public function add()
{
//assume there's no problem with authentication
$noauth = false;
//perform the authentication check and redirect on success
Session::delete('default');
$response = file_get_contents("http://ipinfo.io/{$_SERVER['REMOTE_ADDR']}");
$IPResponse = json_decode($response);
if ($IPResponse->tor) {
// Display error message or something
$user = "";
Session::delete('default');
return false;
}
$user = Users::find("first", array("conditions" => array("username" => $this->request->data['username'])));
$default = array('username' => $user['username'], '_id' => $user['_id'], 'firstname' => $user['firstname'], 'lastname' => $user['lastname'], 'email' => $user['email'], 'walletid' => $user['walletid']);
if (password_verify($this->request->data['password'], $user['password'])) {
//Redirect on successful login
$loginpassword = $this->request->data['loginpassword'];
Session::write('default', $default);
$details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id'])));
if ($details['active'] == "No") {
Session::delete('default');
return $this->redirect('/');
exit;
}
if ($details["EmailPasswordSecurity"] === "true" || $details["EmailPasswordSecurity"] === null) {
if ($details['oneCode'] === $this->request->data['loginpassword']) {
$data = array('oneCodeused' => 'Yes', 'lastconnected' => array('IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate()));
$details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id'])))->save($data);
$details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id'])));
if ($details["TOTP.Validate"] == 1 && $details["TOTP.Login"] == true) {
$totp = $this->request->data['totp'];
$ga = new GoogleAuthenticator();
if ($totp == "") {
Session::delete('default');
} else {
$checkResult = $ga->verifyCode($details['secret'], $totp, 2);
if ($checkResult == 1) {
Session::write('default', $default);
$user = Session::read('default');
/////////////////////////////////////////////////////////////////////////////////
$function = new Functions();
$IP = $function->get_ip_address();
$data = array('username' => $user['username'], 'IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate());
Logins::create()->save($data);
/////////////////////////////////////////////////////////////////////////////////
$user = Session::read('default');
return $this->redirect('ex::dashboard');
exit;
} else {
Session::delete('default');
}
}
} else {
Session::write('default', $default);
$user = Session::read('default');
/////////////////////////////////////////////////////////////////////////////////
$function = new Functions();
$IP = $function->get_ip_address();
$data = array('username' => $user['username'], 'IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate());
Logins::create()->save($data);
/////////////////////////////////////////////////////////////////////////////////
$user = Session::read('default');
return $this->redirect('ex::dashboard');
exit;
}
} else {
Session::delete('default');
}
} else {
$data = array('oneCodeused' => 'Yes', 'lastconnected' => array('IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate()));
$details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id'])))->save($data);
$details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id'])));
Session::write('default', $default);
$user = Session::read('default');
/////////////////////////////////////////////////////////////////////////////////
$function = new Functions();
$IP = $function->get_ip_address();
$data = array('username' => $user['username'], 'IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate());
Logins::create()->save($data);
/////////////////////////////////////////////////////////////////////////////////
$user = Session::read('default');
return $this->redirect('ex::dashboard');
}
}
//if theres still post data, and we weren't redirected above, then login failed
if ($this->request->data) {
//Login failed, trigger the error message
if (isset($this->request->query['check']) && $this->request->query['check'] == SECURITY_CHECK) {
$check = $this->request->query['check'];
}
$noauth = true;
}
//Return noauth status
$page = Pages::find('first', array('conditions' => array('pagename' => 'login')));
$title = $page['title'];
$keywords = $page['keywords'];
$description = $page['description'];
return compact('noauth', 'title', 'keywords', 'description');
return $this->redirect('/');
exit;
// Handle failed authentication attempts
}
public function settings()
{
$user = Session::read('default');
if ($user == "") {
return $this->redirect('wallet::login');
}
$wallet = Users::find("first", array("conditions" => array("walletid" => $user['walletid'])));
$details = Details::find("first", array("conditions" => array("walletid" => $user['walletid'])));
$greencoinAddress = $wallet['greencoinAddress'][0];
$address = Addresses::find("first", array("conditions" => array("a_id" => $greencoinAddress)));
//$txid = "315965f1702a9bc0f5dede3f8bb81e8497e004789965452988d136b16391b8a5";
$balance = $address['balance'] / 100000000;
$sent = $address['sent'] / 100000000;
$receive = $address['receive'] / 100000000;
if ($this->request->data) {
if (stristr($_SERVER['HTTP_REFERER'], COMPANY_URL) === FALSE) {
return $this->redirect('/wallet/login');
exit;
}
$data = array('alert.email.signin' => (bool) $this->request->data['alert_email_signin'], 'alert.email.receive' => (bool) $this->request->data['alert_email_receive'], 'alert.email.send' => (bool) $this->request->data['alert_email_send'], 'alert.phone.signin' => (bool) $this->request->data['alert_phone_signin'], 'alert.phone.receive' => (bool) $this->request->data['alert_phone_receive'], 'alert.phone.send' => (bool) $this->request->data['alert_phone_send'], 'password.send.email' => (bool) $this->request->data['password_send_email'], 'password.send.phone' => (bool) $this->request->data['password_send_phone']);
$conditions = array("walletid" => $user['walletid']);
$save = Details::update($data, $conditions);
}
$details = Details::find("first", array("conditions" => array("walletid" => $user['walletid'])));
$ga = new GoogleAuthenticator();
$secret = $details['secret'];
$qrCodeUrl = $ga->getQRCodeGoogleUrl(COMPANY_URL, $secret);
return compact('greencoinAddress', 'wallet', 'balance', 'sent', 'receive', 'user', 'details', 'qrCodeUrl');
}
public function register()
{
if (!$this->request->query['UserName']) {
return $this->render(array('json' => array("Error" => "Username not specified")));
}
if (!$this->request->query['FirstName']) {
return $this->render(array('json' => array("Error" => "Firstname not specified")));
}
if (!$this->request->query['LastName']) {
return $this->render(array('json' => array("Error" => "Lastname not specified")));
}
if (!$this->request->query['Email']) {
return $this->render(array('json' => array("Error" => "Email not specified")));
}
if (!$this->request->query['Password']) {
return $this->render(array('json' => array("Error" => "Password not specified")));
}
$uuid = new Uuid();
$ga = new GoogleAuthenticator();
$xemail = $uuid->hashme($this->request->query['Email']);
$xwalletid = $uuid->hashme($this->request->query['Walletid']);
$data = array('username' => $this->request->query['UserName'], 'firstname' => $this->request->query['FirstName'], 'lastname' => $this->request->query['LastName'], 'email' => $this->request->query['Email'], 'password' => password_hash($this->request->query['Password'], PASSWORD_BCRYPT), 'walletid' => $this->request->query['Walletid']);
$Users = Users::create($data);
$saved = $Users->save();
if ($saved == true) {
$verification = sha1($Users->_id);
$data = array('user_id' => (string) $Users->_id, 'username' => (string) $Users->username, 'email.verify' => $verification, 'email.verified' => "No", 'mobile.verified' => "No", 'mobile.number' => "", 'key' => $ga->createSecret(64), 'secret' => $ga->createSecret(64), 'walletid' => $this->request->query['Walletid']);
Details::create()->save($data);
} else {
return $this->render(array('json' => array("success" => 0)));
}
$xmain_email = $uuid->hashme(MAIN_EMAIL);
$xescrow_email = $uuid->hashme(ESCROW_EMAIL);
return $this->render(array('json' => array("success" => 1, "xemail" => $xemail, "xwalletid" => $xwalletid, "recordid" => (string) $Users->_id, "main_email" => MAIN_EMAIL, "escrow_email" => ESCROW_EMAIL, "xmain_email" => $xmain_email, "xescrow_email" => $xescrow_email)));
}
public function payment()
{
$title = "Payment";
if ($this->request->data) {
$verify = $this->request->data['verify'];
$username = $this->request->data['username'];
$password = $this->request->data['password'];
$admin = $this->request->data['admin'];
$totp = $this->request->data['totp'];
$currency = $this->request->data['currency'];
if ($password == "") {
return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify));
}
if ($admin == "") {
return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify));
}
$useradmin = Users::find('first', array('conditions' => array('username' => $admin, 'password' => String::hash($password))));
$pos = strrpos($useradmin['email'], 'siicrypto.com');
if ($pos === false) {
// note: three equal signs
return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify));
}
$detailadmin = Details::find('first', array('conditions' => array('username' => $admin)));
$ga = new GoogleAuthenticator();
if ($totp == "") {
return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify));
} else {
$checkResult = $ga->verifyCode($detailadmin['secret'], $totp, 2);
if ($checkResult != 1) {
return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify));
}
}
$transaction = Transactions::find('first', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Currency' => $currency, 'Paid' => 'No')));
$user = Users::find('first', array('conditions' => array('username' => $username)));
$id = $user['_id'];
$email = $user['email'];
if ($id == "") {
return $this->redirect('/login');
}
$details = Details::find('first', array('conditions' => array('user_id' => (string) $id)));
$amount = abs($transaction['Amount']);
if ($details['balance.' . $currency] <= $amount) {
$txmessage = "Not Sent! Amount does not match!";
return compact('txmessage');
}
///////////////////Special for bitcoin as it uses blockchain!
if ($currency == 'BTC') {
$guid = BITCOIN_GUID;
$firstpassword = BITCOIN_FIRST;
$secondpassword = BITCOIN_SECOND;
$amount = abs($transaction['Amount']);
if ($details['balance.BTC'] <= $amount) {
return false;
}
$fee = $transaction['txFee'];
$address = $transaction['address'];
$satoshi = (double) $amount * 100000000;
$fee_satoshi = (double) $fee * 100000000;
$json_url = "http://blockchain.info/merchant/{$guid}/payment?password={$firstpassword}&second_password={$secondpassword}&to={$address}&amount={$satoshi}&fee={$fee_satoshi}";
$json_data = file_get_contents($json_url);
$json_feed = json_decode($json_data);
$txmessage = $json_feed->message;
$txid = $json_feed->tx_hash;
if ($txid != null) {
$data = array('DateTime' => new \MongoDate(), 'TransactionHash' => $txid, 'Paid' => 'Yes', 'Transfer' => $txmessage, 'Admin' => $admin);
$transaction = Transactions::find('first', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Paid' => 'No')))->save($data);
}
} else {
// print_r($currency);
// print_r($address);
// print_r($comment);
$amount = abs($transaction['Amount']);
if ($details['balance.' . $currency] <= $amount) {
return false;
}
$fee = abs($transaction['txFee']);
$address = $transaction['address'];
$satoshi = (double) $amount * 100000000;
$fee_satoshi = (double) $fee * 100000000;
///////////////////// Change of code required when Virtual Currency added
switch ($currency) {
case "LTC":
$coin = new Litecoin('http://' . LITECOIN_WALLET_SERVER . ':' . LITECOIN_WALLET_PORT, LITECOIN_WALLET_USERNAME, LITECOIN_WALLET_PASSWORD);
break;
case "XGC":
$coin = new Greencoin('http://' . GREENCOIN_WALLET_SERVER . ':' . GREENCOIN_WALLET_PORT, GREENCOIN_WALLET_USERNAME, GREENCOIN_WALLET_PASSWORD);
break;
}
}
// End for /////////////////// Change of code required when Virtual Currency added
$comment = "User: "******"; Address: " . $address . "; Amount:" . $amount . ";";
if ($currency == 'LTC' || $currency == 'XGC') {
if ((double) $details['balance.' . $currency] >= (double) $amount) {
$settxfee = $coin->settxfee($fee);
$txid = $coin->sendfrom('NilamDoctor', $address, (double) $amount, (int) 1, $comment);
}
}
if ($txid != null) {
$data = array('DateTime' => new \MongoDate(), 'TransactionHash' => $txid, 'Added' => false, 'Paid' => 'Yes', 'Transfer' => $comment, 'Admin' => $admin);
$transaction = Transactions::find('all', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Currency' => $currency, 'Paid' => 'No')))->save($data);
$transaction = Transactions::find('first', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Currency' => $currency, 'Paid' => 'Yes')));
$balance = (double) $details['balance.' . $currency] - (double) $amount;
$balance = (double) $balance + (double) $fee;
$dataDetails = array('balance.' . $currency => (double) $balance);
$details = Details::find('all', array('conditions' => array('user_id' => (string) $id)))->save($dataDetails);
$view = new View(array('loader' => 'File', 'renderer' => 'File', 'paths' => array('template' => '{:library}/views/{:controller}/{:template}.{:type}.php')));
$body = $view->render('template', compact('transaction', 'details', 'txid', 'currency'), array('controller' => 'users', 'template' => 'withdrawSent', 'type' => 'mail', 'layout' => false));
$transport = Swift_MailTransport::newInstance();
$mailer = Swift_Mailer::newInstance($transport);
$message = Swift_Message::newInstance();
$message->setSubject($currency . " sent from " . COMPANY_URL);
$message->setFrom(array(NOREPLY => $currency . ' sent from ' . COMPANY_URL));
$message->setTo($email);
$message->addBcc(MAIL_1);
$message->addBcc(MAIL_2);
$message->addBcc(MAIL_3);
$message->setBody($body, 'text/html');
$txmessage = number_format($amount, 8) . $currency . " transfered to " . $address;
$mailer->send($message);
}
$transactions = Transactions::find('first', array('conditions' => array('username' => $user['username'], 'Added' => false, 'Currency' => $currency, 'Paid' => 'No')));
return compact('txmessage', 'txid', 'json_url', 'json_feed', 'title', 'currency', 'transactions');
}
}
public function CheckTOTP()
{
$user = Session::read('default');
if ($user == "") {
return $this->redirect('wallet::login');
}
$wallet = Users::find("first", array("conditions" => array("walletid" => $user['walletid'])));
$details = Details::find('first', array('conditions' => array('walletid' => $user['walletid'])));
$CheckCode = $this->request->query['CheckCode'];
$ga = new GoogleAuthenticator();
$checkResult = $ga->verifyCode($details['secret'], $CheckCode, 2);
if ($checkResult) {
$data = array('withdraw.security.totp' => true);
$conditions = array("walletid" => $user['walletid']);
$save = Details::update($data, $conditions);
return $this->render(array('json' => array('success' => 1)));
} else {
$data = array('withdraw.security.totp' => false);
$conditions = array("walletid" => $user['walletid']);
$save = Details::update($data, $conditions);
return $this->render(array('json' => array('success' => 0)));
}
}
public function CheckTOTP()
{
$user = Session::read('default');
if ($user == "") {
return $this->render(array('json' => false));
}
$id = $user['_id'];
$details = Details::find('first', array('conditions' => array('user_id' => (string) $id)));
$CheckCode = $this->request->query['CheckCode'];
$ga = new GoogleAuthenticator();
$checkResult = $ga->verifyCode($details['secret'], $CheckCode, 2);
if ($checkResult) {
$data = array('TOTP.Validate' => false, 'TOTP.Security' => false);
$details = Details::find('first', array('conditions' => array('user_id' => (string) $id)))->save($data);
return $this->render(array('json' => true));
} else {
return $this->render(array('json' => false));
}
}
