function vInsertIntoOwnerLoginTable($SafeFirstName, $SafeLastName, $SafeEmail, $SafePWD)
{
global $mysqli;
$UserID = $SafeFirstName . $SafeLastName;
$iOwnerExists = iCheckIfOwnerEmailExists($SafeEmail);
#if this is the first claim.
if ($iOwnerExists == 0) {
#Obtain a cryption and save it in the DB.
$salt = salt();
#Hash a string that is comprised of password and a salt.
#Save it as a password. This will create a second level of security.
$hash = getHash($SafePWD, $salt);
# The folloing is for email activation of validation.
$email_code = md5($SafeEmail + microtime());
if (DEBUG) {
echo "salt =" . $salt . "<br>";
echo "SafePWD =" . $SafePWD . "<br>";
echo "hash =" . $hash . "<br>";
}
#user_id is also email address.
$mysqli->autocommit(FALSE);
$InsertCommand = "INSERT INTO \r\n login_table ( id, user_id, salt, password, email_address, email_code, type )\r\n\t\t\t\t values ( NULL, '" . $SafeEmail . "', '" . $salt . "', '" . $hash . "', '" . $SafeEmail . "', '" . $email_code . "', 'O' )";
$add_post_res = $mysqli->query($InsertCommand);
# or die($mysqli->error);
if (!$mysqli->commit()) {
$mysqli->rollback();
}
SendActivateEmailNotice($SafeEmail, $email_code);
echo "Please activate your email to complete the registration. Please respond to your email. Thanks.";
} else {
/*popup( "You have already registere!", OWNER_LOGIN_PAGE ); */
echo "You have already registered!";
}
}
function encrypt($string)
{
$crypt = '';
$salt1 = salt(21);
$salt2 = salt(rand(20, 23));
switch (rand(1, 5)) {
case 1:
$crypt = crypt1($string);
break;
case 2:
$crypt = crypt2($string);
break;
case 3:
$crypt = crypt3($string);
break;
case 4:
$crypt = crypt4($string);
break;
case 5:
$crypt = crypt4($string);
break;
}
$crypt = $salt1 . $crypt . $salt2;
return base64_encode($crypt);
}
public function create($username, $email, $password, $sendConfirmation = true, $group = USER_GROUP_DEFAULT_SIGNUP)
{
global $sDB, $sTemplate;
$salt = salt();
$passwordHash = crypt($password, '$6$rounds=5000$' . $salt . '$');
$dateAdded = time();
$sDB->execUsers("INSERT INTO `users` (`userId`, `userName`, `email`, `group`, `password`, `salt`, `dateAdded`) VALUES\n (NULL, '" . mysql_real_escape_string($username) . "', '" . mysql_real_escape_string($email) . "', '" . i($group) . "', '" . mysql_real_escape_string($passwordHash) . "', '" . mysql_real_escape_string($salt) . "', '" . i($dateAdded) . "');");
if (mysql_affected_rows()) {
$this->userId = mysql_insert_id();
$this->userName = $username;
$this->email = $email;
$this->password = $passwordHash;
$this->salt = $salt;
$this->dateAdded = $dateAdded;
$this->group = $group;
if ($sendConfirmation) {
$confirmationCode = md5(time());
$confirmationLink = $sTemplate->getRoot() . "confirmation.php?userId=" . $this->userId . "&confirmationCode=" . $confirmationCode;
$this->addConfirmationCode("CONFIRMATION_TYPE_EMAIL", $confirmationCode);
$subject = $sTemplate->getString("SIGNUP_CONFIRMATION_EMAIL_SUBJECT");
$message = $sTemplate->getString("SIGNUP_CONFIRMATION_EMAIL_BODY", array("[USERNAME]", "[PASSWORD]", "[CONFIRMATION_LINK]"), array($this->userName, $password, $confirmationLink));
$mail = new HTMLMail($this->email, $this->email, SENDMAIL_FROM_NAME, SENDMAIL_FROM);
$mail->buildMessage($subject, $message);
$mail->sendmail();
}
return true;
} else {
return false;
}
}
function genrandom($len, $salt = null)
{
if (empty($salt)) {
$salt = salt('a', 'z') . salt('A', 'Z') . salt('0', '9');
}
$str = "";
for ($i = 0; $i < $len; $i++) {
$index = rand(0, strlen($salt) - 1);
$str .= $salt[$index];
}
return $str;
}
function m_login($user, $password)
{
$link = newdb();
$stmt = $link->prepare("SELECT salt,password FROM players WHERE player=?");
$stmt->bind_param('s', $user);
$stmt->execute();
$stmt->bind_result($salt, $password2);
if (!$stmt->fetch()) {
return FALSE;
}
if (salt($salt, $password) == $password2) {
return TRUE;
}
return FALSE;
}
public function add()
{
if ($_POST) {
$this->form_validation->set_rules('first_name', 'First Name', 'trim|required|max_length[12]');
$this->form_validation->set_rules('last_name', 'Last Name', 'trim|required|max_length[24]');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email|is_unique[users.email]');
$this->form_validation->set_rules('password', 'Password', 'required|min_length[8]|matches[confirm_password]');
$this->form_validation->set_rules('confirm_password', 'Confirm Password', 'required');
$this->form_validation->set_rules('phone', 'Phone', 'required');
$this->form_validation->set_rules('mobile', 'Mobile', 'required');
$this->form_validation->set_rules('company', 'Company', 'required');
$this->form_validation->set_rules('position', 'Position', 'required');
$this->form_validation->set_message('is_unique', 'The %s is already exist');
if ($this->_data['type'] == 'superadmin') {
$this->form_validation->set_rules('type', 'Type', 'required');
}
if ($this->form_validation->run()) {
$info['first_name'] = $_POST['first_name'];
$info['last_name'] = $_POST['last_name'];
$info['email'] = $_POST['email'];
$info['salt'] = $salt = salt();
$info['password'] = hashPassword($_POST['password'], $salt);
$info['phone'] = $_POST['phone'];
$info['mobile'] = $_POST['mobile'];
$info['company'] = $_POST['company'];
$info['position'] = $_POST['position'];
if ($this->_data['type'] == 'superadmin') {
$info['type'] = $_POST['type'];
} else {
$info['type'] = 'user';
}
$new_user_id = $this->user_model->newUser($info);
$details['user_id'] = $new_user_id;
$details['field'] = 'creator_id';
$details['value'] = $this->session->userdata('user_id');
$this->db->insert('user_details', $details);
//$this->_send_email($info);
redirect('user/user');
}
}
$this->_data['breadcrumb'] = 'user/add_user';
$this->_data['page_title'] = "Create User";
$this->_data['companyList'] = $this->user_model->companyList();
$this->_data['view'] = 'user_add';
$this->load->view('user/home', $this->_data);
}
function crypt_apr_md5($plain, $salt = null)
{
if (is_null($salt)) {
$salt = salt(8);
} elseif (preg_match('/^\\$apr1\\$/', $salt)) {
$salt = preg_replace('/^\\$apr1\\$([^$]+)\\$.*/', '\\1', $salt);
} else {
$salt = substr($salt, 0, 8);
}
$length = strlen($plain);
$context = $plain . '$apr1$' . $salt;
$binary = hex2bin(md5($plain . $salt . $plain));
for ($i = $length; $i > 0; $i -= 16) {
$context .= substr($binary, 0, $i > 16 ? 16 : $i);
}
for ($i = $length; $i > 0; $i >>= 1) {
$context .= $i & 1 ? chr(0) : $plain[0];
}
$binary = hex2bin(md5($context));
for ($i = 0; $i < 1000; $i++) {
$new = $i & 1 ? $plain : substr($binary, 0, 16);
if ($i % 3) {
$new .= $salt;
}
if ($i % 7) {
$new .= $plain;
}
$new .= $i & 1 ? substr($binary, 0, 16) : $plain;
$binary = hex2bin(md5($new));
}
$p = array();
for ($i = 0; $i < 5; $i++) {
$k = $i + 6;
$j = $i + 12;
if ($j == 16) {
$j = 5;
}
$p[] = to64(ord($binary[$i]) << 16 | ord($binary[$k]) << 8 | ord($binary[$j]), 5);
}
return '$apr1$' . $salt . '$' . implode($p) . to64(ord($binary[11]), 3);
}
public function authenticate(array $options = array())
{
$app = \App::getInstance();
if (!isset($options['username']) && !isset($options['password'])) {
return null;
}
$userCollection = \Norm\Norm::factory(@$this->options['userCollection'] ?: 'User');
$user = $userCollection->findOne(array('!or' => array(array('username' => $options['username']), array('email' => $options['username']), array('normalized_username' => str_replace('.', '', $options['username'])))));
if (function_exists('salt')) {
$options['password'] = salt($options['password']);
}
if (is_null($user) || $user['password'] . '' !== $options['password']) {
return null;
}
if (empty($options['keep'])) {
$app->session->reset();
} else {
$app->session->reset(array('lifetime' => 365 * 24 * 60 * 60));
}
$_SESSION['user'] = $user->toArray();
return $user->toArray();
}
function vInsertIntoClientLoginTable($SafeFirstName, $SafeLastName, $SafeEmail, $SafePWD)
{
global $mysqli;
$UserID = $SafeFirstName . $SafeLastName;
$iClientExists = iCheckIfClientEmailExists($SafeEmail);
#if this is the first claim.
if ($iClientExists == 0) {
$salt = salt();
$hash = getHash($SafePWD, $salt);
$email_code = md5($SafeEmail + microtime());
#user_id is also email address.
$mysqli->autocommit(FALSE);
$InsertCommand = "INSERT INTO client_login_table \r\n ( id, first_name, last_name, email_address, email_code, salt, password )\r\n values \r\n (NULL,'{$SafeFirstName}', '{$SafeLastName}', '{$SafeEmail}', '{$email_code}', '{$salt}', '{$hash}' )";
$add_post_res = $mysqli->query($InsertCommand) or die($mysqli->error);
if (!$mysqli->commit()) {
$mysqli->rollback();
}
SendActivateEmailNotice($SafeEmail, $email_code);
echo "Please activate your email to complete the registration. Please respond to your email. Thanks.";
} else {
/*popup('You have already registered.', "http://" . IP_ADDRESS . "/member/client_login_register.php");*/
echo "You have already registered";
}
}
/**
* 发送邮件给新的邮箱地址
* @param User $user
* @param string $email
* @param string $password
* @throws \Exception
*/
public function edit_email_send_mail($user, $email, $password)
{
lib()->load('UserCheck', 'MailTemplate');
$email = strtolower(trim($email));
if ($user->getPassword() !== UserCheck::CreatePassword($password, $user->getSalt())) {
$this->throwMsg(-10);
}
$email_check = UserCheck::CheckEmail($email);
if ($email_check !== true) {
throw new \Exception($email_check);
}
$meta = ['edit_email_add' => $email, 'edit_email_time' => date("Y-m-d H:i:s"), 'edit_email_code' => salt_hash($email . $user->getEmail(), salt())];
$user->getMeta()->set($meta);
$mt = new MailTemplate("edit_email.html");
$mt->setUserInfo($user->getInfo());
$mt->setValues(['verify_code' => $meta['edit_email_code']]);
$mt->mailSend($user->getName(), $email);
}
public function edit_pwd($old, $new)
{
$this->db = db_class();
switch ($this->login_type) {
case "admin":
$info = $this->db->get_admin_info($this->user_info['name']);
if (salt_hash(md5_xx($old), $info['a_salt']) != $info['a_pwd']) {
return "原密码错误";
}
$update = ['a_salt' => salt(32)];
$update['a_pwd'] = salt_hash(md5_xx($new), $update['a_salt']);
if ($this->db->update_user_info($this->user_info['name'], $update) == 1) {
return true;
}
break;
case "teacher":
$info = $this->db->get_teacher_info_by_id($this->user_info['it_id']);
if ($info['it_password'] != $old) {
return "原密码错误";
}
if ($this->db->base_info_edit("info_teacher", ['it_password' => $new], ['it_id' => $info['it_id']]) == 1) {
return true;
}
break;
break;
case "student":
$info = $this->db->get_student_info_by_id($this->user_info['is_id']);
if ($info['is_password'] != $old) {
return "原密码错误";
}
if ($this->db->base_info_edit("info_student", ['is_password' => $new], ['is_id' => $info['is_id']]) == 1) {
return true;
}
break;
}
return "修改密码失败";
}
/**
* @param $user \ULib\User
* @throws \Exception
* @return mixed
*/
private function CreateActivationUrl(&$user)
{
$code = md5(salt(64) . $user->getId());
$user->getMeta()->set(["activation_code" => $code, "activation_time" => date("Y-m-d H:i:s")]);
return hook()->apply("UserRegister_CreateActivationUrl", get_url("User", "activation", $code), $code, $user);
}
if (isset($_POST['gender'])) {
$gender = form_input($_POST["gender"]);
}
if (!in_array($gender, array(0, 1, -1, 2))) {
throwJSON(array("status" => "error", "code" => 305, "msg" => "feild gender out of range."));
exit;
}
//密码
if (isset($_POST['password'])) {
$password = form_input($_POST["password"]);
}
if (isNull($password)) {
throwJSON(array("status" => "error", "code" => 306, "msg" => "password can not be null"));
exit;
}
$salt = salt(6);
//随机撒盐
$newpass = md5(md5($password) . $salt);
//验证码
if (isset($_POST['captcha'])) {
$captcha = form_input($_POST["captcha"]);
}
if (isNull($captcha)) {
throwJSON(array("status" => "error", "code" => 307, "msg" => "captcha can not be null"));
exit;
} else {
/*
$expire = $_SESSION["captcha"]["expire"];
$time1 = $_SESSION["captcha"]["createtime"];
$captcha1 = $_SESSION["captcha"]["code"];
if($tim1+$expire>$now){ //验证码是否过期
<?php
@session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$usertype = $_POST['usertype'];
$dept = $_POST['dept'];
include 'dbconnect.php';
$result = mysqli_query($con, "SELECT * FROM users");
$flag = true;
while ($row = mysqli_fetch_array($result)) {
if ($row['username'] == $username) {
$flag = false;
}
}
include 'salt.php';
$salt = salt(8);
$passhashed = md5(md5($password) . md5($salt));
$lastlogin = date('Y-m-d H:i:s');
if ($flag == true) {
$result = mysqli_query($con, "INSERT INTO users (username, salt, password, usertype, dept, lastlogin)\r\nVALUES ('{$username}','{$salt}','{$passhashed}','{$usertype}','{$dept}','{$lastlogin}')");
$_SESSION['error'] = "user_created";
header('location: ./adduser.php');
} else {
$_SESSION['error'] = "user_exist";
header('location: ./adduser.php');
}
function resetpassword($username, $password)
{
@session_start();
$salt = salt(8);
$user = userdetails($username);
if (count($user) == 1) {
$salt = $user[0]["salt"];
$pass = md5($salt . md5($password));
$con = dbconnect();
mysqli_query($con, "INSERT INTO users (password) VALUES ('{$password}')");
$_SESSION['success'] = "Password reset";
// header("location: resetpassword.php");
} else {
$_SESSION['error'] = "Invalid Username";
// header("location: resetpassword.php");
}
}
public function resetPassword($username)
{
if (!$username) {
return false;
}
//find user exists in database
$conditions = [];
$conditions[] = $this->getMatches($username);
$row = $this->database->find('#__users', 'first', ['conditions' => $conditions]);
if (empty($row['userid'])) {
return false;
}
$new_pass = $this->generateRandomKey();
$activation_key = $this->generateRandomKey();
$new_md5 = salt($new_pass);
$result = $this->database->update('#__users', ['password' => $new_md5, 'last_pw_change' => time(), 'activation_key' => $activation_key], ['userid' => $row['userid']]);
if (!$result) {
return false;
}
return ['pass' => $new_pass, 'key' => $activation_key];
}
private function handleNewSponsor()
{
global $sDB, $sRequest, $sQuery, $sTemplate, $sSession, $sNotify;
// contact info
$name = $sRequest->getString("sponsor_name");
$companyName = $sRequest->getString("sponsor_company_name");
$street = $sRequest->getString("sponsor_street");
$zip = $sRequest->getInt("sponsor_zip");
$city = $sRequest->getString("sponsor_city");
$phone = $sRequest->getString("sponsor_phone");
$email = $sRequest->getString("sponsor_email");
$additionalInformation = $sRequest->getString("sponsor_additional_information");
$password = $sRequest->getString("sponsor_password");
$salt = salt();
$passwordHash = crypt($password, '$6$rounds=5000$' . $salt . '$');
$password2 = $sRequest->getString("sponsor_password2");
// sponsor info
$slogan = $sRequest->getString("sponsor_slogan");
$url = $sRequest->getString("sponsor_url");
$fileName = $fileExt = "";
if ($_FILES['sponsor_logo'] && $_FILES['sponsor_logo']['name']) {
$userFileName = @$_FILES['sponsor_logo']['name'];
$fileName = basename($userFileName);
$fileExt = end(explode(".", $userFileName));
}
// payment info
$paymentMethod = $sRequest->getInt("sponsor_payment_method");
$paymentData = new stdClass();
$paymentData->paymentMethod = $paymentMethod;
if ($paymentMethod == PAYMENT_METHOD_ELV) {
$paymentELVName = $sRequest->getString("sponsor_elv_name");
$paymentELVAccountNumber = $sRequest->getString("sponsor_elv_account_number");
$paymentELVBankNumber = $sRequest->getString("sponsor_elv_bank_number");
$paymentData->paymentELVName = $paymentELVName;
$paymentData->paymentELVAccountNumber = $paymentELVAccountNumber;
$paymentData->paymentELVBankNumber = $paymentELVBankNumber;
}
$paymentInterval = $sRequest->getInt("sponsor_payment_interval");
$paymentAmount = $sRequest->getInt("sponsor_amount");
$paymentData->paymentInterval = $paymentInterval;
$paymentData->paymentAmount = $paymentAmount;
// validate data
if ($name == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_NAME"));
return false;
}
if ($street == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_STREET"));
return false;
}
if ($zip == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ZIP"));
return false;
}
if ($city == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_CITY"));
return false;
}
if ($phone == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PHONE"));
return false;
}
if ($email == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_EMAIL"));
return false;
}
$res = $sDB->exec("SELECT * FROM `sponsors_data` WHERE `email` = '" . mysql_real_escape_string($email) . "' LIMIT 1;");
if (mysql_num_rows($res)) {
$this->setError($sTemplate->getString("SPONSOR_ERROR_EMAIL_EXISTS"));
return false;
}
if ($password == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PASSWORD"));
return false;
}
if ($password != $password2) {
$this->setError($sTemplate->getString("SPONSOR_ERROR_PASSWORD_MISSMATCH"));
return false;
}
if ($slogan == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_SLOGAN"));
return false;
}
if ($url == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_URL"));
return false;
}
if (!in_array($paymentMethod, array(PAYMENT_METHOD_ELV, PAYMENT_METHOD_BILL))) {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PAYMENT_METHOD"));
return false;
}
if ($paymentInterval < time()) {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_PAYMENT_INTERVAL"));
return false;
}
if ($paymentAmount <= 0) {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_AMOUNT"));
return false;
}
if ($paymentMethod == PAYMENT_METHOD_ELV) {
if ($paymentELVName == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ELV_NAME"));
return false;
}
if ($paymentELVAccountNumber == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ELV_ACCOUNT_NUMBER"));
return false;
}
if ($paymentELVBankNumber == "") {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_ELV_BANK_NUMBER"));
return false;
}
}
if ($fileExt && !in_array($fileExt, array("png", "jpg", "jpeg"))) {
$this->setError($sTemplate->getString("SPONSOR_ERROR_INVALID_FILE_EXTENSION"));
return false;
}
$logoHeight = $logoWidth = 0;
$thumb;
if ($fileExt) {
try {
$thumb = new Imagick($_FILES["sponsor_logo"]["tmp_name"]);
$imgData = $thumb->getImageGeometry();
if ($imgData['height'] > 160 || $imgData['width'] > 160) {
$thumb->resizeImage(160, 160, imagick::FILTER_LANCZOS, 1, true);
}
$imgData = $thumb->getImageGeometry();
$logoHeight = $imgData["height"];
$logoWidth = $imgData["width"];
} catch (Exception $e) {
}
}
$res = $sDB->exec("INSERT INTO `sponsors_data` (`sponsorId`, `name`, `companyName`, `street`, `zip`, `city`,\r\n `phone`, `email`, `password`, `slogan`, `paymentMethod`,\r\n `paymentData`, `amount`, `dateAdded`, `approved`, `currentLogoApproved`, `logoHeight`, `logoWidth`, `url`, `additionalInformation`)\r\n VALUES(NULL, '" . mysql_real_escape_string($name) . "', '" . mysql_real_escape_string($companyName) . "',\r\n '" . mysql_real_escape_string($street) . "', '" . mysql_real_escape_string($zip) . "',\r\n '" . mysql_real_escape_string($city) . "', '" . mysql_real_escape_string($phone) . "',\r\n '" . mysql_real_escape_string($email) . "', '" . mysql_real_escape_string($passwordHash) . "',\r\n '" . mysql_real_escape_string($slogan) . "', '" . mysql_real_escape_string($paymentMethod) . "',\r\n '" . mysql_real_escape_string(serialize($paymentData)) . "', '" . mysql_real_escape_string($paymentAmount) . "',\r\n '" . time() . "', '0', '0', '" . mysql_real_escape_string($logoHeight) . "',\r\n '" . mysql_real_escape_string($logoWidth) . "', '" . mysql_real_escape_string($url) . "',\r\n '" . mysql_real_escape_string($additionalInformation) . "')");
$sponsorId = mysql_insert_id();
if (!$sponsorId) {
$this->setError($sTemplate->getString("SPONSOR_ERROR_TRY_AGAIN_LATER"));
return false;
}
if ($fileExt) {
try {
// move and resize logo.
$logoPath = $sTemplate->getSponsorLogosRootAbs() . $sponsorId . ".png";
$thumb->writeImage($logoPath);
$thumb->destroy();
} catch (Exception $e) {
}
}
$sSession->setVal('notification', $sTemplate->getString("SPONSOR_SIGNUP_SUCCESS"));
$sSession->serialize();
$subject = $sTemplate->getString("SPONSOR_CONFIRMATION_EMAIL_SUBJECT");
$message = $sTemplate->getString("SPONSOR_CONFIRMATION_EMAIL_BODY", array("[NAME]"), array($name));
$mail = new HTMLMail($email, $email, SENDMAIL_FROM_NAME, SENDMAIL_FROM);
$mail->buildMessage($subject, $message);
$mail->sendmail();
$sNotify->sponsor("new sponsor", "email: " . $email . "<br />\n" . "amount: " . $paymentAmount);
return true;
}
$group_id = $group->get_primary_id();
$cohort = DataObject::create($dao, "cohort", array("course_id" => $course_id, "group_id" => $group_id, "cohort_start" => $cohort_start));
$cohort->commit();
}
$uncomfirmed = salt($user_email);
$user = DataObject::create($dao, "user", array("cohort_id" => $cohort->get_primary_id(), "user_name" => $user_name, "user_email" => "{$uncomfirmed} {$user_email}", "user_password" => $user_password, "user_picture" => "default"));
if ($user->commit()) {
//Add the user to the cohort's group
$grouping = DataObject::create($dao, "grouping", array("group_id" => $cohort->group_id, "user_id" => $user->get_primary_id()));
$grouping->commit();
$dao->myquery("SELECT MAX(conf_id) FROM confirmation;");
$maxid = $dao->fetch_one();
if ($maxid) {
$rnd = salt(",jag,wd873423%Ed.fkug" . $maxid);
} else {
$rnd = salt(",jag,wd873423%Ed.fkug" . rand());
}
//send rnd to the user and a link which will return rnd to the server for confirmation
$send_email = false;
//If the confirmation has already been sent, just resend it. Don't craete a new confimation
if (NULL != DataObject::select_one($dao, "confirmation", array("conf_id"), array("user_email" => $user_email))) {
$send_email = true;
} else {
$conf = DataObject::create($dao, "confirmation", array("conf_rnd" => $rnd, "user_id" => $user->get_primary_id(), "user_email" => $user_email));
if ($conf->commit()) {
$send_email = true;
} else {
redirect("../../register/", array_merge(array("m" => "6"), $_POST));
//This should never happen
}
}
<?php
include "connect/database.php";
validaSession();
securityValidation($_COOKIE['id'], "1");
if ($_POST) {
$we = "name = '" . $_POST['firstname'] . "', lastname = '" . $_POST['lastname'] . "', email = '" . $_POST['email'] . "', department = '" . $_POST['dept'] . "', user = '******'user'] . "', udate = NOW(), act = '" . $_POST['act'] . "'";
updateTable("users", $we, "id = " . $_GET[i]);
if (strlen(trim($_POST['password'], " ")) > 0) {
$salt_u = salt();
$pass_u = sha1($_POST['password']);
$pass_comb = sha1($salt_u . $pass_u);
$wee = "salt = '" . $salt_u . "', pass = '******'";
updateTable("users", $wee, "id = " . $_GET['i']);
}
eliminarRegistro("security", 'users_id', $_GET['i']);
$priv = $_POST['sec'];
//insertTable("security","'','".$_GET['i']."','1'");
foreach ($priv as $sec) {
$values_sec = "'','" . $_GET['i'] . "','" . $sec . "'";
insertTable("security", $values_sec);
}
}
$user = listAll("users", "WHERE id = " . $_GET['i']);
$rs_user = mysql_fetch_object($user);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
/**
* @param $user
* @param $password
*/
public function create_user($user, $password)
{
$salt = salt(40);
$password = salt_hash(_hash($password), $salt);
var_dump(db()->insert("user", array('user' => $user, 'password' => $password, 'salt' => $salt, 'token' => _hash($password . salt(50)))));
var_dump(db()->error());
}
public function doctorEdit()
{
if (!session('?admin')) {
$this->redirect('Main/index');
}
if (session('right') != 1) {
$this->error('访问无权限');
}
$database = M('admin');
if (IS_POST) {
if (!$database->autoCheckToken($_POST)) {
$this->error('令牌验证错误');
}
$map['uid'] = ':uid';
$bind[':uid'] = I('get.uid');
if (!empty(I('post.password'))) {
$data['salt'] = salt();
$data['password'] = sha1(C('DB_PREFIX') . I('post.password') . '_' . $data['salt']);
}
if (!empty(I('post.area')) or !empty(I('post.building'))) {
$data['location'] = json_encode(array('area' => I('post.area'), 'building' => I('post.building')));
}
if (empty($data)) {
$data['location'] = null;
}
$update = $database->where($map)->bind($bind)->data($data)->filter('strip_tags')->save();
if ($update) {
$this->success('资料修改成功');
} else {
$this->error('资料修改失败');
}
} else {
$area = menu();
$this->assign('area', $area);
foreach ($area as $key => $value) {
foreach ($value['citys'] as $k => $v) {
$building[] = $v;
}
}
$this->assign('building', $building);
$admin = $database->where('uid=:uid')->bind(':uid', I('get.uid'))->find();
$admin = json_decode($admin['location'], true);
$this->assign('admin', $admin);
$this->display('admin-edit-doctor');
}
}
<?php
include_once "../util/mysql.php";
include "../util/pwd.php";
$dao = new DAO(true);
$user_password = $dao->escape(salt($_POST["user_password"]));
$user->user_id = $dao->escape($_POST["user_id"]);
$conf_rnd = $dao->escape($_POST["conf_rnd"]);
$query = "SELECT * FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
if ($dao->fetch_num_rows() == 1) {
$query = "DELETE FROM reset_request WHERE user_id=\"{$user->user_id}\" AND conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
$new_password_query = "UPDATE user SET user_password=\"{$user_password}\" WHERE user_id=\"{$user->user_id}\";";
$dao->myquery($new_password_query);
}
?>
$g = $data['gender'];
if ($g == "male") {
$gender = "H";
} else {
if ($g == "female") {
$gender = "M";
}
}
$user_name = utf8_decode($data['first_name']);
$user_lastname = utf8_decode($data['last_name']);
$user_gender = $gender;
$user_email = $data['email'];
$user_pass = sha1($data['password']);
$user_dob = $bday[2] . "-" . $bday[0] . "-" . $bday[1];
$user_type = $data['user_type'];
$user_salt = salt();
// TODO: ESTA FUNCION SE MIGRO AL MODELO DE USER
$user_act = "N";
$user_act_code = StringHelper::generateRandomString();
$passEnc = sha1($user_salt . $user_pass);
$reg = listAll("user", "WHERE user = '******'");
$reg_num = mysql_num_rows($reg);
if ($reg_num < 1) {
$user_insert = insertTable("user", "'','{$user_name}','{$user_lastname}','{$user_dob}','{$user_gender}','{$user_email}','{$passEnc}','{$user_salt}','{$user_type}',NOW(),'0000-00-00 00:00:00','{$user_act}','{$user_act_code}', false, false");
if ($user_insert > 0) {
$to = $user_email;
$toName = $user_name . ' ' . $user_lastname;
$asunto = "Confirmación de registro";
$params = array('site_url' => FConfig::getUrl(), 'logo_url' => FConfig::getUrl('images/logo_footer.png'), 'nombre' => $toName, 'confirmacion_url' => FConfig::getUrl('confirmacion') . '?c=' . $user_act_code . '&e=' . $user_email);
$body = FMailer::replaceParameters($params, file_get_contents('../views/emails/registroEmail.html'));
$mailer = new FMailer();
<input type="text" id="db[name]" name="db[name]" placeholder="输入你的数据库名称" required>
</div>
</div>
<hr>
<button data-am-loading="{spinner: 'circle-o-notch'}" type="submit" class="am-btn am-btn-primary am-round am-center">下一步»</buttom>
</fieldset></form>
</div>
</div>
<?php
} elseif ($_GET['step'] == 2) {
?>
<?php
if ($_POST) {
$config = (include './Application/Common/Conf/config.php');
$user = $_POST['user'];
$salt = salt();
$password = sha1($config['DB_PREFIX'] . $user['password'] . '_' . $salt);
$link = mysql_connect($config['DB_HOST'] . ':' . $config['DB_PORT'], $config['DB_USER'], $config['DB_PWD']);
mysql_select_db($config['DB_NAME']);
mysql_query("SET character_set_connection=utf8, character_set_results=utf8, character_set_client=binary");
mysql_query("SET sql_mode=''");
$sql[] = 'CREATE TABLE `osc_admin` (`uid` int(11) unsigned NOT NULL AUTO_INCREMENT,`username` varchar(25) NOT NULL,`password` varchar(55) NOT NULL,`salt` varchar(25) NOT NULL,`lastip` varchar(25) DEFAULT NULL,`lasttime` int(11) DEFAULT NULL,`right` int(1) DEFAULT \'0\',`location` varchar(255) DEFAULT NULL,PRIMARY KEY (`uid`)) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;';
$sql[] = 'CREATE TABLE `osc_article` (`acid` int(11) unsigned NOT NULL AUTO_INCREMENT,`title` varchar(55) NOT NULL,`content` text NOT NULL,`time` int(11) NOT NULL,`author` varchar(20) NOT NULL,`view` int(11) DEFAULT \'0\',PRIMARY KEY (`acid`)) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;';
$sql[] = 'CREATE TABLE `osc_order` (`order` varchar(25) NOT NULL,`area` int(11) unsigned NOT NULL,`building` int(11) unsigned DEFAULT NULL,`location` varchar(25) NOT NULL,`good` varchar(25) DEFAULT NULL,`description` varchar(255) NOT NULL,`user` varchar(25) NOT NULL,`time` int(11) unsigned NOT NULL,`dotime` int(11) unsigned DEFAULT NULL,`donetime` int(11) unsigned DEFAULT NULL,`canceltime` int(11) unsigned DEFAULT NULL,`status` int(11) DEFAULT \'0\',`emerg` int(11) NOT NULL DEFAULT \'0\',`doctor` varchar(25) DEFAULT NULL,`repairer` varchar(25) DEFAULT NULL,PRIMARY KEY (`order`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;';
$sql[] = 'CREATE TABLE `osc_setting` (`key` varchar(25) NOT NULL,`value` text NOT NULL,PRIMARY KEY (`key`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;';
$sql[] = 'CREATE TABLE `osc_user` (`uid` varchar(25) NOT NULL,`username` varchar(25) DEFAULT NULL,`password` varchar(55) DEFAULT NULL,`area` int(11) DEFAULT NULL,`building` int(11) DEFAULT NULL,`location` varchar(25) DEFAULT NULL,`tel` varchar(25) DEFAULT NULL,`lastip` varchar(25) DEFAULT NULL,`lasttime` int(11) DEFAULT NULL,`salt` varchar(25) DEFAULT NULL,PRIMARY KEY (`uid`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;';
foreach ($sql as $k => $v) {
$v = str_replace('osc_', $config['DB_PREFIX'], $v);
mysql_query($v);
}
mysql_query("INSERT INTO `{$config['DB_PREFIX']}admin` (`username`, `password`, `salt`, `right`) VALUES('{$user['username']}', '{$password}', '{$salt}', '1')");
function admin_pwd_reset()
{
header("Content-Type: application/json; charset=utf-8");
if (!$this->check()) {
return;
}
$id = $this->__req->post('id');
$rt = ['status' => false, 'msg' => ''];
$pwd = salt(12);
$a_salt = salt(32);
$a_pwd = salt_hash(md5_xx($pwd), $a_salt);
$db = db_class();
$id = $db->update_admin_info($id, compact('a_salt', 'a_pwd'));
if ($id == 1) {
$rt['status'] = true;
$rt['msg'] = $pwd;
} else {
$rt['msg'] = "更新失败";
}
echo json_encode($rt);
}
function salt()
{
echo salt();
}
private function SetNewPassword($newPwd)
{
$this->Salt = salt();
$this->Password = hashPwd($newPwd, $this->Salt);
}
public function SetPassword($newPwd, $save = false)
{
$this->Salt = salt();
$this->Password = hashPwd($newPwd, $this->Salt);
if ($save) {
$this->Save();
}
}
<?php
/**
* Generating hashed password using blowfish and random salt
*/
function salt()
{
$salt = "";
$salt_chars = array_merge(range('A', 'Z'), range('a', 'z'), range(0, 9));
for ($i = 0; $i < 22; $i++) {
$salt .= $salt_chars[array_rand($salt_chars)];
}
return $salt;
}
// generate password hash (one-time, at registration)
$password_entered = "123";
// needs to be read from user input
$password_hash = crypt($password_entered, "\$2a\$07\$" . salt() . "\$");
// check entered password (each time at login)
$password_hash = '$2a$07$nw4dJlHqzkt7bdxeB04VIeWM/D68VMoskNAFTvG.9wTiC/7tURes.';
// this should be read in from the DB
if (crypt($password_entered, $password_hash) == $password_hash) {
echo "correct password";
} else {
echo "incorrect password";
}
/**
* POST登录
* @param string $account
* @param string $password
* @param string $captcha
* @param bool $save_status
*/
public function PostLogin($account, $password, $captcha, $save_status)
{
if (empty($account) || empty($password)) {
$this->throwMsg(-10);
}
$save_status = !empty($save_status);
if (!$this->Captcha($captcha)) {
//验证码检测
$this->throwMsg(-5);
}
$account = strtolower($account);
$password = strtolower($password);
$this->GetAccountUser($account);
lib()->load('UserCheck');
if (!UserCheck::CheckPasswordChar($password)) {
$this->throwMsg(-3);
}
$ip = Ip::getInstance();
$max_error_count = hook()->apply("UserLogin_max_error_count", 6);
$now_ip = $ip->realip();
if ($max_error_count <= $this->user->getErrorLoginCount() && $ip->fill($now_ip) === $ip->fill($this->user->getErrorLoginIp()) && explode(" ", $this->user->getErrorLoginTime())[0] == date("Y-m-d")) {
//登录被限制
$this->throwMsg(-8);
} else {
if (UserCheck::CreatePassword($password, $this->user->getSalt()) !== $this->user->getPassword()) {
//错误登录记录
$this->user->set(array("error_login_count" => 1 + $this->user->getErrorLoginCount(), 'error_login_time' => date("Y-m-d H:i:s"), 'error_login_ip' => $now_ip));
if ($this->user->getErrorLoginCount() >= $max_error_count) {
hook()->apply("UserLogin_PostLogin_restrictions", NULL, $this->user);
}
$this->throwMsg(-4);
} else {
if (in_array($this->user->getStatus(), [0, 1, 2])) {
if ($this->user->getErrorLoginCount() > 0) {
//错误登录清零
$this->user->set(array("error_login_count" => 0));
}
} else {
//登录受限制,无法登录
$this->throwMsg(-9);
}
}
}
try {
//登录成功后的COOKIE设置
if (strlen($this->user->getCookieLogin()) < 10) {
$this->user->set(array("cookie_login" => salt_hash(time() . $this->user->getEmail(), salt(20))));
}
if ($save_status) {
cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin(), hook()->apply("UserLogin_PostLogin_CookieTime", time() + 60 * 60 * 24 * 7));
} else {
cookie()->set("UserLogin", $this->user->getId() . "\t" . $this->user->getCookieLogin());
}
} catch (\Exception $ex) {
$this->throwMsg(-6);
}
try {
//最后登录信息
self::setLastLoginInfo($this->user);
} catch (\Exception $ex) {
$this->code = -7;
}
hook()->apply('UserLogin_PostLogin_Success', NULL, $this->user);
}
