public static function restore($var)
{
$data = $_SESSION[$var];
if (is_object($data) === true) {
$data = $_SESSION[$var];
} else {
isset($_SESSION[$var]) === true ? $data = Crypt::decode($_SESSION[$var]) : ($data = null);
}
return $data;
}
function clearVal($string = '')
{
$result = '';
$splOpen = explode('{{', $string);
for ($iOp = 1; $iOp < count($splOpen); $iOp++) {
$splEnd = explode('}}', $splOpen[$iOp]);
$result .= Crypt::decode($splEnd[0]) . $splEnd[1];
}
return $result;
}
/**
* Check if the user is logged in and fetches their information
* if not then assign the guest info and pass it to the views.
*/
private function _get_user()
{
if (Cookie::get('_sess') and $user = Model_User::find('first', array('where' => array('login_hash' => Crypt::decode(Cookie::get('_sess')))))) {
$this->current_user = $user;
$this->current_user->_set_logged_in(true);
} else {
$this->current_user = Model_User::forge(array('username' => 'Guest', 'group_id' => 5));
$this->current_user->_set_logged_in(false);
}
$this->template->set_global('current_user', $this->current_user);
}
public function test_encode_decode_large_data()
{
$bigstr = str_repeat("this is a crypto test of 200k or so of data", 5000);
$bigstrhash = '391828747971d26de68550d935abaffa25f043795359417199ca39c09095dd11';
$this->assertEquals($bigstrhash, hash('sha256', $bigstr));
// Encrypt it without a key
$test = \Crypt::encode($bigstr);
$testhash = '26c14e2093adb93798bb1eabcae1c5bb0d1e3dca800bf7c546d1e79317979996';
$this->assertEquals($testhash, hash('sha256', $test));
// Decode it
$output = \Crypt::decode($test);
$this->assertEquals($bigstr, $output);
}
/**
* Class constructor.
*
* @param Model_Gateway $model The gateway model to use for the driver.
* @param Model_Customer $customer The customer model to use for the driver.
*
* @return void
*/
public function __construct(Model_Gateway $model, Model_Customer $customer = null)
{
parent::__construct($model, $customer);
if (!$model->meta('api_login_id')) {
throw new GatewayException('Missing Gateway Meta: api_login_id');
} elseif (!$model->meta('transaction_key')) {
throw new GatewayException('Missing Gateway Meta: transaction_key');
}
$enc_key = Config::get('security.db_enc_key');
$api_login_id = Crypt::decode($model->meta('api_login_id')->value, $enc_key);
$transaction_key = Crypt::decode($model->meta('transaction_key')->value, $enc_key);
$sandbox = $model->meta('sandbox') ? Crypt::decode($model->meta('sandbox')->value, $enc_key) : false;
define('AUTHORIZENET_API_LOGIN_ID', $api_login_id);
define('AUTHORIZENET_TRANSACTION_KEY', $transaction_key);
define('AUTHORIZENET_SANDBOX', $sandbox);
}
function get($key)
{
if ($this->mem) {
if (MEMCACHE_CRYPT) {
$cache_key = md5(DB_PASSWORD . DB_NAME . $key);
} else {
$cache_key = $key;
}
if (!($arr = $this->mem->get($cache_key))) {
return false;
}
if (MEMCACHE_CRYPT) {
$arr = unserialize(Crypt::decode($arr, DB_SERVER . DB_USER . DB_PASSWORD));
}
return $arr;
}
return false;
}
/**
* 取得cookie值
*
* @access public
* @param mixed $name
* @return mixed
*/
public static function get($name)
{
if (self::checkSafe() == 1) {
if (isset($_COOKIE[self::$per . $name])) {
$cryptCookie = $_COOKIE[self::$per . $name];
$cookie = Crypt::decode($cryptCookie, self::getSafeCode());
$tem = substr($cookie, 0, 10);
if (preg_match('/^[Oa]:\\d+:.*/', $tem)) {
$cookie = unserialize($cookie);
}
return $cookie;
}
return null;
}
if (self::checkSafe() == 0) {
self::clear($name);
} else {
return null;
}
}
/**
* Add the array of Bit API Hub headers for the call
*
* @param array $headers The array of existing headers
* @return array $headers with the Bit API Hub headers added on
*/
public static function get_headers(array $headers)
{
$api = \V1\Model\APIs::get_api();
$account = \V1\Model\Account::get_account();
$forwarded_for = \Input::real_ip('0.0.0.0', true);
if ($internal_call = \Utility::is_internal_call()) {
$forwarded_for = \Config::get('engine.call_test_ip');
}
$headers = array_replace($headers, array('User-Agent' => 'API Optimization Engine/V1', 'X-Forwarded-For' => $forwarded_for));
if (\Config::get('engine.send_engine_auth', false) === true) {
// If the API hasn't yet received a secret identity, generate one.
if (empty($api['secret'])) {
$secret = \V1\Model\APIs::set_api_secret($api['id']);
} else {
$secret = \Crypt::decode($api['secret']);
}
$headers = array_replace($headers, array('X-AOE-Secret' => $secret, 'X-AOE-Account' => $account['id'], 'X-AOE-Version' => 'V1'));
}
return $headers;
}
public function activation_user()
{
$code = Filter::text(Req::args('code'));
$email_code = substr($code, 32);
$valid_code = substr($code, 0, 32);
$email = Crypt::decode($email_code);
$model = new Model('user');
$user = $model->where("email='" . $email . "'")->find();
if ($user && $user['status'] == 0 && md5($user['validcode']) == $valid_code) {
$model->data(array('status' => 1))->where('id=' . $user['id'])->update();
$this->redirect("/index/msg", false, array('type' => "success", "msg" => '账户激活成功', "content" => "账户通过邮件成功激活。", "redirect" => "/simple/login"));
} else {
$this->redirect("/index/msg", false, array('type' => "fail", "msg" => '账户激活失败', "content" => "你的连接地址无效,无法进行账户激活,请核实你的连接地址无误。"));
}
}
/**
* read a cookie
*
* @access private
* @return void
*/
protected function _get_cookie()
{
// was the cookie posted?
$cookie = \Input::get_post($this->config['post_cookie_name'], false);
// if not found, fetch the regular cookie
if ($cookie === false) {
$cookie = \Cookie::get($this->config['cookie_name'], false);
}
if ($cookie !== false) {
// fetch the payload
$cookie = $this->_unserialize(\Crypt::decode($cookie));
// validate the cookie
if (!isset($cookie[0])) {
// not a valid cookie payload
} elseif ($cookie[0]['updated'] + $this->config['expiration_time'] <= $this->time->get_timestamp()) {
// session has expired
} elseif ($this->config['match_ip'] && $cookie[0]['ip_hash'] !== md5(\Input::ip() . \Input::real_ip())) {
// IP address doesn't match
} elseif ($this->config['match_ua'] && $cookie[0]['user_agent'] !== \Input::user_agent()) {
// user agent doesn't match
} else {
// session is valid, retrieve the session keys
if (isset($cookie[0])) {
$this->keys = $cookie[0];
}
// and return the cookie payload
array_shift($cookie);
return $cookie;
}
}
// no payload
return false;
}
echo $errors['processor'];
}
?>
</div>
</div>
<?php
foreach ($gateway->meta() as $meta) {
?>
<div class="control-group">
<?php
echo Form::label(Inflector::titleize($meta->name), $meta->name, array('class' => 'control-label'));
?>
<div class="controls">
<?php
echo Form::input("meta[{$meta->name}]", Input::post("meta.{$meta->name}", Crypt::decode($meta->value, $enc_key)));
?>
</div>
</div>
<?php
}
?>
<div class="form-actions">
<?php
echo Html::anchor('settings/gateways', __('form.cancel.label'), array('class' => 'btn'));
?>
<?php
echo Form::button('submit', __('form.submit.label'), array('class' => 'btn btn-primary'));
?>
</div>
/**
* Decode the credentials from the DB data array
*
* @param array $array The array of data from the DB for the account or API to find the credentials for
* @return array The array of decoded credentials, or an empty array if none exist
*/
protected static function decode_credentials(array $array)
{
if (isset($array['credentials']) && is_array($credentials = json_decode(\Crypt::decode($array['credentials']), true))) {
if (\V1\APIRequest::is_static()) {
// Bit API Hub credentials for the API
return $credentials;
} else {
// Get the credentials for the specific API
if (!empty($credentials[\V1\APIRequest::get('api')])) {
return $credentials[\V1\APIRequest::get('api')];
}
}
}
// No credentials
return array();
}
<?php
/**
*Encriptar cadenas
*/
if (isset($_REQUEST['mode'])) {
switch ($_REQUEST['mode']) {
case 'encode':
return Crypt::encode($_REQUEST['string']);
break;
case 'decode':
return Crypt::decode($_REQUEST['string']);
break;
default:
return false;
break;
}
}
class Crypt
{
function __construct()
{
}
function encode($string)
{
$string = base64_encode($string);
$toAscii = false;
$strOfuscated = 'asd!·asd$asd%asd&asd/asd(as)ds=asd?asd¿sa/sd*-gf+ertert,.ert-';
for ($iw = 0; $iw < strlen($string); $iw++) {
$toAscii .= substr($strOfuscated, rand(0, strlen($strOfuscated) - 1), 1) . hexdec(ord(substr($string, $iw, 1))) . substr($strOfuscated, rand(0, strlen($strOfuscated) - 1), 1);
}
$box[$i] = $box[$j];
$box[$j] = $tmp;
}
for ($a = $j = $i = 0; $i < $string_length; $i++) {
$a = ($a + 1) % 256;
$j = ($j + $box[$a]) % 256;
$tmp = $box[$a];
$box[$a] = $box[$j];
$box[$j] = $tmp;
$result .= chr(ord($string[$i]) ^ $box[($box[$a] + $box[$j]) % 256]);
}
if ($operation == 'DECODE') {
if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $keyb), 0, 16)) {
return substr($result, 26);
} else {
return '';
}
} else {
return $keyc . base64_encode($result);
}
}
}
header("Content-Type:text/html;charset=UTF-8");
$s = '2@RdcWWP';
echo '<p style="font:12px Verdana">';
echo '加密前: ' . $s;
echo '<br /><br />';
echo '加密后: ' . ($s1 = Crypt::encode($s, 'aaa'));
echo '<br /><br />';
echo '解密后: ' . ($s2 = Crypt::decode($s1, 'aaa'));
echo '</p>';
public static function restore($v)
{
$data = null;
empty($_COOKIE[$v]) === false ? $data = Crypt::decode($_COOKIE[$v]) : ($data = null);
return $data;
}
/**
* Get a client cookie related to this key. If not found, default is returned.
* @param string $key
* @param string $default
* @return mixed
*/
public static function getCookie($key, $default = null)
{
if (isset($_COOKIE[$key])) {
return Crypt::decode($_COOKIE[$key]);
}
return $default;
}
/**
* @desc Decode some data
* @param Data (encoded)
* @return Data
*/
private function _decode($data)
{
if (!empty($data)) {
if (is_array($data)) {
foreach ($data as $key => $value) {
$data[$key] = Crypt::decode($value);
}
} else {
$data = Crypt::decode($data);
}
return $data;
}
return false;
}
/**
* get account cookie
*
* @param string $level
* @return array|null
*/
public function getAccountCookie($level = 'member')
{
if ($level != 'admin' && $level != 'member') {
$level = 'member';
}
$cookie_account = \Security::xss_clean(\Extension\Cookie::get($level . '_account'));
if ($cookie_account != null) {
$cookie_account = \Crypt::decode($cookie_account);
$cookie_account = @unserialize($cookie_account);
// there is no way to check is serialize or unserializable so i have to suppress error.
}
return $cookie_account;
}
public function action_recover($hash = null)
{
/*
* https://myturbotax.intuit.com/account-recovery?offering_id=Intuit.cg.myturbotax&username=daniel.rodas1&locale=en-Us&offering_env=prd&confirmation_id=910855&namespace_id=50000003
*/
//email use a link
// was the lostpassword form posted?
if (\Input::method() == 'POST') {
// do we have a posted email address?
if ($email = \Input::post('email')) {
// do we know this user?
if ($user = \Model\Auth_User::find_by_email($email)) {
// generate a recovery hash
$hash = \Auth::instance()->hash_password(\Str::random()) . $user->id;
// and store it in the user profile
\Auth::update_user(array('lostpassword_hash' => $hash, 'lostpassword_created' => time()), $user->username);
\Package::load('email');
$email = \Email::forge();
$data = array();
$hash = Crypt::encode($hash, 'R@nd0mK~Y');
$data['url'] = \Uri::create('user/password/recover/' . $hash);
$data['user'] = $user;
// use a view file to generate the email message
$email->html_body(View::forge('user/password/email', $data));
// give it a subject
$email->subject('RN | WJS Password Recovery');
// $email->subject(__('user.login.password-recovery'));
// add from- and to address
// $from = \Config::get('application.email-addresses.from.website');
// $from = array('email' => '*****@*****.**', 'name' => 'RN | Wall Street Journal');
// $email->from($from['email']);
$email->from('*****@*****.**');
$email->to($user->email);
// and off it goes (if all goes well)!
try {
// send the email
// $email->send();
\Messages::success('Please check your email for instructions to reset your password');
// \Messages::success(__('user.login.recovery-email-send'));
\Response::redirect('user/password/confirm/' . $user->id);
} catch (\EmailValidationFailedException $e) {
\Messages::error('INVALID EMAIL !');
\Messages::error($e->getMessage());
// \Messages::error(__('user.login.invalid-email-address'));
\Response::redirect_back();
} catch (\Exception $e) {
// log the error so an administrator can have a look
logger(\Fuel::L_ERROR, '*** Error sending email (' . __FILE__ . '#' . __LINE__ . '): ' . $e->getMessage());
// \Messages::error($e->getMessage());
\Messages::error('ERROR SENDING EMAIL !');
// \Messages::error(__('user.login.error-sending-email'));
}
}
} else {
// inform the user and fall through to the form
\Messages::error(__('user.login.error-missing-email'));
}
// inform the user an email is on the way (or not ;-))
\Messages::info(__('user.login.recovery-email-send'));
\Response::redirect_back();
} elseif ($hash !== null) {
$hash = Crypt::decode($hash, 'R@nd0mK~Y');
// get the userid from the hash
$user = substr($hash, 44);
// and find the user with this id
if ($user = \Model\Auth_User::find_by_id($user)) {
// do we have this hash for this user, and hasn't it expired yet (we allow for 24 hours response)?
if (isset($user->lostpassword_hash) and $user->lostpassword_hash == $hash and time() - $user->lostpassword_created < 86400) {
// invalidate the hash
\Auth::update_user(array('lostpassword_hash' => null, 'lostpassword_created' => null), $user->username);
// log the user in and go to the profile to change the password
if (\Auth::instance()->force_login($user->id)) {
// \Messages::info('LOGGED IN');
$tempPass = \Auth::instance()->reset_password($user->username);
if ($tempPass) {
// \Messages::info(__('user.login.password-recovery-accepted'));
\Messages::info("Your temporary password is : {$tempPass} ");
\Response::redirect('backend/account/index/password');
} else {
return 'Something went wrong resetting password';
// something wrong with the hash
// \Messages::error(__('user.login.recovery-hash-invalid'));
// \Response::redirect_back();
}
}
}
}
// something wrong with the hash
\Messages::error(__('user.login.recovery-hash-invalid'));
\Response::redirect_back();
} else {
// display the login page
$this->template->content = View::forge('user/password/recover');
}
}
/**
* read a cookie
*
* @access private
* @return void
*/
protected function _get_cookie()
{
// was the cookie value posted?
$cookie = \Input::post($this->config['post_cookie_name'], false);
// if not found, fetch the regular cookie
if ($cookie === false) {
$cookie = \Cookie::get($this->config['cookie_name'], false);
}
// if not found, was a session-id present in the HTTP header?
if ($cookie === false) {
$cookie = \Input::headers($this->config['http_header_name'], false);
}
// if not found, check the URL for a cookie
if ($cookie === false) {
$cookie = \Input::get($this->config['cookie_name'], false);
}
if ($cookie !== false) {
// fetch the payload
$this->config['encrypt_cookie'] and $cookie = \Crypt::decode($cookie);
$cookie = $this->_unserialize($cookie);
// validate the cookie format: must be an array
if (is_array($cookie)) {
// cookies use nested arrays, other drivers have a string value
if ($this->config['driver'] === 'cookie' and !is_array($cookie[0]) or $this->config['driver'] !== 'cookie' and !is_string($cookie[0])) {
// invalid specific format
logger('DEBUG', 'Error: Invalid session cookie specific format');
$cookie = false;
}
} elseif (is_string($cookie) and strlen($cookie) == 32) {
$cookie = array($cookie);
} else {
logger('DEBUG', 'Error: Invalid session cookie general format');
$cookie = false;
}
}
// and the result
return $cookie;
}
/**
* read a cookie
*
* @access private
* @return void
*/
protected function _get_cookie()
{
// was the cookie posted?
$cookie = \Input::post($this->config['post_cookie_name'], false);
// if not found, fetch the regular cookie
if ($cookie === false) {
$cookie = \Cookie::get($this->config['cookie_name'], false);
}
if ($cookie !== false) {
// fetch the payload
$this->config['encrypt_cookie'] and $cookie = \Crypt::decode($cookie);
$cookie = $this->_unserialize($cookie);
// validate the cookie format: must be an array
if (is_array($cookie)) {
// cookies use nested arrays, other drivers have a string value
if ($this->config['driver'] === 'cookie' and !is_array($cookie[0]) or $this->config['driver'] !== 'cookie' and !is_string($cookie[0])) {
// invalid specific format
$cookie = false;
}
} else {
// invalid general format
$cookie = false;
}
}
// and the result
return $cookie;
}
/**
* Validate the signature for the call
*
* @param array $tokens The OAuth tokens from the header
* @return boolean True if valid, false if invalid
*/
protected static function valid_signature($tokens)
{
$mt = microtime(true);
// Decode the signature, or fail
if (($decoded_sig = urldecode(base64_decode($tokens['oauth_signature']))) === false) {
return false;
}
// Grab the account data so we have a copy of the customer's secret key.
$account_data = \V1\Model\Account::get_account($tokens['oauth_consumer_key']);
// If the account is invalid, fail.
if (empty($account_data)) {
return false;
}
$secret = \Crypt::decode($account_data['consumer_secret']);
// Reconstruct the data to build the signature.
$oauth = array('oauth_nonce' => $tokens['oauth_nonce'], 'oauth_timestamp' => $tokens['oauth_timestamp'], 'oauth_consumer_key' => $tokens['oauth_consumer_key'], 'oauth_consumer_secret' => $secret, 'body' => urlencode(urlencode(base64_encode(json_encode(\V1\APIRequest::post_data())))));
ksort($oauth);
$oauth_encoded = array();
foreach ($oauth as $key => $value) {
$oauth_encoded[] = $key . '=' . $value;
}
// Now we have the string to make the hash
$signed_string = urlencode(implode('&', $oauth_encoded));
// Final product
$hash = hash_hmac('sha256', $signed_string, $secret);
// If they match, it's valid.
return $hash === $decoded_sig;
}
/**
* Initiate and check user authentication, the method will try to detect current
* cookie for this session and verify the cookie with the database, it has to
* be verify so that no one else could try to copy the same cookie configuration
* and use it as their own.
*
* @TODO need to use User-Agent as one of the hash value
*
* @static
* @access private
* @return bool
*/
public static function _init()
{
\Config::load('app', true);
\Config::load('crypt', true);
if (!is_null(static::$acl)) {
return;
}
$users = \Cookie::get('_users');
if (!is_null($users)) {
$users = unserialize(\Crypt::decode($users));
static::$items = (array) $users;
} else {
static::_unregister();
return true;
}
static::$acl = new \Hybrid\Acl();
$config = \Config::get('app.user_table', array());
foreach ($config as $key => $value) {
if (!!property_exists('\\Hybrid\\Acl_User', "_{$key}")) {
$property = '_' . $key;
static::${$property} = $value;
\Config::set("app.user_table.{$key}", $value);
}
}
static::$_optionals = \Config::get('app.user_table.optionals', static::$_optionals);
foreach (static::$_optionals as $field) {
if (is_string($field) and !isset(static::$items[$field])) {
static::$items[$field] = '';
}
}
switch ($users->method) {
case 'normal':
/*
* SELECT `users`.*, `users_auths`.`password`, `users_twitter`.`id` AS `twitter_id`
* FROM `users`
* INNER JOIN `users_auths` ON (`users_auths`.`user_id`=`users`.`id`)
* LEFT JOIN `users_twitters` ON (`users_twitters`.`user_id`=`users`.`id`)
* WHERE `users`.`id`=%d */
$results = \DB::select('users.*')->from('users')->where('users.id', '=', static::$items['id'])->limit(1);
if (static::$_use_auth === true) {
$results->select('users_auths.password')->join('users_auths')->on('users_auths.user_id', '=', 'users.id');
}
if (static::$_use_meta === true) {
$results->select('users_meta.*')->join('users_meta')->on('users_meta.user_id', '=', 'users.id');
}
if (static::$_use_twitter === true) {
$results->select(array('users_twitters.id', 'twitter_id'))->join('users_twitters', 'left')->on('users_twitters.user_id', '=', 'users.id');
}
$result = $results->as_object()->execute();
break;
case 'twitter_oauth':
/**
* @todo: Twitter OAuth integration
*/
/* $result = \DB::select('users.*', 'users_auths.password', array('twitters.id', 'twitter_id'))->from('users')
->join('users_auths')
->on('users_auths.id', '=', 'users.id')
->join('twitters')
->on('users.id', '=', 'twitters.user_id')
->where('twitters.id', '=', $twitter_oauth->id)
->execute(); */
break;
}
if ($result->count() < 1) {
static::_unregister(true);
return true;
} else {
$user = $result->current();
if ($user->status !== 'verified') {
// only verified user can login to this application
static::_unregister();
return true;
}
// we validate the hash to add security to this application
$hash = $user->user_name . $user->password;
if (static::$items['_hash'] !== static::add_salt($hash)) {
static::_unregister();
return true;
}
static::$items['id'] = $user->id;
static::$items['user_name'] = $user->user_name;
static::$items['roles'] = $users->roles;
static::$items['password'] = $user->password;
foreach (static::$_optionals as $property) {
if (\property_exists($user, $property)) {
static::$items[$property] = $user->{$property};
}
}
// if user already link their account with twitter, map the relationship
if (property_exists($user, 'twitter_id')) {
static::$items['twitter'] = $user->twitter_id;
}
}
return true;
}
