Business/MachineManager
2
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Clean up clutter and unneeded code

Browse Source
This commit is contained in:
Skylar Ittner 2017-04-26 00:46:36 -06:00
parent 3110011596
commit e28d3a93ac
10 changed files with 79 additions and 1053 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
action.php
View File

@ -3,16 +3,11 @@
/** /**
* Make things happen when buttons are pressed and forms submitted. * Make things happen when buttons are pressed and forms submitted.
*/ */
use LdapTools\LdapManager;
use LdapTools\Object\LdapObjectType;
require_once __DIR__ . "/required.php"; require_once __DIR__ . "/required.php";
dieifnotloggedin(); dieifnotloggedin();
require_once __DIR__ . "/lib/login.php";
require_once __DIR__ . "/lib/worst_passwords.php";
function returnToSender($msg, $arg = "") { function returnToSender($msg, $arg = "") {
global $VARS; global $VARS;
if ($arg == "") { if ($arg == "") {
@ -28,35 +23,4 @@ switch ($VARS['action']) {
session_destroy(); session_destroy();
header('Location: index.php'); header('Location: index.php');
die("Logged out."); die("Logged out.");
case "chpasswd":
if ($_SESSION['password'] == $VARS['oldpass']) {
if ($VARS['newpass'] == $VARS['conpass']) {
$passrank = checkWorst500List($VARS['newpass']);
if ($passrank !== FALSE) {
returnToSender("password_500", $passrank);
}
if (strlen($VARS['newpass']) < MIN_PASSWORD_LENGTH) {
returnToSender("weak_password");
}
$database->update('accounts', ['password' => encryptPassword($VARS['newpass'])], ['uid' => $_SESSION['uid']]);
$_SESSION['password'] = $VARS['newpass'];
returnToSender("password_updated");
} else {
returnToSender("new_password_mismatch");
}
} else {
returnToSender("old_password_mismatch");
}
break;
case "add2fa":
if (is_empty($VARS['secret'])) {
returnToSender("invalid_parameters");
}
$database->update('accounts', ['authsecret' => $VARS['secret']], ['uid' => $_SESSION['uid']]);
returnToSender("2fa_enabled");
case "rm2fa":
$database->update('accounts', ['authsecret' => ""], ['uid' => $_SESSION['uid']]);
returnToSender("2fa_removed");
break;
} }

2
app.php
View File

@ -125,7 +125,7 @@ if (!is_empty($_GET['page'])) {
if (is_empty($_GET['arg'])) { if (is_empty($_GET['arg'])) {
$alertmsg = lang(MESSAGES[$_GET['msg']]['string'], false); $alertmsg = lang(MESSAGES[$_GET['msg']]['string'], false);
} else { } else {
$alertmsg = lang2(MESSAGES[$_GET['msg']]['string'], ["arg" => $_GET['arg']], false); $alertmsg = lang2(MESSAGES[$_GET['msg']]['string'], ["arg" => strip_tags($_GET['arg'])], false);
} }
$alerttype = MESSAGES[$_GET['msg']]['type']; $alerttype = MESSAGES[$_GET['msg']]['type'];
$alerticon = "square-o"; $alerticon = "square-o";

5
composer.json
View File

@ -1,10 +1,9 @@
{ {
"name": "netsyms/web-app-template", "name": "netsyms/business-app-template",
"description": "Simple framework for rapid webapp development", "description": "Template for a webapp integrated with a Portal server for authentication.",
"type": "project", "type": "project",
"require": { "require": {
"catfan/medoo": "^1.2", "catfan/medoo": "^1.2",
"spomky-labs/otphp": "^8.3",
"guzzlehttp/guzzle": "^6.2" "guzzlehttp/guzzle": "^6.2"
}, },
"license": "MIT", "license": "MIT",

390
composer.lock generated
View File

@ -4,63 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "e0730a4c33d1a1cbf8738481ba9a1f1e", "content-hash": "1c8b61c5d506ae016285b99b20040cf0",
"packages": [ "packages": [
{
"name": "beberlei/assert",
"version": "v2.7.4",
"source": {
"type": "git",
"url": "https://github.com/beberlei/assert.git",
"reference": "3ee3bc468a3ce4bbfc3d74f53c6cdb5242d39d1a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/beberlei/assert/zipball/3ee3bc468a3ce4bbfc3d74f53c6cdb5242d39d1a",
"reference": "3ee3bc468a3ce4bbfc3d74f53c6cdb5242d39d1a",
"shasum": ""
},
"require": {
"ext-mbstring": "*",
"php": ">=5.3"
},
"require-dev": {
"friendsofphp/php-cs-fixer": "^2.1.1",
"phpunit/phpunit": "^4|^5"
},
"type": "library",
"autoload": {
"psr-4": {
"Assert\\": "lib/Assert"
},
"files": [
"lib/Assert/functions.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-2-Clause"
],
"authors": [
{
"name": "Benjamin Eberlei",
"email": "kontakt@beberlei.de",
"role": "Lead Developer"
},
{
"name": "Richard Quadling",
"email": "rquadling@gmail.com",
"role": "Collaborator"
}
],
"description": "Thin assertion library for input validation in business models.",
"keywords": [
"assert",
"assertion",
"validation"
],
"time": "2017-03-14T18:06:52+00:00"
},
{ {
"name": "catfan/medoo", "name": "catfan/medoo",
"version": "v1.2.1", "version": "v1.2.1",
@ -116,60 +61,6 @@
], ],
"time": "2017-02-17T16:05:35+00:00" "time": "2017-02-17T16:05:35+00:00"
}, },
{
"name": "christian-riesen/base32",
"version": "1.3.1",
"source": {
"type": "git",
"url": "https://github.com/ChristianRiesen/base32.git",
"reference": "0a31e50c0fa9b1692d077c86ac188eecdcbaf7fa"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/ChristianRiesen/base32/zipball/0a31e50c0fa9b1692d077c86ac188eecdcbaf7fa",
"reference": "0a31e50c0fa9b1692d077c86ac188eecdcbaf7fa",
"shasum": ""
},
"require": {
"php": ">=5.3.0"
},
"require-dev": {
"phpunit/phpunit": "4.*",
"satooshi/php-coveralls": "0.*"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.1.x-dev"
}
},
"autoload": {
"psr-4": {
"Base32\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Christian Riesen",
"email": "chris.riesen@gmail.com",
"homepage": "http://christianriesen.com",
"role": "Developer"
}
],
"description": "Base32 encoder/decoder according to RFC 4648",
"homepage": "https://github.com/ChristianRiesen/base32",
"keywords": [
"base32",
"decode",
"encode",
"rfc4648"
],
"time": "2016-05-05T11:49:03+00:00"
},
{ {
"name": "guzzlehttp/guzzle", "name": "guzzlehttp/guzzle",
"version": "6.2.3", "version": "6.2.3",
@ -348,54 +239,6 @@
], ],
"time": "2017-03-20T17:10:46+00:00" "time": "2017-03-20T17:10:46+00:00"
}, },
{
"name": "paragonie/random_compat",
"version": "v2.0.10",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "634bae8e911eefa89c1abfbf1b66da679ac8f54d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/634bae8e911eefa89c1abfbf1b66da679ac8f54d",
"reference": "634bae8e911eefa89c1abfbf1b66da679ac8f54d",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
],
"time": "2017-03-13T16:27:32+00:00"
},
{ {
"name": "psr/http-message", "name": "psr/http-message",
"version": "1.0.1", "version": "1.0.1",
@ -445,237 +288,6 @@
"response" "response"
], ],
"time": "2016-08-06T14:39:51+00:00" "time": "2016-08-06T14:39:51+00:00"
},
{
"name": "spomky-labs/otphp",
"version": "v8.3.0",
"source": {
"type": "git",
"url": "https://github.com/Spomky-Labs/otphp.git",
"reference": "8c90e16ba48fe7c306832611e22c5bad2d663a98"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Spomky-Labs/otphp/zipball/8c90e16ba48fe7c306832611e22c5bad2d663a98",
"reference": "8c90e16ba48fe7c306832611e22c5bad2d663a98",
"shasum": ""
},
"require": {
"beberlei/assert": "^2.4",
"christian-riesen/base32": "^1.1",
"paragonie/random_compat": "^2.0",
"php": "^5.5|^7.0",
"symfony/polyfill-mbstring": "^1.1",
"symfony/polyfill-php56": "^1.1"
},
"require-dev": {
"phpunit/phpunit": "~4.0|^5.0",
"satooshi/php-coveralls": "^1.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "8.2.x-dev"
}
},
"autoload": {
"psr-4": {
"OTPHP\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Florent Morselli",
"homepage": "https://github.com/Spomky"
},
{
"name": "All contributors",
"homepage": "https://github.com/Spomky-Labs/otphp/contributors"
}
],
"description": "A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator",
"homepage": "https://github.com/Spomky-Labs/otphp",
"keywords": [
"FreeOTP",
"RFC 4226",
"RFC 6238",
"google authenticator",
"hotp",
"otp",
"totp"
],
"time": "2016-12-08T10:46:02+00:00"
},
{
"name": "symfony/polyfill-mbstring",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-mbstring.git",
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/e79d363049d1c2128f133a2667e4f4190904f7f4",
"reference": "e79d363049d1c2128f133a2667e4f4190904f7f4",
"shasum": ""
},
"require": {
"php": ">=5.3.3"
},
"suggest": {
"ext-mbstring": "For best performance"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Mbstring\\": ""
},
"files": [
"bootstrap.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Nicolas Grekas",
"email": "p@tchwork.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony polyfill for the Mbstring extension",
"homepage": "https://symfony.com",
"keywords": [
"compatibility",
"mbstring",
"polyfill",
"portable",
"shim"
],
"time": "2016-11-14T01:06:16+00:00"
},
{
"name": "symfony/polyfill-php56",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-php56.git",
"reference": "1dd42b9b89556f18092f3d1ada22cb05ac85383c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/1dd42b9b89556f18092f3d1ada22cb05ac85383c",
"reference": "1dd42b9b89556f18092f3d1ada22cb05ac85383c",
"shasum": ""
},
"require": {
"php": ">=5.3.3",
"symfony/polyfill-util": "~1.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Php56\\": ""
},
"files": [
"bootstrap.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Nicolas Grekas",
"email": "p@tchwork.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions",
"homepage": "https://symfony.com",
"keywords": [
"compatibility",
"polyfill",
"portable",
"shim"
],
"time": "2016-11-14T01:06:16+00:00"
},
{
"name": "symfony/polyfill-util",
"version": "v1.3.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-util.git",
"reference": "746bce0fca664ac0a575e465f65c6643faddf7fb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/polyfill-util/zipball/746bce0fca664ac0a575e465f65c6643faddf7fb",
"reference": "746bce0fca664ac0a575e465f65c6643faddf7fb",
"shasum": ""
},
"require": {
"php": ">=5.3.3"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "1.3-dev"
}
},
"autoload": {
"psr-4": {
"Symfony\\Polyfill\\Util\\": ""
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Nicolas Grekas",
"email": "p@tchwork.com"
},
{
"name": "Symfony Community",
"homepage": "https://symfony.com/contributors"
}
],
"description": "Symfony utilities for portability of PHP codes",
"homepage": "https://symfony.com",
"keywords": [
"compat",
"compatibility",
"polyfill",
"shim"
],
"time": "2016-11-14T01:06:16+00:00"
} }
], ],
"packages-dev": [], "packages-dev": [],

77
index.php
View File

@ -6,48 +6,52 @@ require_once __DIR__ . "/lib/login.php";
/* Authenticate user */ /* Authenticate user */
$userpass_ok = false; $userpass_ok = false;
$multiauth = false; $multiauth = false;
if ($VARS['progress'] == "1") { if (checkLoginServer()) {
if (authenticate_user($VARS['username'], $VARS['password'])) { if ($VARS['progress'] == "1") {
switch (get_account_status($VARS['username'])) { if (authenticate_user($VARS['username'], $VARS['password'])) {
case "LOCKED_OR_DISABLED": switch (get_account_status($VARS['username'])) {
$alert = lang("account locked", false); case "LOCKED_OR_DISABLED":
break; $alert = lang("account locked", false);
case "TERMINATED": break;
$alert = lang("account terminated", false); case "TERMINATED":
break; $alert = lang("account terminated", false);
case "CHANGE_PASSWORD": break;
$alert = lang("password expired", false); case "CHANGE_PASSWORD":
case "NORMAL": $alert = lang("password expired", false);
$userpass_ok = true; case "NORMAL":
break; $userpass_ok = true;
case "ALERT_ON_ACCESS": break;
sendLoginAlertEmail($VARS['username']); case "ALERT_ON_ACCESS":
$userpass_ok = true; sendLoginAlertEmail($VARS['username']);
break; $userpass_ok = true;
break;
}
if ($userpass_ok) {
if (userHasTOTP($VARS['username'])) {
$multiauth = true;
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php');
die("Logged in, go to app.php");
}
}
} else {
$alert = lang("login incorrect", false);
} }
if ($userpass_ok) { } else if ($VARS['progress'] == "2") {
if (userHasTOTP($VARS['username'])) { if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
$multiauth = true; if (doLoginUser($VARS['username'])) {
} else {
doLoginUser($VARS['username'], $VARS['password']);
header('Location: app.php'); header('Location: app.php');
die("Logged in, go to app.php"); die("Logged in, go to app.php");
} else {
$alert = lang("login server user data error", false);
} }
}
} else {
$alert = lang("login incorrect", false);
}
} else if ($VARS['progress'] == "2") {
if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
if (doLoginUser($VARS['username'])) {
header('Location: app.php');
die("Logged in, go to app.php");
} else { } else {
$alert = lang("login server user data error", false); $alert = lang("2fa incorrect", false);
} }
} else {
$alert = lang("2fa incorrect", false);
} }
} else {
$alert = lang("login server unavailable", false);
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
@ -60,6 +64,7 @@ if ($VARS['progress'] == "1") {
<title><?php echo SITE_TITLE; ?></title> <title><?php echo SITE_TITLE; ?></title>
<link href="static/css/bootstrap.min.css" rel="stylesheet"> <link href="static/css/bootstrap.min.css" rel="stylesheet">
<link href="static/css/font-awesome.min.css" rel="stylesheet">
<link href="static/css/app.css" rel="stylesheet"> <link href="static/css/app.css" rel="stylesheet">
</head> </head>
<body> <body>
@ -83,7 +88,7 @@ if ($VARS['progress'] == "1") {
if (!is_empty($alert)) { if (!is_empty($alert)) {
?> ?>
<div class="alert alert-danger"> <div class="alert alert-danger">
<?php echo $alert; ?> <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
</div> </div>
<?php <?php
} }

1
lang/en_us.php
View File

@ -9,6 +9,7 @@ define("STRINGS", [
"2fa prompt" => "Enter the six-digit code from your mobile authenticator app.", "2fa prompt" => "Enter the six-digit code from your mobile authenticator app.",
"2fa incorrect" => "Authentication code incorrect.", "2fa incorrect" => "Authentication code incorrect.",
"login incorrect" => "Login incorrect.", "login incorrect" => "Login incorrect.",
"login server unavailable" => "Login server unavailable. Try again later or contact technical support.",
"account locked" => "This account has been disabled. Contact technical support.", "account locked" => "This account has been disabled. Contact technical support.",
"password expired" => "You must change your password before continuing.", "password expired" => "You must change your password before continuing.",
"account terminated" => "Account terminated. Access denied.", "account terminated" => "Account terminated. Access denied.",

28
lang/messages.php
View File

@ -1,38 +1,10 @@
<?php <?php
define("MESSAGES", [ define("MESSAGES", [
"old_password_mismatch" => [
"string" => "current password incorrect",
"type" => "danger"
],
"new_password_mismatch" => [
"string" => "new password mismatch",
"type" => "danger"
],
"weak_password" => [
"string" => "weak password",
"type" => "danger"
],
"password_updated" => [
"string" => "password updated",
"type" => "success"
],
"2fa_removed" => [
"string" => "2fa removed",
"type" => "success"
],
"2fa_enabled" => [
"string" => "2fa enabled",
"type" => "success"
],
"invalid_parameters" => [ "invalid_parameters" => [
"string" => "invalid parameters", "string" => "invalid parameters",
"type" => "danger" "type" => "danger"
], ],
"password_500" => [
"string" => "password on 500 list",
"type" => "danger"
],
"account_state_error" => [ "account_state_error" => [
"string" => "account state error", "string" => "account state error",
"type" => "danger" "type" => "danger"

32
lib/login.php
View File

@ -3,6 +3,38 @@
/** /**
* Authentication and account functions. Connects to a Portal instance. * Authentication and account functions. Connects to a Portal instance.
*/ */
/**
* Check the login server API for sanity
* @return boolean true if OK, else false
*/
function checkLoginServer() {
try {
$client = new GuzzleHttp\Client();
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => PORTAL_KEY,
'action' => "ping"
]
]);
if ($response->getStatusCode() != 200) {
return false;
}
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") {
return true;
} else {
return false;
}
} catch (Exception $e) {
return false;
}
}
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
// Account handling // // Account handling //
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////

522
lib/worst_passwords.php
View File

@ -1,522 +0,0 @@
<?php
/*
* 500 most common passwords, to be used in stopping idiots from having really bad passwords.
* Source: https://github.com/danielmiessler/SecLists/blob/master/Passwords/500-worst-passwords.txt
*/
/**
* Checks a given password against the list of the 500 most common passwords.
* @param string $search the password to check
* @return false if not found, the password ranking if found
*/
function checkWorst500List($search) {
$worst_password_list = [
"123456",
"password",
"12345678",
"1234",
"pussy",
"12345",
"dragon",
"qwerty",
"696969",
"mustang",
"letmein",
"baseball",
"master",
"michael",
"football",
"shadow",
"monkey",
"abc123",
"pass",
"fuckme",
"6969",
"jordan",
"harley",
"ranger",
"iwantu",
"jennifer",
"hunter",
"fuck",
"2000",
"test",
"batman",
"trustno1",
"thomas",
"tigger",
"robert",
"access",
"love",
"buster",
"1234567",
"soccer",
"hockey",
"killer",
"george",
"sexy",
"andrew",
"charlie",
"superman",
"asshole",
"fuckyou",
"dallas",
"jessica",
"panties",
"pepper",
"1111",
"austin",
"william",
"daniel",
"golfer",
"summer",
"heather",
"hammer",
"yankees",
"joshua",
"maggie",
"biteme",
"enter",
"ashley",
"thunder",
"cowboy",
"silver",
"richard",
"fucker",
"orange",
"merlin",
"michelle",
"corvette",
"bigdog",
"cheese",
"matthew",
"121212",
"patrick",
"martin",
"freedom",
"ginger",
"blowjob",
"nicole",
"sparky",
"yellow",
"camaro",
"secret",
"dick",
"falcon",
"taylor",
"111111",
"131313",
"123123",
"bitch",
"hello",
"scooter",
"please",
"porsche",
"guitar",
"chelsea",
"black",
"diamond",
"nascar",
"jackson",
"cameron",
"654321",
"computer",
"amanda",
"wizard",
"xxxxxxxx",
"money",
"phoenix",
"mickey",
"bailey",
"knight",
"iceman",
"tigers",
"purple",
"andrea",
"horny",
"dakota",
"aaaaaa",
"player",
"sunshine",
"morgan",
"starwars",
"boomer",
"cowboys",
"edward",
"charles",
"girls",
"booboo",
"coffee",
"xxxxxx",
"bulldog",
"ncc1701",
"rabbit",
"peanut",
"john",
"johnny",
"gandalf",
"spanky",
"winter",
"brandy",
"compaq",
"carlos",
"tennis",
"james",
"mike",
"brandon",
"fender",
"anthony",
"blowme",
"ferrari",
"cookie",
"chicken",
"maverick",
"chicago",
"joseph",
"diablo",
"sexsex",
"hardcore",
"666666",
"willie",
"welcome",
"chris",
"panther",
"yamaha",
"justin",
"banana",
"driver",
"marine",
"angels",
"fishing",
"david",
"maddog",
"hooters",
"wilson",
"butthead",
"dennis",
"fucking",
"captain",
"bigdick",
"chester",
"smokey",
"xavier",
"steven",
"viking",
"snoopy",
"blue",
"eagles",
"winner",
"samantha",
"house",
"miller",
"flower",
"jack",
"firebird",
"butter",
"united",
"turtle",
"steelers",
"tiffany",
"zxcvbn",
"tomcat",
"golf",
"bond007",
"bear",
"tiger",
"doctor",
"gateway",
"gators",
"angel",
"junior",
"thx1138",
"porno",
"badboy",
"debbie",
"spider",
"melissa",
"booger",
"1212",
"flyers",
"fish",
"porn",
"matrix",
"teens",
"scooby",
"jason",
"walter",
"cumshot",
"boston",
"braves",
"yankee",
"lover",
"barney",
"victor",
"tucker",
"princess",
"mercedes",
"5150",
"doggie",
"zzzzzz",
"gunner",
"horney",
"bubba",
"2112",
"fred",
"johnson",
"xxxxx",
"tits",
"member",
"boobs",
"donald",
"bigdaddy",
"bronco",
"penis",
"voyager",
"rangers",
"birdie",
"trouble",
"white",
"topgun",
"bigtits",
"bitches",
"green",
"super",
"qazwsx",
"magic",
"lakers",
"rachel",
"slayer",
"scott",
"2222",
"asdf",
"video",
"london",
"7777",
"marlboro",
"srinivas",
"internet",
"action",
"carter",
"jasper",
"monster",
"teresa",
"jeremy",
"11111111",
"bill",
"crystal",
"peter",
"pussies",
"cock",
"beer",
"rocket",
"theman",
"oliver",
"prince",
"beach",
"amateur",
"7777777",
"muffin",
"redsox",
"star",
"testing",
"shannon",
"murphy",
"frank",
"hannah",
"dave",
"eagle1",
"11111",
"mother",
"nathan",
"raiders",
"steve",
"forever",
"angela",
"viper",
"ou812",
"jake",
"lovers",
"suckit",
"gregory",
"buddy",
"whatever",
"young",
"nicholas",
"lucky",
"helpme",
"jackie",
"monica",
"midnight",
"college",
"baby",
"cunt",
"brian",
"mark",
"startrek",
"sierra",
"leather",
"232323",
"4444",
"beavis",
"bigcock",
"happy",
"sophie",
"ladies",
"naughty",
"giants",
"booty",
"blonde",
"fucked",
"golden",
"0",
"fire",
"sandra",
"pookie",
"packers",
"einstein",
"dolphins",
"chevy",
"winston",
"warrior",
"sammy",
"slut",
"8675309",
"zxcvbnm",
"nipples",
"power",
"victoria",
"asdfgh",
"vagina",
"toyota",
"travis",
"hotdog",
"paris",
"rock",
"xxxx",
"extreme",
"redskins",
"erotic",
"dirty",
"ford",
"freddy",
"arsenal",
"access14",
"wolf",
"nipple",
"iloveyou",
"alex",
"florida",
"eric",
"legend",
"movie",
"success",
"rosebud",
"jaguar",
"great",
"cool",
"cooper",
"1313",
"scorpio",
"mountain",
"madison",
"987654",
"brazil",
"lauren",
"japan",
"naked",
"squirt",
"stars",
"apple",
"alexis",
"aaaa",
"bonnie",
"peaches",
"jasmine",
"kevin",
"matt",
"qwertyui",
"danielle",
"beaver",
"4321",
"4128",
"runner",
"swimming",
"dolphin",
"gordon",
"casper",
"stupid",
"shit",
"saturn",
"gemini",
"apples",
"august",
"3333",
"canada",
"blazer",
"cumming",
"hunting",
"kitty",
"rainbow",
"112233",
"arthur",
"cream",
"calvin",
"shaved",
"surfer",
"samson",
"kelly",
"paul",
"mine",
"king",
"racing",
"5555",
"eagle",
"hentai",
"newyork",
"little",
"redwings",
"smith",
"sticky",
"cocacola",
"animal",
"broncos",
"private",
"skippy",
"marvin",
"blondes",
"enjoy",
"girl",
"apollo",
"parker",
"qwert",
"time",
"sydney",
"women",
"voodoo",
"magnum",
"juice",
"abgrtyu",
"777777",
"dreams",
"maxwell",
"music",
"rush2112",
"russia",
"scorpion",
"rebecca",
"tester",
"mistress",
"phantom",
"billy",
"6666",
"albert"
];
$index = array_search($search, $worst_password_list);
if ($index === FALSE) {
return false;
} else {
return $index + 1;
}
}

39
required.php
View File

@ -10,7 +10,6 @@ header('Content-Type: text/html; charset=utf-8');
// l33t $ecurity h4x // l33t $ecurity h4x
header('X-Content-Type-Options: nosniff'); header('X-Content-Type-Options: nosniff');
header('X-XSS-Protection: 1; mode=block'); header('X-XSS-Protection: 1; mode=block');
header('X-Powered-By: Late-night coding frenzies (plz send caffeine, thx)');
$session_length = 60 * 60; // 1 hour $session_length = 60 * 60; // 1 hour
session_set_cookie_params($session_length, "/", null, false, true); session_set_cookie_params($session_length, "/", null, false, true);
@ -127,35 +126,6 @@ function lang2($key, $replace, $echo = true) {
} }
} }
/**
* Checks if an email address is valid.
* @param string $email Email to check
* @return boolean True if email passes validation, else false.
*/
function isValidEmail($email) {
return filter_var($email, FILTER_VALIDATE_EMAIL);
}
/**
* Hashes the given plaintext password
* @param String $password
* @return String the hash, using bcrypt
*/
function encryptPassword($password) {
return password_hash($password, PASSWORD_BCRYPT);
}
/**
* Securely verify a password and its hash
* @param String $password
* @param String $hash the hash to compare to
* @return boolean True if password OK, else false
*/
function comparePassword($password, $hash) {
return password_verify($password, $hash);
}
function dieifnotloggedin() { function dieifnotloggedin() {
if ($_SESSION['loggedin'] != true) { if ($_SESSION['loggedin'] != true) {
sendError("Session expired. Please log out and log in again."); sendError("Session expired. Please log out and log in again.");
@ -211,16 +181,9 @@ if (!function_exists('base_url')) {
} }
function redirectToPageId($id, $args, $dontdie) {
header('Location: ' . URL . '?id=' . $id . $args);
if (is_null($dontdie)) {
die("Please go to " . URL . '?id=' . $id . $args);
}
}
function redirectIfNotLoggedIn() { function redirectIfNotLoggedIn() {
if ($_SESSION['loggedin'] !== TRUE) { if ($_SESSION['loggedin'] !== TRUE) {
header('Location: ' . URL . '/login.php'); header('Location: ' . URL . '/index.php');
die(); die();
} }
} }