private function _send_reset($form) { $user_name = $form->reset->inputs["name"]->value; $user = user::lookup_by_name($user_name); if ($user && !empty($user->email)) { $user->hash = random::hash(); $user->save(); $message = new View("reset_password.html"); $message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}"); $message->user = $user; Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=UTF-8")->message($message->render())->send(); log::success("user", t("Password reset email sent for user %name", array("name" => $user->name))); } else { if (!$user) { // Don't include the username here until you're sure that it's XSS safe log::warning("user", t("Password reset email requested for user %user_name, which does not exist.", array("user_name" => $user_name))); } else { log::warning("user", t("Password reset failed for %user_name (has no email address on record).", array("user_name" => $user->name))); } } // Always pretend that an email has been sent to avoid leaking // information on what user names are actually real. message::success(t("Password reset email sent")); json::reply(array("result" => "success")); }
public function index() { $session = Session::instance(); // Make sure we have an upgrade token if (!($upgrade_token = $session->get("upgrade_token", null))) { $session->set("upgrade_token", $upgrade_token = random::hash()); } // If the upgrade token exists, then bless this session if (file_exists(TMPPATH . $upgrade_token)) { $session->set("can_upgrade", true); @unlink(TMPPATH . $upgrade_token); } $available_upgrades = 0; foreach (module::available() as $module) { if ($module->version && $module->version != $module->code_version) { $available_upgrades++; } } $failed = Input::instance()->get("failed"); $view = new View("upgrader.html"); $view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade"); $view->upgrade_token = $upgrade_token; $view->available = module::available(); $view->failed = $failed ? explode(",", $failed) : array(); $view->done = $available_upgrades == 0; print $view; }
public function reset_private_key() { // Generate a new (random) private key. module::set_var("fotomotorw", "fotomoto_private_key", md5(random::hash() . access::private_key())); message::success(t("Your Photomoto private key has been reset.")); url::redirect("admin/fotomotorw"); }
private function _get_proxy() { $album = test::random_album(); $photo = test::random_photo($album); access::deny(identity::everybody(), "view_full", $album); access::deny(identity::registered_users(), "view_full", $album); $proxy = ORM::factory("digibug_proxy"); $proxy->uuid = random::hash(); $proxy->item_id = $photo->id; return $proxy->save(); }
static function install() { // Set up some default values. module::set_var("fotomotorw", "fotomoto_site_key", ''); module::set_var("fotomotorw", "fotomoto_private_key", md5(random::hash() . access::private_key())); module::set_var("fotomotorw", "fotomoto_buy_prints", 1); module::set_var("fotomotorw", "fotomoto_buy_cards", 1); module::set_var("fotomotorw", "fotomoto_buy_download", 1); module::set_var("fotomotorw", "fotomoto_share_ecard", 1); module::set_var("fotomotorw", "fotomoto_share_facebook", 1); module::set_var("fotomotorw", "fotomoto_share_twitter", 1); module::set_var("fotomotorw", "fotomoto_share_digg", 1); module::set_version("fotomotorw", 1); }
public function print_photo($id) { access::verify_csrf(); $item = ORM::factory("item", $id); access::required("view", $item); if (access::group_can(identity::everybody(), "view_full", $item)) { $full_url = $item->file_url(true); $thumb_url = $item->thumb_url(true); } else { $proxy = ORM::factory("digibug_proxy"); $proxy->uuid = random::hash(); $proxy->item_id = $item->id; $proxy->save(); $full_url = url::abs_site("digibug/print_proxy/full/{$proxy->uuid}/{$item->id}"); $thumb_url = url::abs_site("digibug/print_proxy/thumb/{$proxy->uuid}/{$item->id}"); } $v = new View("digibug_form.html"); $v->order_params = array("digibug_api_version" => "100", "company_id" => module::get_var("digibug", "company_id"), "event_id" => module::get_var("digibug", "event_id"), "cmd" => "addimg", "partner_code" => "69", "return_url" => url::abs_site("digibug/close_window"), "num_images" => "1", "image_1" => $full_url, "thumb_1" => $thumb_url, "image_height_1" => $item->height, "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, "title_1" => html::purify($item->title)); print $v; }
static function show_user_profile($data) { // Guests can't see a REST key if (identity::active_user()->guest) { return; } // Only logged in users can see their own REST key if (identity::active_user()->id != $data->user->id) { return; } $view = new View("user_profile_rest.html"); $key = ORM::factory("user_access_key")->where("user_id", "=", $data->user->id)->find(); if (!$key->loaded()) { $key->user_id = $data->user->id; $key->access_key = random::hash(); $key->save(); } $view->rest_key = $key->access_key; $data->content[] = (object) array("title" => t("REST API"), "view" => $view); }
public function cache_delete_all_test() { $id1 = random::hash(); $value1 = array("field1" => "value1", "field2" => "value2"); $this->_driver->set(array($id1 => $value1), array("tag1", "tag2"), 84600); $id2 = random::hash(); $value2 = array("field3" => "value3", "field4" => "value4"); $this->_driver->set(array($id2 => $value2), array("tag2", "tag3"), 846000); $id3 = random::hash(); $value3 = array("field5" => "value5", "field6" => "value6"); $this->_driver->set(array($id3 => $value3), array("tag3", "tag4"), 84600); $data = $this->_driver->delete(true); $this->assert_false($this->_exists($id1), "{$id1} should have been deleted"); $this->assert_false($this->_exists($id2), "{$id2} should have been deleted"); $this->assert_false($this->_exists($id3), "{$id3} should have been deleted"); }
static function access_key() { $key = ORM::factory("user_access_key")->where("user_id", "=", identity::active_user()->id)->find(); if (!$key->loaded()) { $key->user_id = identity::active_user()->id; $key->access_key = md5(random::hash() . access::private_key()); $key->save(); } return $key->access_key; }
/** * Get the Cross Site Request Forgery token for this session. * @return string */ static function csrf_token() { $session = Session::instance(); $csrf = $session->get("csrf"); if (empty($csrf)) { $csrf = random::hash(); $session->set("csrf", $csrf); } return $csrf; }
static function random_string($length) { $buf = ""; do { $buf .= random::hash(); } while (strlen($buf) < $length); return substr($buf, 0, $length); }
/** * Return a random hexadecimal string of the given length. * @param int the desired length of the string */ static function string($length) { return substr(random::hash(), 0, $length); }