public function writeLog($message, $mode = 'all') { $time = date("F j, Y, g:i a"); $ip = $_SERVER['REMOTE_ADDR']; $message = basename($_SERVER['SCRIPT_FILENAME']) . " [{$ip}] ({$time}) : " . $message; $msg = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $message))); DbManager::i()->insert("sf_logs", array("message", "mode"), array($msg, $mode)); }
function renewPassword($c) { $plain = Crypto::generateRandomPassword(15); $info = DbManager::i()->select("sf_members", array("key", "iv"), array("userid" => intval($c))); if ($info !== false && !is_array($info)) { $key = base64_decode(base64_decode($info->key)); $iv = base64_decode(base64_decode($info->iv)); $password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $plain))); if (DbManager::i()->update("sf_members", array("password" => $password), array("userid" => intval($c)))) { unset($password); unset($key); unset($iv); unset($info); Logger::i()->writeLog("Password renewed for UserID: {$c}, password = {$plain}"); return Submission::createResult($plain, true); } } Logger::i()->writeLog("Renew password failed, error = " . DbManager::i()->error, 'dev'); return Submission::createResult("Could not renew password"); }
if (Settings::i()->captcha_private) { if (!isset($login['captcha_response'])) { die(Submission::createResult("Please validate the captcha")); } $reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); } } $key = Crypto::GenerateKey($login['username']); $find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key)))); if ($find !== false) { if (!is_array($find)) { $iv = base64_decode(base64_decode($find->iv)); $password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $login['password']))); $find = DbManager::i()->select("sf_members", array("userid"), array("password" => $password)); if ($find !== false && !is_array($find)) { echo Submission::createResult("login successful", true); $_SESSION['login'] = 1; $_SESSION['userid'] = $find->userid; $find = DbManager::i()->select("sf_carts", array("cart"), array("userid" => $find->userid)); if ($find !== false && !is_array($find)) { //cart already exists for user if ($find->cart != "e30=" && strlen($find->cart) != 4) { //not empty cart - overwrite with saved one from DB $_SESSION['shopping-cart'] = $find->cart; } else { //empty cart, use session cart if (isset($_SESSION['shopping-cart'])) { DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => intval($_SESSION['userid'])));
} else { if (isset($settings['btc']) && count((array) $settings['btc']) > 0) { if ($field = Submission::checkFields(array("api_key", "api_pin"), (array) $settings['btc'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else { if (isset($settings['cms_settings']) && count((array) $settings['cms_settings']) > 0) { if ($field = Submission::checkFields(array("title"), (array) $settings['cms_settings'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else { die(Submission::createResult("Invalid Settings")); } } } $settings = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $_POST['settings']))); $find = DbManager::i()->select("sf_settings", array("settings")); if ($find !== false && !is_array($find)) { //settings already exists $update = DbManager::i()->update("sf_settings", array("settings" => $settings)); if (!$update) { Logger::i()->writeLog("Could not update settings, error = " . DbManager::i()->error, 'dev'); die; } } else { $insert = DbManager::i()->insert("sf_settings", array("settings"), array($settings)); if (!$insert) { Logger::i()->writeLog("Could not insert settings, error = " . DbManager::i()->error, 'dev'); die; } }
if (isset($_POST['pw'])) { $pw = base64_decode($_POST['pw']); $pw = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $pw))); $update = DbManager::i()->update("sf_members", array("password" => $pw), array("userid" => $userid)); if ($update) { Logger::i()->writeLog("User password updated, UserID = {$userid}"); echo Submission::createResult("Password updated successfully", true); } else { Logger::i()->writeLog("User password could not be updated, error = " . DbManager::i()->error); echo Submission::createResult("Could not update password. Please try again later."); } unset($pw); } else { if (isset($_POST['email'])) { $email = base64_decode($_POST['email']); $email = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $email))); $update = DbManager::i()->update("sf_members", array("email" => $email), array("userid" => $userid)); if ($update) { Logger::i()->writeLog("User Email updated, UserID = {$userid}"); echo Submission::createResult("Email updated successfully", true); } else { Logger::i()->writeLog("User Email could not be updated, reason = " . DbManager::i()->error); echo Submission::createResult("Could not update email. Please try again later."); } unset($email); } else { echo Submission::createResult("Invalid POST Parameter"); } } unset($userinfo); } else {
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); } } $u = $registration['username']; $iv = Crypto::GenerateIV(); $key = Crypto::GenerateKey($u); $username = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $u))); $find = DbManager::i()->select("sf_members", array("userid"), array("key" => base64_encode(base64_encode($key)))); if ($find && count($find) > 0) { die(Submission::createResult("Username is already taken")); } $pw = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['password']))); $email = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['email']))); $ip = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $_SERVER['REMOTE_ADDR']))); $key = base64_encode(base64_encode($key)); $iv = base64_encode(base64_encode($iv)); $reg_date = date("Y-m-d"); $insert = DbManager::i()->insert("sf_members", array("username", "email", "password", "key", "iv", "register_date", "ip"), array($username, $email, $pw, $key, $iv, $reg_date, $ip)); if ($insert) { Logger::i()->writeLog("Account created with username: {$u}"); die(Submission::createResult("Your account has been created successfully", true)); } else { Logger::i()->writeLog("Could not register user, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Could not register account. Please try again later")); } } else { die(Submission::createResult("Please fill in all information")); }