Преглед изворни кода

Clean up clutter and unneeded code

master
Skylar Ittner пре 2 година
родитељ
комит
e28d3a93ac
10 измењених фајлова са 79 додато и 1053 уклоњено
  1. 0
    36
      action.php
  2. 1
    1
      app.php
  3. 2
    3
      composer.json
  4. 1
    389
      composer.lock
  5. 41
    36
      index.php
  6. 1
    0
      lang/en_us.php
  7. 0
    28
      lang/messages.php
  8. 32
    0
      lib/login.php
  9. 0
    522
      lib/worst_passwords.php
  10. 1
    38
      required.php

+ 0
- 36
action.php Прегледај датотеку

@@ -3,16 +3,11 @@
/**
* Make things happen when buttons are pressed and forms submitted.
*/
use LdapTools\LdapManager;
use LdapTools\Object\LdapObjectType;

require_once __DIR__ . "/required.php";

dieifnotloggedin();

require_once __DIR__ . "/lib/login.php";
require_once __DIR__ . "/lib/worst_passwords.php";

function returnToSender($msg, $arg = "") {
global $VARS;
if ($arg == "") {
@@ -28,35 +23,4 @@ switch ($VARS['action']) {
session_destroy();
header('Location: index.php');
die("Logged out.");
case "chpasswd":
if ($_SESSION['password'] == $VARS['oldpass']) {
if ($VARS['newpass'] == $VARS['conpass']) {
$passrank = checkWorst500List($VARS['newpass']);
if ($passrank !== FALSE) {
returnToSender("password_500", $passrank);
}
if (strlen($VARS['newpass']) < MIN_PASSWORD_LENGTH) {
returnToSender("weak_password");
}

$database->update('accounts', ['password' => encryptPassword($VARS['newpass'])], ['uid' => $_SESSION['uid']]);
$_SESSION['password'] = $VARS['newpass'];
returnToSender("password_updated");
} else {
returnToSender("new_password_mismatch");
}
} else {
returnToSender("old_password_mismatch");
}
break;
case "add2fa":
if (is_empty($VARS['secret'])) {
returnToSender("invalid_parameters");
}
$database->update('accounts', ['authsecret' => $VARS['secret']], ['uid' => $_SESSION['uid']]);
returnToSender("2fa_enabled");
case "rm2fa":
$database->update('accounts', ['authsecret' => ""], ['uid' => $_SESSION['uid']]);
returnToSender("2fa_removed");
break;
}

+ 1
- 1
app.php Прегледај датотеку

@@ -125,7 +125,7 @@ if (!is_empty($_GET['page'])) {
if (is_empty($_GET['arg'])) {
$alertmsg = lang(MESSAGES[$_GET['msg']]['string'], false);
} else {
$alertmsg = lang2(MESSAGES[$_GET['msg']]['string'], ["arg" => $_GET['arg']], false);
$alertmsg = lang2(MESSAGES[$_GET['msg']]['string'], ["arg" => strip_tags($_GET['arg'])], false);
}
$alerttype = MESSAGES[$_GET['msg']]['type'];
$alerticon = "square-o";

+ 2
- 3
composer.json Прегледај датотеку

@@ -1,10 +1,9 @@
{
"name": "netsyms/web-app-template",
"description": "Simple framework for rapid webapp development",
"name": "netsyms/business-app-template",
"description": "Template for a webapp integrated with a Portal server for authentication.",
"type": "project",
"require": {
"catfan/medoo": "^1.2",
"spomky-labs/otphp": "^8.3",
"guzzlehttp/guzzle": "^6.2"
},
"license": "MIT",

+ 1
- 389
composer.lock Прегледај датотеку

@@ -4,63 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "e0730a4c33d1a1cbf8738481ba9a1f1e",
"content-hash": "1c8b61c5d506ae016285b99b20040cf0",
"packages": [
{
"name": "beberlei/assert",
"version": "v2.7.4",
"source": {
"type": "git",
"url": "https://github.com/beberlei/assert.git",
"reference": "3ee3bc468a3ce4bbfc3d74f53c6cdb5242d39d1a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/beberlei/assert/zipball/3ee3bc468a3ce4bbfc3d74f53c6cdb5242d39d1a",
"reference": "3ee3bc468a3ce4bbfc3d74f53c6cdb5242d39d1a",
"shasum": ""
},
"require": {
"ext-mbstring": "*",
"php": ">=5.3"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^2.1.1",
"phpunit/phpunit": "^4|^5"
},
"type": "library",
"autoload": {
"psr-4": {
"Assert\\": "lib/Assert"
},
"files": [
"lib/Assert/functions.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-2-Clause"
],
"authors": [
{
"name": "Benjamin Eberlei",
"email": "kontakt@beberlei.de",
"role": "Lead Developer"
},
{
"name": "Richard Quadling",
"email": "rquadling@gmail.com",
"role": "Collaborator"
}
],
"description": "Thin assertion library for input validation in business models.",
"keywords": [
"assert",
"assertion",
"validation"
],
"time": "2017-03-14T18:06:52+00:00"
},
{
"name": "catfan/medoo",
"version": "v1.2.1",
@@ -116,60 +61,6 @@
],
"time": "2017-02-17T16:05:35+00:00"
},
{
"name": "christian-riesen/base32",
"version": "1.3.1",
"source": {
"type": "git",
"url": "https://github.com/ChristianRiesen/base32.git",
"reference": "0a31e50c0fa9b1692d077c86ac188eecdcbaf7fa"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ChristianRiesen/base32/zipball/0a31e50c0fa9b1692d077c86ac188eecdcbaf7fa",
"reference": "0a31e50c0fa9b1692d077c86ac188eecdcbaf7fa",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"require-dev": {
"phpunit/phpunit": "4.*",
"satooshi/php-coveralls": "0.*"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.1.x-dev"
}
},
"autoload": {
"psr-4": {
"Base32\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Christian Riesen",
"email": "chris.riesen@gmail.com",
"homepage": "http://christianriesen.com",
"role": "Developer"
}
],
"description": "Base32 encoder/decoder according to RFC 4648",
"homepage": "https://github.com/ChristianRiesen/base32",
"keywords": [
"base32",
"decode",
"encode",
"rfc4648"
],
"time": "2016-05-05T11:49:03+00:00"
},
{
"name": "guzzlehttp/guzzle",
"version": "6.2.3",
@@ -348,54 +239,6 @@
],
"time": "2017-03-20T17:10:46+00:00"
},
{
"name": "paragonie/random_compat",
"version": "v2.0.10",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "634bae8e911eefa89c1abfbf1b66da679ac8f54d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/634bae8e911eefa89c1abfbf1b66da679ac8f54d",
"reference": "634bae8e911eefa89c1abfbf1b66da679ac8f54d",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
],
"time": "2017-03-13T16:27:32+00:00"
},
{
"name": "psr/http-message",
"version": "1.0.1",
@@ -445,237 +288,6 @@
"response"
],
"time": "2016-08-06T14:39:51+00:00"
},
{
"name": "spomky-labs/otphp",
"version": "v8.3.0",
"source": {
"type": "git",
"url": "https://github.com/Spomky-Labs/otphp.git",
"reference": "8c90e16ba48fe7c306832611e22c5bad2d663a98"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Spomky-Labs/otphp/zipball/8c90e16ba48fe7c306832611e22c5bad2d663a98",
"reference": "8c90e16ba48fe7c306832611e22c5bad2d663a98",
"shasum": ""
},
"require": {
"beberlei/assert": "^2.4",
"christian-riesen/base32": "^1.1",
"paragonie/random_compat": "^2.0",
"php": "^5.5|^7.0",
"symfony/polyfill-mbstring": "^1.1",
"symfony/polyfill-php56": "^1.1"
},
"require-dev": {
"phpunit/phpunit": "~4.0|^5.0",
"satooshi/php-coveralls": "^1.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "8.2.x-dev"
}
},
"autoload": {
"psr-4": {
"OTPHP\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Florent Morselli",
"homepage": "https://github.com/Spomky"
},
{
"name": "All contributors",
"homepage": "https://github.com/Spomky-Labs/otphp/contributors"
}
],
"description": "A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator",
"homepage": "https://github.com/Spomky-Labs/otphp",
"keywords": [
"FreeOTP",
"RFC 4226",
"RFC 6238",
"google authenticator",
"hotp",
"otp",
"totp"
],
"time": "2016-12-08T10:46:02+00:00"
},
{
"name": "symfony/polyfill-mbstring",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-mbstring.git",
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/e79d363049d1c2128f133a2667e4f4190904f7f4",
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4",
"shasum": ""
},
"require": {
"php": ">=5.3.3"
},
"suggest": {
"ext-mbstring": "For best performance"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Mbstring\\": ""
},
"files": [
"bootstrap.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Nicolas Grekas",
"email": "p@tchwork.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony polyfill for the Mbstring extension",
"homepage": "https://symfony.com",
"keywords": [
"compatibility",
"mbstring",
"polyfill",
"portable",
"shim"
],
"time": "2016-11-14T01:06:16+00:00"
},
{
"name": "symfony/polyfill-php56",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-php56.git",
"reference": "1dd42b9b89556f18092f3d1ada22cb05ac85383c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/1dd42b9b89556f18092f3d1ada22cb05ac85383c",
"reference": "1dd42b9b89556f18092f3d1ada22cb05ac85383c",
"shasum": ""
},
"require": {
"php": ">=5.3.3",
"symfony/polyfill-util": "~1.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Php56\\": ""
},
"files": [
"bootstrap.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Nicolas Grekas",
"email": "p@tchwork.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions",
"homepage": "https://symfony.com",
"keywords": [
"compatibility",
"polyfill",
"portable",
"shim"
],
"time": "2016-11-14T01:06:16+00:00"
},
{
"name": "symfony/polyfill-util",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-util.git",
"reference": "746bce0fca664ac0a575e465f65c6643faddf7fb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-util/zipball/746bce0fca664ac0a575e465f65c6643faddf7fb",
"reference": "746bce0fca664ac0a575e465f65c6643faddf7fb",
"shasum": ""
},
"require": {
"php": ">=5.3.3"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Util\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Nicolas Grekas",
"email": "p@tchwork.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony utilities for portability of PHP codes",
"homepage": "https://symfony.com",
"keywords": [
"compat",
"compatibility",
"polyfill",
"shim"
],
"time": "2016-11-14T01:06:16+00:00"
}
],
"packages-dev": [],

+ 41
- 36
index.php Прегледај датотеку

@@ -6,48 +6,52 @@ require_once __DIR__ . "/lib/login.php";
/* Authenticate user */
$userpass_ok = false;
$multiauth = false;
if ($VARS['progress'] == "1") {
if (authenticate_user($VARS['username'], $VARS['password'])) {
switch (get_account_status($VARS['username'])) {
case "LOCKED_OR_DISABLED":
$alert = lang("account locked", false);
break;
case "TERMINATED":
$alert = lang("account terminated", false);
break;
case "CHANGE_PASSWORD":
$alert = lang("password expired", false);
case "NORMAL":
$userpass_ok = true;
break;
case "ALERT_ON_ACCESS":
sendLoginAlertEmail($VARS['username']);
$userpass_ok = true;
break;
if (checkLoginServer()) {
if ($VARS['progress'] == "1") {
if (authenticate_user($VARS['username'], $VARS['password'])) {
switch (get_account_status($VARS['username'])) {
case "LOCKED_OR_DISABLED":
$alert = lang("account locked", false);
break;
case "TERMINATED":
$alert = lang("account terminated", false);
break;
case "CHANGE_PASSWORD":
$alert = lang("password expired", false);
case "NORMAL":
$userpass_ok = true;
break;
case "ALERT_ON_ACCESS":
sendLoginAlertEmail($VARS['username']);
$userpass_ok = true;
break;
}
if ($userpass_ok) {
if (userHasTOTP($VARS['username'])) {
$multiauth = true;
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php');
die("Logged in, go to app.php");
}
}
} else {
$alert = lang("login incorrect", false);
}
if ($userpass_ok) {
if (userHasTOTP($VARS['username'])) {
$multiauth = true;
} else {
doLoginUser($VARS['username'], $VARS['password']);
} else if ($VARS['progress'] == "2") {
if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
if (doLoginUser($VARS['username'])) {
header('Location: app.php');
die("Logged in, go to app.php");
} else {
$alert = lang("login server user data error", false);
}
}
} else {
$alert = lang("login incorrect", false);
}
} else if ($VARS['progress'] == "2") {
if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
if (doLoginUser($VARS['username'])) {
header('Location: app.php');
die("Logged in, go to app.php");
} else {
$alert = lang("login server user data error", false);
$alert = lang("2fa incorrect", false);
}
} else {
$alert = lang("2fa incorrect", false);
}
} else {
$alert = lang("login server unavailable", false);
}
?>
<!DOCTYPE html>
@@ -60,6 +64,7 @@ if ($VARS['progress'] == "1") {
<title><?php echo SITE_TITLE; ?></title>

<link href="static/css/bootstrap.min.css" rel="stylesheet">
<link href="static/css/font-awesome.min.css" rel="stylesheet">
<link href="static/css/app.css" rel="stylesheet">
</head>
<body>
@@ -83,7 +88,7 @@ if ($VARS['progress'] == "1") {
if (!is_empty($alert)) {
?>
<div class="alert alert-danger">
<?php echo $alert; ?>
<i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
</div>
<?php
}

+ 1
- 0
lang/en_us.php Прегледај датотеку

@@ -9,6 +9,7 @@ define("STRINGS", [
"2fa prompt" => "Enter the six-digit code from your mobile authenticator app.",
"2fa incorrect" => "Authentication code incorrect.",
"login incorrect" => "Login incorrect.",
"login server unavailable" => "Login server unavailable. Try again later or contact technical support.",
"account locked" => "This account has been disabled. Contact technical support.",
"password expired" => "You must change your password before continuing.",
"account terminated" => "Account terminated. Access denied.",

+ 0
- 28
lang/messages.php Прегледај датотеку

@@ -1,38 +1,10 @@
<?php

define("MESSAGES", [
"old_password_mismatch" => [
"string" => "current password incorrect",
"type" => "danger"
],
"new_password_mismatch" => [
"string" => "new password mismatch",
"type" => "danger"
],
"weak_password" => [
"string" => "weak password",
"type" => "danger"
],
"password_updated" => [
"string" => "password updated",
"type" => "success"
],
"2fa_removed" => [
"string" => "2fa removed",
"type" => "success"
],
"2fa_enabled" => [
"string" => "2fa enabled",
"type" => "success"
],
"invalid_parameters" => [
"string" => "invalid parameters",
"type" => "danger"
],
"password_500" => [
"string" => "password on 500 list",
"type" => "danger"
],
"account_state_error" => [
"string" => "account state error",
"type" => "danger"

+ 32
- 0
lib/login.php Прегледај датотеку

@@ -3,6 +3,38 @@
/**
* Authentication and account functions. Connects to a Portal instance.
*/

/**
* Check the login server API for sanity
* @return boolean true if OK, else false
*/
function checkLoginServer() {
try {
$client = new GuzzleHttp\Client();

$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "ping"
]
]);

if ($response->getStatusCode() != 200) {
return false;
}

$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") {
return true;
} else {
return false;
}
} catch (Exception $e) {
return false;
}
}

////////////////////////////////////////////////////////////////////////////////
// Account handling //
////////////////////////////////////////////////////////////////////////////////

+ 0
- 522
lib/worst_passwords.php Прегледај датотеку

@@ -1,522 +0,0 @@
<?php
/*
* 500 most common passwords, to be used in stopping idiots from having really bad passwords.
* Source: https://github.com/danielmiessler/SecLists/blob/master/Passwords/500-worst-passwords.txt
*/


/**
* Checks a given password against the list of the 500 most common passwords.
* @param string $search the password to check
* @return false if not found, the password ranking if found
*/
function checkWorst500List($search) {
$worst_password_list = [
"123456",
"password",
"12345678",
"1234",
"pussy",
"12345",
"dragon",
"qwerty",
"696969",
"mustang",
"letmein",
"baseball",
"master",
"michael",
"football",
"shadow",
"monkey",
"abc123",
"pass",
"fuckme",
"6969",
"jordan",
"harley",
"ranger",
"iwantu",
"jennifer",
"hunter",
"fuck",
"2000",
"test",
"batman",
"trustno1",
"thomas",
"tigger",
"robert",
"access",
"love",
"buster",
"1234567",
"soccer",
"hockey",
"killer",
"george",
"sexy",
"andrew",
"charlie",
"superman",
"asshole",
"fuckyou",
"dallas",
"jessica",
"panties",
"pepper",
"1111",
"austin",
"william",
"daniel",
"golfer",
"summer",
"heather",
"hammer",
"yankees",
"joshua",
"maggie",
"biteme",
"enter",
"ashley",
"thunder",
"cowboy",
"silver",
"richard",
"fucker",
"orange",
"merlin",
"michelle",
"corvette",
"bigdog",
"cheese",
"matthew",
"121212",
"patrick",
"martin",
"freedom",
"ginger",
"blowjob",
"nicole",
"sparky",
"yellow",
"camaro",
"secret",
"dick",
"falcon",
"taylor",
"111111",
"131313",
"123123",
"bitch",
"hello",
"scooter",
"please",
"porsche",
"guitar",
"chelsea",
"black",
"diamond",
"nascar",
"jackson",
"cameron",
"654321",
"computer",
"amanda",
"wizard",
"xxxxxxxx",
"money",
"phoenix",
"mickey",
"bailey",
"knight",
"iceman",
"tigers",
"purple",
"andrea",
"horny",
"dakota",
"aaaaaa",
"player",
"sunshine",
"morgan",
"starwars",
"boomer",
"cowboys",
"edward",
"charles",
"girls",
"booboo",
"coffee",
"xxxxxx",
"bulldog",
"ncc1701",
"rabbit",
"peanut",
"john",
"johnny",
"gandalf",
"spanky",
"winter",
"brandy",
"compaq",
"carlos",
"tennis",
"james",
"mike",
"brandon",
"fender",
"anthony",
"blowme",
"ferrari",
"cookie",
"chicken",
"maverick",
"chicago",
"joseph",
"diablo",
"sexsex",
"hardcore",
"666666",
"willie",
"welcome",
"chris",
"panther",
"yamaha",
"justin",
"banana",
"driver",
"marine",
"angels",
"fishing",
"david",
"maddog",
"hooters",
"wilson",
"butthead",
"dennis",
"fucking",
"captain",
"bigdick",
"chester",
"smokey",
"xavier",
"steven",
"viking",
"snoopy",
"blue",
"eagles",
"winner",
"samantha",
"house",
"miller",
"flower",
"jack",
"firebird",
"butter",
"united",
"turtle",
"steelers",
"tiffany",
"zxcvbn",
"tomcat",
"golf",
"bond007",
"bear",
"tiger",
"doctor",
"gateway",
"gators",
"angel",
"junior",
"thx1138",
"porno",
"badboy",
"debbie",
"spider",
"melissa",
"booger",
"1212",
"flyers",
"fish",
"porn",
"matrix",
"teens",
"scooby",
"jason",
"walter",
"cumshot",
"boston",
"braves",
"yankee",
"lover",
"barney",
"victor",
"tucker",
"princess",
"mercedes",
"5150",
"doggie",
"zzzzzz",
"gunner",
"horney",
"bubba",
"2112",
"fred",
"johnson",
"xxxxx",
"tits",
"member",
"boobs",
"donald",
"bigdaddy",
"bronco",
"penis",
"voyager",
"rangers",
"birdie",
"trouble",
"white",
"topgun",
"bigtits",
"bitches",
"green",
"super",
"qazwsx",
"magic",
"lakers",
"rachel",
"slayer",
"scott",
"2222",
"asdf",
"video",
"london",
"7777",
"marlboro",
"srinivas",
"internet",
"action",
"carter",
"jasper",
"monster",
"teresa",
"jeremy",
"11111111",
"bill",
"crystal",
"peter",
"pussies",
"cock",
"beer",
"rocket",
"theman",
"oliver",
"prince",
"beach",
"amateur",
"7777777",
"muffin",
"redsox",
"star",
"testing",
"shannon",
"murphy",
"frank",
"hannah",
"dave",
"eagle1",
"11111",
"mother",
"nathan",
"raiders",
"steve",
"forever",
"angela",
"viper",
"ou812",
"jake",
"lovers",
"suckit",
"gregory",
"buddy",
"whatever",
"young",
"nicholas",
"lucky",
"helpme",
"jackie",
"monica",
"midnight",
"college",
"baby",
"cunt",
"brian",
"mark",
"startrek",
"sierra",
"leather",
"232323",
"4444",
"beavis",
"bigcock",
"happy",
"sophie",
"ladies",
"naughty",
"giants",
"booty",
"blonde",
"fucked",
"golden",
"0",
"fire",
"sandra",
"pookie",
"packers",
"einstein",
"dolphins",
"chevy",
"winston",
"warrior",
"sammy",
"slut",
"8675309",
"zxcvbnm",
"nipples",
"power",
"victoria",
"asdfgh",
"vagina",
"toyota",
"travis",
"hotdog",
"paris",
"rock",
"xxxx",
"extreme",
"redskins",
"erotic",
"dirty",
"ford",
"freddy",
"arsenal",
"access14",
"wolf",
"nipple",
"iloveyou",
"alex",
"florida",
"eric",
"legend",
"movie",
"success",
"rosebud",
"jaguar",
"great",
"cool",
"cooper",
"1313",
"scorpio",
"mountain",
"madison",
"987654",
"brazil",
"lauren",
"japan",
"naked",
"squirt",
"stars",
"apple",
"alexis",
"aaaa",
"bonnie",
"peaches",
"jasmine",
"kevin",
"matt",
"qwertyui",
"danielle",
"beaver",
"4321",
"4128",
"runner",
"swimming",
"dolphin",
"gordon",
"casper",
"stupid",
"shit",
"saturn",
"gemini",
"apples",
"august",
"3333",
"canada",
"blazer",
"cumming",
"hunting",
"kitty",
"rainbow",
"112233",
"arthur",
"cream",
"calvin",
"shaved",
"surfer",
"samson",
"kelly",
"paul",
"mine",
"king",
"racing",
"5555",
"eagle",
"hentai",
"newyork",
"little",
"redwings",
"smith",
"sticky",
"cocacola",
"animal",
"broncos",
"private",
"skippy",
"marvin",
"blondes",
"enjoy",
"girl",
"apollo",
"parker",
"qwert",
"time",
"sydney",
"women",
"voodoo",
"magnum",
"juice",
"abgrtyu",
"777777",
"dreams",
"maxwell",
"music",
"rush2112",
"russia",
"scorpion",
"rebecca",
"tester",
"mistress",
"phantom",
"billy",
"6666",
"albert"
];
$index = array_search($search, $worst_password_list);
if ($index === FALSE) {
return false;
} else {
return $index + 1;
}
}

+ 1
- 38
required.php Прегледај датотеку

@@ -10,7 +10,6 @@ header('Content-Type: text/html; charset=utf-8');
// l33t $ecurity h4x
header('X-Content-Type-Options: nosniff');
header('X-XSS-Protection: 1; mode=block');
header('X-Powered-By: Late-night coding frenzies (plz send caffeine, thx)');
$session_length = 60 * 60; // 1 hour
session_set_cookie_params($session_length, "/", null, false, true);

@@ -127,35 +126,6 @@ function lang2($key, $replace, $echo = true) {
}
}

/**
* Checks if an email address is valid.
* @param string $email Email to check
* @return boolean True if email passes validation, else false.
*/
function isValidEmail($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL);
}


/**
* Hashes the given plaintext password
* @param String $password
* @return String the hash, using bcrypt
*/
function encryptPassword($password) {
return password_hash($password, PASSWORD_BCRYPT);
}

/**
* Securely verify a password and its hash
* @param String $password
* @param String $hash the hash to compare to
* @return boolean True if password OK, else false
*/
function comparePassword($password, $hash) {
return password_verify($password, $hash);
}

function dieifnotloggedin() {
if ($_SESSION['loggedin'] != true) {
sendError("Session expired. Please log out and log in again.");
@@ -211,16 +181,9 @@ if (!function_exists('base_url')) {

}

function redirectToPageId($id, $args, $dontdie) {
header('Location: ' . URL . '?id=' . $id . $args);
if (is_null($dontdie)) {
die("Please go to " . URL . '?id=' . $id . $args);
}
}

function redirectIfNotLoggedIn() {
if ($_SESSION['loggedin'] !== TRUE) {
header('Location: ' . URL . '/login.php');
header('Location: ' . URL . '/index.php');
die();
}
}

Loading…
Откажи
Сачувај