public function post_new()
{
$input = Input::all();
//grab our input
$rules = array('name' => 'required|alpha', 'lastName' => 'required|alpha', 'permit' => 'required|min:2', 'lot' => 'required|integer', 'msc' => 'integer', 'ticket' => 'required|min:2|numeric|unique:tickets,ticketID', 'fineAmt' => 'required|numeric', 'licensePlate' => 'required|alpha_num', 'licensePlateState' => 'required|max:2', 'dateIssued' => 'required', 'violations' => 'required', 'areaOfViolation' => 'required|alpha_num', 'appealLetter' => 'required|max:700');
//validation rules
$validation = Validator::make($input, $rules);
//let's run the validator
if ($validation->fails()) {
return Redirect::to('appeal/new')->with_errors($validation);
}
//hashing the name of the file uploaded for security sake
//then we'll be dropping it into the public/uploads file
//get the file extension
$extension = File::extension($input['appealLetter']['name']);
//encrypt the file name
$file = Crypter::encrypt($input['appealLetter']['name'] . time());
//for when the crypter likes to put slashes in our scrambled filname
$file = preg_replace('#/+#', '', $file);
//concatenate extension and filename
$filename = $file . "." . $extension;
Input::upload('appealLetter', path('public') . 'uploads/', $filename);
//format the fine amount in case someone screws it up
$fineamt = number_format(Input::get('fineAmt'), 2, '.', '');
//inserts the form data into the database assuming we pass validation
Appeal::create(array('name' => Input::get('name'), 'lastName' => Input::get('lastName'), 'permitNumber' => Input::get('permit'), 'assignedLot' => Input::get('lot'), 'MSC' => Input::get('msc'), 'ticketID' => Input::get('ticket'), 'fineAmt' => $fineamt, 'licensePlate' => Str::upper(Input::get('licensePlate')), 'licensePlateState' => Input::get('licensePlateState'), 'dateIssued' => date('Y-m-d', strtotime(Input::get('dateIssued'))), 'violations' => Input::get('violations'), 'areaOfViolation' => Input::get('areaOfViolation'), 'letterlocation' => URL::to('uploads/' . $filename), 'CWID' => Session::get('cwid')));
return Redirect::to('appeal/')->with('alertMessage', 'Appeal submitted successfully.');
}
private static function getCrypter()
{
static $crypter;
if (!$crypter) {
$crypter = Crypter::create(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
}
return $crypter;
}
public function post_issue_upload_attachment()
{
$user_id = Crypter::decrypt(str_replace(' ', '+', Input::get('session')));
Auth::login($user_id);
if (!Auth::user()->project_permission(Input::get('project_id'))) {
return Response::error('404');
}
Project\Issue\Attachment::upload(Input::all());
return true;
}
public function savingMoveFile()
{
$crypter = new Crypter();
$source = $crypter->Decode($_POST['id']);
$destination = $crypter->Decode($_POST['direction']);
$type = $_POST['type'];
$db = DataBaseFactory::connectDb();
if ($type == "file") {
$query = 'UPDATE `file` SET `parentDirectory`=:parent WHERE id=:id';
} else {
$query = 'UPDATE `directory` SET `parentDirectory`=:parent WHERE id=:id';
}
$exec = $db->prepare($query);
$exec->bindValue('parent', $destination);
$exec->bindValue('id', $source);
$result = $exec->execute();
if ($result) {
echo 'Moving Success';
} else {
echo 'Moving Failed';
}
}
/**
* Авторизация
*/
public function auth()
{
$cookie = Cookie::get('zzz');
if (is_null($cookie)) {
return false;
}
$SeSData = @unserialize(Crypter::decrypt($cookie));
if (!is_array($SeSData)) {
return false;
}
if (!isset($SeSData['user_id'])) {
return false;
}
if (!isset($SeSData['user_key'])) {
return false;
}
if (!isset($SeSData['user_token'])) {
return false;
}
$user = false;
// заглушка
// Тут нужна реализованная модель пользователя
//$user = Model::get('user')->getUserByID($SeSData['user_id']);
try {
if ($user === false) {
throw new Exception();
}
if ($user['user_status'] != 'active') {
throw new Exception();
}
if ($SeSData['user_key'] != $user['user_key']) {
throw new Exception();
}
if ($SeSData['user_token'] != $user['user_token']) {
throw new Exception();
}
} catch (Exception $e) {
$this->logout();
return false;
}
$this->add('user', (object) $user);
$this->add('vars', new stdObject());
$this->is_login = true;
return true;
}
/**
* @param eZContentObjectTreeNode $node
* @return array
*/
public function getNodeUrl( &$node = null )
{
$merckIni = ExternalLinkHandlerBase::iniMerck();
$action = $merckIni->variable( 'AlexandriaSettings' , 'Action' );
$referer = $merckIni->variable( 'AlexandriaSettings' , 'Referer' );
$uuid = MMUsers::getCurrentUserObject()->uuid;
$baseUrl = $merckIni->variable( 'AlexandriaSettings' , 'BaseLoginUrl' );
$url = $this->application()->applicationLocalized()->external_url;
$requestTime = time();
if ( !$uuid )
{
self::redirectToErrorPage();
}
$vectorShared = mcrypt_create_iv( Crypter::iv_size() );
$params = array(
'username' => $uuid,
'referer' => $referer,
'action' => $action,
'request_time' => $requestTime,
'URL' => $url
);
$encodeArray = json_encode( $params );
$encodeArray = Crypter::pad( $encodeArray );
$userEncrypt = Crypter::encrypt( $encodeArray, $vectorShared );
$urlParams = array(
'v' => base64_encode( $vectorShared ),
'val' => base64_encode( $userEncrypt )
);
return array( 'url' => $baseUrl, 'params' => $urlParams );
}
$rowsPerPage = $numberOfRows;
$ListODetails = $filterODetail->loadLimit($rowsPerPage, 0, $SortName, $SortType);
} else {
$ListODetails = $filterODetail->loadLimit($rowsPerPage, $offset, $SortName, $SortType);
}
//tổng số trang cần hiển thị
$self = $_SERVER['PHP_SELF'];
// Lay dia chi truc tiep cua PHP dang mo
$pagination = new Pagination($curPage, $rowsPerPage, $offset, $numberOfRows, $self);
//end Paging
?>
<div id="mainData">
<table class="table table-bordered">
<tbody>
<?php
$crypter = new Crypter("nhatanh");
$encrypted = $crypter->Encrypt($_SESSION["token"]);
$token = "&token=" . $encrypted;
foreach ($ListODetails as $ItemOD) {
$urlPara = "orderDetailID=" . $ItemOD->getOrderDetailID() . "&control=";
$urlInfo = "orderDetails.php?" . $urlPara;
?>
<tr>
<td style="width: 120px;" class="btn-modify-group text-center">
<a href="<?php
echo $urlInfo . Controls::Information . $token;
?>
"
class="btn btn-info icon-left" data-toggle="tooltip" data-placement="top" title="Thông tin">
<i class="entypo-info"></i>
</a>
<?php
if (!isset($_SESSION)) {
session_start();
}
if (!isset($_SESSION["IsLogin"])) {
$_SESSION["IsLogin"] = 0;
// chưa đăng nhập
}
require_once '../helper/crypter.php';
if (isset($_SESSION["IsLogin"]) && $_SESSION["IsLogin"] == 1) {
//set token
$crypter = new Crypter("nhatanh");
if (!isset($_SESSION["token"])) {
$datetime = new DateTime();
$str_datetime = date_format($datetime, 'Y-m-d H:i:s');
$security = $str_datetime . " " . strval(rand());
$encrypted = $crypter->Encrypt($security);
$_SESSION["token"] = $security;
$token = "token=" . $encrypted;
} else {
$encrypted = $crypter->Encrypt($_SESSION["token"]);
$token = "token=" . $encrypted;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
protected function decodeValue($value)
{
$value = str_replace(array('_', '-'), array('/', '+'), $value);
return \Crypter::decrypt($value);
}
<?php
// Create a Form macro which generates the fake honeypot field
// as well as the time check field
Form::macro('honeypot', function ($honey_name, $honey_time) {
return View::make("honeypot::fields", get_defined_vars());
});
// We add a custom validator to validate the honeypot text and time check fields
Validator::register('honeypot', function ($attribute, $value, $parameters) {
// We want the value to be empty, empty means it wasn't a spammer
return $value == '';
});
Validator::register('honeytime', function ($attribute, $value, $parameters) {
// The timestamp is encrypted so let's decrypt it
$value = Crypter::decrypt($value);
// The current time should be greater than the time the form was built + the speed option
return is_numeric($value) && time() > $value + $parameters[0];
});
if (!$error) {
$usergroup = 1;
$result = mysql_query("SELECT ID FROM users");
if ($result && mysql_num_rows($result) == 0) {
$usergroup = 3;
}
$passmd5 = md5($pass);
$result = mysql_query("INSERT INTO users(Login, Password, IP, Email, Balans, UserGroup, RegisterDate,Preferences) VALUES('{$login}','{$passmd5}','{$IP}','{$email}',1, {$usergroup}, NOW(),'')");
if (!$result) {
$errors .= "Ошибка при обработке запроса к MySQL. Обратитесь к <a href='mailto:macondos@inbox.ru'>администратору</a><br>";
$errors .= mysql_errno() . ": " . mysql_error() . "\n";
}
}
}
}
$crypter = new Crypter(MODE_ECB, 'blowfish', 'key52345346_change_it');
if (isset($_REQUEST['logon'])) {
if (isset($_POST['login']) && isset($_POST['pass'])) {
$_SESSION['login'] = $_POST['login'];
$_SESSION['pass'] = $_POST['pass'];
if (isset($_POST['remember'])) {
setcookie("login", base64_encode($crypter->encrypt($_POST['login'])), time() + 1209600);
setcookie("pass", base64_encode($crypter->encrypt($_POST['pass'])), time() + 1209600);
}
}
}
$login = isset($_SESSION['login']) ? $_SESSION['login'] : (isset($_COOKIE['login']) ? trim($crypter->decrypt(base64_decode($_COOKIE['login']))) : "");
$pass = isset($_SESSION['pass']) ? $_SESSION['pass'] : (isset($_COOKIE['pass']) ? trim($crypter->decrypt(base64_decode($_COOKIE['pass']))) : "");
$_SESSION['login'] = $login;
$_SESSION['pass'] = $pass;
$user = GetUserID($login, $pass);
/**
* Attempt to find a "remember me" cookie for the user.
*
* @return string|null
*/
protected function recall()
{
$cookie = Cookie::get($this->recaller());
// By default, "remember me" cookies are encrypted and contain the user
// token as well as a random string. If it exists, we'll decrypt it
// and return the first segment, which is the user's ID token.
if (!is_null($cookie)) {
return head(explode('|', Crypter::decrypt($cookie)));
}
}
/**
* Pasa de la clave de texto plano a una clave cifrada para guardar en la BD
*
*/
public function ensuciarClave($clave = '')
{
$crypt = new Crypter(sfConfig::get('app_general_cifrado_usuario'));
if ($clave != "") {
$this->setClavelimpia($clave);
$otra_clave = $crypt->encrypt($clave);
$this->setClave($otra_clave);
} else {
$otra_clave = $crypt->encrypt($this->getClavelimpia());
$this->setClave($otra_clave);
}
return $otra_clave;
}
class Crypter
{
public static $default_instance;
private $key;
private $method;
private $iv;
function __construct($key, $method)
{
$this->key = $key;
$this->method = $method;
$this->iv = md5(md5($key));
}
function encrypt($data)
{
return base64_encode(mcrypt_encrypt($this->method, md5($this->key), $data, MCRYPT_MODE_CFB, $this->iv));
}
function decrypt($data)
{
return mcrypt_decrypt($this->method, md5($this->key), base64_decode($data), MCRYPT_MODE_CFB, $this->iv);
}
}
function encrypt($data)
{
return Crypter::$default_instance->encrypt($data);
}
function decrypt($data)
{
return Crypter::$default_instance->decrypt($data);
}
Crypter::$default_instance = new Crypter("My Very Strong Random Secret Key", MCRYPT_RIJNDAEL_256);
<?php
if (!isset($_SESSION)) {
session_start();
}
$fail = false;
if (!isset($_GET["token"]) || $_SESSION["IsLogin"] == 0) {
$fail = true;
} else {
require_once '../helper/crypter.php';
$crypter = new Crypter("nhatanh");
$decrypted = $crypter->Decrypt(str_replace(" ", "+", $_GET["token"]));
//$data = explode("/", $decrypted);
if (!isset($_SESSION["token"]) || $_SESSION["token"] != $decrypted) {
$fail = true;
} else {
$fail = false;
}
}
if ($fail) {
require_once '../helper/Utils.php';
$url = "adminLogin.php";
Utils::Redirect($url);
} else {
require_once '../helper/Page.php';
require_once '../helper/Pagination.php';
require_once '../entities/Status.php';
require_once '../helper/File.php';
require_once '../helper/Controls.php';
$page = new Page();
$page->addCSS("assets/js/sweetalert/sweetalert.css");
/**
* Set a cookie so that the user is "remembered".
*
* @param string $id
* @return void
*/
protected static function remember($id)
{
$recaller = Crypter::encrypt($id . '|' . Str::random(40));
// This method assumes the "remember me" cookie should have the same
// configuration as the session cookie. Since this cookie, like the
// session cookie, should be kept very secure, it's probably safe.
// to assume the cookie settings are the same.
$config = Config::get('session');
extract($config, EXTR_SKIP);
$cookie = Config::get('auth.cookie');
Cookie::forever($cookie, $recaller, $path, $domain, $secure);
}
<td>
<input id="upload" type="file" name="file_upload" />
<ul id="uploaded-attachments"></ul>
</td>
</tr>
<tr>
<th></th>
<td><input type="submit" value="<?php
echo __('tinyissue.create_issue');
?>
" class="button primary" /></td>
</tr>
</table>
<?php
echo Form::hidden('session', Crypter::encrypt(Auth::user()->id));
?>
<?php
echo Form::hidden('project_id', Project::current()->id);
?>
<?php
echo Form::hidden('token', md5(Project::current()->id . time() . \Auth::user()->id . rand(1, 100)));
?>
<?php
echo Form::token();
?>
</form>
</div>
<?php
$_GRUNT_PATH = 1;
require_once '../GruntFileSystem.php';
$crypter = new Crypter();
$source = $crypter->Decode($_POST['id']);
$destination = $crypter->Decode($_POST['direction']);
$type = $_POST['type'];
$db = DataBaseFactory::connectDb();
if ($type == "file") {
$query = 'UPDATE `file` SET `parentDirectory`=:parent WHERE id=:id';
} else {
$query = 'UPDATE `directory` SET `parentDirectory`=:parent WHERE id=:id';
}
$exec = $db->prepare($query);
$exec->bindValue('parent', $destination);
$exec->bindValue('id', $source);
$result = $exec->execute();
if ($result) {
echo 'Moving Success';
} else {
echo 'Moving Failed';
}
