本文整理汇总了PHP中account_verify_password函数的典型用法代码示例。如果您正苦于以下问题:PHP account_verify_password函数的具体用法?PHP account_verify_password怎么用?PHP account_verify_password使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了account_verify_password函数的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: removeme_post
function removeme_post(&$a)
{
if (!local_channel()) {
return;
}
if ($_SESSION['delegate']) {
return;
}
if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) {
return;
}
if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) {
return;
}
if ($_POST['verify'] !== $_SESSION['remove_account_verify']) {
return;
}
$account = App::get_account();
if (!account_verify_password($account['account_email'], $_POST['qxz_password'])) {
return;
}
if ($account['account_password_changed'] != NULL_DATE) {
$d1 = datetime_convert('UTC', 'UTC', 'now - 48 hours');
if ($account['account_password_changed'] > d1) {
notice(t('Channel removals are not allowed within 48 hours of changing the account password.') . EOL);
return;
}
}
require_once 'include/Contact.php';
$global_remove = intval($_POST['global']);
channel_remove(local_channel(), 1 - $global_remove, true);
}示例2: api_login
/**
* API Login via basic-auth or OAuth
*/
function api_login(&$a)
{
$record = null;
require_once 'include/oauth.php';
// login with oauth
try {
$oauth = new ZotOAuth1();
$req = OAuth1Request::from_request();
list($consumer, $token) = $oauth->verify_request($req);
if (!is_null($token)) {
$oauth->loginUser($token->uid);
App::set_oauth_key($consumer->key);
call_hooks('logged_in', App::$user);
return;
}
killme();
} catch (Exception $e) {
logger($e->getMessage());
}
// workarounds for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
require_once 'include/auth.php';
require_once 'include/security.php';
// process normal login request
if (isset($_SERVER['PHP_AUTH_USER'])) {
$channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if ($record && $record['channel']) {
$channel_login = $record['channel']['channel_id'];
}
}
if ($record['account']) {
authenticate_success($record['account']);
if ($channel_login) {
change_channel($channel_login);
}
$_SESSION['allow_api'] = true;
return true;
} else {
$_SERVER['PHP_AUTH_PW'] = '*****';
logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
log_failed_login('API login failure');
retry_basic_auth();
}
}示例3: post
function post()
{
if (!local_channel()) {
return;
}
if ($_SESSION['delegate']) {
return;
}
if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) {
return;
}
if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) {
return;
}
if ($_POST['verify'] !== $_SESSION['remove_account_verify']) {
return;
}
$account = \App::get_account();
$account_id = get_account_id();
if (!account_verify_password($account['account_email'], $_POST['qxz_password'])) {
return;
}
if ($account['account_password_changed'] != NULL_DATE) {
$d1 = datetime_convert('UTC', 'UTC', 'now - 48 hours');
if ($account['account_password_changed'] > d1) {
notice(t('Account removals are not allowed within 48 hours of changing the account password.') . EOL);
return;
}
}
$global_remove = intval($_POST['global']);
account_remove($account_id, 1 - $global_remove);
}示例4: removeaccount_post
function removeaccount_post(&$a)
{
if (!local_user()) {
return;
}
if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
return;
}
if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) {
return;
}
if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) {
return;
}
if ($_POST['verify'] !== $_SESSION['remove_account_verify']) {
return;
}
$account = $a->get_account();
$account_id = get_account_id();
if (!account_verify_password($account['account_email'], $_POST['qxz_password'])) {
return;
}
if ($account['account_password_changed'] != NULL_DATE) {
$d1 = datetime_convert('UTC', 'UTC', 'now - 48 hours');
if ($account['account_password_changed'] > d1) {
notice(t('Account removals are not allowed within 48 hours of changing the account password.') . EOL);
return;
}
}
require_once 'include/Contact.php';
$global_remove = intval($_POST['global']);
account_remove($account_id, true);
}示例5: validateUserPass
/**
* @brief Validates a username and password.
*
* Guest access is granted with the password "+++".
*
* @see \Sabre\DAV\Auth\Backend\AbstractBasic::validateUserPass
* @param string $username
* @param string $password
* @return bool
*/
protected function validateUserPass($username, $password)
{
require_once 'include/auth.php';
$record = account_verify_password($username, $password);
if ($record && $record['account_default_channel']) {
$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", intval($record['account_id']), intval($record['account_default_channel']));
if ($r) {
return $this->setAuthenticated($r[0]);
}
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($username));
if ($r) {
$x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1", intval($r[0]['channel_account_id']));
if ($x) {
// @fixme this foreach should not be needed?
foreach ($x as $record) {
if (($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) && hash('whirlpool', $record['account_salt'] . $password) === $record['account_password']) {
logger('password verified for ' . $username);
return $this->setAuthenticated($r[0]);
}
}
}
}
$error = 'password failed for ' . $username;
logger($error);
log_failed_login($error);
return false;
}示例6: array
}
if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') {
$record = null;
$addon_auth = array('username' => trim($_POST['username']), 'password' => trim($_POST['password']), 'authenticated' => 0, 'user_record' => null);
/**
*
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
* and later plugins should not interfere with an earlier one that succeeded.
*
*/
call_hooks('authenticate', $addon_auth);
if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
$record = $addon_auth['user_record'];
} else {
$record = get_app()->account = account_verify_password($_POST['username'], $_POST['password']);
if (get_app()->account) {
$_SESSION['account_id'] = get_app()->account['account_id'];
} else {
notice(t('Failed authentication') . EOL);
}
logger('authenticate: ' . print_r(get_app()->account, true), LOGGER_DEBUG);
}
if (!$record || !count($record)) {
$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
logger($error);
// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
$authlog = get_config('system', 'authlog');
if ($authlog) {
@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
}示例7: post
function post()
{
check_form_security_token_redirectOnErr('/settings/account', 'settings_account');
call_hooks('account_settings_post', $_POST);
$errs = array();
$email = x($_POST, 'email') ? trim(notags($_POST['email'])) : '';
$techlevel = array_key_exists('techlevel', $_POST) ? intval($_POST['techlevel']) : 0;
$account = \App::get_account();
if ($email != $account['account_email']) {
if (!valid_email($email)) {
$errs[] = t('Not valid email.');
}
$adm = trim(get_config('system', 'admin_email'));
if ($adm && strcasecmp($email, $adm) == 0) {
$errs[] = t('Protected email address. Cannot change to that email.');
$email = \App::$account['account_email'];
}
if (!$errs) {
$r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id']));
if (!$r) {
$errs[] = t('System failure storing new email. Please try again.');
}
}
}
if ($techlevel != $account['account_level']) {
$r = q("update account set account_level = %d where account_id = %d", intval($techlevel), intval($account['account_id']));
info(t('Technical skill level updated') . EOL);
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
$errs = array();
}
if (x($_POST, 'npassword') || x($_POST, 'confirm')) {
$origpass = trim($_POST['origpass']);
require_once 'include/auth.php';
if (!account_verify_password($email, $origpass)) {
$errs[] = t('Password verification failed.');
}
$newpass = trim($_POST['npassword']);
$confirm = trim($_POST['confirm']);
if ($newpass != $confirm) {
$errs[] = t('Passwords do not match. Password unchanged.');
}
if (!x($newpass) || !x($confirm)) {
$errs[] = t('Empty passwords are not allowed. Password unchanged.');
}
if (!$errs) {
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $newpass);
$r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' \n\t\t\t\t\twhere account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id()));
if ($r) {
info(t('Password changed.') . EOL);
} else {
$errs[] = t('Password update failed. Please try again.');
}
}
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
}
goaway(z_root() . '/settings/account');
}示例8: post
//.........这里部分代码省略.........
}
if (argc() > 1 && argv(1) === 'account') {
check_form_security_token_redirectOnErr('/settings/account', 'settings_account');
call_hooks('account_settings_post', $_POST);
// call_hooks('settings_account', $_POST);
$errs = array();
$email = x($_POST, 'email') ? trim(notags($_POST['email'])) : '';
$account = \App::get_account();
if ($email != $account['account_email']) {
if (!valid_email($email)) {
$errs[] = t('Not valid email.');
}
$adm = trim(get_config('system', 'admin_email'));
if ($adm && strcasecmp($email, $adm) == 0) {
$errs[] = t('Protected email address. Cannot change to that email.');
$email = \App::$user['email'];
}
if (!$errs) {
$r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id']));
if (!$r) {
$errs[] = t('System failure storing new email. Please try again.');
}
}
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
$errs = array();
}
if (x($_POST, 'npassword') || x($_POST, 'confirm')) {
$origpass = trim($_POST['origpass']);
require_once 'include/auth.php';
if (!account_verify_password($email, $origpass)) {
$errs[] = t('Password verification failed.');
}
$newpass = trim($_POST['npassword']);
$confirm = trim($_POST['confirm']);
if ($newpass != $confirm) {
$errs[] = t('Passwords do not match. Password unchanged.');
}
if (!x($newpass) || !x($confirm)) {
$errs[] = t('Empty passwords are not allowed. Password unchanged.');
}
if (!$errs) {
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $newpass);
$r = q("update account set account_salt = '%s', account_password = '%s', account_password_changed = '%s' \n\t\t\t\t\t\twhere account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id()));
if ($r) {
info(t('Password changed.') . EOL);
} else {
$errs[] = t('Password update failed. Please try again.');
}
}
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
}
goaway(z_root() . '/settings/account');
}
check_form_security_token_redirectOnErr('/settings', 'settings');
call_hooks('settings_post', $_POST);
$set_perms = '';
$role = x($_POST, 'permissions_role') ? notags(trim($_POST['permissions_role'])) : '';示例9: api_login
/**
* Simple HTTP Login
*/
function api_login(&$a)
{
// login with oauth
try {
$oauth = new FKOAuth1();
$req = OAuthRequest::from_request();
list($consumer, $token) = $oauth->verify_request($req);
// list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
if (!is_null($token)) {
$oauth->loginUser($token->uid);
$a->set_oauth_key($consumer->key);
call_hooks('logged_in', $a->user);
return;
}
echo __FILE__ . __LINE__ . __FUNCTION__ . "<pre>";
// var_dump($consumer, $token);
die;
} catch (Exception $e) {
logger(__FILE__ . __LINE__ . __FUNCTION__ . "\n" . $e);
}
// workaround for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (!isset($_SERVER['PHP_AUTH_USER'])) {
logger('API_login: ' . print_r($_SERVER, true), LOGGER_DEBUG);
header('WWW-Authenticate: Basic realm="Red"');
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
// process normal login request
require_once 'include/auth.php';
$channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if (!$record) {
$r = q("select * from channel where channel_address = '%s' limit 1", dbesc($_SERVER['PHP_AUTH_USER']));
if ($r) {
$x = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
if ($x) {
$record = account_verify_password($x[0]['account_email'], $_SERVER['PHP_AUTH_PW']);
if ($record) {
$channel_login = $r[0]['channel_id'];
}
}
}
if (!$record) {
logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
header('WWW-Authenticate: Basic realm="Red"');
header('HTTP/1.0 401 Unauthorized');
die('This api requires login');
}
}
require_once 'include/security.php';
authenticate_success($record);
if ($channel_login) {
change_channel($channel_login);
}
$_SESSION['allow_api'] = true;
}示例10: array
$record = null;
$addon_auth = array('username' => trim($_POST['username']), 'password' => trim($_POST['password']), 'authenticated' => 0, 'user_record' => null);
/**
*
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
* and later plugins should not interfere with an earlier one that succeeded.
*
*/
call_hooks('authenticate', $addon_auth);
$atoken = null;
$account = null;
if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
$account = $addon_auth['user_record'];
} else {
$verify = account_verify_password($_POST['username'], $_POST['password']);
if ($verify) {
$atoken = $verify['xchan'];
$channel = $verify['channel'];
$account = App::$account = $verify['account'];
}
if (App::$account) {
$_SESSION['account_id'] = App::$account['account_id'];
} elseif ($atoken) {
atoken_login($atoken);
} else {
notice(t('Failed authentication') . EOL);
}
}
if (!($account || $atoken)) {
$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];示例11: validateUserPass
/**
* @brief Validates a username and password.
*
*
* @see \Sabre\DAV\Auth\Backend\AbstractBasic::validateUserPass
* @param string $username
* @param string $password
* @return bool
*/
protected function validateUserPass($username, $password)
{
require_once 'include/auth.php';
$record = account_verify_password($username, $password);
if ($record && $record['account']) {
if ($record['channel']) {
$channel = $record['channel'];
} else {
$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", intval($record['account']['account_id']), intval($record['account']['account_default_channel']));
if ($r) {
$channel = $r[0];
}
}
}
if ($channel && $this->check_module_access($channel['channel_id'])) {
return $this->setAuthenticated($channel);
}
if ($this->module_disabled) {
$error = 'module not enabled for ' . $username;
} else {
$error = 'password failed for ' . $username;
}
logger($error);
log_failed_login($error);
return false;
}示例12: array
}
if (x($_POST, 'auth-params') && $_POST['auth-params'] === 'login') {
$record = null;
$addon_auth = array('username' => trim($_POST['username']), 'password' => trim($_POST['password']), 'authenticated' => 0, 'user_record' => null);
/**
*
* A plugin indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Plugins should never set 'authenticated' except to indicate success - as hooks may be chained
* and later plugins should not interfere with an earlier one that succeeded.
*
*/
call_hooks('authenticate', $addon_auth);
if ($addon_auth['authenticated'] && count($addon_auth['user_record'])) {
$record = $addon_auth['user_record'];
} else {
$record = App::$account = account_verify_password($_POST['username'], $_POST['password']);
if (App::$account) {
$_SESSION['account_id'] = App::$account['account_id'];
} else {
notice(t('Failed authentication') . EOL);
}
logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
}
if (!$record || !count($record)) {
$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
logger($error);
// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
$authlog = get_config('system', 'authlog');
if ($authlog) {
@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
}示例13: validateUserPass
/**
*
* @param string $username
* @param string $password
*/
protected function validateUserPass($username, $password)
{
if (trim($password) === '+++') {
logger('reddav: validateUserPass: guest ' . $username);
return true;
}
require_once 'include/auth.php';
$record = account_verify_password($username, $password);
if ($record && $record['account_default_channel']) {
$r = q("select * from channel where channel_account_id = %d and channel_id = %d limit 1", intval($record['account_id']), intval($record['account_default_channel']));
if ($r) {
$this->currentUser = $r[0]['channel_address'];
$this->channel_name = $r[0]['channel_address'];
$this->channel_id = $r[0]['channel_id'];
$this->channel_hash = $this->observer = $r[0]['channel_hash'];
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
return true;
}
}
$r = q("select * from channel where channel_address = '%s' limit 1", dbesc($username));
if ($r) {
$x = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
if ($x) {
foreach ($x as $record) {
if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED && hash('whirlpool', $record['account_salt'] . $password) === $record['account_password']) {
logger('(DAV) RedBasicAuth: password verified for ' . $username);
$this->currentUser = $r[0]['channel_address'];
$this->channel_name = $r[0]['channel_address'];
$this->channel_id = $r[0]['channel_id'];
$this->channel_hash = $this->observer = $r[0]['channel_hash'];
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
return true;
}
}
}
}
logger('(DAV) RedBasicAuth: password failed for ' . $username);
return false;
}