Beispiel #1
0
 /**
  * Authenticate user as admin
  *
  * @param string $username
  * @param string $password
  * @return bool
  */
 private function _authenticate($username, $password)
 {
     $hash_password = '';
     if (!empty($username)) {
         // Fetch salt
         if (($user = $GLOBALS['db']->select('CubeCart_admin_users', array('admin_id', 'password', 'salt', 'new_password'), array('username' => $username, 'status' => '1'), null, 1)) !== false) {
             if (empty($user[0]['salt'])) {
                 // Generate Salt
                 $salt = Password::getInstance()->createSalt();
                 //Update it to the newer MD5 so we can fix it later
                 $pass = Password::getInstance()->updateOld($user[0]['password'], $salt);
                 $update = array('salt' => $salt, 'password' => $pass, 'new_password' => 0);
                 if ($GLOBALS['db']->update('CubeCart_admin_users', $update, array('admin_id' => (int) $user[0]['admin_id']))) {
                     $hash_password = $pass;
                 }
             } else {
                 if ($user[0]['new_password'] == 1) {
                     //Get the salted new password
                     $hash_password = Password::getInstance()->getSalted($password, $user[0]['salt']);
                 } else {
                     //Get the salted old password
                     $hash_password = Password::getInstance()->getSaltedOld($password, $user[0]['salt']);
                 }
             }
         } else {
             $GLOBALS['gui']->setError($GLOBALS['language']->account['error_login']);
             return false;
         }
         $result = $GLOBALS['db']->select('CubeCart_admin_users', array('admin_id', 'customer_id', 'logins', 'new_password'), array('username' => $username, 'password' => $hash_password, 'status' => '1'));
         $GLOBALS['session']->blocker($username, 0, (bool) $result, Session::BLOCKER_BACKEND, $GLOBALS['config']->get('config', 'bfattempts'), $GLOBALS['config']->get('config', 'bftime'));
         if ($result) {
             if (!$GLOBALS['session']->blocked()) {
                 $this->_logged_in = true;
                 $update = array('blockTime' => 0, 'browser' => htmlspecialchars($_SERVER['HTTP_USER_AGENT']), 'failLevel' => 0, 'session_id' => $GLOBALS['session']->getId(), 'ip_address' => get_ip_address(), 'verify' => '', 'lastTime' => time(), 'logins' => $result[0]['logins'] + 1);
                 if ($result[0]['new_password'] != 1) {
                     $salt = Password::getInstance()->createSalt();
                     $pass = Password::getInstance()->getSalted($password, $salt);
                     $update = array_merge($update, array('salt' => $salt, 'password' => $pass, 'new_password' => 1));
                 }
                 $GLOBALS['db']->update('CubeCart_admin_users', $update, array('admin_id' => $result[0]['admin_id']));
                 $GLOBALS['session']->set('admin_id', $result[0]['admin_id'], 'client');
                 $this->_load();
             } else {
                 $minutes_blocked = ceil($GLOBALS['config']->get('config', 'bftime') / 60);
                 $GLOBALS['gui']->setError(sprintf('Too many invalid logins have been made. Access has been blocked for %s minutes.', $minutes_blocked));
             }
         } else {
             if (!$GLOBALS['session']->blocked()) {
                 if (($user = $GLOBALS['db']->select('CubeCart_admin_users', false, array('username' => $_POST['username']))) !== false) {
                     if ($user[0]['blockTime'] > 0 && $user[0]['blockTime'] < time()) {
                         // reset fail level and time
                         $newdata['failLevel'] = 1;
                         $newdata['blockTime'] = 0;
                     } else {
                         if ($user[0]['failLevel'] == $GLOBALS['config']->get('config', 'bfattempts') - 1) {
                             $timeAgo = time() - $GLOBALS['config']->get('config', 'bftime');
                             if ($user[0]['lastTime'] < $timeAgo) {
                                 $newdata['failLevel'] = 1;
                                 $newdata['blockTime'] = 0;
                             } else {
                                 // block the account
                                 $newdata['failLevel'] = $GLOBALS['config']->get('config', 'bfattempts');
                                 $newdata['blockTime'] = time() + $GLOBALS['config']->get('config', 'bftime');
                             }
                         } else {
                             if ($user[0]['blockTime'] < time()) {
                                 $timeAgo = time() - $GLOBALS['config']->get('config', 'bftime');
                                 $newdata['failLevel'] = $user[0]['lastTime'] < $timeAgo ? 1 : $user[0]['failLevel'] + 1;
                                 $newdata['blockTime'] = 0;
                             } else {
                                 // Display Blocked message
                                 $GLOBALS['gui']->setError(sprintf($GLOBALS['language']->account['error_login_block']($GLOBALS['config']->get('config', 'bftime') / 60)));
                                 $this->_blocked = true;
                             }
                         }
                     }
                     if (isset($newdata)) {
                         $newdata['lastTime'] = time();
                         $GLOBALS['db']->update('CubeCart_admin_users', $newdata, array('admin_id' => $user[0]['admin_id']));
                     }
                 }
                 $GLOBALS['gui']->setError($GLOBALS['language']->account['error_login']);
             } else {
                 $minutes_blocked = ceil($GLOBALS['config']->get('config', 'bftime') / 60);
                 $GLOBALS['gui']->setError(sprintf('Too many invalid logins have been made. Access has been blocked for %s minutes.', $minutes_blocked));
             }
         }
         if (!$GLOBALS['session']->blocked()) {
             $redir = '';
             if (isset($_GET['redir']) && !empty($_GET['redir'])) {
                 $redir = $_GET['redir'];
             } else {
                 if (isset($_POST['redir']) && !empty($_POST['redir'])) {
                     $redir = $_POST['redir'];
                 } else {
                     if ($GLOBALS['session']->has('redir')) {
                         $redir = $GLOBALS['session']->get('redir');
                     } else {
                         if ($GLOBALS['session']->has('back')) {
                             $redir = $GLOBALS['session']->get('back');
                         }
                     }
                 }
             }
             if (!empty($redir)) {
                 if (preg_match('#^http#iU', $redir)) {
                     // Prevent phishing attacks, or anything untoward, unless it's redirecting back to this store
                     if (substr($redir, 0, strlen(CC_STORE_URL)) == CC_STORE_URL || substr($redir, 0, strlen($GLOBALS['config']->get('config', 'ssl_url'))) == $GLOBALS['config']->get('config', 'ssl_url')) {
                         // All good, proceed
                     } else {
                         trigger_error(sprintf("Possible Phishing attack - Redirection to '%s' is not allowed.", $redir));
                         $redir = '';
                         if ($GLOBALS['session']->has('back') && $redir == $GLOBALS['session']->get('back')) {
                             $GLOBALS['session']->delete('back');
                         }
                         if ($GLOBALS['session']->has('redir') && $redir == $GLOBALS['session']->get('redir')) {
                             $GLOBALS['session']->delete('redir');
                         }
                     }
                 }
             }
             httpredir(isset($redir) && !empty($redir) ? $redir : $GLOBALS['rootRel'] . $GLOBALS['config']->get('config', 'adminFile'));
         } else {
             $minutes_blocked = ceil($GLOBALS['config']->get('config', 'bftime') / 60);
             $GLOBALS['gui']->setError(sprintf('Too many invalid logins have been made. Access has been blocked for %s minutes.', $minutes_blocked));
         }
     } else {
         $GLOBALS['gui']->setError($GLOBALS['language']->account['error_login']);
     }
     return false;
 }
Beispiel #2
0
<!DOCTYPE html>
<html>
<head>
<title>Password Factory</title>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="./css/xxx.css">
</head>
<body>
	<header>
		<h1>パスワード生成</h1>
	</header>
	<?php 
require_once './class/password/makePassword.php';
require_once '/class/table/passwordTable.php';
$passMaker = Password::getInstance();
//生成ボタン押下
if (isset($_POST['generate'])) {
    try {
        $passMaker->setPassArray($_POST['number'], $_POST['digit'], $_POST['style']);
        $passValue = $passMaker->getPass();
    } catch (Exception $e) {
        die($e->getMessage());
    }
} else {
    try {
        $passMaker->setPassArray(6, 6, 1);
        $passValue = $passMaker->getPass();
    } catch (Exception $e) {
        die($e->getMessage());
    }
}
Beispiel #3
0
 /**
  * Register a new user with //SemperFi Hack from http://www.cubecartforums.org/index.php?showtopic=17937 STOP HACKERS
  *
  * @return bool
  */
 public function registerUser()
 {
     // Validation
     $error = false;
     foreach ($GLOBALS['hooks']->load('class.user.register_user') as $hook) {
         include $hook;
     }
     //Validate email
     if (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) {
         $GLOBALS['gui']->setError($GLOBALS['language']->common['error_email_invalid']);
         $error['email'] = true;
     } else {
         // check for duplicates
         if ($existing = $GLOBALS['db']->select('CubeCart_customer', array('email', 'type', 'customer_id'), array('email' => strtolower($_POST['email'])))) {
             if ($existing[0]['type'] == 1) {
                 $GLOBALS['gui']->setError($GLOBALS['language']->account['error_email_in_use']);
                 $error['dupe'] = true;
             }
         }
     }
     if (!empty($_POST['password'])) {
         if ($_POST['password'] !== $_POST['passconf']) {
             $GLOBALS['gui']->setError($GLOBALS['language']->account['error_password_mismatch']);
             $error['pass'] = true;
         }
     } else {
         $GLOBALS['gui']->setError($GLOBALS['language']->account['error_password_empty']);
         $error['nopass'] = true;
     }
     if (empty($_POST['first_name']) || empty($_POST['last_name'])) {
         $GLOBALS['gui']->setError($GLOBALS['language']->account['error_name_required']);
         $error['name'] = true;
     }
     if ($GLOBALS['config']->get('config', 'recaptcha') && !$GLOBALS['session']->get('confirmed', 'recaptcha')) {
         if (($message = $GLOBALS['session']->get('error', 'recaptcha')) === false) {
             //If the error message from recaptcha fails for some reason:
             $GLOBALS['gui']->setError($GLOBALS['language']->form['verify_human_fail']);
         } else {
             $GLOBALS['gui']->setError($GLOBALS['session']->get('error', 'recaptcha'));
         }
         $error['recaptcha'] = true;
     }
     if ($terms = $GLOBALS['db']->select('CubeCart_documents', false, array('doc_terms' => '1'))) {
         if (isset($_POST['terms_agree']) !== true && !$GLOBALS['config']->get('config', 'disable_checkout_terms')) {
             $GLOBALS['gui']->setError($GLOBALS['language']->account['error_terms_agree']);
             $error['terms'] = true;
         }
     }
     if (!$error) {
         // Format data nicely from mr barney brimstock to Mr Barney Brimstock
         $_POST['title'] = ucwords($_POST['title']);
         $_POST['first_name'] = ucwords($_POST['first_name']);
         $_POST['last_name'] = ucwords($_POST['last_name']);
         // Register the user
         $_POST['salt'] = Password::getInstance()->createSalt();
         $_POST['password'] = Password::getInstance()->getSalted($_POST['password'], $_POST['salt']);
         $_POST['registered'] = time();
         if (($_POST['ip_address'] = get_ip_address()) === false) {
             $_POST['ip_address'] = 'Unknown';
         }
         // Get IP Address
         foreach ($GLOBALS['hooks']->load('class.user.register_user.insert') as $hook) {
             include $hook;
         }
         if ($existing[0]['type'] == 2) {
             $_POST['type'] = 1;
             $_POST['new_password'] = 1;
             $GLOBALS['db']->update('CubeCart_customer', $_POST, array('email' => strtolower($_POST['email'])));
             $insert = $existing[0]['customer_id'];
         } else {
             $insert = $GLOBALS['db']->insert('CubeCart_customer', $_POST);
         }
         foreach ($GLOBALS['hooks']->load('class.user.register_user.inserted') as $hook) {
             include $hook;
         }
         // Send welcome email
         if (($user = $GLOBALS['db']->select('CubeCart_customer', false, array('customer_id' => (int) $insert))) !== false) {
             if (isset($_POST['mailing_list'])) {
                 $subscribe = array('customer_id' => $user[0]['customer_id'], 'status' => 1, 'email' => $user[0]['email']);
                 $GLOBALS['db']->insert('CubeCart_newsletter_subscriber', $subscribe);
             }
         }
         if (!$GLOBALS['config']->get('config', 'email_confimation')) {
             $this->authenticate($_POST['email'], $_POST['passconf']);
         }
         return true;
     }
     return false;
 }
Beispiel #4
0
    }
    $file_name = ucfirst($module_name[0]) . ' ' . $lang['customer']['customer_export'] . ' ' . date("Ymd") . '.csv';
    $GLOBALS['debug']->supress(true);
    deliverFile(false, false, $external_report->_report_data, $file_name);
    exit;
}
if (isset($_POST['customer']) && is_array($_POST['customer']) && Admin::getInstance()->permissions('customers', CC_PERM_EDIT)) {
    $customer = $_POST['customer'];
    $customer_added = $customer_not_added = $customer_updated = false;
    // Reset password
    if (isset($customer['password']) && !empty($customer['password'])) {
        if ($customer['password'] === $customer['passconf']) {
            $salt = Password::getInstance()->createSalt();
            $customer['salt'] = $salt;
            $customer['new_password'] = 1;
            $customer['password'] = Password::getInstance()->getSalted($customer['password'], $salt);
        }
        //Or not
    } else {
        unset($customer['password']);
        unset($customer['passconf']);
    }
    // Format data nicely from mr barney brimstock to Mr Barney Brimstock
    $customer['title'] = ucwords($customer['title']);
    $customer['first_name'] = ucwords($customer['first_name']);
    $customer['last_name'] = ucwords($customer['last_name']);
    // Update/Add customer record
    if (isset($_POST['customer_id']) && is_numeric($_POST['customer_id'])) {
        foreach ($GLOBALS['hooks']->load('admin.customer.update') as $hook) {
            include $hook;
        }
Beispiel #5
0
$pwd = ob_get_clean();
print htmlentities($pwd);
?>
 
</pre> 

<hr /> 

<h1 id="example-007">Example 007. Silly random bitfields (contain only digits 0 and 1)</h1> 
<pre class="input_code"> 
&lt;?php 
require_once 'Password.php'; 
$pwd = Password::getInstance() 
       -&gt;setAlphabet(array(0, 1)) 
       -&gt;setDictionary() 
       -&gt;generate(array(32, 0), 3)); 
print_r($pwd); 
?&gt; 
</pre> 
<h2>Output:</h2> 
<pre class="output_code"> 
<?php 
ob_start();
print_r(Password::getInstance()->setAlphabet(array(0, 1))->setDictionary()->generate(array(32, 0), 3));
$pwd = ob_get_clean();
print htmlentities($pwd);
?>
 
</pre> 
</body> 
</html> 
Beispiel #6
0
         } else {
             // Incorrect host/user/pass
             $errors[] = $strings['setup']['error_db_incorrect_something'];
             unset($_POST['global']['dbhost'], $_POST['global']['dbusername'], $_POST['global']['dbpassword']);
         }
     }
     if ($validated && $mysql_connect) {
         // Set session variables, then proceed
         unset($_POST['global']['dbpassconf'], $_POST['admin']['passconf']);
         $_SESSION['setup']['progress'] = true;
         $_SESSION['setup']['droptable'] = isset($_POST['drop']) ? true : false;
         $global = array('installed' => true, 'adminFolder' => 'admin', 'adminFile' => 'admin.php');
         $_SESSION['setup']['global'] = array_merge($_POST['global'], $global);
         $_SESSION['setup']['config'] = $_POST['config'];
         $salt = Password::getInstance()->createSalt();
         $_SESSION['setup']['admin'] = array_merge($_POST['admin'], array('order_notify' => 1, 'super_user' => 1, 'status' => 1, 'salt' => $salt, 'language' => $_POST['config']['default_language'], 'password' => Password::getInstance()->getSalted($_POST['admin']['password'], $salt)));
         httpredir('index.php');
     }
     $GLOBALS['smarty']->assign('FORM', $_POST);
 }
 $currencies = array('USD' => 'US Dollar', 'GBP' => 'British Pound', 'EUR' => 'Euro', 'AUD' => 'Australian Dollar', 'BGN' => 'Bulgarian Lev', 'BRL' => 'Brazilian Real', 'CAD' => 'Canadian Dollar', 'CHF' => 'Swiss Franc', 'CNY' => 'Chinese Yuan', 'CZK' => 'Czech Koruna', 'DKK' => 'Danish Krone', 'EEK' => 'Estonian Kroon', 'HKD' => 'Hong Kong Dollar', 'HRK' => 'Croatian Kuna', 'HUF' => 'Hungarian Forint', 'IDR' => 'Indonesian Rupiah', 'INR' => 'Indian Rupee', 'JPY' => 'Japanese Yen', 'KRW' => 'South Korean Won', 'LTL' => 'Lithuanian Litas', 'LVL' => 'Latvian Lat', 'MXN' => 'Mexican Peso', 'MYR' => 'Malaysian Ringgit', 'NOK' => 'Norwegian Krone', 'NZD' => 'New Zealand Dollar', 'PHP' => 'Philippine Peso', 'PLN' => 'Polish Zloty', 'RON' => 'Romanian Leu', 'RUB' => 'Russian Ruble', 'SEK' => 'Swedish Krona', 'SGD' => 'Singapore Dollar', 'THB' => 'Thai Baht', 'TRY' => 'Turkish Lira', 'ZAR' => 'South African Rand');
 foreach ($currencies as $code => $name) {
     $selected = isset($_POST['config']['default_currency']) && $_POST['config']['default_currency'] == $code ? ' selected="selected"' : '';
     $list_currency[] = array('code' => $code, 'selected' => $selected, 'name' => !empty($name) ? $name : $code);
 }
 $GLOBALS['smarty']->assign('CURRENCIES', $list_currency);
 foreach ($languages as $option) {
     $option['selected'] = $option['code'] == $_SESSION['language'] ? ' selected="selected"' : '';
     $smarty_data['list_langs'][] = $option;
 }
 $GLOBALS['smarty']->assign('LANGUAGES', $smarty_data['list_langs']);
 public function FillCreateArray($crarray, $userid)
 {
     if (!is_array($crarray) || !is_numeric($userid)) {
         throw new Exception("Problems with create array or with user id");
     }
     $retarray = array();
     $user = User::getInstance();
     $user->id = $userid;
     for ($i = 0; $i < count($crarray); $i++) {
         switch ($crarray[$i]['type']) {
             case 'username':
                 $retarray['clientlogin'] = $user->GetUsername();
                 break;
             case 'password':
                 $retarray['clientpassword'] = Password::getInstance()->ProcessPassword();
                 break;
         }
     }
     return $retarray;
 }
         }
     }
     //If there only one super then don't allow demoting
     if ($record['super_user'] == '0' && $count <= 1 && Admin::getInstance()->superUser() && (int) $_POST['admin_id'] === (int) Admin::getInstance()->getId()) {
         $record['super_user'] = '******';
     }
     $record['new_password'] = 1;
     if ($GLOBALS['db']->update('CubeCart_admin_users', $record, array('admin_id' => $_POST['admin_id']))) {
         $updated = true;
     }
     $admin_id = $_POST['admin_id'];
 } else {
     ## Create new admin
     if (!empty($record['password'])) {
         $record['salt'] = Password::getInstance()->createSalt();
         $record['password'] = Password::getInstance()->getSalted($record['password'], $record['salt']);
         $record['status'] = 1;
         if ($GLOBALS['db']->insert('CubeCart_admin_users', $record)) {
             $admin_id = $GLOBALS['db']->insertid();
             $added = true;
             $GLOBALS['main']->setACPNotify($lang['admins']['notify_admin_create']);
         } else {
             ## no name added as it may be empty
             $GLOBALS['main']->setACPWarning($lang['common']['error_admin_create']);
         }
     }
 }
 ## Update Permissions
 $GLOBALS['db']->delete('CubeCart_permissions', array('admin_id' => $admin_id));
 if (isset($_POST['permission']) && is_array($_POST['permission']) && Admin::getInstance()->permissions('users', CC_PERM_FULL)) {
     foreach ($_POST['permission'] as $section => $mask) {