if ($uage == 12) { $can_be_back = $umon - $regmon; $can_be_back *= 60; } else { $can_be_back = 13 - $uage; $can_be_back *= 365; } sm_raise_err("You are not 13 years of age or older. Come back soon!"); setcookie('sm_not_old', 'yes', time() + 60 * 60 * 24 * $can_be_back); sm_die(); } // Gender? WEE NEED NO STINKIN' GENDER! // No... wait! SocialMe is gender netural! // It's multisex enabled! // Hash password $hashed_pass = sha256($_POST['pass'] . $sm_secret); $sql_values = "('" . $_POST['name'] . "', '" . $_POST['mail'] . "', " . $uage . ", '" . $hashed_pass . ")"; $sql_query = "INSERT INTO accounts VALUES " . $sql_values; sm_db_exec($sql_query); // The user MUST verify their mail $veracccode = md5(sha1(crc32(mt_rand() + time()))); $_SESSION['veracccode'] = $veracccode; mail($uma, "Verify your " . $sm_name . "account", "Your " . $sm_name . " account needs verification. Your code is " . $veracccode . ". Return to the verification page and enter the code in.", "From: " . $sm_mail); header("Location: /v.php?ac_stamp=" . time()); } else { sm_raise_err("The CAPTCHA was wrong! Sign up again and enter it correctly!"); sm_die(); } } ?>
function add($id_user, $login_name) { $akey = sha256(make_code() . $login_name); $c = new Query(); $c->value('user_id', $id_user); $c->value('akey', $akey); $this->insert($c); return $akey; }
function session_auth() { if (array_key_exists("testid", $_REQUEST)) { return $_REQUEST["testid"]; } $uri = $_SERVER["REQUEST_URI"]; $session_id = $_REQUEST["session_id"]; $session_key = $_REQUEST["session_key"]; $pos = strpos($uri, "session_id="); if ($pos > 0) { $urix = substr($uri, 0, $pos) . substr($uri, $pos + 12 + strlen($session_id), strlen($uri)); $uri = $urix; } if ($pos < 1) { $result = array("error_code" => "403.1", "error_desc" => "SESSION ID is missing."); echo json_encode($result); exit(0); } $pos = strpos($uri, "session_key="); if ($pos > 0) { $urix = substr($uri, 0, $pos) . substr($uri, $pos + 13 + strlen($session_key), strlen($uri)); $uri = $urix; } if ($pos < 1) { $result = array("error_code" => "403.2", "error_desc" => "SESSION KEY is missing."); echo json_encode($result); exit(0); } if (substr($uri, strlen($uri) - 1, 1) == "&" || substr($uri, strlen($uri) - 1, 1) == "?") { $uri = substr($uri, 0, strlen($uri) - 1); } $es = load_ext_model("Mobile_sessions"); $sess = $es->get_session($session_id); if (!$sess) { $result = array("error_code" => "403.3", "error_desc" => "Expired session."); echo json_encode($result); exit(0); } $auth_value = sha256($uri . $sess["session_key"]); if ($session_key != $auth_value) { $result = array("error_code" => "403.4", "error_desc" => "Invalid SESSION KEY."); echo json_encode($result); exit(0); } if (array_key_exists("session_expire_expand", $_GET)) { $exp_date = $_GET["session_expire_expand"]; $es->extend($session_id, $exp_date); } return $sess["id_users"]; }
<?php /* Nanolink SHA256 Class Example */ // Include class, you may need to update the path to the class file require_once 'sha256.inc.php'; // Source string $input_str = $_GET['str']; // Verifying Source string if ($input_str == "") { echo "Error."; return; } // Timer function compatible with PHP4 function microtime_float() { list($usec, $sec) = explode(" ", microtime()); return (double) $usec + (double) $sec; } // Record time before hashing $time1 = microtime_float(); // Perform hash echo sha256($input_str); // Record time after hashing $time2 = microtime_float(); // Display difference echo "<br />\nRuntime: " . ($time2 - $time1) . " seconds."; return;
private function validateRegistration() { loadLibrary("validation.lib"); $user = secure($_POST["username"]); $display = secure($_POST["display"]); $pass1 = secure($_POST["pass1"]); $pass2 = secure($_POST["pass2"]); $email1 = secure($_POST["email1"]); $email2 = secure($_POST["email2"]); $res = valid_username($user); if ($res !== true) { $this->errors[] = $res; } $res = valid_displayname($display); if ($res !== true) { $this->errors[] = $res; } if ($pass1 !== $pass2) { $this->errors[] = "passwords_dont_match"; } else { $res = valid_password($pass1); if ($res !== true) { $this->errors[] = $res; } } if ($email1 !== $email2) { $this->errors[] = "emails_dont_match"; } else { $res = valid_email($email1); if ($res !== true) { $this->errors[] = $res; } } // Validate these next two for the most protective method. if ($_POST["hideemail"] == "no") { $hideemail = false; } else { $hideemail = true; } if ($_POST["receiveemail"] == "yes") { $receiveemail = true; } else { $receiveemail = false; } // Check ToS box if (!$_POST["tos"]) { $this->errors[] = "tos_not_checked"; } if (count($this->errors) == 0) { // Add the user global $yakbb; $yakbb->db->insert("users", array("id" => 0, "username" => $user, "displayname" => $display, "password" => sha256($pass1), "email" => $email1, "emailshow" => $hideemail ? 0 : 1, "emailoptin" => $receiveemail ? 1 : 0, "activated" => 1, "activationcode" => "", "pending" => 0, "registeredtime" => time(), "lastip" => $yakbb->ip, "template" => $yakbb->config["default_template"], "language" => $yakbb->config["default_language"], "timezone" => $yakbb->config["default_timezone"])); redirect("?action=login®=true"); } }
function USN_drop_servce($userid) { global $SSO_URL, $SECRET_KEY, $SERVICE_NAME; $_hex_org = $SECRET_KEY . $userid; include_once "sha256.php"; $_hex = sha256($_hex_org); $_url = "http://" . $SSO_URL . "/drop_service/" . $SERVICE_NAME . "/" . $userid . "/?key=" . $_hex; $FILE = fopen($_url, "r"); $read = fread($FILE, 4096); $ret = new DOMDocument(); $ret->loadXML($read); $x = $ret->documentElement; $_error_code = "0"; $_error_str = ""; $_userinfo = array(); foreach ($x->childNodes as $item) { switch ($item->nodeName) { case "error_code": $_error_code = $item->nodeValue; break; case "error_str": $_error_str = $item->nodeValue; break; case "datas": foreach ($item->childNodes as $item2) { $_userinfo[$item2->nodeName] = $item2->nodeValue; } break; } } return $_error_code; }
<?php include 'connect.php'; //variables goes here $name = mysqli_escape_string($_POST['name']); $email = mysqli_escape_string($_POST['email']); $password = sha256(sha512(mysqli_escape_string($_POST['password']))); $confirm = sha256(sha512(mysqli_escape_string($_POST['confirm']))); $send = $_POST['send']; //top level domain for emails $domains = array('@gmail.com', '@outlook.com', '@outlook.es', '@yahoo.com'); //validate form function validate() { $clean_email = strstr($email, '@'); if (empty($name) || !isset($name)) { echo 'please fill all fields'; } //check if array has a value if (!in_array($clean_email, $domains)) { echo 'please enter a valid email provider'; } if ($password !== $confirm) { echo 'plase check your password match'; } if (isset($_POST['register'])) { start_session(); } } validate(); function start_session()
function hash_wrapper($str) { switch (__OTP_HASH_FUNCTION) { case __OTP_MD5: if (function_exists(md5)) { return md5($str); } case __OTP_SHA1: if (function_exists(sha1)) { return sha1($str); } case __OTP_SHA256: if (function_exists(sha256)) { return sha256($str); } default: if (function_exists(sha1)) { return sha1($str); } print "DANGER WILL ROBINSON!!!"; exit; } }
{ $t1 = $x->RightRotate(2); $t2 = $x->RightRotate(13); $t3 = $x->RightRotate(22); return $t1->LogicalXOR($t2)->LogicalXOR($t3); } function bigSigma1_256($x) { $t1 = $x->RightRotate(6); $t2 = $x->RightRotate(11); $t3 = $x->RightRotate(25); return $t1->LogicalXOR($t2)->LogicalXOR($t3); } function sigma0_256($x) { $t1 = $x->RightRotate(7); $t2 = $x->RightRotate(18); $t3 = $x->LogicalRightShift(3); return $t1->LogicalXOR($t2)->LogicalXOR($t3); } function sigma1_256($x) { $t1 = $x->RightRotate(17); $t2 = $x->RightRotate(19); $t3 = $x->LogicalRightShift(10); return $t1->LogicalXOR($t2)->LogicalXOR($t3); } echo sha256("lazy_one"); ?>
echo sha256(''); conclude(); } elseif (isset($_GET['register'])) { // Show registration home page webpage("register"); } elseif (isset($_GET['verify'])) { // Check if a registration key is valid echo 'INVALID!'; $ikey = str_replace("-", "", $_GET['verify']); $rkey = sha256($key); if (strlen($ikey) != 16) { ob_end_clean(); conclude('BADFORMAT!'); } for ($i = -1; $i < 51; $i += 1) { $rkey = sha256($rkey); $ckey = substr($rkey, 0, 16); if ($ckey == $ikey) { if (strpos(file_get_contents("data/usedkeys.txt"), $ckey) == false) { ob_end_clean(); echo 'OK'; } else { ob_end_clean(); echo 'USED!'; } break; } } } else { // Show the home page webpage("home");
function hash_hmac_sha256_Broken($data, $key, $raw_output = false) { $size = strlen(sha256('test')); $pack = 'H' . $size; $size /= 2; $opad = str_repeat(chr(0x5c), $size); $ipad = str_repeat(chr(0x36), $size); if (strlen($key) > $size) { $key = str_pad(pack($pack, sha256($key)), $size, chr(0x0)); } else { $key = str_pad($key, $size, chr(0x0)); } for ($i = 0; $i < strlen($key) - 1; $i++) { $opad[$i] = $opad[$i] ^ $key[$i]; $ipad[$i] = $ipad[$i] ^ $key[$i]; } $output = sha256($opad . pack($pack, sha256($ipad . $data))); return $raw_output ? pack($pack, $output) : $output; }
/** * Pure-PHP implementation of SHA256 * * See {@link http://en.wikipedia.org/wiki/SHA_hash_functions#SHA-256_.28a_SHA-2_variant.29_pseudocode SHA-256 (a SHA-2 variant) pseudocode - Wikipedia}. * * @access private * @param String $m */ function _sha256($m) { if (extension_loaded('suhosin')) { return pack('H*', sha256($m)); } // Initialize variables $hash = array(0x6a09e667, 0.0, 0x3c6ef372, 2773480762.0, 0x510e527f, 2600822924.0, 0x1f83d9ab, 0x5be0cd19); // Initialize table of round constants // (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) static $k = array(0x428a2f98, 0x71374491, 3049323471.0, 0.0, 0x3956c25b, 0x59f111f1, 2453635748.0, 0.0, 3624381080.0, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0.0, 2614888103.0, 3248222580.0, 0.0, 0.0, 0xfc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0.0, 2821834349.0, 2952996808.0, 3210313671.0, 0.0, 3584528711.0, 0x6ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0.0, 2456956037.0, 0.0, 2820302411.0, 3259730800.0, 3345764771.0, 0.0, 3600352804.0, 0.0, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 2227730452.0, 2361852424.0, 0.0, 0.0, 0.0, 3329325298.0); // Pre-processing $length = strlen($m); // to round to nearest 56 mod 64, we'll add 64 - (length + (64 - 56)) % 64 $m .= str_repeat(chr(0), 64 - ($length + 8 & 0x3f)); $m[$length] = chr(0x80); // we don't support hashing strings 512MB long $m .= pack('N2', 0, $length << 3); // Process the message in successive 512-bit chunks $chunks = str_split($m, 64); foreach ($chunks as $chunk) { $w = array(); for ($i = 0; $i < 16; $i++) { extract(unpack('Ntemp', $this->_string_shift($chunk, 4))); $w[] = $temp; } // Extend the sixteen 32-bit words into sixty-four 32-bit words for ($i = 16; $i < 64; $i++) { $s0 = $this->_rightRotate($w[$i - 15], 7) ^ $this->_rightRotate($w[$i - 15], 18) ^ $this->_rightShift($w[$i - 15], 3); $s1 = $this->_rightRotate($w[$i - 2], 17) ^ $this->_rightRotate($w[$i - 2], 19) ^ $this->_rightShift($w[$i - 2], 10); $w[$i] = $this->_add($w[$i - 16], $s0, $w[$i - 7], $s1); } // Initialize hash value for this chunk list($a, $b, $c, $d, $e, $f, $g, $h) = $hash; // Main loop for ($i = 0; $i < 64; $i++) { $s0 = $this->_rightRotate($a, 2) ^ $this->_rightRotate($a, 13) ^ $this->_rightRotate($a, 22); $maj = $a & $b ^ $a & $c ^ $b & $c; $t2 = $this->_add($s0, $maj); $s1 = $this->_rightRotate($e, 6) ^ $this->_rightRotate($e, 11) ^ $this->_rightRotate($e, 25); $ch = $e & $f ^ $this->_not($e) & $g; $t1 = $this->_add($h, $s1, $ch, $k[$i], $w[$i]); $h = $g; $g = $f; $f = $e; $e = $this->_add($d, $t1); $d = $c; $c = $b; $b = $a; $a = $this->_add($t1, $t2); } // Add this chunk's hash to result so far $hash = array($this->_add($hash[0], $a), $this->_add($hash[1], $b), $this->_add($hash[2], $c), $this->_add($hash[3], $d), $this->_add($hash[4], $e), $this->_add($hash[5], $f), $this->_add($hash[6], $g), $this->_add($hash[7], $h)); } // Produce the final hash value (big-endian) return pack('N8', $hash[0], $hash[1], $hash[2], $hash[3], $hash[4], $hash[5], $hash[6], $hash[7]); }
<?php require "connect.php"; require_once 'sha256.inc.php'; session_start(); if (isset($_POST['login'])) { if (trim($_POST['naam']) != "" && trim($_POST['wacht']) != "") { $naam = $_POST['naam']; $wacht = sha256($_POST['wacht']); $res = mysql_query("SELECT id, password, authlevel FROM beta_users where username='******'") or die(mysql_error()); if (mysql_num_rows($res) > 0) { $row = mysql_fetch_assoc($res); if (!strcmp($wacht, $row['password'])) { if (isset($_POST['memory'])) { setcookie("login_cookie", $row['id'] . ";" . $row['password'], time() + 3600 * 24 * 31 * 2, "/"); $ip = $_SERVER['REMOTE_ADDR']; mysql_query("UPDATE beta_users SET user_lastip='" . $ip . "' WHERE id=" . $row['id']) or die(mysql_error()); } mysql_query("update beta_users set forum_online='online' where username='******'") or die(mysql_error()); setcookie('XNovaforum', $naam, time() + 60 * 60); $_SESSION['suser'] = $naam; //if($_SESSION['suser'] == 'Warsaalk' ){ mysql_query("UPDATE beta_users SET authlevel = 2 WHERE username='******'") or die(mysql_error());} $_SESSION['slevel'] = $row['authlevel']; $_SESSION['stime'] = time(); $_SESSION['smaxidle'] = 60 * 60; } else { mysql_query("update beta_users set forum_online='offline' where username='******'suser'] . "'") or die(mysql_error()); $_SESSION = array(); session_destroy(); } unset($row);
/** * 登録済みかどうか * @param string $argDSN */ protected static function _resolveEncrypted($argString, $argAlgorism = NULL) { debug('EncryptAlg=' . $argAlgorism); $string = $argString; if ('sha1' === strtolower($argAlgorism)) { $string = sha1($argString); } elseif ('sha256' === strtolower($argAlgorism)) { $string = sha256($argString); } elseif (FALSE !== strpos(strtolower($argAlgorism), 'aes')) { $string = Utilities::doHexEncryptAES($argString, self::$_authCryptKey, self::$_authCryptIV); } return $string; }
/** * Uploads the images temporary to the cache folder * If the user doesn't save his entry the cron job will delete * the images * * @param array $file - the file array * * @return boolean */ public function uploadTmp($file) { $appl = JFactory::getApplication(); // Total length of post back data in bytes. $contentLength = (int) $_SERVER['CONTENT_LENGTH']; $mediaHelper = new CompojoomHelperMedia(); // Maximum allowed size of post back data in MB. $postMaxSize = $mediaHelper->toBytes(ini_get('post_max_size')); // Maximum allowed size of script execution in MB. $memoryLimit = $mediaHelper->toBytes(ini_get('memory_limit')); // Check for the total size of post back data. if ($postMaxSize > 0 && $contentLength > $postMaxSize || $memoryLimit != -1 && $contentLength > $memoryLimit) { $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ERROR_WARNUPLOADTOOLARGE')); return false; } // Do we have a file? if (isset($file['name'])) { JLoader::import('joomla.filesystem.file'); $user = JFactory::getUser(); $canUpload = $user->authorise('core.multimedia.create', $this->component); $params = JComponentHelper::getParams($this->component); $sizes = (array) $params->get('thumbs'); // Some cameras just add whitespace, let's change this $file['name'] = str_replace(' ', '_', $file['name']); // Some users are uploading files with umlauts, change them to normal characters, otherwise we get an error on upload $file['name'] = preg_replace("/&([a-z])[a-z]+;/i", "\$1", htmlentities($file['name'])); // The user doesn't seem to have upload privilegies if (!$canUpload) { $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_YOU_DONT_HAVE_UPLOAD_PRIVILEGES')); return false; } // Check if we pass all other checks if (!$mediaHelper->canUpload($file, $this->component)) { return false; } // Get a (very!) randomised name $serverkey = JFactory::getConfig()->get('secret', ''); $sig = microtime() . $serverkey; if (function_exists('sha256')) { $mangledname = sha256($sig); } elseif (function_exists('sha1')) { $mangledname = sha1($sig); } else { $mangledname = md5($sig); } $mangledname .= '_' . $file['name']; // ...and its full path $filepath = JPath::clean($this->getFilePath() . $mangledname); // If we have a name clash, abort the upload if (JFile::exists($filepath)) { $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ATTACHMENTS_ERR_NAMECLASH')); return false; } // Do the upload if (!JFile::upload($file['tmp_name'], $filepath)) { $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ATTACHMENTS_ERR_CANTJFILEUPLOAD')); return false; } // Get the MIME type if (function_exists('mime_content_type')) { $mime = mime_content_type($filepath); } elseif (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $filepath); } else { $mime = 'application/octet-stream'; } // Create a temporary thumb file $image = new CompojoomImage($filepath); $thumbs = $image->createThumbs($sizes['small']); $imageData = base64_encode(file_get_contents($thumbs[0]->getPath())); // Now remove the thumb JFile::delete($thumbs[0]->getPath()); // Format the image SRC: data:{mime};base64,{data}; $src = 'data: ' . $mime . ';base64,' . $imageData; // Return the file info $fileData = array('name' => $mangledname, 'title' => JFile::stripExt($file['name']), 'thumbnailUrl' => $src, 'size' => $file['size'], 'type' => $file['type'], 'deleteType' => 'delete', 'url' => '', 'deleteUrl' => $this->deleteUrl . '&file=' . $mangledname); return $fileData; } else { $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ATTACHMENTS_ERR_NOFILE')); return false; } }
protected function uploadFile($file, $checkUpload = true) { if (isset($file['name'])) { JLoader::import('joomla.filesystem.file'); // Can we upload this file type? if ($checkUpload) { if (!class_exists('MediaHelper')) { require_once JPATH_ADMINISTRATOR . '/components/com_media/helpers/media.php'; } $err = ''; $paths = array(JPATH_ROOT, JPATH_ADMINISTRATOR); $jlang = JFactory::getLanguage(); $jlang->load('com_media', $paths[0], 'en-GB', true); $jlang->load('com_media', $paths[0], null, true); $jlang->load('com_media', $paths[1], 'en-GB', true); $jlang->load('com_media', $paths[1], null, true); if (!MediaHelper::canUpload($file, $err)) { if (!empty($err)) { $err = JText::_($err); } else { $app = JFactory::getApplication(); $errors = $app->getMessageQueue(); if (count($errors)) { $error = array_pop($errors); $err = $error['message']; } else { $err = ''; } } $content = file_get_contents($file['tmp_name']); if (preg_match('/\\<\\?php/i', $content)) { $err = JText::_('J2STORE_UPLOAD_FILE_PHP_TAGS'); } if (!empty($err)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_MEDIAHELPER_ERROR') . ' ' . $err); } else { $this->setError(JText::_('J2STORE_UPLOAD_ERR_GENERIC_ERROR')); } return false; } } // Get a (very!) randomised name $serverkey = JFactory::getConfig()->get('secret', ''); $sig = $file['name'] . microtime() . $serverkey; if (function_exists('sha256')) { $mangledname = sha256($sig); } elseif (function_exists('sha1')) { $mangledname = sha1($sig); } else { $mangledname = md5($sig); } $upload_folder_path = JPATH_ROOT . '/media/j2store/uploads'; if (!JFolder::exists($upload_folder_path)) { if (!JFolder::create($upload_folder_path)) { $this->setError(JText::_('J2STORE_UPLOAD_ERROR_FOLDER_PERMISSION_ERROR')); } } //sanitize file name $filename = basename(preg_replace('/[^a-zA-Z0-9\\.\\-\\s+]/', '', html_entity_decode($file['name'], ENT_QUOTES, 'UTF-8'))); $name = $filename . '.' . md5(mt_rand()); // ...and its full path $filepath = JPath::clean(JPATH_ROOT . '/media/j2store/uploads/' . $name); // If we have a name clash, abort the upload if (JFile::exists($filepath)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_NAMECLASH')); return false; } // Do the upload if ($checkUpload) { if (!JFile::upload($file['tmp_name'], $filepath)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_CANTJFILEUPLOAD')); return false; } } else { if (!JFile::copy($file['tmp_name'], $filepath)) { $this->setError(JText::_('J2STORE_UPLOAD_ERR_CANTJFILEUPLOAD')); return false; } } // Get the MIME type if (function_exists('mime_content_type')) { $mime = mime_content_type($filepath); } elseif (function_exists('finfo_open')) { $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $filepath); } else { $mime = 'application/octet-stream'; } // Return the file info return array('original_name' => $file['name'], 'mangled_name' => $mangledname, 'saved_name' => $name, 'mime_type' => $mime); } else { $this->setError(JText::_('J2STORE_ATTACHMENTS_ERR_NOFILE')); return false; } }
<div class="span10"> <p>roondoo API Token:<br> <i>Jjt61c6O3aq9K22fw6undYnWYJxy1zBB</i> </p> <p>Public API Key:<br> <i><?php echo md5("SyusN" . $username . "NFuwT") . md5("B5JbDcT586oB" . $username); ?> </i> </p> <p>Secret API Key:<br> <i><?php echo sha256("DK4pC" . $username . "OvAY7QKA"); ?> </i> </p> </div> </div> <?php include "../a/include/footer.php";
/** * Checks if the file can be uploaded. * * @param string $name Additional string you want to put into hash * * @return boolean */ public static function getUniqueName($name = '') { // Get a (very!) randomised name if (version_compare(JVERSION, '3.0', 'ge')) { $serverKey = JFactory::getConfig()->get('secret', ''); } else { $serverKey = JFactory::getConfig()->getValue('secret', ''); } $sig = $name . microtime() . $serverKey; if (function_exists('sha256')) { $mangledName = sha256($sig); } elseif (function_exists('sha1')) { $mangledName = sha1($sig); } else { $mangledName = md5($sig); } return $mangledName; }
function edit_pwd_by_mail($_id, $_pwd) { // $this->debug(); $c = new Query(); $c->value("pwd", sha256($_pwd)); $c->where_eq("id", $_id); $this->update($c); }
private function validate() { loadLibrary("validation.lib"); $user = secure($_POST["username"]); $pass = $_POST["password"]; $reg = valid_username($user); if ($reg !== true) { $this->errors[] = $reg; } $reg = valid_password($pass); if ($reg !== true) { $this->errors[] = $reg; } if (count($this->errors) == 0) { // Check actual login data now global $yakbb; $yakbb->db->query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tpassword\r\n\t\t\t\tFROM\r\n\t\t\t\t\tyakbb_users\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tusername = '******'\r\n\t\t\t\tLIMIT\r\n\t\t\t\t\t1\r\n\t\t\t"); $x = $yakbb->db->fetch(); if ($yakbb->db->numRows() == 0) { $this->errors[] = "user_doesnt_exist"; } else { if (sha256($pass) !== $x["password"]) { $this->errors[] = "password_incorrect"; } else { // Login setYakCookie("username", $user, time() + 60 * 60 * 24 * 180); setYakCookie("password", sha256($pass), time() + 60 * 60 * 24 * 180); redirect("?"); } } } }
/** * Pure-PHP implementation of SHA256 * * See {@link http://en.wikipedia.org/wiki/SHA_hash_functions#SHA-256_.28a_SHA-2_variant.29_pseudocode SHA-256 (a SHA-2 variant) pseudocode - Wikipedia}. * * @access private * @param String $text */ function _sha256($m) { if (extension_loaded('suhosin')) { return pack('H*', sha256($m)); } // Initialize variables $hash = array(0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19); // Initialize table of round constants // (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311) static $k = array(0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0xfc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x6ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2); // Pre-processing $length = strlen($m); // to round to nearest 56 mod 64, we'll add 64 - (length + (64 - 56)) % 64 $m .= str_repeat(chr(0), 64 - ($length + 8 & 0x3f)); $m[$length] = chr(0x80); // we don't support hashing strings 512MB long $m .= pack('N2', 0, $length << 3); // Process the message in successive 512-bit chunks $chunks = str_split($m, 64); foreach ($chunks as $chunk) { $w = array(); for ($i = 0; $i < 16; $i++) { extract(unpack('Ntemp', $this->_string_shift($chunk, 4))); $w[] = $temp; } // Extend the sixteen 32-bit words into sixty-four 32-bit words for ($i = 16; $i < 64; $i++) { $s0 = $this->_rightRotate($w[$i - 15], 7) ^ $this->_rightRotate($w[$i - 15], 18) ^ $this->_rightShift($w[$i - 15], 3); $s1 = $this->_rightRotate($w[$i - 2], 17) ^ $this->_rightRotate($w[$i - 2], 19) ^ $this->_rightShift($w[$i - 2], 10); $w[$i] = $this->_add($w[$i - 16], $s0, $w[$i - 7], $s1); } // Initialize hash value for this chunk list($a, $b, $c, $d, $e, $f, $g, $h) = $hash; // Main loop for ($i = 0; $i < 64; $i++) { $s0 = $this->_rightRotate($a, 2) ^ $this->_rightRotate($a, 13) ^ $this->_rightRotate($a, 22); $maj = $a & $b ^ $a & $c ^ $b & $c; $t2 = $this->_add($s0, $maj); $s1 = $this->_rightRotate($e, 6) ^ $this->_rightRotate($e, 11) ^ $this->_rightRotate($e, 25); $ch = $e & $f ^ $this->_not($e) & $g; $t1 = $this->_add($h, $s1, $ch, $k[$i], $w[$i]); $h = $g; $g = $f; $f = $e; $e = $this->_add($d, $t1); $d = $c; $c = $b; $b = $a; $a = $this->_add($t1, $t2); } // Add this chunk's hash to result so far $hash = array($this->_add($hash[0], $a), $this->_add($hash[1], $b), $this->_add($hash[2], $c), $this->_add($hash[3], $d), $this->_add($hash[4], $e), $this->_add($hash[5], $f), $this->_add($hash[6], $g), $this->_add($hash[7], $h)); } // Produce the final hash value (big-endian) return pack('N8', $hash[0], $hash[1], $hash[2], $hash[3], $hash[4], $hash[5], $hash[6], $hash[7]); }
public function login($login_name) { $result = array("error_code" => 0, "error_desc" => ""); $user = $this->Users->get_by_login_name($login_name); if (!$user) { $result["error_code"] = "404"; $result["error_desc"] = "Non-exist user"; echo json_encode($result); exit(0); } $ticket = $this->Mobile_tickets->get_login_ticket($user["id"]); $datas = array(); $pw_string = sha256($user["password"] . $ticket["login_ticket"]); $pw_input = $_REQUEST["confirm_key"]; if ($pw_string == $pw_input) { $session = $this->Mobile_sessions->new_session($user["id"]); $datas["session_key"] = $session["session_key"]; $datas["session_id"] = $session["id"]; } else { $result["error_code"] = "403"; $result["error_desc"] = "Key error"; echo json_encode($result); exit(0); return; } $c = new Query(); $c->where("id_users = " . $user["id"]); $this->Mobile_tickets->delete_cond($c); $result["result"] = $datas; echo json_encode($result); exit(0); }