function cobalt_password_hash($mode, $password, $username, &$salt = '', &$iteration = '', &$method = '')
{
require_once 'subclasses/system_settings.php';
$obj_settings = new system_settings();
if ($mode == 'RECREATE') {
$dbh = new data_abstraction();
$mysqli = $dbh->connect_db()->mysqli;
$clean_username = $mysqli->real_escape_string($username);
$dbh->set_table('user');
$dbh->set_fields('`salt`,`iteration`,`method`');
$dbh->set_where("`username`='{$clean_username}'");
$dbh->exec_fetch('single');
if ($dbh->num_rows == 1) {
extract($dbh->dump);
} else {
//No result found. We should produce fake data, so that the hashing process still takes place,
//mitigating probing / timing attacks
$salt = generate_token();
$method = cobalt_password_set_method();
if ($method == 'blowfish') {
$iteration = AUTH_BLOWFISH_COST_FACTOR;
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
$iteration = mt_rand($min, $max);
echo $iteration . ' ' . $method . ' ' . $salt;
}
}
$dbh->close_db();
} elseif ($mode == 'NEW') {
$salt = generate_token();
$method = cobalt_password_set_method();
if ($method == 'blowfish') {
$iteration = AUTH_BLOWFISH_COST_FACTOR;
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
$iteration = mt_rand($min, $max);
}
} else {
error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid mode specified.");
}
if ($method == 'blowfish') {
$digest = cobalt_password_hash_bcrypt($password, $salt, $iteration);
} elseif (in_array($method, cobalt_password_methods())) {
$digest = cobalt_password_hash_process($password, $salt, $iteration, $method);
} else {
error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid hash method specified.");
}
return $digest;
}
<?php
require 'path.php';
init_cobalt();
$page_title = 'Barangay System';
$stylesheet_link = 'style';
require 'header.php';
$data_con = new data_abstraction();
$data_con->set_fields('skin_name, header, footer, master_css, colors_css, fonts_css, override_css, icon_set');
$data_con->set_table('system_skins');
$data_con->set_where("skin_id=1");
$data_con->exec_fetch('single');
if ($data_con->num_rows == 1) {
extract($data_con->dump);
$_SESSION['header'] = $header;
$_SESSION['footer'] = $footer;
$_SESSION['skin'] = $skin_name;
$_SESSION['master_css'] = $master_css;
$_SESSION['colors_css'] = $colors_css;
$_SESSION['fonts_css'] = $fonts_css;
$_SESSION['override_css'] = $override_css;
$_SESSION['icon_set'] = $icon_set;
if (trim($_SESSION['icon_set'] == '')) {
$_SESSION['icon_set'] = 'cobalt';
}
}
$data_con->close_db();
require 'components/get_listview_referrer.php';
init_var($arr_error);
init_var($first_field);
init_var($goto_region);
function check_link($link, $user = '')
{
if ($user == '') {
$user = $_SESSION['user'];
}
$user = quote_smart($user);
$in_passport = FALSE;
$data_con = new data_abstraction();
$data_con->set_fields('a.status');
$data_con->set_table('user_links a LEFT JOIN user_passport b ON a.link_id = b.link_id');
$data_con->set_where("a.name='{$link}' AND\n b.username='******' AND\n a.status='On'");
$data_con->exec_fetch('single');
$numrows = $data_con->num_rows;
if ($numrows == 1) {
$in_passport = TRUE;
}
return $in_passport;
}
