public function logon()
{
require_once "../third_party/recaptchalib.php";
// busca a biblioteca recaptcha
$secret = "6LcgGhcTAAAAAHXSiMR1BT4pg183Ix6UEsoCBvgw";
// sua chave secreta
$response = null;
// resposta vazia
$reCaptcha = new ReCaptcha($secret);
// verifique a chave secreta
// se submetido, verifique a resposta
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
}
if ($response != null && $response->success) {
$this->load->model('Usuarios_model');
$user = $this->Usuarios_model->searchByUser($this->input->post("user"));
if ($user) {
$pass = $this->input->post("pass");
if (md5($pass) != $user['pass']) {
$this->session->set_flashdata('danger', 'Senha incorreta!');
} else {
$this->session->set_userdata('logged', $user);
}
} else {
$this->session->set_flashdata('danger', 'Usuário não encontrado!');
}
}
redirect("/");
}
public function testVerifyReturnsResponse()
{
$method = $this->getMock('\\ReCaptcha\\RequestMethod', array('submit'));
$method->expects($this->once())->method('submit')->with($this->callback(function ($params) {
return true;
}))->will($this->returnValue('{"success": true}'));
$rc = new ReCaptcha('secret', $method);
$response = $rc->verify('response');
$this->assertTrue($response->isSuccess());
}
/**
* Check if a captcha value is valid
*
* @access public
* @return bool return validity of captcha value
*/
function check()
{
$recaptcha = jaws()->request->fetch(array('recaptcha_challenge_field', 'recaptcha_response_field'), 'post');
if ($recaptcha['recaptcha_response_field']) {
$privatekey = $GLOBALS['app']->Registry->fetch('reCAPTCHA_private_key', 'Policy');
$objReCaptcha = new ReCaptcha();
$objReCaptcha->recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $recaptcha['recaptcha_challenge_field'], $recaptcha['recaptcha_response_field']);
return $objReCaptcha->is_valid;
}
return false;
}
/**
* Validates a reCaptcha response from a user.
*
* @param string reCaptcha response
* @return boolean
*/
public function valid($response)
{
if (empty($response)) {
return FALSE;
}
require_once Kohana::find_file('vendor', 'recaptchalib');
$reCaptcha = new ReCaptcha(Captcha::$config['privateKey']);
$responseCaptcha = $reCaptcha->verifyResponse($this->get_real_user_ip(), $response);
if ($responseCaptcha == null || false == $responseCaptcha->success) {
return FALSE;
}
return TRUE;
}
/**
* Check that the CAPTCHA was entered correctly. reCAPTCHA sets a long string in 'g-recaptcha-response'
* when the CAPTCHA is completed; we check that with the reCAPTCHA API.
*/
public function validate_post(&$error)
{
require_once $this->directory . 'recaptchalib.php';
$recaptcha = new ReCaptcha(qa_opt('recaptcha_private_key'));
$remoteIp = qa_remote_ip_address();
$userResponse = qa_post_text('g-recaptcha-response');
$recResponse = $recaptcha->verifyResponse($remoteIp, $userResponse);
foreach ($recResponse->errorCodes as $code) {
if (isset($this->errorCodeMessages[$code])) {
$error .= $this->errorCodeMessages[$code] . "\n";
}
}
return $recResponse->success;
}
public function index()
{
//Google reCaptcha
//updated to Google noCaptcha 1/15
require_once CORE_LIB_PATH . '/recaptcha/recaptchalib.php';
$this->set('sitekey', RECAPTCHA_PUBLIC_KEY);
$this->set('lang', 'en');
if ($this->post->submit) {
if (Auth::LoggedIn() == false) {
# Make sure they entered an email address
if (trim($this->post->name) == '' || trim($this->post->email) == '') {
$this->set('message', 'You must enter a name and email!');
$this->render('core_error.tpl');
return;
}
}
//Google reCaptcha
//updated to Google noCaptcha 1/15
$resp = null;
$reCaptcha = new ReCaptcha(RECAPTCHA_PRIVATE_KEY);
// Was there a reCAPTCHA response?
if ($_POST["g-recaptcha-response"]) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
}
//check if reCaptcha response was valid
if ($resp == null) {
$this->set('captcha_error', 'reCaptcha Validation Error');
$this->render('contact_form.tpl');
return;
}
//end Google reCaptcha
if ($this->post->subject == '' || trim($this->post->message) == '') {
$this->set('message', 'You must enter a subject and message!');
$this->render('core_error.tpl');
return;
}
$subject = 'New message from ' . $this->post->name . ' - "' . $this->post->subject . '"';
$message = DB::escape($this->post->message) . PHP_EOL . PHP_EOL;
foreach ($_POST as $field => $value) {
$message .= "-{$field} = {$value}" . PHP_EOL;
}
$message = nl2br($message);
$message = utf8_encode($message);
Util::SendEmail(ADMIN_EMAIL, $subject, $message);
$this->render('contact_sent.tpl');
return;
}
$this->render('contact_form.tpl');
}
public function check_captcha_validation($errors)
{
$options = WPPlugin::retrieve_options('recaptcha_options');
if (empty($_POST['g-recaptcha-response']) || $_POST['g-recaptcha-response'] == '') {
$errors->add('blank_captcha', $options['no_response_error']);
return $errors;
}
$reCaptchaLib = new ReCaptcha($options['secret']);
$response = $reCaptchaLib->verifyResponse($_SERVER['REMOTE_ADDR'], $_POST['g-recaptcha-response']);
// response is bad, add incorrect response error
if (!$response->success) {
$errors->add('captcha_wrong', $response->error);
}
return $errors;
}
public function validateUserInput()
{
if (Str::nullOrEmpty($this->name)) {
$this->addError("generic.error.missingRequiredField", array('field' => 'name'), 'name');
}
if (Str::nullOrEmpty($this->contents)) {
$this->addError("generic.error.missingRequiredField", array('field' => 'contents'), 'contents');
}
if (Str::nullOrEmpty($this->blogId)) {
$this->addError("generic.error.missingRequiredField", array('field' => 'blogId'));
}
// check captcha
if (!Str::nullOrEmpty($this->captchaChallenge)) {
$resp = ReCaptcha::recaptcha_check_answer(self::CAPTCHA_PRIVATE_KEY, $_SERVER["REMOTE_ADDR"], $this->captchaChallenge, $this->captchaResponse);
if ($resp->is_valid) {
// DAY is in milliseconds, convert to seconds and multiply by 14 for 2 weeks
$expireTime = time() + GlobalConstants::DAY / 10 * 14;
setcookie(self::CAPTCHA_COOKIE_NAME, true, $expireTime, '/');
} else {
$this->addError($resp->error);
}
} elseif (!isset($_COOKIE[self::CAPTCHA_COOKIE_NAME])) {
$this->addError("Captcha does not appear to be functioning properly, please contact site administrator.");
}
}
public static function verify()
{
$siteKey = "6LfLpgETAAAAALJh3IVzXccKgCXG-yTlNYaLTL26";
$secret = "6LfLpgETAAAAAG7XXCVIbvqR1QClWiJ86D0bsnTs";
// reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language
$lang = "en";
// The response from reCAPTCHA
$resp = null;
// The error code from reCAPTCHA, if any
$error = null;
$reCaptcha = new ReCaptcha($secret);
// Was there a reCAPTCHA response?
if ($_POST["g-recaptcha-response"]) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
}
}
/**
* @test
*/
public function the_alias_works()
{
$rendered = \ReCaptcha::render();
$expected = '<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="g-recaptcha" data-sitekey=""></div>
';
$this->assertEquals($expected, $rendered);
}
/**
* reCaptcha Validation
*
* @return void
*/
function validate_re_captcha($no_captcha = '')
{
$private_key = wpuf_get_option('recaptcha_private', 'wpuf_general');
if ($no_captcha == 1) {
$response = null;
$reCaptcha = new ReCaptcha($private_key);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
if (!$resp->success) {
$this->send_error(__('reCAPTCHA validation failed', 'wpuf'));
}
} elseif ($no_captcha == 0) {
$recap_challenge = isset($_POST['recaptcha_challenge_field']) ? $_POST['recaptcha_challenge_field'] : '';
$recap_response = isset($_POST['recaptcha_response_field']) ? $_POST['recaptcha_response_field'] : '';
$resp = recaptcha_check_answer($private_key, $_SERVER["REMOTE_ADDR"], $recap_challenge, $recap_response);
if (!$resp->is_valid) {
$this->send_error(__('reCAPTCHA validation failed', 'wpuf'));
}
}
}
function captcha()
{
$par = JComponentHelper::getParams('com_djclassifieds');
$app = JFactory::getApplication();
$token = JRequest::getCMD('token', '');
$token_link = $token ? '&token=' . $token : '';
if ($par->get('captcha_type', 'recaptcha') == 'nocaptcha') {
require_once JPATH_COMPONENT . DS . 'assets' . DS . 'nocaptchalib.php';
} else {
require_once JPATH_COMPONENT . DS . 'assets' . DS . 'recaptchalib.php';
}
$privatekey = $par->get('captcha_privatekey', "6LfzhgkAAAAAAOJNzAjPz3vXlX-Bw0l-sqDgipgs");
$is_valid = false;
if ($par->get('captcha_type', 'recaptcha') == 'nocaptcha') {
$response = null;
$reCaptcha = new ReCaptcha($privatekey);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
if ($response != null && $response->success) {
$is_valid = true;
}
}
} else {
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
$is_valid = $resp->is_valid;
}
if ($is_valid) {
$session =& JFactory::getSession();
$session->set('captcha_sta', '1');
$message = '';
} else {
$message = JText::_("COM_DJCLASSIFIEDS_INVALID_CODE");
}
$menus = JSite::getMenu();
$menu_newad_itemid = $menus->getItems('link', 'index.php?option=com_djclassifieds&view=additem', 1);
$new_ad_link = 'index.php?option=com_djclassifieds&view=additem';
if ($menu_newad_itemid) {
$new_ad_link .= '&Itemid=' . $menu_newad_itemid->id;
}
$new_ad_link = JRoute::_($new_ad_link . $token_link);
$app->redirect($new_ad_link, $message, 'error');
}
/**
* {@inheritdoc}
*/
public function frontend_validate(array $item, $input_value)
{
$mesages = array('not-configured' => __('Could not validate the form', 'fw'), 'not-human' => __('Please fill the recaptcha', 'fw'));
$keys = fw_ext('forms')->get_db_settings_option('recaptcha-keys');
if (empty($keys)) {
return $mesages['not-configured'];
}
$recaptcha = new ReCaptcha($keys['secret-key']);
$gRecaptchaResponse = FW_Request::POST('g-recaptcha-response');
if (empty($gRecaptchaResponse)) {
return $mesages['not-human'];
}
$resp = $recaptcha->verify($gRecaptchaResponse);
if ($resp->isSuccess()) {
return false;
} else {
$errors = $resp->getErrorCodes();
return $mesages['not-human'];
}
}
public function validate($retType)
{
parent::validate($retType);
copyArray($_POST, $fv, 'name', 'email', 'msg');
if (trim($fv['name']) == '') {
$rets[] = array('msg' => 'Please enter your name!', 'field' => 'name');
}
if (filter_var($fv['email'], FILTER_VALIDATE_EMAIL) === FALSE) {
$rets[] = array('msg' => 'Invalid email!', 'field' => 'email');
}
if (trim($fv['msg']) == '') {
$rets[] = array('msg' => 'Please enter your message!', 'field' => 'msg');
}
if (ReCaptcha::checkAnswer() == false && isset($retType) && $retType == RT_JSON) {
$rets[] = array('msg' => 'The reCAPTCHA wasn\'t entered correctly!', 'field' => 'recaptcha');
}
if (isset($retType) && $retType == RT_JSON && isset($rets)) return outputJson($rets);
return $rets;
}
/**
*
* Get different possible errors before registering an user
* @return Array errors
*/
public function get_errors()
{
$constraints = new \CODOF\Constraints\User();
$constraints->username($this->username);
$constraints->password($this->password);
$constraints->mail($this->mail);
$errors = $constraints->get_errors();
if (\CODOF\Util::get_opt('captcha') == "enabled") {
require_once ABSPATH . 'sys/Ext/recaptcha/recaptchalib.php';
$privatekey = \CODOF\Util::get_opt("captcha_private_key");
// your secret key
$secret = $privatekey;
// empty response
$response = null;
// check secret key
$reCaptcha = new \ReCaptcha($secret);
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
}
if (!($response != null && $response->success)) {
$errors[] = _t("capcha entered was wrong");
}
}
return $errors;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Verify security image
if ($hesk_settings['secimg_use']) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'] == 1) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
//$_SESSION['img_a_verified']=true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} elseif ($hesk_settings['recaptcha_use'] == 2) {
require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
if ($resp != null && $resp->success) {
//$_SESSION['img_a_verified']=true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
if ($config['create_catalog']) {
$catalog_url = $db->safesql(dle_substr(htmlspecialchars(strip_tags(stripslashes(trim($title))), ENT_QUOTES, $config['charset']), 0, 1, $config['charset']));
} else {
$catalog_url = "";
}
if ($user_group[$member_id['user_group']]['disable_news_captcha'] and $member_id['news_num'] >= $user_group[$member_id['user_group']]['disable_news_captcha']) {
$user_group[$member_id['user_group']]['news_question'] = false;
$user_group[$member_id['user_group']]['news_sec_code'] = false;
}
if ($user_group[$member_id['user_group']]['news_sec_code']) {
if ($config['allow_recaptcha']) {
require_once ENGINE_DIR . '/classes/recaptcha.php';
$sec_code = 1;
$sec_code_session = false;
if ($_POST['g-recaptcha-response']) {
$reCaptcha = new ReCaptcha($config['recaptcha_private_key']);
$resp = $reCaptcha->verifyResponse(get_ip(), $_POST['g-recaptcha-response']);
if ($resp === null or !$resp->success) {
$stop .= "<li>" . $lang['news_err_30'] . "</li>";
}
} else {
$stop .= "<li>" . $lang['news_err_30'] . "</li>";
}
} elseif ($_REQUEST['sec_code'] != $_SESSION['sec_code_session'] or !$_SESSION['sec_code_session']) {
$stop .= "<li>" . $lang['news_err_30'] . "</li>";
}
}
if ($user_group[$member_id['user_group']]['news_question']) {
if (intval($_SESSION['question'])) {
$answer = $db->super_query("SELECT id, answer FROM " . PREFIX . "_question WHERE id='" . intval($_SESSION['question']) . "'");
$answers = explode("\n", $answer['answer']);
function save()
{
$configs = $this->_model->getConfigs();
$configs->show = explode(";", $configs->show);
if (isset($configs->show) && in_array('captcha', $configs->show)) {
$g_recaptcha_response = JRequest::getVar("g-recaptcha-response", "");
$plugin = JPluginHelper::getPlugin('captcha', 'recaptcha');
$params = new JRegistry($plugin->params);
$secret_key = $params->get('private_key', '');
$ip = $this->iJoomlaGetRealIpAddr();
include_once JPATH_SITE . DS . "components" . DS . "com_adagency" . DS . "helpers" . DS . "recaptchalib.php";
$reCaptcha = new ReCaptcha($secret_key);
$response = $reCaptcha->verifyResponse($ip, $g_recaptcha_response);
if ($response != null && $response->success) {
// is not a spam
} else {
$data = JRequest::get('post');
$_SESSION['ad_company'] = $data['company'];
$_SESSION['ad_description'] = $data['description'];
$_SESSION['ad_approved'] = $data['approved'];
$_SESSION['ad_enabled'] = $data['enabled'];
$_SESSION['ad_username'] = $data['username'];
$_SESSION['ad_email'] = $data['email'];
$_SESSION['ad_name'] = $data['name'];
$_SESSION['ad_website'] = $data['website'];
$_SESSION['ad_address'] = $data['address'];
$_SESSION['ad_country'] = $data['country'];
$_SESSION['ad_state'] = $data['state'];
$_SESSION['ad_city'] = $data['city'];
$_SESSION['ad_zip'] = $data['zip'];
$_SESSION['ad_telephone'] = $data['telephone'];
$Itemid = JRequest::getVar("Itemid", "0");
$app = JFactory::getApplication();
$link = JRoute::_('index.php?option=com_adagency&controller=adagencyAdvertisers&task=edit&cid[]=0&Itemid=' . intval($Itemid));
$msg = JText::_("ADAG_DSC_CAPTCHA");
$app->redirect($link, $msg);
return false;
}
}
$db = JFactory::getDBO();
$data = JRequest::get('post');
$item_id = JRequest::getInt('Itemid', '0');
$Itemid = "";
if ($item_id != 0) {
$Itemid = "&Itemid=" . intval($item_id);
}
$error = "";
$the_aid = JRequest::getVar("aid");
if ($this->_model->store($error)) {
$msg = JText::_('ADVSAVED');
} else {
$msg = JText::_('ADVSAVEFAILED');
$msg .= $error;
}
// if user updated his profile -> ... , else if he just registered
if ($the_aid != 0) {
$msg = JText::_('ADAG_PROFILE_SUCC_UPDATE');
}
//$link = "index.php?option=com_adagency&controller=adagencyCPanel".$Itemid;
$link = JRoute::_("index.php?option=com_adagency" . $Itemid, false);
$msg2 = JRequest::getVar("msgafterreg");
if (isset($msg2) && $msg2 != '') {
$msg = $msg2;
}
if ($the_aid == 0) {
$sql = "SELECT `show` FROM `#__ad_agency_settings` WHERE `show` LIKE '%wizzard%' LIMIT 1";
$db->setQuery($sql);
$isWizzard = $db->loadResult();
$usr = $this->_model->getLastAdvertiser();
if (isset($usr->approved) && $usr->approved == 'Y') {
$msg = JText::_('ADVSAVED2');
} else {
if ($isWizzard) {
$sql = 'SELECT u.block,a.approved FROM `#__users` AS u, `#__ad_agency_advertis` AS a WHERE u.username = "******" AND u.id = a.user_id';
$db->setQuery($sql);
$result = $db->loadObject();
if ($result->block == '0' && $result->approved == 'Y') {
$this->login($data['username'], $data['password'], NULL, 1);
$link = JRoute::_("index.php?option=com_adagency&controller=adagencyAds&task=addbanners" . $Itemid, false);
$msg = NULL;
}
} elseif (!$isWizzard) {
$_SESSION["register_but_not_wizzard"] = "ok";
}
}
}
$this->setRedirect($link, $msg);
}
/**
* Gets advanced authentication settings
*
* this function DOES NOT check authentication - it just checks/provides
* authentication credentials required to connect to the MySQL server
* usually with $GLOBALS['dbi']->connect()
*
* it returns false if something is missing - which usually leads to
* auth() which displays login form
*
* it returns true if all seems ok which usually leads to auth_set_user()
*
* it directly switches to authFails() if user inactivity timeout is reached
*
* @return boolean whether we get authentication settings or not
*/
public function authCheck()
{
global $conn_error;
// Initialization
/**
* @global $GLOBALS['pma_auth_server'] the user provided server to
* connect to
*/
$GLOBALS['pma_auth_server'] = '';
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
$GLOBALS['from_cookie'] = false;
// BEGIN Swekey Integration
if (!Swekey_Auth_check()) {
return false;
}
// END Swekey Integration
if (defined('PMA_CLEAR_COOKIES')) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaUser-' . $key);
}
return false;
}
if (!empty($_REQUEST['old_usr'])) {
// The user wants to be logged out
// -> delete his choices that were stored in session
// according to the PHP manual we should do this before the destroy:
//$_SESSION = array();
if (!defined('TESTSUITE')) {
session_destroy();
// $_SESSION array is not immediately emptied
$_SESSION['last_valid_captcha'] = false;
}
// -> delete password cookie(s)
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
if (isset($_COOKIE['pmaPass-' . $key])) {
unset($_COOKIE['pmaPass-' . $key]);
}
}
} else {
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
}
}
}
if (!empty($_REQUEST['pma_username'])) {
// We already have one correct captcha.
$skip = false;
if (isset($_SESSION['last_valid_captcha']) && $_SESSION['last_valid_captcha']) {
$skip = true;
}
// Verify Captcha if it is required.
if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey']) && !$skip) {
if (!empty($_POST["g-recaptcha-response"])) {
include_once 'libraries/plugins/auth/recaptcha/recaptchalib.php';
$reCaptcha = new ReCaptcha($GLOBALS['cfg']['CaptchaLoginPrivateKey']);
// verify captcha status.
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
// Check if the captcha entered is valid, if not stop the login.
if ($resp == null || !$resp->success) {
$conn_error = __('Entered captcha is wrong, try again!');
$_SESSION['last_valid_captcha'] = false;
return false;
} else {
$_SESSION['last_valid_captcha'] = true;
}
} else {
if (!isset($_SESSION['last_valid_captcha']) || !$_SESSION['last_valid_captcha']) {
$conn_error = __('Please enter correct captcha!');
return false;
}
}
}
// The user just logged in
$GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
$GLOBALS['PHP_AUTH_PW'] = empty($_REQUEST['pma_password']) ? '' : $_REQUEST['pma_password'];
if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername'])) {
if ($GLOBALS['cfg']['ArbitraryServerRegexp']) {
$parts = explode(' ', $_REQUEST['pma_servername']);
if (count($parts) == 2) {
$tmp_host = $parts[0];
} else {
$tmp_host = $_REQUEST['pma_servername'];
}
$match = preg_match($GLOBALS['cfg']['ArbitraryServerRegexp'], $tmp_host);
if (!$match) {
$conn_error = __('You are not allowed to log in to this MySQL server!');
return false;
}
}
$GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
}
return true;
}
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
// and $GLOBALS['PHP_AUTH_PW'] variables from cookies
// servername
if ($GLOBALS['cfg']['AllowArbitraryServer'] && !empty($_COOKIE['pmaServer-' . $GLOBALS['server']])) {
$GLOBALS['pma_auth_server'] = $_COOKIE['pmaServer-' . $GLOBALS['server']];
}
// check cookies
if (empty($_COOKIE['pmaUser-' . $GLOBALS['server']]) || empty($_COOKIE['pma_iv-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_USER'] = $this->cookieDecrypt($_COOKIE['pmaUser-' . $GLOBALS['server']], $this->_getEncryptionSecret());
// user was never logged in since session start
if (empty($_SESSION['last_access_time'])) {
return false;
}
// User inactive too long
$last_access_time = time() - $GLOBALS['cfg']['LoginCookieValidity'];
if ($_SESSION['last_access_time'] < $last_access_time) {
PMA_Util::cacheUnset('is_create_db_priv');
PMA_Util::cacheUnset('is_reload_priv');
PMA_Util::cacheUnset('db_to_create');
PMA_Util::cacheUnset('dbs_where_create_table_allowed');
PMA_Util::cacheUnset('dbs_to_test');
$GLOBALS['no_activity'] = true;
$this->authFails();
if (!defined('TESTSUITE')) {
exit;
} else {
return false;
}
}
// check password cookie
if (empty($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
return false;
}
$GLOBALS['PHP_AUTH_PW'] = $this->cookieDecrypt($_COOKIE['pmaPass-' . $GLOBALS['server']], $this->_getSessionEncryptionSecret());
if ($GLOBALS['PHP_AUTH_PW'] == "ÿ(blank)") {
$GLOBALS['PHP_AUTH_PW'] = '';
}
$GLOBALS['from_cookie'] = true;
return true;
}
function webnus_contactform_shortcode($attributes, $content)
{
extract(shortcode_atts(array('type' => '1'), $attributes));
global $webnus_options;
$recaptcha_desire = false;
if ($webnus_options->webnus_recaptcha_site_key() && $webnus_options->webnus_recaptcha_secret_key()) {
require_once get_template_directory() . '/inc/helpers/recaptchalib.php';
// Register API keys at https://www.google.com/recaptcha/admin
$siteKey = $webnus_options->webnus_recaptcha_site_key();
$secret = $webnus_options->webnus_recaptcha_secret_key();
// reCAPTCHA supported 40+ languages listed here: https://developers.google.com/recaptcha/docs/language
$lang = get_bloginfo('language');
// The response from reCAPTCHA
$resp = null;
// The error code from reCAPTCHA, if any
$error = null;
$reCaptcha = new ReCaptcha($secret);
$recaptcha_desire = true;
}
$errors = array();
$isError = false;
$errorName = __('Please enter your name.', 'WEBNUS_TEXT_DOMAIN');
$errorEmail = __('Please enter a valid email address.', 'WEBNUS_TEXT_DOMAIN');
$errorMessage = __('Please enter the message.', 'WEBNUS_TEXT_DOMAIN');
if ($recaptcha_desire) {
$errorreCaptcha = __('Please enter the valid captcha.', 'WEBNUS_TEXT_DOMAIN');
}
// Get the posted variables and validate them.
if (isset($_POST['is-submitted'])) {
$name = $_POST['cName'];
$email = $_POST['cEmail'];
$subject = $_POST['cSubject'];
$message = $_POST['cMessage'];
// Check the name
if (!webnus_validate_length($name, 2)) {
$isError = true;
$errors['errorName'] = $errorName;
}
// Check the email
if (!is_email($email)) {
$isError = true;
$errors['errorEmail'] = $errorEmail;
}
// Check the message
if (!webnus_validate_length($message, 2)) {
$isError = true;
$errors['errorMessage'] = $errorMessage;
}
if ($recaptcha_desire) {
$recaptcha = $_POST["g-recaptcha-response"];
// Check the recaptcha
if (!webnus_validate_length($recaptcha, 2)) {
$isError = true;
$errors['errorreCaptcha'] = $errorreCaptcha;
}
// Was there a reCAPTCHA response?
if ($_POST["g-recaptcha-response"]) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
}
}
// If there's no error, send email
if (!$isError) {
// Get admin email
$emailReceiver = get_option('admin_email');
$emailSubject = sprintf(__('You have been contacted by %s', 'WEBNUS_TEXT_DOMAIN'), $name);
$emailBody = sprintf(__('Subject: %1$s', 'WEBNUS_TEXT_DOMAIN'), $subject) . PHP_EOL . PHP_EOL;
$emailBody .= sprintf(__('You have been contacted by %1$s. Their message is:', 'WEBNUS_TEXT_DOMAIN'), $name) . PHP_EOL . PHP_EOL;
$emailBody .= $message . PHP_EOL . PHP_EOL;
$emailBody .= sprintf(__('You can contact %1$s via email at %2$s', 'WEBNUS_TEXT_DOMAIN'), $name, $email);
$emailBody .= PHP_EOL . PHP_EOL;
$emailHeaders[] = "Reply-To: {$email}" . PHP_EOL;
add_filter('wp_mail_from_name', 'custom_wp_mail_from_name');
function custom_wp_mail_from_name($name)
{
return 'Webnus Contact form';
}
$emailIsSent = wp_mail($emailReceiver, $emailSubject, $emailBody, $emailHeaders);
}
}
ob_start();
?>
<div class="contact-form">
<form action="<?php
the_permalink();
?>
" method="POST" id="contact-form" class="frmContact container" role="form" novalidate>
<?php
if ($type == 2) {
echo '<div class="col-md-6">';
}
?>
<input type="text" name="cName" id="txtName" placeholder="<?php
esc_html_e('Name', 'WEBNUS_TEXT_DOMAIN');
?>
" value="<?php
if (isset($_POST['cName'])) {
echo esc_html($_POST['cName']);
}
?>
" />
<?php
if (isset($errors['errorName'])) {
?>
<span class="bad-field"><?php
echo esc_html($errors['errorName']);
?>
</span>
<?php
}
?>
<input type="text" name="cEmail" id="txtEmail" placeholder="<?php
esc_html_e('Email', 'WEBNUS_TEXT_DOMAIN');
?>
" value="<?php
if (isset($_POST['cEmail'])) {
echo esc_html($_POST['cEmail']);
}
?>
" />
<?php
if (isset($errors['errorEmail'])) {
?>
<span class="bad-field"><?php
echo esc_html($errors['errorEmail']);
?>
</span>
<?php
}
?>
<input name="cSubject" type="text" id="txtSubject" placeholder="<?php
esc_html_e('Subject', 'WEBNUS_TEXT_DOMAIN');
?>
" value="<?php
if (isset($_POST['cSubject'])) {
echo esc_html($_POST['cSubject']);
}
?>
" />
<?php
if ($type == 2) {
echo '</div><div class="col-md-6">';
}
?>
<textarea name="cMessage" id="txtText" placeholder="<?php
esc_html_e('Message', 'WEBNUS_TEXT_DOMAIN');
?>
" cols="40" rows="10"><?php
if (isset($_POST['cMessage'])) {
echo esc_html($_POST['cMessage']);
}
?>
</textarea>
<?php
if (isset($errors['errorMessage'])) {
?>
<span class="bad-field"><?php
echo esc_html($errors['errorMessage']);
?>
</span>
<?php
}
?>
<?php
if ($recaptcha_desire) {
?>
<?php
if (isset($errors['errorreCaptcha'])) {
?>
<span class="bad-field captcha"><?php
echo esc_html($errors['errorreCaptcha']);
?>
</span>
<?php
}
?>
<div class="g-recaptcha" data-sitekey="<?php
echo esc_html($siteKey);
?>
"></div>
<script type="text/javascript" src="https://www.google.com/recaptcha/api.js?hl=<?php
echo esc_html($lang);
?>
"></script>
<?php
}
?>
<input type="hidden" name="is-submitted" id="is-submitted" value="true">
<button type="submit" class="btnSend" ><?php
esc_html_e('Send Your Message', 'WEBNUS_TEXT_DOMAIN');
?>
</button>
<?php
if (isset($emailIsSent) && $emailIsSent) {
?>
<div class="alert alert-success">
<?php
esc_html_e('Your message has been sucessfully sent, thank you!', 'WEBNUS_TEXT_DOMAIN');
?>
</div> <!-- end alert -->
<?php
} elseif (isset($isError) && $isError) {
?>
<div class="alert-alert-danger">
<?php
esc_html_e('Sorry, it seems there was an error.', 'WEBNUS_TEXT_DOMAIN');
?>
</div> <!-- end alert -->
<?php
}
?>
<?php
if ($type == 2) {
echo '</div>';
}
?>
</form>
</div>
<?php
$output = ob_get_contents();
ob_end_clean();
return $output;
}
}
if (!empty($cnt_form["fields"][$key]['placeholder'])) {
$form_field .= ' placeholder="' . html_specialchars($cnt_form["fields"][$key]['placeholder']) . '"';
}
if ($cnt_form["fields"][$key]['required']) {
$form_field .= ' required="required"';
}
$form_field .= ' />';
break;
case 'recaptcha':
/*
* reCAPTCHA
*/
require_once PHPWCMS_ROOT . '/include/inc_ext/recaptchalib.php';
$cnt_form['recaptcha'] = array('site_key' => empty($cnt_form["fields"][$key]['value']['site_key']) ? get_user_rc('pu') : $cnt_form["fields"][$key]['value']['site_key'], 'secret_key' => empty($cnt_form["fields"][$key]['value']['secret_key']) ? get_user_rc('pr') : $cnt_form["fields"][$key]['value']['secret_key'], 'lang' => empty($cnt_form["fields"][$key]['value']['lang']) ? $phpwcms['default_lang'] : $cnt_form["fields"][$key]['value']['lang'], 'theme' => empty($cnt_form["fields"][$key]['value']['theme']) ? 'light' : $cnt_form["fields"][$key]['value']['theme'], 'type' => empty($cnt_form["fields"][$key]['value']['type']) ? 'image' : $cnt_form["fields"][$key]['value']['type'], 'error' => NULL);
$reCaptcha = new ReCaptcha($cnt_form['recaptcha']['secret_key']);
if ($POST_DO && isset($_POST['g-recaptcha-response'])) {
$cnt_form['recaptcha']['response'] = $reCaptcha->verifyResponse(getRemoteIP(), $_POST['g-recaptcha-response']);
if (empty($cnt_form['recaptcha']['response']->success)) {
if (is_array($cnt_form['recaptcha']['response']->errorCodes) && count($cnt_form['recaptcha']['response']->errorCodes)) {
$cnt_form['recaptcha']['error'] = '@@recaptcha-error:' . current($cnt_form['recaptcha']['response']->errorCodes) . '@@';
} else {
$cnt_form['recaptcha']['error'] = 'reCaptcha @@failed@@';
}
$POST_ERR[$key] = empty($cnt_form["fields"][$key]['error']) ? $cnt_form['recaptcha']['error'] : $cnt_form["fields"][$key]['error'];
$cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]);
}
}
//
$form_field = '<div class="g-recaptcha"';
$form_field .= ' data-sitekey="' . $cnt_form['recaptcha']['site_key'] . '"';
if ($row['count'] >= $user_group[$member_id['user_group']]['max_comment_day']) {
$stop[] = str_replace('{max}', $user_group[$member_id['user_group']]['max_comment_day'], $lang['news_err_45']);
$CN_HALT = TRUE;
}
}
if ($is_logged and $user_group[$member_id['user_group']]['disable_comments_captcha'] and $member_id['comm_num'] >= $user_group[$member_id['user_group']]['disable_comments_captcha']) {
$user_group[$member_id['user_group']]['comments_question'] = false;
$user_group[$member_id['user_group']]['captcha'] = false;
}
if ($user_group[$member_id['user_group']]['captcha']) {
if ($config['allow_recaptcha']) {
require_once ENGINE_DIR . '/classes/recaptcha.php';
$_REQUEST['sec_code'] = 1;
$_SESSION['sec_code_session'] = false;
if ($_POST['g_recaptcha_response']) {
$reCaptcha = new ReCaptcha($config['recaptcha_private_key']);
$resp = $reCaptcha->verifyResponse($_IP, $_POST['g_recaptcha_response']);
if ($resp != null && $resp->success) {
$_REQUEST['sec_code'] = 1;
$_SESSION['sec_code_session'] = 1;
}
}
}
} else {
$_SESSION['sec_code_session'] = 1;
$_REQUEST['sec_code'] = 1;
}
if ($user_group[$member_id['user_group']]['comments_question']) {
if (intval($_SESSION['question'])) {
$answer = $db->super_query("SELECT id, answer FROM " . PREFIX . "_question WHERE id='" . intval($_SESSION['question']) . "'");
$answers = explode("\n", $answer['answer']);
<?php
require_once "recaptchalib.php";
$secret = "6LctGhITAAAAAFzmhU84rc0IQwc6Tv2keidZkjex";
$reCaptcha = new ReCaptcha($secret);
$response = null;
if (isset($_POST["g-recaptcha-response"]) && !empty($_POST["g-recaptcha-response"])) {
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
} else {
header('Location: index.php');
}
if ($response != null && $response->success) {
echo "Hi " . $_POST["name"] . " (" . $_POST["email"] . "), thanks for submitting the form!";
} else {
header('Location: index.php');
}
?>
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/recaptchalib.php';
if (!SessionManager::i()->validateToken("LoginToken", "token")) {
Logger::i()->writeLog("Token to login is missing", 'dev');
die(Submission::createResult("Please refresh the page and try again"));
}
if (isset($_POST['login'])) {
$login = (array) json_decode(base64_decode($_POST['login']));
if ($field = Submission::checkFields(array("username", "password"), $login)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
if (Settings::i()->captcha_private) {
if (!isset($login['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$key = Crypto::GenerateKey($login['username']);
$find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key))));
if ($find !== false) {
if (!is_array($find)) {
$iv = base64_decode(base64_decode($find->iv));
$password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $login['password'])));
$find = DbManager::i()->select("sf_members", array("userid"), array("password" => $password));
if ($find !== false && !is_array($find)) {
echo Submission::createResult("login successful", true);
$_SESSION['login'] = 1;
require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'libs' . DIRECTORY_SEPARATOR . 'recaptcha.php';
}
/**
* establish error handler outside the following if block because
* of a need to output error information to the user
**/
$errorHandler = new ErrorHandler();
if (Input::exists()) {
if (Token::check(Input::get('token'))) {
$validator = new Validate($errorHandler);
$validator->check($_POST, ['address' => ['required' => true, 'minLength' => 5, 'maxLength' => 240], 'customer_name' => ['required' => true, 'minLength' => 8, 'maxLength' => 120], 'quantity' => ['digit' => true], 'info' => ['maxLength' => 600]]);
/**
* Google reCAPTCHA check (if enabled in config.ini)
**/
if ($recaptchaEnabled) {
$reCaptcha = new ReCaptcha(Config::get('google_recaptcha/secret_key'));
// Was there a proper reCAPTCHA response?
if (Input::found('g-recaptcha-response')) {
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], Input::get('g-recaptcha-response'));
} else {
$response = null;
}
if ($response === null || $response->success !== true) {
$message = 'Пожалуйста, подтвердите, что вы не робот.<span class="smile">☺</span>';
$errorHandler->addError($message, 'recaptcha');
}
}
// continue only if there aren't any errors
if ($errorHandler->hasErrors() === false) {
$phpmailer = new PHPMailer();
$mailer = new Mail($errorHandler, $phpmailer);
public function insert_register()
{
$email_address = $this->input->post('email');
//$this->db->where('user_name', $this->input->post('username'));
$this->db->where('email_address', $email_address);
$query = $this->db->get('membership');
//$query = $this->db->get('tb_checkout');
if ($query->num_rows > 0) {
echo '<div class="alert alert-error"><a class="close" data-dismiss="alert">×</a><strong>';
echo "Email already taken";
echo '</strong></div>';
redirect('register');
} else {
$inserting = array('first_name' => $this->input->post('fname'), 'last_name' => $this->input->post('lname'), 'email_address' => $this->input->post('email'), 'user_name' => $this->input->post('email'), 'pass_word' => md5($this->input->post('password')), 'category' => $this->input->post('category'));
//$insert = $this->db->insert('membership', $inserting);
$save_customer = array('email' => $this->input->post('email'), 'password' => $this->input->post('password'));
$checkout = array('country' => $this->input->post('country'), 'first_name' => $this->input->post('fname'), 'last_name' => $this->input->post('lname'), 'companyname' => $this->input->post('company'), 'address' => $this->input->post('address'), 'city' => $this->input->post('city'), 'state' => $this->input->post('state'), 'zip' => $this->input->post('postcode'), 'phone' => $this->input->post('phone'), 'email_address' => $this->input->post('email'), 'email2' => $this->input->post('email'), 'address2' => $this->input->post('address'), 'status' => "1");
$shipping = array('country' => $this->input->post('s_country'), 'first_name' => $this->input->post('s_fname'), 'last_name' => $this->input->post('s_lname'), 'companyname' => $this->input->post('s_company'), 'address' => $this->input->post('s_address'), 'city' => $this->input->post('s_city'), 'state' => $this->input->post('s_state'), 'zip' => $this->input->post('s_zip'), 'email_address' => $this->input->post('s_email'), 'phone' => $this->input->post('s_phone'), 'email2' => $this->input->post('s_email'), 'address2' => $this->input->post('s_address'));
$this->load->view('recaptchalib');
$secret = "6Ld7mxITAAAAAFN_ldjgHJ01_NbamZX4GeUtQcEy";
// empty response
$response = null;
// check secret key
$reCaptcha = new ReCaptcha($secret);
if (isset($_POST['g-recaptcha-response']) && $_POST['g-recaptcha-response']) {
$response = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
}
if ($response != null && $response->success) {
//echo "Hi " . $_POST["fname"] . " (" . $_POST["lname"] . "), thanks for submitting the form!";
$data['members'] = $this->billing_model->register_member($inserting);
$checkout_form = $this->billing_model->form_checkout($checkout);
$shipping_form = $this->billing_model->form_shipping($shipping);
$customersave = $this->billing_model->save_customer($save_customer);
redirect(base_url());
} else {
?>
<script>
alert ('You have forget to captcha ');
window.location.href = "http://localhost/jewelofequator_ci/register";
</script>
<?php
//redirect('register');
//redirect(base_url());
}
//$data['members'] = $this->billing_model->register_member($inserting);
//redirect (base_url());
}
}
function ipin_wp_authenticate_user($userdata)
{
//Check whether user verified their email
$verify = get_user_meta($userdata->ID, '_Verify Email', true);
//user with verified email do not have this usermeta field
if ($verify != '') {
return new WP_Error('email_unverified', __('Email not verified. Please check your email for verification link.', 'ipin'));
}
//check if captcha is correct
if ($_POST['formname'] == 'ipin_loginform' && of_get_option('captcha_public') != '' && of_get_option('captcha_private') != '') {
require_once get_template_directory() . '/recaptchalib.php';
$privatekey = of_get_option('captcha_private');
$reCaptcha = new ReCaptcha($privatekey);
if ($_POST["g-recaptcha-response"]) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $_POST["g-recaptcha-response"]);
}
if (!$resp->success) {
return new WP_Error('incorrect_captcha', __('<strong>ERROR</strong>: Incorrect Captcha.', 'ipin'));
}
}
return $userdata;
}
function gglcptch_captcha_check()
{
$gglcptch_options = get_option('gglcptch_options');
$privatekey = $gglcptch_options['private_key'];
if (isset($gglcptch_options['recaptcha_version']) && 'v2' == $gglcptch_options['recaptcha_version']) {
require_once 'lib_v2/recaptchalib.php';
$reCaptcha = new ReCaptcha($privatekey);
$gglcptch_g_recaptcha_response = isset($_POST["g-recaptcha-response"]) ? $_POST["g-recaptcha-response"] : '';
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $gglcptch_g_recaptcha_response);
if ($resp != null && $resp->success) {
echo "success";
} else {
echo "error";
}
} else {
require_once 'lib/recaptchalib.php';
$gglcptch_recaptcha_challenge_field = isset($_POST['recaptcha_challenge_field']) ? $_POST['recaptcha_challenge_field'] : '';
$gglcptch_recaptcha_response_field = isset($_POST['recaptcha_response_field']) ? $_POST['recaptcha_response_field'] : '';
$resp = recaptcha_check_answer($privatekey, $_SERVER['REMOTE_ADDR'], $gglcptch_recaptcha_challenge_field, $gglcptch_recaptcha_response_field);
if (!$resp->is_valid) {
echo "error";
} else {
echo "success";
}
}
die;
}
/**
* Login user
* Check provided details against the database. Add items to error array on fail, create session if success
* @param string $email
* @param string $pass
* @param bool $remember
* @return bool Indicates successful login.
*/
public function login($identifier, $pass, $remember = FALSE)
{
// Remove cookies first
$cookie = array('name' => 'user', 'value' => '', 'expire' => time() - 3600, 'path' => '/');
$this->CI->input->set_cookie($cookie);
if ($this->config_vars['login_with_name'] == TRUE) {
if (!$identifier or strlen($pass) < 5 or strlen($pass) > $this->config_vars['max']) {
$this->error($this->CI->lang->line('aauth_error_login_failed_name'));
return FALSE;
}
$db_identifier = 'name';
} else {
if (!valid_email($identifier) or strlen($pass) < 5 or strlen($pass) > $this->config_vars['max']) {
$this->error($this->CI->lang->line('aauth_error_login_failed_email'));
return FALSE;
}
$db_identifier = 'email';
}
/*
*
* User Verification
*
* Removed or !ctype_alnum($pass) from the IF statement
* It was causing issues with special characters in passwords
* and returning FALSE even if the password matches.
*/
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();
// only email found and login attempts exceeded
if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && !$this->update_login_attempts($row->email)) {
$this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));
return FALSE;
}
//recaptcha login_attempts check
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();
if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']) {
$reCAPTCHA_cookie = array('name' => 'reCAPTCHA', 'value' => 'true', 'expire' => time() + 7200, 'path' => '/');
$this->CI->input->set_cookie($reCAPTCHA_cookie);
}
// if user is not verified
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->where('banned', 1);
$query = $this->aauth_db->where('verification_code !=', '');
$query = $this->aauth_db->get($this->config_vars['users']);
if ($query->num_rows() > 0) {
$this->error($this->CI->lang->line('aauth_error_account_not_verified'));
return FALSE;
}
// to find user id, create sessions and cookies
$query = $this->aauth_db->where($db_identifier, $identifier);
$query = $this->aauth_db->get($this->config_vars['users']);
if ($query->num_rows() == 0) {
$this->error($this->CI->lang->line('aauth_error_login_failed'));
return FALSE;
}
$user_id = $query->row()->id;
$query = null;
$query = $this->aauth_db->where($db_identifier, $identifier);
// Database stores pasword hashed password
$query = $this->aauth_db->where('pass', $this->hash_password($pass, $user_id));
$query = $this->aauth_db->where('banned', 0);
$query = $this->aauth_db->get($this->config_vars['users']);
$row = $query->row();
if ($this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') {
$reCaptcha = new ReCaptcha($this->config_vars['recaptcha_secret']);
$resp = $reCaptcha->verifyResponse($this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response"));
if (!$resp->success) {
$this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));
return FALSE;
}
}
// if email and pass matches and not banned
if ($query->num_rows() > 0) {
// If email and pass matches
// create session
$data = array('id' => $row->id, 'name' => $row->name, 'email' => $row->email, 'loggedin' => TRUE);
$this->CI->session->set_userdata($data);
// if remember selected
if ($remember) {
$expire = $this->config_vars['remember'];
$today = date("Y-m-d");
$remember_date = date("Y-m-d", strtotime($today . $expire));
$random_string = random_string('alnum', 16);
$this->update_remember($row->id, $random_string, $remember_date);
$cookie = array('name' => 'user', 'value' => $row->id . "-" . $random_string, 'expire' => time() + 99 * 999 * 999, 'path' => '/');
$this->CI->input->set_cookie($cookie);
}
if ($this->config_vars['recaptcha_active']) {
$reCAPTCHA_cookie = array('name' => 'reCAPTCHA', 'value' => 'false', 'expire' => time() - 3600, 'path' => '/');
$this->CI->input->set_cookie($reCAPTCHA_cookie);
}
// update last login
$this->update_last_login($row->id);
$this->update_activity();
$this->reset_login_attempts($row->id);
return TRUE;
} else {
$this->error($this->CI->lang->line('aauth_error_login_failed'));
return FALSE;
}
}
function do_login()
{
global $hesk_settings, $hesklang;
$hesk_error_buffer = array();
$user = hesk_input(hesk_POST('user'));
if (empty($user)) {
$myerror = $hesk_settings['list_users'] ? $hesklang['select_username'] : $hesklang['enter_username'];
$hesk_error_buffer['user'] = $myerror;
}
define('HESK_USER', $user);
$pass = hesk_input(hesk_POST('pass'));
if (empty($pass)) {
$hesk_error_buffer['pass'] = $hesklang['enter_pass'];
}
if ($hesk_settings['secimg_use'] == 2 && !isset($_SESSION['img_a_verified'])) {
// Using ReCaptcha?
if ($hesk_settings['recaptcha_use'] == 1) {
require_once HESK_PATH . 'inc/recaptcha/recaptchalib.php';
$resp = recaptcha_check_answer($hesk_settings['recaptcha_private_key'], $_SERVER['REMOTE_ADDR'], hesk_POST('recaptcha_challenge_field', ''), hesk_POST('recaptcha_response_field', ''));
if ($resp->is_valid) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} elseif ($hesk_settings['recaptcha_use'] == 2) {
require HESK_PATH . 'inc/recaptcha/recaptchalib_v2.php';
$resp = null;
$reCaptcha = new ReCaptcha($hesk_settings['recaptcha_private_key']);
// Was there a reCAPTCHA response?
if (isset($_POST["g-recaptcha-response"])) {
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], hesk_POST("g-recaptcha-response"));
}
if ($resp != null && $resp->success) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['recaptcha_error'];
}
} else {
$mysecnum = intval(hesk_POST('mysecnum', 0));
if (empty($mysecnum)) {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_miss'];
} else {
require HESK_PATH . 'inc/secimg.inc.php';
$sc = new PJ_SecurityImage($hesk_settings['secimg_sum']);
if (isset($_SESSION['checksum']) && $sc->checkCode($mysecnum, $_SESSION['checksum'])) {
$_SESSION['img_a_verified'] = true;
} else {
$hesk_error_buffer['mysecnum'] = $hesklang['sec_wrng'];
}
}
}
}
/* Any missing fields? */
if (count($hesk_error_buffer) != 0) {
$_SESSION['a_iserror'] = array_keys($hesk_error_buffer);
$tmp = '';
foreach ($hesk_error_buffer as $error) {
$tmp .= "<li>{$error}</li>\n";
}
$hesk_error_buffer = $tmp;
$hesk_error_buffer = $hesklang['pcer'] . '<br /><br /><ul>' . $hesk_error_buffer . '</ul>';
hesk_process_messages($hesk_error_buffer, 'NOREDIRECT');
print_login();
exit;
} elseif (isset($_SESSION['img_a_verified'])) {
unset($_SESSION['img_a_verified']);
}
/* User entered all required info, now lets limit brute force attempts */
hesk_limitBfAttempts();
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($user) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('user', 'pass');
hesk_process_messages($hesklang['wrong_user'], 'NOREDIRECT');
print_login();
exit;
}
$res = hesk_dbFetchAssoc($result);
foreach ($res as $k => $v) {
$_SESSION[$k] = $v;
}
/* Check password */
if (hesk_Pass2Hash($pass) != $_SESSION['pass']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('pass');
hesk_process_messages($hesklang['wrong_pass'], 'NOREDIRECT');
print_login();
exit;
}
$pass_enc = hesk_Pass2Hash($_SESSION['pass'] . strtolower($user) . $_SESSION['pass']);
/* Check if default password */
if ($_SESSION['pass'] == '499d74967b28a841c98bb4baaabaad699ff3c079') {
hesk_process_messages($hesklang['chdp'], 'NOREDIRECT', 'NOTICE');
}
// Set a tag that will be used to expire sessions after username or password change
$_SESSION['session_verify'] = hesk_activeSessionCreateTag($user, $_SESSION['pass']);
// We don't need the password hash anymore
unset($_SESSION['pass']);
/* Login successful, clean brute force attempts */
hesk_cleanBfAttempts();
/* Make sure our user is active */
if (!$_SESSION['active']) {
hesk_session_stop();
$_SESSION['a_iserror'] = array('active');
hesk_process_messages($hesklang['inactive_user'], 'NOREDIRECT');
print_login();
exit;
}
/* Regenerate session ID (security) */
hesk_session_regenerate_id();
/* Remember username? */
if ($hesk_settings['autologin'] && hesk_POST('remember_user') == 'AUTOLOGIN') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', "{$pass_enc}", strtotime('+1 year'));
} elseif (hesk_POST('remember_user') == 'JUSTUSER') {
setcookie('hesk_username', "{$user}", strtotime('+1 year'));
setcookie('hesk_p', '');
} else {
// Expire cookie if set otherwise
setcookie('hesk_username', '');
setcookie('hesk_p', '');
}
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
$closedStatusRs = hesk_dbQuery('SELECT `ID`, `Closable` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsDefaultStaffReplyStatus` = 1');
$closedStatus = hesk_dbFetchAssoc($closedStatusRs);
// Are we allowed to close tickets in this status?
if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require HESK_PATH . 'inc/email_functions.inc.php';
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
hesk_notifyCustomer('ticket_closed');
}
}
}
// Update ticket statuses and history in database if we're allowed to do so
$defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
$defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
}
/* Redirect to the destination page */
header('Location: ' . hesk_verifyGoto());
exit;
}
