/**
* Authenticate user as admin
*
* @param string $username
* @param string $password
* @return bool
*/
private function _authenticate($username, $password)
{
$hash_password = '';
if (!empty($username)) {
// Fetch salt
if (($user = $GLOBALS['db']->select('CubeCart_admin_users', array('admin_id', 'password', 'salt', 'new_password'), array('username' => $username, 'status' => '1'), null, 1)) !== false) {
if (empty($user[0]['salt'])) {
// Generate Salt
$salt = Password::getInstance()->createSalt();
//Update it to the newer MD5 so we can fix it later
$pass = Password::getInstance()->updateOld($user[0]['password'], $salt);
$update = array('salt' => $salt, 'password' => $pass, 'new_password' => 0);
if ($GLOBALS['db']->update('CubeCart_admin_users', $update, array('admin_id' => (int) $user[0]['admin_id']))) {
$hash_password = $pass;
}
} else {
if ($user[0]['new_password'] == 1) {
//Get the salted new password
$hash_password = Password::getInstance()->getSalted($password, $user[0]['salt']);
} else {
//Get the salted old password
$hash_password = Password::getInstance()->getSaltedOld($password, $user[0]['salt']);
}
}
} else {
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_login']);
return false;
}
$result = $GLOBALS['db']->select('CubeCart_admin_users', array('admin_id', 'customer_id', 'logins', 'new_password'), array('username' => $username, 'password' => $hash_password, 'status' => '1'));
$GLOBALS['session']->blocker($username, 0, (bool) $result, Session::BLOCKER_BACKEND, $GLOBALS['config']->get('config', 'bfattempts'), $GLOBALS['config']->get('config', 'bftime'));
if ($result) {
if (!$GLOBALS['session']->blocked()) {
$this->_logged_in = true;
$update = array('blockTime' => 0, 'browser' => htmlspecialchars($_SERVER['HTTP_USER_AGENT']), 'failLevel' => 0, 'session_id' => $GLOBALS['session']->getId(), 'ip_address' => get_ip_address(), 'verify' => '', 'lastTime' => time(), 'logins' => $result[0]['logins'] + 1);
if ($result[0]['new_password'] != 1) {
$salt = Password::getInstance()->createSalt();
$pass = Password::getInstance()->getSalted($password, $salt);
$update = array_merge($update, array('salt' => $salt, 'password' => $pass, 'new_password' => 1));
}
$GLOBALS['db']->update('CubeCart_admin_users', $update, array('admin_id' => $result[0]['admin_id']));
$GLOBALS['session']->set('admin_id', $result[0]['admin_id'], 'client');
$this->_load();
} else {
$minutes_blocked = ceil($GLOBALS['config']->get('config', 'bftime') / 60);
$GLOBALS['gui']->setError(sprintf('Too many invalid logins have been made. Access has been blocked for %s minutes.', $minutes_blocked));
}
} else {
if (!$GLOBALS['session']->blocked()) {
if (($user = $GLOBALS['db']->select('CubeCart_admin_users', false, array('username' => $_POST['username']))) !== false) {
if ($user[0]['blockTime'] > 0 && $user[0]['blockTime'] < time()) {
// reset fail level and time
$newdata['failLevel'] = 1;
$newdata['blockTime'] = 0;
} else {
if ($user[0]['failLevel'] == $GLOBALS['config']->get('config', 'bfattempts') - 1) {
$timeAgo = time() - $GLOBALS['config']->get('config', 'bftime');
if ($user[0]['lastTime'] < $timeAgo) {
$newdata['failLevel'] = 1;
$newdata['blockTime'] = 0;
} else {
// block the account
$newdata['failLevel'] = $GLOBALS['config']->get('config', 'bfattempts');
$newdata['blockTime'] = time() + $GLOBALS['config']->get('config', 'bftime');
}
} else {
if ($user[0]['blockTime'] < time()) {
$timeAgo = time() - $GLOBALS['config']->get('config', 'bftime');
$newdata['failLevel'] = $user[0]['lastTime'] < $timeAgo ? 1 : $user[0]['failLevel'] + 1;
$newdata['blockTime'] = 0;
} else {
// Display Blocked message
$GLOBALS['gui']->setError(sprintf($GLOBALS['language']->account['error_login_block']($GLOBALS['config']->get('config', 'bftime') / 60)));
$this->_blocked = true;
}
}
}
if (isset($newdata)) {
$newdata['lastTime'] = time();
$GLOBALS['db']->update('CubeCart_admin_users', $newdata, array('admin_id' => $user[0]['admin_id']));
}
}
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_login']);
} else {
$minutes_blocked = ceil($GLOBALS['config']->get('config', 'bftime') / 60);
$GLOBALS['gui']->setError(sprintf('Too many invalid logins have been made. Access has been blocked for %s minutes.', $minutes_blocked));
}
}
if (!$GLOBALS['session']->blocked()) {
$redir = '';
if (isset($_GET['redir']) && !empty($_GET['redir'])) {
$redir = $_GET['redir'];
} else {
if (isset($_POST['redir']) && !empty($_POST['redir'])) {
$redir = $_POST['redir'];
} else {
if ($GLOBALS['session']->has('redir')) {
$redir = $GLOBALS['session']->get('redir');
} else {
if ($GLOBALS['session']->has('back')) {
$redir = $GLOBALS['session']->get('back');
}
}
}
}
if (!empty($redir)) {
if (preg_match('#^http#iU', $redir)) {
// Prevent phishing attacks, or anything untoward, unless it's redirecting back to this store
if (substr($redir, 0, strlen(CC_STORE_URL)) == CC_STORE_URL || substr($redir, 0, strlen($GLOBALS['config']->get('config', 'ssl_url'))) == $GLOBALS['config']->get('config', 'ssl_url')) {
// All good, proceed
} else {
trigger_error(sprintf("Possible Phishing attack - Redirection to '%s' is not allowed.", $redir));
$redir = '';
if ($GLOBALS['session']->has('back') && $redir == $GLOBALS['session']->get('back')) {
$GLOBALS['session']->delete('back');
}
if ($GLOBALS['session']->has('redir') && $redir == $GLOBALS['session']->get('redir')) {
$GLOBALS['session']->delete('redir');
}
}
}
}
httpredir(isset($redir) && !empty($redir) ? $redir : $GLOBALS['rootRel'] . $GLOBALS['config']->get('config', 'adminFile'));
} else {
$minutes_blocked = ceil($GLOBALS['config']->get('config', 'bftime') / 60);
$GLOBALS['gui']->setError(sprintf('Too many invalid logins have been made. Access has been blocked for %s minutes.', $minutes_blocked));
}
} else {
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_login']);
}
return false;
}
<!DOCTYPE html>
<html>
<head>
<title>Password Factory</title>
<meta charset="UTF-8">
<link rel="stylesheet" type="text/css" href="./css/xxx.css">
</head>
<body>
<header>
<h1>パスワード生成</h1>
</header>
<?php
require_once './class/password/makePassword.php';
require_once '/class/table/passwordTable.php';
$passMaker = Password::getInstance();
//生成ボタン押下
if (isset($_POST['generate'])) {
try {
$passMaker->setPassArray($_POST['number'], $_POST['digit'], $_POST['style']);
$passValue = $passMaker->getPass();
} catch (Exception $e) {
die($e->getMessage());
}
} else {
try {
$passMaker->setPassArray(6, 6, 1);
$passValue = $passMaker->getPass();
} catch (Exception $e) {
die($e->getMessage());
}
}
/**
* Register a new user with //SemperFi Hack from http://www.cubecartforums.org/index.php?showtopic=17937 STOP HACKERS
*
* @return bool
*/
public function registerUser()
{
// Validation
$error = false;
foreach ($GLOBALS['hooks']->load('class.user.register_user') as $hook) {
include $hook;
}
//Validate email
if (!filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL)) {
$GLOBALS['gui']->setError($GLOBALS['language']->common['error_email_invalid']);
$error['email'] = true;
} else {
// check for duplicates
if ($existing = $GLOBALS['db']->select('CubeCart_customer', array('email', 'type', 'customer_id'), array('email' => strtolower($_POST['email'])))) {
if ($existing[0]['type'] == 1) {
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_email_in_use']);
$error['dupe'] = true;
}
}
}
if (!empty($_POST['password'])) {
if ($_POST['password'] !== $_POST['passconf']) {
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_password_mismatch']);
$error['pass'] = true;
}
} else {
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_password_empty']);
$error['nopass'] = true;
}
if (empty($_POST['first_name']) || empty($_POST['last_name'])) {
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_name_required']);
$error['name'] = true;
}
if ($GLOBALS['config']->get('config', 'recaptcha') && !$GLOBALS['session']->get('confirmed', 'recaptcha')) {
if (($message = $GLOBALS['session']->get('error', 'recaptcha')) === false) {
//If the error message from recaptcha fails for some reason:
$GLOBALS['gui']->setError($GLOBALS['language']->form['verify_human_fail']);
} else {
$GLOBALS['gui']->setError($GLOBALS['session']->get('error', 'recaptcha'));
}
$error['recaptcha'] = true;
}
if ($terms = $GLOBALS['db']->select('CubeCart_documents', false, array('doc_terms' => '1'))) {
if (isset($_POST['terms_agree']) !== true && !$GLOBALS['config']->get('config', 'disable_checkout_terms')) {
$GLOBALS['gui']->setError($GLOBALS['language']->account['error_terms_agree']);
$error['terms'] = true;
}
}
if (!$error) {
// Format data nicely from mr barney brimstock to Mr Barney Brimstock
$_POST['title'] = ucwords($_POST['title']);
$_POST['first_name'] = ucwords($_POST['first_name']);
$_POST['last_name'] = ucwords($_POST['last_name']);
// Register the user
$_POST['salt'] = Password::getInstance()->createSalt();
$_POST['password'] = Password::getInstance()->getSalted($_POST['password'], $_POST['salt']);
$_POST['registered'] = time();
if (($_POST['ip_address'] = get_ip_address()) === false) {
$_POST['ip_address'] = 'Unknown';
}
// Get IP Address
foreach ($GLOBALS['hooks']->load('class.user.register_user.insert') as $hook) {
include $hook;
}
if ($existing[0]['type'] == 2) {
$_POST['type'] = 1;
$_POST['new_password'] = 1;
$GLOBALS['db']->update('CubeCart_customer', $_POST, array('email' => strtolower($_POST['email'])));
$insert = $existing[0]['customer_id'];
} else {
$insert = $GLOBALS['db']->insert('CubeCart_customer', $_POST);
}
foreach ($GLOBALS['hooks']->load('class.user.register_user.inserted') as $hook) {
include $hook;
}
// Send welcome email
if (($user = $GLOBALS['db']->select('CubeCart_customer', false, array('customer_id' => (int) $insert))) !== false) {
if (isset($_POST['mailing_list'])) {
$subscribe = array('customer_id' => $user[0]['customer_id'], 'status' => 1, 'email' => $user[0]['email']);
$GLOBALS['db']->insert('CubeCart_newsletter_subscriber', $subscribe);
}
}
if (!$GLOBALS['config']->get('config', 'email_confimation')) {
$this->authenticate($_POST['email'], $_POST['passconf']);
}
return true;
}
return false;
}
}
$file_name = ucfirst($module_name[0]) . ' ' . $lang['customer']['customer_export'] . ' ' . date("Ymd") . '.csv';
$GLOBALS['debug']->supress(true);
deliverFile(false, false, $external_report->_report_data, $file_name);
exit;
}
if (isset($_POST['customer']) && is_array($_POST['customer']) && Admin::getInstance()->permissions('customers', CC_PERM_EDIT)) {
$customer = $_POST['customer'];
$customer_added = $customer_not_added = $customer_updated = false;
// Reset password
if (isset($customer['password']) && !empty($customer['password'])) {
if ($customer['password'] === $customer['passconf']) {
$salt = Password::getInstance()->createSalt();
$customer['salt'] = $salt;
$customer['new_password'] = 1;
$customer['password'] = Password::getInstance()->getSalted($customer['password'], $salt);
}
//Or not
} else {
unset($customer['password']);
unset($customer['passconf']);
}
// Format data nicely from mr barney brimstock to Mr Barney Brimstock
$customer['title'] = ucwords($customer['title']);
$customer['first_name'] = ucwords($customer['first_name']);
$customer['last_name'] = ucwords($customer['last_name']);
// Update/Add customer record
if (isset($_POST['customer_id']) && is_numeric($_POST['customer_id'])) {
foreach ($GLOBALS['hooks']->load('admin.customer.update') as $hook) {
include $hook;
}
$pwd = ob_get_clean();
print htmlentities($pwd);
?>
</pre>
<hr />
<h1 id="example-007">Example 007. Silly random bitfields (contain only digits 0 and 1)</h1>
<pre class="input_code">
<?php
require_once 'Password.php';
$pwd = Password::getInstance()
->setAlphabet(array(0, 1))
->setDictionary()
->generate(array(32, 0), 3));
print_r($pwd);
?>
</pre>
<h2>Output:</h2>
<pre class="output_code">
<?php
ob_start();
print_r(Password::getInstance()->setAlphabet(array(0, 1))->setDictionary()->generate(array(32, 0), 3));
$pwd = ob_get_clean();
print htmlentities($pwd);
?>
</pre>
</body>
</html>
} else {
// Incorrect host/user/pass
$errors[] = $strings['setup']['error_db_incorrect_something'];
unset($_POST['global']['dbhost'], $_POST['global']['dbusername'], $_POST['global']['dbpassword']);
}
}
if ($validated && $mysql_connect) {
// Set session variables, then proceed
unset($_POST['global']['dbpassconf'], $_POST['admin']['passconf']);
$_SESSION['setup']['progress'] = true;
$_SESSION['setup']['droptable'] = isset($_POST['drop']) ? true : false;
$global = array('installed' => true, 'adminFolder' => 'admin', 'adminFile' => 'admin.php');
$_SESSION['setup']['global'] = array_merge($_POST['global'], $global);
$_SESSION['setup']['config'] = $_POST['config'];
$salt = Password::getInstance()->createSalt();
$_SESSION['setup']['admin'] = array_merge($_POST['admin'], array('order_notify' => 1, 'super_user' => 1, 'status' => 1, 'salt' => $salt, 'language' => $_POST['config']['default_language'], 'password' => Password::getInstance()->getSalted($_POST['admin']['password'], $salt)));
httpredir('index.php');
}
$GLOBALS['smarty']->assign('FORM', $_POST);
}
$currencies = array('USD' => 'US Dollar', 'GBP' => 'British Pound', 'EUR' => 'Euro', 'AUD' => 'Australian Dollar', 'BGN' => 'Bulgarian Lev', 'BRL' => 'Brazilian Real', 'CAD' => 'Canadian Dollar', 'CHF' => 'Swiss Franc', 'CNY' => 'Chinese Yuan', 'CZK' => 'Czech Koruna', 'DKK' => 'Danish Krone', 'EEK' => 'Estonian Kroon', 'HKD' => 'Hong Kong Dollar', 'HRK' => 'Croatian Kuna', 'HUF' => 'Hungarian Forint', 'IDR' => 'Indonesian Rupiah', 'INR' => 'Indian Rupee', 'JPY' => 'Japanese Yen', 'KRW' => 'South Korean Won', 'LTL' => 'Lithuanian Litas', 'LVL' => 'Latvian Lat', 'MXN' => 'Mexican Peso', 'MYR' => 'Malaysian Ringgit', 'NOK' => 'Norwegian Krone', 'NZD' => 'New Zealand Dollar', 'PHP' => 'Philippine Peso', 'PLN' => 'Polish Zloty', 'RON' => 'Romanian Leu', 'RUB' => 'Russian Ruble', 'SEK' => 'Swedish Krona', 'SGD' => 'Singapore Dollar', 'THB' => 'Thai Baht', 'TRY' => 'Turkish Lira', 'ZAR' => 'South African Rand');
foreach ($currencies as $code => $name) {
$selected = isset($_POST['config']['default_currency']) && $_POST['config']['default_currency'] == $code ? ' selected="selected"' : '';
$list_currency[] = array('code' => $code, 'selected' => $selected, 'name' => !empty($name) ? $name : $code);
}
$GLOBALS['smarty']->assign('CURRENCIES', $list_currency);
foreach ($languages as $option) {
$option['selected'] = $option['code'] == $_SESSION['language'] ? ' selected="selected"' : '';
$smarty_data['list_langs'][] = $option;
}
$GLOBALS['smarty']->assign('LANGUAGES', $smarty_data['list_langs']);
public function FillCreateArray($crarray, $userid)
{
if (!is_array($crarray) || !is_numeric($userid)) {
throw new Exception("Problems with create array or with user id");
}
$retarray = array();
$user = User::getInstance();
$user->id = $userid;
for ($i = 0; $i < count($crarray); $i++) {
switch ($crarray[$i]['type']) {
case 'username':
$retarray['clientlogin'] = $user->GetUsername();
break;
case 'password':
$retarray['clientpassword'] = Password::getInstance()->ProcessPassword();
break;
}
}
return $retarray;
}
}
}
//If there only one super then don't allow demoting
if ($record['super_user'] == '0' && $count <= 1 && Admin::getInstance()->superUser() && (int) $_POST['admin_id'] === (int) Admin::getInstance()->getId()) {
$record['super_user'] = '******';
}
$record['new_password'] = 1;
if ($GLOBALS['db']->update('CubeCart_admin_users', $record, array('admin_id' => $_POST['admin_id']))) {
$updated = true;
}
$admin_id = $_POST['admin_id'];
} else {
## Create new admin
if (!empty($record['password'])) {
$record['salt'] = Password::getInstance()->createSalt();
$record['password'] = Password::getInstance()->getSalted($record['password'], $record['salt']);
$record['status'] = 1;
if ($GLOBALS['db']->insert('CubeCart_admin_users', $record)) {
$admin_id = $GLOBALS['db']->insertid();
$added = true;
$GLOBALS['main']->setACPNotify($lang['admins']['notify_admin_create']);
} else {
## no name added as it may be empty
$GLOBALS['main']->setACPWarning($lang['common']['error_admin_create']);
}
}
}
## Update Permissions
$GLOBALS['db']->delete('CubeCart_permissions', array('admin_id' => $admin_id));
if (isset($_POST['permission']) && is_array($_POST['permission']) && Admin::getInstance()->permissions('users', CC_PERM_FULL)) {
foreach ($_POST['permission'] as $section => $mask) {