public static function remember($user)
{
//We need a user, but we won't remember the admin user.
//if ($user && $user->id > 0 && !in_array('superadmin', $user->roles)) {
if ($user && $user->id > 0) {
$random = get_random('number');
$persist = new PersistUserObj();
$data = array('user_id' => $user->id, 'random' => $random);
if ($persist->create($data)) {
$query = new SelectQuery('PersistUser');
$query->field('MD5(CONCAT(`id`, `user_id`, `random`))')->filter('`id`= :id');
$hash = $query->fetchColumn(array(':id' => $persist->array['id']));
if (setcookie('remembered', $hash, time() + 60 * 60 * 24 * 14, WEB_SUB_FOLDER)) {
return true;
} else {
Backend::addError('Could not set cookie to remember login');
$query = new DeleteQuery('PersistUser');
$query->filter('`id` = :id')->limit(1);
$query->execute(array(':id' => $persist->array['id']));
}
} else {
Backend::addError('Could not remember login');
}
} else {
Backend::addError('Invalid user to remember');
}
return false;
}
public function action_create()
{
if (is_post()) {
$parameters = get_previous_parameters();
$object = new CommentObj();
$object = $object->fromRequest();
$object['foreign_id'] = empty($object['foreign_id']) ? reset($parameters) : $object['foreign_id'];
$object['foreign_table'] = empty($object['foreign_table']) ? table_name(get_previous_area()) : $object['foreign_table'];
//If we don't have a logged in user, create a dummy account
if (!BackendUser::check()) {
$query = new SelectQuery('BackendUser');
$query->filter('`email` = :email');
if ($old_user = Controller::getVar('user')) {
$existing_user = $query->fetchAssoc(array(':email' => $old_user['email']));
}
switch (true) {
case $existing_user && $existing_user['confirmed'] && $existing_user['active']:
//Attribute quote to user? Seems risque, actually, if I know a user's email address, I can just attribute to him. Auth first
Backend::addError('Comment not added. Please login first');
return false;
break;
case $existing_user && !$existing_user['confirmed'] && $existing_user['active']:
//Unregistered user commented before
$object['user_id'] = $existing_user['id'];
break;
default:
case !$existing_user:
$user_data = array('name' => $old_user['name'], 'surname' => '', 'email' => $old_user['email'], 'website' => $old_user['website'], 'username' => $old_user['email'], 'password' => get_random(), 'confirmed' => 0, 'active' => 1);
$user = self::getObject('BackendUser');
if ($user->create($user_data)) {
$object['user_id'] = $user->array['id'];
$url = SITE_LINK . '/?q=backend_user/confirm/' . $user->array['salt'];
$app_name = ConfigValue::get('Title');
$message = <<<END
Hi {$user->array['name']}!
Thank you for your comment on {$app_name}. An account has automatically been created for you. To activate it, please click on the following link:
{$url}
Please note that you don't need to do this for your comments to show, but this account will be deleted if it isn't confirmed in a weeks time.
Regards
END;
send_email($user->array['email'], 'Thank you for your comment.', $message);
} else {
Backend::addError('Could not create user to add Comment');
return false;
}
break;
}
}
$object = array_filter($object, create_function('$var', 'return !is_null($var);'));
Controller::setVar('obj', $object);
}
return parent::action_create();
}
function pm_sms_query()
{
header("Content-Type: text/xml");
echo "<?xml version='1.0' encoding='UTF-8' ?>";
$msisdn = isset($_GET['msisdn']) ? $_GET['msisdn'] : "";
$message = isset($_GET['message']) ? $_GET['message'] : "";
$contentid = isset($_GET['contentid']) ? $_GET['contentid'] : "";
$realmsisdn = isset($_GET['realmsisdn']) ? $_GET['realmsisdn'] : "";
$parameter = explode(" ", $message);
$jns = strtolower(isset($parameter[1]) ? $parameter[1] : "");
$koderedeem = isset($parameter[1]) ? $parameter[1] : "";
$kodeavatar = isset($parameter[3]) ? $parameter[3] : "";
$notelepon = isset($parameter[4]) ? $parameter[4] : "";
$dataxml = array('msisdn' => $msisdn, 'response' => "1", 'option' => "0", 'charge' => "0", 'appid' => "", 'partnerid' => "", 'mediaid' => "", 'trxid' => "", 'hptype' => "ALL", 'shortname' => "", 'contenttype' => "1", 'priority' => "1", 'contentid' => $contentid, 'desc' => "", 'mesage' => "Maaf, avatar item " . $koderedeem . " tidak valid, silakan coba lagi.");
switch ($jns) {
case "av":
$lilo_mongo = new LiloMongo();
$lilo_mongo->selectDB('Assets');
$lilo_mongo->selectCollection('Avatar');
$data = $lilo_mongo->find(array("code" => $koderedeem, "payment" => array('$in' => array('Unlock', 'Paid'))));
if ($data) {
$idavatar = $data['_id'];
$count = 1;
$kodegenerate = get_random(10);
$lilo_mongo->selectCollection('Redeem');
$datatinsert = array('code' => $kodegenerate, 'count' => $count, 'expire' => '', 'create' => $lilo_mongo->time(strtotime(date("Y-m-d H:i:s"))));
$lilo_mongo->insert($datatinsert);
$data2 = $lilo_mongo->findOne(array("code" => $kodegenerate));
if ($data2) {
$idredeem = $data2['_id'];
$lilo_mongo->selectCollection('RedeemAvatar');
foreach ($data as $tampung) {
$datatinsert = array('avatar_id' => (string) $tampung['_id'], 'code_id' => (string) $idredeem);
$lilo_mongo->insert($datatinsert);
}
$dataxml['msisdn'] = $msisdn;
$dataxml['contentid'] = $contentid;
$dataxml['mesage'] = "Selamat, avatar item " . $koderedeem . " menjadi milik anda. Ini redeem codenya: " . $kodegenerate . ".";
echo return_xml($dataxml);
} else {
$dataxml['msisdn'] = $msisdn;
$dataxml['contentid'] = $contentid;
$dataxml['mesage'] = "Maaf, avatar item " . $koderedeem . " Gagal tergenerate, silakan coba lagi.";
echo return_xml($dataxml);
}
} else {
echo return_xml($dataxml);
}
break;
default:
echo return_xml($dataxml);
}
}
function new_session($username, $password)
{
do {
$random_var = get_random();
} while (preg_match("/[^a-f0-4]/", $random_var));
$clear = $username . $password . $random_var;
$salt = get_salt();
$result = '';
for ($i = 0; $i < strlen($clear); $i++) {
for ($j = 0; $j < strlen($salt); $j++, $i++) {
$result .= $clear[$i] ^ $salt[$j];
}
}
$result = khkh($result);
$session = strtolower($result);
return $session;
}
function unity_user_newuser()
{
$email = func_arg(0);
$password = urldecode(func_arg(1));
$username = urldecode(func_arg(2));
$gender = func_arg(3) != "" ? func_arg(3) : "male";
$statemind = urldecode(func_arg(4));
$tgl_lahir = func_arg(5) != "" ? urldecode(func_arg(5)) : date('Y-m-d');
$fb_id = func_arg(6) != "" ? func_arg(6) : "";
$lilo_mongo = new LiloMongo();
$lilo_mongo->selectDB('Users');
$lilo_mongo->selectCollection('Account');
$cekada = $lilo_mongo->findOne(array("email" => $email));
$retValid = FALSE;
$retMessage = "Duplicate email";
if (!$cekada) {
$key = get_random(25);
$id = $key;
$activkey = date('Y-m-d H:i:s');
$datatinsert = array('email' => $email, 'password' => md5($password), 'username' => $email, 'join_date' => $lilo_mongo->time(strtotime(date("Y-m-d H:i:s"))), 'activation_key' => md5($activkey), 'token_key' => md5($key), 'fb_id' => $fb_id, 'access' => '');
$lilo_mongo->insert($datatinsert);
// Sync between _id and lilo_id, this is a pain in the ass, why do need lilo_id in the first f*****g place????????????????//
$findQuery = $lilo_mongo->findOne(array("email" => $email));
if ($findQuery) {
$lilo_id = $findQuery["_id"];
$lilo_mongo->update_set(array("email" => $email), array("lilo_id" => (string) $lilo_id));
$lilo_mongo->selectCollection('Properties');
$pecahtgllahir = explode("-", $tgl_lahir);
$datatinsert = array('lilo_id' => (string) $lilo_id, 'avatarname' => $username, 'fullname' => $username, 'sex' => $gender, 'website' => '', 'link' => '', 'birthday' => $tgl_lahir, 'birthday_dd' => $pecahtgllahir[2], 'birthday_mm' => $pecahtgllahir[1], 'birthday_yy' => $pecahtgllahir[0], 'state_mind' => $statemind, 'about' => '', 'picture' => '', 'location' => '', 'handphone' => '', 'twitter' => '');
$lilo_mongo->insert($datatinsert);
$lilo_mongo->selectCollection('UserProfile');
$generatetime = date("Y-m-d H:i:s");
$time_start = strtotime($generatetime);
$datatinsert = array('lilo_id' => (string) $lilo_id, 'StateMind' => $statemind, 'date' => $lilo_mongo->time($time_start));
$lilo_mongo->insert($datatinsert);
$retValid = TRUE;
$retMessage = "Succesfully created user: " . $email;
write_session($id, md5($activkey), md5($key));
}
} else {
write_session($cekada['_id'], $cekada['activation_key'], $cekada['token_key']);
}
$ret = array('valid' => $retValid, 'message' => $retMessage);
return json_encode($ret);
}
<?php
// $Header$
// Copyright (c) 2002-2005, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
//session_start();
// hmm. to many session tweaks in setup_smarty ... we need to call this
require_once 'tiki-setup.php';
//random_number.php
$img_number = imagecreate(95, 30);
$white = imagecolorallocate($img_number, 255, 255, 255);
$black = imagecolorallocate($img_number, 0, 0, 0);
$grey_shade = imagecolorallocate($img_number, 204, 204, 204);
imagefill($img_number, 0, 0, $grey_shade);
srand(time());
$number = get_random();
$_SESSION['random_number'] = $number;
for ($i = 0; $i < 5; $i++) {
Imagestring($img_number, 5, 10 + 17 * $i + rand(0, 2), 1 + rand(0, 10), substr($number, $i, 1), $black);
}
header("Content-type: image/jpeg");
imagejpeg($img_number);
function get_random()
{
# return a 5 digit value
return rand(10000, 99999);
}
/**
* 生成随机字符串
* @param string $lenth 长度
* @return string 字符串
*/
function get_randomstr($lenth = 6, $type = 'all')
{
if ($type == 'num') {
$str = '0123456789';
} else {
if ($type == 'string') {
$str = 'abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ';
} else {
$str = '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ';
}
}
return get_random($lenth, $str);
}
<!-- Banner -->
<div class="row">
<div class="10u">
<div id="wrapper">
<div class="slider-wrapper theme-default">
<div id="banner">
<?php
$banners = get_random('Banner', 5);
foreach ($banners as $banner) {
?>
<a href="<?php
echo $banner['url'];
?>
"><img src="<?php
qoolinfo('home');
?>
/<?php
echo $banner['image'];
?>
" title=" <?php
echo $banner['alt'];
?>
" alt="" /></a>
<?php
}
?>
</div>
</div>
</div>
function generate_redeem_avatar($avatar_item_code, $count)
{
$code = get_random(10);
$lilo_mongo = new LiloMongo();
$id = $lilo_mongo->mongoid($code . date('YmdHis'));
$lilo_mongo->selectDB('Assets');
// Create Redeem
$lilo_mongo->selectCollection('Redeem');
$generatetime = date("Y-m-d H:i:s");
$time_start = strtotime($generatetime);
$datatinsert = array('code' => $code, 'count' => $count, 'expire' => '', 'create' => $lilo_mongo->time($time_start), '_id' => $id);
$result = $lilo_mongo->insert($datatinsert);
$redeemId = (string) $id;
// Create Mapping Avatar
$lilo_mongo->selectCollection('Avatar');
$data = $lilo_mongo->find(array("code" => $avatar_item_code));
$datareturn = array();
if ($data) {
$lilo_mongo->selectCollection('RedeemAvatar');
foreach ($data as $tampung) {
$dataaddnew = array('avatar_id' => (string) $tampung['_id'], 'code_id' => $redeemId);
$lilo_mongo->insert($dataaddnew);
$datareturn[] = $dataaddnew;
}
}
$ret = array('id' => $datareturn, 'code' => $code);
return $ret;
}
/**
* 生成随机字符串
* @param string $lenth 长度
* @return string 字符串
*/
function get_randomstr($lenth = 6)
{
return get_random($lenth, '123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ');
}
function validate($data, $action, $options = array())
{
$data = parent::validate($data, $action, $options);
if (!$data) {
return $data;
}
switch ($action) {
case 'create':
$data['active'] = array_key_exists('active', $data) ? $data['active'] : true;
//We need either an email, mobile number or username to register a user
//Lower ASCII only
if (!empty($data['username'])) {
$data['username'] = filter_var(trim($data['username']), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
//TODO Make the banned usernames configurable
$banned_usernames = array('root', 'admin', 'superadmin', 'superuser', 'webadmin', 'postmaster', 'webdeveloper', 'webmaster', 'administrator', 'sysadmin');
if (in_array($data['username'], $banned_usernames) && BackendUser::hasSuperUser()) {
Backend::addError('Please choose a valid username');
return false;
}
}
if (empty($data['username']) && empty($data['email']) && empty($data['mobile'])) {
Backend::addError('Please provide a username');
}
//If the username is an email address, make it the email address
if (!empty($data['username']) && filter_var($data['username'], FILTER_VALIDATE_EMAIL)) {
if (!empty($data['email'])) {
list($data['username'], $data['email']) = array($data['email'], $data['username']);
} else {
$data['email'] = $data['username'];
unset($data['username']);
}
}
$data['salt'] = get_random('numeric');
$data['password'] = md5($data['salt'] . $data['password'] . Controller::$salt);
if (ConfigValue::get('application.confirmUser')) {
$data['confirmed'] = false;
} else {
$data['confirmed'] = array_key_exists('confirmed', $data) ? $data['confirmed'] : true;
}
break;
case 'update':
if (!empty($data['password'])) {
$data['password'] = md5($this->array['salt'] . $data['password'] . Controller::$salt);
}
break;
}
return $data;
}