function cobalt_password_hash($mode, $password, $username, &$salt = '', &$iteration = '', &$method = '') { require_once 'subclasses/system_settings.php'; $obj_settings = new system_settings(); if ($mode == 'RECREATE') { $dbh = new data_abstraction(); $mysqli = $dbh->connect_db()->mysqli; $clean_username = $mysqli->real_escape_string($username); $dbh->set_table('user'); $dbh->set_fields('`salt`,`iteration`,`method`'); $dbh->set_where("`username`='{$clean_username}'"); $dbh->exec_fetch('single'); if ($dbh->num_rows == 1) { extract($dbh->dump); } else { //No result found. We should produce fake data, so that the hashing process still takes place, //mitigating probing / timing attacks $salt = generate_token(); $method = cobalt_password_set_method(); if ($method == 'blowfish') { $iteration = AUTH_BLOWFISH_COST_FACTOR; } else { $min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS'); $max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS'); if ($max < $min) { $max = $min; } $iteration = mt_rand($min, $max); echo $iteration . ' ' . $method . ' ' . $salt; } } $dbh->close_db(); } elseif ($mode == 'NEW') { $salt = generate_token(); $method = cobalt_password_set_method(); if ($method == 'blowfish') { $iteration = AUTH_BLOWFISH_COST_FACTOR; } else { $min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS'); $max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS'); if ($max < $min) { $max = $min; } $iteration = mt_rand($min, $max); } } else { error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid mode specified."); } if ($method == 'blowfish') { $digest = cobalt_password_hash_bcrypt($password, $salt, $iteration); } elseif (in_array($method, cobalt_password_methods())) { $digest = cobalt_password_hash_process($password, $salt, $iteration, $method); } else { error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid hash method specified."); } return $digest; }
<?php require 'path.php'; init_cobalt(); $page_title = 'Barangay System'; $stylesheet_link = 'style'; require 'header.php'; $data_con = new data_abstraction(); $data_con->set_fields('skin_name, header, footer, master_css, colors_css, fonts_css, override_css, icon_set'); $data_con->set_table('system_skins'); $data_con->set_where("skin_id=1"); $data_con->exec_fetch('single'); if ($data_con->num_rows == 1) { extract($data_con->dump); $_SESSION['header'] = $header; $_SESSION['footer'] = $footer; $_SESSION['skin'] = $skin_name; $_SESSION['master_css'] = $master_css; $_SESSION['colors_css'] = $colors_css; $_SESSION['fonts_css'] = $fonts_css; $_SESSION['override_css'] = $override_css; $_SESSION['icon_set'] = $icon_set; if (trim($_SESSION['icon_set'] == '')) { $_SESSION['icon_set'] = 'cobalt'; } } $data_con->close_db(); require 'components/get_listview_referrer.php'; init_var($arr_error); init_var($first_field); init_var($goto_region);
function check_link($link, $user = '') { if ($user == '') { $user = $_SESSION['user']; } $user = quote_smart($user); $in_passport = FALSE; $data_con = new data_abstraction(); $data_con->set_fields('a.status'); $data_con->set_table('user_links a LEFT JOIN user_passport b ON a.link_id = b.link_id'); $data_con->set_where("a.name='{$link}' AND\n b.username='******' AND\n a.status='On'"); $data_con->exec_fetch('single'); $numrows = $data_con->num_rows; if ($numrows == 1) { $in_passport = TRUE; } return $in_passport; }