function verify($user, $acct_type) { $db_server = mysql_connect('rajasegar.db.6851221.hostedresource.com', 'rajasegar', 'Swetha143*'); if (!$db_server) { die("Unable to connect to MySQL: " . mysql_error()); } mysql_select_db('rajasegar') or die("Unable to select database: " . mysql_error()); $query = "select * from tbl_licencemaster where md5(concat('Nemesi\$13@ug1983',userid)) = '{$user}' and md5(concat('Nemesi\$13@ug1983',type)) = '{$acct_type}'"; $result = mysql_query($query); if ($result) { if (mysql_num_rows($result) == 0) { return "false"; } else { //return "true"; $xml_output = "<?xml version=\"1.0\"?>\n\t\t\t<download>\n\t\t\t<accounttype>1</accounttype>\n\t\t\t<loginallowed>1</loginallowed>\n\t\t\t<licensetype>2</licensetype>\n\t\t\t<licenseactivationdate>20121210</licenseactivationdate>\n\t\t\t<maxdaysallowed>100</maxdaysallowed>\n\t\t\t<maxmessageallowed>100</maxmessageallowed>\n\t\t\t<messagesent>50</messagesent>\n\t\t\t</download>"; $key = "Nemesi\$13@ug1983"; $iv = "xMeSSenger12345*"; $keysize = 128; $enced = mc_encrypt(stripslashes($xml_output), $key, $iv); return $enced; } } else { return "false"; } //return "User = $user, AccountType = $acct_type"; }
function insertChunk($data, $csum) { $received_data_csum = new Csum($data); global $l; $l->a("Started insertChunk<br>"); $status = 0; $id = null; if (!matches($csum, $received_data_csum)) { $status = 8; } else { $db = new FractureDB('futuqiur_ember'); $potentialDuplicates = $db->getColumnsUH('chunks', 'id', 'md5', $csum->md5); foreach ($potentialDuplicates as $potential) { $potentialRecord = retrieveChunk($potential['id']); if (!is_null($potentialRecord)) { $potentialData = $potentialRecord['data']; $potentialCsum = Csum_import($potentialRecord['csum']); if ($potentialData === $data && matches($csum, $potentialCsum)) { $duplicateId = $potential['id']; return array('id' => $duplicateId, 'status' => $status); } } } global $compression; global $coalVersion; $details = array('csum' => $csum->export(), 'compression' => $compression, 'coalVersion' => $coalVersion); $prepared_details = base64_encode(serialize($details)); global $chunkMasterKey; $data = bzcompress($prepared_details . '@CoalFragmentMarker@' . $data); $prepared_data = mc_encrypt($data, $chunkMasterKey); if (mc_decrypt($prepared_data, $chunkMasterKey) != $data) { $status = 53; } $id = $db->addRow('chunks', 'md5', 'UNHEX(\'' . $csum->md5 . '\')'); $identifierId = substr($id / 1000, 0, 1) / 5; $randomInt = substr(rand(0, 10), 0, 1); $randomIntAlt = substr(rand(0, 10), 0, 1); $identifier = $identifierId . $randomInt . '.COALPROJECT.RECORD33'; $fallbackid = $identifierId . $randomIntAlt . '.COALPROJECT.RECORD33'; $address = 'ia:' . $identifier; $filename = $id . '.coal4'; global $iaAuthKey; global $iaPrivateKey; $upload = @ia_upload($prepared_data, $identifier, $fallbackid, $filename, $iaAuthKey, $iaPrivateKey); if ($upload != 0) { $status = 54; echo 'Failed to add coal. Upload returned status code ' . $upload . '.'; $db->dropRow('chunks', $id); } else { $db->setField('chunks', 'address', $address, $id); } $db->close(); } $l->a("Finished insertChunk with status " . $status . '<br>'); return array('id' => $id, 'status' => $status); }
$zipcode = $_POST["zipcode"]; if (isset($_POST["tele"])) { $tele = $_POST["tele"]; } else { $tele = ""; } require_once "../includes/key.inc"; require_once "../includes/en.inc"; $hashpwd = mc_encrypt($epassword, ENCRYPTION_KEY); $hashaddress = mc_encrypt($address, ENCRYPTION_KEY); if (strlen($address2) > 0) { $hashaddress2 = mc_encrypt($address2, ENCRYPTION_KEY); } else { $hashaddress2 = ''; } $hashcity = mc_encrypt($city, ENCRYPTION_KEY); $logFileName = "install"; require_once '../includes/logfileinit.inc'; $log->logThis("f:nl"); $log->logThis("Install2 started"); require_once "password.txt"; $mysqli = new mysqli('localhost', $user, $password, ''); $sql = "INSERT INTO `petcliniccorp`.`employee` (`uuserid`, `upassword`, `lname`, `fname`, `address`, `address2`, `city`, `state`, `zipcode`, \n `telephone`, `status`, `changeid`)\n\t VALUES (\"{$euserid}\", \"{$hashpwd}\", \"{$lname}\", \"{$fname}\", \"{$hashaddress}\", \"{$hashaddress2}\", \"{$hashcity}\",\n\t \"{$state}\", \"{$zipcode}\", \"{$tele}\", \"A\", 0000);"; if ($mysqli->query($sql) === TRUE) { } else { echo "Table employee data insertion failed" . $mysqli->error; exit(1); } $result = $mysqli->insert_id; $sql = "INSERT INTO `petcliniccorp`.`seckeys` (`emplnumber`, `sequence`, `sk01`, `sk02`,\t`sk03`,\t`sk04`,\t`sk05`,\t`sk06`,\t`sk07`,\n\t `sk08`,\t`sk09`,\t`sk10`,\t`sk11`,\t`sk12`,\t`sk13`,\t`sk14`,\t`sk15`,\t`sk16`,\t`sk17`,\n\t\t\t\t\t`sk18`,\t`sk19`,\t`sk20`,\t`sk21`,\t`sk22`,\t`sk23`,\t`sk24`,\t`sk25`, `sk26`, `sk27`, `sk28`, `sk29`, \n\t\t\t\t\t`sk30`, `sk31`, `sk32`, `sk33`, `sk34`, `sk35`, `changeid`)\n\t\tVALUES({$result}, 1, \"Y\", \"Y\",\t\"Y\",\t\"Y\",\t\"Y\",\t\"Y\",\t\"Y\", \"Y\", \"Y\", \"Y\",\t\n\t\t\t\"Y\", \"Y\", \"Y\", \"Y\",\t\"Y\", \"Y\", \"Y\", \"Y\",\t\"Y\", \"Y\", \"Y\", \"Y\",\t\"Y\", \"Y\", \"Y\", \"Y\", \"Y\", \"Y\", \"Y\",\n\t\t\t\"Y\", \"Y\", \"Y\", \"Y\", \"Y\", \"Y\", \"0000\");"; if ($mysqli->query($sql) === TRUE) {
$decrypted = substr($decrypted, 0, -64); $calcmac = hash_hmac('sha256', $decrypted, substr(bin2hex($key), -32)); if ($calcmac !== $mac) { return false; } $decrypted = unserialize($decrypted); return $decrypted; } $data = 'alec encryption test'; $encrypted_data = mc_encrypt($data, ENCRYPTION_KEY); echo '<h2>Example #1: String Data</h2>'; echo 'Data to be Encrypted: ' . $data . '<br/>'; echo 'Encrypted Data: ' . $encrypted_data . '<br/>'; echo 'Decrypted Data: ' . mc_decrypt($encrypted_data, ENCRYPTION_KEY) . '</br>'; $data = array(1, 5, 8, 9, 22, 10, 61); $encrypted_data = mc_encrypt($data, ENCRYPTION_KEY); echo '<h2>Example #2: Non-String Data</h2>'; echo 'Data to be Encrypted: <pre>'; print_r($data); echo '</pre><br/>'; echo 'Encrypted Data: ' . $encrypted_data . '<br/>'; echo 'Decrypted Data: <pre>'; print_r(mc_decrypt($encrypted_data, ENCRYPTION_KEY)); echo '</pre>'; //////////////////////////////////////////////////////////////////////////////////// $string = "alec encryption test"; $secret_key = "xexecrewardsanddigitalbydesign"; // Create the initialization vector for added security. $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); // Encrypt $string $encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $string, MCRYPT_MODE_CBC, $iv);
$vendorshortname = $_POST["vendorshortname"]; $vendorcontact = $_POST["vendorcontact"]; $vendoraddress1 = $_POST["vendoraddress1"]; $vendoraddress1 = mc_encrypt($vendoraddress1, ENCRYPTION_KEY); $vendoraddress2 = $_POST["vendoraddress2"]; if ($vendoraddress2 != "") { $vendoraddress2 = mc_encrypt($vendoraddress2, ENCRYPTION_KEY); } $vendorcity = $_POST["vendorcity"]; $vendorcity = mc_encrypt($vendorcity, ENCRYPTION_KEY); $vendorstate = $_POST["vendorstate"]; $vendorzipcode = $_POST["vendorzipcode"]; $vendortele = $_POST["vendortele"]; $vendorfax = $_POST["vendorfax"]; $vendoremail = $_POST["vendoremail"]; $vendoremail = mc_encrypt($vendoremail, ENCRYPTION_KEY); $vendorstatus = $_POST["vendorstatus"]; $emplnumber = $_SESSION['employeenumber']; $mysqli = new mysqli('localhost', $_SESSION["user"], mc_decrypt($_SESSION["up"], ps_key), ''); if ($editvendornum != "new") { $sql = "UPDATE `petclinicinv`.`vendor` SET `vendorname` = \"" . $vendorname . "\", `vendorshortname` = \"" . $vendorshortname . "\", `vendorcontact` = \"" . $vendorcontact . "\", "; $sql = $sql . "`vendoraddress1` = \"" . $vendoraddress1 . "\", `vendoraddress2` = \"" . $vendoraddress2 . "\", `vendorcity` = \"" . $vendorcity . "\", `vendorstate` = \"" . $vendorstate . "\", `vendorzipcode` = \"" . $vendorzipcode . "\", "; $sql = $sql . "`vendortele` = \"" . $vendortele . "\", `vendorfax` = \"" . $vendorfax . "\", `vendoremail` = \"" . $vendoremail . "\", `vendorstatus` = \"" . $vendorstatus . "\" WHERE vendorid = \"" . $editvendornum . "\";"; if ($mysqli->query($sql) === TRUE) { } else { put_errormsg("Table vendor data update failed" . $mysqli->error); redirect("vendors.php"); exit(1); } } else { $sql = "INSERT INTO `petclinicinv`.`vendor` (`vendorname`, `vendorshortname`, `vendorcontact`, `vendoraddress1`, `vendoraddress2`, `vendorcity`, `vendorstate`, `vendorzipcode`, `vendortele`, `vendorfax`, `vendoremail`, `vendorstatus`)\n\t VALUES (\"{$vendorname}\", \"{$vendorshortname}\", \"{$vendorcontact}\", \"{$vendoraddress1}\", \"{$vendoraddress2}\", \"{$vendorcity}\", \"{$vendorstate}\", \"{$vendorzipcode}\", \"{$vendortele}\", \"{$vendorfax}\", \"{$vendoremail}\", \"{$vendorstatus}\");";
echo ' <div class="result alert alert-danger" data-pg-id="159"> <strong data-pg-id="160">Error!</strong> wrong password or invalid user. </div> '; die; } if (session_status() == PHP_SESSION_NONE) { session_start(); } if (!isset($_SESSION['userdata'])) { //$user->ip=$_SERVER['REMOTE_ADDR']; $userdata = new data("users", "filter:username='******'", false); $userdata = $userdata->{0}; $userdata->levels = 1; $userdata = mc_encrypt(json_encode($userdata), ENCRYPTION_KEY); $_SESSION["userdata"] = $userdata; $yweek = date('W-Y', time()); $_SESSION["yweek"] = $yweek; fwrite_a($viewlog, " @ [" . date('Y-m-d h:i:s') . "] {$client} - Logged: " . $_SERVER['REMOTE_ADDR'] . "@" . $_SERVER['PHP_SELF'] . "<br>\n"); setcookie("userdata", $_SESSION["userdata"]); } //vd($results); echo ' <div class="result alert alert-success" data-pg-id="159"> <strong data-pg-id="160">Well done!</strong> user logged. </div> <script> window.location.reload(true); </script> ';
} // Decrypt Function function mc_decrypt($decrypt, $key) { $decrypt = explode('|', $decrypt . '|'); $decoded = base64_decode($decrypt[0]); $iv = base64_decode($decrypt[1]); if (strlen($iv) !== mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC)) { return false; } $key = pack('H*', $key); $decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_CBC, $iv)); $mac = substr($decrypted, -64); $decrypted = substr($decrypted, 0, -64); $calcmac = hash_hmac('sha256', $decrypted, substr(bin2hex($key), -32)); if ($calcmac !== $mac) { return false; } $decrypted = unserialize($decrypted); return $decrypted; } move_uploaded_file($_FILES['fileToUpload']['tmp_name'], $_FILES['fileToUpload']['name']); $content = mc_encrypt(file_get_contents($_FILES['fileToUpload']['name']), $key); $title = mc_encrypt($_FILES["fileToUpload"]["name"], $key); unlink($_FILES['fileToUpload']['name']); $sql = "INSERT INTO Storage (id, name, value) VALUES ('" . rand(1000, 9999) . "','" . $title . "','" . $content . "')"; $conn = new mysqli($hostname, $usename, $password, $database); $conn->query($sql); $conn->close(); header("Location: cloudfile.php"); }
if ($oldpassword != $epassword) { $changepwd = "Y"; } else { $changepwd = "N"; } } $epassword = mc_encrypt($epassword, ENCRYPTION_KEY); $address1 = mc_encrypt($address1, ENCRYPTION_KEY); if (strlen($address2) > 0) { $address2 = mc_encrypt($address2, ENCRYPTION_KEY); } else { $address2 = ""; } $city = mc_encrypt($city, ENCRYPTION_KEY); $passwordhint = mc_encrypt($passwordhint, ENCRYPTION_KEY); $hintanswer = mc_encrypt($hintanswer, ENCRYPTION_KEY); if ($editempnum != "new") { $sql = "UPDATE `petcliniccorp`.`employee` SET `uuserid` = \"" . $uuserid . "\", `upassword` = \"" . $epassword . "\", `changepwd` = \"" . $changepwd . "\", `pwdhint` = \"" . $passwordhint . "\", "; $sql = $sql . "`hintans` = \"" . $hintanswer . "\", `lname` = \"" . $lname . "\", `fname` = \"" . $fname . "\", `prefix` = \"" . $prefix . "\", `suffix` = \"" . $suffix . "\", "; $sql = $sql . "`address` = \"" . $address1 . "\", `address2` = \"" . $address2 . "\", `city` = \"" . $city . "\", `state` = \"" . $state . "\", `zipcode` = \"" . $zipcode . "\", "; $sql = $sql . "`email` = \"" . $email . "\", `status` = \"" . $status . "\", `telephone` = \"" . $telephone . "\", `changeid` = \"" . $emplnumber . "\" WHERE emplnumber = \"" . $editempnum . "\";"; if ($mysqli->query($sql) === TRUE) { } else { echo "Table employee data update failed" . $mysqli->error; exit(1); } } else { $sql = "INSERT INTO `petcliniccorp`.`employee` (`uuserid`, `upassword`, `lname`, `fname`, `address`, `address2`, `city`, `state`, `zipcode`,\n `telephone`, `status`, `changeid`, `changepwd`, `email`, `pwdhint`, `hintans`, `prefix`, `suffix`)\n\t VALUES (\"{$uuserid}\", \"{$epassword}\", \"{$lname}\", \"{$fname}\", \"{$address1}\", \"{$address2}\", \"{$city}\",\n\t \"{$state}\", \"{$zipcode}\", \"{$telephone}\", 'A', \"{$emplnumber}\", 'Y', \"{$email}\", \"{$passwordhint}\", \"{$hintanswer}\", \"{$prefix}\", \"{$suffix}\");"; if ($mysqli->query($sql) === TRUE) { } else { echo "Table employee data insertion failed" . $mysqli->error;
$logFileName = "install"; require_once "includes/common.inc"; $log->logThis("checking passwords"); unset($_SESSION["errormessage"]); $password1 = $_POST["newpwd1"]; $password2 = $_POST["newpwd2"]; if ($password1 != $password2) { put_errormsg("The Passwords do not match"); redirect("newpassword.php"); } require_once "pwdreq.php"; $errormsg = pwdreq($password1); if (strlen($errormsg) > 0) { put_errormsg($errormsg); redirect("newpassword.php"); exit; } $log->logThis("password passes requirements"); $newpassword = mc_encrypt($password1, ENCRYPTION_KEY); $emplid = $_SESSION['employeenumber']; $mysqlic = new mysqli('localhost', $_SESSION["user"], mc_decrypt($_SESSION["up"], ps_key), ''); $sql = "UPDATE `petcliniccorp`.`employee` SET upassword=\"{$newpassword}\", changepwd=\"N\", changeid=\"" . $emplid . "\" WHERE emplnumber = \"{$emplid}\""; if ($mysqlic->query($sql) === TRUE) { } else { echo "Employee update failed" . $mysqlic->error; exit(1); } $mysqlic->close(); $log->logThis("new password saved"); delete_errormsg(); redirect("mainmenu.php");