public function api_login()
{
//почта
$mail = isset($this->request->data['mail']) ? $this->request->data['mail'] : null;
//пароль
$password = isset($this->request->data['password']) ? $this->request->data['password'] : null;
if ($password == null or $mail == null) {
$status = 'error';
response_ajax(array('error' => 'password_invalid'), $status);
exit;
}
if ($mail == null) {
$status = 'error';
response_ajax(array('error' => 'mail_invalid'), $status);
exit;
}
$hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$check_user = $this->User->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
if ($check_user > 0) {
//удачная авторизация
$this->Session->write('User', $mail);
$user_id_data = $this->User->find('first', array('conditions' => array('mail' => $mail)));
$user_id = $user_id_data['User']['id'];
$this->loadModel('Userauth');
$auth_data = array('user_id' => $user_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os());
$this->Userauth->save($auth_data);
$this->Session->write('user_id', $user_id);
$status = 'success';
response_ajax(array('result' => 'login'), $status);
} else {
$status = 'error';
response_ajax(array('error' => 'user_not_found'), $status);
}
exit;
}
function gen_pass_hash($pass)
{
$salt = base64_encode(rand(1, 1000000) + microtime());
$hash_schema = get_hash();
$pass_hash = crypt($pass, $hash_schema . $salt . '$');
return $pass_hash;
}
public function save()
{
$id = isset($this->request->data['Admin']['id']) ? $this->request->data['Admin']['id'] : null;
$this->loadModel('Admin');
if ($id !== null and is_numeric($id)) {
$admin = $this->Admin->find('first', array('conditions' => array('id' => $id)));
if ($admin == null) {
//!!!!
$this->Error->setError('ERROR_201');
} else {
$this->Admin->save($this->request->data);
}
} else {
//добавление нового администратора
$pass = md5(time() . Configure::read('ADMIN_AUTH_SALT'));
$pass = substr($pass, 0, 8);
$pass_hash = get_hash(Configure::read('ADMIN_AUTH_SALT'), $pass);
//$mail_key
$mail_key = md5(Configure::read('ADMIN_AUTH_SALT') . time());
$save_array = $this->request->data;
$save_array['Admin']['password'] = $pass_hash;
$save_array['Admin']['mail_key'] = $mail_key;
$this->Admin->save($save_array);
$id = $this->Admin->getLastInsertId();
//pr($this->request->data);
if (is_numeric($id)) {
App::uses('CakeEmail', 'Network/Email');
//$this->Email->smtpOptions = Configure::read('SMTP_CONFIG');
// $this->Email->from = Configure::read('SITE_MAIL');
// $this->Email->to = '*****@*****.**';//Configure::read('ADMIN_MAIL');
//
// $this->Email->sendAs = 'html';
//
// $this->Email->delivery = 'smtp';
//
// $this->Email->subject = "Добавлен новый администратор";
$sended_data = "Добавлен новый администратор" . "<br>";
$sended_data .= "Почтовый ящик: " . $this->request->data['Admin']['mail'];
$sended_data .= ", ";
$sended_data .= "пароль: " . $pass . "<br>";
$sended_data .= "<a href='" . site_url() . "/activate_account/admin/" . $mail_key . "'>Ссылка для активации аккаунта</a> администратора: <br>";
// $this->Email->layout = 'mail';
// $this->Email->template = "mail_main_admin";
// $this->Email->viewVars = $sended_data;
// //pr($this->Email);
// $this->Email->send();
$email = new CakeEmail();
//$email->
$email->emailFormat('html');
$email->template('mail_main_admin', 'mail');
$email->from(Configure::read('SITE_MAIL'));
$email->to('*****@*****.**');
//Configure::read('ADMIN_MAIL');
$email->subject("Добавлен новый администратор");
$email->viewVars(array('sended_data' => $sended_data));
$email->send();
}
}
$this->redirect(array('controller' => 'admincontrol', 'action' => 'view', 'id' => $id));
}
/**
* @desc Node 节点
* @return hash 节点的hash
**/
public function login()
{
$os = $this->_get("os");
$user_hash = $this->_get("user_hash");
$ip = get_client_ip();
$node_hash = get_hash();
M("Node")->add(array("ip" => $ip, "os" => $os, "user_hash" => $user_hash, "node_hash" => $node_hash, "time" => time(), "status" => 1));
echo $node_hash;
}
function do_register()
{
$name = isset($_POST["name"]) ? $_POST["name"] : "";
$email = isset($_POST["email"]) ? $_POST["email"] : "";
$password = isset($_POST["password"]) ? $_POST["password"] : "";
$password_repeat = isset($_POST["password_repeat"]) ? $_POST["password_repeat"] : "";
if (trim($name) == "") {
add_message("Nezadali ste meno.");
return false;
}
if (trim($email) == "") {
add_message("Nezadali ste email.");
return false;
}
if (trim($password) == "") {
add_message("Nezadali ste heslo.");
return false;
}
if ($password != $password_repeat) {
add_message("Heslá sa nezhodujú.");
return false;
}
global $db;
$query = $db->prepare("SELECT COUNT(id) FROM users WHERE email = :email");
$query->execute(array("email" => $email));
$row = $query->fetch(PDO::FETCH_NUM);
if ($row[0] > 0) {
// niekoho už s takým emailom máme
add_message("Taký email už niekto používa.");
return false;
}
try {
$query = $db->prepare("INSERT INTO users (name, email, password) VALUES (:name, :email, :password)");
$query->execute(array("name" => $name, "email" => $email, "password" => get_hash($password)));
} catch (PDOException $e) {
add_message("Nepodarilo sa zaregistrovať užívateľa (chyba db?).");
return false;
}
if ($query->rowCount() !== 1) {
// niečo iné sa nepodarilo
add_message("Niečo sa nepodarilo.");
return false;
}
add_message("Gratulujem, teraz sa môžete prihlásiť.");
return true;
}
function test()
{
$post = $this->_post();
$ret['target'] = $post["target"];
$module = "";
foreach ($post['moudle'] as $k => $v) {
$module .= $k . ",";
}
$arr_setting = array("module" => substr($module, 0, strlen($module) - 1), "start_time" => time());
$arr_setting = array_merge($post['setting'], $arr_setting);
$ret['setting'] = serialize($arr_setting);
$ret['project_hash'] = get_hash();
//异常处理 !!!
$ret['id'] = M("project")->add($ret);
if ($ret['id']) {
$this->ajaxReturn($ret);
}
}
unset($ERR);
if (isset($_POST['action']) && $_POST['action'] == 'update') {
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['repeatpassword'])) {
$ERR = $ERR_047;
} elseif (!empty($_POST['password']) && empty($_POST['repeatpassword']) || empty($_POST['password']) && !empty($_POST['repeatpassword'])) {
$ERR = $ERR_054;
} elseif ($_POST['password'] != $_POST['repeatpassword']) {
$ERR = $ERR_006;
} else {
// Check if "username" already exists in the database
$query = "SELECT id FROM " . $DBPrefix . "adminusers WHERE username = '******'username'] . "'";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) > 0) {
$ERR = sprintf($ERR_055, $_POST['username']);
} else {
$PASS = md5($MD5_PREFIX . $_POST['password']);
$query = "INSERT INTO " . $DBPrefix . "adminusers VALUES\n\t\t\t\t\t(NULL, '" . addslashes($_POST['username']) . "', '" . $PASS . "', '" . get_hash() . "', '" . gmdate('Ymd') . "', '0', " . intval($_POST['status']) . ", '')";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
header('location: adminusers.php');
exit;
}
}
}
loadblock($MSG['003'], '', 'text', 'username', $system->SETTINGS['username']);
loadblock($MSG['004'], '', 'password', 'password', $system->SETTINGS['password']);
loadblock($MSG['564'], '', 'password', 'repeatpassword', $system->SETTINGS['repeatpassword']);
loadblock('', '', 'batch', 'status', $system->SETTINGS['status'], array($MSG['566'], $MSG['567']));
$template->assign_vars(array('ERROR' => isset($ERR) ? $ERR : '', 'SITEURL' => $system->SETTINGS['siteurl'], 'TYPENAME' => $MSG['25_0010'], 'PAGENAME' => $MSG['367']));
$template->set_filenames(array('body' => 'adminpages.tpl'));
$template->display('body');
if (isset($argv[4])) {
login_to_forum($argv[4], $argv[5]);
}
$i = $chosen_id;
echo "Fetching topics from ID {$i}\n";
if (!fetch_target_id($i)) {
echo "No topics found.\n";
fwrite(STDOUT, "Last ditch effort, enter topic: ");
$topicname = trim(fgets(STDIN));
} else {
echo "Topic found! Hacktime.\n";
}
// Check chosen option and proceed accordingly
add_line("------------------------------------------");
if ($ch_option == 2) {
$hash = get_hash($i);
$salt = get_salt($i);
$line = "{$i}:{$hash}:{$salt}";
add_line($line);
xecho("\n------------------------------------------\n");
xecho("User ID: {$i}\n");
xecho("Hash: {$hash}\n");
xecho("Salt: {$salt}");
xecho("\n------------------------------------------\n");
} else {
if ($ch_option == 1) {
$uname = get_user($i);
$line = "The username for id {$i} is {$uname}";
add_line($line);
xecho("{$uname}");
}
<!-- 列表 -->
<div class="history">
<div class="col-lg-12">
<h4>搜索结果</h4>
<?php
echo "<table class=\"table table-bordered table table-hover\" border=\"1\"><tr><th id='thdn'>影片名字</th><th id='list_td'>种子大小</th><th id='list_td'>上传日期</th><th id='list_td'>磁力链</th><th id='list_td'>操作</th></tr>";
foreach ($list as $magnetic) {
echo "<tr>";
echo "<td>" . title_truncation($magnetic['name']) . "</td>";
echo "<td id='list_td'>" . $magnetic['size'] . "</td>";
echo "<td id='list_td'>" . date('Y-m-d', strtotime($magnetic['date'])) . "</td>";
echo "<td id='list_td cili'><a href='" . $magnetic['url'] . "'>磁力<a></td>";
echo "<td id='list_td'>";
echo '<a href="info.php?magnetic=' . get_hash($magnetic['url']) . '" target="_blank" class="btn btn-success">打开</a>';
echo "</ul></div></td></tr>";
}
echo '</table>';
?>
</div>
</div>
<!-- 列表底部页码-->
<?php
if (!empty($counts) && !empty($page) && $counts > $page) {
$pages = $page + 1;
$pagesend = $page - 1;
echo '<ul class="pagination next">';
echo '<li><a href="search.php?keyword=' . $keyword . '&counts=' . $counts . '&page=' . $pagesend . '">上一页</a></li>';
echo '<li><a href="search.php?keyword=' . $keyword . '&counts=' . $counts . '&page=' . $pages . '">下一页</a></li>';
echo '<li><a href="#">»</a></li></ul>';
public function save_password()
{
$password = $this->params->data['password'];
$new_password = $this->params->data['new_password'];
$repeat_new_password = $this->params->data['repeat_new_password'];
if (!valid_password($password) or !valid_password($new_password) or !valid_password($repeat_new_password)) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'passwords_invalid')));
exit;
}
if ($new_password !== $repeat_new_password) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'pass1_not_equival_pass2')));
exit;
}
$real_pwd = $this->user_data["User"]["password"];
$password_hash = get_hash(Configure::read('USER_AUTH_SALT'), $password);
if ($password_hash == $real_pwd) {
$this->User->id = $this->user_data["User"]["id"];
$new_pass_hash = get_hash(Configure::read('USER_AUTH_SALT'), $new_password);
$this->User->save(array('password' => $new_pass_hash));
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'password_saved')));
exit;
} else {
$this->redirect(array('controller' => 'backoffice', 'action' => 'change_password', '?' => array('result' => 'wrong_password')));
exit;
}
}
function fixture_password_hash()
{
return get_hash("password", 2);
}
$location = $_POST['location'];
add_hardware($id, $type, $model, $status, $description, $location);
break;
case 'Edit Hardware':
$id = $_POST['id'];
$type = $_POST['type'];
$model = $_POST['model'];
$status = $_POST['status'];
$description = $_POST['description'];
$location = $_POST['location'];
edit_hardware($id, $type, $model, $status, $description, $location);
break;
case 'Delete Hardware':
$id = $_POST['id'];
delete_hardware($id);
break;
case 'Edit Account':
$user = $_POST['user'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
edit_account($user, $email, $password);
break;
case 'Delete Account':
$user = $_POST['user'];
$email = $_POST['email'];
$hash = get_hash($user, $email);
if (password_verify($_POST['password'], $hash)) {
delete_account($user, $email);
}
break;
}
define('S3_URL', "http://s3.amazonaws.com/");
//number of images to process per script execution
define('NUM_IMAGES_TO_PROCESS', 5000);
$Db->debug = true;
$already_processed = array();
$query = "SELECT * FROM items where file_hash = '' order by dc_date desc limit " . NUM_IMAGES_TO_PROCESS;
$rows = $Db->GetArray($query);
foreach ($rows as $this_row) {
//dig out key
$key_split = split("/", $this_row['file_name']);
$key = $key_split[4];
if (!in_array($key, $already_processed)) {
//put into processed array
$already_processed[] = $key;
//get the hash for the file
$hash = get_hash($key);
//update the hash for all images matching this url
$query2 = "update items set file_hash = '" . $hash . "' where file_name = '" . $this_row['file_name'] . "'";
$Db->Execute($query2);
} else {
print $key . " already processed this session!\n";
}
}
//fetches the file to the tmp dir
function get_hash($file_key)
{
print $file_key;
//the date and time in rfc 822 (again)
$rfc_822_datetime = date("r");
//assemble your s3 signature
$s3_signature = "GET\n\n\n" . $rfc_822_datetime . "\n/" . BUCKET_NAME . "/" . $file_key;
<?php
if ($mode == "intro") {
include "directions.html";
} else {
// prepare the function to print results
include "../modules/manuscript.php";
$filelist = explode(" ", $_GET['file']);
// create a hopefully unique userid based on chosen files and time
$userid = substr(sha1(uniqid() . $_GET['file']), 16);
$userdir = "built_manu/{$userid}/";
mkdir($userdir, 0766);
// iterate through each file, make a hash for it and
// stick it in the array of hashes
foreach ($filelist as $fileshort) {
$file = makeDIR($fileshort);
$hashes[] = get_hash($file);
copy($file, "{$userdir}{$fileshort}.csv");
}
$hash = merge_hashes($hashes);
$hash = sort_hash($hash);
// get CSV text and write it to the user file
$csvstr = print_hash_to_csv($hash);
$USERFH = fopen("{$userdir}selection_STATS.csv", "w");
fwrite($USERFH, $csvstr);
fclose($USERFH);
// zip the directory and remove it
$link = "built_manu_zips/{$userid}.zip";
exec("zip -r {$link} {$userdir}");
exec("rm -fr {$userdir}");
// chmod the zip to be deletable by anything other than apache
chmod($link, 0666);
public function save()
{
$data = $this->params['data'];
$password = $data['PasswordRecover']['password'];
$password2 = $data['PasswordRecover']['password2'];
if (!valid_password($password) or !valid_password($password2)) {
$this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'false_password')));
exit;
}
if ($password != $password2) {
$this->redirect(array('controller' => 'recovery', 'action' => 'setup_password', '?' => array('recover_action' => 'failed', 'error' => 'pass1_not_equals_pass2')));
exit;
}
$mail = $this->Session->read('mail');
if (empty($mail) or !filter_var($mail, FILTER_VALIDATE_EMAIL)) {
die(L('FALSE_USER_MAIL'));
}
//поиск ключа по базе
$find_user = $this->User->find('first', array('conditions' => array('mail' => $mail)));
if (count($find_user) == 0) {
$this->redirect(array('controller' => 'recovery', 'action' => 'failed'));
exit;
} else {
//форма смены пароля
$user_id = $find_user['User']['id'];
$md_password = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$data_to_save = array('password' => $md_password);
$this->User->id = $user_id;
$this->User->save($data_to_save);
$this->redirect(array('controller' => 'recovery', 'action' => 'success'));
exit;
}
}
$multiple_glue = "\n";
$include_path = getenv('DOCUMENT_ROOT');
$f6l_output = '';
$hash_files = array('fm' => $script_root . 'inc/formmail.inc.php', 'fmc' => $script_root . 'inc/formmail.class.inc.php', 'tpl' => $script_root . 'inc/template.class.inc.php', 'tplc' => $script_root . 'inc/template.ext.class.inc.php', 'cd' => $script_root . 'inc/config.dat.php');
// -----------------------------------------------------------------------------
$configuration['recipients_domains'] = array();
if (trim($configuration['allowed_recipients_domains']) != '') {
$configuration['recipients_domains'] = explode(',', $configuration['allowed_recipients_domains']);
}
// -----------------------------------------------------------------------------
/**
* Show server info for the admin
*/
if ($debug_mode == 'on') {
get_phpinfo(array('Script Name' => $script_name, 'Script Version' => $script_version), $_GET);
get_hash($_GET, $hash_files);
}
// -----------------------------------------------------------------------------
/**
* Initialze formmail class
*/
$mail = new Formmail();
// -----------------------------------------------------------------------------
/**
* Check template path
*/
if (!isset($system_message) and $error_message = $mail->check_template_path($filepath['templates'])) {
$system_message[] = $error_message;
}
// -----------------------------------------------------------------------------
/**
function do_login()
{
$email = isset($_POST["email"]) ? $_POST["email"] : "";
if (trim($email) == "") {
add_message("You have to enter email.");
return false;
}
$password = isset($_POST["password"]) ? $_POST["password"] : "";
if (trim($password) == "") {
add_message("You have to enter password.");
return false;
}
try {
$db = DB::getInstance();
$user = $db->queryRow("SELECT * FROM users WHERE user_email = :user_email AND user_password = :user_password", array("user_email" => $email, "user_password" => get_hash($password)));
if (empty($user)) {
add_message("Email or password are not correct.");
return false;
}
} catch (PDOException $e) {
add_message("Application error: " . $e->getMessage());
return false;
}
$_SESSION["user"] = $user;
setcookie("email", $email, time() + 3600 * 24 * 7);
// 7 days
//add_message("Welcome " . get_user_name() . "!");
return true;
}
define('InAdmin', 1);
include '../common.php';
include $include_path . 'functions_admin.php';
if (isset($_POST['action'])) {
switch ($_POST['action']) {
case 'insert':
// Additional security check
$query = "SELECT id FROM " . $DBPrefix . "adminusers";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
if (mysql_num_rows($res) > 0) {
header('location: login.php');
exit;
}
$md5_pass = md5($MD5_PREFIX . $_POST['password']);
$query = "INSERT INTO " . $DBPrefix . "adminusers (username, password, hash, created, lastlogin, status) VALUES\n\t\t\t\t\t('" . $system->cleanvars($_POST['username']) . "', '" . $md5_pass . "', '" . get_hash() . "', '" . gmdate('Ymd') . "', '" . time() . "', 1)";
$system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
// Redirect
header('location: login.php');
exit;
break;
case 'login':
if (strlen($_POST['username']) == 0 || strlen($_POST['password']) == 0) {
$ERR = $ERR_047;
} elseif (!preg_match('([a-zA-Z0-9]*)', $_POST['username'])) {
$ERR = $ERR_071;
} else {
$password = md5($MD5_PREFIX . $_POST['password']);
$query = "SELECT id, hash FROM " . $DBPrefix . "adminusers WHERE username = '******'username']) . "' and password = '******'";
$res = mysql_query($query);
$system->check_mysql($res, $query, __LINE__, __FILE__);
public function login()
{
//почта
$mail = $this->request->data['User']['mail'];
//авторизация через бэкофис
$bo = $this->request->data['User']['backoffice'] ? true : false;
//пароль
$password = $this->request->data['User']['password'];
$hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$check_user = $this->User->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
if ($check_user) {
//удачная авторизация
$this->Session->write('User', $mail);
$user_id_data = $this->User->find('first', array('conditions' => array('mail' => $mail)));
$user_id = $user_id_data['User']['id'];
$this->loadModel('Userauth');
$auth_data = array('user_id' => $user_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os());
$this->Userauth->save($auth_data);
$this->Session->write('user_id', $user_id);
if ($bo) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'index'));
} else {
$this->redirect(array('controller' => 'index', 'action' => 'index'));
}
} else {
$auth_error_text = L("WRONG_LOGIN_OR_PASSWORD");
$this->set('auth_error', 'true');
$this->set('auth_error_text', $auth_error_text);
if ($bo) {
$this->redirect(array('controller' => 'backoffice', 'action' => 'index', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
} else {
$this->redirect(array('controller' => 'index', 'action' => 'index', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
}
}
exit;
}
echo "<input type=\"submit\" name=\"wtf-is-cli\" value=\"Let me in, i don't care\">\n";
echo "</form>\n";
echo "</center></body></html>\n";
exit;
} else {
// Let's try to maximize our chances without CLI
set_time_limit(0);
}
}
//=====================================================================
add_logline("-------------------------------------------------------");
add_logline("Cutenews password md5 hash fetching started");
add_logline("Target: {$target}");
add_logline("Username: {$username}");
pre_test();
$h = get_hash();
$run_time = time() - $start_time;
add_logline("MD5 hash: {$h}");
xecho("\nFinal MD5 hash: {$h}", 1);
xecho("\nTotal time spent: {$run_time} seconds", 1);
xecho("HTTP requests made: {$requests}\n", 1);
xecho("Questions and feedback - http://www.waraxe.us/forums.html", 1);
xecho("See ya! :)", 1);
exit;
//////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////
function get_hash()
{
$hash = '';
for ($i = 0; $i < 32; $i++) {
xecho("Finding hash char pos {$i}");
<head>
<title>Создание пользователя</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
</head>
<body>
<h1>Создание пользователя</h1>
<?php
$login = '******';
$password = '******';
$result = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$login = $_POST['login'] ?: $login;
if (!user_exists($login)) {
$password = $_POST['password'] ?: $password;
$hash = get_hash($password);
if (save_user($login, $hash)) {
$result = 'Хеш ' . $hash . ' успешно добавлен в файл';
} else {
$result = 'При записи хеша ' . $hash . ' произошла ошибка';
}
} else {
$result = "Пользователь {$login} уже существует. Выберите другое имя.";
}
}
?>
<h3><?php
echo $result;
?>
</h3>
<form action="<?php
} else {
// Check if "username" already exists in the database
$query = "SELECT id FROM " . $DBPrefix . "adminusers WHERE username = :username";
$params = array();
$params[] = array(':username', $system->cleanvars($_POST['username']), 'str');
$db->query($query, $params);
if ($db->numrows() > 0) {
$ERR = sprintf($ERR_055, $_POST['username']);
} else {
include PACKAGE_PATH . 'PasswordHash.php';
$phpass = new PasswordHash(8, false);
$query = "INSERT INTO " . $DBPrefix . "adminusers (username, password, hash, status)\n\t\t\t\t\tVALUES (:username, :password, :hash, :status)";
$params = array();
$params[] = array(':username', $system->cleanvars($_POST['username']), 'str');
$params[] = array(':password', $phpass->HashPassword($_POST['password']), 'str');
$params[] = array(':hash', get_hash(), 'str');
$params[] = array(':status', $_POST['status'], 'bool');
$db->query($query, $params);
header('location: adminusers.php');
exit;
}
}
}
loadblock($MSG['username'], '', 'text', 'username', '');
loadblock($MSG['password'], '', 'password', 'password', '');
loadblock($MSG['564'], '', 'password', 'repeatpassword', '');
loadblock('', '', 'bool', 'status', '1', array($MSG['566'], $MSG['567']));
$template->assign_vars(array('SITEURL' => $system->SETTINGS['siteurl'], 'TYPENAME' => $MSG['25_0010'], 'PAGENAME' => $MSG['367']));
include 'header.php';
$template->set_filenames(array('body' => 'adminpages.tpl'));
$template->display('body');
/**
* Регистрация нового мастера
*/
public function register()
{
$data = $this->params['data'];
$upload_config = $this->request->data['upload_config'] ? $this->request->data['upload_config'] : null;
if (isset($_FILES['file']) and $_FILES['file']['size'] > 0 and !empty($_FILES['file']['name'])) {
$result_upload = $this->Uploader->upload($upload_config, $_FILES['file']);
} else {
$result_upload = null;
}
$user_data_step_1 = $this->Session->read('step_1_data');
//данные пользователя
$user_mail = $user_data_step_1["User"]["mail"];
$user_data_step_1["User"]["specialization"] = isset($data['Register']["specialization"]) ? $data['Register']["specialization"] : null;
$user_data_step_1["User"]["about_me"] = isset($data['Register']["about_me"]) ? $data['Register']["about_me"] : null;
$user_data_step_1["User"]["education"] = isset($data['Register']["education"]) ? $data['Register']["education"] : null;
$user_data_step_1["User"]["regards"] = isset($data['Register']["regards"]) ? $data['Register']["regards"] : null;
$user_data_step_1["User"]["sex"] = isset($user_data_step_1["Register"]["sex"]) ? $data['Register']["sex"] : 1;
$user_data_step_1["User"]["business_type"] = isset($user_data_step_1["User"]["business_type"]) ? $user_data_step_1["User"]["business_type"] : null;
$user_data_step_1["User"]["interview_status"] = 'not_checked';
$user_data_step_1["User"]["data_status"] = 'not_checked';
$user_data_step_1["User"]["ref_id"] = isset($user_data_step_1["User"]["ref_id"]) ? $user_data_step_1["User"]["ref_id"] : null;
$user_data_step_1["User"]["last_activity"] = date("Y-m-d H:i:s");
$user_data_step_1["User"]["uptime"] = date("Y-m-d H:i:s");
//date("Y-m-d H:i:s");;
$user_data_step_1["User"]["mail_key"] = md5(time() . $user_data_step_1["User"]["mail"] . $user_data_step_1["User"]["phone"]);
//генерация пароля с солью
$real_pwd = $user_data_step_1["User"]["password"];
$user_data_step_1["User"]["password"] = get_hash(Configure::read('USER_AUTH_SALT'), $user_data_step_1["User"]["password"]);
$prepared_lastname = translit(mb_ucfirst(mb_strtolower($user_data_step_1['User']["lastname"])));
$prepared_firstname = translit(mb_ucfirst(mb_strtolower(mb_substr($user_data_step_1['User']["firstname"], 0, 1))));
$prepared_fathername = translit(mb_ucfirst(mb_strtolower(mb_substr($user_data_step_1['User']["fathername"], 0, 1))));
$user_data_step_1["User"]["login"] = $prepared_lastname . $prepared_firstname . $prepared_fathername;
$ref_id = $this->Session->read('REF');
$user_data_step_1["User"]["ref_id"] = isset($ref_id) ? $ref_id : 0;
if (!isset($user_data_step_1["User"]["city_id"]) or !is_numeric($user_data_step_1["User"]["city_id"])) {
$user_data_step_1["User"]["city_id"] = 0;
}
//проверка логина
$this->loadModel('User');
$counter = 0;
$login = $user_data_step_1["User"]["login"];
$check_login = false;
while ($check_login == false) {
$test_login = $counter > 0 ? $login . $counter : $login;
$check_login_count = $this->User->find('count', array('conditions' => array('login' => $test_login)));
if ($check_login_count == 0) {
$check_login = true;
$user_data_step_1["User"]["login"] = $test_login;
}
$counter++;
}
$this->User->save($user_data_step_1);
$user_id = $this->User->getLastInsertId();
//ключ активации
$mail_key_salt = Configure::read('MAIL_KEY_SALT');
$mail_key = generate_mail_key($user_id, $mail_key_salt);
//перенос изображения после создания нового пользователя
$user_data_step_1["User"]["main_foto"] = $result_upload['full_path'];
if ($result_upload !== null) {
//если файл был загружен во временную директорию переносим его в директорию пользователя
$user_dir = "u" . $user_id;
$file_transfer = $this->Uploader->transfer_file($result_upload['file'], Configure::read('FILE_TEMP_DIR'), Configure::read('USER_FILE_UPLOAD_DIR') . DS . $user_dir, true);
if ($file_transfer) {
$uploaded_image = $this->Uploader->new_filename;
}
}
/*запись услуг в прайс*/
$this->loadModel('Userprices');
$this->Userprices->useTable = 'user_prices';
$money_types = Configure::read('VALID_MONEY_PREFIXES');
$this->loadModel('Paytype');
$this->Paytype->useTable = 'service_pay_types';
for ($x = 0; $x < count($data['Register']["service"]["id"]); $x++) {
$service_name = $data['Register']["service"]["id"][$x];
$service_price = $data['Register']["service"]["price"][$x];
$money_type = $data['Register']["service"]["money_type"][$x];
$payment_type = $data['Register']["service"]["payment_type"][$x];
$check_payment_type = $this->Paytype->find('count', array('conditions' => array('id' => $payment_type)));
if (!empty($service) and is_numeric($service_price) and $service_price > 0 and in_array($money_type, $money_types) and $check_payment_type > 0) {
$data_to_save = array('user_id' => $user_id, 'value' => $service_price, 'comment' => $service_name, 'money_type' => $money_type, 'pay_type_id' => $payment_type, 'status' => 'hidden');
$result = $this->Userprices->save($data_to_save);
} else {
continue;
}
}
//запись районов/адресов для оказания услуг
$this->loadModel('UserToRegionPlace');
$this->UserToRegionPlace->useTable = 'user_to_region_places';
for ($x = 0; $x < count($data['Register']["place_live"]["region"]); $x++) {
$address = isset($data['Register']["place_live"]["address"][$x]) ? $data['Register']["place_live"]["address"][$x] : '';
$region_id = $data['Register']["place_live"]["region"][$x];
if (isset($region_id) and is_numeric($region_id)) {
$check_region_id = $this->Regions->find('first', array('conditions' => array('id' => $region_id)));
if (count($check_region_id) > 0) {
$region_city_id = $check_region_id['Regions']['city_id'][0];
$user_city_id = $user_data_step_1['User']['city_id'];
//проверка соответствия региона города
if ($user_city_id == $region_city_id) {
//записываем адрес
$data_to_save = array('user_id' => $user_id, 'address' => $address, 'region_id' => $region_id, 'city_id' => $user_city_id);
$result = $this->UserToRegionPlace->save($data_to_save);
}
}
}
}
//запись районов для выезда
$this->loadModel('UserToRegionGuest');
$this->UserToRegionGuest->useTable = 'user_to_region_guests';
if (isset($data['Register']["place_guest"])) {
for ($x = 0; $x < count($data['Register']["place_guest"]["region"]); $x++) {
$region_id = $data['Register']["place_guest"]["region"][$x];
$check_region_id = $this->Regions->find('first', array('conditions' => array('id' => $region_id)));
if (count($check_region_id) > 0) {
$region_city_id = $check_region_id['Regions']['city_id'];
$user_city_id = $user_data_step_1['User']['city_id'];
//проверка соответствия региона города
if ($user_city_id == $region_city_id) {
//записываем адрес
$data_to_save = array('user_id' => $user_id, 'region_id' => $region_id, 'city_id' => $user_city_id);
$this->UserToRegionGuest->save($data_to_save);
}
}
}
}
//получение id страны
$this->loadModel('City');
if ($user_data_step_1['User']['city_id'] > 0) {
$country_data = $this->City->find('first', array('conditions' => array('id' => $user_data_step_1['User']['city_id'])));
$country_id = $country_data['City']['country_id'];
} else {
$country_id = 0;
}
$this->User->id = $user_id;
if (!isset($uploaded_image)) {
$uploaded_image = '';
}
$data_to_save = array('mail_key' => $mail_key, 'main_foto' => $uploaded_image, 'country_id' => $country_id);
$this->User->save($data_to_save);
//если указаны категории - сохраняем их
/*
if (count($data['Register']["service"] > 0)) {
$this->loadModel('Service');
$this->loadModel('Servicetouser');
for ($x = 0; $x < count($data['Register']["service"]); $x++) {
$cur_id = $data['Register']["service"]["id"][$x];
if (is_numeric($cur_id)) {
$service = $this->Service->find('all', array('conditions' => array('Service.id = ' . $cur_id)))[0];
if ($service == null) {
$this->Error->setError('ERROR_201');
} else {
$this->Servicetouser->useTable = 'service_to_users';
$data_for_save = array(
"service_id" => $service["Service"]["id"],
"user_id" => $user_id
);
$this->Servicetouser->save($data_for_save);
}
}
}
}
*/
App::uses('CakeEmail', 'Network/Email');
$sended_data = L("YOU_JUST_REGISTERED") . " " . site_url() . "<br>";
$sended_data .= L("REGISTER_DATA") . " " . L("YOUR_LOGIN") . " :" . $login;
$sended_data .= ", ";
$sended_data .= L("YOUR_PASSWORD") . ": " . $real_pwd . "<br>";
$sended_data .= "<a href='" . site_url() . "/activate_account/user/" . $mail_key . "'>" . L('ACTIVATE_LINK') . "</a> " . L('REGISTER_LINK_TEXT') . ": <br>";
$email = new CakeEmail();
$email->emailFormat('html');
$email->template('user_register_mail_template', 'user_register_mail_layout');
$email->from(Configure::read('SITE_MAIL'));
$email->to($user_data_step_1["User"]["mail"]);
$email->subject(L('REGISTER_ON_PROJECT') . " " . site_url());
$email->viewVars(array('sended_data' => $sended_data));
$email->send();
$this->redirect(array('controller' => 'register', 'action' => 'ok'));
}
$db->direct_query($query);
} elseif ($system->SETTINGS['activationtype'] == 1 || $system->SETTINGS['activationtype'] == 0) {
$query = "UPDATE " . $DBPrefix . "counters SET inactiveusers = inactiveusers + 1";
$db->direct_query($query);
} else {
$query = "UPDATE " . $DBPrefix . "counters SET users = users + 1";
$db->direct_query($query);
}
$balance = $system->SETTINGS['fee_type'] == 2 ? 0 : $system->SETTINGS['fee_signup_bonus'] - $signup_fee;
$query = "SELECT id FROM " . $DBPrefix . "groups WHERE auto_join = 1";
$db->direct_query($query);
$groups = array();
while ($row = $db->fetch()) {
$groups[] = $row['id'];
}
$hash = get_hash();
// prepare to hash the password
include $include_path . 'PasswordHash.php';
$phpass = new PasswordHash(8, false);
$query = "INSERT INTO " . $DBPrefix . "users\n\t\t\t\t\t\t(nick, password, hash, name, address, city, prov, country, zip, phone, nletter, email, reg_date, birthdate, \n\t\t\t\t\t\tsuspended, language, groups, balance, timecorrection, paypal_email, worldpay_id, moneybookers_email, toocheckout_id, authnet_id, authnet_pass)\n\t\t\t\t\t\tVALUES\n\t\t\t\t\t\t(:nick, :password, :hash, :name, :address, :city, :prov, :country, :zip, :phone, :nletter, :email, :reg_date, :birthdate,\n\t\t\t\t\t\t:suspended, :language, :groups, :balance, :timecorrection, :paypal_email, :worldpay_id, :moneybookers_email, :toocheckout_id, :authnet_id, :authnet_pass)";
$params = array(array(':nick', $system->cleanvars($TPL_nick_hidden), 'str'), array(':password', $phpass->HashPassword($TPL_password_hidden), 'str'), array(':hash', $hash, 'str'), array(':name', $system->cleanvars($TPL_name_hidden), 'str'), array(':address', $system->cleanvars(isset($_POST['TPL_address']) ? $_POST['TPL_address'] : ''), 'str'), array(':city', $system->cleanvars(isset($_POST['TPL_city']) ? $_POST['TPL_city'] : ''), 'str'), array(':prov', $system->cleanvars(isset($_POST['TPL_prov']) ? $_POST['TPL_prov'] : ''), 'str'), array(':country', $system->cleanvars(isset($_POST['TPL_country']) ? $_POST['TPL_country'] : ''), 'str'), array(':zip', $system->cleanvars(isset($_POST['TPL_zip']) ? $_POST['TPL_zip'] : ''), 'str'), array(':phone', $system->cleanvars(isset($_POST['TPL_phone']) ? $_POST['TPL_phone'] : ''), 'str'), array(':nletter', $_POST['TPL_nletter'], 'int'), array(':email', $system->cleanvars($_POST['TPL_email']), 'str'), array(':reg_date', time(), 'int'), array(':birthdate', !empty($DATE) ? $DATE : 0, 'str'), array(':suspended', $SUSPENDED, 'int'), array(':language', $language, 'str'), array(':groups', implode(',', $groups), 'str'), array(':balance', $balance, 'bool'), array(':timecorrection', $_POST['TPL_timezone'], 'float'), array(':paypal_email', isset($_POST['TPL_pp_email']) ? $system->cleanvars($_POST['TPL_pp_email']) : '', 'str'), array(':worldpay_id', isset($_POST['TPL_worldpay_id']) ? $system->cleanvars($_POST['TPL_worldpay_id']) : '', 'str'), array(':moneybookers_email', isset($_POST['TPL_moneybookers_email']) ? $system->cleanvars($_POST['TPL_moneybookers_email']) : '', 'str'), array(':toocheckout_id', isset($_POST['toocheckout_id']) ? $system->cleanvars($_POST['toocheckout_id']) : '', 'str'), array(':authnet_id', isset($_POST['TPL_authnet_id']) ? $system->cleanvars($_POST['TPL_authnet_id']) : '', 'str'), array(':authnet_pass', isset($_POST['TPL_authnet_pass']) ? $system->cleanvars($_POST['TPL_authnet_pass']) : '', 'str'));
$db->query($query, $params);
$TPL_id_hidden = $db->lastInsertId();
$query = "INSERT INTO " . $DBPrefix . "usersips VALUES\n\t\t\t\t\t\t (NULL, :id_hidden, :remote_addr, 'first', 'accept')";
$params = array();
$params[] = array(':id_hidden', $TPL_id_hidden, 'int');
$params[] = array(':remote_addr', $_SERVER['REMOTE_ADDR'], 'int');
$db->query($query, $params);
$_SESSION['language'] = $language;
$first = false;
if (defined('TrackUserIPs')) {
public function login()
{
//почта
$mail = $this->request->data['Admin']['mail'];
//пароль
$password = $this->request->data['Admin']['password'];
$hashed_pass = get_hash(Configure::read('USER_AUTH_SALT'), $password);
$this->loadModel('Admin');
$check_admin = $this->Admin->find('count', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
if ($check_admin) {
$has_access = $this->Admin->find('first', array('conditions' => array('password' => $hashed_pass, 'mail' => $mail)));
$has_access = $has_access['Admin']['status'];
if ($has_access == 1) {
$this->Session->write('Admin', $mail);
$admin_id_data = $this->Admin->find('first', array('conditions' => array('mail' => $mail)));
$admin_id = $admin_id_data['Admin']['id'];
//запись авторизации
$this->loadModel('Adminauth');
$auth_data = array('admin_id' => $admin_id, 'ip' => get_ip(), 'browser' => get_ua(), 'os' => get_os());
$admin_auth_data = $this->Adminauth->save($auth_data);
$this->Session->write('admin_id', $admin_id);
$this->redirect(array('controller' => 'admin', 'action' => 'index'));
} else {
$auth_error_text = "Доступ заблокирован";
$this->set('auth_error', 'true');
$this->set('auth_error_text', $auth_error_text);
$this->redirect(array('controller' => 'admin', 'action' => 'auth', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
}
} else {
$auth_error_text = "Не правильный пароль или логин";
$this->set('auth_error', 'true');
$this->set('auth_error_text', $auth_error_text);
$this->redirect(array('controller' => 'admin', 'action' => 'auth', '?' => array('auth_error' => 'true', 'auth_error_text' => $auth_error_text)));
}
}
