public static function registerData($email, $password) { //$hashPass = crypt($password); $crypt = new Mcrypt(); $hashPass = $crypt->encrypt($password); $newUser = $email . "\t" . $hashPass . "\n"; if (file_put_contents(self::$userLogFile, $newUser, FILE_APPEND) && self::createDirectory($email)) { return true; } else { ErrorLogHandling::register("Wrong registration process, catch line: " . __LINE__ . " ,method: " . __METHOD__ . " ,class: " . get_class($this)); return false; } }
public function action_lostPass() { $data = AccountData::getAccountData($this->post['email_user']); if ($data) { $crypt = new Mcrypt(); $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; $email_body = "<p style='font-size: 12px; font-family: Tahoma;'>Dear User, <br>" . "<br> User email:<b> " . $this->post['email_user'] . "</b> " . "<br> Password:<b> " . trim($crypt->decrypt($data['pass'])) . "</b><br>\n <p style='font-size: 10px; font-family: Tahoma; color: #0B72B5;'>This email was generated automatically, do not reply to.</p>"; mail($post['email_user'], 'Forgot password to the DRUtES application.', $email_body, $headers); $this->msg = 'Temporary password has been sent to email.'; return []; } else { $this->msg = 'The email address does not exist.'; return []; } }
public function _make_file_proxy($file_path) { if (!file_exists($file_path)) { return ''; } if (!$GLOBALS['is_root'] && $GLOBALS['auth']['explorer:fileDownload'] != 1) { return ''; } load_class('mcrypt'); $pass = $GLOBALS['config']['setting_system']['system_password']; $fid = Mcrypt::encode($file_path, $pass, $GLOBALS['config']['settings']['download_url_time']); //文件对外界公开的地址;有效期在user_setting.php中设定;末尾追加文件名为了kod远程下载 $file_name = urlencode(get_path_this($file_path)); return APPHOST . 'index.php?user/public_link&fid=' . $fid . '&file_name=/' . $file_name; }
function save($id, $vars, &$errors) { global $cfg; //very basic checks $vars['name'] = Format::striptags(trim($vars['name'])); if ($id && $id != $vars['id']) { $errors['err'] = 'Internal error. Get technical help.'; } if (!$vars['email'] || !Validator::is_email($vars['email'])) { $errors['email'] = 'Valid email required'; } elseif (($eid = Email::getIdByEmail($vars['email'])) && $eid != $id) { $errors['email'] = 'Email already exits'; } elseif ($cfg && !strcasecmp($cfg->getAdminEmail(), $vars['email'])) { $errors['email'] = 'Email already used as admin email!'; } elseif (Staff::getIdByEmail($vars['email'])) { //make sure the email doesn't belong to any of the staff $errors['email'] = 'Email in-use by a staff member'; } if (!$vars['name']) { $errors['name'] = 'Email name required'; } if ($vars['mail_active'] || $vars['smtp_active'] && $vars['smtp_auth']) { if (!$vars['userid']) { $errors['userid'] = 'Username missing'; } if (!$id && !$vars['passwd']) { $errors['passwd'] = 'Password required'; } } if ($vars['mail_active']) { //Check pop/imapinfo only when enabled. if (!function_exists('imap_open')) { $errors['mail_active'] = 'IMAP doesn\'t exist. PHP must be compiled with IMAP enabled.'; } if (!$vars['mail_host']) { $errors['mail_host'] = 'Host name required'; } if (!$vars['mail_port']) { $errors['mail_port'] = 'Port required'; } if (!$vars['mail_protocol']) { $errors['mail_protocol'] = 'Select protocol'; } if (!$vars['mail_fetchfreq'] || !is_numeric($vars['mail_fetchfreq'])) { $errors['mail_fetchfreq'] = 'Fetch interval required'; } if (!$vars['mail_fetchmax'] || !is_numeric($vars['mail_fetchmax'])) { $errors['mail_fetchmax'] = 'Maximum emails required'; } if (!$vars['dept_id'] || !is_numeric($vars['dept_id'])) { $errors['dept_id'] = 'You must select a Dept.'; } if (!$vars['priority_id']) { $errors['priority_id'] = 'You must select a priority'; } if (!isset($vars['postfetch'])) { $errors['postfetch'] = 'Indicate what to do with fetched emails'; } elseif (!strcasecmp($vars['postfetch'], 'archive')) { if (!$vars['mail_archivefolder']) { $errors['postfetch'] = 'Valid folder required'; } } } if ($vars['smtp_active']) { if (!$vars['smtp_host']) { $errors['smtp_host'] = 'Host name required'; } if (!$vars['smtp_port']) { $errors['smtp_port'] = 'Port required'; } } //abort on errors if ($errors) { return false; } if (!$errors && ($vars['mail_host'] && $vars['userid'])) { $sql = 'SELECT email_id FROM ' . EMAIL_TABLE . ' WHERE mail_host=' . db_input($vars['mail_host']) . ' AND userid=' . db_input($vars['userid']); if ($id) { $sql .= ' AND email_id!=' . db_input($id); } if (db_num_rows(db_query($sql))) { $errors['userid'] = $errors['host'] = 'Host/userid combination already in-use.'; } } $passwd = $vars['passwd'] ? $vars['passwd'] : $vars['cpasswd']; if (!$errors && $vars['mail_active']) { //note: password is unencrypted at this point...MailFetcher expect plain text. $fetcher = new MailFetcher($vars['userid'], $passwd, $vars['mail_host'], $vars['mail_port'], $vars['mail_protocol'], $vars['mail_encryption']); if (!$fetcher->connect()) { $errors['err'] = 'Invalid login. Check ' . Format::htmlchars($vars['mail_protocol']) . ' settings'; $errors['mail'] = '<br>' . $fetcher->getLastError(); } elseif ($vars['mail_archivefolder'] && !$fetcher->checkMailbox($vars['mail_archivefolder'], true)) { $errors['postfetch'] = 'Invalid or unknown mail folder! >> ' . $fetcher->getLastError() . ''; if (!$errors['mail']) { $errors['mail'] = 'Invalid or unknown archive folder!'; } } } if (!$errors && $vars['smtp_active']) { //Check SMTP login only. require_once 'Mail.php'; // PEAR Mail package $smtp = mail::factory('smtp', array('host' => $vars['smtp_host'], 'port' => $vars['smtp_port'], 'auth' => $vars['smtp_auth'] ? true : false, 'username' => $vars['userid'], 'password' => $passwd, 'timeout' => 20, 'debug' => false)); $mail = $smtp->connect(); if (PEAR::isError($mail)) { $errors['err'] = 'Unable to login. Check SMTP settings.'; $errors['smtp'] = '<br>' . $mail->getMessage(); } else { $smtp->disconnect(); //Thank you, sir! } } if ($errors) { return false; } //Default to default priority and dept.. if (!$vars['priority_id'] && $cfg) { $vars['priority_id'] = $cfg->getDefaultPriorityId(); } if (!$vars['dept_id'] && $cfg) { $vars['dept_id'] = $cfg->getDefaultDeptId(); } $sql = 'updated=NOW(),mail_errors=0, mail_lastfetch=NULL' . ',email=' . db_input($vars['email']) . ',name=' . db_input(Format::striptags($vars['name'])) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',noautoresp=' . db_input(isset($vars['noautoresp']) ? 1 : 0) . ',userid=' . db_input($vars['userid']) . ',mail_active=' . db_input($vars['mail_active']) . ',mail_host=' . db_input($vars['mail_host']) . ',mail_protocol=' . db_input($vars['mail_protocol'] ? $vars['mail_protocol'] : 'POP') . ',mail_encryption=' . db_input($vars['mail_encryption']) . ',mail_port=' . db_input($vars['mail_port'] ? $vars['mail_port'] : 0) . ',mail_fetchfreq=' . db_input($vars['mail_fetchfreq'] ? $vars['mail_fetchfreq'] : 0) . ',mail_fetchmax=' . db_input($vars['mail_fetchmax'] ? $vars['mail_fetchmax'] : 0) . ',smtp_active=' . db_input($vars['smtp_active']) . ',smtp_host=' . db_input($vars['smtp_host']) . ',smtp_port=' . db_input($vars['smtp_port'] ? $vars['smtp_port'] : 0) . ',smtp_auth=' . db_input($vars['smtp_auth']) . ',smtp_spoofing=' . db_input(isset($vars['smtp_spoofing']) ? 1 : 0) . ',notes=' . db_input($vars['notes']); //Post fetch email handling... if ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'delete')) { $sql .= ',mail_delete=1,mail_archivefolder=NULL'; } elseif ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'archive') && $vars['mail_archivefolder']) { $sql .= ',mail_delete=0,mail_archivefolder=' . db_input($vars['mail_archivefolder']); } else { $sql .= ',mail_delete=0,mail_archivefolder=NULL'; } if ($vars['passwd']) { //New password - encrypt. $sql .= ',userpass='******'passwd'], SECRET_SALT)); } if ($id) { //update $sql = 'UPDATE ' . EMAIL_TABLE . ' SET ' . $sql . ' WHERE email_id=' . db_input($id); if (db_query($sql) && db_affected_rows()) { return true; } $errors['err'] = 'Unable to update email. Internal error occurred'; } else { $sql = 'INSERT INTO ' . EMAIL_TABLE . ' SET ' . $sql . ',created=NOW()'; if (db_query($sql) && ($id = db_insert_id())) { return $id; } $errors['err'] = 'Unable to add email. Internal error'; } return false; }
/** * Converts an encoded hash to the original value * @param string $hash * @param string $key * @return string Decrypted string */ public static function decode_hash($hash, $key = NULL) { if ($key === NULL) { $key = self::$key; } return Mcrypt::decrypt($hash, NULL, NULL, $key); }
public function public_link() { load_class('mcrypt'); $pass = $this->config['setting_system']['system_password']; $path = Mcrypt::decode($this->in['fid'], $pass); //一天内解密有效 if (strlen($path) == 0) { show_json($this->L['error'], false); } if (!file_exists($path)) { show_tips($this->L['not_exists']); } file_put_out($path); }
public function makeFileProxy() { load_class('mcrypt'); $pass = $this->config['setting_system']['system_password']; $fid = Mcrypt::encode($this->path, $pass, 60 * 50 * 24); show_json($fid); }
} #使用APP調用API if ($model == 'AppApi') { header('Content-Type: application/json; charset=utf-8'); $eventobj = !empty($_POST['event']) ? $_POST['event'] : ''; if (empty($eventobj)) { $errinfo = array('status' => 1, 'msg' => 'no data.', 'alert' => '貼心提醒:APP請更新至最新版或再重新嘗試一次'); print_r(json_encode($errinfo)); exit; } else { #紀錄POST dbconn::postlog($eventobj); #解密 $key = 'FD91861EE35E838D'; $mode = MCRYPT_MODE_ECB; $mcrypt = new Mcrypt(); $mcrypt->setkey($key); $mcrypt->setMode($mode); if (!isJson($eventobj)) { $errinfo = array('status' => 2, 'msg' => 'data err.', 'alert' => '貼心提醒:APP請更新至最新版或再重新嘗試一次'); print_r(json_encode($errinfo)); exit; } $eventarray = json_decode($eventobj); if (!empty($eventarray->user_id)) { $infoarray['user_id'] = $mcrypt->testdecrypt($key, $eventarray->user_id); } if (!empty($eventarray->device_id)) { $infoarray['device_id'] = $mcrypt->testdecrypt($key, $eventarray->device_id); } if (empty($infoarray['user_id']) or empty($infoarray['device_id'])) {
/** * Instantiate crypt model * * @param string $key * @return Crypt_Mcrypt */ protected function _getCrypt($key = null) { if (!$this->_crypt) { $crypt = new Mcrypt(); $this->_crypt = $crypt->init($key); } return $this->_crypt; }
public function _make_file_proxy($file_path) { if (!file_exists($file_path)) { return ''; } if (!$GLOBALS['is_root'] && $GLOBALS['auth']['explorer:fileDownload'] != 1) { return ''; } load_class('mcrypt'); $pass = $GLOBALS['config']['setting_system']['system_password']; $fid = Mcrypt::encode($file_path, $pass, $GLOBALS['config']['settings']['download_url_time']); //Documents outside public address; valid set of user setting.php; append the file name of the remote download kod $file_name = urlencode(get_path_this($file_path)); return APPHOST . 'index.php?user/public_link&fid=' . $fid . '&file_name=/' . $file_name; }
public function _make_file_proxy($file_path) { if (!file_exists($file_path)) { return ''; } load_class('mcrypt'); $pass = $GLOBALS['config']['setting_system']['system_password']; $fid = Mcrypt::encode($file_path, $pass, $GLOBALS['config']['settings']['download_url_time']); $file_name = urlencode(get_path_this($file_path)); return APPHOST . 'index.php?user/public_link&fid=' . $fid . '&file_name=/' . $file_name; }