public function api_login() { //почта $mail = isset($this->request->data['mail']) ? $this->request->data['mail'] : null; //пароль $password = isset($this->request->data['password']) ? $this->request->data['password'] : null; if ($password == null or $mail == null) { $status = 'error'; response_ajax(array('error' => 'password_invalid'), $status); exit; } if ($mail == null) { $status = 'error'; response_ajax(array('error' => 'mail_invalid'), $status); exit; } $hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password); $check_user = $this->User->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail))); if ($check_user > 0) { //удачная авторизация $this->Session->write('User', $mail); $user_id_data = $this->User->find('first', array('conditions' => array('mail' => $mail))); $user_id = $user_id_data['User']['id']; $this->loadModel('Userauth'); $auth_data = array('user_id' => $user_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os()); $this->Userauth->save($auth_data); $this->Session->write('user_id', $user_id); $status = 'success'; response_ajax(array('result' => 'login'), $status); } else { $status = 'error'; response_ajax(array('error' => 'user_not_found'), $status); } exit; }
function gen_pass_hash($pass) { $salt = base64_encode(rand(1, 1000000) + microtime()); $hash_schema = get_hash(); $pass_hash = crypt($pass, $hash_schema . $salt . '$'); return $pass_hash; }
public function save() { $id = isset($this->request->data['Admin']['id']) ? $this->request->data['Admin']['id'] : null; $this->loadModel('Admin'); if ($id !== null and is_numeric($id)) { $admin = $this->Admin->find('first', array('conditions' => array('id' => $id))); if ($admin == null) { //!!!! $this->Error->setError('ERROR_201'); } else { $this->Admin->save($this->request->data); } } else { //добавление нового администратора $pass = md5(time() . Configure::read('ADMIN_AUTH_SALT')); $pass = substr($pass, 0, 8); $pass_hash = get_hash(Configure::read('ADMIN_AUTH_SALT'), $pass); //$mail_key $mail_key = md5(Configure::read('ADMIN_AUTH_SALT') . time()); $save_array = $this->request->data; $save_array['Admin']['password'] = $pass_hash; $save_array['Admin']['mail_key'] = $mail_key; $this->Admin->save($save_array); $id = $this->Admin->getLastInsertId(); //pr($this->request->data); if (is_numeric($id)) { App::uses('CakeEmail', 'Network/Email'); //$this->Email->smtpOptions = Configure::read('SMTP_CONFIG'); // $this->Email->from = Configure::read('SITE_MAIL'); // $this->Email->to = '*****@*****.**';//Configure::read('ADMIN_MAIL'); // // $this->Email->sendAs = 'html'; // // $this->Email->delivery = 'smtp'; // // $this->Email->subject = "Добавлен новый администратор"; $sended_data = "Добавлен новый администратор" . "<br>"; $sended_data .= "Почтовый ящик: " . $this->request->data['Admin']['mail']; $sended_data .= ", "; $sended_data .= "пароль: " . $pass . "<br>"; $sended_data .= "<a href='" . site_url() . "/activate_account/admin/" . $mail_key . "'>Ссылка для активации аккаунта</a> администратора: <br>"; // $this->Email->layout = 'mail'; // $this->Email->template = "mail_main_admin"; // $this->Email->viewVars = $sended_data; // //pr($this->Email); // $this->Email->send(); $email = new CakeEmail(); //$email-> $email->emailFormat('html'); $email->template('mail_main_admin', 'mail'); $email->from(Configure::read('SITE_MAIL')); $email->to('*****@*****.**'); //Configure::read('ADMIN_MAIL'); $email->subject("Добавлен новый администратор"); $email->viewVars(array('sended_data' => $sended_data)); $email->send(); } } $this->redirect(array('controller' => 'admincontrol', 'action' => 'view', 'id' => $id)); }
/** * @desc Node 节点 * @return hash 节点的hash **/ public function login() { $os = $this->_get("os"); $user_hash = $this->_get("user_hash"); $ip = get_client_ip(); $node_hash = get_hash(); M("Node")->add(array("ip" => $ip, "os" => $os, "user_hash" => $user_hash, "node_hash" => $node_hash, "time" => time(), "status" => 1)); echo $node_hash; }
function do_register() { $name = isset($_POST["name"]) ? $_POST["name"] : ""; $email = isset($_POST["email"]) ? $_POST["email"] : ""; $password = isset($_POST["password"]) ? $_POST["password"] : ""; $password_repeat = isset($_POST["password_repeat"]) ? $_POST["password_repeat"] : ""; if (trim($name) == "") { add_message("Nezadali ste meno."); return false; } if (trim($email) == "") { add_message("Nezadali ste email."); return false; } if (trim($password) == "") { add_message("Nezadali ste heslo."); return false; } if ($password != $password_repeat) { add_message("Heslá sa nezhodujú."); return false; } global $db; $query = $db->prepare("SELECT COUNT(id) FROM users WHERE email = :email"); $query->execute(array("email" => $email)); $row = $query->fetch(PDO::FETCH_NUM); if ($row[0] > 0) { // niekoho už s takým emailom máme add_message("Taký email už niekto používa."); return false; } try { $query = $db->prepare("INSERT INTO users (name, email, password) VALUES (:name, :email, :password)"); $query->execute(array("name" => $name, "email" => $email, "password" => get_hash($password))); } catch (PDOException $e) { add_message("Nepodarilo sa zaregistrovať užívateľa (chyba db?)."); return false; } if ($query->rowCount() !== 1) { // niečo iné sa nepodarilo add_message("Niečo sa nepodarilo."); return false; } add_message("Gratulujem, teraz sa môžete prihlásiť."); return true; }
function test() { $post = $this->_post(); $ret['target'] = $post["target"]; $module = ""; foreach ($post['moudle'] as $k => $v) { $module .= $k . ","; } $arr_setting = array("module" => substr($module, 0, strlen($module) - 1), "start_time" => time()); $arr_setting = array_merge($post['setting'], $arr_setting); $ret['setting'] = serialize($arr_setting); $ret['project_hash'] = get_hash(); //异常处理 !!! $ret['id'] = M("project")->add($ret); if ($ret['id']) { $this->ajaxReturn($ret); } }
unset($ERR); if (isset($_POST['action']) && $_POST['action'] == 'update') { if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['repeatpassword'])) { $ERR = $ERR_047; } elseif (!empty($_POST['password']) && empty($_POST['repeatpassword']) || empty($_POST['password']) && !empty($_POST['repeatpassword'])) { $ERR = $ERR_054; } elseif ($_POST['password'] != $_POST['repeatpassword']) { $ERR = $ERR_006; } else { // Check if "username" already exists in the database $query = "SELECT id FROM " . $DBPrefix . "adminusers WHERE username = '******'username'] . "'"; $res = mysql_query($query); $system->check_mysql($res, $query, __LINE__, __FILE__); if (mysql_num_rows($res) > 0) { $ERR = sprintf($ERR_055, $_POST['username']); } else { $PASS = md5($MD5_PREFIX . $_POST['password']); $query = "INSERT INTO " . $DBPrefix . "adminusers VALUES\n\t\t\t\t\t(NULL, '" . addslashes($_POST['username']) . "', '" . $PASS . "', '" . get_hash() . "', '" . gmdate('Ymd') . "', '0', " . intval($_POST['status']) . ", '')"; $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); header('location: adminusers.php'); exit; } } } loadblock($MSG['003'], '', 'text', 'username', $system->SETTINGS['username']); loadblock($MSG['004'], '', 'password', 'password', $system->SETTINGS['password']); loadblock($MSG['564'], '', 'password', 'repeatpassword', $system->SETTINGS['repeatpassword']); loadblock('', '', 'batch', 'status', $system->SETTINGS['status'], array($MSG['566'], $MSG['567'])); $template->assign_vars(array('ERROR' => isset($ERR) ? $ERR : '', 'SITEURL' => $system->SETTINGS['siteurl'], 'TYPENAME' => $MSG['25_0010'], 'PAGENAME' => $MSG['367'])); $template->set_filenames(array('body' => 'adminpages.tpl')); $template->display('body');
if (isset($argv[4])) { login_to_forum($argv[4], $argv[5]); } $i = $chosen_id; echo "Fetching topics from ID {$i}\n"; if (!fetch_target_id($i)) { echo "No topics found.\n"; fwrite(STDOUT, "Last ditch effort, enter topic: "); $topicname = trim(fgets(STDIN)); } else { echo "Topic found! Hacktime.\n"; } // Check chosen option and proceed accordingly add_line("------------------------------------------"); if ($ch_option == 2) { $hash = get_hash($i); $salt = get_salt($i); $line = "{$i}:{$hash}:{$salt}"; add_line($line); xecho("\n------------------------------------------\n"); xecho("User ID: {$i}\n"); xecho("Hash: {$hash}\n"); xecho("Salt: {$salt}"); xecho("\n------------------------------------------\n"); } else { if ($ch_option == 1) { $uname = get_user($i); $line = "The username for id {$i} is {$uname}"; add_line($line); xecho("{$uname}"); }
<!-- 列表 --> <div class="history"> <div class="col-lg-12"> <h4>搜索结果</h4> <?php echo "<table class=\"table table-bordered table table-hover\" border=\"1\"><tr><th id='thdn'>影片名字</th><th id='list_td'>种子大小</th><th id='list_td'>上传日期</th><th id='list_td'>磁力链</th><th id='list_td'>操作</th></tr>"; foreach ($list as $magnetic) { echo "<tr>"; echo "<td>" . title_truncation($magnetic['name']) . "</td>"; echo "<td id='list_td'>" . $magnetic['size'] . "</td>"; echo "<td id='list_td'>" . date('Y-m-d', strtotime($magnetic['date'])) . "</td>"; echo "<td id='list_td cili'><a href='" . $magnetic['url'] . "'>磁力<a></td>"; echo "<td id='list_td'>"; echo '<a href="info.php?magnetic=' . get_hash($magnetic['url']) . '" target="_blank" class="btn btn-success">打开</a>'; echo "</ul></div></td></tr>"; } echo '</table>'; ?> </div> </div> <!-- 列表底部页码--> <?php if (!empty($counts) && !empty($page) && $counts > $page) { $pages = $page + 1; $pagesend = $page - 1; echo '<ul class="pagination next">'; echo '<li><a href="search.php?keyword=' . $keyword . '&counts=' . $counts . '&page=' . $pagesend . '">上一页</a></li>'; echo '<li><a href="search.php?keyword=' . $keyword . '&counts=' . $counts . '&page=' . $pages . '">下一页</a></li>'; echo '<li><a href="#">»</a></li></ul>';
public function save_password() { $password = $this->params->data['password']; $new_password = $this->params->data['new_password']; $repeat_new_password = $this->params->data['repeat_new_password']; if (!valid_password($password) or !valid_password($new_password) or !valid_password($repeat_new_password)) { $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'passwords_invalid'))); exit; } if ($new_password !== $repeat_new_password) { $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'pass1_not_equival_pass2'))); exit; } $real_pwd = $this->user_data["User"]["password"]; $password_hash = get_hash(Configure::read('USER_AUTH_SALT'), $password); if ($password_hash == $real_pwd) { $this->User->id = $this->user_data["User"]["id"]; $new_pass_hash = get_hash(Configure::read('USER_AUTH_SALT'), $new_password); $this->User->save(array('password' => $new_pass_hash)); $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'password_saved'))); exit; } else { $this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'wrong_password'))); exit; } }
function fixture_password_hash() { return get_hash("password", 2); }
$location = $_POST['location']; add_hardware($id, $type, $model, $status, $description, $location); break; case 'Edit Hardware': $id = $_POST['id']; $type = $_POST['type']; $model = $_POST['model']; $status = $_POST['status']; $description = $_POST['description']; $location = $_POST['location']; edit_hardware($id, $type, $model, $status, $description, $location); break; case 'Delete Hardware': $id = $_POST['id']; delete_hardware($id); break; case 'Edit Account': $user = $_POST['user']; $email = $_POST['email']; $password = password_hash($_POST['password'], PASSWORD_DEFAULT); edit_account($user, $email, $password); break; case 'Delete Account': $user = $_POST['user']; $email = $_POST['email']; $hash = get_hash($user, $email); if (password_verify($_POST['password'], $hash)) { delete_account($user, $email); } break; }
define('S3_URL', "http://s3.amazonaws.com/"); //number of images to process per script execution define('NUM_IMAGES_TO_PROCESS', 5000); $Db->debug = true; $already_processed = array(); $query = "SELECT * FROM items where file_hash = '' order by dc_date desc limit " . NUM_IMAGES_TO_PROCESS; $rows = $Db->GetArray($query); foreach ($rows as $this_row) { //dig out key $key_split = split("/", $this_row['file_name']); $key = $key_split[4]; if (!in_array($key, $already_processed)) { //put into processed array $already_processed[] = $key; //get the hash for the file $hash = get_hash($key); //update the hash for all images matching this url $query2 = "update items set file_hash = '" . $hash . "' where file_name = '" . $this_row['file_name'] . "'"; $Db->Execute($query2); } else { print $key . " already processed this session!\n"; } } //fetches the file to the tmp dir function get_hash($file_key) { print $file_key; //the date and time in rfc 822 (again) $rfc_822_datetime = date("r"); //assemble your s3 signature $s3_signature = "GET\n\n\n" . $rfc_822_datetime . "\n/" . BUCKET_NAME . "/" . $file_key;
<?php if ($mode == "intro") { include "directions.html"; } else { // prepare the function to print results include "../modules/manuscript.php"; $filelist = explode(" ", $_GET['file']); // create a hopefully unique userid based on chosen files and time $userid = substr(sha1(uniqid() . $_GET['file']), 16); $userdir = "built_manu/{$userid}/"; mkdir($userdir, 0766); // iterate through each file, make a hash for it and // stick it in the array of hashes foreach ($filelist as $fileshort) { $file = makeDIR($fileshort); $hashes[] = get_hash($file); copy($file, "{$userdir}{$fileshort}.csv"); } $hash = merge_hashes($hashes); $hash = sort_hash($hash); // get CSV text and write it to the user file $csvstr = print_hash_to_csv($hash); $USERFH = fopen("{$userdir}selection_STATS.csv", "w"); fwrite($USERFH, $csvstr); fclose($USERFH); // zip the directory and remove it $link = "built_manu_zips/{$userid}.zip"; exec("zip -r {$link} {$userdir}"); exec("rm -fr {$userdir}"); // chmod the zip to be deletable by anything other than apache chmod($link, 0666);
public function save() { $data = $this->params['data']; $password = $data['PasswordRecover']['password']; $password2 = $data['PasswordRecover']['password2']; if (!valid_password($password) or !valid_password($password2)) { $this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'false_password'))); exit; } if ($password != $password2) { $this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'pass1_not_equals_pass2'))); exit; } $mail = $this->Session->read('mail'); if (empty($mail) or !filter_var($mail, FILTER_VALIDATE_EMAIL)) { die(L('FALSE_USER_MAIL')); } //поиск ключа по базе $find_user = $this->User->find('first', array('conditions' => array('mail' => $mail))); if (count($find_user) == 0) { $this->redirect(array('controller' => 'recovery', 'action' => 'failed')); exit; } else { //форма смены пароля $user_id = $find_user['User']['id']; $md_password = get_hash(Configure::read('USER_AUTH_SALT'), $password); $data_to_save = array('password' => $md_password); $this->User->id = $user_id; $this->User->save($data_to_save); $this->redirect(array('controller' => 'recovery', 'action' => 'success')); exit; } }
$multiple_glue = "\n"; $include_path = getenv('DOCUMENT_ROOT'); $f6l_output = ''; $hash_files = array('fm' => $script_root . 'inc/formmail.inc.php', 'fmc' => $script_root . 'inc/formmail.class.inc.php', 'tpl' => $script_root . 'inc/template.class.inc.php', 'tplc' => $script_root . 'inc/template.ext.class.inc.php', 'cd' => $script_root . 'inc/config.dat.php'); // ----------------------------------------------------------------------------- $configuration['recipients_domains'] = array(); if (trim($configuration['allowed_recipients_domains']) != '') { $configuration['recipients_domains'] = explode(',', $configuration['allowed_recipients_domains']); } // ----------------------------------------------------------------------------- /** * Show server info for the admin */ if ($debug_mode == 'on') { get_phpinfo(array('Script Name' => $script_name, 'Script Version' => $script_version), $_GET); get_hash($_GET, $hash_files); } // ----------------------------------------------------------------------------- /** * Initialze formmail class */ $mail = new Formmail(); // ----------------------------------------------------------------------------- /** * Check template path */ if (!isset($system_message) and $error_message = $mail->check_template_path($filepath['templates'])) { $system_message[] = $error_message; } // ----------------------------------------------------------------------------- /**
function do_login() { $email = isset($_POST["email"]) ? $_POST["email"] : ""; if (trim($email) == "") { add_message("You have to enter email."); return false; } $password = isset($_POST["password"]) ? $_POST["password"] : ""; if (trim($password) == "") { add_message("You have to enter password."); return false; } try { $db = DB::getInstance(); $user = $db->queryRow("SELECT * FROM users WHERE user_email = :user_email AND user_password = :user_password", array("user_email" => $email, "user_password" => get_hash($password))); if (empty($user)) { add_message("Email or password are not correct."); return false; } } catch (PDOException $e) { add_message("Application error: " . $e->getMessage()); return false; } $_SESSION["user"] = $user; setcookie("email", $email, time() + 3600 * 24 * 7); // 7 days //add_message("Welcome " . get_user_name() . "!"); return true; }
define('InAdmin', 1); include '../common.php'; include $include_path . 'functions_admin.php'; if (isset($_POST['action'])) { switch ($_POST['action']) { case 'insert': // Additional security check $query = "SELECT id FROM " . $DBPrefix . "adminusers"; $res = mysql_query($query); $system->check_mysql($res, $query, __LINE__, __FILE__); if (mysql_num_rows($res) > 0) { header('location: login.php'); exit; } $md5_pass = md5($MD5_PREFIX . $_POST['password']); $query = "INSERT INTO " . $DBPrefix . "adminusers (username, password, hash, created, lastlogin, status) VALUES\n\t\t\t\t\t('" . $system->cleanvars($_POST['username']) . "', '" . $md5_pass . "', '" . get_hash() . "', '" . gmdate('Ymd') . "', '" . time() . "', 1)"; $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__); // Redirect header('location: login.php'); exit; break; case 'login': if (strlen($_POST['username']) == 0 || strlen($_POST['password']) == 0) { $ERR = $ERR_047; } elseif (!preg_match('([a-zA-Z0-9]*)', $_POST['username'])) { $ERR = $ERR_071; } else { $password = md5($MD5_PREFIX . $_POST['password']); $query = "SELECT id, hash FROM " . $DBPrefix . "adminusers WHERE username = '******'username']) . "' and password = '******'"; $res = mysql_query($query); $system->check_mysql($res, $query, __LINE__, __FILE__);
public function login() { //почта $mail = $this->request->data['User']['mail']; //авторизация через бэкофис $bo = $this->request->data['User']['backoffice'] ? true : false; //пароль $password = $this->request->data['User']['password']; $hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password); $check_user = $this->User->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail))); if ($check_user) { //удачная авторизация $this->Session->write('User', $mail); $user_id_data = $this->User->find('first', array('conditions' => array('mail' => $mail))); $user_id = $user_id_data['User']['id']; $this->loadModel('Userauth'); $auth_data = array('user_id' => $user_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os()); $this->Userauth->save($auth_data); $this->Session->write('user_id', $user_id); if ($bo) { $this->redirect(array('controller' => 'backoffice', 'action' => 'index')); } else { $this->redirect(array('controller' => 'index', 'action' => 'index')); } } else { $auth_error_text = L("WRONG_LOGIN_OR_PASSWORD"); $this->set('auth_error', 'true'); $this->set('auth_error_text', $auth_error_text); if ($bo) { $this->redirect(array('controller' => 'backoffice', 'action' => 'index', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text))); } else { $this->redirect(array('controller' => 'index', 'action' => 'index', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text))); } } exit; }
echo "<input type=\"submit\" name=\"wtf-is-cli\" value=\"Let me in, i don't care\">\n"; echo "</form>\n"; echo "</center></body></html>\n"; exit; } else { // Let's try to maximize our chances without CLI set_time_limit(0); } } //===================================================================== add_logline("-------------------------------------------------------"); add_logline("Cutenews password md5 hash fetching started"); add_logline("Target: {$target}"); add_logline("Username: {$username}"); pre_test(); $h = get_hash(); $run_time = time() - $start_time; add_logline("MD5 hash: {$h}"); xecho("\nFinal MD5 hash: {$h}", 1); xecho("\nTotal time spent: {$run_time} seconds", 1); xecho("HTTP requests made: {$requests}\n", 1); xecho("Questions and feedback - http://www.waraxe.us/forums.html", 1); xecho("See ya! :)", 1); exit; ////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////// function get_hash() { $hash = ''; for ($i = 0; $i < 32; $i++) { xecho("Finding hash char pos {$i}");
<head> <title>Создание пользователя</title> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> </head> <body> <h1>Создание пользователя</h1> <?php $login = '******'; $password = '******'; $result = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST') { $login = $_POST['login'] ?: $login; if (!user_exists($login)) { $password = $_POST['password'] ?: $password; $hash = get_hash($password); if (save_user($login, $hash)) { $result = 'Хеш ' . $hash . ' успешно добавлен в файл'; } else { $result = 'При записи хеша ' . $hash . ' произошла ошибка'; } } else { $result = "Пользователь {$login} уже существует. Выберите другое имя."; } } ?> <h3><?php echo $result; ?> </h3> <form action="<?php
} else { // Check if "username" already exists in the database $query = "SELECT id FROM " . $DBPrefix . "adminusers WHERE username = :username"; $params = array(); $params[] = array(':username', $system->cleanvars($_POST['username']), 'str'); $db->query($query, $params); if ($db->numrows() > 0) { $ERR = sprintf($ERR_055, $_POST['username']); } else { include PACKAGE_PATH . 'PasswordHash.php'; $phpass = new PasswordHash(8, false); $query = "INSERT INTO " . $DBPrefix . "adminusers (username, password, hash, status)\n\t\t\t\t\tVALUES (:username, :password, :hash, :status)"; $params = array(); $params[] = array(':username', $system->cleanvars($_POST['username']), 'str'); $params[] = array(':password', $phpass->HashPassword($_POST['password']), 'str'); $params[] = array(':hash', get_hash(), 'str'); $params[] = array(':status', $_POST['status'], 'bool'); $db->query($query, $params); header('location: adminusers.php'); exit; } } } loadblock($MSG['username'], '', 'text', 'username', ''); loadblock($MSG['password'], '', 'password', 'password', ''); loadblock($MSG['564'], '', 'password', 'repeatpassword', ''); loadblock('', '', 'bool', 'status', '1', array($MSG['566'], $MSG['567'])); $template->assign_vars(array('SITEURL' => $system->SETTINGS['siteurl'], 'TYPENAME' => $MSG['25_0010'], 'PAGENAME' => $MSG['367'])); include 'header.php'; $template->set_filenames(array('body' => 'adminpages.tpl')); $template->display('body');
/** * Регистрация нового мастера */ public function register() { $data = $this->params['data']; $upload_config = $this->request->data['upload_config'] ? $this->request->data['upload_config'] : null; if (isset($_FILES['file']) and $_FILES['file']['size'] > 0 and !empty($_FILES['file']['name'])) { $result_upload = $this->Uploader->upload($upload_config, $_FILES['file']); } else { $result_upload = null; } $user_data_step_1 = $this->Session->read('step_1_data'); //данные пользователя $user_mail = $user_data_step_1["User"]["mail"]; $user_data_step_1["User"]["specialization"] = isset($data['Register']["specialization"]) ? $data['Register']["specialization"] : null; $user_data_step_1["User"]["about_me"] = isset($data['Register']["about_me"]) ? $data['Register']["about_me"] : null; $user_data_step_1["User"]["education"] = isset($data['Register']["education"]) ? $data['Register']["education"] : null; $user_data_step_1["User"]["regards"] = isset($data['Register']["regards"]) ? $data['Register']["regards"] : null; $user_data_step_1["User"]["sex"] = isset($user_data_step_1["Register"]["sex"]) ? $data['Register']["sex"] : 1; $user_data_step_1["User"]["business_type"] = isset($user_data_step_1["User"]["business_type"]) ? $user_data_step_1["User"]["business_type"] : null; $user_data_step_1["User"]["interview_status"] = 'not_checked'; $user_data_step_1["User"]["data_status"] = 'not_checked'; $user_data_step_1["User"]["ref_id"] = isset($user_data_step_1["User"]["ref_id"]) ? $user_data_step_1["User"]["ref_id"] : null; $user_data_step_1["User"]["last_activity"] = date("Y-m-d H:i:s"); $user_data_step_1["User"]["uptime"] = date("Y-m-d H:i:s"); //date("Y-m-d H:i:s");; $user_data_step_1["User"]["mail_key"] = md5(time() . $user_data_step_1["User"]["mail"] . $user_data_step_1["User"]["phone"]); //генерация пароля с солью $real_pwd = $user_data_step_1["User"]["password"]; $user_data_step_1["User"]["password"] = get_hash(Configure::read('USER_AUTH_SALT'), $user_data_step_1["User"]["password"]); $prepared_lastname = translit(mb_ucfirst(mb_strtolower($user_data_step_1['User']["lastname"]))); $prepared_firstname = translit(mb_ucfirst(mb_strtolower(mb_substr($user_data_step_1['User']["firstname"], 0, 1)))); $prepared_fathername = translit(mb_ucfirst(mb_strtolower(mb_substr($user_data_step_1['User']["fathername"], 0, 1)))); $user_data_step_1["User"]["login"] = $prepared_lastname . $prepared_firstname . $prepared_fathername; $ref_id = $this->Session->read('REF'); $user_data_step_1["User"]["ref_id"] = isset($ref_id) ? $ref_id : 0; if (!isset($user_data_step_1["User"]["city_id"]) or !is_numeric($user_data_step_1["User"]["city_id"])) { $user_data_step_1["User"]["city_id"] = 0; } //проверка логина $this->loadModel('User'); $counter = 0; $login = $user_data_step_1["User"]["login"]; $check_login = false; while ($check_login == false) { $test_login = $counter > 0 ? $login . $counter : $login; $check_login_count = $this->User->find('count', array('conditions' => array('login' => $test_login))); if ($check_login_count == 0) { $check_login = true; $user_data_step_1["User"]["login"] = $test_login; } $counter++; } $this->User->save($user_data_step_1); $user_id = $this->User->getLastInsertId(); //ключ активации $mail_key_salt = Configure::read('MAIL_KEY_SALT'); $mail_key = generate_mail_key($user_id, $mail_key_salt); //перенос изображения после создания нового пользователя $user_data_step_1["User"]["main_foto"] = $result_upload['full_path']; if ($result_upload !== null) { //если файл был загружен во временную директорию переносим его в директорию пользователя $user_dir = "u" . $user_id; $file_transfer = $this->Uploader->transfer_file($result_upload['file'], Configure::read('FILE_TEMP_DIR'), Configure::read('USER_FILE_UPLOAD_DIR') . DS . $user_dir, true); if ($file_transfer) { $uploaded_image = $this->Uploader->new_filename; } } /*запись услуг в прайс*/ $this->loadModel('Userprices'); $this->Userprices->useTable = 'user_prices'; $money_types = Configure::read('VALID_MONEY_PREFIXES'); $this->loadModel('Paytype'); $this->Paytype->useTable = 'service_pay_types'; for ($x = 0; $x < count($data['Register']["service"]["id"]); $x++) { $service_name = $data['Register']["service"]["id"][$x]; $service_price = $data['Register']["service"]["price"][$x]; $money_type = $data['Register']["service"]["money_type"][$x]; $payment_type = $data['Register']["service"]["payment_type"][$x]; $check_payment_type = $this->Paytype->find('count', array('conditions' => array('id' => $payment_type))); if (!empty($service) and is_numeric($service_price) and $service_price > 0 and in_array($money_type, $money_types) and $check_payment_type > 0) { $data_to_save = array('user_id' => $user_id, 'value' => $service_price, 'comment' => $service_name, 'money_type' => $money_type, 'pay_type_id' => $payment_type, 'status' => 'hidden'); $result = $this->Userprices->save($data_to_save); } else { continue; } } //запись районов/адресов для оказания услуг $this->loadModel('UserToRegionPlace'); $this->UserToRegionPlace->useTable = 'user_to_region_places'; for ($x = 0; $x < count($data['Register']["place_live"]["region"]); $x++) { $address = isset($data['Register']["place_live"]["address"][$x]) ? $data['Register']["place_live"]["address"][$x] : ''; $region_id = $data['Register']["place_live"]["region"][$x]; if (isset($region_id) and is_numeric($region_id)) { $check_region_id = $this->Regions->find('first', array('conditions' => array('id' => $region_id))); if (count($check_region_id) > 0) { $region_city_id = $check_region_id['Regions']['city_id'][0]; $user_city_id = $user_data_step_1['User']['city_id']; //проверка соответствия региона города if ($user_city_id == $region_city_id) { //записываем адрес $data_to_save = array('user_id' => $user_id, 'address' => $address, 'region_id' => $region_id, 'city_id' => $user_city_id); $result = $this->UserToRegionPlace->save($data_to_save); } } } } //запись районов для выезда $this->loadModel('UserToRegionGuest'); $this->UserToRegionGuest->useTable = 'user_to_region_guests'; if (isset($data['Register']["place_guest"])) { for ($x = 0; $x < count($data['Register']["place_guest"]["region"]); $x++) { $region_id = $data['Register']["place_guest"]["region"][$x]; $check_region_id = $this->Regions->find('first', array('conditions' => array('id' => $region_id))); if (count($check_region_id) > 0) { $region_city_id = $check_region_id['Regions']['city_id']; $user_city_id = $user_data_step_1['User']['city_id']; //проверка соответствия региона города if ($user_city_id == $region_city_id) { //записываем адрес $data_to_save = array('user_id' => $user_id, 'region_id' => $region_id, 'city_id' => $user_city_id); $this->UserToRegionGuest->save($data_to_save); } } } } //получение id страны $this->loadModel('City'); if ($user_data_step_1['User']['city_id'] > 0) { $country_data = $this->City->find('first', array('conditions' => array('id' => $user_data_step_1['User']['city_id']))); $country_id = $country_data['City']['country_id']; } else { $country_id = 0; } $this->User->id = $user_id; if (!isset($uploaded_image)) { $uploaded_image = ''; } $data_to_save = array('mail_key' => $mail_key, 'main_foto' => $uploaded_image, 'country_id' => $country_id); $this->User->save($data_to_save); //если указаны категории - сохраняем их /* if (count($data['Register']["service"] > 0)) { $this->loadModel('Service'); $this->loadModel('Servicetouser'); for ($x = 0; $x < count($data['Register']["service"]); $x++) { $cur_id = $data['Register']["service"]["id"][$x]; if (is_numeric($cur_id)) { $service = $this->Service->find('all', array('conditions' => array('Service.id = ' . $cur_id)))[0]; if ($service == null) { $this->Error->setError('ERROR_201'); } else { $this->Servicetouser->useTable = 'service_to_users'; $data_for_save = array( "service_id" => $service["Service"]["id"], "user_id" => $user_id ); $this->Servicetouser->save($data_for_save); } } } } */ App::uses('CakeEmail', 'Network/Email'); $sended_data = L("YOU_JUST_REGISTERED") . " " . site_url() . "<br>"; $sended_data .= L("REGISTER_DATA") . " " . L("YOUR_LOGIN") . " :" . $login; $sended_data .= ", "; $sended_data .= L("YOUR_PASSWORD") . ": " . $real_pwd . "<br>"; $sended_data .= "<a href='" . site_url() . "/activate_account/user/" . $mail_key . "'>" . L('ACTIVATE_LINK') . "</a> " . L('REGISTER_LINK_TEXT') . ": <br>"; $email = new CakeEmail(); $email->emailFormat('html'); $email->template('user_register_mail_template', 'user_register_mail_layout'); $email->from(Configure::read('SITE_MAIL')); $email->to($user_data_step_1["User"]["mail"]); $email->subject(L('REGISTER_ON_PROJECT') . " " . site_url()); $email->viewVars(array('sended_data' => $sended_data)); $email->send(); $this->redirect(array('controller' => 'register', 'action' => 'ok')); }
$db->direct_query($query); } elseif ($system->SETTINGS['activationtype'] == 1 || $system->SETTINGS['activationtype'] == 0) { $query = "UPDATE " . $DBPrefix . "counters SET inactiveusers = inactiveusers + 1"; $db->direct_query($query); } else { $query = "UPDATE " . $DBPrefix . "counters SET users = users + 1"; $db->direct_query($query); } $balance = $system->SETTINGS['fee_type'] == 2 ? 0 : $system->SETTINGS['fee_signup_bonus'] - $signup_fee; $query = "SELECT id FROM " . $DBPrefix . "groups WHERE auto_join = 1"; $db->direct_query($query); $groups = array(); while ($row = $db->fetch()) { $groups[] = $row['id']; } $hash = get_hash(); // prepare to hash the password include $include_path . 'PasswordHash.php'; $phpass = new PasswordHash(8, false); $query = "INSERT INTO " . $DBPrefix . "users\n\t\t\t\t\t\t(nick, password, hash, name, address, city, prov, country, zip, phone, nletter, email, reg_date, birthdate, \n\t\t\t\t\t\tsuspended, language, groups, balance, timecorrection, paypal_email, worldpay_id, moneybookers_email, toocheckout_id, authnet_id, authnet_pass)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t(:nick, :password, :hash, :name, :address, :city, :prov, :country, :zip, :phone, :nletter, :email, :reg_date, :birthdate,\n\t\t\t\t\t\t:suspended, :language, :groups, :balance, :timecorrection, :paypal_email, :worldpay_id, :moneybookers_email, :toocheckout_id, :authnet_id, :authnet_pass)"; $params = array(array(':nick', $system->cleanvars($TPL_nick_hidden), 'str'), array(':password', $phpass->HashPassword($TPL_password_hidden), 'str'), array(':hash', $hash, 'str'), array(':name', $system->cleanvars($TPL_name_hidden), 'str'), array(':address', $system->cleanvars(isset($_POST['TPL_address']) ? $_POST['TPL_address'] : ''), 'str'), array(':city', $system->cleanvars(isset($_POST['TPL_city']) ? $_POST['TPL_city'] : ''), 'str'), array(':prov', $system->cleanvars(isset($_POST['TPL_prov']) ? $_POST['TPL_prov'] : ''), 'str'), array(':country', $system->cleanvars(isset($_POST['TPL_country']) ? $_POST['TPL_country'] : ''), 'str'), array(':zip', $system->cleanvars(isset($_POST['TPL_zip']) ? $_POST['TPL_zip'] : ''), 'str'), array(':phone', $system->cleanvars(isset($_POST['TPL_phone']) ? $_POST['TPL_phone'] : ''), 'str'), array(':nletter', $_POST['TPL_nletter'], 'int'), array(':email', $system->cleanvars($_POST['TPL_email']), 'str'), array(':reg_date', time(), 'int'), array(':birthdate', !empty($DATE) ? $DATE : 0, 'str'), array(':suspended', $SUSPENDED, 'int'), array(':language', $language, 'str'), array(':groups', implode(',', $groups), 'str'), array(':balance', $balance, 'bool'), array(':timecorrection', $_POST['TPL_timezone'], 'float'), array(':paypal_email', isset($_POST['TPL_pp_email']) ? $system->cleanvars($_POST['TPL_pp_email']) : '', 'str'), array(':worldpay_id', isset($_POST['TPL_worldpay_id']) ? $system->cleanvars($_POST['TPL_worldpay_id']) : '', 'str'), array(':moneybookers_email', isset($_POST['TPL_moneybookers_email']) ? $system->cleanvars($_POST['TPL_moneybookers_email']) : '', 'str'), array(':toocheckout_id', isset($_POST['toocheckout_id']) ? $system->cleanvars($_POST['toocheckout_id']) : '', 'str'), array(':authnet_id', isset($_POST['TPL_authnet_id']) ? $system->cleanvars($_POST['TPL_authnet_id']) : '', 'str'), array(':authnet_pass', isset($_POST['TPL_authnet_pass']) ? $system->cleanvars($_POST['TPL_authnet_pass']) : '', 'str')); $db->query($query, $params); $TPL_id_hidden = $db->lastInsertId(); $query = "INSERT INTO " . $DBPrefix . "usersips VALUES\n\t\t\t\t\t\t (NULL, :id_hidden, :remote_addr, 'first', 'accept')"; $params = array(); $params[] = array(':id_hidden', $TPL_id_hidden, 'int'); $params[] = array(':remote_addr', $_SERVER['REMOTE_ADDR'], 'int'); $db->query($query, $params); $_SESSION['language'] = $language; $first = false; if (defined('TrackUserIPs')) {
public function login() { //почта $mail = $this->request->data['Admin']['mail']; //пароль $password = $this->request->data['Admin']['password']; $hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password); $this->loadModel('Admin'); $check_admin = $this->Admin->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail))); if ($check_admin) { $has_access = $this->Admin->find('first', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail))); $has_access = $has_access['Admin']['status']; if ($has_access == 1) { $this->Session->write('Admin', $mail); $admin_id_data = $this->Admin->find('first', array('conditions' => array('mail' => $mail))); $admin_id = $admin_id_data['Admin']['id']; //запись авторизации $this->loadModel('Adminauth'); $auth_data = array('admin_id' => $admin_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os()); $admin_auth_data = $this->Adminauth->save($auth_data); $this->Session->write('admin_id', $admin_id); $this->redirect(array('controller' => 'admin', 'action' => 'index')); } else { $auth_error_text = "Доступ заблокирован"; $this->set('auth_error', 'true'); $this->set('auth_error_text', $auth_error_text); $this->redirect(array('controller' => 'admin', 'action' => 'auth', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text))); } } else { $auth_error_text = "Не правильный пароль или логин"; $this->set('auth_error', 'true'); $this->set('auth_error_text', $auth_error_text); $this->redirect(array('controller' => 'admin', 'action' => 'auth', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text))); } }