && !is_valid_real_name($_POST['realname']) && $_POST['realname'] != "") {
     $errorString[] = "Invalid name";
 }
 if (!is_curr_password($_POST['curpassword'], $user)) {
     $errorString[] = "Current password not correct";
 }
 if (!is_valid_password($_POST['passwordx'], $_POST['password2']) && ($_POST['passwordx'] != "" || $_POST['password2'] != "")) {
     $errorString[] = "Passwords do not match or are not of required length";
 }
 if ($_POST['email'] != $user->data['email'] && !is_rfc3696_valid_email_address($_POST['email']) && $_POST['email'] != "") {
     $errorString[] = "Invalid email address";
 }
 if ($_POST['email'] != $user->data['email'] && email_exists($_POST['email'], true)) {
     $errorString[] = "Email address already in use";
 }
 if ($_POST['name_format'] != $user->data['name_format']) {
     if ($_POST['name_format'] > 4 || $_POST['name_format'] < 1) {
         $errorString[] = "Invalid name format! (what are you doing?)";
     }
 }
 if (!is_valid_amount($_POST['amount']) && strtolower($_POST['amount']) != "always" && $_POST['amount'] != "" && $_POST['amount'] != "0" && $_POST['email_notify']) {
     $errorString[] = "Invalid notify amount";
示例#4
0
function user_change_password($post)
{
    //testing if the old password is correct
    $r = sql_fetch_array(sql_query("SELECT user_name FROM users WHERE user_id = " . $_SESSION['user_id'] . " LIMIT 1"));
    $login = $r['user_name'];
    if (user_check_password($login, $post['old_pw'])) {
        //testing if the two new passwords coincide
        if ($post['new_pw'] != $post['new_pw_re']) {
            return 3;
        }
        if (!is_valid_password($post['new_pw'])) {
            return 4;
        }
        $passwd = md5(md5($post['new_pw']) . substr($login, 0, 2));
        sql_query("UPDATE `users` SET `user_passwd`='{$passwd}' WHERE `user_id`=" . $_SESSION['user_id'] . " LIMIT 1");
        return 1;
    } else {
        return 2;
    }
}
示例#5
0
 // User data was sent:
 // Attempt to register the new user.
 include_once "{$INCLUDE_PATH}/engine/validation.php";
 include_once "{$INCLUDE_PATH}/engine/db.php";
 include_once "{$INCLUDE_PATH}/error.php";
 // Collect the user data.
 $user = $_POST['user'];
 $pwd1 = $_POST['pwd1'];
 $pwd2 = $_POST['pwd2'];
 $email = $_POST['email'];
 // The error array.
 $err = array();
 // Validate the user data.
 is_valid_pname($user, $err);
 is_valid_password($pwd1, $err);
 is_valid_password($pwd2, $err);
 is_valid_email($email, $err);
 // Check the passwords for consistency.
 if ($pwd1 != $pwd2) {
     array_push($err, "Your passwords do not match.");
 }
 $title = 'Error';
 $error_page = 'register_error.php';
 // Check for errors.
 if (sizeof($err) > 0) {
     $messages = $err;
     draw_page($error_page);
     exit;
 }
 // Check to see if the profile name already exists.
 $_r = $rpgDB->query(sprintf("SELECT COUNT(pname) as cnt FROM %s WHERE pname = '%s'", $TABLE_USERS, addslashes($user)));
include "../model/cart.php";
$id = filter_input(INPUT_POST, 'custID');
$firstName = filter_input(INPUT_POST, 'fName');
$lastName = filter_input(INPUT_POST, 'lName');
$street = filter_input(INPUT_POST, 'street');
$postalCode = filter_input(INPUT_POST, 'postalCode');
$province = filter_input(INPUT_POST, 'province');
$phone = filter_input(INPUT_POST, 'phone');
$email_account = filter_input(INPUT_POST, 'email_account');
$password = filter_input(INPUT_POST, 'password');
$confirm_password = filter_input(INPUT_POST, 'confirm_password');
$action = filter_input(INPUT_POST, 'action');
$remember = filter_input(INPUT_POST, 'remember');
//create customer
if ($action == "register") {
    if (is_valid_password($password, $confirm_password)) {
        create_customer($firstName, $lastName, $street, $postalCode, $province, $phone, $email_account, $password);
        echo "thank you for registering";
    } else {
        echo "Please make sure your password is the same";
    }
} else {
    if ($action == "login") {
        if (is_valid_customer_login($email_account, $password)) {
            echo "Logged in<br/>";
            echo $remember . "<br/>";
            if ($remember) {
                echo "Email remembered!<br/>";
                setcookie("email", $email_account, 0, "/");
            }
            start_cart_session();
示例#7
0
include_once "{$INCLUDE_PATH}/engine/sid.php";
include_once "{$INCLUDE_PATH}/engine/templates.php";
include_once "{$INCLUDE_PATH}/error.php";
include_once "{$INCLUDE_PATH}/engine/validation.php";
// Respawn the user session.
$sid = RespawnSession(__LINE__, __FILE__);
$err = array();
global $FORUM;
if (!$FORUM) {
    // Validate the passwords (if supplied).
    if ($_POST['pwd1'] || $_POST['pwd2']) {
        // Verify passwords.
        if ($_POST['pwd1'] != $_POST['pwd2']) {
            array_push($err, "Your passwords to not match.");
        }
        is_valid_password($_POST['pwd1'], $err);
    }
    // Validate the email.
    is_valid_email($_POST['email'], $err);
    // Validate the session length.
    is_valid_slength($_POST['slength'], $err);
}
if (sizeof($err)) {
    $title = 'Error';
    $messages = $err;
    draw_page('details_error.php');
} else {
    if (!$FORUM) {
        if ($_POST['pwd1'] && $_POST['pwd2']) {
            update_password(addslashes($_POST['pwd1']), $sid);
        }
示例#8
0
 case "processregister":
     include "inc/email_validator.php";
     // validate fields
     $errorString = "";
     if (!is_valid_name($_POST['username'])) {
         $errorString[] = "Invalid username";
     }
     if (!is_valid_real_name($_POST['realname'])) {
         $errorString[] = "Invalid name";
     } elseif (username_exists($_POST['username'])) {
         $errorString[] = "Username already in use";
     }
     /* elseif (realname_exists($_POST['realname'])) {
        $errorString[] = "Name already in use";
        } */
     if (!is_valid_password($_POST['password'], $_POST['password2'])) {
         $errorString[] = "Passwords do not match or are not of required length";
     }
     if (!is_rfc3696_valid_email_address($_POST['email'])) {
         $errorString[] = "Invalid email address";
     }
     if (email_exists($_POST['email'], true)) {
         $errorString[] = "Email address already in use";
     }
     if (!empty($_POST['code']) && !regcode_exists($_POST['code'])) {
         $errorString[] = "Supplied registration code is not recognized or expired.";
     }
     /* if (!is_valid_group($_POST['group_id'])) {
        $errorString .= "Invalid group! (how is this possible?) <br />";
        } */
     if (!empty($errorString)) {