public function __set($key, $value) { if ($key === $this->config['columns']['password']) { // Use Auth to hash the password $value = Security::instance($this->config_name)->hash_password($value); } parent::__set($key, $value); }
public static function createKey($args) { $db = \Base::instance()->get('db.instance'); $security = Security::instance(); $publicKey = $security->salt(); $privateKey = $security->salt_sha2(384); $db->exec('INSERT INTO api_keys(target, `name`, `privateKey`, `publicKey`, isOrgKey, usages) VALUES(:target, :name, :privateKey, :publicKey, :isOrgKey, :usages)', ['target' => $args['target'], 'name' => $args['name'], 'privateKey' => $privateKey, 'publicKey' => $publicKey, 'isOrgKey' => $args['type'] == 'org', 'usages' => 0]); return ['privateKey' => $privateKey, 'publicKey' => $publicKey]; }
public static function createInvite($email = '', $sendmail = false, $usages = 1) { $f3 = \Base::instance(); $db = $f3->get('db.instance'); // Generate a key $security = Security::instance(); $key = $security->salt(); $db->exec('INSERT INTO invites(`key`, `email`, `fixedEmail`, `usages`, `claimed`) VALUES(:key, :email, :fixedEmail, :usages, FALSE)', array('key' => $key, 'email' => $email, 'fixedEmail' => !empty($email), 'usages' => $usages)); if ($sendmail and !empty($email)) { $f3->set('email', $email); $f3->set('key', $key); SendingAPI::send(['mailTo' => $email, 'mailSubject' => 'You have been invited to join SquareMS !', 'mailContents' => ['html' => \Template::instance()->render('mails/invited.html'), 'text' => "You have been invited to join SquareMS ! \n" . "You can create an account using this link: https://squarems.net/invites/{$key} ! \n" . "If you have any more questions, you can mail us at contact@squarems.net. \n\n" . "This mail was sent to {$email}. Please do not respond, it is sent by an automated system."]]); } return $key; }
public function signout() { Security::instance()->logout(); $this->notification->add($this->i18n['system.signout.success']); url::redirect(url::area() . 'login'); }
public function create() { $this->breadcrumbs->add()->url(false)->title('Add Paper'); // let make sure they are still logged in. $current = Security::instance()->get_user(); // sanity check if ($current && $current->loaded) { $input = Validation::factory($this->input->post()); $input->add_rules('paper_id', 'required'); if ($this->input->post('type') == 'new') { $input->add_rules('name', 'required'); } elseif ($this->input->post('type') == 'existing') { $input->add_rules('lightbox_id', 'required'); } $continue = TRUE; if ($input->validate()) { // sanity checks to make sure that the data is real. $lightbox_id = $this->input->post('lightbox_id'); // check to see if we are ment to be creating a new lightbox if ($this->input->post('type') == 'new') { $continue = FALSE; // make sure there are no other lightboxes by this user with the same name $existing = ORM::factory('lightbox')->where('creator_id', $current->id)->where('name', $this->input->post('name'))->find(); if ($existing->loaded) { $this->notification->add($this->i18n['system.lightbox.exists'], $this->input->post('name')); } else { // so it is new, create a new one $lightbox = orm::factory('lightbox'); $lightbox->name = $this->input->post('name'); $lightbox->description = $this->input->post('description'); $lightbox->creator_id = $current->id; $lightbox->status = 'public'; if ($lightbox->save()) { $lightbox_id = $lightbox->id; $this->notification->add($this->i18n['system.lightbox.success'], $lightbox->name); $continue = TRUE; } else { $this->notification->add($this->i18n['system.lightbox.error']); } } } $paper = ORM::factory('paper', $this->input->post('paper_id')); $lightbox = ORM::factory('lightbox', $lightbox_id); if ($continue) { if ($paper->loaded && $lightbox->loaded) { $lightbox->add($paper); if ($lightbox->save()) { $this->notification->add($this->i18n['system.paper.success'], array($paper->name, $lightbox->name)); } else { $this->notification->add($this->i18n['system.paper.error'], array($paper->name, $lightbox->name)); } } else { if (!$paper->loaded) { $this->notification->add($this->i18n['system.paper.invalid']); } if (!$lightbox->loaded) { $this->notification->add($this->i18n['system.lightbox.invalid']); } } } } else { foreach ($input->errors() as $key => $value) { $this->notification->add($this->i18n['filter.' . $key . '.' . $value]); } } } else { // not logged in $this->notification->add($this->i18n['system.user.invalid']); } }
if (!file_exists('GameEngine/config.php')) { header("Location: install/"); } include "GameEngine/config.php"; /* if($_SERVER['HTTP_HOST'] != '.SERVER.') { header('location: '.SERVER.''); exit; } */ // delete the /* and the */ if you not use localhost. error_reporting(E_ALL || E_NOTICE); if (file_exists('Security/Security.class.php')) { require 'Security/Security.class.php'; Security::instance(); } else { die('Security: Please activate security class!'); } include "GameEngine/Database.php"; include "GameEngine/Lang/" . LANG . ".php"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo SERVER_NAME; ?> </title> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" type="text/css" href="gpack/travian/main.css" />
"> <noscript><p>Please enable Javascript in your browser to view this site</p></noscript> <div id="header"> <div class="container"> <h1 id="logo"><a href="/">Spicers</a></h1> <ul id="controls"> <?php if (Security::instance()->get_user()) { ?> <li><span class="user-name"><?php echo Security::instance()->get_user()->unique; ?> </span></li> <li><a href="account">My Account</a></li> <li><a href="account/logout" id="sign-out">Sign Out</a></li> <?php } else { ?> <li><span class="user-name">(Not signed in)</span> <a href="account/login" id="sign-in">Sign In</a></li> <li><a href="account/register">Register</a></li> <?php } ?> <li class="last"><a href="about-us/contact">Contact Us</a></li> <li id="site-search"> <form action="#todo" method="post">
<!-- #todo: Better way to detect what domain user is on --> <? foreach (admin::$sites as $site) : ?> <li><a href="<?= url::base() . $site . '/' . url::routes_area(); ?>" <?= strstr( $base_href, $site ) !== false ? 'class="selected"' : '' ?>><span><?= $site; ?></span></a></li> <? endforeach; ?> <!-- /#todo --> </ul> <? endif; ?> */ ?> <div id="user-info"> <?php if (Security::instance()->get_user()) { ?> <p>Hello, <span class="user-name"><?php echo Security::instance()->get_user()->username; ?> </span></p> <ul id="user-actions"> <li class="first"><a href="account">My Account</a></li> <li><a href="account/logout">Logout</a></li> <li class="last"><a href="#todo">Visit Website</a></li> </ul><!--/navigation --> <?php } ?> </div> <ul id="navigation"> <li> <?php
/** * The method used to delete a object, redirects to index * * @param integer $id the id of the object to delete */ public function delete($id = NULL) { // make sure that they are only trying to delete their own lightboxes if ($this->access->allowed('lightboxes', 'delete')) { $current = Security::instance()->get_user(); if ($id) { $lightbox = ORM::factory('lightbox')->find($id); if ($lightbox->loaded) { if ($lightbox->creator_id == $current->id) { $lightbox_name = $lightbox->name; if ($lightbox->delete()) { $this->notification->add($this->i18n['system.lightbox.success'], $lightbox_name); } else { $this->notification->add($this->i18n['system.lightbox.error'], $lightbox_name); } } else { $this->notification->add($this->i18n['system.user.invalid']); } } else { $this->notification->add($this->i18n['system.lightbox.invalid']); } } else { $this->notification->add($this->i18n['system.lightbox.invalid']); } } else { url::failed(); } if (!request::is_ajax()) { url::redirect(url::area()); } }
<div class="header"> <h4>Your Spicers</h4> </div><!-- /.header --> <ul class="menu navigation"> <li class="current"><a href="lightboxes"><span>Lightboxes</span></a></li> <li><a href="account/inspirations"><span>Inspiration</span></a></li> <li><a href="account/samples"><span>Samples & Dummies</span></a></li> <li><a href="account/settings"><span>Settings</span></a></li> </ul><!-- /.navigation --> </div><!-- /.section --> <div id="user-info" class="section"> <h5>Hi <?php echo Security::instance()->get_user()->firstname; ?> </h5> <dl> <dt>Last login:</dt> <dd class="time"><!-- #todo --><?php echo date("d M, Y"); ?> <!-- /#todo --></dd> <dt>Your representative:</dt> <dd><a href="#todo"><!-- #todo -->Representative Name<!-- /#todo --></a></dd> </dl> </div><!-- /#user-info --> </div><!-- /#side-menu -->
/** * Constructor. Sanitizes global data GET, POST and COOKIE data. * Also makes sure those pesty magic quotes and register globals * don't bother us. This is protected because it really only needs * to be run once. * * @return void */ protected function __construct() { if (self::$instance === NULL) { // Check for magic quotes if (get_magic_quotes_runtime()) { // Dear lord!! This is bad and deprected. Sort it out ;) set_magic_quotes_runtime(0); } if (get_magic_quotes_gpc()) { // This is also bad and deprected. See http://php.net/magic_quotes for more information. $this->magic_quotes_gpc = TRUE; } // Check for register globals and prevent security issues from arising. if (ini_get('register_globals')) { if (isset($_REQUEST['GLOBALS'])) { // No no no.. just kill the script here and now exit('Illegal attack on global variable.'); } // Get rid of REQUEST $_REQUEST = array(); // The following globals are standard and shouldn't really be removed $preserve = array('GLOBALS', '_REQUEST', '_GET', '_POST', '_FILES', '_COOKIE', '_SERVER', '_ENV', '_SESSION'); // Same effect as disabling register_globals foreach ($GLOBALS as $key => $value) { if (!in_array($key, $preserve)) { global ${$key}; ${$key} = NULL; unset($GLOBALS[$key], ${$key}); } } } // Sanitize global data if (is_array($_POST)) { foreach ($_POST as $key => $value) { $_POST[$this->clean_input_keys($key)] = $this->clean_input_data($value); } } else { $_POST = array(); } if (is_array($_GET)) { foreach ($_GET as $key => $value) { $_GET[$this->clean_input_keys($key)] = $this->clean_input_data($value); } } else { $_GET = array(); } if (is_array($_COOKIE)) { foreach ($_COOKIE as $key => $value) { $_COOKIE[$this->clean_input_keys($key)] = $this->clean_input_data($value); } } else { $_COOKIE = array(); } // Just make REQUEST a merge of POST and GET. Who really wants cookies in it anyway? $_REQUEST = array_merge($_GET, $_POST); self::$instance = $this; } }
public function logout() { Security::instance()->logout(); url::redirect('account/login'); }