function __construct($to, $subject, $body, $from, $html = false)
{
$this->headers['To'] = $this->encode_header_fld($to);
$this->headers['Subject'] = $this->encode_header_fld($subject);
$this->headers['Date'] = date('r');
$this->headers['Message-ID'] = '<' . md5(uniqid(rand(), 1)) . '@' . php_uname('n') . '>';
$this->boundary = Hm_Crypt::unique_id(32);
$this->html = $html;
$this->body = $this->prep_message_body($body);
}
/**
* Generate a random string
* @param int $size
* @return string
*/
public static function random($size = 128)
{
if (function_exists('mcrypt_create_iv') && defined('MCRYPT_DEV_URANDOM')) {
$res = mcrypt_create_iv($size, MCRYPT_DEV_URANDOM);
self::$strong = true;
} else {
$res = openssl_random_pseudo_bytes(128, $strong);
self::$strong = $strong;
}
return $res;
}
/**
* Copies the site.js and site.css files to the site/ directory, and creates
* a production version of the index.php file.
*
* @return void
*/
function create_production_site($assets, $settings)
{
if (!is_readable('site/')) {
mkdir('site', 0755);
}
printf("creating production site\n");
copy('site.css', 'site/site.css');
copy('site.js', 'site/site.js');
$index_file = file_get_contents('index.php');
$index_file = preg_replace("/APP_PATH', ''/", "APP_PATH', '" . APP_PATH . "'", $index_file);
$index_file = preg_replace("/CACHE_ID', ''/", "CACHE_ID', '" . urlencode(Hm_Crypt::unique_id(32)) . "'", $index_file);
$index_file = preg_replace("/SITE_ID', ''/", "SITE_ID', '" . urlencode(Hm_Crypt::unique_id(64)) . "'", $index_file);
$index_file = preg_replace("/DEBUG_MODE', true/", "DEBUG_MODE', false", $index_file);
file_put_contents('site/index.php', $index_file);
foreach ($assets as $path) {
copy_recursive($path);
}
}
/**
* Create a new user in the DB
* @param object $request request details
* @param string $user username
* @param string $pass password
* @return bool
*/
public function create($user, $pass)
{
$this->connect();
$created = false;
$sql = $this->dbh->prepare("select username from hm_user where username = ?");
if ($sql->execute(array($user))) {
$res = $sql->fetch();
if (!empty($res)) {
Hm_Msgs::add("ERRThat username is already in use");
} else {
$sql = $this->dbh->prepare("insert into hm_user values(?,?)");
$hash = Hm_Crypt::hash_password($pass);
if ($sql->execute(array($user, $hash))) {
Hm_Msgs::add("Account created");
$created = true;
}
}
}
return $created;
}
function prep_message_body()
{
$body = $this->body;
if (!$this->html) {
$body = mb_convert_encoding(trim($body), "HTML-ENTITIES", "UTF-8");
$body = mb_convert_encoding($body, "UTF-8", "HTML-ENTITIES");
if (!empty($this->attachments)) {
$this->headers['Content-Type'] = 'multipart/mixed; boundary=' . $this->boundary;
$body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n%s", $this->boundary, $this->format_message_text($body));
} else {
$this->headers['Content-Type'] = 'text/plain; charset=UTF-8; format=flowed';
$this->headers['Content-Transfer-Encoding'] = 'quoted-printable';
$body = $this->format_message_text($body);
}
} else {
$txt = convert_html_to_text($body);
if (!empty($this->attachments)) {
$alt_boundary = Hm_Crypt::unique_id(32);
$this->headers['Content-Type'] = 'multipart/mixed; boundary=' . $this->boundary;
$this->text_body = sprintf("--%s\r\nContent-Type: multipart/alternative; boundary=" . "\"%s\"\r\n\r\n--%s\r\nContent-Type: text/plain; charset=UTF-8; " . "format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n%s", $this->boundary, $alt_boundary, $alt_boundary, $this->format_message_text($txt));
$body = sprintf("--%s\r\nContent-Type: text/html; charset=UTF-8; format=flowed\r\n" . "Content-Transfer-Encoding: quoted-printable\r\n\r\n%s\r\n\r\n--%s--", $alt_boundary, $this->format_message_text($body), $alt_boundary);
} else {
$this->headers['Content-Type'] = 'multipart/alternative; boundary=' . $this->boundary;
$this->text_body = sprintf("--%s\r\nContent-Type: text/plain; charset=UTF-8; " . "format=flowed\r\nContent-Transfer-Encoding: quoted-printable\r\n\r\n%s", $this->boundary, $this->format_message_text($txt));
$body = sprintf("--%s\r\nContent-Type: text/html; charset=UTF-8; format=flowed\r\n" . "Content-Transfer-Encoding: quoted-printable\r\n\r\n%s", $this->boundary, $this->format_message_text($body));
}
}
$this->body = $body;
}
/**
* @preserveGlobalState disabled
* @runInSeparateProcess
*/
public function test_unique_id()
{
$this->assertEquals(24, strlen(base64_decode(Hm_Crypt::unique_id(24))));
$this->assertEquals(48, strlen(base64_decode(Hm_Crypt::unique_id(48))));
$this->assertEquals(128, strlen(base64_decode(Hm_Crypt::unique_id())));
}
public function process()
{
if (array_key_exists('upload_file', $this->request->files)) {
$file = $this->request->files['upload_file'];
if (is_readable($file['tmp_name'])) {
$content = file_get_contents($file['tmp_name']);
if ($content) {
$content = Hm_Crypt::ciphertext($content, Hm_Request_Key::generate());
$filename = hash('sha512', $content);
$filepath = $this->config->get('attachment_dir');
if ($filepath) {
$filepath = rtrim($filepath, '/');
if (@file_put_contents($filepath . '/' . $filename, $content)) {
$file['filename'] = $filepath . '/' . $filename;
$file['basename'] = $filename;
$files = $this->session->get('uploaded_files', array());
$this->session->set('uploaded_files', array_merge($files, array($file)));
$this->out('upload_file_details', $file);
} else {
Hm_Msgs::add('ERRAn error occurred saving the uploaded file.');
}
} else {
Hm_Msgs::add('ERRNo directory configured for uploaded files.');
}
} else {
Hm_Msgs::add('ERRAn error occurred reading the uploaded file.');
}
} else {
Hm_Msgs::add('ERRAn error occurred reading the uploaded file.');
}
}
}
/**
* @preserveGlobalState disabled
* @runInSeparateProcess
*/
public function test_random_bytes_check()
{
$this->assertTrue(Hm_Crypt::random_bytes_check());
Hm_Crypt::$strong = false;
$this->assertFalse(Hm_Crypt::random_bytes_check());
}
/**
* Set the session level encryption key
* @param object $request request details
* @return void
*/
protected function set_key($request)
{
$this->enc_key = Hm_Crypt::unique_id();
$this->secure_cookie($request, 'hm_id', $this->enc_key);
}
/**
* Start a new session
* @param object $request request details
* @return void
*/
public function start_new_session($request)
{
$this->session_key = Hm_Crypt::unique_id();
$this->secure_cookie($request, $this->cname, $this->session_key, 0);
if ($this->insert_session_row()) {
$this->active = true;
}
}
/**
* Generate a strong random salt (hopefully)
* @return string
*/
public static function generate_salt()
{
/* generate random bytes */
$res = openssl_random_pseudo_bytes(128, $strong);
self::$strong = $strong;
return $res;
}
/**
* Save user settings to the DB
* @param string $username username
* @param string $key encryption key
* @return void
*/
public function save($username, $key)
{
$config = Hm_Crypt::ciphertext(serialize($this->config), $key);
if (!$this->connect()) {
return false;
}
$sql = $this->dbh->prepare("update hm_user_settings set settings=? where username=?");
if ($sql->execute(array($config, $username)) && $sql->rowCount() == 1) {
Hm_Debug::add(sprintf("Saved user data to DB for %s", $username));
return true;
}
$sql = $this->dbh->prepare("insert into hm_user_settings values(?,?)");
if ($sql->execute(array($username, $config))) {
return true;
}
return false;
}