public static function create($response, $username, $name, $salt, $panel = true)
{
$time = time() + 86400;
if ($panel) {
$_username = "******";
$_name = "_panel_name";
$_ninjaPower = "_panel_ninja_power";
$_hash = "_panel_hash";
$_user_ref = "_panel_user_ref";
$_user_session = "_panel_user_session";
} else {
$_username = "******";
$_name = "_openctf_name";
$_ninjaPower = "_openctf_ninja_power";
$_hash = "_openctf_hash";
$_user_ref = "_openctf_user_ref";
$_user_session = "_openctf_user_session";
}
$response->cookie($_username, $username, $time, "/", Session::getDomain(), Session::isSecure());
$response->cookie($_name, $name, $time, "/", Session::getDomain(), Session::isSecure());
$response->cookie($_ninjaPower, Security::encrypt($time, $salt), $time, "/", Session::getDomain(), Session::isSecure());
$hash = hash("sha256", $salt . $username . $time);
$response->cookie($_hash, $hash, $time, "/", Session::getDomain(), Session::isSecure());
$response->cookie($_user_session, Security::getSalt(), $time, "/", Session::getDomain(), Session::isSecure());
$response->cookie($_user_ref, $username, $time + 86400 * 30, "/", Session::getDomain(), Session::isSecure());
}
/**
* Returns the hidden captcha tags to put in your form
*
* @param string $formId [optional] The id to use to generate input elements (default = "hcptch")
* @param boolean $withImage [optional] The captcha use the classic image captcha
* @return string The tags to put in your form
*/
public static function getFormTags($formId = 'hcptch', $withImage = false)
{
// Get spinner vars
$now = time();
$name = String::random(array('numbers' => false, 'uppercase' => false));
// Generate the spinner
$spinner = array('timestamp' => $now, 'session_id' => session_id(), 'ip' => self::_getIp(), 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'hfield_name' => $name);
if ($withImage) {
$captcha = String::hrRandom(5);
$spinner['captcha'] = $captcha;
}
// Encrypt the spinner
$spinner = Security::encrypt(serialize($spinner));
// put a random invisible style, to fool spambots a little bit ;-)
$styles = array('position:absolute;left:-' . mt_rand(10000, 20000) . 'px;', 'display: none');
$style = $styles[array_rand($styles)];
// build tags
$tags = '<input type="hidden" name="' . $formId . '[spinner]" value="' . $spinner . '" />' . PHP_EOL;
$tags .= '<span style="' . $style . '"><input type="text" name="' . $formId . '[name]" value=""/></span>' . PHP_EOL;
if ($withImage) {
$tags .= self::_generateImage($captcha);
$tags .= '<input type="text" name="' . $formId . '[' . $name . ']" value="" autocomplete="off" />' . PHP_EOL;
} else {
$tags .= '<input type="hidden" name="' . $formId . '[' . $name . ']" value="' . $now . '" />' . PHP_EOL;
}
return $tags;
}
/**
* Cria uma sessão criptograda para o usuário
* @param string $name nome da sessão
* @param mixed $value valor da sessão
* @throws TriladoException disparada caso o programador não defina a configuração 'salt', ou o valor esteja vazio
* @return void
*/
public static function set($name, $value)
{
if (Config::get('salt') == null) {
throw new ConfigNotFoundException("A configuração 'salt' não pode ter o valor nulo");
}
self::start();
$_SESSION['Trilado.Core.Session'][$name] = Security::encrypt($value, self::key());
}
public static function encrypt(AuthenticationTicket $ticket)
{
$data = array($ticket->getName(), $ticket->getExpire(), $ticket->getUserData());
$string = serialize($data);
$hash = Security::hmac('sha256', $string, self::$validationKey);
$iv = Security::iv(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC, MCRYPT_DEV_URANDOM, false);
return Security::encrypt(self::$cipher, self::$encryptionKey, $hash . '|' . $string, MCRYPT_MODE_CBC, $iv, true) . '|' . base64_encode($iv);
}
public function index()
{
var_dump(Security::hash('sha256', 'test'));
$c = Security::encrypt('blowfish', 'test', 'cbc');
$e = Security::decrypt($c['ciphertext'], 'blowfish', 'cbc', $c['key'], $c['iv_size']);
var_dump('test : ' . $c['ciphertext']);
var_dump('test : ' . $e);
}
public static function add_admin($login, $pwd)
{
/* Password encryption */
$p = Security::encrypt('blowfish', $pwd);
/* Add to db new admin */
$db = Connections::get('core');
$db->insert('a', array('b' => $p['ciphertext']));
$aid = $db->last_id;
$db->insert('m', array('n' => base64_encode($p['key']), 's' => $p['iv_size']));
$mid = $db->last_id;
$r = $db->insert('core_admin', array('login' => $login, 'a' => $aid, 'm' => $mid));
}
function beforeSave($options = array())
{
App::uses('Security', 'Utility');
if (!empty($this->data['Participante']['evento_code'])) {
if ($evento_existe = $this->Evento->getByCode($this->data['Participante']['evento_code'])) {
$this->data['Participante']['evento_id'] = $evento_existe['Evento']['id'];
} else {
return false;
}
}
foreach ($this->encryptedFields as $fieldName) {
if (!empty($this->data[$this->alias][$fieldName])) {
$this->data[$this->alias][$fieldName] = Security::encrypt($this->data[$this->alias][$fieldName], Configure::read('Security.key'));
}
}
return true;
}
public static function encryptURL($input, $key)
{
return urlencode(base64_encode(Security::encrypt($input, $key)));
}
$initialIconMoney = 30;
//Сколько денег дается при регистрации в IConomy
$exchangeRate = 200;
//Курс обмена Realmoney -> IConomy
//ВСЕ ЧТО НИЖЕ - НЕ ТРОГАТЬ!
try {
$db = new PDO("mysql:host={$db_host};port={$db_port};dbname={$db_database}", $db_user, $db_pass);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->exec("set names utf8");
$stmt = $db->prepare("\n CREATE TABLE IF NOT EXISTS `usersession` (\n\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t `user` varchar(255) DEFAULT 'user',\n\t `session` varchar(255) DEFAULT NULL,\n\t `server` varchar(255) DEFAULT NULL,\n\t `token` varchar(255) DEFAULT NULL,\n \t `realmoney` int(255) DEFAULT '0',\n \t `md5` varchar(255) DEFAULT '0',\n\t PRIMARY KEY (`id`)\n\t ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0 ;\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n CREATE TABLE IF NOT EXISTS `sashok724_launcher_keys` (\n\t `key` varchar(255) DEFAULT NULL,\n\t `amount` int(255) DEFAULT NULL\n\t ) ENGINE=MyISAM DEFAULT CHARSET=utf8;\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `sip` (\n\t\t `time` varchar(255) NOT NULL,\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `sip` varchar(16) DEFAULT NULL,\n\t\t PRIMARY KEY (`id`) USING BTREE\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC AUTO_INCREMENT=0 ;\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `jobs` (\n\t\t `username` varchar(20) DEFAULT NULL,\n\t\t `experience` int(11) DEFAULT NULL,\n\t\t `level` int(11) DEFAULT NULL,\n\t\t `job` varchar(20) DEFAULT NULL\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8;\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `iConomy` (\n\t\t `id` int(255) NOT NULL AUTO_INCREMENT,\n\t\t `username` varchar(32) NOT NULL,\n\t\t `balance` double(64,2) NOT NULL,\n\t\t `status` int(2) NOT NULL DEFAULT '0',\n\t\t UNIQUE KEY `username` (`username`),\n\t\t KEY `id` (`id`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0 ;\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `banlist` (\n\t\t `name` varchar(32) NOT NULL,\n\t\t `reason` text NOT NULL,\n\t\t `admin` varchar(32) NOT NULL,\n\t\t `time` bigint(20) NOT NULL,\n\t\t `temptime` bigint(20) NOT NULL DEFAULT '0',\n\t\t `type` int(11) NOT NULL DEFAULT '0',\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `ip` varchar(16) DEFAULT NULL,\n\t\t PRIMARY KEY (`id`) USING BTREE\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 ROW_FORMAT=DYNAMIC AUTO_INCREMENT=0 ;\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `permissions` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(50) NOT NULL,\n\t\t `type` tinyint(1) NOT NULL,\n\t\t `permission` varchar(200) NOT NULL,\n\t\t `world` varchar(50) DEFAULT NULL,\n\t\t `value` text,\n\t\t PRIMARY KEY (`id`),\n\t\t UNIQUE KEY `unique` (`name`,`permission`,`world`,`type`),\n\t\t KEY `user` (`name`,`type`),\n\t\t KEY `world` (`world`,`name`,`type`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=5 ;\t\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `permissions_entity` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `name` varchar(50) NOT NULL,\n\t\t `type` tinyint(1) NOT NULL,\n\t\t `prefix` varchar(255) NOT NULL,\n\t\t `suffix` varchar(255) NOT NULL,\n\t\t `default` tinyint(1) NOT NULL DEFAULT '0',\n\t\t PRIMARY KEY (`id`),\n\t\t UNIQUE KEY `name` (`name`),\n\t\t KEY `default` (`default`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=6 ;\n\t\t");
$stmt->execute();
$stmt = $db->prepare("\n\t\tCREATE TABLE IF NOT EXISTS `permissions_inheritance` (\n\t\t `id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t `child` varchar(50) NOT NULL,\n\t\t `parent` varchar(50) NOT NULL,\n\t\t `type` tinyint(1) NOT NULL,\n\t\t `world` varchar(50) DEFAULT NULL,\n\t\t PRIMARY KEY (`id`),\n\t\t UNIQUE KEY `child` (`child`,`parent`,`type`,`world`),\n\t\t KEY `child_2` (`child`,`type`),\n\t\t KEY `parent` (`parent`,`type`)\n\t\t) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=0 ;\n\t\t");
$stmt->execute();
} catch (PDOException $pe) {
die(Security::encrypt("errorsql", $key1) . $logger->WriteLine($log_date . $pe));
//вывод ошибок MySQL в m.log
}
$iconmoney = $row['balance'];
//echo "success:".$money.":".$iconmoney;
exit(Security::encrypt(json_encode(array("error" => false, "code" => STATUS_OK, "text" => "Success", "money" => $money, "imoney" => $iconmoney)), $key1));
} else {
exit(Security::encrypt(json_encode(array("error" => true, "code" => STATUS_INTERNAL_ERROR, "text" => "Wrong query")), $key1));
}
}
}
}
}
}
}
}
}
} catch (PDOException $pe) {
die(Security::encrypt(json_encode(array("error" => true, "code" => STATUS_SQL_ERROR, "text" => "SQL Error", "edata" => $pe)), $key1));
$logger->WriteLine($log_date . $pe);
//вывод ошибок MySQL в m.log
}
//===================================== Вспомогательные функции ==================================//
function xorencode($str, $key)
{
while (strlen($key) < strlen($str)) {
$key .= $key;
}
return $str ^ $key;
}
function strtoint($text)
{
$res = "";
for ($i = 0; $i < strlen($text); $i++) {
/**
* Test encrypting falsey data
*
* @return void
*/
public function testEncryptDecryptFalseyData()
{
$key = 'This is a key that is long enough to be ok.';
$result = Security::encrypt('', $key);
$this->assertSame('', Security::decrypt($result, $key));
$result = Security::encrypt(false, $key);
$this->assertSame('', Security::decrypt($result, $key));
$result = Security::encrypt(null, $key);
$this->assertSame('', Security::decrypt($result, $key));
$result = Security::encrypt(0, $key);
$this->assertSame('0', Security::decrypt($result, $key));
$result = Security::encrypt('0', $key);
$this->assertSame('0', Security::decrypt($result, $key));
}
} else {
$smtp_settings['smtp_port'] = trim($_POST['smtp_port']);
$smtp_port = $smtp_settings['smtp_port'];
}
if (trim($_POST['smtp_user']) == "") {
$smtp_errors['smtp_user'] = "******";
} else {
$smtp_settings['smtp_user'] = trim($_POST['smtp_user']);
$smtp_user = $smtp_settings['smtp_user'];
}
if (trim($_POST['smtp_pwd']) == "") {
if ($smtp_pwd == "") {
$smtp_errors['smtp_pwd'] = "Please enter the <b>Password</b> for the SMPT account.";
}
} else {
$smtp_settings['smtp_pwd'] = $secure_pass->encrypt($_POST['smtp_pwd']);
}
//pre($smtp_errors);
if (!empty($smtp_settings) && empty($smtp_errors)) {
file_put_contents($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $smtp_log, serialize($smtp_settings));
$smtp_settings_raw = file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/admin/inc/' . $smtp_log);
$smtp_settings = unserialize($smtp_settings_raw);
$smtp_host = $smtp_settings['smtp_host'];
$smtp_port = $smtp_settings['smtp_port'];
$smtp_user = $smtp_settings['smtp_user'];
}
}
//pre($settings);
?>
</head>
<body>
/**
* Encrypts $value using public $type method in Security class
*
* @param string $value Value to encrypt
* @return string Encoded values
*/
protected function _encrypt($value)
{
if (is_array($value)) {
$value = $this->_implode($value);
}
if (!$this->_encrypted) {
return $value;
}
$prefix = "Q2FrZQ==.";
if ($this->_type === 'rijndael') {
$cipher = Security::rijndael($value, $this->key, 'encrypt');
}
if ($this->_type === 'cipher') {
$cipher = Security::cipher($value, $this->key);
}
if ($this->_type === 'aes') {
$cipher = Security::encrypt($value, $this->key);
}
return $prefix . base64_encode($cipher);
}
<?php
define('INCLUDE_CHECK', true);
include "security.php";
include "connect.php";
@($action = $_POST['action']);
@($client = $_POST['client']);
@($login = $_POST['login']);
@($passw = $_POST['passw']);
if ($action != null || $client != null || $login != null || $passw != null) {
$aes = Security::encrypt('auth:' . $client . ':' . $login . ':' . $passw . ':', $key2);
}
?>
<meta charset="utf-8">
<form action= "test.php" method= "POST">
<p>action<input type= "text" name= "action" value= "auth"> </p>
<p>client<input type= "text" name= "client" value= "vanilla179"> </p>
<p>login <input type= "text" name= "login" value= "zenit_"> </p>
<p>passw <input type= "text" name= "passw" value= "test"> </p>
<input type= "submit" value= "Зашифровать">
</form>
<form action= "launcher.php" method= "POST">
<p>action<input type= "text" name= "action" value= <?php
echo @$aes;
?>
> </p>
<input type= "submit" value= "Отправить aes на launcher.php">
</form>
<?php include 'security.php'; $value = "example"; $key = "1234567891234567"; //16 Character Key echo Security::encrypt($value, $key); echo Security::decrypt(Security::encrypt($value, $key), $key);
public function importdata2(Request $request)
{
$results = null;
$GLOBALS['empidReturn'] = "";
$file = $request->file('exelimport');
$request->file('exelimport')->move(storage_path() . '/public/import/', 'import.xlsx');
$retdate = Excel::load(storage_path('/public/import/import.xlsx'), function ($reader) {
$results = $reader->setDateColumns(array('startdate', 'enddate'))->get();
$data = array();
$dataupdate = array();
$datauser = array();
// $results = $reader->get();
$ret = $results->toArray();
$empidtoStatus = "123";
foreach ($ret as $index => $value) {
// var_dump($value["enddate"]);
$EMP_ID = $value["empid"];
$GLOBALS['empidReturn'] = $value["empid"];
$userinfo = DB::table('TBL_EMPLOYEE_INFO')->where('EMP_ID', $EMP_ID)->get();
$user = DB::table('TBL_USER')->where('EMP_ID', $EMP_ID)->get();
$TBL_EMP_PENSION = DB::table('TBL_EMP_PENSION')->where('EMP_ID', $EMP_ID)->get();
// $StatusID = $value["user_status_id"];
if ($TBL_EMP_PENSION == null) {
if ($userinfo == null) {
// var_dump($value["enddate"]);
$dateS = new Date($value["startdate"]);
$dateStart = date("d/m/Y", strtotime($dateS));
$dateE = new Date($value["enddate"]);
$dateEnd = date("d/m/Y", strtotime($dateE));
array_push($data, array('EMP_ID' => $value["empid"], 'PREFIX' => $value["prefix"], 'FULL_NAME' => $value["fullname"], 'ENG_NAME' => $value["engname"], 'FIRST_NAME' => $value["firstname"], 'LAST_NAME' => $value["lastname"], 'PRIORITY' => $value["priority"], 'JOB_ID' => $value["jobid"], 'JOB_DESC_SHT' => $value["jobdescsht"], 'JOB_DESC' => $value["jobdesc"], 'PER_ID' => $value["perid"], 'START_DATE' => $dateStart, 'END_DATE' => $dateEnd, 'COST_CENTER' => $value["costcenter"], 'C_LEVEL' => $value["clevel"], 'POST_ID' => $value["posid"], 'POS_DESC' => $value["posdesc"], 'ORG_ID' => $value["orgid"], 'ENG_FIRST_NAME' => $value["engfirstname"], 'ENG_LAST_NAME' => $value["englastname"], 'BIRTH_DATE' => $value["birthdate"], 'ORG_DESC' => $value["orgdesc"], 'PATH_ID' => $value["pathid"], 'DEP_ID' => $value["depid"], 'DIV_ID' => $value["divid"], 'SEC_ID' => $value["secid"], 'PART_ID' => $value["partid"], 'PARTH_SHT' => $value["pathsht"], 'DEP_SHT' => $value["depsht"], 'DIV_SHT' => $value["divsht"], 'SEC_SHT' => $value["secsht"], 'PATH_SHT' => $value["partsht"], 'PARTH_LNG' => $value["pathlng"], 'DEP_LNG' => $value["deplng"], 'DIV_LNG' => $value["divlng"], 'SEC_LNG' => $value["seclng"], 'PART_LNG' => $value["partlng"]));
} else {
$dateS = new Date($value["startdate"]);
$dateStart = date("d/m/Y", strtotime($dateS));
$dateE = new Date($value["enddate"]);
$dateEnd = date("d/m/Y", strtotime($dateE));
$dataupdate = array('EMP_ID' => $value["empid"], 'PREFIX' => $value["prefix"], 'FULL_NAME' => $value["fullname"], 'ENG_NAME' => $value["engname"], 'FIRST_NAME' => $value["firstname"], 'LAST_NAME' => $value["lastname"], 'PRIORITY' => $value["priority"], 'JOB_ID' => $value["jobid"], 'JOB_DESC_SHT' => $value["jobdescsht"], 'JOB_DESC' => $value["jobdesc"], 'PER_ID' => $value["perid"], 'START_DATE' => $dateStart, 'END_DATE' => $dateEnd, 'COST_CENTER' => $value["costcenter"], 'C_LEVEL' => $value["clevel"], 'POST_ID' => $value["posid"], 'POS_DESC' => $value["posdesc"], 'ORG_ID' => $value["orgid"], 'ENG_FIRST_NAME' => $value["engfirstname"], 'ENG_LAST_NAME' => $value["englastname"], 'BIRTH_DATE' => $value["birthdate"], 'ORG_DESC' => $value["orgdesc"], 'PATH_ID' => $value["pathid"], 'DEP_ID' => $value["depid"], 'DIV_ID' => $value["divid"], 'SEC_ID' => $value["secid"], 'PART_ID' => $value["partid"], 'PARTH_SHT' => $value["pathsht"], 'DEP_SHT' => $value["depsht"], 'DIV_SHT' => $value["divsht"], 'SEC_SHT' => $value["secsht"], 'PATH_SHT' => $value["partsht"], 'PARTH_LNG' => $value["pathlng"], 'DEP_LNG' => $value["deplng"], 'DIV_LNG' => $value["divlng"], 'SEC_LNG' => $value["seclng"], 'PART_LNG' => $value["partlng"]);
DB::table('TBL_EMPLOYEE_INFO')->where('EMP_ID', "=", $value["empid"])->update($dataupdate);
}
if ($user == null) {
$date = new Date();
$pri = $userinfo = DB::table('TBL_PRIVILEGE')->where('USER_PRIVILEGE_ID', 2)->get();
$datedata = $value["birthdate"];
$rest = substr("abcdef", -1);
// returns "f"
$rest = substr("abcdef", -2);
// returns "ef"
$rest = substr("abcdef", -3, 1);
// $newDate = substr($datedata, -2) . substr($datedata, -4,2). ((int)substr($datedata, -8, 4)) + 543;
$newDate = substr($datedata, -2) . substr($datedata, -4, 2) . ((int) substr($datedata, -8, 4) + 543);
$MEASecEncoe = new \Security();
$ecPass = $MEASecEncoe->encrypt($newDate, "#Gm2014\$06\$30@97");
// $ecPass = exec("cmd /c md5.bat -e ".$newDate." 2>&1");
//$ecPass = explode(':',$ecPass)[1];
$datedefault = new Date("9999-12-31 00:00:00.000");
$admin = 'Administrator';
$user_id = '2';
array_push($datauser, array('EMP_ID' => $EMP_ID, 'USERNAME' => $EMP_ID, 'PASSWORD' => $ecPass, 'PASSWORD_EXPIRE_DATE' => $datedefault, 'CREATE_DATE' => $date, 'CREATE_BY' => $admin, 'LAST_MODIFY_DATE' => $date, 'USER_PRIVILEGE_ID' => $user_id, 'ACCESS_PERMISSIONS' => $pri[0]->ACCESS_PERMISSIONS, 'USER_STATUS_ID' => 13, 'FIRST_LOGIN_FLAG' => 0, 'EMAIL_NOTIFY_FLAG' => 1));
}
}
$empidtoStatus .= "," . $EMP_ID;
}
DB::table('TBL_EMPLOYEE_INFO')->insert($data);
DB::table('TBL_USER')->insert($datauser);
//
// $sql = "UPDATE TBL_USER SET user_status_id= 14 WHERE EMP_ID NOT IN (".$empidtoStatus.")";
//
// DB::update(DB::raw($sql));
});
return response()->json(array('success' => true, 'html' => $GLOBALS['empidReturn']));
}
