public function post_new() { $input = Input::all(); //grab our input $rules = array('name' => 'required|alpha', 'lastName' => 'required|alpha', 'permit' => 'required|min:2', 'lot' => 'required|integer', 'msc' => 'integer', 'ticket' => 'required|min:2|numeric|unique:tickets,ticketID', 'fineAmt' => 'required|numeric', 'licensePlate' => 'required|alpha_num', 'licensePlateState' => 'required|max:2', 'dateIssued' => 'required', 'violations' => 'required', 'areaOfViolation' => 'required|alpha_num', 'appealLetter' => 'required|max:700'); //validation rules $validation = Validator::make($input, $rules); //let's run the validator if ($validation->fails()) { return Redirect::to('appeal/new')->with_errors($validation); } //hashing the name of the file uploaded for security sake //then we'll be dropping it into the public/uploads file //get the file extension $extension = File::extension($input['appealLetter']['name']); //encrypt the file name $file = Crypter::encrypt($input['appealLetter']['name'] . time()); //for when the crypter likes to put slashes in our scrambled filname $file = preg_replace('#/+#', '', $file); //concatenate extension and filename $filename = $file . "." . $extension; Input::upload('appealLetter', path('public') . 'uploads/', $filename); //format the fine amount in case someone screws it up $fineamt = number_format(Input::get('fineAmt'), 2, '.', ''); //inserts the form data into the database assuming we pass validation Appeal::create(array('name' => Input::get('name'), 'lastName' => Input::get('lastName'), 'permitNumber' => Input::get('permit'), 'assignedLot' => Input::get('lot'), 'MSC' => Input::get('msc'), 'ticketID' => Input::get('ticket'), 'fineAmt' => $fineamt, 'licensePlate' => Str::upper(Input::get('licensePlate')), 'licensePlateState' => Input::get('licensePlateState'), 'dateIssued' => date('Y-m-d', strtotime(Input::get('dateIssued'))), 'violations' => Input::get('violations'), 'areaOfViolation' => Input::get('areaOfViolation'), 'letterlocation' => URL::to('uploads/' . $filename), 'CWID' => Session::get('cwid'))); return Redirect::to('appeal/')->with('alertMessage', 'Appeal submitted successfully.'); }
private static function getCrypter() { static $crypter; if (!$crypter) { $crypter = Crypter::create(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB); } return $crypter; }
public function post_issue_upload_attachment() { $user_id = Crypter::decrypt(str_replace(' ', '+', Input::get('session'))); Auth::login($user_id); if (!Auth::user()->project_permission(Input::get('project_id'))) { return Response::error('404'); } Project\Issue\Attachment::upload(Input::all()); return true; }
public function savingMoveFile() { $crypter = new Crypter(); $source = $crypter->Decode($_POST['id']); $destination = $crypter->Decode($_POST['direction']); $type = $_POST['type']; $db = DataBaseFactory::connectDb(); if ($type == "file") { $query = 'UPDATE `file` SET `parentDirectory`=:parent WHERE id=:id'; } else { $query = 'UPDATE `directory` SET `parentDirectory`=:parent WHERE id=:id'; } $exec = $db->prepare($query); $exec->bindValue('parent', $destination); $exec->bindValue('id', $source); $result = $exec->execute(); if ($result) { echo 'Moving Success'; } else { echo 'Moving Failed'; } }
/** * Авторизация */ public function auth() { $cookie = Cookie::get('zzz'); if (is_null($cookie)) { return false; } $SeSData = @unserialize(Crypter::decrypt($cookie)); if (!is_array($SeSData)) { return false; } if (!isset($SeSData['user_id'])) { return false; } if (!isset($SeSData['user_key'])) { return false; } if (!isset($SeSData['user_token'])) { return false; } $user = false; // заглушка // Тут нужна реализованная модель пользователя //$user = Model::get('user')->getUserByID($SeSData['user_id']); try { if ($user === false) { throw new Exception(); } if ($user['user_status'] != 'active') { throw new Exception(); } if ($SeSData['user_key'] != $user['user_key']) { throw new Exception(); } if ($SeSData['user_token'] != $user['user_token']) { throw new Exception(); } } catch (Exception $e) { $this->logout(); return false; } $this->add('user', (object) $user); $this->add('vars', new stdObject()); $this->is_login = true; return true; }
/** * @param eZContentObjectTreeNode $node * @return array */ public function getNodeUrl( &$node = null ) { $merckIni = ExternalLinkHandlerBase::iniMerck(); $action = $merckIni->variable( 'AlexandriaSettings' , 'Action' ); $referer = $merckIni->variable( 'AlexandriaSettings' , 'Referer' ); $uuid = MMUsers::getCurrentUserObject()->uuid; $baseUrl = $merckIni->variable( 'AlexandriaSettings' , 'BaseLoginUrl' ); $url = $this->application()->applicationLocalized()->external_url; $requestTime = time(); if ( !$uuid ) { self::redirectToErrorPage(); } $vectorShared = mcrypt_create_iv( Crypter::iv_size() ); $params = array( 'username' => $uuid, 'referer' => $referer, 'action' => $action, 'request_time' => $requestTime, 'URL' => $url ); $encodeArray = json_encode( $params ); $encodeArray = Crypter::pad( $encodeArray ); $userEncrypt = Crypter::encrypt( $encodeArray, $vectorShared ); $urlParams = array( 'v' => base64_encode( $vectorShared ), 'val' => base64_encode( $userEncrypt ) ); return array( 'url' => $baseUrl, 'params' => $urlParams ); }
$rowsPerPage = $numberOfRows; $ListODetails = $filterODetail->loadLimit($rowsPerPage, 0, $SortName, $SortType); } else { $ListODetails = $filterODetail->loadLimit($rowsPerPage, $offset, $SortName, $SortType); } //tổng số trang cần hiển thị $self = $_SERVER['PHP_SELF']; // Lay dia chi truc tiep cua PHP dang mo $pagination = new Pagination($curPage, $rowsPerPage, $offset, $numberOfRows, $self); //end Paging ?> <div id="mainData"> <table class="table table-bordered"> <tbody> <?php $crypter = new Crypter("nhatanh"); $encrypted = $crypter->Encrypt($_SESSION["token"]); $token = "&token=" . $encrypted; foreach ($ListODetails as $ItemOD) { $urlPara = "orderDetailID=" . $ItemOD->getOrderDetailID() . "&control="; $urlInfo = "orderDetails.php?" . $urlPara; ?> <tr> <td style="width: 120px;" class="btn-modify-group text-center"> <a href="<?php echo $urlInfo . Controls::Information . $token; ?> " class="btn btn-info icon-left" data-toggle="tooltip" data-placement="top" title="Thông tin"> <i class="entypo-info"></i> </a>
<?php if (!isset($_SESSION)) { session_start(); } if (!isset($_SESSION["IsLogin"])) { $_SESSION["IsLogin"] = 0; // chưa đăng nhập } require_once '../helper/crypter.php'; if (isset($_SESSION["IsLogin"]) && $_SESSION["IsLogin"] == 1) { //set token $crypter = new Crypter("nhatanh"); if (!isset($_SESSION["token"])) { $datetime = new DateTime(); $str_datetime = date_format($datetime, 'Y-m-d H:i:s'); $security = $str_datetime . " " . strval(rand()); $encrypted = $crypter->Encrypt($security); $_SESSION["token"] = $security; $token = "token=" . $encrypted; } else { $encrypted = $crypter->Encrypt($_SESSION["token"]); $token = "token=" . $encrypted; } } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
protected function decodeValue($value) { $value = str_replace(array('_', '-'), array('/', '+'), $value); return \Crypter::decrypt($value); }
<?php // Create a Form macro which generates the fake honeypot field // as well as the time check field Form::macro('honeypot', function ($honey_name, $honey_time) { return View::make("honeypot::fields", get_defined_vars()); }); // We add a custom validator to validate the honeypot text and time check fields Validator::register('honeypot', function ($attribute, $value, $parameters) { // We want the value to be empty, empty means it wasn't a spammer return $value == ''; }); Validator::register('honeytime', function ($attribute, $value, $parameters) { // The timestamp is encrypted so let's decrypt it $value = Crypter::decrypt($value); // The current time should be greater than the time the form was built + the speed option return is_numeric($value) && time() > $value + $parameters[0]; });
if (!$error) { $usergroup = 1; $result = mysql_query("SELECT ID FROM users"); if ($result && mysql_num_rows($result) == 0) { $usergroup = 3; } $passmd5 = md5($pass); $result = mysql_query("INSERT INTO users(Login, Password, IP, Email, Balans, UserGroup, RegisterDate,Preferences) VALUES('{$login}','{$passmd5}','{$IP}','{$email}',1, {$usergroup}, NOW(),'')"); if (!$result) { $errors .= "Ошибка при обработке запроса к MySQL. Обратитесь к <a href='mailto:macondos@inbox.ru'>администратору</a><br>"; $errors .= mysql_errno() . ": " . mysql_error() . "\n"; } } } } $crypter = new Crypter(MODE_ECB, 'blowfish', 'key52345346_change_it'); if (isset($_REQUEST['logon'])) { if (isset($_POST['login']) && isset($_POST['pass'])) { $_SESSION['login'] = $_POST['login']; $_SESSION['pass'] = $_POST['pass']; if (isset($_POST['remember'])) { setcookie("login", base64_encode($crypter->encrypt($_POST['login'])), time() + 1209600); setcookie("pass", base64_encode($crypter->encrypt($_POST['pass'])), time() + 1209600); } } } $login = isset($_SESSION['login']) ? $_SESSION['login'] : (isset($_COOKIE['login']) ? trim($crypter->decrypt(base64_decode($_COOKIE['login']))) : ""); $pass = isset($_SESSION['pass']) ? $_SESSION['pass'] : (isset($_COOKIE['pass']) ? trim($crypter->decrypt(base64_decode($_COOKIE['pass']))) : ""); $_SESSION['login'] = $login; $_SESSION['pass'] = $pass; $user = GetUserID($login, $pass);
/** * Attempt to find a "remember me" cookie for the user. * * @return string|null */ protected function recall() { $cookie = Cookie::get($this->recaller()); // By default, "remember me" cookies are encrypted and contain the user // token as well as a random string. If it exists, we'll decrypt it // and return the first segment, which is the user's ID token. if (!is_null($cookie)) { return head(explode('|', Crypter::decrypt($cookie))); } }
/** * Pasa de la clave de texto plano a una clave cifrada para guardar en la BD * */ public function ensuciarClave($clave = '') { $crypt = new Crypter(sfConfig::get('app_general_cifrado_usuario')); if ($clave != "") { $this->setClavelimpia($clave); $otra_clave = $crypt->encrypt($clave); $this->setClave($otra_clave); } else { $otra_clave = $crypt->encrypt($this->getClavelimpia()); $this->setClave($otra_clave); } return $otra_clave; }
class Crypter { public static $default_instance; private $key; private $method; private $iv; function __construct($key, $method) { $this->key = $key; $this->method = $method; $this->iv = md5(md5($key)); } function encrypt($data) { return base64_encode(mcrypt_encrypt($this->method, md5($this->key), $data, MCRYPT_MODE_CFB, $this->iv)); } function decrypt($data) { return mcrypt_decrypt($this->method, md5($this->key), base64_decode($data), MCRYPT_MODE_CFB, $this->iv); } } function encrypt($data) { return Crypter::$default_instance->encrypt($data); } function decrypt($data) { return Crypter::$default_instance->decrypt($data); } Crypter::$default_instance = new Crypter("My Very Strong Random Secret Key", MCRYPT_RIJNDAEL_256);
<?php if (!isset($_SESSION)) { session_start(); } $fail = false; if (!isset($_GET["token"]) || $_SESSION["IsLogin"] == 0) { $fail = true; } else { require_once '../helper/crypter.php'; $crypter = new Crypter("nhatanh"); $decrypted = $crypter->Decrypt(str_replace(" ", "+", $_GET["token"])); //$data = explode("/", $decrypted); if (!isset($_SESSION["token"]) || $_SESSION["token"] != $decrypted) { $fail = true; } else { $fail = false; } } if ($fail) { require_once '../helper/Utils.php'; $url = "adminLogin.php"; Utils::Redirect($url); } else { require_once '../helper/Page.php'; require_once '../helper/Pagination.php'; require_once '../entities/Status.php'; require_once '../helper/File.php'; require_once '../helper/Controls.php'; $page = new Page(); $page->addCSS("assets/js/sweetalert/sweetalert.css");
/** * Set a cookie so that the user is "remembered". * * @param string $id * @return void */ protected static function remember($id) { $recaller = Crypter::encrypt($id . '|' . Str::random(40)); // This method assumes the "remember me" cookie should have the same // configuration as the session cookie. Since this cookie, like the // session cookie, should be kept very secure, it's probably safe. // to assume the cookie settings are the same. $config = Config::get('session'); extract($config, EXTR_SKIP); $cookie = Config::get('auth.cookie'); Cookie::forever($cookie, $recaller, $path, $domain, $secure); }
<td> <input id="upload" type="file" name="file_upload" /> <ul id="uploaded-attachments"></ul> </td> </tr> <tr> <th></th> <td><input type="submit" value="<?php echo __('tinyissue.create_issue'); ?> " class="button primary" /></td> </tr> </table> <?php echo Form::hidden('session', Crypter::encrypt(Auth::user()->id)); ?> <?php echo Form::hidden('project_id', Project::current()->id); ?> <?php echo Form::hidden('token', md5(Project::current()->id . time() . \Auth::user()->id . rand(1, 100))); ?> <?php echo Form::token(); ?> </form> </div>
<?php $_GRUNT_PATH = 1; require_once '../GruntFileSystem.php'; $crypter = new Crypter(); $source = $crypter->Decode($_POST['id']); $destination = $crypter->Decode($_POST['direction']); $type = $_POST['type']; $db = DataBaseFactory::connectDb(); if ($type == "file") { $query = 'UPDATE `file` SET `parentDirectory`=:parent WHERE id=:id'; } else { $query = 'UPDATE `directory` SET `parentDirectory`=:parent WHERE id=:id'; } $exec = $db->prepare($query); $exec->bindValue('parent', $destination); $exec->bindValue('id', $source); $result = $exec->execute(); if ($result) { echo 'Moving Success'; } else { echo 'Moving Failed'; }