password.php下载,auth_changepassword.php

最新推荐文章于 2021-10-27 10:31:44 发布
最新推荐文章于 2021-10-27 10:31:44 发布
阅读量216 收藏
点赞数
文章标签: password.php下载

/*

+-------------------------------------------------------------------------+

| Copyright (C) 2004-2020 The Cacti Group |

| |

| This program is free software; you can redistribute it and/or |

| modify it under the terms of the GNU General Public License |

| as published by the Free Software Foundation; either version 2 |

| of the License, or (at your option) any later version. |

| |

| This program is distributed in the hope that it will be useful, |

| but WITHOUT ANY WARRANTY; without even the implied warranty of |

| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |

| GNU General Public License for more details. |

+-------------------------------------------------------------------------+

| Cacti: The Complete RRDtool-based Graphing Solution |

+-------------------------------------------------------------------------+

| This code is designed, written, and maintained by the Cacti Group. See |

| about.php and/or the AUTHORS file for specific developer information. |

+-------------------------------------------------------------------------+

| http://www.cacti.net/ |

+-------------------------------------------------------------------------+

*/

include('./include/global.php');

set_default_action();

$action = get_request_var('action');

switch ($action) {

case 'checkpass':

$error = secpass_check_pass(get_nfilter_request_var('password'));

if ($error != '') {

print $error;

} else {

print 'ok';

}

exit;

break;

default:

// If the user is not logged in, redirect them to the login page

if (!isset($_SESSION['sess_user_id'])) {

if (isset($_SERVER['HTTP_REFERER'])) {

header('Location: ' . sanitize_uri($_SERVER['HTTP_REFERER']));

} else {

header('Location: index.php');

}

header('Location: index.php');

exit;

}

}

$user = db_fetch_row_prepared('SELECT *

FROM user_auth

WHERE id = ?',

array($_SESSION['sess_user_id']));

$version = get_cacti_version();

if (!cacti_sizeof($user) || $user['realm'] != 0) {

if (!cacti_sizeof($user)) {

raise_message(44);

} else {

raise_message('nodomainpassword');

}

if (isset($_SERVER['HTTP_REFERER'])) {

header('Location: ' . sanitize_uri($_SERVER['HTTP_REFERER']));

} else {

header('Location: index.php');

}

exit;

}

if ($user['password_change'] != 'on') {

raise_message('nopassword');

/* destroy session information */

kill_session_var('sess_user_id');

cacti_cookie_logout();

if (isset($_SERVER['HTTP_REFERER'])) {

header('Location: ' . sanitize_uri($_SERVER['HTTP_REFERER']));

} else {

header('Location: index.php');

}

exit;

}

/* find out if we are logged in as a 'guest user' or not, if we are redirect away from password change */

if (cacti_sizeof($user) && $user['id'] == get_guest_account()) {

header('Location: graph_view.php');

exit;

}

/* default to !bad_password */

$bad_password = false;

$errorMessage = '';

switch ($action) {

case 'changepassword':

// Get current user

$user_id = intval($_SESSION['sess_user_id']);

// Get passwords entered for change

$password = get_nfilter_request_var('password');

$password_confirm = get_nfilter_request_var('password_confirm');

// Get current password as entered

$current_password = get_nfilter_request_var('current_password');

// Secpass checking

$error = secpass_check_pass($password);

// Check new password passes basic checks

if ($error != 'ok') {

$bad_password = true;

$errorMessage = "$error";

break;

}

// Check user password history

if (!secpass_check_history($user_id, $password)) {

$bad_password = true;

$errorMessage = "" . __('You cannot use a previously entered password!') . "";

break;

}

// Password and Confirmed password checks

if ($password !== $password_confirm) {

$bad_password = true;

$errorMessage = "" . __('Your new passwords do not match, please retype.') . "";

break;

}

// Compare current password with stored password

if ((!empty($user['password']) || !empty($current_password)) && !compat_password_verify($current_password, $user['password'])) {

$bad_password = true;

$errorMessage = "" . __('Your current password is not correct. Please try again.') . "";

break;

}

// Check new password does not match stored password

if (compat_password_verify($password, $user['password'])) {

$bad_password = true;

$errorMessage = "" . __('Your new password cannot be the same as the old password. Please try again.') . "";

break;

}

// If password isn't blank, password change is good to go

if ($password != '') {

if (read_config_option('secpass_expirepass') > 0) {

db_execute_prepared("UPDATE user_auth

SET lastchange = ?

WHERE id = ?

AND realm = 0

AND enabled = 'on'",

array(time(), $user_id));

}

$history = intval(read_config_option('secpass_history'));

if ($history > 0) {

$h = db_fetch_row_prepared("SELECT password, password_history

FROM user_auth

WHERE id = ?

AND realm = 0

AND enabled = 'on'",

array($user_id));

$op = $h['password'];

$h = explode('|', $h['password_history']);

while (cacti_count($h) > $history - 1) {

array_shift($h);

}

$h[] = $op;

$h = implode('|', $h);

db_execute_prepared("UPDATE user_auth

SET password_history = ?

WHERE id = ?

AND realm = 0

AND enabled = 'on'",

array($h, $user_id));

}

db_execute_prepared('INSERT IGNORE INTO user_log

(username, result, time, ip)

VALUES (?, 3, NOW(), ?)',

array($user['username'], get_client_addr()));

db_check_password_length();

db_execute_prepared("UPDATE user_auth

SET must_change_password = '', password = ?

WHERE id = ?",

array(compat_password_hash($password,PASSWORD_DEFAULT), $user_id));

// Clear the auth cache for the user

$token = '';

if (isset($_SERVER['HTTP_COOKIE']) && strpos($_SERVER['HTTP_COOKIE'], 'cacti_remembers') !== false) {

$parts = explode(';', $_SERVER['HTTP_COOKIE']);

foreach($parts as $p) {

if (strpos($p, 'cacti_remembers') !== false) {

$pparts = explode('%2C', $p);

if (isset($pparts[1])) {

$token = $pparts[1];

break;

}

}

}

}

if ($token != '') {

$sql_where = 'AND token != ' . db_qstr(hash('sha512', $token, false));

} else {

$sql_where = '';

}

db_execute_prepared("DELETE FROM user_auth_cache

WHERE user_id = ?

$sql_where",

array($_SESSION['sess_user_id']));

kill_session_var('sess_change_password');

raise_message('password_success');

/* ok, at the point the user has been sucessfully authenticated; so we must decide what to do next */

/* if no console permissions show graphs otherwise, pay attention to user setting */

$realm_id = $user_auth_realm_filenames['index.php'];

$has_console = db_fetch_cell_prepared('SELECT realm_id

FROM user_auth_realm

WHERE user_id = ? AND realm_id = ?',

array($user_id, $realm_id));

if (basename(get_nfilter_request_var('ref')) == 'auth_changepassword.php' || basename(get_nfilter_request_var('ref')) == '') {

if ($has_console) {

set_request_var('ref', 'index.php');

} else {

set_request_var('ref', 'graph_view.php');

}

}

if (!empty($has_console)) {

switch ($user['login_opts']) {

case '1': /* referer */

header('Location: ' . sanitize_uri(get_nfilter_request_var('ref'))); break;

case '2': /* default console page */

header('Location: index.php'); break;

case '3': /* default graph page */

header('Location: graph_view.php'); break;

default:

api_plugin_hook_function('login_options_navigate', $user['login_opts']);

}

} else {

header('Location: graph_view.php');

}

exit;

} else {

$bad_password = true;

}

break;

}

if (api_plugin_hook_function('custom_password', OPER_MODE_NATIVE) == OPER_MODE_RESKIN) {

exit;

}

if (get_request_var('action') == 'force') {

$errorMessage = "*** " . __('Forced password change') . " ***";

}

/* Create tooltip for password complexity */

$secpass_tooltip = "" . __('Password requirements include:') . "
";

$secpass_body = '';

if (read_config_option('secpass_minlen') > 0) {

$secpass_body .= __('Must be at least %d characters in length', read_config_option('secpass_minlen'));

}

if (read_config_option('secpass_reqmixcase') == 'on') {

$secpass_body .= ($secpass_body != '' ? '
':'') . __('Must include mixed case');

}

if (read_config_option('secpass_reqnum') == 'on') {

$secpass_body .= ($secpass_body != '' ? '
':'') . __('Must include at least 1 number');

}

if (read_config_option('secpass_reqspec') == 'on') {

$secpass_body .= ($secpass_body != '' ? '
':'') . __('Must include at least 1 special character');

}

if (read_config_option('secpass_history') != '0') {

$secpass_body .= ($secpass_body != '' ? '
':'') . __('Cannot be reused for %d password changes', read_config_option('secpass_history')+1);

}

$secpass_tooltip .= $secpass_body;

$selectedTheme = get_selected_theme();

?>

'>

'>

$skip_current = (empty($user['password']));

if ($skip_current) {

$title_message = __('Please enter your current password and your new
Cacti password.');

} else {

$title_message = __('Please enter your new Cacti password.');

}

?>

<?php print __('Username');?><?php print $user['username'];?><?php print __('Current password');?>
<?php print __('New password');?><?php print display_tooltip($secpass_tooltip);?>
<?php print __('Confirm new password');?>
'>

<?php print $user['must_change_password'] != 'on' ? "":"";?>

var minChars=<?php print read_config_option('secpass_minlen');?>;

function checkPassword() {

if ($('#password').val().length == 0) {

$('#pass').remove();

$('#passconfirm').remove();

} else if ($('#password').val().length < minChars) {

$('#pass').remove();

$('#password').after('

$('.password').tooltip();

} else {

$.post('auth_changepassword.php?action=checkpass', { password: $('#password').val(), password_confim: $('#password_confirm').val(), __csrf_magic: csrfMagicToken } ).done(function(data) {

if (data == 'ok') {

$('#pass').remove();

$('#password').after('

$('.password').tooltip();

checkPasswordConfirm();

} else {

$('#pass').remove();

$('#password').after('

$('.password').tooltip();

}

});

}

}

function checkPasswordConfirm() {

if ($('#password_confirm').val().length > 0) {

if ($('#password').val() != $('#password_confirm').val()) {

$('#passconfirm').remove();

$('#password_confirm').after('

$('.passconfirm').tooltip();

} else {

$('#passconfirm').remove();

$('#password_confirm').after('

$('.passconfirm').tooltip();

}

} else {

$('#passconfirm').remove();

}

}

var password_change = $('#password_change').is(':checked');

$(function() {

$('#current').focus();

/* clear passwords */

$('#password').val('');

$('#password_confirm').val('');

$('#password').keyup(function() {

checkPassword();

});

$('#password_confirm').keyup(function() {

checkPasswordConfirm();

});

});

include_once('./include/global_session.php');

print "

\n";

一键复制

编辑

Web IDE

原始数据

按行查看

历史

intplusplus
关注
魔兽世界注册页面搭建教程
PayneQiao的博客
12-05 617
一个简单的魔兽世界注册网站搭建
Linux 监控工具之Cacti使用详解(一)
weixin_34162228的博客
10-12 562
大纲一、前言二、Cacti 概述三、Cacti 工作流程四、Cacti 安装 五、配置Cacti监控本机 注,操作系统 CentOS 6.4 x86_84,软件版本 Cacti-0.8.8b 目前最新版。 (说明:本博文的一些图片自于开源社区与官方网站并不是所有内容全是原创)一、前言在前面的几篇博客中我们讲解了,监控的概述、SNMP原理与实战、RRDTool绘图工具使用,这几...
changepassword-0.9
07-30
支持WEB远程修改samba密码,与系统密码同步
password php,password.php
weixin_34009282的博客
03-09 161
//定义你的访问密码后上传$auth = 'renchao741';define('IN_SYS', true);require './framework/bootstrap.inc.php';load()->web('template');load()->web('common');load()->model('user');if($_W['ispost'] &&amp...
password.php,user_password.php
weixin_36139240的博客
03-13 223
/* vim: set expandtab sw=4 ts=4 sts=4: *//*** displays and handles the form where the user can change his password* linked from index.php** @package PhpMyAdmin*/use PMA\libraries\URL;use PMA\libraries...
php输入密码器下载文件,PHP安全下载文件的方法
weixin_36219745的博客
03-10 222
本文实例讲述了PHP安全下载文件的方法。分享给大家供大家参考,具体如下:header('Content-Type:text/html;Charset=utf-8');define('ROOT_PATH', dirname(__FILE__));/*** 下载文件* @param string $file_path 绝对路径*/function downFile($file_path) {//判断文...
php 密码
weixin_30723433的博客
01-17 87
1、生成随机密码的php库 https://github.com/hackzilla/password-generator 2、一个基于Zxcvbn JS的现实的PHP密码强度估计库 https://github.com/bjeavons/zxcvbn-php   转载于:https://www.cnblogs.com/linst/p/10281216.htm...
PHP学习笔记之二
10-28
在上面的示例中,我们定义了一个AuthUser类,它有三个属性:userName、password和两个方法:GetUserName()和ChangePassword()。我们还定义了一个静态方法CreateUser(),用于创建一个新的AuthUser对象。 学习PHP的...
史上最详细Django入门教程
双头灵蛇
10-27 4513
Django简介特点重量级框架MVT模式工程搭建1. 创建虚拟环境2. 安装Django3. 虚拟环境和pip的命令创建工程1. 创建2. 工程目录说明3. 运行开发服务器创建子应用1. 创建2. 子应用目录说明3. 注册安装子应用创建视图1. 创建2. 定义路由URL1) 在子应用中新建一个urls.py文件用于保存该应用的路由。2) 在users/urls.py文件中定义路由信息。3) 在工程总路由demo/urls.py中添加子应用的路由数据。4) 启动运行 简介 Django,发音为[`dʒæŋɡə
GOOGLE HACKING 系列文章 【FreeXploiT整理收集】
热门推荐
qq_43667702的博客
01-28 1万+
GOOGLE HACKING 系列文章 【FreeXploiT整理收集】
php 密码生成类 generate password
12-24
Generate Password class,根据指定规则生成password 功能: 1.可设定密码长度。 2.可设定要生成的密码个数,批量生成。 3.可以指定密码的规则,字母,数字,特殊字符等。
PasswordChange
07-05
通过解决方案包,实现对AD账号密码的修改
linux change password.doc
06-07
linux change password.doc
linux samba changepassword安装
08-31
linux samba changepassword安装,samba服务器普通用户可以使用服务器页面上自行修改共享账号的密码
php登录用户密码
05-08
php登录用户密码
php password_php – 在现有密码上使用password_verify
weixin_28958485的博客
03-09 519
我想在他们登录我的网站之前检查某人的密码和用户名.密码全部存储在password_hash($password1,PASSWORD_BCRYPT);我不确定我做错了什么.目前,无论我输入什么,它总是说不正确.require 'privstuff/dbinfo.php';$username = $_POST["username"];$password1 = $_POST["password1"];$...
php password_详谈PHP中的密码安全性Password Hashing
weixin_32323455的博客
03-09 477
如果你还在用md5加密,建议看看下方密码加密和验证方式。先看一个简单的Password Hashing例子://require 'password.php';/*** 正确的密码是secret-password* $passwordHash 是hash 后存储的密码* password_verify()用于将用户输入的密码和数据库存储的密码比对。成功返回true,否则false*/$passwor...
svn自助改动passwordPHP脚本实现)
weixin_34355559的博客
04-14 133
#创建脚本文件夹 mkdir -p /var/www/svn/svntools #创建apache配置文件 touch /etc/httpd/conf.d/alias.conf #输入下面内容: Alias /svntools "/var/www/svn/svntools" &lt;Directory "/var/www/svn/svntools"&gt; Req...
使用PHP password_hash()加密(Php>=5.5)
hp445022889的博客
03-09 923
CREATE TABLE `user` ( `user_id` int(11) NOT NULL AUTO_INCREMENT, `user_name` varchar(16) DEFAULT NULL, `user_password` char(60) DEFAULT NULL, PRIMARY KEY (`user_id`) ) ENGINE=InnoDB DEFAULT CH...
AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ]
最新发布
06-03
AUTH_PASSWORD_VALIDATORS是Django等Web框架中的一个设置项,用于指定Django项目的密码验证策略。在Django中,可以使用多种不同的密码验证策略,来确保用户密码的安全性。 在这里,AUTH_PASSWORD_VALIDATORS包含了一个列表,列表中包含了四个字典,每个字典指定了一种密码验证策略。具体来说,这四种密码验证策略分别是: - UserAttributeSimilarityValidator:检查密码是否与用户名或其他用户属性相似。 - MinimumLengthValidator:检查密码是否达到最小长度要求。 - CommonPasswordValidator:检查密码是否为常用密码。 - NumericPasswordValidator:检查密码是否包含数字。 这个配置的作用是在用户创建或修改密码时,对新密码进行验证,确保其符合安全性要求。如果需要修改密码验证策略,只需要修改AUTH_PASSWORD_VALIDATORS中相应的字典即可。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值