public static function create($response, $username, $name, $salt, $panel = true) { $time = time() + 86400; if ($panel) { $_username = "******"; $_name = "_panel_name"; $_ninjaPower = "_panel_ninja_power"; $_hash = "_panel_hash"; $_user_ref = "_panel_user_ref"; $_user_session = "_panel_user_session"; } else { $_username = "******"; $_name = "_openctf_name"; $_ninjaPower = "_openctf_ninja_power"; $_hash = "_openctf_hash"; $_user_ref = "_openctf_user_ref"; $_user_session = "_openctf_user_session"; } $response->cookie($_username, $username, $time, "/", Session::getDomain(), Session::isSecure()); $response->cookie($_name, $name, $time, "/", Session::getDomain(), Session::isSecure()); $response->cookie($_ninjaPower, Security::encrypt($time, $salt), $time, "/", Session::getDomain(), Session::isSecure()); $hash = hash("sha256", $salt . $username . $time); $response->cookie($_hash, $hash, $time, "/", Session::getDomain(), Session::isSecure()); $response->cookie($_user_session, Security::getSalt(), $time, "/", Session::getDomain(), Session::isSecure()); $response->cookie($_user_ref, $username, $time + 86400 * 30, "/", Session::getDomain(), Session::isSecure()); }
/** * Returns the hidden captcha tags to put in your form * * @param string $formId [optional] The id to use to generate input elements (default = "hcptch") * @param boolean $withImage [optional] The captcha use the classic image captcha * @return string The tags to put in your form */ public static function getFormTags($formId = 'hcptch', $withImage = false) { // Get spinner vars $now = time(); $name = String::random(array('numbers' => false, 'uppercase' => false)); // Generate the spinner $spinner = array('timestamp' => $now, 'session_id' => session_id(), 'ip' => self::_getIp(), 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'hfield_name' => $name); if ($withImage) { $captcha = String::hrRandom(5); $spinner['captcha'] = $captcha; } // Encrypt the spinner $spinner = Security::encrypt(serialize($spinner)); // put a random invisible style, to fool spambots a little bit ;-) $styles = array('position:absolute;left:-' . mt_rand(10000, 20000) . 'px;', 'display: none'); $style = $styles[array_rand($styles)]; // build tags $tags = '<input type="hidden" name="' . $formId . '[spinner]" value="' . $spinner . '" />' . PHP_EOL; $tags .= '<span style="' . $style . '"><input type="text" name="' . $formId . '[name]" value=""/></span>' . PHP_EOL; if ($withImage) { $tags .= self::_generateImage($captcha); $tags .= '<input type="text" name="' . $formId . '[' . $name . ']" value="" autocomplete="off" />' . PHP_EOL; } else { $tags .= '<input type="hidden" name="' . $formId . '[' . $name . ']" value="' . $now . '" />' . PHP_EOL; } return $tags; }
/** * Cria uma sessão criptograda para o usuário * @param string $name nome da sessão * @param mixed $value valor da sessão * @throws TriladoException disparada caso o programador não defina a configuração 'salt', ou o valor esteja vazio * @return void */ public static function set($name, $value) { if (Config::get('salt') == null) { throw new ConfigNotFoundException("A configuração 'salt' não pode ter o valor nulo"); } self::start(); $_SESSION['Trilado.Core.Session'][$name] = Security::encrypt($value, self::key()); }
public static function encrypt(AuthenticationTicket $ticket) { $data = array($ticket->getName(), $ticket->getExpire(), $ticket->getUserData()); $string = serialize($data); $hash = Security::hmac('sha256', $string, self::$validationKey); $iv = Security::iv(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC, MCRYPT_DEV_URANDOM, false); return Security::encrypt(self::$cipher, self::$encryptionKey, $hash . '|' . $string, MCRYPT_MODE_CBC, $iv, true) . '|' . base64_encode($iv); }
public function index() { var_dump(Security::hash('sha256', 'test')); $c = Security::encrypt('blowfish', 'test', 'cbc'); $e = Security::decrypt($c['ciphertext'], 'blowfish', 'cbc', $c['key'], $c['iv_size']); var_dump('test : ' . $c['ciphertext']); var_dump('test : ' . $e); }
public static function add_admin($login, $pwd) { /* Password encryption */ $p = Security::encrypt('blowfish', $pwd); /* Add to db new admin */ $db = Connections::get('core'); $db->insert('a', array('b' => $p['ciphertext'])); $aid = $db->last_id; $db->insert('m', array('n' => base64_encode($p['key']), 's' => $p['iv_size'])); $mid = $db->last_id; $r = $db->insert('core_admin', array('login' => $login, 'a' => $aid, 'm' => $mid)); }
function beforeSave($options = array()) { App::uses('Security', 'Utility'); if (!empty($this->data['Participante']['evento_code'])) { if ($evento_existe = $this->Evento->getByCode($this->data['Participante']['evento_code'])) { $this->data['Participante']['evento_id'] = $evento_existe['Evento']['id']; } else { return false; } } foreach ($this->encryptedFields as $fieldName) { if (!empty($this->data[$this->alias][$fieldName])) { $this->data[$this->alias][$fieldName] = Security::encrypt($this->data[$this->alias][$fieldName], Configure::read('Security.key')); } } return true; }
public static function encryptURL($input, $key) { return urlencode(base64_encode(Security::encrypt($input, $key))); }
$initialIconMoney = 30; //Сколько денег дается при регистрации в IConomy $exchangeRate = 200; //Курс обмена Realmoney -> IConomy //ВСЕ ЧТО НИЖЕ - НЕ ТРОГАТЬ! try { $db = new PDO("mysql:host={$db_host};port={$db_port};dbname={$db_database}", $db_user, $db_pass); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->exec("set names utf8"); $stmt = $db->prepare("\n CREATE TABLE IF NOT EXISTS `usersession` (\n\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t `user` varchar(255) DEFAULT 'user',\n\t `session` varchar(255) DEFAULT NULL,\n\t `server` varchar(255) DEFAULT NULL,\n\t `token` varchar(255) DEFAULT NULL,\n \t `realmoney` int(255) DEFAULT '0',\n \t `md5` varchar(255) DEFAULT '0',\n\t PRIMARY KEY (`id`)\n\t ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0 ;\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n CREATE TABLE IF NOT EXISTS `sashok724_launcher_keys` (\n\t `key` varchar(255) DEFAULT NULL,\n\t `amount` int(255) DEFAULT NULL\n\t ) ENGINE=MyISAM DEFAULT CHARSET=utf8;\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `sip` (\n\t\t `time` varchar(255) NOT NULL,\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `sip` varchar(16) DEFAULT NULL,\n\t\t PRIMARY KEY (`id`) USING BTREE\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC AUTO_INCREMENT=0 ;\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `jobs` (\n\t\t `username` varchar(20) DEFAULT NULL,\n\t\t `experience` int(11) DEFAULT NULL,\n\t\t `level` int(11) DEFAULT NULL,\n\t\t `job` varchar(20) DEFAULT NULL\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `iConomy` (\n\t\t `id` int(255) NOT NULL AUTO_INCREMENT,\n\t\t `username` varchar(32) NOT NULL,\n\t\t `balance` double(64,2) NOT NULL,\n\t\t `status` int(2) NOT NULL DEFAULT '0',\n\t\t UNIQUE KEY `username` (`username`),\n\t\t KEY `id` (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0 ;\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `banlist` (\n\t\t `name` varchar(32) NOT NULL,\n\t\t `reason` text NOT NULL,\n\t\t `admin` varchar(32) NOT NULL,\n\t\t `time` bigint(20) NOT NULL,\n\t\t `temptime` bigint(20) NOT NULL DEFAULT '0',\n\t\t `type` int(11) NOT NULL DEFAULT '0',\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `ip` varchar(16) DEFAULT NULL,\n\t\t PRIMARY KEY (`id`) USING BTREE\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC AUTO_INCREMENT=0 ;\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `permissions` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(50) NOT NULL,\n\t\t `type` tinyint(1) NOT NULL,\n\t\t `permission` varchar(200) NOT NULL,\n\t\t `world` varchar(50) DEFAULT NULL,\n\t\t `value` text,\n\t\t PRIMARY KEY (`id`),\n\t\t UNIQUE KEY `unique` (`name`,`permission`,`world`,`type`),\n\t\t KEY `user` (`name`,`type`),\n\t\t KEY `world` (`world`,`name`,`type`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=5 ;\t\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `permissions_entity` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(50) NOT NULL,\n\t\t `type` tinyint(1) NOT NULL,\n\t\t `prefix` varchar(255) NOT NULL,\n\t\t `suffix` varchar(255) NOT NULL,\n\t\t `default` tinyint(1) NOT NULL DEFAULT '0',\n\t\t PRIMARY KEY (`id`),\n\t\t UNIQUE KEY `name` (`name`),\n\t\t KEY `default` (`default`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=6 ;\n\t\t"); $stmt->execute(); $stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `permissions_inheritance` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `child` varchar(50) NOT NULL,\n\t\t `parent` varchar(50) NOT NULL,\n\t\t `type` tinyint(1) NOT NULL,\n\t\t `world` varchar(50) DEFAULT NULL,\n\t\t PRIMARY KEY (`id`),\n\t\t UNIQUE KEY `child` (`child`,`parent`,`type`,`world`),\n\t\t KEY `child_2` (`child`,`type`),\n\t\t KEY `parent` (`parent`,`type`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0 ;\n\t\t"); $stmt->execute(); } catch (PDOException $pe) { die(Security::encrypt("errorsql", $key1) . $logger->WriteLine($log_date . $pe)); //вывод ошибок MySQL в m.log }
$iconmoney = $row['balance']; //echo "success:".$money.":".$iconmoney; exit(Security::encrypt(json_encode(array("error" => false, "code" => STATUS_OK, "text" => "Success", "money" => $money, "imoney" => $iconmoney)), $key1)); } else { exit(Security::encrypt(json_encode(array("error" => true, "code" => STATUS_INTERNAL_ERROR, "text" => "Wrong query")), $key1)); } } } } } } } } } } catch (PDOException $pe) { die(Security::encrypt(json_encode(array("error" => true, "code" => STATUS_SQL_ERROR, "text" => "SQL Error", "edata" => $pe)), $key1)); $logger->WriteLine($log_date . $pe); //вывод ошибок MySQL в m.log } //===================================== Вспомогательные функции ==================================// function xorencode($str, $key) { while (strlen($key) < strlen($str)) { $key .= $key; } return $str ^ $key; } function strtoint($text) { $res = ""; for ($i = 0; $i < strlen($text); $i++) {
/** * Test encrypting falsey data * * @return void */ public function testEncryptDecryptFalseyData() { $key = 'This is a key that is long enough to be ok.'; $result = Security::encrypt('', $key); $this->assertSame('', Security::decrypt($result, $key)); $result = Security::encrypt(false, $key); $this->assertSame('', Security::decrypt($result, $key)); $result = Security::encrypt(null, $key); $this->assertSame('', Security::decrypt($result, $key)); $result = Security::encrypt(0, $key); $this->assertSame('0', Security::decrypt($result, $key)); $result = Security::encrypt('0', $key); $this->assertSame('0', Security::decrypt($result, $key)); }
} else { $smtp_settings['smtp_port'] = trim($_POST['smtp_port']); $smtp_port = $smtp_settings['smtp_port']; } if (trim($_POST['smtp_user']) == "") { $smtp_errors['smtp_user'] = "******"; } else { $smtp_settings['smtp_user'] = trim($_POST['smtp_user']); $smtp_user = $smtp_settings['smtp_user']; } if (trim($_POST['smtp_pwd']) == "") { if ($smtp_pwd == "") { $smtp_errors['smtp_pwd'] = "Please enter the <b>Password</b> for the SMPT account."; } } else { $smtp_settings['smtp_pwd'] = $secure_pass->encrypt($_POST['smtp_pwd']); } //pre($smtp_errors); if (!empty($smtp_settings) && empty($smtp_errors)) { file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $smtp_log, serialize($smtp_settings)); $smtp_settings_raw = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $smtp_log); $smtp_settings = unserialize($smtp_settings_raw); $smtp_host = $smtp_settings['smtp_host']; $smtp_port = $smtp_settings['smtp_port']; $smtp_user = $smtp_settings['smtp_user']; } } //pre($settings); ?> </head> <body>
/** * Encrypts $value using public $type method in Security class * * @param string $value Value to encrypt * @return string Encoded values */ protected function _encrypt($value) { if (is_array($value)) { $value = $this->_implode($value); } if (!$this->_encrypted) { return $value; } $prefix = "Q2FrZQ==."; if ($this->_type === 'rijndael') { $cipher = Security::rijndael($value, $this->key, 'encrypt'); } if ($this->_type === 'cipher') { $cipher = Security::cipher($value, $this->key); } if ($this->_type === 'aes') { $cipher = Security::encrypt($value, $this->key); } return $prefix . base64_encode($cipher); }
<?php define('INCLUDE_CHECK', true); include "security.php"; include "connect.php"; @($action = $_POST['action']); @($client = $_POST['client']); @($login = $_POST['login']); @($passw = $_POST['passw']); if ($action != null || $client != null || $login != null || $passw != null) { $aes = Security::encrypt('auth:' . $client . ':' . $login . ':' . $passw . ':', $key2); } ?> <meta charset="utf-8"> <form action= "test.php" method= "POST"> <p>action<input type= "text" name= "action" value= "auth"> </p> <p>client<input type= "text" name= "client" value= "vanilla179"> </p> <p>login <input type= "text" name= "login" value= "zenit_"> </p> <p>passw <input type= "text" name= "passw" value= "test"> </p> <input type= "submit" value= "Зашифровать"> </form> <form action= "launcher.php" method= "POST"> <p>action<input type= "text" name= "action" value= <?php echo @$aes; ?> > </p> <input type= "submit" value= "Отправить aes на launcher.php"> </form>
<?php include 'security.php'; $value = "example"; $key = "1234567891234567"; //16 Character Key echo Security::encrypt($value, $key); echo Security::decrypt(Security::encrypt($value, $key), $key);
public function importdata2(Request $request) { $results = null; $GLOBALS['empidReturn'] = ""; $file = $request->file('exelimport'); $request->file('exelimport')->move(storage_path() . '/public/import/', 'import.xlsx'); $retdate = Excel::load(storage_path('/public/import/import.xlsx'), function ($reader) { $results = $reader->setDateColumns(array('startdate', 'enddate'))->get(); $data = array(); $dataupdate = array(); $datauser = array(); // $results = $reader->get(); $ret = $results->toArray(); $empidtoStatus = "123"; foreach ($ret as $index => $value) { // var_dump($value["enddate"]); $EMP_ID = $value["empid"]; $GLOBALS['empidReturn'] = $value["empid"]; $userinfo = DB::table('TBL_EMPLOYEE_INFO')->where('EMP_ID', $EMP_ID)->get(); $user = DB::table('TBL_USER')->where('EMP_ID', $EMP_ID)->get(); $TBL_EMP_PENSION = DB::table('TBL_EMP_PENSION')->where('EMP_ID', $EMP_ID)->get(); // $StatusID = $value["user_status_id"]; if ($TBL_EMP_PENSION == null) { if ($userinfo == null) { // var_dump($value["enddate"]); $dateS = new Date($value["startdate"]); $dateStart = date("d/m/Y", strtotime($dateS)); $dateE = new Date($value["enddate"]); $dateEnd = date("d/m/Y", strtotime($dateE)); array_push($data, array('EMP_ID' => $value["empid"], 'PREFIX' => $value["prefix"], 'FULL_NAME' => $value["fullname"], 'ENG_NAME' => $value["engname"], 'FIRST_NAME' => $value["firstname"], 'LAST_NAME' => $value["lastname"], 'PRIORITY' => $value["priority"], 'JOB_ID' => $value["jobid"], 'JOB_DESC_SHT' => $value["jobdescsht"], 'JOB_DESC' => $value["jobdesc"], 'PER_ID' => $value["perid"], 'START_DATE' => $dateStart, 'END_DATE' => $dateEnd, 'COST_CENTER' => $value["costcenter"], 'C_LEVEL' => $value["clevel"], 'POST_ID' => $value["posid"], 'POS_DESC' => $value["posdesc"], 'ORG_ID' => $value["orgid"], 'ENG_FIRST_NAME' => $value["engfirstname"], 'ENG_LAST_NAME' => $value["englastname"], 'BIRTH_DATE' => $value["birthdate"], 'ORG_DESC' => $value["orgdesc"], 'PATH_ID' => $value["pathid"], 'DEP_ID' => $value["depid"], 'DIV_ID' => $value["divid"], 'SEC_ID' => $value["secid"], 'PART_ID' => $value["partid"], 'PARTH_SHT' => $value["pathsht"], 'DEP_SHT' => $value["depsht"], 'DIV_SHT' => $value["divsht"], 'SEC_SHT' => $value["secsht"], 'PATH_SHT' => $value["partsht"], 'PARTH_LNG' => $value["pathlng"], 'DEP_LNG' => $value["deplng"], 'DIV_LNG' => $value["divlng"], 'SEC_LNG' => $value["seclng"], 'PART_LNG' => $value["partlng"])); } else { $dateS = new Date($value["startdate"]); $dateStart = date("d/m/Y", strtotime($dateS)); $dateE = new Date($value["enddate"]); $dateEnd = date("d/m/Y", strtotime($dateE)); $dataupdate = array('EMP_ID' => $value["empid"], 'PREFIX' => $value["prefix"], 'FULL_NAME' => $value["fullname"], 'ENG_NAME' => $value["engname"], 'FIRST_NAME' => $value["firstname"], 'LAST_NAME' => $value["lastname"], 'PRIORITY' => $value["priority"], 'JOB_ID' => $value["jobid"], 'JOB_DESC_SHT' => $value["jobdescsht"], 'JOB_DESC' => $value["jobdesc"], 'PER_ID' => $value["perid"], 'START_DATE' => $dateStart, 'END_DATE' => $dateEnd, 'COST_CENTER' => $value["costcenter"], 'C_LEVEL' => $value["clevel"], 'POST_ID' => $value["posid"], 'POS_DESC' => $value["posdesc"], 'ORG_ID' => $value["orgid"], 'ENG_FIRST_NAME' => $value["engfirstname"], 'ENG_LAST_NAME' => $value["englastname"], 'BIRTH_DATE' => $value["birthdate"], 'ORG_DESC' => $value["orgdesc"], 'PATH_ID' => $value["pathid"], 'DEP_ID' => $value["depid"], 'DIV_ID' => $value["divid"], 'SEC_ID' => $value["secid"], 'PART_ID' => $value["partid"], 'PARTH_SHT' => $value["pathsht"], 'DEP_SHT' => $value["depsht"], 'DIV_SHT' => $value["divsht"], 'SEC_SHT' => $value["secsht"], 'PATH_SHT' => $value["partsht"], 'PARTH_LNG' => $value["pathlng"], 'DEP_LNG' => $value["deplng"], 'DIV_LNG' => $value["divlng"], 'SEC_LNG' => $value["seclng"], 'PART_LNG' => $value["partlng"]); DB::table('TBL_EMPLOYEE_INFO')->where('EMP_ID', "=", $value["empid"])->update($dataupdate); } if ($user == null) { $date = new Date(); $pri = $userinfo = DB::table('TBL_PRIVILEGE')->where('USER_PRIVILEGE_ID', 2)->get(); $datedata = $value["birthdate"]; $rest = substr("abcdef", -1); // returns "f" $rest = substr("abcdef", -2); // returns "ef" $rest = substr("abcdef", -3, 1); // $newDate = substr($datedata, -2) . substr($datedata, -4,2). ((int)substr($datedata, -8, 4)) + 543; $newDate = substr($datedata, -2) . substr($datedata, -4, 2) . ((int) substr($datedata, -8, 4) + 543); $MEASecEncoe = new \Security(); $ecPass = $MEASecEncoe->encrypt($newDate, "#Gm2014\$06\$30@97"); // $ecPass = exec("cmd /c md5.bat -e ".$newDate." 2>&1"); //$ecPass = explode(':',$ecPass)[1]; $datedefault = new Date("9999-12-31 00:00:00.000"); $admin = 'Administrator'; $user_id = '2'; array_push($datauser, array('EMP_ID' => $EMP_ID, 'USERNAME' => $EMP_ID, 'PASSWORD' => $ecPass, 'PASSWORD_EXPIRE_DATE' => $datedefault, 'CREATE_DATE' => $date, 'CREATE_BY' => $admin, 'LAST_MODIFY_DATE' => $date, 'USER_PRIVILEGE_ID' => $user_id, 'ACCESS_PERMISSIONS' => $pri[0]->ACCESS_PERMISSIONS, 'USER_STATUS_ID' => 13, 'FIRST_LOGIN_FLAG' => 0, 'EMAIL_NOTIFY_FLAG' => 1)); } } $empidtoStatus .= "," . $EMP_ID; } DB::table('TBL_EMPLOYEE_INFO')->insert($data); DB::table('TBL_USER')->insert($datauser); // // $sql = "UPDATE TBL_USER SET user_status_id= 14 WHERE EMP_ID NOT IN (".$empidtoStatus.")"; // // DB::update(DB::raw($sql)); }); return response()->json(array('success' => true, 'html' => $GLOBALS['empidReturn'])); }