public function testRandomStringDoesntEverMatch()
{
$this->assertNotEmpty(make_random_string());
$i = 30;
while ($i--) {
$this->assertNotEquals(make_random_string(), make_random_string());
}
}
function user_login($login, $password, $attach_ip = 0, $keep_in = 0, $sleep = 0)
{
global $AVE_DB, $cookie_domain;
sleep($sleep);
if (empty($login)) {
return 1;
}
$row = $AVE_DB->Query("\n\t\tSELECT\n\t\t\tusr.Id,\n\t\t\tusr.user_group,\n\t\t\tusr.user_name,\n\t\t\tusr.firstname,\n\t\t\tusr.lastname,\n\t\t\tusr.email,\n\t\t\tusr.country,\n\t\t\tusr.password,\n\t\t\tusr.salt,\n\t\t\tusr.status,\n\t\t\tgrp.user_group_permission\n\t\tFROM\n\t\t\t" . PREFIX . "_users AS usr\n\t\tLEFT JOIN\n\t\t\t" . PREFIX . "_user_groups AS grp\n\t\t\t\tON grp.user_group = usr.user_group\n\t\tWHERE email = '" . $login . "'\n\t\tOR user_name = '" . $login . "'\n\t\tLIMIT 1\n\t")->FetchRow();
if (!(isset($row->password) && $row->password == md5(md5($password . $row->salt)))) {
return 2;
}
if ($row->status != '1') {
return 3;
}
$salt = make_random_string();
$hash = md5(md5($password . $salt));
$time = time();
$u_ip = $attach_ip == 1 ? "INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')" : 0;
$AVE_DB->Query("\n\t\tUPDATE " . PREFIX . "_users\n\t\tSET\n\t\t\tlast_visit = '" . $time . "',\n\t\t\tpassword = '******',\n\t\t\tsalt = '" . $salt . "',\n\t\t\tuser_ip = " . $u_ip . "\n\t\tWHERE\n\t\t\tId = '" . $row->Id . "'\n\t");
$_SESSION['user_id'] = $row->Id;
$_SESSION['user_name'] = get_username($row->user_name, $row->firstname, $row->lastname);
$_SESSION['user_pass'] = $hash;
$_SESSION['user_group'] = $row->user_group;
$_SESSION['user_email'] = $row->email;
$_SESSION['user_country'] = strtoupper($row->country);
$_SESSION['user_language'] = strtolower($row->country);
$_SESSION['user_ip'] = addslashes($_SERVER['REMOTE_ADDR']);
$user_group_permissions = explode('|', preg_replace('/\\s+/', '', $row->user_group_permission));
foreach ($user_group_permissions as $user_group_permission) {
$_SESSION[$user_group_permission] = 1;
}
// $_SESSION['admin_theme'] = DEFAULT_ADMIN_THEME_FOLDER;
// $_SESSION['admin_language'] = DEFAULT_LANGUAGE;
if ($keep_in == 1) {
$expire = $time + COOKIE_LIFETIME;
$auth = base64_encode(serialize(array('id' => $row->Id, 'hash' => $hash)));
@setcookie('auth', $auth, $expire, ABS_PATH, $cookie_domain);
}
return true;
}
if (strlen($_POST['pass']) < 5) {
array_push($errors, $lang_i['pass_too_small']);
}
if (empty($_POST['username']) || preg_match($regex_username, $_POST['username'])) {
array_push($errors, $lang_i['check_username']);
}
if (true === $db_connect && !sizeof($errors)) {
if (isset($_POST['demo']) && 1 == $_POST['demo']) {
$filename = BASE_DIR . '/install/data_demo.sql';
} else {
$filename = BASE_DIR . '/install/data_base.sql';
}
$handle = fopen($filename, 'r');
$dbin = fread($handle, filesize($filename));
fclose($handle);
$salt = make_random_string();
$hash = md5(md5($_POST['pass'] . $salt));
$dbin = str_replace('%%SITENAME%%', $ver, $dbin);
$dbin = str_replace('%%PRFX%%', $config['dbpref'], $dbin);
$dbin = str_replace('%%EMAIL%%', $_POST['email'], $dbin);
$dbin = str_replace('%%SALT%%', $salt, $dbin);
$dbin = str_replace('%%PASS%%', $hash, $dbin);
$dbin = str_replace('%%ZEIT%%', time(), $dbin);
$dbin = str_replace('%%VORNAME%%', $_POST['firstname'], $dbin);
$dbin = str_replace('%%NACHNAME%%', $_POST['lastname'], $dbin);
$dbin = str_replace('%%USERNAME%%', $_POST['username'], $dbin);
$dbin = str_replace('%%FON%%', $_POST['fon'], $dbin);
$dbin = str_replace('%%FAX%%', $_POST['fax'], $dbin);
$dbin = str_replace('%%PLZ%%', $_POST['zip'], $dbin);
$dbin = str_replace('%%ORT%%', $_POST['town'], $dbin);
$dbin = str_replace('%%STRASSE%%', $_POST['street'], $dbin);
/**
* Редактирование учетной записи пользователя
*
* @param int $user_id идентификатор учетной записи пользователя
*/
function userEdit($user_id)
{
global $AVE_DB, $AVE_Template;
$user_id = (int) $user_id;
switch ($_REQUEST['sub']) {
case '':
$row = $AVE_DB->Query("\r\n\t\t\t\t\tSELECT *\r\n\t\t\t\t\tFROM " . PREFIX . "_users\r\n\t\t\t\t\tWHERE Id = '" . $user_id . "'\r\n\t\t\t\t")->FetchRow();
if (!$row) {
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
$AVE_Template->assign('row', $row);
$AVE_Template->assign('user_group_extra', explode(';', $row->user_group_extra));
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_shop'")->GetCell()) {
$AVE_Template->assign('is_shop', 1);
}
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell()) {
$row = $AVE_DB->Query("\r\n\t\t\t\t\t\tSELECT *\r\n\t\t\t\t\t\tFROM " . PREFIX . "_modul_forum_userprofile\r\n\t\t\t\t\t\tWHERE uid = '" . $user_id . "'\r\n\t\t\t\t\t")->FetchRow();
if (is_object($row)) {
$AVE_Template->assign('row_fp', $row);
$AVE_Template->assign('is_forum', 1);
}
}
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&sub=save&cp=' . SESSION . '&Id=' . $user_id);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
break;
case 'save':
$errors = $this->_userFieldValidate();
if (!empty($errors)) {
$AVE_Template->assign('errors', $errors);
$AVE_Template->assign('available_countries', get_country_list(1));
$AVE_Template->assign('ugroups', $this->userGroupListGet(2));
$AVE_Template->assign('formaction', 'index.php?do=user&action=edit&sub=save&cp=' . SESSION . '&Id=' . $user_id);
$AVE_Template->assign('content', $AVE_Template->fetch('user/form.tpl'));
} else {
if (!empty($_REQUEST['password'])) {
$salt = make_random_string();
$password = md5(md5(trim($_POST['password']) . $salt));
$password_set = "password = '******', salt = '" . $salt . "',";
} else {
$password_set = '';
}
$user_group_set = $_SESSION['user_id'] != $user_id ? "user_group = '" . $_REQUEST['user_group'] . "'," : '';
$times = $_REQUEST['deleted'] == "1" ? time() : '';
$AVE_DB->Query("\r\n\t\t\t\t\t\tUPDATE " . PREFIX . "_users\r\n\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t" . $password_set . "\r\n\t\t\t\t\t\t\t" . $user_group_set . "\r\n\t\t\t\t\t\t\temail = '" . $_REQUEST['email'] . "',\r\n\t\t\t\t\t\t\tstreet = '" . $_REQUEST['street'] . "',\r\n\t\t\t\t\t\t\tstreet_nr = '" . $_REQUEST['street_nr'] . "',\r\n\t\t\t\t\t\t\tzipcode = '" . $_REQUEST['zipcode'] . "',\r\n\t\t\t\t\t\t\tcity = '" . $_REQUEST['city'] . "',\r\n\t\t\t\t\t\t\tphone = '" . $_REQUEST['phone'] . "',\r\n\t\t\t\t\t\t\ttelefax = '" . $_REQUEST['telefax'] . "',\r\n\t\t\t\t\t\t\tdescription = '" . $_REQUEST['description'] . "',\r\n\t\t\t\t\t\t\tfirstname = '" . $_REQUEST['firstname'] . "',\r\n\t\t\t\t\t\t\tlastname = '" . $_REQUEST['lastname'] . "',\r\n\t\t\t\t\t\t\tuser_name = '" . $_REQUEST['user_name'] . "',\r\n\t\t\t\t\t\t\tstatus = '" . $_REQUEST['status'] . "',\r\n\t\t\t\t\t\t\tcountry = '" . $_REQUEST['country'] . "',\r\n\t\t\t\t\t\t\tbirthday = '" . $_REQUEST['birthday'] . "',\r\n\t\t\t\t\t\t\tdeleted = '" . $_REQUEST['deleted'] . "',\r\n\t\t\t\t\t\t\tdel_time = '" . $times . "',\r\n\t\t\t\t\t\t\ttaxpay = '" . $_REQUEST['taxpay'] . "',\r\n\t\t\t\t\t\t\tcompany = '" . $_REQUEST['company'] . "',\r\n\t\t\t\t\t\t\tuser_group_extra = '" . @implode(';', $_REQUEST['user_group_extra']) . "'\r\n\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\tId = '" . $user_id . "'\r\n\t\t\t\t\t");
if ($AVE_DB->Query("SHOW TABLES LIKE '" . PREFIX . "_modul_forum_userprofile'")->GetCell()) {
$AVE_DB->Query("\r\n\t\t\t\t\t\t\tUPDATE " . PREFIX . "_modul_forum_userprofile\r\n\t\t\t\t\t\t\tSET\r\n\t\t\t\t\t\t\t\tgroup_id_misc = '" . @implode(';', $_REQUEST['user_group_extra']) . "',\r\n\t\t\t\t\t\t\t\tuname = '" . @$_REQUEST['uname_fp'] . "',\r\n\t\t\t\t\t\t\t\tsignature = '" . @$_REQUEST['signature_fp'] . "' ,\r\n\t\t\t\t\t\t\t\tavatar = '" . @$_REQUEST['avatar_fp'] . "'\r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tuid = '" . $user_id . "'\r\n\t\t\t\t\t\t");
}
if ($_REQUEST['status'] == 1 && @$_REQUEST['SendFreeMail'] == 1) {
$host = HOST . ABS_PATH;
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_BODY2'));
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
$body_start = str_replace('%N%', "\n", $body_start);
$body_start = str_replace('%HOST%', $host, $body_start);
send_mail($_POST['email'], $body_start, $AVE_Template->get_config_vars('USER_MAIL_SUBJECT'), get_settings('mail_from'), get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')', 'text');
}
if (!empty($_REQUEST['password']) && $_REQUEST['PassChange'] == 1) {
$host = HOST . ABS_PATH;
$body_start = $AVE_Template->get_config_vars('USER_MAIL_BODY1');
$body_start = str_replace('%USER%', $_REQUEST['user_name'], $body_start);
$body_start .= str_replace('%HOST%', $host, $AVE_Template->get_config_vars('USER_MAIL_PASSWORD2'));
$body_start = str_replace('%NEWPASS%', $_REQUEST['password'], $body_start);
$body_start .= str_replace('%HOMEPAGENAME%', get_settings('site_name'), $AVE_Template->get_config_vars('USER_MAIL_FOOTER'));
$body_start = str_replace('%N%', "\n", $body_start);
$body_start = str_replace('%HOST%', $host, $body_start);
send_mail($_POST['email'], $body_start, $AVE_Template->get_config_vars('USER_MAIL_PASSWORD'), get_settings('mail_from'), get_settings('mail_from_name') . ' (' . get_settings('site_name') . ')', 'text');
}
if ($_REQUEST['SimpleMessage'] != '') {
send_mail($_POST['email'], stripslashes($_POST['SimpleMessage']), stripslashes($_POST['SubjectMessage']), $_SESSION['user_email'], $_SESSION['user_name'], 'text');
}
if (!empty($_REQUEST['password']) && $_SESSION['user_id'] == $user_id) {
$_SESSION['user_pass'] = $password;
$_SESSION['user_email'] = $_POST['email'];
}
reportLog($_SESSION['user_name'] . ' - Отредактировал параметры пользователя (' . stripslashes($_POST['user_name']) . ')', 2, 2);
header('Location:index.php?do=user&cp=' . SESSION);
exit;
}
break;
}
}
/**
* Изменение пароля
*
*/
function loginUserPasswordChange()
{
global $AVE_DB, $AVE_Template;
$AVE_Template->config_load($this->_lang_file, 'passwordchange');
define('MODULE_SITE', $AVE_Template->get_config_vars('LOGIN_PASSWORD_CHANGE'));
if (!isset($_SESSION['user_id'])) {
header('Location:' . get_home_link());
exit;
}
$salt = $AVE_DB->Query("\r\n\t\t\tSELECT salt\r\n\t\t\tFROM " . PREFIX . "_users\r\n\t\t\tWHERE Id = '" . $_SESSION['user_id'] . "'\r\n\t\t\tLIMIT 1\r\n\t\t")->GetCell();
if ($salt !== false && isset($_REQUEST['sub']) && $_REQUEST['sub'] == 'send') {
$error = array();
if ($_POST['old_pass'] == '') {
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_OLD_PASS');
} elseif ($_SESSION['user_pass'] != md5(md5($_POST['old_pass'] . $salt))) {
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_OLD_PASS');
} elseif ($_POST['new_pass'] == '') {
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS');
} elseif (mb_strlen($_POST['new_pass']) < 5) {
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SHORT_PASS');
} elseif ($_POST['new_pass_c'] == '') {
$error[] = $AVE_Template->get_config_vars('LOGIN_EMPTY_NEW_PASS_C');
} elseif ($_POST['new_pass'] != $_POST['new_pass_c']) {
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_EQU_PASS');
} elseif (preg_match('/[^\\x21-\\xFF]/', $_POST['new_pass'])) {
$error[] = $AVE_Template->get_config_vars('LOGIN_WRONG_SYM_PASS');
}
if (count($error) > 0) {
$AVE_Template->assign('errors', $error);
} else {
$newsalt = make_random_string();
$md5_pass_salt = md5(md5($_POST['new_pass'] . $newsalt));
$AVE_DB->Query("\r\n\t\t\t\t\tUPDATE " . PREFIX . "_users\r\n\t\t\t\t\tSET\r\n\t\t\t\t\t\tpassword = '******',\r\n\t\t\t\t\t\tsalt = '" . addslashes($newsalt) . "'\r\n\t\t\t\t\tWHERE Id = '" . (int) $_SESSION['user_id'] . "'\r\n\t\t\t\t\tAND email = '" . addslashes($_SESSION['user_email']) . "'\r\n\t\t\t\t\tAND password = '******'user_pass']) . "'\r\n\t\t\t\t");
$_SESSION['user_pass'] = $md5_pass_salt;
$AVE_Template->assign('changeok', 1);
}
}
define('MODULE_CONTENT', $AVE_Template->fetch($this->_tpl_dir . 'password_change.tpl'));
}
<html>
<head>
<title>PHP demo</title>
</head>
<body>
<?php
// php can be added inline if it stays within the preset tags
print 'php output';
// make a list
print '<ul>';
$i = 0;
while ($i < 100) {
print '<li>output string # ' . $i . ' ' . make_random_string(10);
$i++;
}
print '</ul>';
// close the list
function make_random_string($length)
{
$min = 65;
$max = 90;
$string = '';
$j = 0;
while ($j < $length) {
$string .= chr(rand($min, $max));
$j++;
}
return $string;
}
?>
/**
* Create a hash from a random string.
*
* @return String
*/
function nonce()
{
// Fast hashing the random string only to make it a usable/passable nonce
return hash('sha512', make_random_string());
}