function cobalt_password_hash($mode, $password, $username, &$salt = '', &$iteration = '', &$method = '')
{
require_once 'subclasses/system_settings.php';
$obj_settings = new system_settings();
if ($mode == 'RECREATE') {
$dbh = new data_abstraction();
$mysqli = $dbh->connect_db()->mysqli;
$clean_username = $mysqli->real_escape_string($username);
$dbh->set_table('user');
$dbh->set_fields('`salt`,`iteration`,`method`');
$dbh->set_where("`username`='{$clean_username}'");
$dbh->exec_fetch('single');
if ($dbh->num_rows == 1) {
extract($dbh->dump);
} else {
//No result found. We should produce fake data, so that the hashing process still takes place,
//mitigating probing / timing attacks
$salt = generate_token();
$method = cobalt_password_set_method();
if ($method == 'blowfish') {
$iteration = AUTH_BLOWFISH_COST_FACTOR;
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
$iteration = mt_rand($min, $max);
echo $iteration . ' ' . $method . ' ' . $salt;
}
}
$dbh->close_db();
} elseif ($mode == 'NEW') {
$salt = generate_token();
$method = cobalt_password_set_method();
if ($method == 'blowfish') {
$iteration = AUTH_BLOWFISH_COST_FACTOR;
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
$iteration = mt_rand($min, $max);
}
} else {
error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid mode specified.");
}
if ($method == 'blowfish') {
$digest = cobalt_password_hash_bcrypt($password, $salt, $iteration);
} elseif (in_array($method, cobalt_password_methods())) {
$digest = cobalt_password_hash_process($password, $salt, $iteration, $method);
} else {
error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid hash method specified.");
}
return $digest;
}
$data_con->exec_fetch('single');
if ($data_con->num_rows == 1) {
extract($data_con->dump);
$_SESSION['header'] = $header;
$_SESSION['footer'] = $footer;
$_SESSION['skin'] = $skin_name;
$_SESSION['master_css'] = $master_css;
$_SESSION['colors_css'] = $colors_css;
$_SESSION['fonts_css'] = $fonts_css;
$_SESSION['override_css'] = $override_css;
$_SESSION['icon_set'] = $icon_set;
if (trim($_SESSION['icon_set'] == '')) {
$_SESSION['icon_set'] = 'cobalt';
}
}
$data_con->close_db();
require 'components/get_listview_referrer.php';
init_var($arr_error);
init_var($first_field);
init_var($goto_region);
init_var($goto_skill);
if (xsrf_guard()) {
init_var($_POST['btn_cancel']);
init_var($_POST['btn_submit']);
require 'components/query_string_standard.php';
require 'subclasses/citizen.php';
$dbh_citizen = new citizen();
$object_name = 'dbh_citizen';
require 'components/create_form_data_with_upload.php';
extract($arr_form_data);
if ($_POST['btn_cancel']) {
$obj_role->close_db();
//Assign permissions to user
$dbh = new data_abstraction();
foreach ($arrLink as $link_id) {
$dbh->set_query_type('SELECT');
$dbh->set_table('user_passport');
$dbh->set_fields('username, link_id');
$dbh->set_where("username='******' AND link_id='" . quote_smart($link_id) . "'");
$dbh->make_query();
if ($dbh->num_rows == 0) {
$dbh->set_query_type('INSERT');
$dbh->set_values("'" . quote_smart($Username) . "','" . quote_smart($link_id) . "'");
$dbh->make_query();
}
}
$dbh->close_db();
}
$message = 'Success! User passport has been updated.';
$message_type = 'system';
}
}
$html_writer = new html();
$html_writer->draw_header('Set User Passports', $message, $message_type);
?>
<div class="container">
<fieldset class="container_invisible">
<fieldset class="top"> Role-Based Access Control Interface</fieldset>
<fieldset class="middle">
<table class="input_form" width="800">
<tr><td><a href="set_user_passports.php">[Custom Permissions]</a> :: <a href="set_user_passports2.php">[View and Remove Permissions Per Module]</a> :: <b>[Role-Based Access Control Interface]</b><hr></td>
if (isset($check) && is_array($check)) {
$data_con = new data_abstraction();
$data_con->set_query_type('DELETE');
$obj_role = new data_abstraction();
$obj_role->set_query_type('UPDATE');
$obj_role->set_table('user');
$obj_role->set_update("role_id='0'");
foreach ($check as $user) {
$data_con->set_table('user_passport');
$data_con->set_where("username='******' AND link_id='" . quote_smart($module) . "'");
$data_con->make_query();
$obj_role->set_where("username='******'");
$obj_role->make_query();
}
$data_con->close_db();
$obj_role->close_db();
} else {
$message = "Please select at least one user.";
}
}
$data_con = new data_abstraction();
$data_con->set_fields('username');
$data_con->set_table('user_passport');
$data_con->set_where("link_id='" . quote_smart($module) . "'");
$data_con->set_order('username');
if ($result = $data_con->make_query()->result) {
$arrUser = array();
$showUsers = TRUE;
$numUsers = $data_con->num_rows;
for ($a = 0; $a < $numUsers; $a++) {
$data = $result->fetch_assoc();
function check_passport($required_passport)
{
//Check if '$required_passport' is in the user's passport settings.
//Not finding it here would mean an illegal access attempt.
//Similarly, if we find that the module status of '$required_passport' is set to "Off",
//it also constitutes an illegal access attempt, because modules that are turned off
//are not displayed in the control center.
$user = quote_smart($_SESSION['user']);
$data_con = new data_abstraction();
$data_con->set_fields('a.status');
$data_con->set_table('user_links a LEFT JOIN user_passport b ON a.link_id = b.link_id');
$data_con->set_where("a.name='{$required_passport}' AND\n b.username='******' AND\n a.status='On'");
$data_con->exec_fetch('single');
$numrows = $data_con->num_rows;
if ($numrows == 0) {
//Verify that the required passport actually exists
$data_con = new data_abstraction();
$data_con->set_fields('link_id');
$data_con->set_table('user_links');
$data_con->set_where("name='{$required_passport}'");
$data_con->exec_fetch('single');
$numrows = $data_con->num_rows;
if ($numrows == 1) {
log_action("ILLEGAL ACCESS ATTEMPT - Tried to access '{$_SERVER['PHP_SELF']}' without sufficient privileges.", $_SERVER['PHP_SELF']);
//Get the security level. Security level setting determines what to do in a detected illegal access attept.
$data_con = new data_abstraction();
$data_con->set_fields('value');
$data_con->set_table('system_settings');
$data_con->set_where("setting='Security Level'");
if ($result = $data_con->make_query()->result) {
$data = $result->fetch_assoc();
$security_level = $data['value'];
} else {
error_handler("Error getting the security level! ", $data_con->error);
}
$data_con->close_db();
if (strtoupper($security_level) == "HIGH") {
$enable_red_alert = true;
require 'components/red_alert_screen.php';
die;
} else {
redirect(HOME_PAGE);
}
} else {
error_handler("Passport tag does not exist in module list!", 'Passport tag: "' . $required_passport . '"');
}
}
}
