public function index()
{
var_dump(Security::hash('sha256', 'test'));
$c = Security::encrypt('blowfish', 'test', 'cbc');
$e = Security::decrypt($c['ciphertext'], 'blowfish', 'cbc', $c['key'], $c['iv_size']);
var_dump('test : ' . $c['ciphertext']);
var_dump('test : ' . $e);
}
public static function decrypt($string)
{
$sections = explode('|', $string);
if (count($sections) == 2) {
$output = trim(Security::decrypt(MCRYPT_RIJNDAEL_256, self::$encryptionKey, $sections[0], MCRYPT_MODE_CBC, base64_decode($sections[1])));
list($hash, $data) = explode('|', $output, 2);
if ($hash && $data) {
$hashed = Security::hmac('sha256', $data, self::$validationKey);
if ($hash == $hashed) {
$data = unserialize($data);
return new AuthenticationTicket($data[0], $data[1], $data[2]);
}
}
}
return false;
}
public function afterFind($results, $primary = false)
{
App::uses('Security', 'Utility');
foreach ($this->encryptedFields as $fieldName) {
if (!isset($results[$this->alias])) {
foreach ($results as $i => $data) {
if (!empty($data[$this->alias][$fieldName])) {
$results[$i][$this->alias][$fieldName] = Security::decrypt($data[$this->alias][$fieldName], Configure::read('Security.key'));
}
}
}
if (!empty($results[$this->alias][$fieldName])) {
$results[$this->alias][$fieldName] = Security::decrypt($results[$this->alias][$fieldName], Configure::read('Security.key'));
}
}
return $results;
}
public static function decryptURL($input, $key)
{
return Security::decrypt(base64_decode(urldecode($input)), $key);
}
Рефакторинг и комментарии от AntifreeZZe
*/
//Если не определить, connect.php кинет ошибку
define('INCLUDE_CHECK', true);
//А вот и сам connect.php
include "connect.php";
include_once "ecodes.php";
include_once "loger.php";
include_once "security.php";
//Ставим тип ответа и кодировку (UTF-8)
header('Content-Type : text/plain; charset=utf-8');
//parse_str($_SERVER['QUERY_STRING'],$_POST);
//Получаем данные и расшифровываем
$x = rawurldecode($_POST['action']);
//@$x = str_replace(" ", "+", $x);
$yd = Security::decrypt($x, $key2);
#echo $yd;
//Парсим расшифрованное
$json = json_decode($yd, true);
$action = $json['action'];
$client = $json['client'];
$login = $json['login'];
$postPass = $json['pass'];
$launchermd5 = $json['md5'];
//@list($action, $client, $login, $postPass, $launchermd5) = explode(':', $yd);
//Проверяем соответствие лаунчера
if ($checklauncher) {
/*if($launchermd5 != null)
{
if($launchermd5 == @$md5launcherexe)
{
/**
* Test that empty data cause errors
*
* @expectedException CakeException
* @expectedExceptionMessage The data to decrypt cannot be empty.
* @return void
*/
public function testDecryptInvalidData()
{
$txt = '';
$key = 'This is a key that is long enough to be ok.';
Security::decrypt($txt, $key);
}
$smtp_log = "smtp_local_settings.log";
} else {
$smtp_log = "smtp_online_settings.log";
}
DEFINE('TLW_WEBMASTER', "*****@*****.**");
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $settings_log)) {
$settings_raw = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $settings_log);
if (!empty($settings_raw)) {
$settings = unserialize($settings_raw);
//Global Email address settings
DEFINE('TLW_SOURCE_EMAIL', $settings['src_email']);
DEFINE('TLW_SOURCE_NAME', $settings['src_name']);
DEFINE('TLW_REPLY_EMAIL', $settings['reply_email']);
DEFINE('TLW_REPLY_NAME', $settings['reply_name']);
DEFINE('TLW_IMPORT_EMAIL', $settings['import_email']);
DEFINE('TLW_IT_EMAIL', $settings['it_admin_email']);
DEFINE('TLW_IT_NAME', $settings['it_admin_name']);
}
}
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $smtp_log)) {
$secure_pass = new Security();
$smtp_settings_raw = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $smtp_log);
if (!empty($smtp_settings_raw)) {
$smtp_settings = unserialize($smtp_settings_raw);
//Global SMTP settings
DEFINE('TLW_SMTP_HOST', $smtp_settings['smtp_host']);
DEFINE('TLW_SMTP_PORT', $smtp_settings['smtp_port']);
DEFINE('TLW_SMTP_USER', $smtp_settings['smtp_user']);
DEFINE('TLW_SMTP_PWD', $secure_pass->decrypt($smtp_settings['smtp_pwd']));
}
}
<?php
include 'security.php';
include 'config.php';
setlocale(LC_MONETARY, 'de_DE');
// read input and decode it
$myRentalId = Security::decrypt($_GET["id"], $key);
$myRentalIdExploded = explode("_", $myRentalId);
$dateExploded = explode("-", $myRentalIdExploded[0]);
$year = $dateExploded[0];
$month = $dateExploded[1];
$day = $dateExploded[2];
$dayId = $myRentalIdExploded[1];
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "{$backend}/rest/rental/{$year}/{$month}/{$day}/{$dayId}");
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Accept: application/json', 'Content-Type: application/json', 'username:'******'password:' . $password));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($curl);
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
// log
file_put_contents("myrental.log", date("Y-m-d H:i:s", time()) . " " . "{$year}-{$month}-{$day} {$dayId} {$code}\n", FILE_APPEND);
curl_close($curl);
?>
<html>
<head>
<title>Bootsvermietung EPPEL - meine Bootsfahrt</title>
<link rel="stylesheet" href="boatpos.css">
<link href="favicon.ico" rel="shortcut icon" type="image/x-icon"/>
/**
* Decodes and decrypts a single value.
*
* @param string $value The value to decode & decrypt.
* @return string Decoded value.
*/
protected function _decode($value)
{
$prefix = 'Q2FrZQ==.';
$pos = strpos($value, $prefix);
if ($pos === false) {
return $this->_explode($value);
}
$value = base64_decode(substr($value, strlen($prefix)));
if ($this->_type === 'rijndael') {
$plain = Security::rijndael($value, $this->key, 'decrypt');
}
if ($this->_type === 'cipher') {
$plain = Security::cipher($value, $this->key);
}
if ($this->_type === 'aes') {
$plain = Security::decrypt($value, $this->key);
}
return $this->_explode($plain);
}
function before_action()
{
if ($this->sessionType == 'cookie' || $this->sessionIDType == 'cookie') {
if (empty($this->controller->Cookie)) {
e('Cookie-based sessions require the Cookie component to be loaded');
die;
}
}
if ($this->sessionType == 'database') {
throw new Exception('Database-persisted sessions are not implemented yet');
if (empty($this->controller->Db)) {
e('Database-persisted sessions require the Db component to be loaded');
die;
}
} else {
if ($this->sessionType == 'file') {
if (empty($this->controller->File)) {
e('File-persisted sessions require the File component to be loaded');
die;
}
}
}
$this->clear_expired_sessions();
// Load the session if available
$this->inSession = false;
// get the session id
$this->sessionID = null;
if ($this->sessionType == 'cookie' || $this->sessionIDType == 'cookie') {
// Load from the cookie:
if (!empty($this->controller->Cookie->data[$this->sessionCookieName])) {
$this->sessionID = $this->controller->Cookie->data[$this->sessionCookieName]['session_id'];
}
} else {
if ($this->sessionIDType == 'url') {
$this->sessionID = $this->controller->data['session_id'];
// the session ID is encrypted, so decrypt it before use
$this->sessionID = Security::decrypt($this->sessionID);
}
}
if (empty($this->sessionID)) {
return;
}
// get the session
if ($this->sessionType == 'file') {
$sessionFilename = $this->__get_session_filename();
if ($this->controller->File->exists($sessionFilename)) {
$this->data = $this->controller->File->read_object($sessionFilename);
if (empty($this->data)) {
$this->data = array();
}
$this->inSession = true;
}
} else {
if ($this->sessionType == 'database') {
} else {
if ($this->sessionType == 'cookie') {
if (!empty($this->controller->Cookie->data[$this->sessionCookieName]) && !empty($this->controller->Cookie->data[$this->sessionCookieName]['session_data'])) {
$this->data = $this->controller->Cookie->data[$this->sessionCookieName]['session_data'];
if (empty($this->data)) {
$this->data = array();
}
$this->inSession = true;
}
}
}
}
}
function __decrypt_data($arr = null)
{
$security = new Security($this->config);
if (empty($arr)) {
$arr =& $this->data;
}
if (empty($arr)) {
return null;
}
foreach ($arr as $k => $v) {
if (!is_array($v)) {
$arr[$k] = $security->decrypt($v);
} else {
$arr[$k] = $this->__decrypt_data($v);
}
}
return $arr;
}
<?php include 'security.php'; $value = "example"; $key = "1234567891234567"; //16 Character Key echo Security::encrypt($value, $key); echo Security::decrypt(Security::encrypt($value, $key), $key);
/**
* Descriptograda e retorna uma sessão específica do usuário
* @param string $name nome da sessão a ser retornada
* @throws TriladoException disparado se a configuração 'salt' não for definida ou o valor for vazio
* @return mixed retorna o valor sessão descriptografado
*/
public static function get($name)
{
if (Config::get('salt') == null) {
throw new ConfigNotFoundException("A configuração 'salt' não pode ter o valor nulo");
}
self::start();
if (isset($_SESSION['Trilado.Core.Session'][$name])) {
return Security::decrypt($_SESSION['Trilado.Core.Session'][$name], self::key());
}
}
<?php
echo GridView::widget(['dataProvider' => $dataProvider, 'filterModel' => $searchModel, 'columns' => [['class' => 'yii\\grid\\SerialColumn'], 'nombre', ['attribute' => 'correo', 'value' => function ($searchModel) {
return Security::decrypt($searchModel->email);
}], 'comentario:ntext', ['attribute' => 'noticia_id', 'format' => 'raw', 'value' => function ($searchModel) {
return Html::a($searchModel->noticia->titulo, "@web/articulo/" . $searchModel->noticia->seo_slug);
}], ['attribute' => 'estado', 'format' => 'raw', 'value' => function ($searchModel) {
if ($searchModel->estado === 0) {
return "<span class='glyphicon glyphicon-remove'></span>";
} else {
return "<span class='glyphicon glyphicon-ok'></span>";
}
}], ['class' => 'yii\\grid\\ActionColumn', 'template' => '{update} {delete} {aprobar}', 'buttons' => ['aprobar' => function ($url, $model) {
if ($model->estado === 0) {
return Html::a('<span class="glyphicon glyphicon-thumbs-up"></span>', $url, ['title' => Yii::t('app', 'Aprobar comentario')]);
}
}, 'update' => function ($url, $model) {
return Html::a('<span class="glyphicon glyphicon-pencil"></span>', $url, ['title' => Yii::t('app', 'Actualizar')]);
}], 'urlCreator' => function ($action, $model, $key, $index) {
if ($action === 'aprobar') {
return yii\helpers\Url::to(['comentario/aprobar', 'id' => $key]);
} elseif ($action == 'update') {
return yii\helpers\Url::to(['comentario/update/', 'id' => $key]);
} elseif ($action === 'delete') {
return yii\helpers\Url::to(['comentario/delete/', 'id' => $key]);
}
}]]]);
public static function isValid($response, $username = "", $salt = "", $panel = true)
{
if ($panel) {
$_username = "******";
$_name = "_panel_name";
$_ninjaPower = "_panel_ninja_power";
$_hash = "_panel_hash";
$_user_ref = "_panel_user_ref";
} else {
$_username = "******";
$_name = "_openctf_name";
$_ninjaPower = "_openctf_ninja_power";
$_hash = "_openctf_hash";
$_user_ref = "_openctf_user_ref";
}
$response->cookie($_user_ref, $username, time() + 86400 * 30, "/", Session::getDomain(), Session::isSecure());
if ($username == "" && $salt == "") {
if (isset($_COOKIE[$_username]) && isset($_COOKIE[$_name]) && isset($_COOKIE[$_ninjaPower]) && isset($_COOKIE[$_hash])) {
return true;
}
}
if (isset($_COOKIE[$_username]) && isset($_COOKIE[$_name]) && isset($_COOKIE[$_ninjaPower]) && isset($_COOKIE[$_hash])) {
if ($username == $_COOKIE[$_username]) {
$time = Security::decrypt($_COOKIE[$_ninjaPower], $salt);
$hash = hash("sha256", $salt . $username . $time);
if ($hash == $_COOKIE[$_hash]) {
return true;
} else {
return false;
}
} else {
return false;
}
} else {
return false;
}
}
/**
* Check the hidden captcha's values
*
* @param string $formId [optional] The id to use to generate input elements (default = "hcptch")
* @param integer $minLimit [optional] Submission minimum time limit in seconds (default = 5)
* @param integer $maxLimit [optional] Submission maximum time limit in seconds (default = 1200)
* @return boolean Return false if the submitter is a robot
*/
public static function checkCaptcha($formId = 'hcptch', $minLimit = 5, $maxLimit = 1200)
{
// get posted values
$values = Request::getInstance()->post($formId);
// Check post values
if ($values === null || !isset($values['spinner']) || !isset($values['name'])) {
self::$_error = self::$CAPTCHA_VALUES_NOT_SUBMITTED;
return false;
}
// Hidden field is set
if ($values['name'] !== '') {
self::$_error = self::$CAPTCHA_SPAMBOT_AUTO_FILL;
return false;
}
// Get the spinner values
$spinner = Security::decrypt($values['spinner']);
$spinner = @unserialize($spinner);
// Spinner is null or unserializable
if (!$spinner || !is_array($spinner) || empty($spinner)) {
self::$_error = self::$CAPTCHA_SPINNER_ERROR;
return false;
}
// Check the random posted field
$hField = $values[$spinner['hfield_name']];
if (!isset($spinner['captcha']) && (!isset($hField) || $hField === '')) {
self::$_error = self::$CAPTCHA_VALUES_NOT_SUBMITTED;
return false;
}
// Check time limits
$now = time();
if ($now - $spinner['timestamp'] < $minLimit || $now - $spinner['timestamp'] > $maxLimit) {
self::$_error = self::$CAPTCHA_TIME_LIMIT_ERROR;
return false;
}
// We have a classic captcha with an image
if (isset($spinner['captcha'])) {
if (strtolower($hField) !== $spinner['captcha']) {
self::$_error = self::$CAPTCHA_IMAGE_ERROR;
return false;
}
} else {
// Check if the random field value is similar to the spinner value
if (!ctype_digit($hField) || $spinner['timestamp'] != $hField) {
self::$_error = self::$CAPTCHA_HFIELD_ERROR;
return false;
}
}
// Check spinner values
if (!isset($spinner['session_id'], $spinner['ip'], $spinner['user_agent']) && $spinner['session_id'] !== session_id && $spinner['ip'] !== self::_getIp() && $spinner['user_agent'] !== $_SERVER['HTTP_USER_AGENT']) {
self::$_error = self::$CAPTCHA_SPINNER_ERROR;
return false;
}
// Unset post values
if (isset($_POST[$formId])) {
unset($_POST[$formId]);
}
// everything is ok, return true
return true;
}
