/** * Enregistre un utilisateur à la base de donnée * @param $pseudo string * @param $prenom string * @param $nom string * @param $email string * @param $password string * @return bool */ public function register($pseudo, $prenom, $nom, $email, $password, $imgname) { /* On hash le mot de passe */ $passwordhashed = passwordhash($password); /* On défini la date d'inscription */ $dateinscription = date('Y-m-d'); $lastco = date("Y-m-d H:i:s"); $registeruser = $this->db->prepare("INSERT INTO users (pseudo, nom, prenom, email, password, imgprofil, dateinscription, lastco) VALUES(:pseudo, :nom, :prenom, :email, :password, :imgprofil, :dateinscription, :lastco)"); $registeruser->execute(array('pseudo' => $pseudo, 'nom' => $nom, 'prenom' => $prenom, 'email' => $email, 'password' => $passwordhashed, 'imgprofil' => $imgname, 'dateinscription' => $dateinscription, 'lastco' => $lastco)); return true; }
public function change_settings_password($username, $newmdp) { $newpassword = passwordhash($newmdp); try { $updateMdpMembre = $this->db->prepare('UPDATE users SET password=:password WHERE pseudo=:pseudo AND session=:session'); $updateMdpMembre->execute(array('pseudo' => $username, 'session' => $_SESSION['session'], 'password' => $newpassword)); return true; } catch (PDOException $e) { echo $e->getMessage(); } }
public function register($pseudo, $prenom, $nom, $email, $password, $classe, $datedenaissance, $sexe) { try { $passwordhash = passwordhash($password); $dateinscription = date('Y-m-d', time()); $prenomplusnom = $prenom . " " . $nom; $lastco = strftime('%d %B %Y à %H:%M'); $stmt = $this->db->prepare("INSERT INTO users(pseudo,prenom,nom,prenomplusnom,email,password,classe,datedenaissance,sexe,dateinscription,notifMailPrive,allowFindSearch,comptePrive,lastco) VALUES(:pseudo, :prenom, :nom, :prenomplusnom, :email, :password, :classe, :datedenaissance, :sexe, :dateinscription, :notifMailPrive, :allowFindSearch, :comptePrive, :lastco)"); $stmt->execute(array('pseudo' => $pseudo, 'prenom' => $prenom, 'nom' => $nom, 'prenomplusnom' => $prenomplusnom, 'email' => $email, 'password' => $passwordhash, 'classe' => $classe, 'datedenaissance' => $datedenaissance, 'sexe' => $sexe, 'dateinscription' => $dateinscription, 'notifMailPrive' => 'true', 'allowFindSearch' => 'true', 'comptePrive' => 'false', 'lastco' => $lastco)); return true; } catch (PDOException $e) { echo $e->getMessage(); } }
function passwordCheck($password, $storedHash, $username = '', $salt = '') { // Easy-WI uses the PHP hash API introduced with version 5.5. Fallbacks in place for older versions. global $aeskey; // First check if crypt works properly. With old PHP versions like Debian 6 with 5.3.3 we will run into an error if (crypt('password', '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') == '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG') { // Return true in case the password is ok if (password_verify($password, $storedHash)) { return true; } // Password is correctly but stored in an old or insecure format. We need to hash it with a secure implementation. // Insecure implementations like md5 or sha1 are imported from other systems with the cloud.php job. if (preg_match('/^[a-z0-9]{32}+$/', $storedHash) and md5($password) == $storedHash) { return password_hash($password, PASSWORD_DEFAULT); } else { if (preg_match('/^[a-z0-9]{40}+$/', $storedHash) and sha1($password) == $storedHash) { return password_hash($password, PASSWORD_DEFAULT); } else { if (preg_match('/^[a-z0-9]{128}+$/', $storedHash) and createHash($username, $password, $salt, $aeskey) == $storedHash) { return password_hash($password, PASSWORD_DEFAULT); } else { if (preg_match('/^[a-z0-9]{128}+$/', $storedHash) and passwordhash($username, $password) == $storedHash) { return password_hash($password, PASSWORD_DEFAULT); } } } } // Fallback to sha512 since some Admins are either lazy or forced to stick to old PHP. } else { $newSalt = md5(mt_rand() . date('Y-m-d H:i:s:u')); if (createHash($username, $password, $salt, $aeskey) == $storedHash) { return true; } else { if (preg_match('/^[a-z0-9]{32}+$/', $storedHash) and md5($password) == $storedHash) { return array('hash' => createHash($username, $password, $newSalt, $aeskey), 'salt' => $newSalt); } else { if (preg_match('/^[a-z0-9]{40}+$/', $storedHash) and sha1($password) == $storedHash) { return array('hash' => createHash($username, $password, $newSalt, $aeskey), 'salt' => $newSalt); } else { if (preg_match('/^[a-z0-9]{128}+$/', $storedHash) and passwordhash($username, $password) == $storedHash) { return createHash($username, $password, $salt, $aeskey); } } } } } // Password Is Not Correct return false; }
*/ define('EASYWIDIR', dirname(__FILE__)); if (is_dir(EASYWIDIR . '/install')) { die('Please remove the "install" folder'); } $logininclude = true; include EASYWIDIR . '/stuff/methods/vorlage.php'; include EASYWIDIR . '/stuff/methods/class_validator.php'; include EASYWIDIR . '/stuff/methods/functions.php'; include EASYWIDIR . '/stuff/settings.php'; include EASYWIDIR . '/stuff/keyphrasefile.php'; if ($ui->ip4('REMOTE_ADDR', 'server') and $ui->names('user', 255, 'post')) { $query = $sql->prepare("SELECT `ip`,`active`,`pwd`,`salt`,`user`,i.`resellerID` FROM `api_ips` i INNER JOIN `api_settings` s ON s.`resellerID`=i.`resellerID` WHERE `ip`=?"); $query->execute(array($ui->ip4('REMOTE_ADDR', 'server'))); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { if ($row['active'] == 'Y' and passwordhash($ui->password('pwd', 255, 'post'), $row['salt']) == $row['pwd'] and $ui->names('user', 255, 'post') == $row['user']) { $resellerIDs[] = $row['resellerID']; } } } else { if ($ui->ip4('REMOTE_ADDR', 'server')) { header('HTTP/1.1 403 Forbidden'); die('403 Forbidden: No valid access data. No API user given. Request IP is: ' . $ui->ip4('REMOTE_ADDR', 'server')); } else { header('HTTP/1.1 403 Forbidden'); die('403 Forbidden: No valid access data. No API user given. No IP4 can be found at REMOTE_ADDR.'); } } if (in_array($ui->smallletters('type', 10, 'post'), array('gserver', 'list', 'tsdns', 'mysql', 'user', 'voice', 'web'))) { $type = $ui->smallletters('type', 10, 'post'); }
include EASYWIDIR . '/stuff/keyphrasefile.php'; include EASYWIDIR . '/stuff/methods/functions_gs.php'; include EASYWIDIR . '/stuff/methods/functions_ssh_exec.php'; include EASYWIDIR . '/stuff/methods/class_ts3.php'; include EASYWIDIR . '/stuff/methods/class_app.php'; $validacces = false; if ($ui->ip4('REMOTE_ADDR', 'server') and $ui->names('user', 255, 'post') and !isset($page_include)) { $query = $sql->prepare("SELECT `active`,`pwd`,`salt`,`user`,i.`resellerID` FROM `api_ips` i LEFT JOIN `api_settings` s ON i.`resellerID`=s.`resellerID` WHERE `ip`=?"); $query->execute(array($ui->ip4('REMOTE_ADDR', 'server'))); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { $pwd = $row['pwd']; $salt = $row['salt']; if ($row['active'] == 'Y' and passwordhash($ui->password('pwd', 255, 'post'), $salt) == $pwd and $ui->names('user', 255, 'post') == $row['user']) { $resellerIDs[] = $row['resellerID']; } if (isset($resellerIDs) and count($resellerIDs) == 1 and passwordhash($ui->password('pwd', 255, 'post'), $salt) == $pwd) { $reseller_id = $resellerIDs[0]; $validacces = true; } } } else { $reseller_id = 0; $validacces = true; } if ($validacces == false) { header('HTTP/1.1 403 Forbidden'); die('403 Forbidden: Access data not valid'); } if ($ui->escaped('email', 'post') != '') { $fullday = date('Y-m-d H:i:s', strtotime("+1 day")); $query = $sql->prepare("SELECT `id` FROM `badips` WHERE `badip`=? LIMIT 1");
} else { setFlash("Vous n'avez rien changé !", "warning"); } } } /* * Si on valide le formulaire pour changer de mot de passe */ if (isset($_POST['SubmitPassword'])) { $errors = array(); $data = array(); $actualpswd = htmlspecialchars(trim($_POST['inputPassword'])); $newpswd = htmlspecialchars(trim($_POST['inputNewPassword'])); $newpswd2 = htmlspecialchars(trim($_POST['inputNewPassword2'])); /* On hash le mot de passe */ $passwordhash = passwordhash($newpswd); /* Si un des trois champs est vide */ if (empty($actualpswd) || empty($newpswd) || empty($newpswd2)) { $errors['EmptyInput'] = "Veuillez remplir tous les champs de texte"; } /* On vérifie que le mot de passe actuel est correct */ if ($actualpswd != $user->checkpassword($info_profil->id, $actualpswd)) { $errors['PasswordFalse'] = "Le mot de passe actuel est incorrect !"; } /* Si les nouveaux mot de passe ne sont pas idéntique */ if ($newpswd != $newpswd2) { $errors['PswdNotSame'] = "La confirmation de votre nouveau mot de passe ne correspond pas"; } /* On vérifie que le nouveau mot de passe n'est pas le même que l'actuel */ if ($actualpswd == $user->checkpassword($info_profil->id, $newpswd)) { $errors['PasswordSame'] = "Vous n'avez pas changer de mot de passe";
setFlash($error, "danger"); } else { $result = $user->forget_password($username); if ($result['status'] != 0) { setFlash($result['err'], 'success'); } else { setFlash($result['err'], 'danger'); } } } if (isset($_POST['submitreset'])) { $password = $_POST['password']; $passwordrepeat = $_POST['passwordrepeat']; if ($password == $passwordrepeat) { if (strlen(utf8_decode($password)) > 5) { $passwordhash = passwordhash($password); $changepass = $DB_con->prepare("UPDATE users SET password=:password WHERE email=:email"); $changepass->execute(array('password' => $passwordhash, 'email' => $_GET['email'])); $deletetoken = $DB_con->prepare("DELETE FROM forget_password WHERE email=:email AND token=:token"); $deletetoken->execute(array('email' => $_GET['email'], 'token' => $_GET['token'])); setFlash('Votre mot de passe a bien été changé ! Reconnectez vous', "success"); $user->redirect('/connexion'); } else { $error = erreur('USER_PASSWORD_CARACT'); setFlash($error, "danger"); } } else { $error = erreur('USER_SAME_PASSWORD'); setFlash($error, "danger"); } }
if ($ui->smallletters('action', 2, 'post') == 'md') { $query = $sql->prepare("SELECT COUNT(`active`) AS `amount` FROM `api_settings` WHERE `resellerID`=? LIMIT 1"); $query->execute(array($lookupID)); $amount = $query->fetchColumn(); $salt = md5(date('Y-d-m H:m:s')); $user = $ui->names('user', 255, 'post'); if ($amount > 0) { $query = $sql->prepare("UPDATE `api_settings` SET `active`=?,`user`=? WHERE `resellerID`=? LIMIT 1"); $query->execute(array($ui->active('active', 'post'), $user, $lookupID)); if ($ui->password('pwd', 255, 'post') != 'encrypted') { $query = $sql->prepare("UPDATE `api_settings` SET `pwd`=?,`salt`=? WHERE `resellerID`=? LIMIT 1"); $query->execute(array(passwordhash($ui->password('pwd', 255, 'post'), $salt), $salt, $lookupID)); } } else { $query = $sql->prepare("INSERT INTO `api_settings` (`active`,`user`,`salt`,`pwd`,`resellerID`) VALUES (?,?,?,?,?)"); $query->execute(array($ui->active('active', 'post'), $user, passwordhash($ui->password('pwd', 255, 'post'), $salt), $salt, $lookupID)); } $ips = array(); $postIPs = (array) $ui->ip4('ip', 'post'); $query = $sql->prepare("SELECT `ip` FROM `api_ips` WHERE `resellerID`=?"); $query->execute(array($lookupID)); while ($row = $query->fetch(PDO::FETCH_ASSOC)) { if (!in_array($row['ip'], $postIPs)) { $delete = $sql->prepare("DELETE FROM `api_ips` WHERE `ip`=? AND `resellerID`=?"); $delete->execute(array($row['ip'], $lookupID)); } else { $ips[] = $row['ip']; } } foreach ($postIPs as $ip) { if (!in_array($ip, $ips)) {