function __encrypt($value) { if (is_array($value)) { $value = $this->__implode($value); } return "Q2FrZQ==." . base64_encode(Security::cipher($value, $this->Controller->Cookie->key)); }
public function postLogin() { $this->loadModel('User'); $key = 'iznWsaal5lKhOKu4f7f0YagKW81ClEBXqVuTjrFovrXXtOggrqHdDJqkGXsQpHf'; $email = trim($this->request->data['email']); $password = trim($this->request->data['password']); $encrypted_password = Security::cipher($password, $key); $opts = array('conditions' => array('and' => array('User.user_email' => $email, 'User.password' => $encrypted_password))); $userInfo = $this->User->find('first', $opts); if ($userInfo) { //session CakeSession::write('session_id', $userInfo['User']['user_id']); CakeSession::write('session_name', $userInfo['User']['user_name']); CakeSession::write('session_email', $userInfo['User']['user_email']); $this->redirect('../User/user_profile'); } else { $this->loadModel('CreateGroup'); $opts = array('conditions' => array('and' => array('CreateGroup.group_admin_email' => $email, 'CreateGroup.password' => $encrypted_password))); $groupInfo = $this->CreateGroup->find('first', $opts); if ($groupInfo) { //session CakeSession::write('session_id', $groupInfo['CreateGroup']['group_id']); CakeSession::write('session_name', $groupInfo['CreateGroup']['group_name']); CakeSession::write('session_code', $groupInfo['CreateGroup']['group_code']); CakeSession::write('session_email', $groupInfo['CreateGroup']['group_admin_email']); $this->redirect('../Admin/group_profile'); } else { $this->Session->write('login_message', 'Invalid username or password'); $this->redirect('../login/home'); } } }
public static function write($name, $value = null, $encrypt = true, $expires = null, $path = null, $domain = null, $secure = null) { self::ready(); SlConfigure::write($name, $value, false, 'cookie'); self::$_cookies[] = $name; self::$_cookies = array_unique(self::$_cookies); if (empty($path)) { $path = SlConfigure::read('Sl.cookie.path'); } if ($domain === null) { $domain = SlConfigure::read('Sl.cookie.domain'); } if ($secure === null) { $secure = SlConfigure::read('Sl.cookie.secure'); } $now = time(); if (is_int($expires) || is_numeric($expires)) { $expires = $now + intval($expires); } elseif (is_string($expires)) { $expires = strtotime($expires, $now); } $value = serialize($value); if ($encrypt) { App::import('core', 'security'); $value = "?" . base64_encode(Security::cipher($value, self::$_key)); } else { $value = base64_encode($value); } setcookie(self::$_cookieName . "[{$name}]", $value, $expires, $path, $domain, $secure); }
private function getConnection() { if (!$this->_connection) { $this->_connection = new TwitterOAuth(Security::cipher(base64_decode(Configure::read('Data.Twitter.consumerKey')), 'gummTwitterCypher'), Security::cipher(base64_decode(Configure::read('Data.Twitter.consumerSecret')), 'gummTwitterCypher'), Security::cipher(base64_decode(Configure::read('Data.Twitter.accessToken')), 'gummTwitterCypher'), Security::cipher(base64_decode(Configure::read('Data.Twitter.accessTokenSecret')), 'gummTwitterCypher')); } return $this->_connection; }
public static function decrypt($value) { $self = self::getInstance(); $prefix = strpos($value, 'U3BhZ2hldHRp.'); if ($prefix !== false) { $encrypted = base64_decode(substr($value, $prefix + 13)); return Security::cipher($encrypted, $self->key); } return false; }
public function getUserInfo() { // Authデータの取得 $authUserInfo = AuthComponent::user(); // Authの場合 if (!empty($authUserInfo)) { $authUserInfo['method'] = U_AUTH; unset($authUserInfo['password']); unset($authUserInfo['created']); unset($authUserInfo['modified']); return $authUserInfo; } // Cookieの場合 if (isset($_COOKIE['tora']['User'])) { $tmpc = Security::cipher(base64_decode(substr($_COOKIE['tora']['User'], 8)), Configure::read('Security.salt')); $tmpcArray = json_decode($tmpc, true); $tmpfArray = $this->find('first', array('conditions' => array('User.id' => $tmpcArray['id']), 'fields' => array('User.id', 'User.username', 'User.nickname', 'User.stat'))); $tmpfArray['User']['method'] = U_COOKIE; return $tmpfArray['User']; } // ない場合 return array('method' => U_NONE); }
public function changePassword() { $this->loadModel('User'); $key = 'iznWsaal5lKhOKu4f7f0YagKW81ClEBXqVuTjrFovrXXtOggrqHdDJqkGXsQpHf'; $userId = trim($this->request->data['user_id']); $password = trim($this->request->data['password']); $cpassword = trim($this->request->data['c_password']); $encrypted_password = Security::cipher($password, $key); if ($password == $cpassword) { if ($this->User->updateAll(array('password' => "'{$encrypted_password}'"), array('user_id' => $userId))) { $this->Session->write('pcmessage', 'password changed successfully'); $this->redirect('../User/change_password'); } else { $this->Session->write('pcmessage', 'Password not changed'); $this->redirect('../User/change_password'); } } else { $this->Session->write('pcmessage', 'password and confirm pasword different'); $this->redirect('../User/change_password'); } }
/** * Decodes and decrypts a single value. * * @param string $value The value to decode & decrypt. * @return string Decoded value. */ protected function _decode($value) { $prefix = 'Q2FrZQ==.'; $pos = strpos($value, $prefix); if ($pos === false) { return $this->_explode($value); } $value = base64_decode(substr($value, strlen($prefix))); if ($this->_type === 'rijndael') { $plain = Security::rijndael($value, $this->key, 'decrypt'); } if ($this->_type === 'cipher') { $plain = Security::cipher($value, $this->key); } if ($this->_type === 'aes') { $plain = Security::decrypt($value, $this->key); } return $this->_explode($plain); }
/** * Checks whether the setting already exists and cleans the data array if it does. * This is used mainly by outside of the model functions which don't know if the Setting exists or not. * * @param {array} An array of Setting data */ private function _cleanSettingData($data, $append = false) { if (is_array($data['Setting']['value'])) { $settingValue = ''; foreach ($data['Setting']['value'] as $key => $value) { if (is_array($value)) { // Form->input('Setting.value.variable.key') // turns into variable[key] = value foreach ($value as $index => $val) { $settingValue .= __('%s[%s] = "%s"%s', $key, $index, Sanitize::escape($val), PHP_EOL); } } else { // Form->input('Setting.value.variable) // turns into variable = value $settingValue .= __('%s = "%s"%s', $key, Sanitize::escape($value), PHP_EOL); } } $data['Setting']['value'] = $settingValue; } if (!empty($data['Setting'][0])) { $i = 0; foreach ($data['Setting'] as $setting) { if (is_array($setting['value'])) { $newValue = null; foreach ($setting['value'] as $key => $value) { $newValue .= is_numeric($value) ? $key . ' = ' . $value . '' . PHP_EOL : $key . ' = "' . $value . '"' . PHP_EOL; } // end value loop } else { $newValue = $setting['value']; } $data['Setting'][$i]['value'] = $newValue; $i++; } // end setting loop $data = $data['Setting']; // because we are using saveAll } // @todo break these out into individual setting function in a foreach loop that will // handle many and single records to save if (!empty($data['Setting']['name']) && !empty($data['Setting']['type'])) { // see if the setting already exists $setting = $this->find('first', array('conditions' => array('Setting.name' => $data['Setting']['name'], 'Setting.type' => $data['Setting']['type']))); if (!empty($setting)) { // if it does, then set the id, so that we over write instead of creating a new setting $data['Setting']['id'] = $setting['Setting']['id']; } if (!empty($append) && !empty($setting)) { $data['Setting']['value'] = $setting['Setting']['value'] . PHP_EOL . $data['Setting']['value']; } } // some values need to be encrypted. We do that here (@todo put this in its own two // functions. One for "encode" function, and one for which settings should be encoded, // so that we can specify all settings which need encryption, and reuse this instead // of the if (xxxx setting) thing. And make the corresponding decode() function somehwere as well. if (!empty($data['Setting']['name']) && $data['Setting']['name'] == 'SMTP' && !parse_ini_string($data['Setting']['name'])) { $data['Setting']['value'] = 'smtp = "' . base64_encode(Security::cipher($data['Setting']['value'], Configure::read('Security.salt'))) . '"'; } if (!empty($data['Query']) && $data['Setting']['name'] == 'ZUHA_DB_VERSION') { $data['Setting']['value'] = $data['Setting']['value'] + 0.0001; } return $data; }
/** * Unciphes a string created by the secure method * * @access public * @param string $param The string to be decrypted * @return string The original string */ public static function unsecure($param) { $param = base64_decode(str_replace(array('*', '-'), array('/', '+'), $param)); return Security::cipher(substr($param, 0, -2), substr($param, -2)); }
/** * Make sending email available to all controllers (AppModel calls to this function) * * @param mixed $toEmail address to send email to * @param string $subject subject of email * @param mixed $message $message ['html'] in the layout will be replaced with this text * @param string $template to be picked from folder for email. By default, if $mail is given in any template. * @param array $from Seems to not be used. * @param array $attachment list of file paths to add as email attachments * @return int The return value is the number of recipients who were accepted for delivery. * @throws Exception */ public function __sendMail($toEmail = null, $subject = null, $message = null, $template = 'default', $from = array(), $attachment = array()) { $this->SwiftMailer = $this->Components->load('SwiftMailer'); if (!defined('__SYSTEM_SMTP')) { throw new Exception(__('SMTP Settings not defined.')); } extract(unserialize(__SYSTEM_SMTP)); $smtp = Security::cipher(base64_decode($smtp), Configure::read('Security.salt')); if (!parse_ini_string($smtp)) { throw new Exception(__('SMTP Ini parsing failed.')); } if (isset($toEmail['to']) && is_array($toEmail)) { $this->SwiftMailer->to = $toEmail['to']; } else { $this->SwiftMailer->to = $toEmail; } if (isset($toEmail['cc']) && is_array($toEmail)) { $this->SwiftMailer->cc = $toEmail['cc']; } if (isset($toEmail['bcc']) && is_array($toEmail)) { $this->SwiftMailer->bcc = $toEmail['bcc']; } if (isset($toEmail['replyTo']) && is_array($toEmail)) { $this->SwiftMailer->replyTo = $toEmail['replyTo']; } $this->SwiftMailer->template = $template; $this->SwiftMailer->attachments = $attachment; $this->SwiftMailer->layout = 'email'; $this->SwiftMailer->sendAs = 'html'; if ($message) { $this->SwiftMailer->content = $message . '<br /><br />' . $_SERVER['REMOTE_ADDR']; if (is_array($message) && isset($message['html'])) { $this->SwiftMailer->content = $message['html'] . '<br /><br />' . $_SERVER['REMOTE_ADDR']; } else { $message = array('html' => $message); } $this->set('message', $message); } $subject = $subject ? $subject : 'No Subject'; return $this->SwiftMailer->send($template, $subject); }
function login() { if ($this->Session->check('mobile_user') && intval($this->Session->read('mobile_user'))) { $this->layout = 'mobile'; $this->view = 'mobile_login'; } else { $this->layout = 'register'; } if (!empty($this->request->data)) { if ($this->Auth->login()) { if ($this->Auth->user('is_activated')) { if ($this->Auth->user('type') == USER_TYPE_TENANT) { if ($this->Auth->user('property_id') > 0) { // If property no longer active, then we must redirect $this->loadModel('Property'); $this->Property->contain(); $userProp = $this->Property->findById($this->Auth->user('property_id')); if ($userProp['Property']['active'] == 0) { $this->redirect(array('controller' => 'Users', 'action' => 'propertydisabled', $this->User->id)); } } else { /* * If active user with no property_id they must have been removed from property */ $this->Session->setFlash('You are no longer assigned to a property. Please request a new property now.', 'flash_bad'); $redir_id = $this->Auth->User('id'); $this->Auth->logout(); $this->redirect(array('controller' => 'Users', 'action' => 'residentsearch', Security::cipher($redir_id, Configure::read('Security.salt2')))); } } $this->redirect($this->Auth->redirect()); } elseif (!$this->Auth->user('is_activated') && $this->Auth->user('invitebyemail')) { $this->User->id = $this->Auth->user('id'); $this->User->saveField('is_activated', true); /* * Update the unit to occupied after the invite is sent. */ if ($this->Auth->user('unit_id') > 0) { $this->loadModel('Unit'); $this->Unit->id = $this->Auth->user('unit_id'); $this->Unit->saveField('occupied', 'Yes'); } $this->redirect($this->Auth->redirect()); } else { $view = new View($this); $html = $view->loadHelper('Html'); $resendLink = $html->link('Click Here', array('controller' => 'Users', 'action' => 'resendactivation', $this->Auth->user('id'))); /* * previoustenant field can have following values * - 0 not a previous tenant * - 1 a previous tenant * - 2 a previous tenant awaiting a new activation */ if ($this->Auth->user('previoustenant') == 1 && $this->Auth->user('type') == USER_TYPE_TENANT) { /* * Previous tenant, currently inactive, who is trying to log back in - so need to send * to page 2 of the tenant sign up process */ $data = array(); $data['User']['id'] = $this->Auth->User('id'); /* Set to 2 so we can differentiate - i.e. know they came through this way already */ //$data['User']['previoustenant'] = '2'; $data['User']['property_id'] = '0'; $data['User']['unit_id'] = '0'; $data['User']['requested_unit'] = '0'; $data['User']['activation_key'] = $this->User->genActivationHash(); $this->User->set($data); if ($this->User->save($data, true, array('requested_unit', 'activation_key', 'property_id', 'unit_id'))) { //debug($data); $redir_id = $this->Auth->User('id'); $this->Auth->logout(); $this->redirect(array('controller' => 'Users', 'action' => 'residentsearch', Security::cipher($redir_id, Configure::read('Security.salt2')))); } else { $this->Session->setFlash('Error Signing Up. Please contact system admin.', 'flash_bad'); } } else { $this->Auth->logout(); $this->Session->setFlash('Sorry, your account is not yet activated.', 'flash_bad'); $this->redirect($this->Auth->redirect()); } } } else { $this->Session->setFlash('Invalid username or password.', 'flash_bad'); } } }
/** * Encrypts $value using public $type method in Security class * * @param string $value Value to encrypt * * @return string Encoded values */ protected function _encrypt($value) { if (is_array($value)) { $value = $this->_implode($value); } if (!$this->_encrypted) { return $value; } $prefix = "Q2FrZQ==."; if ($this->_type === 'rijndael') { $cipher = Security::rijndael($value, $this->key, 'encrypt'); } if ($this->_type === 'cipher') { $cipher = Security::cipher($value, $this->key); } if ($this->_type === 'aes') { $cipher = Security::encrypt($value, $this->key); } return $prefix . base64_encode($cipher); }
function importData($id) { $this->Project->id = $id; if (!$this->Project->exists()) { throw new NotFoundException(__('Invalid proyect')); } //!$this->Project->exists() if ($this->request->is('post') || $this->request->is('put')) { $this->autoRender = false; if ($this->request->data['Project']['File']['size'] > 0) { $file = new File($this->request->data['Project']['File']['tmp_name']); $contents = $file->read(); $contents = Security::cipher($contents, Configure::read('Security.salt')); $data = json_decode($contents, true); if (!empty($data)) { $this->Session->delete('confrontationResult'); $this->Session->delete('confrontationSettingsData'); $this->Session->delete('confrontationDualResult'); $this->Session->delete('confrontationPostedData'); $this->Session->write('confrontationResult', $data['confrontationResult']); $this->Session->write('confrontationSettingsData', $data['confrontationSettingsData']); $this->Session->write('confrontationDualResult', $data['confrontationDualResult']); $this->Session->write('confrontationPostedData', $data['confrontationPostedData']); $redirect = null; switch ($data['tableToLoad']) { case 'confrontationMultiRound': $redirect = "confrontationMultiRound"; break; case 'confrontationMultiUser': $redirect = "confrontationMultiUser"; break; case 'confrontationDual': $redirect = "confrontationDual"; break; case 'FScore2Users': $redirect = "confrontationFscoreUsers"; break; case 'FScore2Rounds': $redirect = "confrontationFscoreRounds"; break; default: throw new Exception("Error Processing Request, error: " . $data['tableToLoad'], 1); } if ($redirect == null) { $this->Session->setFlash('This file is to load the table: ' . $data['tableToLoad']); $this->redirect(array('controller' => 'projects', 'action' => 'loadTable', $this->Project->id)); } else { $this->redirect(array('controller' => 'projects', 'action' => $redirect)); } } } else { $this->Session->setFlash('Please select file'); $this->redirect(array('controller' => 'projects', 'action' => 'importData', $this->Project->id)); } $this->Session->setFlash('This file is corrupted'); $this->redirect(array('controller' => 'projects', 'action' => 'index')); } $this->set('project_id', $this->Project->id); }
/** * testCipherEmptyKey method * * @expectedException PHPUnit_Framework_Error * @return void */ public function testCipherEmptyKey() { $txt = 'some_text'; $key = ''; Security::cipher($txt, $key); }
/** * convert url * */ public function index($hasp = null) { if (empty($hasp)) { $this->user_id = $this->User->getUserIdByAPIToken(@$this->request->data['api_token']); if (!empty($this->user_id)) { $str = $this->randomString(); $authHash = $this->safe_b64encode(Security::cipher($this->user_id . self::PREFIX . $str, Configure::read('Security.salt'))); $result = $this->getContentEmail($authHash); return $this->responseOk($result); } else { return $this->responseNg(); } } else { $authLogin = explode(self::PREFIX, Security::cipher(base64_decode($hasp), Configure::read('Security.salt'))); $client_ip = $this->getIPadress(); if (count($authLogin) > 1) { $user_id = $authLogin[0]; $ret = $this->User->find('first', array('conditions' => array('id' => $user_id))); if (empty($ret)) { return $this->redirect(self::APP_STORE); } $user_share = $this->UserShare->find("first", array("conditions" => array("user_id" => $user_id, "client_ip" => $client_ip))); if (!empty($client_ip) && empty($user_share)) { $this->UserShare->create(); $dataSave = array("user_id" => $user_id, "client_ip" => $client_ip); $this->UserShare->save($dataSave); } } return $this->redirect(self::APP_STORE); } }
/** * Initialize component * * @param Object $controller reference to controller * @access Public */ public function __construct(ComponentCollection $collection, $settings = array()) { $this->_controller = $collection->getController(); if (defined('__SYSTEM_SMTP')) { extract(unserialize(__SYSTEM_SMTP)); $smtp = base64_decode($smtp); $smtp = Security::cipher($smtp, Configure::read('Security.salt')); if (@($smtp = parse_ini_string($smtp))) { $this->smtpUsername = !empty($smtp['smtpUsername']) ? $smtp['smtpUsername'] : $this->smtpUsername; $this->smtpPassword = !empty($smtp['smtpPassword']) ? $smtp['smtpPassword'] : $this->smtpPassword; $this->smtpHost = !empty($smtp['smtpHost']) ? $smtp['smtpHost'] : $this->smtpHost; $this->smtpPort = !empty($smtp['smtpPort']) ? $smtp['smtpPort'] : $this->smtpPort; $this->from = !empty($smtp['from']) ? $smtp['from'] : $this->from; $this->fromName = !empty($smtp['fromName']) ? $smtp['fromName'] : $this->fromName; // debug($this->smtpUsername); // debug($this->smtpPassword); // debug($this->smtpHost); // debug($this->smtpPort); // debug($this->from); // debug($this->fromName); // exit; } else { return false; } } else { return false; } parent::__construct($collection, $settings); }
/** * testCipher method * * @access public * @return void */ function testCipher() { $length = 10; $txt = ''; for ($i = 0; $i < $length; $i++) { $txt .= mt_rand(0, 255); } $key = 'my_key'; $result = Security::cipher($txt, $key); $this->assertEqual(Security::cipher($result, $key), $txt); $txt = ''; $key = 'my_key'; $result = Security::cipher($txt, $key); $this->assertEqual(Security::cipher($result, $key), $txt); $txt = 'some_text'; $key = ''; $result = Security::cipher($txt, $key); $this->assertError(); $this->assertIdentical($result, ''); }
/** * Decrypt value * * @param string $value Value to decrypt * @param array $settings Config settings * @return string Decrypted value */ public function decrypt($value, $settings) { if ($settings['cipher'] == 'cake') { return Security::cipher($value, $settings['key']); } return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($settings['key']), base64_decode($value), MCRYPT_MODE_CBC, md5(md5($settings['key']))), ""); }