/**
* Get the groups filters data.
*
* @return \Illuminate\Support\Collection
*/
private function getFilters()
{
$filters = new Collection();
foreach ($this->getCachedPermissionGroups() as $group) {
/** @var \Arcanesoft\Auth\Models\PermissionsGroup $group */
$filters->push(['name' => $group->name, 'params' => [$group->hashed_id]]);
}
// Custom Permission group
//----------------------------------
if (Permission::where('group_id', 0)->count()) {
$filters->push(['name' => 'Custom', 'params' => [hasher()->encode(0)]]);
}
return $filters;
}
/**
* Compose the view.
*
* @param \Illuminate\Contracts\View\View $view
*/
public function composeFilters(View $view)
{
$filters = collect();
// Permission groups
//----------------------------------
$groups = $this->cacheResults('permissions-groups.filters', function () {
return PermissionsGroup::has('permissions')->get();
});
foreach ($groups as $group) {
/** @var \Arcanesoft\Auth\Models\PermissionsGroup $group */
$filters->put($group->slug, link_to_route('auth::foundation.permissions.group', $group->name, [$group->hashed_id]));
}
// Custom Permission group
//----------------------------------
if (Permission::where('group_id', 0)->count()) {
$filters->put('custom', link_to_route('auth::foundation.permissions.group', 'Custom', [hasher()->encode(0)]));
}
$view->with('groupFilters', $filters->toArray());
// TODO: return a collection instead of simple array
}
$M_query = "SELECT * FROM users WHERE username='******';";
$M_result = $mysqli->query($M_query);
$M_count = $M_result->num_rows;
if ($M_count != 1) {
logEvent('pswd-change', 'no-user', encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'}, M_query: `{$M_query}`"));
die('{"result": "Incorrect username."}');
}
$M_row = $M_result->fetch_assoc();
if (strlen($password) != strlen(hash('md5', 'pi'))) {
$password = strtolower(hash('md5', hasher(hasher($_POST['p'])) . hasher(hasher($username))));
}
$password = strtolower(hash('md5', hasher(hasher($M_row['createip'] . $password . $M_row['id']))));
$ip = $_SERVER['REMOTE_ADDR'];
$current = $ip;
if ($M_row['password'] != $password) {
logEvent('pswd-change', 'bad-password', encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'}, password: `{$password}`, M_query: `{$M_query}`, M_row: ['" . implode("','", array_keys($M_row)) . "'], {'" . implode("', '", $M_row) . "'}"));
die('{"result": "Incorrect old password."}');
}
if (strlen($newpassw) != strlen(hash('md5', 'pi'))) {
$newpassw = strtolower(hash('md5', hasher(hasher($_POST['p'])) . hasher(hasher($username))));
}
$newpassw = strtolower(hash('md5', hasher(hasher($M_row['createip'] . $newpassw . $M_row['id']))));
$M_query6 = "UPDATE users SET password='******' WHERE id='" . $M_row['id'] . "';";
$M_result6 = $mysqli->query($M_query6);
if ($M_result6) {
logEvent('pswd-change', 'success', encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'}, M_query: `{$M_query}`, M_row: ['" . implode("','", array_keys($M_row)) . "'], {'" . implode("', '", $M_row) . "'}, M_query6: `{$M_query6}`"));
print '{"result": "success"}';
} else {
logEvent('pswd-change', 'misc-error', encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'}, M_query: `{$M_query}`, M_row: ['" . implode("','", array_keys($M_row)) . "'], {'" . implode("', '", $M_row) . "'}, M_query6: `{$M_query6}`"));
die('{"result": "Error saving password."}');
}
public static function create($params)
{
$user = new User();
$user->username = $params['user'];
$user->credential = hasher($params['password']);
$user->email = $params['email'];
$user->date_joined = date("Y-m-d H:i:s");
$user->ip = $_SERVER['REMOTE_ADDR'];
$user->validation = md5(time() . rand());
$user->validated = 0;
$user->member_id = $params['member_id'];
$user->date_joined = date('Y-m-d H:i:s');
$user->role = 0;
$user->last_logged = 0;
$user->last_seen = 0;
$user->developer = 0;
$user->save();
Email::validate($user);
}
$M_result = $mysqli->query($M_query);
$M_count = $M_result->num_rows;
if ($M_count != 1) {
logEvent('login', 'no-user', encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'}, M_query: `{$M_query}`"));
die('{ "result": "Wrong password."}');
}
$M_row = $M_result->fetch_assoc();
if (strlen($password) != strlen(hash('md5', 'pi'))) {
$password = strtolower(hash('md5', hasher(hasher($password)) . hasher(hasher($username))));
}
$password = strtolower(hash('md5', hasher(hasher($M_row['createip'] . $password . $M_row['id']))));
if ($password2) {
if (strlen($password2) != strlen(hash('md5', 'pi'))) {
$password2 = strtolower(hash('md5', hasher(hasher($password2)) . hasher(hasher($username))));
}
$password2 = strtolower(hash('md5', hasher(hasher($M_row['createip'] . $password2 . $M_row['id']))));
}
if ($M_row['rank'] == 'b') {
logEvent('login', 'banned-user', encodeHex("SESSION: ['" . implode("','", array_keys($_SESSION)) . "'], {'" . implode("', '", $_SESSION) . "'}, POST: ['" . implode("','", array_keys($_POST)) . "'], {'" . implode("', '", $_POST) . "'}, M_query: `{$M_query}`, M_row: ['" . implode("','", array_keys($M_row)) . "'], {'" . implode("', '", $M_row) . "'}"));
die('{ "result": "Bad username."}');
}
$ip = $_SERVER['REMOTE_ADDR'];
$current = $ip;
$current = json_decode($M_row['currentip'] ? $M_row['currentip'] : '[]', true);
$current[] = $ip;
$current = json_encode($current);
if ($M_row['old_password'] == $password || $password2 != '' && $M_row['password'] == $password2) {
$_SESSION['li'] = 'true';
$_SESSION['username'] = $username;
$_SESSION['uid'] = $M_row['id'];
$_SESSION['rank'] = $M_row['rank'];
/**
* Get the Hash Driver instance.
*
* @param string $connection
* @param string|null $driver
*
* @return \Arcanedev\Hasher\Contracts\HashDriver
*/
function hash_with($connection, $driver = null)
{
return hasher()->with($connection, $driver);
}
/**
* Get the hasher.
*
* @return \Arcanedev\Hasher\Contracts\HashManager
*/
protected static function hasher()
{
return hasher();
}
