} else {
$message = 'Please enter a Report Name in order to save the report';
}
}
if ($_POST['btn_delete']) {
if (trim($_POST['chosen_report']) != '') {
log_action('Pressed delete button');
$reporter_mod_name = $reporter->session_array_name;
$chosen_report = $_POST['chosen_report'];
//Delete any existing report with the same report_name + module_name in order to effectively overwrite similarly named reports
$dbh = new data_abstraction();
$dbh->set_query_type('DELETE');
$dbh->set_table('cobalt_reporter');
$dbh->set_where('module_name = ? AND report_name = ?');
$bind_params = array('ss', $reporter_mod_name, $chosen_report);
$dbh->stmt_prepare($bind_params);
$dbh->stmt_execute();
} else {
$message = 'Please choose a saved report to delete';
}
}
if ($_POST['btn_submit']) {
log_action('Pressed submit button');
if (!isset($_POST['show_field']) || !is_array($_POST['show_field'])) {
$message = 'Please check at least one column to be used for the report.';
$show_field = array();
} else {
$show_field = $_POST['show_field'];
}
if ($message == '') {
$sess_var = $reporter->session_array_name;
if (trim($_SESSION['icon_set'] == '')) {
$_SESSION['icon_set'] = 'cobalt';
}
}
$data_con->close_db();
log_action('Logged in');
//check if user must rehash his password due to updated method or work factor/iterations
if (cobalt_password_must_rehash($username)) {
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$data_con = new data_abstraction();
$data_con->set_query_type('UPDATE');
$data_con->set_table('user');
$data_con->set_update("`password`=?, `salt`=?, `iteration`=?, `method`=?");
$data_con->set_where("username=?");
$bind_params = array('ssiss', $hashed_password, $new_salt, $new_iteration, $new_method, $username);
$data_con->stmt_prepare($bind_params);
$data_con->stmt_execute();
}
redirect('start.php');
} else {
$error_message = "Check username and password.";
}
} else {
die($mysqli->error);
}
$data_con->close_db();
}
}
$html = new html();
?>
<!DOCTYPE html>
function cobalt_password_must_rehash($username)
{
$must_rehash = FALSE;
$dbh = new data_abstraction();
$dbh->set_table('user');
$dbh->set_fields('`iteration`, `method` AS `current_method`');
$dbh->set_where("`username`= ?");
$bind_params = array('s', $username);
$dbh->stmt_prepare($bind_params);
$dbh->stmt_fetch('single');
if ($dbh->num_rows == 1) {
extract($dbh->dump);
}
$method = cobalt_password_set_method();
if ($method == $current_method) {
if ($method == 'blowfish') {
$blowfish_cost_factor = AUTH_BLOWFISH_COST_FACTOR;
if ((int) $iteration != (int) $blowfish_cost_factor) {
$must_rehash = TRUE;
}
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
if ($iteration < $min || $iteration > $max) {
$must_rehash = TRUE;
}
}
} else {
$must_rehash = TRUE;
}
return $must_rehash;
}
