Tema: envia el pass encriptado al usuario :S
Ver Mensaje Individual
  #4 (permalink)  
Antiguo 19/10/2008, 16:57
timz
(Desactivado)
  
Fecha de Ingreso: octubre-2008
Ubicación: Lima
Mensajes: 190
Antigüedad: 15 años, 6 meses
Puntos: 3
Respuesta: envia el pass encriptado al usuario :S
login.functions.inc.php

<?php

#### Login Functions #####


function isLoggedIn()
{

if (session_is_registered('loginid') && session_is_registered('username'))
{
return true; // the user is loged in
} else
{
return false; // not logged in
}

return false;

}

function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file

if (!valid_username($u) || !valid_password($p) || !user_exists($u))
{
return false; // the name was not valid, or the password, or the username did not exist
}

//Now let us look for the user in the database.
$query = sprintf("
SELECT loginid
FROM login
WHERE
username = '%s' AND password = '%s'
AND disabled = 0 AND activated = 1
LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
$result = mysql_query($query);
// If the database returns a 0 as result we know the login information is incorrect.
// If the database returns a 1 as result we know the login was correct and we proceed.
// If the database returns a result > 1 there are multple users
// with the same username and password, so the login will fail.
if (mysql_num_rows($result) != 1)
{
return false;
} else
{
// Login was successfull
$row = mysql_fetch_array($result);
// Save the user ID for use later
$_SESSION['loginid'] = $row['loginid'];
// Save the username for use later
$_SESSION['username'] = $u;
// Now we show the userbox
return true;
}
return false;
}

?>

logout.php


<?php
session_start();
if( session_unregister('loginid') == true && session_unregister('username')==true ) {
session_destroy();
header('Location: index.php');
} else {
unset($_SESSION['loginid']);
unset($_SESSION['username']);
session_destroy();
header('Location: index.php');
}
?>

lostpassword.php

<?php

require_once "header.php";

if (isset($_POST['lostpass'])){

if (lostPassword($_POST['username'], $_POST['email'])){

echo "Your password has been reset, an email containing your new password has been sent to your inbox.<br />
<a href='./index.php'>Click here to return to the homepage.</a>
";

}else {

echo "Username or email was incorrect !";
show_lostpassword_form();

}

} else {
//user has not pressed the button
show_lostpassword_form();
}

require_once "footer.php";
?>



mail.functions.inc.php


<?php

##### Mail functions #####

function sendLostPasswordEmail($username, $email, $newpassword)
{

global $domain;
$message = "
You have requested a new password on http://www.$domain/,

Your new password information:

username: $username
password: $newpassword


Regards
$domain Administration
";

if (sendMail($email, "Your password has been reset.", $message, "no-reply@$domain"))
{
return true;
} else
{
return false;
}


}

function sendMail($to, $subject, $message, $from)
{


$from_header = "From: $from";

if (mail($to, $subject, $message, $from_header))
{
return true;
} else
{
return false;
}
return false;
}

function sendActivationEmail($username, $password, $uid, $email, $actcode)
{
global $domain;
$link = "http://www.$domain/activate.php?uid=$uid&actcode=$actcode";
$message = "
Thank you for registering on http://www.$domain/,

Your account information:

username: $username
password: $password

Please click the link below to activate your account.

$link

Regards
$domain Administration
";

if (sendMail($email, "Please activate your account.", $message, "no-reply@$domain"))
{
return true;
} else
{
return false;
}
}

?>


register.php

<?php

require_once "header.php";

if (isset($_POST['register'])){

if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])){

echo "Thank you for registering, an email has been sent to your inbox, Please activate your account.
<a href='./index.php'>Click here to login.</a>
";

}else {

echo "Registration failed! Please try again.";
show_registration_form();

}

} else {
// has not pressed the register button
show_registration_form();
}

require_once "footer.php";
?>


user.functions.inc.php


<?php

##### User Functions #####

function changePassword($username,$currentpassword,$newpass word,$newpassword2){
global $seed;
if (!valid_username($username) || !user_exists($username))
{
return false;
}
if (! valid_password($newpassword) || ($newpassword != $newpassword2)){

return false;
}

// we get the current password from the database
$query = sprintf("SELECT password FROM login WHERE username = '%s' LIMIT 1",
mysql_real_escape_string($username));

$result = mysql_query($query);
$row= mysql_fetch_row($result);

// compare it with the password the user entered, if they don't match, we return false, he needs to enter the correct password.
if ($row[0] != sha1($currentpassword.$seed)){

return false;
}

// now we update the password in the database
$query = sprintf("update login set password = '%s' where username = '%s'",
mysql_real_escape_string(sha1($newpassword.$seed)) , mysql_real_escape_string($username));

if (mysql_query($query))
{
return true;
}else {return false;}
return false;
}


function user_exists($username)
{
if (!valid_username($username))
{
return false;
}

$query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
mysql_real_escape_string($username));

$result = mysql_query($query);

if (mysql_num_rows($result) > 0)
{
return true;
} else
{
return false;
}

return false;

}

function activateUser($uid, $actcode)
{

$query = sprintf("select activated from login where loginid = '%s' and actcode = '%s' and activated = 0 limit 1",
mysql_real_escape_string($uid), mysql_real_escape_string($actcode));

$result = mysql_query($query);

if (mysql_num_rows($result) == 1)
{

$sql = sprintf("update login set activated = '1' where loginid = '%s' and actcode = '%s'",
mysql_real_escape_string($uid), mysql_real_escape_string($actcode));

if (mysql_query($sql))
{
return true;
} else
{
return false;
}

} else
{

return false;

}

}

function registerNewUser($username, $password, $password2, $email)
{

global $seed;

if (!valid_username($username) || !valid_password($password) ||
!valid_email($email) || $password != $password2 || user_exists($username))
{
return false;
}


$code = generate_code(20);
$sql = sprintf("insert into login (username,password,email,actcode) value ('%s','%s','%s','%s')",
mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
, mysql_real_escape_string($email), mysql_real_escape_string($code));


if (mysql_query($sql))
{
$id = mysql_insert_id();

if (sendActivationEmail($username, $password, $id, $email, $code))
{

return true;
} else
{
return false;
}

} else
{
return false;
}
return false;

}

function lostPassword($username, $email)
{

global $seed;
if (!valid_username($username) || !user_exists($username) || !valid_email($email))
{

return false;
}

$query = sprintf("select loginid from login where username = '%s' and email = '%s' limit 1",
$username, $email);

$result = mysql_query($query);

if (mysql_num_rows($result) != 1)
{

return false;
}


$newpass = generate_code(8);

$query = sprintf("update login set password = '%s' where username = '%s'",
mysql_real_escape_string(sha1($newpass.$seed)), mysql_real_escape_string($username));

if (mysql_query($query))
{

if (sendLostPasswordEmail($username, $email, $newpass))
{
return true;
} else
{
return false;
}

} else
{
return false;
}

return false;

}

?>