Example #1
1
            if ($uage == 12) {
                $can_be_back = $umon - $regmon;
                $can_be_back *= 60;
            } else {
                $can_be_back = 13 - $uage;
                $can_be_back *= 365;
            }
            sm_raise_err("You are not 13 years of age or older. Come back soon!");
            setcookie('sm_not_old', 'yes', time() + 60 * 60 * 24 * $can_be_back);
            sm_die();
        }
        // Gender? WEE NEED NO STINKIN' GENDER!
        // No... wait! SocialMe is gender netural!
        // It's multisex enabled!
        // Hash password
        $hashed_pass = sha256($_POST['pass'] . $sm_secret);
        $sql_values = "('" . $_POST['name'] . "', '" . $_POST['mail'] . "', " . $uage . ", '" . $hashed_pass . ")";
        $sql_query = "INSERT INTO accounts VALUES " . $sql_values;
        sm_db_exec($sql_query);
        // The user MUST verify their mail
        $veracccode = md5(sha1(crc32(mt_rand() + time())));
        $_SESSION['veracccode'] = $veracccode;
        mail($uma, "Verify your " . $sm_name . "account", "Your " . $sm_name . " account needs verification. Your code is " . $veracccode . ". Return to the verification page and enter the code in.", "From: " . $sm_mail);
        header("Location: /v.php?ac_stamp=" . time());
    } else {
        sm_raise_err("The CAPTCHA was wrong! Sign up again and enter it correctly!");
        sm_die();
    }
}
?>
Example #2
0
 function add($id_user, $login_name)
 {
     $akey = sha256(make_code() . $login_name);
     $c = new Query();
     $c->value('user_id', $id_user);
     $c->value('akey', $akey);
     $this->insert($c);
     return $akey;
 }
Example #3
0
function session_auth()
{
    if (array_key_exists("testid", $_REQUEST)) {
        return $_REQUEST["testid"];
    }
    $uri = $_SERVER["REQUEST_URI"];
    $session_id = $_REQUEST["session_id"];
    $session_key = $_REQUEST["session_key"];
    $pos = strpos($uri, "session_id=");
    if ($pos > 0) {
        $urix = substr($uri, 0, $pos) . substr($uri, $pos + 12 + strlen($session_id), strlen($uri));
        $uri = $urix;
    }
    if ($pos < 1) {
        $result = array("error_code" => "403.1", "error_desc" => "SESSION ID is missing.");
        echo json_encode($result);
        exit(0);
    }
    $pos = strpos($uri, "session_key=");
    if ($pos > 0) {
        $urix = substr($uri, 0, $pos) . substr($uri, $pos + 13 + strlen($session_key), strlen($uri));
        $uri = $urix;
    }
    if ($pos < 1) {
        $result = array("error_code" => "403.2", "error_desc" => "SESSION KEY is missing.");
        echo json_encode($result);
        exit(0);
    }
    if (substr($uri, strlen($uri) - 1, 1) == "&" || substr($uri, strlen($uri) - 1, 1) == "?") {
        $uri = substr($uri, 0, strlen($uri) - 1);
    }
    $es = load_ext_model("Mobile_sessions");
    $sess = $es->get_session($session_id);
    if (!$sess) {
        $result = array("error_code" => "403.3", "error_desc" => "Expired session.");
        echo json_encode($result);
        exit(0);
    }
    $auth_value = sha256($uri . $sess["session_key"]);
    if ($session_key != $auth_value) {
        $result = array("error_code" => "403.4", "error_desc" => "Invalid SESSION KEY.");
        echo json_encode($result);
        exit(0);
    }
    if (array_key_exists("session_expire_expand", $_GET)) {
        $exp_date = $_GET["session_expire_expand"];
        $es->extend($session_id, $exp_date);
    }
    return $sess["id_users"];
}
Example #4
0
<?php

/* Nanolink SHA256 Class Example */
// Include class, you may need to update the path to the class file
require_once 'sha256.inc.php';
// Source string
$input_str = $_GET['str'];
// Verifying Source string
if ($input_str == "") {
    echo "Error.";
    return;
}
// Timer function compatible with PHP4
function microtime_float()
{
    list($usec, $sec) = explode(" ", microtime());
    return (double) $usec + (double) $sec;
}
// Record time before hashing
$time1 = microtime_float();
// Perform hash
echo sha256($input_str);
// Record time after hashing
$time2 = microtime_float();
// Display difference
echo "<br />\nRuntime: " . ($time2 - $time1) . " seconds.";
return;
Example #5
0
 private function validateRegistration()
 {
     loadLibrary("validation.lib");
     $user = secure($_POST["username"]);
     $display = secure($_POST["display"]);
     $pass1 = secure($_POST["pass1"]);
     $pass2 = secure($_POST["pass2"]);
     $email1 = secure($_POST["email1"]);
     $email2 = secure($_POST["email2"]);
     $res = valid_username($user);
     if ($res !== true) {
         $this->errors[] = $res;
     }
     $res = valid_displayname($display);
     if ($res !== true) {
         $this->errors[] = $res;
     }
     if ($pass1 !== $pass2) {
         $this->errors[] = "passwords_dont_match";
     } else {
         $res = valid_password($pass1);
         if ($res !== true) {
             $this->errors[] = $res;
         }
     }
     if ($email1 !== $email2) {
         $this->errors[] = "emails_dont_match";
     } else {
         $res = valid_email($email1);
         if ($res !== true) {
             $this->errors[] = $res;
         }
     }
     // Validate these next two for the most protective method.
     if ($_POST["hideemail"] == "no") {
         $hideemail = false;
     } else {
         $hideemail = true;
     }
     if ($_POST["receiveemail"] == "yes") {
         $receiveemail = true;
     } else {
         $receiveemail = false;
     }
     // Check ToS box
     if (!$_POST["tos"]) {
         $this->errors[] = "tos_not_checked";
     }
     if (count($this->errors) == 0) {
         // Add the user
         global $yakbb;
         $yakbb->db->insert("users", array("id" => 0, "username" => $user, "displayname" => $display, "password" => sha256($pass1), "email" => $email1, "emailshow" => $hideemail ? 0 : 1, "emailoptin" => $receiveemail ? 1 : 0, "activated" => 1, "activationcode" => "", "pending" => 0, "registeredtime" => time(), "lastip" => $yakbb->ip, "template" => $yakbb->config["default_template"], "language" => $yakbb->config["default_language"], "timezone" => $yakbb->config["default_timezone"]));
         redirect("?action=login&reg=true");
     }
 }
Example #6
0
function USN_drop_servce($userid)
{
    global $SSO_URL, $SECRET_KEY, $SERVICE_NAME;
    $_hex_org = $SECRET_KEY . $userid;
    include_once "sha256.php";
    $_hex = sha256($_hex_org);
    $_url = "http://" . $SSO_URL . "/drop_service/" . $SERVICE_NAME . "/" . $userid . "/?key=" . $_hex;
    $FILE = fopen($_url, "r");
    $read = fread($FILE, 4096);
    $ret = new DOMDocument();
    $ret->loadXML($read);
    $x = $ret->documentElement;
    $_error_code = "0";
    $_error_str = "";
    $_userinfo = array();
    foreach ($x->childNodes as $item) {
        switch ($item->nodeName) {
            case "error_code":
                $_error_code = $item->nodeValue;
                break;
            case "error_str":
                $_error_str = $item->nodeValue;
                break;
            case "datas":
                foreach ($item->childNodes as $item2) {
                    $_userinfo[$item2->nodeName] = $item2->nodeValue;
                }
                break;
        }
    }
    return $_error_code;
}
Example #7
0
<?php

include 'connect.php';
//variables goes here
$name = mysqli_escape_string($_POST['name']);
$email = mysqli_escape_string($_POST['email']);
$password = sha256(sha512(mysqli_escape_string($_POST['password'])));
$confirm = sha256(sha512(mysqli_escape_string($_POST['confirm'])));
$send = $_POST['send'];
//top level domain for emails
$domains = array('@gmail.com', '@outlook.com', '@outlook.es', '@yahoo.com');
//validate form
function validate()
{
    $clean_email = strstr($email, '@');
    if (empty($name) || !isset($name)) {
        echo 'please fill all fields';
    }
    //check if array has a value
    if (!in_array($clean_email, $domains)) {
        echo 'please enter a valid email provider';
    }
    if ($password !== $confirm) {
        echo 'plase  check your password match';
    }
    if (isset($_POST['register'])) {
        start_session();
    }
}
validate();
function start_session()
Example #8
0
function hash_wrapper($str)
{
    switch (__OTP_HASH_FUNCTION) {
        case __OTP_MD5:
            if (function_exists(md5)) {
                return md5($str);
            }
        case __OTP_SHA1:
            if (function_exists(sha1)) {
                return sha1($str);
            }
        case __OTP_SHA256:
            if (function_exists(sha256)) {
                return sha256($str);
            }
        default:
            if (function_exists(sha1)) {
                return sha1($str);
            }
            print "DANGER WILL ROBINSON!!!";
            exit;
    }
}
Example #9
0
File: sha256.php Project: ThQ/qd
{
    $t1 = $x->RightRotate(2);
    $t2 = $x->RightRotate(13);
    $t3 = $x->RightRotate(22);
    return $t1->LogicalXOR($t2)->LogicalXOR($t3);
}
function bigSigma1_256($x)
{
    $t1 = $x->RightRotate(6);
    $t2 = $x->RightRotate(11);
    $t3 = $x->RightRotate(25);
    return $t1->LogicalXOR($t2)->LogicalXOR($t3);
}
function sigma0_256($x)
{
    $t1 = $x->RightRotate(7);
    $t2 = $x->RightRotate(18);
    $t3 = $x->LogicalRightShift(3);
    return $t1->LogicalXOR($t2)->LogicalXOR($t3);
}
function sigma1_256($x)
{
    $t1 = $x->RightRotate(17);
    $t2 = $x->RightRotate(19);
    $t3 = $x->LogicalRightShift(10);
    return $t1->LogicalXOR($t2)->LogicalXOR($t3);
}
echo sha256("lazy_one");
?>

Example #10
0
    echo sha256('');
    conclude();
} elseif (isset($_GET['register'])) {
    // Show registration home page
    webpage("register");
} elseif (isset($_GET['verify'])) {
    // Check if a registration key is valid
    echo 'INVALID!';
    $ikey = str_replace("-", "", $_GET['verify']);
    $rkey = sha256($key);
    if (strlen($ikey) != 16) {
        ob_end_clean();
        conclude('BADFORMAT!');
    }
    for ($i = -1; $i < 51; $i += 1) {
        $rkey = sha256($rkey);
        $ckey = substr($rkey, 0, 16);
        if ($ckey == $ikey) {
            if (strpos(file_get_contents("data/usedkeys.txt"), $ckey) == false) {
                ob_end_clean();
                echo 'OK';
            } else {
                ob_end_clean();
                echo 'USED!';
            }
            break;
        }
    }
} else {
    // Show the home page
    webpage("home");
 function hash_hmac_sha256_Broken($data, $key, $raw_output = false)
 {
     $size = strlen(sha256('test'));
     $pack = 'H' . $size;
     $size /= 2;
     $opad = str_repeat(chr(0x5c), $size);
     $ipad = str_repeat(chr(0x36), $size);
     if (strlen($key) > $size) {
         $key = str_pad(pack($pack, sha256($key)), $size, chr(0x0));
     } else {
         $key = str_pad($key, $size, chr(0x0));
     }
     for ($i = 0; $i < strlen($key) - 1; $i++) {
         $opad[$i] = $opad[$i] ^ $key[$i];
         $ipad[$i] = $ipad[$i] ^ $key[$i];
     }
     $output = sha256($opad . pack($pack, sha256($ipad . $data)));
     return $raw_output ? pack($pack, $output) : $output;
 }
Example #12
0
 /**
  * Pure-PHP implementation of SHA256
  *
  * See {@link http://en.wikipedia.org/wiki/SHA_hash_functions#SHA-256_.28a_SHA-2_variant.29_pseudocode SHA-256 (a SHA-2 variant) pseudocode - Wikipedia}.
  *
  * @access private
  * @param String $m
  */
 function _sha256($m)
 {
     if (extension_loaded('suhosin')) {
         return pack('H*', sha256($m));
     }
     // Initialize variables
     $hash = array(0x6a09e667, 0.0, 0x3c6ef372, 2773480762.0, 0x510e527f, 2600822924.0, 0x1f83d9ab, 0x5be0cd19);
     // Initialize table of round constants
     // (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
     static $k = array(0x428a2f98, 0x71374491, 3049323471.0, 0.0, 0x3956c25b, 0x59f111f1, 2453635748.0, 0.0, 3624381080.0, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0.0, 2614888103.0, 3248222580.0, 0.0, 0.0, 0xfc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0.0, 2821834349.0, 2952996808.0, 3210313671.0, 0.0, 3584528711.0, 0x6ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0.0, 2456956037.0, 0.0, 2820302411.0, 3259730800.0, 3345764771.0, 0.0, 3600352804.0, 0.0, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 2227730452.0, 2361852424.0, 0.0, 0.0, 0.0, 3329325298.0);
     // Pre-processing
     $length = strlen($m);
     // to round to nearest 56 mod 64, we'll add 64 - (length + (64 - 56)) % 64
     $m .= str_repeat(chr(0), 64 - ($length + 8 & 0x3f));
     $m[$length] = chr(0x80);
     // we don't support hashing strings 512MB long
     $m .= pack('N2', 0, $length << 3);
     // Process the message in successive 512-bit chunks
     $chunks = str_split($m, 64);
     foreach ($chunks as $chunk) {
         $w = array();
         for ($i = 0; $i < 16; $i++) {
             extract(unpack('Ntemp', $this->_string_shift($chunk, 4)));
             $w[] = $temp;
         }
         // Extend the sixteen 32-bit words into sixty-four 32-bit words
         for ($i = 16; $i < 64; $i++) {
             $s0 = $this->_rightRotate($w[$i - 15], 7) ^ $this->_rightRotate($w[$i - 15], 18) ^ $this->_rightShift($w[$i - 15], 3);
             $s1 = $this->_rightRotate($w[$i - 2], 17) ^ $this->_rightRotate($w[$i - 2], 19) ^ $this->_rightShift($w[$i - 2], 10);
             $w[$i] = $this->_add($w[$i - 16], $s0, $w[$i - 7], $s1);
         }
         // Initialize hash value for this chunk
         list($a, $b, $c, $d, $e, $f, $g, $h) = $hash;
         // Main loop
         for ($i = 0; $i < 64; $i++) {
             $s0 = $this->_rightRotate($a, 2) ^ $this->_rightRotate($a, 13) ^ $this->_rightRotate($a, 22);
             $maj = $a & $b ^ $a & $c ^ $b & $c;
             $t2 = $this->_add($s0, $maj);
             $s1 = $this->_rightRotate($e, 6) ^ $this->_rightRotate($e, 11) ^ $this->_rightRotate($e, 25);
             $ch = $e & $f ^ $this->_not($e) & $g;
             $t1 = $this->_add($h, $s1, $ch, $k[$i], $w[$i]);
             $h = $g;
             $g = $f;
             $f = $e;
             $e = $this->_add($d, $t1);
             $d = $c;
             $c = $b;
             $b = $a;
             $a = $this->_add($t1, $t2);
         }
         // Add this chunk's hash to result so far
         $hash = array($this->_add($hash[0], $a), $this->_add($hash[1], $b), $this->_add($hash[2], $c), $this->_add($hash[3], $d), $this->_add($hash[4], $e), $this->_add($hash[5], $f), $this->_add($hash[6], $g), $this->_add($hash[7], $h));
     }
     // Produce the final hash value (big-endian)
     return pack('N8', $hash[0], $hash[1], $hash[2], $hash[3], $hash[4], $hash[5], $hash[6], $hash[7]);
 }
Example #13
0
<?php

require "connect.php";
require_once 'sha256.inc.php';
session_start();
if (isset($_POST['login'])) {
    if (trim($_POST['naam']) != "" && trim($_POST['wacht']) != "") {
        $naam = $_POST['naam'];
        $wacht = sha256($_POST['wacht']);
        $res = mysql_query("SELECT id, password, authlevel FROM beta_users where username='******'") or die(mysql_error());
        if (mysql_num_rows($res) > 0) {
            $row = mysql_fetch_assoc($res);
            if (!strcmp($wacht, $row['password'])) {
                if (isset($_POST['memory'])) {
                    setcookie("login_cookie", $row['id'] . ";" . $row['password'], time() + 3600 * 24 * 31 * 2, "/");
                    $ip = $_SERVER['REMOTE_ADDR'];
                    mysql_query("UPDATE beta_users SET user_lastip='" . $ip . "' WHERE id=" . $row['id']) or die(mysql_error());
                }
                mysql_query("update beta_users set forum_online='online' where username='******'") or die(mysql_error());
                setcookie('XNovaforum', $naam, time() + 60 * 60);
                $_SESSION['suser'] = $naam;
                //if($_SESSION['suser'] == 'Warsaalk' ){ mysql_query("UPDATE beta_users SET authlevel = 2 WHERE username='******'") or die(mysql_error());}
                $_SESSION['slevel'] = $row['authlevel'];
                $_SESSION['stime'] = time();
                $_SESSION['smaxidle'] = 60 * 60;
            } else {
                mysql_query("update beta_users set forum_online='offline' where username='******'suser'] . "'") or die(mysql_error());
                $_SESSION = array();
                session_destroy();
            }
            unset($row);
Example #14
0
 /**
  * 登録済みかどうか
  * @param string $argDSN
  */
 protected static function _resolveEncrypted($argString, $argAlgorism = NULL)
 {
     debug('EncryptAlg=' . $argAlgorism);
     $string = $argString;
     if ('sha1' === strtolower($argAlgorism)) {
         $string = sha1($argString);
     } elseif ('sha256' === strtolower($argAlgorism)) {
         $string = sha256($argString);
     } elseif (FALSE !== strpos(strtolower($argAlgorism), 'aes')) {
         $string = Utilities::doHexEncryptAES($argString, self::$_authCryptKey, self::$_authCryptIV);
     }
     return $string;
 }
Example #15
0
 /**
  * Uploads the images temporary to the cache folder
  * If the user doesn't save his entry the cron job will delete
  * the images
  *
  * @param   array  $file  - the file array
  *
  * @return boolean
  */
 public function uploadTmp($file)
 {
     $appl = JFactory::getApplication();
     // Total length of post back data in bytes.
     $contentLength = (int) $_SERVER['CONTENT_LENGTH'];
     $mediaHelper = new CompojoomHelperMedia();
     // Maximum allowed size of post back data in MB.
     $postMaxSize = $mediaHelper->toBytes(ini_get('post_max_size'));
     // Maximum allowed size of script execution in MB.
     $memoryLimit = $mediaHelper->toBytes(ini_get('memory_limit'));
     // Check for the total size of post back data.
     if ($postMaxSize > 0 && $contentLength > $postMaxSize || $memoryLimit != -1 && $contentLength > $memoryLimit) {
         $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ERROR_WARNUPLOADTOOLARGE'));
         return false;
     }
     // Do we have a file?
     if (isset($file['name'])) {
         JLoader::import('joomla.filesystem.file');
         $user = JFactory::getUser();
         $canUpload = $user->authorise('core.multimedia.create', $this->component);
         $params = JComponentHelper::getParams($this->component);
         $sizes = (array) $params->get('thumbs');
         // Some cameras just add whitespace, let's change this
         $file['name'] = str_replace(' ', '_', $file['name']);
         // Some users are uploading files with umlauts, change them to normal characters, otherwise we get an error on upload
         $file['name'] = preg_replace("/&([a-z])[a-z]+;/i", "\$1", htmlentities($file['name']));
         // The user doesn't seem to have upload privilegies
         if (!$canUpload) {
             $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_YOU_DONT_HAVE_UPLOAD_PRIVILEGES'));
             return false;
         }
         // Check if we pass all other checks
         if (!$mediaHelper->canUpload($file, $this->component)) {
             return false;
         }
         // Get a (very!) randomised name
         $serverkey = JFactory::getConfig()->get('secret', '');
         $sig = microtime() . $serverkey;
         if (function_exists('sha256')) {
             $mangledname = sha256($sig);
         } elseif (function_exists('sha1')) {
             $mangledname = sha1($sig);
         } else {
             $mangledname = md5($sig);
         }
         $mangledname .= '_' . $file['name'];
         // ...and its full path
         $filepath = JPath::clean($this->getFilePath() . $mangledname);
         // If we have a name clash, abort the upload
         if (JFile::exists($filepath)) {
             $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ATTACHMENTS_ERR_NAMECLASH'));
             return false;
         }
         // Do the upload
         if (!JFile::upload($file['tmp_name'], $filepath)) {
             $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ATTACHMENTS_ERR_CANTJFILEUPLOAD'));
             return false;
         }
         // Get the MIME type
         if (function_exists('mime_content_type')) {
             $mime = mime_content_type($filepath);
         } elseif (function_exists('finfo_open')) {
             $finfo = finfo_open(FILEINFO_MIME_TYPE);
             $mime = finfo_file($finfo, $filepath);
         } else {
             $mime = 'application/octet-stream';
         }
         // Create a temporary thumb file
         $image = new CompojoomImage($filepath);
         $thumbs = $image->createThumbs($sizes['small']);
         $imageData = base64_encode(file_get_contents($thumbs[0]->getPath()));
         // Now remove the thumb
         JFile::delete($thumbs[0]->getPath());
         // Format the image SRC:  data:{mime};base64,{data};
         $src = 'data: ' . $mime . ';base64,' . $imageData;
         // Return the file info
         $fileData = array('name' => $mangledname, 'title' => JFile::stripExt($file['name']), 'thumbnailUrl' => $src, 'size' => $file['size'], 'type' => $file['type'], 'deleteType' => 'delete', 'url' => '', 'deleteUrl' => $this->deleteUrl . '&file=' . $mangledname);
         return $fileData;
     } else {
         $appl->enqueueMessage(JText::_('LIB_COMPOJOOM_ATTACHMENTS_ERR_NOFILE'));
         return false;
     }
 }
Example #16
0
 protected function uploadFile($file, $checkUpload = true)
 {
     if (isset($file['name'])) {
         JLoader::import('joomla.filesystem.file');
         // Can we upload this file type?
         if ($checkUpload) {
             if (!class_exists('MediaHelper')) {
                 require_once JPATH_ADMINISTRATOR . '/components/com_media/helpers/media.php';
             }
             $err = '';
             $paths = array(JPATH_ROOT, JPATH_ADMINISTRATOR);
             $jlang = JFactory::getLanguage();
             $jlang->load('com_media', $paths[0], 'en-GB', true);
             $jlang->load('com_media', $paths[0], null, true);
             $jlang->load('com_media', $paths[1], 'en-GB', true);
             $jlang->load('com_media', $paths[1], null, true);
             if (!MediaHelper::canUpload($file, $err)) {
                 if (!empty($err)) {
                     $err = JText::_($err);
                 } else {
                     $app = JFactory::getApplication();
                     $errors = $app->getMessageQueue();
                     if (count($errors)) {
                         $error = array_pop($errors);
                         $err = $error['message'];
                     } else {
                         $err = '';
                     }
                 }
                 $content = file_get_contents($file['tmp_name']);
                 if (preg_match('/\\<\\?php/i', $content)) {
                     $err = JText::_('J2STORE_UPLOAD_FILE_PHP_TAGS');
                 }
                 if (!empty($err)) {
                     $this->setError(JText::_('J2STORE_UPLOAD_ERR_MEDIAHELPER_ERROR') . ' ' . $err);
                 } else {
                     $this->setError(JText::_('J2STORE_UPLOAD_ERR_GENERIC_ERROR'));
                 }
                 return false;
             }
         }
         // Get a (very!) randomised name
         $serverkey = JFactory::getConfig()->get('secret', '');
         $sig = $file['name'] . microtime() . $serverkey;
         if (function_exists('sha256')) {
             $mangledname = sha256($sig);
         } elseif (function_exists('sha1')) {
             $mangledname = sha1($sig);
         } else {
             $mangledname = md5($sig);
         }
         $upload_folder_path = JPATH_ROOT . '/media/j2store/uploads';
         if (!JFolder::exists($upload_folder_path)) {
             if (!JFolder::create($upload_folder_path)) {
                 $this->setError(JText::_('J2STORE_UPLOAD_ERROR_FOLDER_PERMISSION_ERROR'));
             }
         }
         //sanitize file name
         $filename = basename(preg_replace('/[^a-zA-Z0-9\\.\\-\\s+]/', '', html_entity_decode($file['name'], ENT_QUOTES, 'UTF-8')));
         $name = $filename . '.' . md5(mt_rand());
         // ...and its full path
         $filepath = JPath::clean(JPATH_ROOT . '/media/j2store/uploads/' . $name);
         // If we have a name clash, abort the upload
         if (JFile::exists($filepath)) {
             $this->setError(JText::_('J2STORE_UPLOAD_ERR_NAMECLASH'));
             return false;
         }
         // Do the upload
         if ($checkUpload) {
             if (!JFile::upload($file['tmp_name'], $filepath)) {
                 $this->setError(JText::_('J2STORE_UPLOAD_ERR_CANTJFILEUPLOAD'));
                 return false;
             }
         } else {
             if (!JFile::copy($file['tmp_name'], $filepath)) {
                 $this->setError(JText::_('J2STORE_UPLOAD_ERR_CANTJFILEUPLOAD'));
                 return false;
             }
         }
         // Get the MIME type
         if (function_exists('mime_content_type')) {
             $mime = mime_content_type($filepath);
         } elseif (function_exists('finfo_open')) {
             $finfo = finfo_open(FILEINFO_MIME_TYPE);
             $mime = finfo_file($finfo, $filepath);
         } else {
             $mime = 'application/octet-stream';
         }
         // Return the file info
         return array('original_name' => $file['name'], 'mangled_name' => $mangledname, 'saved_name' => $name, 'mime_type' => $mime);
     } else {
         $this->setError(JText::_('J2STORE_ATTACHMENTS_ERR_NOFILE'));
         return false;
     }
 }
Example #17
0
    <div class="span10">



<p>roondoo API Token:<br>
<i>Jjt61c6O3aq9K22fw6undYnWYJxy1zBB</i>
</p>

<p>Public API Key:<br>
<i><?php 
echo md5("SyusN" . $username . "NFuwT") . md5("B5JbDcT586oB" . $username);
?>
</i>
</p>

<p>Secret API Key:<br>
<i><?php 
echo sha256("DK4pC" . $username . "OvAY7QKA");
?>
</i>
</p>


    </div>



  </div>

<?php 
include "../a/include/footer.php";
Example #18
0
 /**
  * Checks if the file can be uploaded.
  *
  * @param   string  $name  Additional string you want to put into hash
  *
  * @return  boolean
  */
 public static function getUniqueName($name = '')
 {
     // Get a (very!) randomised name
     if (version_compare(JVERSION, '3.0', 'ge')) {
         $serverKey = JFactory::getConfig()->get('secret', '');
     } else {
         $serverKey = JFactory::getConfig()->getValue('secret', '');
     }
     $sig = $name . microtime() . $serverKey;
     if (function_exists('sha256')) {
         $mangledName = sha256($sig);
     } elseif (function_exists('sha1')) {
         $mangledName = sha1($sig);
     } else {
         $mangledName = md5($sig);
     }
     return $mangledName;
 }
Example #19
0
 function edit_pwd_by_mail($_id, $_pwd)
 {
     //        $this->debug();
     $c = new Query();
     $c->value("pwd", sha256($_pwd));
     $c->where_eq("id", $_id);
     $this->update($c);
 }
Example #20
-1
 private function validate()
 {
     loadLibrary("validation.lib");
     $user = secure($_POST["username"]);
     $pass = $_POST["password"];
     $reg = valid_username($user);
     if ($reg !== true) {
         $this->errors[] = $reg;
     }
     $reg = valid_password($pass);
     if ($reg !== true) {
         $this->errors[] = $reg;
     }
     if (count($this->errors) == 0) {
         // Check actual login data now
         global $yakbb;
         $yakbb->db->query("\r\n\t\t\t\tSELECT\r\n\t\t\t\t\tpassword\r\n\t\t\t\tFROM\r\n\t\t\t\t\tyakbb_users\r\n\t\t\t\tWHERE\r\n\t\t\t\t\tusername = '******'\r\n\t\t\t\tLIMIT\r\n\t\t\t\t\t1\r\n\t\t\t");
         $x = $yakbb->db->fetch();
         if ($yakbb->db->numRows() == 0) {
             $this->errors[] = "user_doesnt_exist";
         } else {
             if (sha256($pass) !== $x["password"]) {
                 $this->errors[] = "password_incorrect";
             } else {
                 // Login
                 setYakCookie("username", $user, time() + 60 * 60 * 24 * 180);
                 setYakCookie("password", sha256($pass), time() + 60 * 60 * 24 * 180);
                 redirect("?");
             }
         }
     }
 }
Example #21
-1
 /**
  * Pure-PHP implementation of SHA256
  *
  * See {@link http://en.wikipedia.org/wiki/SHA_hash_functions#SHA-256_.28a_SHA-2_variant.29_pseudocode SHA-256 (a SHA-2 variant) pseudocode - Wikipedia}.
  *
  * @access private
  * @param String $text
  */
 function _sha256($m)
 {
     if (extension_loaded('suhosin')) {
         return pack('H*', sha256($m));
     }
     // Initialize variables
     $hash = array(0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19);
     // Initialize table of round constants
     // (first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
     static $k = array(0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0xfc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x6ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2);
     // Pre-processing
     $length = strlen($m);
     // to round to nearest 56 mod 64, we'll add 64 - (length + (64 - 56)) % 64
     $m .= str_repeat(chr(0), 64 - ($length + 8 & 0x3f));
     $m[$length] = chr(0x80);
     // we don't support hashing strings 512MB long
     $m .= pack('N2', 0, $length << 3);
     // Process the message in successive 512-bit chunks
     $chunks = str_split($m, 64);
     foreach ($chunks as $chunk) {
         $w = array();
         for ($i = 0; $i < 16; $i++) {
             extract(unpack('Ntemp', $this->_string_shift($chunk, 4)));
             $w[] = $temp;
         }
         // Extend the sixteen 32-bit words into sixty-four 32-bit words
         for ($i = 16; $i < 64; $i++) {
             $s0 = $this->_rightRotate($w[$i - 15], 7) ^ $this->_rightRotate($w[$i - 15], 18) ^ $this->_rightShift($w[$i - 15], 3);
             $s1 = $this->_rightRotate($w[$i - 2], 17) ^ $this->_rightRotate($w[$i - 2], 19) ^ $this->_rightShift($w[$i - 2], 10);
             $w[$i] = $this->_add($w[$i - 16], $s0, $w[$i - 7], $s1);
         }
         // Initialize hash value for this chunk
         list($a, $b, $c, $d, $e, $f, $g, $h) = $hash;
         // Main loop
         for ($i = 0; $i < 64; $i++) {
             $s0 = $this->_rightRotate($a, 2) ^ $this->_rightRotate($a, 13) ^ $this->_rightRotate($a, 22);
             $maj = $a & $b ^ $a & $c ^ $b & $c;
             $t2 = $this->_add($s0, $maj);
             $s1 = $this->_rightRotate($e, 6) ^ $this->_rightRotate($e, 11) ^ $this->_rightRotate($e, 25);
             $ch = $e & $f ^ $this->_not($e) & $g;
             $t1 = $this->_add($h, $s1, $ch, $k[$i], $w[$i]);
             $h = $g;
             $g = $f;
             $f = $e;
             $e = $this->_add($d, $t1);
             $d = $c;
             $c = $b;
             $b = $a;
             $a = $this->_add($t1, $t2);
         }
         // Add this chunk's hash to result so far
         $hash = array($this->_add($hash[0], $a), $this->_add($hash[1], $b), $this->_add($hash[2], $c), $this->_add($hash[3], $d), $this->_add($hash[4], $e), $this->_add($hash[5], $f), $this->_add($hash[6], $g), $this->_add($hash[7], $h));
     }
     // Produce the final hash value (big-endian)
     return pack('N8', $hash[0], $hash[1], $hash[2], $hash[3], $hash[4], $hash[5], $hash[6], $hash[7]);
 }
Example #22
-2
 public function login($login_name)
 {
     $result = array("error_code" => 0, "error_desc" => "");
     $user = $this->Users->get_by_login_name($login_name);
     if (!$user) {
         $result["error_code"] = "404";
         $result["error_desc"] = "Non-exist user";
         echo json_encode($result);
         exit(0);
     }
     $ticket = $this->Mobile_tickets->get_login_ticket($user["id"]);
     $datas = array();
     $pw_string = sha256($user["password"] . $ticket["login_ticket"]);
     $pw_input = $_REQUEST["confirm_key"];
     if ($pw_string == $pw_input) {
         $session = $this->Mobile_sessions->new_session($user["id"]);
         $datas["session_key"] = $session["session_key"];
         $datas["session_id"] = $session["id"];
     } else {
         $result["error_code"] = "403";
         $result["error_desc"] = "Key error";
         echo json_encode($result);
         exit(0);
         return;
     }
     $c = new Query();
     $c->where("id_users = " . $user["id"]);
     $this->Mobile_tickets->delete_cond($c);
     $result["result"] = $datas;
     echo json_encode($result);
     exit(0);
 }