示例#1
0
 public function testRandomStringDoesntEverMatch()
 {
     $this->assertNotEmpty(make_random_string());
     $i = 30;
     while ($i--) {
         $this->assertNotEquals(make_random_string(), make_random_string());
     }
 }
示例#2
0
function user_login($login, $password, $attach_ip = 0, $keep_in = 0, $sleep = 0)
{
    global $AVE_DB, $cookie_domain;
    sleep($sleep);
    if (empty($login)) {
        return 1;
    }
    $row = $AVE_DB->Query("\n\t\tSELECT\n\t\t\tusr.Id,\n\t\t\tusr.user_group,\n\t\t\tusr.user_name,\n\t\t\tusr.firstname,\n\t\t\tusr.lastname,\n\t\t\tusr.email,\n\t\t\tusr.country,\n\t\t\tusr.password,\n\t\t\tusr.salt,\n\t\t\tusr.status,\n\t\t\tgrp.user_group_permission\n\t\tFROM\n\t\t\t" . PREFIX . "_users AS usr\n\t\tLEFT JOIN\n\t\t\t" . PREFIX . "_user_groups AS grp\n\t\t\t\tON grp.user_group = usr.user_group\n\t\tWHERE email = '" . $login . "'\n\t\tOR user_name = '" . $login . "'\n\t\tLIMIT 1\n\t")->FetchRow();
    if (!(isset($row->password) && $row->password == md5(md5($password . $row->salt)))) {
        return 2;
    }
    if ($row->status != '1') {
        return 3;
    }
    $salt = make_random_string();
    $hash = md5(md5($password . $salt));
    $time = time();
    $u_ip = $attach_ip == 1 ? "INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')" : 0;
    $AVE_DB->Query("\n\t\tUPDATE " . PREFIX . "_users\n\t\tSET\n\t\t\tlast_visit = '" . $time . "',\n\t\t\tpassword   = '******',\n\t\t\tsalt       = '" . $salt . "',\n\t\t\tuser_ip    =  " . $u_ip . "\n\t\tWHERE\n\t\t\tId = '" . $row->Id . "'\n\t");
    $_SESSION['user_id'] = $row->Id;
    $_SESSION['user_name'] = get_username($row->user_name, $row->firstname, $row->lastname);
    $_SESSION['user_pass'] = $hash;
    $_SESSION['user_group'] = $row->user_group;
    $_SESSION['user_email'] = $row->email;
    $_SESSION['user_country'] = strtoupper($row->country);
    $_SESSION['user_language'] = strtolower($row->country);
    $_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
    $user_group_permissions = explode('|', preg_replace('/\\s+/', '', $row->user_group_permission));
    foreach ($user_group_permissions as $user_group_permission) {
        $_SESSION[$user_group_permission] = 1;
    }
    //	$_SESSION['admin_theme'] = DEFAULT_ADMIN_THEME_FOLDER;
    //	$_SESSION['admin_language']  = DEFAULT_LANGUAGE;
    if ($keep_in == 1) {
        $expire = $time + COOKIE_LIFETIME;
        $auth = base64_encode(serialize(array('id' => $row->Id, 'hash' => $hash)));
        @setcookie('auth', $auth, $expire, ABS_PATH, $cookie_domain);
    }
    return true;
}
示例#3
0
 if (strlen($_POST['pass']) < 5) {
     array_push($errors, $lang_i['pass_too_small']);
 }
 if (empty($_POST['username']) || preg_match($regex_username, $_POST['username'])) {
     array_push($errors, $lang_i['check_username']);
 }
 if (true === $db_connect && !sizeof($errors)) {
     if (isset($_POST['demo']) && 1 == $_POST['demo']) {
         $filename = BASE_DIR . '/install/data_demo.sql';
     } else {
         $filename = BASE_DIR . '/install/data_base.sql';
     }
     $handle = fopen($filename, 'r');
     $dbin = fread($handle, filesize($filename));
     fclose($handle);
     $salt = make_random_string();
     $hash = md5(md5($_POST['pass'] . $salt));
     $dbin = str_replace('%%SITENAME%%', $ver, $dbin);
     $dbin = str_replace('%%PRFX%%', $config['dbpref'], $dbin);
     $dbin = str_replace('%%EMAIL%%', $_POST['email'], $dbin);
     $dbin = str_replace('%%SALT%%', $salt, $dbin);
     $dbin = str_replace('%%PASS%%', $hash, $dbin);
     $dbin = str_replace('%%ZEIT%%', time(), $dbin);
     $dbin = str_replace('%%VORNAME%%', $_POST['firstname'], $dbin);
     $dbin = str_replace('%%NACHNAME%%', $_POST['lastname'], $dbin);
     $dbin = str_replace('%%USERNAME%%', $_POST['username'], $dbin);
     $dbin = str_replace('%%FON%%', $_POST['fon'], $dbin);
     $dbin = str_replace('%%FAX%%', $_POST['fax'], $dbin);
     $dbin = str_replace('%%PLZ%%', $_POST['zip'], $dbin);
     $dbin = str_replace('%%ORT%%', $_POST['town'], $dbin);
     $dbin = str_replace('%%STRASSE%%', $_POST['street'], $dbin);
示例#4
0
 /**
  * Редактирование учетной записи пользователя
  *
  * @param int $user_id идентификатор учетной записи пользователя
  */
 function userEdit($user_id)
 {
     global $AVE_DB, $AVE_Template;
     $user_id = (int) $user_id;
     switch ($_REQUEST['sub']) {
         case '':
             $row = $AVE_DB->Query("\r\n\t\t\t\t\tSELECT *\r\n\t\t\t\t\tFROM " . PREFIX . "_users\r\n\t\t\t\t\tWHERE Id = '" . $user_id . "'\r\n\t\t\t\t")->FetchRow();
             if (!$row) {
                 header('Location:index.php?do=user&cp=' . SESSION);
                 exit;
             }
             $AVE_Template->assign('row', $row);
             $AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
             if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop'")->GetCell()) {
                 $AVE_Template->assign('is_shop', 1);
             }
             if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell()) {
                 $row = $AVE_DB->Query("\r\n\t\t\t\t\t\tSELECT *\r\n\t\t\t\t\t\tFROM " . PREFIX . "_modul_forum_userprofile\r\n\t\t\t\t\t\tWHERE uid = '" . $user_id . "'\r\n\t\t\t\t\t")->FetchRow();
                 if (is_object($row)) {
                     $AVE_Template->assign('row_fp', $row);
                     $AVE_Template->assign('is_forum', 1);
                 }
             }
             $AVE_Template->assign('available_countries', get_country_list(1));
             $AVE_Template->assign('ugroups', $this->userGroupListGet(2));
             $AVE_Template->assign('formaction', 'index.php?do=user&amp;action=edit&amp;sub=save&amp;cp=' . SESSION . '&amp;Id=' . $user_id);
             $AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
             break;
         case 'save':
             $errors = $this->_userFieldValidate();
             if (!empty($errors)) {
                 $AVE_Template->assign('errors', $errors);
                 $AVE_Template->assign('available_countries', get_country_list(1));
                 $AVE_Template->assign('ugroups', $this->userGroupListGet(2));
                 $AVE_Template->assign('formaction', 'index.php?do=user&amp;action=edit&amp;sub=save&amp;cp=' . SESSION . '&amp;Id=' . $user_id);
                 $AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
             } else {
                 if (!empty($_REQUEST['password'])) {
                     $salt = make_random_string();
                     $password = md5(md5(trim($_POST['password']) . $salt));
                     $password_set = "password = '******', salt = '" . $salt . "',";
                 } else {
                     $password_set = '';
                 }
                 $user_group_set = $_SESSION['user_id'] != $user_id ? "user_group = '" . $_REQUEST['user_group'] . "'," : '';
                 $times = $_REQUEST['deleted'] == "1" ? time() : '';
                 $AVE_DB->Query("\r\n\t\t\t\t\t\tUPDATE " . PREFIX . "_users\r\n\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t" . $password_set . "\r\n\t\t\t\t\t\t\t" . $user_group_set . "\r\n\t\t\t\t\t\t\temail       = '" . $_REQUEST['email'] . "',\r\n\t\t\t\t\t\t\tstreet      = '" . $_REQUEST['street'] . "',\r\n\t\t\t\t\t\t\tstreet_nr   = '" . $_REQUEST['street_nr'] . "',\r\n\t\t\t\t\t\t\tzipcode     = '" . $_REQUEST['zipcode'] . "',\r\n\t\t\t\t\t\t\tcity        = '" . $_REQUEST['city'] . "',\r\n\t\t\t\t\t\t\tphone       = '" . $_REQUEST['phone'] . "',\r\n\t\t\t\t\t\t\ttelefax     = '" . $_REQUEST['telefax'] . "',\r\n\t\t\t\t\t\t\tdescription = '" . $_REQUEST['description'] . "',\r\n\t\t\t\t\t\t\tfirstname   = '" . $_REQUEST['firstname'] . "',\r\n\t\t\t\t\t\t\tlastname    = '" . $_REQUEST['lastname'] . "',\r\n\t\t\t\t\t\t\tuser_name   = '" . $_REQUEST['user_name'] . "',\r\n\t\t\t\t\t\t\tstatus      = '" . $_REQUEST['status'] . "',\r\n\t\t\t\t\t\t\tcountry     = '" . $_REQUEST['country'] . "',\r\n\t\t\t\t\t\t\tbirthday    = '" . $_REQUEST['birthday'] . "',\r\n\t\t\t\t\t\t\tdeleted     = '" . $_REQUEST['deleted'] . "',\r\n\t\t\t\t\t\t\tdel_time      = '" . $times . "',\r\n\t\t\t\t\t\t\ttaxpay      = '" . $_REQUEST['taxpay'] . "',\r\n\t\t\t\t\t\t\tcompany     = '" . $_REQUEST['company'] . "',\r\n\t\t\t\t\t\t\tuser_group_extra = '" . @implode(';', $_REQUEST['user_group_extra']) . "'\r\n\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\tId = '" . $user_id . "'\r\n\t\t\t\t\t");
                 if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell()) {
                     $AVE_DB->Query("\r\n\t\t\t\t\t\t\tUPDATE " . PREFIX . "_modul_forum_userprofile\r\n\t\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t\tgroup_id_misc  = '" . @implode(';', $_REQUEST['user_group_extra']) . "',\r\n\t\t\t\t\t\t\t\tuname          = '" . @$_REQUEST['uname_fp'] . "',\r\n\t\t\t\t\t\t\t\tsignature      = '" . @$_REQUEST['signature_fp'] . "' ,\r\n\t\t\t\t\t\t\t\tavatar         = '" . @$_REQUEST['avatar_fp'] . "'\r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tuid = '" . $user_id . "'\r\n\t\t\t\t\t\t");
                 }
                 if ($_REQUEST['status'] == 1 && @$_REQUEST['SendFreeMail'] == 1) {
                     $host = HOST . ABS_PATH;
                     $body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
                     $body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
                     $body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_BODY2'));
                     $body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
                     $body_start = str_replace('%N%', "\n", $body_start);
                     $body_start = str_replace('%HOST%', $host, $body_start);
                     send_mail($_POST['email'], $body_start, $AVE_Template->get_config_vars('USER_MAIL_SUBJECT'), get_settings('mail_from'), get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')', 'text');
                 }
                 if (!empty($_REQUEST['password']) && $_REQUEST['PassChange'] == 1) {
                     $host = HOST . ABS_PATH;
                     $body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
                     $body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
                     $body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_PASSWORD2'));
                     $body_start = str_replace('%NEWPASS%', $_REQUEST['password'], $body_start);
                     $body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
                     $body_start = str_replace('%N%', "\n", $body_start);
                     $body_start = str_replace('%HOST%', $host, $body_start);
                     send_mail($_POST['email'], $body_start, $AVE_Template->get_config_vars('USER_MAIL_PASSWORD'), get_settings('mail_from'), get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')', 'text');
                 }
                 if ($_REQUEST['SimpleMessage'] != '') {
                     send_mail($_POST['email'], stripslashes($_POST['SimpleMessage']), stripslashes($_POST['SubjectMessage']), $_SESSION['user_email'], $_SESSION['user_name'], 'text');
                 }
                 if (!empty($_REQUEST['password']) && $_SESSION['user_id'] == $user_id) {
                     $_SESSION['user_pass'] = $password;
                     $_SESSION['user_email'] = $_POST['email'];
                 }
                 reportLog($_SESSION['user_name'] . ' - Отредактировал параметры пользователя (' . stripslashes($_POST['user_name']) . ')', 2, 2);
                 header('Location:index.php?do=user&cp=' . SESSION);
                 exit;
             }
             break;
     }
 }
示例#5
0
 /**
  * Изменение пароля
  *
  */
 function loginUserPasswordChange()
 {
     global $AVE_DB, $AVE_Template;
     $AVE_Template->config_load($this->_lang_file, 'passwordchange');
     define('MODULE_SITE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE'));
     if (!isset($_SESSION['user_id'])) {
         header('Location:' . get_home_link());
         exit;
     }
     $salt = $AVE_DB->Query("\r\n\t\t\tSELECT salt\r\n\t\t\tFROM " . PREFIX . "_users\r\n\t\t\tWHERE Id = '" . $_SESSION['user_id'] . "'\r\n\t\t\tLIMIT 1\r\n\t\t")->GetCell();
     if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send') {
         $error = array();
         if ($_POST['old_pass'] == '') {
             $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS');
         } elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt))) {
             $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS');
         } elseif ($_POST['new_pass'] == '') {
             $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS');
         } elseif (mb_strlen($_POST['new_pass']) < 5) {
             $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
         } elseif ($_POST['new_pass_c'] == '') {
             $error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C');
         } elseif ($_POST['new_pass'] != $_POST['new_pass_c']) {
             $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS');
         } elseif (preg_match('/[^\\x21-\\xFF]/', $_POST['new_pass'])) {
             $error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
         }
         if (count($error) > 0) {
             $AVE_Template->assign('errors', $error);
         } else {
             $newsalt = make_random_string();
             $md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt));
             $AVE_DB->Query("\r\n\t\t\t\t\tUPDATE " . PREFIX . "_users\r\n\t\t\t\t\tSET\r\n\t\t\t\t\t\tpassword = '******',\r\n\t\t\t\t\t\tsalt     = '" . addslashes($newsalt) . "'\r\n\t\t\t\t\tWHERE Id     = '" . (int) $_SESSION['user_id'] . "'\r\n\t\t\t\t\tAND email    = '" . addslashes($_SESSION['user_email']) . "'\r\n\t\t\t\t\tAND password = '******'user_pass']) . "'\r\n\t\t\t\t");
             $_SESSION['user_pass'] = $md5_pass_salt;
             $AVE_Template->assign('changeok', 1);
         }
     }
     define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_change.tpl'));
 }
示例#6
0
<html>
  <head>
    <title>PHP demo</title>
  </head>
  <body>

    <?php 
// php can be added inline if it stays within the preset tags
print 'php output';
// make a list
print '<ul>';
$i = 0;
while ($i < 100) {
    print '<li>output string # ' . $i . ' ' . make_random_string(10);
    $i++;
}
print '</ul>';
// close the list
function make_random_string($length)
{
    $min = 65;
    $max = 90;
    $string = '';
    $j = 0;
    while ($j < $length) {
        $string .= chr(rand($min, $max));
        $j++;
    }
    return $string;
}
?>
示例#7
0
/**
 * Create a hash from a random string.
 *
 * @return String
 */
function nonce()
{
    // Fast hashing the random string only to make it a usable/passable nonce
    return hash('sha512', make_random_string());
}