/**
* Set an OAuth token in the session by type
* If the encryption object is set then
* encrypt the token before storing
* @return void
*/
public function set($token, $type)
{
if ($type != 'request_token' && $type != 'access_token') {
throw new \Dropbox\Exception("Expected a type of either 'request_token' or 'access_token', got '{$type}'");
} else {
if ($this->encrypter instanceof Encrypter) {
$token = $this->encrypter->encrypt($token);
}
$_SESSION[$this->namespace][$type] = $token;
}
}
/**
* Decrypt a token using the Encrypter object and return it
* If there is no Encrypter object, assume the token was stored
* serialized and return the unserialized token object
* @param stdClass $token OAuth token to encrypt
* @return stdClass|string
*/
protected function decrypt($token)
{
// Decrypt the token if there is an Encrypter instance
if ($this->encrypter instanceof Encrypter) {
$token = $this->encrypter->decrypt($token);
}
// Return the unserialized token
return @unserialize($token);
}
public function write($sessionID, $data)
{
if (!is_string($sessionID)) {
return false;
}
if (!is_string($data)) {
return false;
}
$database = Database::getInstance();
if (!$database->isConnected()) {
return false;
}
$encrypter = new Encrypter($this->key);
$data = $database->escapeString($encrypter->encrypt($data));
$sessionID = $database->escapeString($sessionID);
$time = $database->escapeString(time());
$query = "INSERT INTO session (id, variables, lastAccess, locked) VALUES ('{$sessionID}', '{$data}', '{$time}', 0) ON DUPLICATE KEY UPDATE variables='{$data}', lastAccess='{$time}', locked=0";
$result = $database->makeCustomQuery($query);
if ($result == false) {
return false;
}
return true;
}
function insertReservaAfiliado($reserva_id, $total)
{
if (isset($_COOKIE['afiliado'])) {
$afiliado_id = urldecode(Encrypter::decrypt($_COOKIE['afiliado'], 'afiliado'));
if (is_numeric($afiliado_id)) {
$afiliado = getAfiliado($afiliado_id);
if ($afiliado) {
$comision = $afiliado->comisionHotel;
$comision_importe = $total * ($comision / 100);
$reserva_afiliado_a = array('comision' => $comision_importe, 'porcentaje' => $comision, 'reservaId' => $reserva_id, 'afiliadoId' => $afiliado_id);
$reserva_afiliado = DAOFactory::getReservaAfiliadoDAO()->prepare($reserva_afiliado_a);
$reserva_afiliado_id = DAOFactory::getReservaAfiliadoDAO()->insert($reserva_afiliado);
}
}
}
}
public function validateUser($redirect = true)
{
if (isset($_SESSION['usuario'])) {
return true;
} else {
if (isset($_COOKIE[$base_url])) {
$userId = Encrypter::decrypt($_COOKIE[$base_url], $base_url);
$user = getUsuario($userId);
if ($user) {
$usuario_core->setUsuario($user);
return true;
}
}
if ($redirect) {
$this->loginRedirect();
} else {
return false;
}
}
}
function login()
{
$request = \Slim\Slim::getInstance()->request();
//json parameters
$data = json_decode($request->getBody());
$con = getConnection();
$pstmt = $con->prepare("SELECT password,idusuario from usuario where username=?");
$pstmt->execute(array($data->{"USERNAME"}));
$array = $pstmt->fetch(PDO::FETCH_ASSOC);
if ($array["password"] != null) {
$passfeliz = Encrypter::decrypt($array["password"]);
if ($passfeliz == $data->{"PASSWORD"}) {
//solucion temporal porque usuario puede tener muchos grupos por usuario
$pstmt = $con->prepare("SELECT idgrupo from usuarioxgrupo where idusuario=? limit 1");
$pstmt->execute(array($array["idusuario"]));
$grupo = $pstmt->fetch(PDO::FETCH_ASSOC);
echo json_encode(array('respuesta' => 1, 'userid' => $array["idusuario"], 'grupoid' => $grupo["idgrupo"]));
} else {
echo json_encode(array('respuesta' => 0));
}
} else {
echo json_encode(array('respuesta' => 0));
}
}
// echo "Session is set"; // for testing purposes
header("Location: intropage.php");
}
if (isset($_POST["login"])) {
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysql_query("SELECT * FROM cont_user WHERE username='******' AND password='******'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
while ($row = mysql_fetch_assoc($query)) {
$dbusername = $row['username'];
$dbpassword = $row['password'];
$iduser = $row['id'];
}
if ($username == $dbusername && Encrypter::encrypt($password) == $dbpassword) {
$_SESSION['session_userid'] = $iduser;
$_SESSION['session_username'] = $username;
/* Redirect browser */
header("Location: menu.php");
}
} else {
$message = "Nombre de usuario ó contraseña invalida!";
}
} else {
$message = "Todos los campos son requeridos!";
}
}
?>
<?php
if (!$_POST) {
require_once 'main.html.php';
} else {
//ENT_QUOTES es una constante. Todas las constantes van en mayusculas.
//Hay que filtrar siempre todas las entradas de datos para evitar la inyeción de código.
$text = htmlspecialchars($_POST['text'], ENT_QUOTES, 'UTF-8');
$action = htmlspecialchars($_POST['action'], ENT_QUOTES, 'UTF-8');
//Si el texto es cadena vacía o la acción no es code ni decode
//vuelvo a cargar el formulario.
if ($text == "" || $action != "code" && $action != "decode") {
require_once 'main.html.php';
} else {
require_once 'libs/encrypter.php';
//Hacemos referencia o instanciamos a la clase Encrypter de esta manera
//porque es un metodo estático CLASE::METODO(PARAMETRO)
if ($action == "code") {
$resultText = Encrypter::encrypt($text);
} elseif ($action == "decode") {
$resultText = Encrypter::decrypt($text);
}
require_once 'main.html.php';
}
}
/**
* Checks if password is correct
*
* @param $username input username
* @param $password input password
* @return bool true if password is correct for $usre
*/
private function correctPassword($username, $password)
{
$sql = "SELECT password FROM " . $this->DB_TABLE . " WHERE username=" . $this->pdo->quote($username);
$query = $this->pdo->prepare($sql);
$query->execute();
$results = $query->fetchColumn();
if ($results == Encrypter::getEncryptedPassword($password)) {
return true;
} else {
return false;
}
}
<?php
$action = $_POST['action'];
$result = array('msg' => 'error', 'data' => 'Acción no válida');
require 'Logic/widget.php';
require 'Logic/afiliado.php';
if (strcmp($action, 'get') == 0) {
if (isset($_POST['configuracion'])) {
$configuracion = $_POST['configuracion'];
$smarty->assign("configuracion", (object) $configuracion);
$afiliado_id = $_POST['afiliado_id'];
$afiliado_id_encriptado = urlencode(Encrypter::encrypt($afiliado_id, 'afiliado'));
$smarty->assign("code", $afiliado_id_encriptado);
$result['msg'] = 'ok';
$enlace = $base_url . '?a=' . $afiliado_id_encriptado;
$smarty->assign("enlace", $enlace);
if ($_POST['tipo'] == "completo") {
$destinos = getAfiliadoDestinos($afiliado_id);
$smarty->assign("destinos", $destinos);
$widget = $smarty->fetch('admin/widget/widget.tpl');
} else {
if ($_POST['tipo'] == "banner") {
$rgb = Core_Util_General::hex2rgb($configuracion['backgroundBody']);
$images = getAllHotelImages($_POST['hotel']);
$smarty->assign('image', array_pop($images));
$hotel_h = getHotelById($_POST['hotel']);
$enlace = 'http://' . $hotel_h->dominioCampania . '?a=' . $afiliado_id_encriptado;
$smarty->assign("enlace", $enlace);
$smarty->assign("hotel_h", $hotel_h);
$destino = getDestino($hotel->destinoId);
$smarty->assign("destino", $destino);
<?php
class Encrypter
{
private static $Key = "grupospira";
public static function encrypt($input)
{
$output = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(Encrypter::$Key), $input, MCRYPT_MODE_CBC, md5(md5(Encrypter::$Key))));
return $output;
}
public static function decrypt($input)
{
$output = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5(Encrypter::$Key), base64_decode($input), MCRYPT_MODE_CBC, md5(md5(Encrypter::$Key))), "");
return $output;
}
}
$texto = "A.123456";
// Encriptamos el texto
$texto_encriptado = Encrypter::encrypt($texto);
echo $texto_encriptado;
// Desencriptamos el texto
$texto_original = Encrypter::decrypt($texto_encriptado);
echo $texto_original;
if ($texto == $texto_original) {
echo '</br>';
echo 'Encriptación / Desencriptación realizada correctamente.';
echo '</br>';
echo sha1('1');
}
function getReservaByLocalizador($localizador, $withCardData = false)
{
try {
$reservas = DAOFactory::getReservaDAO()->queryByLocalizador($localizador);
if (!$reservas || !count($reservas)) {
return false;
}
$reserva = $reservas[count($reservas) - 1];
$idReserva = $reserva->id;
$reserva->productos = DAOFactory::getReservaProductoDAO()->queryByReservaId($idReserva);
$reserva->usuario = getUsuario($reserva->usuarioId);
$reserva->pagos = DAOFactory::getReservaPagoDAO()->queryByReservaId($idReserva);
if ($reserva->pagos) {
$clave = getClaveByHotel($reserva->hotelId);
foreach ($reserva->pagos as $pago) {
if ($pago->formaPago == 'tarjeta') {
if (!$withCardData) {
$pago->tarjetaNumero = false;
$reserva->cardData = true;
} else {
if ($pago->tarjetaNumero && strlen(trim($pago->tarjetaNumero))) {
$pago->tarjetaNumero = Encrypter::decrypt($pago->tarjetaNumero, $clave);
}
}
if (!$withCardData) {
$pago->cvv = false;
} else {
if ($pago->cvv && strlen(trim($pago->cvv))) {
$pago->cvv = Encrypter::decrypt($pago->cvv, $clave);
}
}
}
}
}
$reserva->alojamiento = array();
$reserva->extras = array();
foreach ($reserva->productos as $kp => $p) {
if (strcmp($p->tipo, 'apartamento') == 0) {
$p->noches = ceil((strtotime($p->final) - strtotime($p->inicio)) / (24 * 60 * 60));
if (strpos($p->nombre, '(')) {
$n = explode('(', $p->nombre);
$pax = trim($n[count($n) - 1]);
$reserva->productos[$kp]->pax = substr($pax, 0, strlen($pax) - 1);
}
array_push($reserva->alojamiento, $p);
} else {
if ($p->eventoTpv && strlen($p->eventoTpv)) {
$p->eventoTpv = json_decode($p->eventoTpv);
}
if ($p->entradas) {
$p->entradasList = json_decode($p->entradas);
$cant = 0;
foreach ($p->entradasList as $entrada) {
$cant += $entrada->entradas;
}
$p->tickets = $cant;
}
array_push($reserva->extras, $p);
}
}
if ($reserva->monedaId) {
$reserva->moneda = DAOFactory::getMonedaDAO()->load($reserva->monedaId);
}
if ($reserva->idiomaId) {
$reserva->idioma = DAOFactory::getIdiomaDAO()->load($reserva->idiomaId);
}
if ($reserva->cartId) {
$reserva->cart = DAOFactory::getShoppingCartDAO()->load($reserva->cartId);
$reserva->cart->apto = json_decode($reserva->cart->apartamento);
}
return $reserva;
} catch (Exception $e) {
return false;
}
}
<?php
include_once __DIR__ . '/Middleware.php';
$url = array_slice(preg_split('/\\//', $_GET["_url"]), 1);
$parametros = array_slice($url, 3);
$middleware = new Middleware($url[0], $url[1], $url[2]);
//echo $middleware->send();
//print_r($parametros);
include_once __DIR__ . '/util/Encrypter.php';
echo Encrypter::decrypt($middleware->send($parametros));
public function sendMail()
{
$siteEmail = SITE_EMAIL;
$variableEngine = VariableEngine::getInstance();
$smtpServer = $variableEngine->getVariable('smtpServer');
if ($smtpServer === false) {
return false;
}
$smtpPort = $variableEngine->getVariable('smtpPort');
if ($smtpPort === false) {
return false;
}
$smtpUserName = $variableEngine->getVariable('smtpUserName');
if ($smtpUserName === false) {
return false;
}
$smtpPassword = $variableEngine->getVariable('smtpPassword');
if ($smtpPassword === false) {
return false;
}
$smtpUseEncryption = $variableEngine->getVariable('smtpUseEncryption');
if ($smtpUseEncryption === false) {
return false;
}
$smtpUseEncryption = $smtpUseEncryption->getValue();
if ($smtpUseEncryption === 'false') {
$encryption = "";
} else {
$encryption = "tls";
}
$toSend = new PHPMailer();
$toSend->isSMTP();
$toSend->Host = $smtpServer->getValue();
$toSend->SMTPAuth = true;
$toSend->Username = $smtpUserName->getValue();
$enc = new Encrypter();
$toSend->Password = $enc->decrypt($smtpPassword->getValue());
$toSend->SMTPSecure = $encryption;
$toSend->Port = intval($smtpPort->getValue());
$toSend->From = $siteEmail;
$toSend->FromName = $this->senderName;
$toSend->addReplyTo($this->senderEmail, $this->senderName);
$toSend->isHTML(true);
$toSend->Subject = $this->subject;
if ($this->isBulkMail) {
foreach ($this->recipients as $recipient) {
$toSend->addBCC($recipient);
}
$toSend->Body = $this->body;
$toSend->AltBody = strip_tags($this->body);
if (!$toSend->send()) {
$this->errors[] = $toSend->ErrorInfo;
return false;
}
return true;
}
$sent = true;
foreach ($this->recipients as $recipient) {
$body = $this->doReplacement($recipient);
$altBody = strip_tags($body);
$toSend->clearAddresses();
$toSend->addAddress($recipient);
$toSend->Body = $body;
$toSend->AltBody = $altBody;
if (!$toSend->send()) {
$this->errors = $toSend->ErrorInfo;
$sent = false;
}
}
return $sent;
}
public function sendEmailRecuperaPassword()
{
$mensaje = "";
$correcto = false;
try {
$email = $_POST["email"];
$this->load->model('sesion_model');
$user = $this->sesion_model->existeEmail($email);
if (isset($user)) {
$this->load->library("email");
//ejemplo
$enlace = $this->config->site_url() . 'RecuperaPass?username='******'protocol' => $this->config->item('protocol_email'), 'smtp_host' => $this->config->item('smtp_host_email'), 'smtp_port' => $this->config->item('smtp_port_email'), 'smtp_user' => $this->config->item('smtp_user_email'), 'smtp_pass' => $this->config->item('smtp_pass_email'), 'mailtype' => $this->config->item('mailtype'), 'charset' => $this->config->item('charset_email'), 'newline' => $this->config->item('newline_email'));
$this->email->initialize($config);
$this->email->set_newline("\r\n");
$this->email->from('Administrador');
$this->email->to($email);
$this->email->subject('Instrucciones de recuperación de contraseña, Convivir');
$this->email->message('<p>Hemos recibido su solicitud de recuperación de contraseña. ' . 'Si hace click en el enlace, le enviaremos a una página en donde ' . 'podrá cambiar o recuperar su contraseña.</p> ' . '<p>Si el enlace no funciona, copie y pegue el enlace en la barra ' . 'de direcciones de su navegador.</p> ' . '<p>Enlace: <a href="' . $enlace . '">' . $enlace . '</a></p><br><br>');
if ($this->email->send()) {
$correcto = true;
$mensaje = "El correo fué enviado. Favor verifique y siga las instrucciones.";
} else {
$mensaje = "El correo electrónico no pudo ser enviado, intente más tarde.";
//show_error($this->email->print_debugger()); //DEJAR PARA DEBUG EN CASO DE FALLA
}
} else {
$mensaje = "Email no registrado. Favor verifique.";
}
} catch (Expection $e) {
$mensaje = 'Ha ocurrido un error al tratar de enviar el email. Favor intente más tarde.';
}
$obj = (object) array('Correcto' => $correcto, 'Mensaje' => $mensaje);
echo json_encode($obj);
}
private function CreateDataBaseFile($DataBaseName)
{
$RoutFile = filter_input(INPUT_SERVER, "DOCUMENT_ROOT");
/* /var/services/web */
if (!file_exists("{$RoutFile}/Config/{$DataBaseName}/")) {
if (!($mkdir = mkdir("{$RoutFile}/Config/{$DataBaseName}", 0777, true))) {
XML::XmlResponse("Error", 0, "<p><b>Error</b> al crear el directorio base de la nueva empresa </p><br>Detalles:<br><br>{$mkdir}");
return 0;
}
}
if (!($File = fopen("{$RoutFile}/Config/{$DataBaseName}/BD.ini", "w"))) {
XML::XmlResponse("Error", 0, "<p><b>Error</b> al abrir el archivo config de BD</p>");
return 0;
}
if (strcasecmp($DataBaseName, "Manager") == 0) {
$Password_ = "Admcs1234567";
$DataBaseName = "CSDOCS_CFDI";
$User_ = "Manager";
} else {
$Password_ = "12345";
$User_ = $DataBaseName;
}
$localhost = Encrypter::encrypt("localhost");
$Port = Encrypter::encrypt("3306");
$User = Encrypter::encrypt($User_);
$Password = Encrypter::encrypt($Password_);
$DataBaseName_ = Encrypter::encrypt($DataBaseName);
fwrite($File, 'Host="' . $localhost . '"' . PHP_EOL);
fwrite($File, 'Port="' . $Port . '"' . PHP_EOL);
fwrite($File, 'User="******"' . PHP_EOL);
fwrite($File, 'Password="******"' . PHP_EOL);
fwrite($File, 'Schema="' . $DataBaseName_ . '"' . PHP_EOL);
fclose($File);
return 1;
}
public function setEncryptedObject($inObjectName, $inObject, $overwrite = false)
{
$encrypter = new Encrypter();
$inObject = $encrypter->encrypt(serialize($inObject));
return $this->setObject($inObjectName, $inObject, $overwrite);
}
/**
* Seleccionar el producto.
*
* @param int $idproducto = id producto.
* @return Array atributos del producto.
*/
public function cargarProducto($idproducto)
{
$idproducto = Encrypter::decrypt($idproducto);
$query = 'SELECT nombreprod, precioprod, medidas, descripcionprod, rutaimagen, categoria_idcategoria FROM producto ' . "WHERE idproducto = '{$idproducto}'";
$result = $this->connection->query($query);
$this->logger->getLogger($query);
switch ($result[0]["categoria_idcategoria"]) {
case 1:
$result[0]["categoria_idcategoria"] = "Arrimo";
break;
case 2:
$result[0]["categoria_idcategoria"] = "Juego de terraza";
break;
case 3:
$result[0]["categoria_idcategoria"] = "Mesa centro";
break;
case 4:
$result[0]["categoria_idcategoria"] = "Mesa lateral";
break;
case 5:
$result[0]["categoria_idcategoria"] = "Sillón";
break;
case 6:
$result[0]["categoria_idcategoria"] = "Sitial";
break;
case 7:
$result[0]["categoria_idcategoria"] = "Sofá";
break;
case 8:
$result[0]["categoria_idcategoria"] = "Juego comedor";
break;
case 9:
$result[0]["categoria_idcategoria"] = "Mesa piedra pizarra";
break;
case 10:
$result[0]["categoria_idcategoria"] = "Mesa vidrio";
break;
case 11:
$result[0]["categoria_idcategoria"] = "Piso";
break;
case 12:
$result[0]["categoria_idcategoria"] = "Silla";
break;
case 13:
$result[0]["categoria_idcategoria"] = "Banqueta";
break;
case 14:
$result[0]["categoria_idcategoria"] = "Brasero";
break;
case 15:
$result[0]["categoria_idcategoria"] = "Escaño";
break;
case 16:
$result[0]["categoria_idcategoria"] = "Reposera";
break;
case 17:
$result[0]["categoria_idcategoria"] = "Toldos";
break;
case 18:
$result[0]["categoria_idcategoria"] = "Cojín";
break;
//default: { $dirCat = arrimos; break; }
}
return $result;
}
<?php include_once __DIR__ . '/app/util/Encrypter.php'; $text = "kim funciona!!! pd. Puedes ir por jawitas"; echo $text . "<br>"; $texto_encriptado = Encrypter::encrypt($text); echo $texto_encriptado . "<br>"; $texto_desencriptado = Encrypter::decrypt($texto_encriptado); echo $texto_desencriptado;
function enviarMensajeGU($username, $password, $CORREO_INSTITUCIONAL, $NOMBRES, $APELLIDOS, $CORREO_ALTERNO)
{
$PASS = Encrypter::decrypt($password);
$ESPACIO = ' ';
$USER = $NOMBRES . $ESPACIO . $APELLIDOS;
$MENSAJE = 'Estimado ' . $USER . "\r\n" . ' Acaba de ser registrado como un nuevo miembro del Proyecto ProCal-ProSer' . "\r\n" . ' Para poder ingresar al sistema debera hacer uso de los siguientes datos:' . "\r\n" . ' USUARIO: ' . $username . "\r\n" . ' PASSWORD: '******'Mail.php';
$recipients = $CORREO_INSTITUCIONAL;
$headers['From'] = '*****@*****.**';
$headers['To'] = $recipients;
$headers['Subject'] = 'ProCal-ProSer - Registro de Nuevo Miembro';
$body = $MENSAJE;
$smtpinfo["host"] = "smtp.gmail.com";
$smtpinfo["port"] = "587";
$smtpinfo["auth"] = true;
$smtpinfo["username"] = "******";
$smtpinfo["password"] = "******";
$mail_object =& Mail::factory("smtp", $smtpinfo);
$mail_object->send($recipients, $headers, $body);
}
<link href="../css/style1.css" rel="stylesheet">
</head>
<body>
<div class="container" role="main">
<div class="col-md-2"></div>
<div class="col-md-8">
<?php
$conexion = new mysqli('localhost', 'root', 'root', 'cont_dinamico');
$sql = "SELECT * FROM cont_resetpass WHERE token = '{$token}' ";
$resultado = $conexion->query($sql);
if ($resultado->num_rows > 0) {
$usuario = $resultado->fetch_assoc();
if (sha1($usuario['iduser'] === $idusuario)) {
if ($password1 === $password2) {
$sql = "UPDATE cont_user SET password = '******' WHERE id = " . $usuario['iduser'];
$resultado = $conexion->query($sql);
if ($resultado) {
$sql = "DELETE FROM cont_resetpass WHERE token = '{$token}';";
$resultado = $conexion->query($sql);
?>
<p> La contraseña se actualizó con exito. </p>
<?php
} else {
?>
<p> Ocurrió un error al actualizar la contraseña, intentalo más tarde </p>
<?php
}
} else {
?>
<p> Las contraseñas no coinciden </p>
function doConfigureContent()
{
if (!isset($_SESSION['configureComplete'])) {
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['siteName'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['siteEmail'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['nonSecureURL'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['secureURL'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['webDirectory'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['timeZone'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['username'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['firstName'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['lastName'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['email'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['password1'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['password2'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if ($_POST['password1'] != $_POST['password2']) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'The inputted passwords for the first account don\'t match.';
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['smtpServer'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['smtpPort'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!is_numeric($_POST['smtpPort'])) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'Please enter a valid port for the SMTP Server.';
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['smtpUserName'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['smtpPassword1'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if (!isset($_POST['smtpPassword2'])) {
unset($_SESSION['configureComplete']);
header('Location: install.php?action=configure');
return;
}
if ($_POST['smtpPassword1'] != $_POST['smtpPassword2']) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'The inputted passwords for the SMTP account don\'t match.';
header('Location: install.php?action=configure');
return;
}
$siteName = strip_tags(trim($_POST['siteName']));
$siteEmail = strip_tags(trim($_POST['siteEmail']));
$nonSecureURL = strip_tags(trim($_POST['nonSecureURL']));
$secureURL = strip_tags(trim($_POST['secureURL']));
$webDirectory = strip_tags(trim($_POST['webDirectory']));
$timeZone = strip_tags(trim($_POST['timeZone']));
$username = strip_tags(trim($_POST['username']));
$firstName = strip_tags(trim($_POST['firstName']));
$lastName = strip_tags(trim($_POST['lastName']));
$email = strip_tags(trim($_POST['email']));
$password = $_POST['password1'];
$smtpServers = strip_tags(trim($_POST['smtpServer']));
$smtpPort = intval($_POST['smtpPort']);
$smtpUserName = strip_tags(trim($_POST['smtpUserName']));
$enc = new Encrypter();
$smtpPassword = $enc->encrypt(trim($_POST['smtpPassword1']));
$smtpUseEncryption = isset($_POST['smtpUseEncryption']);
$emailValidator = new emailValidator();
if (!$emailValidator->validate($siteEmail)) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'The site email isn\'t a valid email address.';
header('Location: install.php?action=configure');
return;
}
if (!$emailValidator->validate($email)) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'The email address for the first user isn\'t valid.';
header('Location: install.php?action=configure');
return;
}
unset($emailValidator);
$urlValidator = new urlValidator();
$options = array('noDirectories', 'mightBeIP');
$nonSecureOptions = array_merge($options, array('httpOnly'));
$secureOptions = array_merge($options, array('httpsOnly'));
if (!$urlValidator->validate($nonSecureURL, $nonSecureOptions)) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'The non-secure URL isn\'t valid. Please try again.';
header('Location: install.php?action=configure');
return;
}
if (!$urlValidator->validate($secureURL, $secureOptions)) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'The secure URL isn\'t valid. Please try again.';
header('Location: install.php?action=configure');
return;
}
unset($urlValidator);
if ($webDirectory[0] != '/') {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'I couldn\'t validate the web directory. Please try again.';
header('Location: install.php?action=configure');
return;
}
$timeZoneValidator = new phpTimeZoneValidator();
if (!$timeZoneValidator->validate($timeZone)) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'I couldn\'t validate the selected time zone. Please try again.';
header('Location: install.php?action=configure');
return;
}
unset($timeZoneValidator);
$password = Hasher::generateHash($password);
if ($password == false) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'I couldn\'t properly hash your password. Please try again.';
header('Location: install.php?action=configure');
return;
}
$database = Database::getInstance();
$database->connect();
if (!$database->isConnected()) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'I couldn\'t establish a connection to the database. Please try again. If you keep receiving this error, please delete the site/config.xml and start the installer again.';
header('Location: install.php?action=configure');
return;
}
if ($smtpUseEncryption == 'tls') {
$smtpEncryption = 'true';
} else {
$smtpEncryption = 'false';
}
if ($webDirectory !== "/") {
$webDirectory .= '/';
}
$variables = array('cleanURLsEnabled' => 'false', 'educaskVersion' => EDUCASK_VERSION, 'guestRoleID' => '1', 'maintenanceMode' => 'false', 'siteEmail' => $siteEmail, 'siteTheme' => 'default', 'siteTimeZone' => $timeZone, 'siteTitle' => $siteName, 'siteWebAddress' => $nonSecureURL, 'siteWebAddressSecure' => $secureURL, 'siteWebDirectory' => $webDirectory, 'smtpServer' => $smtpServers, 'smtpPort' => $smtpPort, 'smtpUserName' => $smtpUserName, 'smtpPassword' => $smtpPassword, 'smtpUseEncryption' => $smtpEncryption, 'lastCronRun' => '2015-01-01 21:15:53', 'cronRunning' => 'false', 'cronFrequency' => '10 minutes', 'minimumPasswordLength' => '5', 'lockoutPeriod' => '10', 'numberOfAttemptsBeforeLockout' => '3', 'maxSessionIdAge' => '600');
foreach ($variables as $name => $value) {
$name = $database->escapeString($name);
$value = $database->escapeString($value);
if (!$database->insertData('variable', 'variableName, variableValue', "'{$name}', '{$value}'")) {
$_SESSION['errors'][] = "I wasn't able to insert the variable {$name} with a value of {$value} into the variable table. You may want to manually add this row to the variable table in the database. For help on this, please see <a href=\"https://www.educask.com\" target=\"_blank\">this page</a>.";
//@ToDo: make the link point to actual help
continue;
}
}
$database->updateTable('variable', 'readOnly=1', "variableName='educaskVersion'");
$sqlScript = EDUCASK_ROOT . '/core/sql/defaultRolesInstallSafe.sql';
if (!is_file($sqlScript)) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'I couldn\'t find the SQL script to create the needed roles. Please make sure that ' . $sqlScript . ' exists and is readable by PHP.';
header('Location: install.php?action=configure');
return;
}
$sql = file_get_contents($sqlScript);
if (!$sql) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'I couldn\'t read the SQL script in order to create the needed roles. Please make sure PHP can read the file ' . $sqlScript;
header('Location: install.php?action=configure');
return;
}
$sqlStatements = explode(';', $sql);
foreach ($sqlStatements as $sqlStatement) {
$sqlStatement = trim($sqlStatement);
if ($sqlStatement == '') {
continue;
}
$database->makeCustomQuery($sqlStatement);
}
$username = $database->escapeString($username);
$firstName = $database->escapeString($firstName);
$lastName = $database->escapeString($lastName);
$email = $database->escapeString($email);
$password = $database->escapeString($password);
$success = $database->insertData('user', 'userID, userName, firstName, lastName, email, password, roleID', "0, 'anonGuest', 'Anonymous', 'Guest', '*****@*****.**', '', 1");
$success = $success && $database->updateTable("user", "userID=0", "userID=1");
$success = $success && $database->insertData('user', 'userID, userName, firstName, lastName, email, password, roleID', "1, '{$username}', '{$firstName}', '{$lastName}', '{$email}', '{$password}', 4");
if (!$success) {
unset($_SESSION['configureComplete']);
$_SESSION['errors'][] = 'I couldn\'t create the new user account. Please try again. For help on this, please see <a href="https://www.educask.com" target="_blank">this page</a>.';
//@ToDo: make the link point to actual help
header('Location: install.php?action=configure');
return;
}
$database->makeCustomQuery("ALTER TABLE user AUTO_INCREMENT=2");
header('Location: install.php?action=install');
}
<?php
require_once "includes/connection.php";
include "includes/header.php";
include "includes/encriptar.php";
?>
<?php
if (isset($_POST["register"])) {
if (!empty($_POST['firstname']) && !empty($_POST['lastname']) && !empty($_POST['email']) && !empty($_POST['username']) && !empty($_POST['password'])) {
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = Encrypter::encrypt($_POST['password']);
$query = mysql_query("SELECT * FROM cont_user WHERE username='******'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
$sql = "INSERT INTO cont_user\n\t\t\t(username, firstname, lastname, email, password) \n\t\t\tVALUES('" . $username . "','" . $firstname . "','" . $lastname . "','" . $email . "','" . $password . "')";
$result = mysql_query($sql);
if ($result) {
$message = "Usuario Creado";
} else {
$message = "El usuario no fue creado";
}
} else {
$message = "El usuario ya existe";
}
} else {
$message = "Es necesario rellenar todos los campos";
$img1 = $_POST['img1'];
$img2 = $_POST['img2'];
$img3 = $_POST['img3'];
$url = $_POST['url'];
$plantilla = $_POST['plantilla'];
$pregunta = $_POST['pregunta'];
$grupos = $_POST['nrogrupos'];
$retro = $_POST['retro'];
$resp = $_POST['resp'];
$gruposel = $_POST['grupsel'];
}
$query2 = mysql_query("select id from cont_user where username like '" . $_SESSION["session_username"] . "'");
while ($row = mysql_fetch_assoc($query2)) {
$iduser = $row['id'];
}
$idunico = Encrypter::encrypt($iduser . $titulo . time());
$registroplantilla = "INSERT INTO cont_plantillas (userid, fecha_creacion, plantilla, url, titulo, idunico) \n VALUES ('" . $iduser . "','" . time() . "','" . $plantilla . "','" . $url . "','" . $titulo . "','" . $idunico . "')";
if (mysql_query($registroplantilla) === TRUE) {
$ultimoid = mysql_insert_id();
$registropreg = "INSERT INTO cont_preguntas (idplantilla, pregunta) VALUES (" . $ultimoid . ", '" . utf8_encode($pregunta) . "')";
mysql_query($registropreg);
$query3 = mysql_query("select id from cont_preguntas where idplantilla like '" . $ultimoid . "'");
if ($row = mysql_fetch_assoc($query3)) {
$idpreg = $row['id'];
}
for ($i = 0; $i < count($grupos); $i++) {
$registrogrupos = "INSERT INTO cont_grupos (idpregunta, idplantilla, grupo, retroalimentacion) \n VALUES ('" . $idpreg . "','" . $ultimoid . "','" . utf8_encode($grupos[$i]) . "','" . utf8_encode($retro[$i]) . "')";
mysql_query($registrogrupos);
}
for ($k = 0; $k < count($resp); $k++) {
$query4 = mysql_query("select id from cont_grupos where idplantilla like '" . $ultimoid . "' and grupo like '" . utf8_encode($gruposel[$k]) . "'");
function getClaveByHotel($idHotel)
{
try {
$hotel = DAOFactory::getHotelDAO()->load($idHotel);
/*
if(!$hotel->clave || !strlen($hotel->clave)) {
$h = DAOFactory::getHotelDAO()->prepare(array('clave'=>Encrypter::encrypt(uniqid(), $idHotel)), $idHotel);
DAOFactory::getHotelDAO()->update($h);
$hotel = DAOFactory::getHotelDAO()->load($idHotel);
}*/
return Encrypter::decrypt($hotel->clave, $idHotel);
} catch (Exception $e) {
return false;
}
}
//$end_url .= '/l:' . $_REQUEST['l'];
} elseif (isset($_SESSION['lang'])) {
$smarty->assign('lang', $_SESSION['lang']);
$lang_set = $_SESSION['lang'];
} else {
$lang_set = 'en';
if ($hotel->idiomaId) {
$lang_set = getIdioma($hotel->idiomaId)->codigo;
}
$smarty->assign('lang', $lang_set);
$_SESSION['lang'] = $lang_set;
}
$smarty->configLoad($lang_set . '.conf');
setlocale(LC_ALL, Core_Util_General::getLocaleName($lang_set));
if ($_REQUEST['a']) {
$afiliado_id = urldecode(Encrypter::decrypt($_REQUEST['a'], 'afiliado'));
if (is_numeric($afiliado_id)) {
$month = 2592000 + time();
setcookie('afiliado', $_REQUEST['a'], $month, "/", "." . $smarty->getConfigVariable('sistema_nombre_web'));
}
}
/*
if(isset($_REQUEST['m'])) {
$smarty->assign('money', $_REQUEST['m']);
$end_url .= '/m:' . $_REQUEST['m'];
$smarty->assign('currency', getMonedaByCodigo($_REQUEST['m'])->simbolo);
$money = $_REQUEST['m'];
} else {
$smarty->assign('money', 'EUR');
$smarty->assign('currency', getMonedaByCodigo('EUR')->simbolo);
}*/
// echo "<p>inválido</p>";
//
//$xml = simplexml_load_file($ScriptsPath.'/_root/cfdia0000000008.xml');
//
//
//$array = $read->detalle("$ScriptsPath/_root/", "cfdia0000000008.xml");
////var_dump($array);
//$Full = '';
//$full = GetNodes($array, $Full);
//
//echo $full;
//
//function GetNodes($array,$Full)
//{
// foreach ($array as $value)
// {
//
// if(is_array($value))
// {
// $Full = GetNodes($value,$Full);
// }
// else
// $Full.=$value.", ";
// }
//
// return $Full;
//}
require_once 'php/Encrypter.php';
echo $Salida = Encrypter::encrypt('20');
echo "<br><br>" . Encrypter::decrypt("gRUIZG3qpPuPRxoyjsOBvHb02WiJTuM4sXDcVuzfl9I=");
/**
* Envia Mensaje mediante el produce
*
* @return void
* @author yourname
*/
function send($params)
{
$this->produce($params);
include_once __DIR__ . '/util/Encrypter.php';
return Encrypter::encrypt(json_encode($this->result));
}
