function __encrypt($value)
{
if (is_array($value)) {
$value = $this->__implode($value);
}
return "Q2FrZQ==." . base64_encode(Security::cipher($value, $this->Controller->Cookie->key));
}
public function postLogin()
{
$this->loadModel('User');
$key = 'iznWsaal5lKhOKu4f7f0YagKW81ClEBXqVuTjrFovrXXtOggrqHdDJqkGXsQpHf';
$email = trim($this->request->data['email']);
$password = trim($this->request->data['password']);
$encrypted_password = Security::cipher($password, $key);
$opts = array('conditions' => array('and' => array('User.user_email' => $email, 'User.password' => $encrypted_password)));
$userInfo = $this->User->find('first', $opts);
if ($userInfo) {
//session
CakeSession::write('session_id', $userInfo['User']['user_id']);
CakeSession::write('session_name', $userInfo['User']['user_name']);
CakeSession::write('session_email', $userInfo['User']['user_email']);
$this->redirect('../User/user_profile');
} else {
$this->loadModel('CreateGroup');
$opts = array('conditions' => array('and' => array('CreateGroup.group_admin_email' => $email, 'CreateGroup.password' => $encrypted_password)));
$groupInfo = $this->CreateGroup->find('first', $opts);
if ($groupInfo) {
//session
CakeSession::write('session_id', $groupInfo['CreateGroup']['group_id']);
CakeSession::write('session_name', $groupInfo['CreateGroup']['group_name']);
CakeSession::write('session_code', $groupInfo['CreateGroup']['group_code']);
CakeSession::write('session_email', $groupInfo['CreateGroup']['group_admin_email']);
$this->redirect('../Admin/group_profile');
} else {
$this->Session->write('login_message', 'Invalid username or password');
$this->redirect('../login/home');
}
}
}
public static function write($name, $value = null, $encrypt = true, $expires = null, $path = null, $domain = null, $secure = null)
{
self::ready();
SlConfigure::write($name, $value, false, 'cookie');
self::$_cookies[] = $name;
self::$_cookies = array_unique(self::$_cookies);
if (empty($path)) {
$path = SlConfigure::read('Sl.cookie.path');
}
if ($domain === null) {
$domain = SlConfigure::read('Sl.cookie.domain');
}
if ($secure === null) {
$secure = SlConfigure::read('Sl.cookie.secure');
}
$now = time();
if (is_int($expires) || is_numeric($expires)) {
$expires = $now + intval($expires);
} elseif (is_string($expires)) {
$expires = strtotime($expires, $now);
}
$value = serialize($value);
if ($encrypt) {
App::import('core', 'security');
$value = "?" . base64_encode(Security::cipher($value, self::$_key));
} else {
$value = base64_encode($value);
}
setcookie(self::$_cookieName . "[{$name}]", $value, $expires, $path, $domain, $secure);
}
private function getConnection()
{
if (!$this->_connection) {
$this->_connection = new TwitterOAuth(Security::cipher(base64_decode(Configure::read('Data.Twitter.consumerKey')), 'gummTwitterCypher'), Security::cipher(base64_decode(Configure::read('Data.Twitter.consumerSecret')), 'gummTwitterCypher'), Security::cipher(base64_decode(Configure::read('Data.Twitter.accessToken')), 'gummTwitterCypher'), Security::cipher(base64_decode(Configure::read('Data.Twitter.accessTokenSecret')), 'gummTwitterCypher'));
}
return $this->_connection;
}
public static function decrypt($value)
{
$self = self::getInstance();
$prefix = strpos($value, 'U3BhZ2hldHRp.');
if ($prefix !== false) {
$encrypted = base64_decode(substr($value, $prefix + 13));
return Security::cipher($encrypted, $self->key);
}
return false;
}
public function getUserInfo()
{
// Authデータの取得
$authUserInfo = AuthComponent::user();
// Authの場合
if (!empty($authUserInfo)) {
$authUserInfo['method'] = U_AUTH;
unset($authUserInfo['password']);
unset($authUserInfo['created']);
unset($authUserInfo['modified']);
return $authUserInfo;
}
// Cookieの場合
if (isset($_COOKIE['tora']['User'])) {
$tmpc = Security::cipher(base64_decode(substr($_COOKIE['tora']['User'], 8)), Configure::read('Security.salt'));
$tmpcArray = json_decode($tmpc, true);
$tmpfArray = $this->find('first', array('conditions' => array('User.id' => $tmpcArray['id']), 'fields' => array('User.id', 'User.username', 'User.nickname', 'User.stat')));
$tmpfArray['User']['method'] = U_COOKIE;
return $tmpfArray['User'];
}
// ない場合
return array('method' => U_NONE);
}
public function changePassword()
{
$this->loadModel('User');
$key = 'iznWsaal5lKhOKu4f7f0YagKW81ClEBXqVuTjrFovrXXtOggrqHdDJqkGXsQpHf';
$userId = trim($this->request->data['user_id']);
$password = trim($this->request->data['password']);
$cpassword = trim($this->request->data['c_password']);
$encrypted_password = Security::cipher($password, $key);
if ($password == $cpassword) {
if ($this->User->updateAll(array('password' => "'{$encrypted_password}'"), array('user_id' => $userId))) {
$this->Session->write('pcmessage', 'password changed successfully');
$this->redirect('../User/change_password');
} else {
$this->Session->write('pcmessage', 'Password not changed');
$this->redirect('../User/change_password');
}
} else {
$this->Session->write('pcmessage', 'password and confirm pasword different');
$this->redirect('../User/change_password');
}
}
/**
* Decodes and decrypts a single value.
*
* @param string $value The value to decode & decrypt.
* @return string Decoded value.
*/
protected function _decode($value)
{
$prefix = 'Q2FrZQ==.';
$pos = strpos($value, $prefix);
if ($pos === false) {
return $this->_explode($value);
}
$value = base64_decode(substr($value, strlen($prefix)));
if ($this->_type === 'rijndael') {
$plain = Security::rijndael($value, $this->key, 'decrypt');
}
if ($this->_type === 'cipher') {
$plain = Security::cipher($value, $this->key);
}
if ($this->_type === 'aes') {
$plain = Security::decrypt($value, $this->key);
}
return $this->_explode($plain);
}
/**
* Checks whether the setting already exists and cleans the data array if it does.
* This is used mainly by outside of the model functions which don't know if the Setting exists or not.
*
* @param {array} An array of Setting data
*/
private function _cleanSettingData($data, $append = false)
{
if (is_array($data['Setting']['value'])) {
$settingValue = '';
foreach ($data['Setting']['value'] as $key => $value) {
if (is_array($value)) {
// Form->input('Setting.value.variable.key')
// turns into variable[key] = value
foreach ($value as $index => $val) {
$settingValue .= __('%s[%s] = "%s"%s', $key, $index, Sanitize::escape($val), PHP_EOL);
}
} else {
// Form->input('Setting.value.variable)
// turns into variable = value
$settingValue .= __('%s = "%s"%s', $key, Sanitize::escape($value), PHP_EOL);
}
}
$data['Setting']['value'] = $settingValue;
}
if (!empty($data['Setting'][0])) {
$i = 0;
foreach ($data['Setting'] as $setting) {
if (is_array($setting['value'])) {
$newValue = null;
foreach ($setting['value'] as $key => $value) {
$newValue .= is_numeric($value) ? $key . ' = ' . $value . '' . PHP_EOL : $key . ' = "' . $value . '"' . PHP_EOL;
}
// end value loop
} else {
$newValue = $setting['value'];
}
$data['Setting'][$i]['value'] = $newValue;
$i++;
}
// end setting loop
$data = $data['Setting'];
// because we are using saveAll
}
// @todo break these out into individual setting function in a foreach loop that will
// handle many and single records to save
if (!empty($data['Setting']['name']) && !empty($data['Setting']['type'])) {
// see if the setting already exists
$setting = $this->find('first', array('conditions' => array('Setting.name' => $data['Setting']['name'], 'Setting.type' => $data['Setting']['type'])));
if (!empty($setting)) {
// if it does, then set the id, so that we over write instead of creating a new setting
$data['Setting']['id'] = $setting['Setting']['id'];
}
if (!empty($append) && !empty($setting)) {
$data['Setting']['value'] = $setting['Setting']['value'] . PHP_EOL . $data['Setting']['value'];
}
}
// some values need to be encrypted. We do that here (@todo put this in its own two
// functions. One for "encode" function, and one for which settings should be encoded,
// so that we can specify all settings which need encryption, and reuse this instead
// of the if (xxxx setting) thing. And make the corresponding decode() function somehwere as well.
if (!empty($data['Setting']['name']) && $data['Setting']['name'] == 'SMTP' && !parse_ini_string($data['Setting']['name'])) {
$data['Setting']['value'] = 'smtp = "' . base64_encode(Security::cipher($data['Setting']['value'], Configure::read('Security.salt'))) . '"';
}
if (!empty($data['Query']) && $data['Setting']['name'] == 'ZUHA_DB_VERSION') {
$data['Setting']['value'] = $data['Setting']['value'] + 0.0001;
}
return $data;
}
/**
* Unciphes a string created by the secure method
*
* @access public
* @param string $param The string to be decrypted
* @return string The original string
*/
public static function unsecure($param)
{
$param = base64_decode(str_replace(array('*', '-'), array('/', '+'), $param));
return Security::cipher(substr($param, 0, -2), substr($param, -2));
}
/**
* Make sending email available to all controllers (AppModel calls to this function)
*
* @param mixed $toEmail address to send email to
* @param string $subject subject of email
* @param mixed $message $message ['html'] in the layout will be replaced with this text
* @param string $template to be picked from folder for email. By default, if $mail is given in any template.
* @param array $from Seems to not be used.
* @param array $attachment list of file paths to add as email attachments
* @return int The return value is the number of recipients who were accepted for delivery.
* @throws Exception
*/
public function __sendMail($toEmail = null, $subject = null, $message = null, $template = 'default', $from = array(), $attachment = array())
{
$this->SwiftMailer = $this->Components->load('SwiftMailer');
if (!defined('__SYSTEM_SMTP')) {
throw new Exception(__('SMTP Settings not defined.'));
}
extract(unserialize(__SYSTEM_SMTP));
$smtp = Security::cipher(base64_decode($smtp), Configure::read('Security.salt'));
if (!parse_ini_string($smtp)) {
throw new Exception(__('SMTP Ini parsing failed.'));
}
if (isset($toEmail['to']) && is_array($toEmail)) {
$this->SwiftMailer->to = $toEmail['to'];
} else {
$this->SwiftMailer->to = $toEmail;
}
if (isset($toEmail['cc']) && is_array($toEmail)) {
$this->SwiftMailer->cc = $toEmail['cc'];
}
if (isset($toEmail['bcc']) && is_array($toEmail)) {
$this->SwiftMailer->bcc = $toEmail['bcc'];
}
if (isset($toEmail['replyTo']) && is_array($toEmail)) {
$this->SwiftMailer->replyTo = $toEmail['replyTo'];
}
$this->SwiftMailer->template = $template;
$this->SwiftMailer->attachments = $attachment;
$this->SwiftMailer->layout = 'email';
$this->SwiftMailer->sendAs = 'html';
if ($message) {
$this->SwiftMailer->content = $message . '<br /><br />' . $_SERVER['REMOTE_ADDR'];
if (is_array($message) && isset($message['html'])) {
$this->SwiftMailer->content = $message['html'] . '<br /><br />' . $_SERVER['REMOTE_ADDR'];
} else {
$message = array('html' => $message);
}
$this->set('message', $message);
}
$subject = $subject ? $subject : 'No Subject';
return $this->SwiftMailer->send($template, $subject);
}
function login()
{
if ($this->Session->check('mobile_user') && intval($this->Session->read('mobile_user'))) {
$this->layout = 'mobile';
$this->view = 'mobile_login';
} else {
$this->layout = 'register';
}
if (!empty($this->request->data)) {
if ($this->Auth->login()) {
if ($this->Auth->user('is_activated')) {
if ($this->Auth->user('type') == USER_TYPE_TENANT) {
if ($this->Auth->user('property_id') > 0) {
// If property no longer active, then we must redirect
$this->loadModel('Property');
$this->Property->contain();
$userProp = $this->Property->findById($this->Auth->user('property_id'));
if ($userProp['Property']['active'] == 0) {
$this->redirect(array('controller' => 'Users', 'action' => 'propertydisabled', $this->User->id));
}
} else {
/*
* If active user with no property_id they must have been removed from property
*/
$this->Session->setFlash('You are no longer assigned to a property. Please request a new property now.', 'flash_bad');
$redir_id = $this->Auth->User('id');
$this->Auth->logout();
$this->redirect(array('controller' => 'Users', 'action' => 'residentsearch', Security::cipher($redir_id, Configure::read('Security.salt2'))));
}
}
$this->redirect($this->Auth->redirect());
} elseif (!$this->Auth->user('is_activated') && $this->Auth->user('invitebyemail')) {
$this->User->id = $this->Auth->user('id');
$this->User->saveField('is_activated', true);
/*
* Update the unit to occupied after the invite is sent.
*/
if ($this->Auth->user('unit_id') > 0) {
$this->loadModel('Unit');
$this->Unit->id = $this->Auth->user('unit_id');
$this->Unit->saveField('occupied', 'Yes');
}
$this->redirect($this->Auth->redirect());
} else {
$view = new View($this);
$html = $view->loadHelper('Html');
$resendLink = $html->link('Click Here', array('controller' => 'Users', 'action' => 'resendactivation', $this->Auth->user('id')));
/*
* previoustenant field can have following values
* - 0 not a previous tenant
* - 1 a previous tenant
* - 2 a previous tenant awaiting a new activation
*/
if ($this->Auth->user('previoustenant') == 1 && $this->Auth->user('type') == USER_TYPE_TENANT) {
/*
* Previous tenant, currently inactive, who is trying to log back in - so need to send
* to page 2 of the tenant sign up process
*/
$data = array();
$data['User']['id'] = $this->Auth->User('id');
/* Set to 2 so we can differentiate - i.e. know they came through this way already */
//$data['User']['previoustenant'] = '2';
$data['User']['property_id'] = '0';
$data['User']['unit_id'] = '0';
$data['User']['requested_unit'] = '0';
$data['User']['activation_key'] = $this->User->genActivationHash();
$this->User->set($data);
if ($this->User->save($data, true, array('requested_unit', 'activation_key', 'property_id', 'unit_id'))) {
//debug($data);
$redir_id = $this->Auth->User('id');
$this->Auth->logout();
$this->redirect(array('controller' => 'Users', 'action' => 'residentsearch', Security::cipher($redir_id, Configure::read('Security.salt2'))));
} else {
$this->Session->setFlash('Error Signing Up. Please contact system admin.', 'flash_bad');
}
} else {
$this->Auth->logout();
$this->Session->setFlash('Sorry, your account is not yet activated.', 'flash_bad');
$this->redirect($this->Auth->redirect());
}
}
} else {
$this->Session->setFlash('Invalid username or password.', 'flash_bad');
}
}
}
/**
* Encrypts $value using public $type method in Security class
*
* @param string $value Value to encrypt
*
* @return string Encoded values
*/
protected function _encrypt($value)
{
if (is_array($value)) {
$value = $this->_implode($value);
}
if (!$this->_encrypted) {
return $value;
}
$prefix = "Q2FrZQ==.";
if ($this->_type === 'rijndael') {
$cipher = Security::rijndael($value, $this->key, 'encrypt');
}
if ($this->_type === 'cipher') {
$cipher = Security::cipher($value, $this->key);
}
if ($this->_type === 'aes') {
$cipher = Security::encrypt($value, $this->key);
}
return $prefix . base64_encode($cipher);
}
function importData($id)
{
$this->Project->id = $id;
if (!$this->Project->exists()) {
throw new NotFoundException(__('Invalid proyect'));
}
//!$this->Project->exists()
if ($this->request->is('post') || $this->request->is('put')) {
$this->autoRender = false;
if ($this->request->data['Project']['File']['size'] > 0) {
$file = new File($this->request->data['Project']['File']['tmp_name']);
$contents = $file->read();
$contents = Security::cipher($contents, Configure::read('Security.salt'));
$data = json_decode($contents, true);
if (!empty($data)) {
$this->Session->delete('confrontationResult');
$this->Session->delete('confrontationSettingsData');
$this->Session->delete('confrontationDualResult');
$this->Session->delete('confrontationPostedData');
$this->Session->write('confrontationResult', $data['confrontationResult']);
$this->Session->write('confrontationSettingsData', $data['confrontationSettingsData']);
$this->Session->write('confrontationDualResult', $data['confrontationDualResult']);
$this->Session->write('confrontationPostedData', $data['confrontationPostedData']);
$redirect = null;
switch ($data['tableToLoad']) {
case 'confrontationMultiRound':
$redirect = "confrontationMultiRound";
break;
case 'confrontationMultiUser':
$redirect = "confrontationMultiUser";
break;
case 'confrontationDual':
$redirect = "confrontationDual";
break;
case 'FScore2Users':
$redirect = "confrontationFscoreUsers";
break;
case 'FScore2Rounds':
$redirect = "confrontationFscoreRounds";
break;
default:
throw new Exception("Error Processing Request, error: " . $data['tableToLoad'], 1);
}
if ($redirect == null) {
$this->Session->setFlash('This file is to load the table: ' . $data['tableToLoad']);
$this->redirect(array('controller' => 'projects', 'action' => 'loadTable', $this->Project->id));
} else {
$this->redirect(array('controller' => 'projects', 'action' => $redirect));
}
}
} else {
$this->Session->setFlash('Please select file');
$this->redirect(array('controller' => 'projects', 'action' => 'importData', $this->Project->id));
}
$this->Session->setFlash('This file is corrupted');
$this->redirect(array('controller' => 'projects', 'action' => 'index'));
}
$this->set('project_id', $this->Project->id);
}
/**
* testCipherEmptyKey method
*
* @expectedException PHPUnit_Framework_Error
* @return void
*/
public function testCipherEmptyKey()
{
$txt = 'some_text';
$key = '';
Security::cipher($txt, $key);
}
/**
* convert url
*
*/
public function index($hasp = null)
{
if (empty($hasp)) {
$this->user_id = $this->User->getUserIdByAPIToken(@$this->request->data['api_token']);
if (!empty($this->user_id)) {
$str = $this->randomString();
$authHash = $this->safe_b64encode(Security::cipher($this->user_id . self::PREFIX . $str, Configure::read('Security.salt')));
$result = $this->getContentEmail($authHash);
return $this->responseOk($result);
} else {
return $this->responseNg();
}
} else {
$authLogin = explode(self::PREFIX, Security::cipher(base64_decode($hasp), Configure::read('Security.salt')));
$client_ip = $this->getIPadress();
if (count($authLogin) > 1) {
$user_id = $authLogin[0];
$ret = $this->User->find('first', array('conditions' => array('id' => $user_id)));
if (empty($ret)) {
return $this->redirect(self::APP_STORE);
}
$user_share = $this->UserShare->find("first", array("conditions" => array("user_id" => $user_id, "client_ip" => $client_ip)));
if (!empty($client_ip) && empty($user_share)) {
$this->UserShare->create();
$dataSave = array("user_id" => $user_id, "client_ip" => $client_ip);
$this->UserShare->save($dataSave);
}
}
return $this->redirect(self::APP_STORE);
}
}
/**
* Initialize component
*
* @param Object $controller reference to controller
* @access Public
*/
public function __construct(ComponentCollection $collection, $settings = array())
{
$this->_controller = $collection->getController();
if (defined('__SYSTEM_SMTP')) {
extract(unserialize(__SYSTEM_SMTP));
$smtp = base64_decode($smtp);
$smtp = Security::cipher($smtp, Configure::read('Security.salt'));
if (@($smtp = parse_ini_string($smtp))) {
$this->smtpUsername = !empty($smtp['smtpUsername']) ? $smtp['smtpUsername'] : $this->smtpUsername;
$this->smtpPassword = !empty($smtp['smtpPassword']) ? $smtp['smtpPassword'] : $this->smtpPassword;
$this->smtpHost = !empty($smtp['smtpHost']) ? $smtp['smtpHost'] : $this->smtpHost;
$this->smtpPort = !empty($smtp['smtpPort']) ? $smtp['smtpPort'] : $this->smtpPort;
$this->from = !empty($smtp['from']) ? $smtp['from'] : $this->from;
$this->fromName = !empty($smtp['fromName']) ? $smtp['fromName'] : $this->fromName;
// debug($this->smtpUsername);
// debug($this->smtpPassword);
// debug($this->smtpHost);
// debug($this->smtpPort);
// debug($this->from);
// debug($this->fromName);
// exit;
} else {
return false;
}
} else {
return false;
}
parent::__construct($collection, $settings);
}
/**
* testCipher method
*
* @access public
* @return void
*/
function testCipher()
{
$length = 10;
$txt = '';
for ($i = 0; $i < $length; $i++) {
$txt .= mt_rand(0, 255);
}
$key = 'my_key';
$result = Security::cipher($txt, $key);
$this->assertEqual(Security::cipher($result, $key), $txt);
$txt = '';
$key = 'my_key';
$result = Security::cipher($txt, $key);
$this->assertEqual(Security::cipher($result, $key), $txt);
$txt = 'some_text';
$key = '';
$result = Security::cipher($txt, $key);
$this->assertError();
$this->assertIdentical($result, '');
}
/**
* Decrypt value
*
* @param string $value Value to decrypt
* @param array $settings Config settings
* @return string Decrypted value
*/
public function decrypt($value, $settings)
{
if ($settings['cipher'] == 'cake') {
return Security::cipher($value, $settings['key']);
}
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($settings['key']), base64_decode($value), MCRYPT_MODE_CBC, md5(md5($settings['key']))), "");
}
