Пример #1
0
function blockem_prepare_body(&$a, &$b)
{
    if (!local_user()) {
        return;
    }
    $words = null;
    if (local_user()) {
        $words = get_pconfig(local_user(), 'blockem', 'words');
    }
    if ($words) {
        $arr = explode(',', $words);
    } else {
        return;
    }
    $found = false;
    if (count($arr)) {
        foreach ($arr as $word) {
            if (!strlen(trim($word))) {
                continue;
            }
            if (link_compare($b['item']['author-link'], $word)) {
                $found = true;
                break;
            }
        }
    }
    if ($found) {
        $rnd = random_string(8);
        $b['html'] = '<div id="blockem-wrap-' . $rnd . '" class="fakelink" onclick=openClose(\'blockem-' . $rnd . '\'); >' . sprintf(t('Blocked %s - Click to open/close'), $word) . '</div><div id="blockem-' . $rnd . '" style="display: none; " >' . $b['html'] . '</div>';
    }
}
Пример #2
0
 public function register()
 {
     $this->form_validation->set_rules('reg_username', 'Username', 'required|trim|alpha_numeric|min_length[6]|max_length[50]|xss_clean|strtolower|callback_check_new_username');
     $this->form_validation->set_rules('reg_name', 'Name', 'trim|min_length[6]|max_length[50]|xss_clean');
     $this->form_validation->set_rules('reg_email', 'Email Address', 'trim|min_length[6]|max_length[50]|valid_email|xss_clean|callback_check_new_email');
     $this->form_validation->set_rules('reg_password', 'Password', 'required|trim|min_length[6]|max_length[50]|xss_clean');
     $this->form_validation->set_rules('reg_conf_password', 'Password Confirmation', 'required|trim|min_length[6]|max_length[50]|matches[reg_password]|xss_clean');
     if ($this->form_validation->run() == FALSE) {
         $this->load->view('view_register');
     } else {
         // we are good. we will process the form
         extract($_POST);
         $this->user_model->register_user($reg_username, $reg_password, $reg_name, $reg_email);
         // Send activation email
         $this->load->library('email');
         $this->email->from('*****@*****.**', 'al');
         $this->email->to($reg_email);
         $this->email->subject('Registration Confirmation');
         $this->load->helper('string');
         $activation_code = random_string('alnum', 10);
         $this->email->message('Click the link below to activate your account' . anchor('http://localhost/codetwo/index.php/user/confirmation_activation/' . $activation_code, 'Confirmation Register'));
         $this->email->send();
         echo "Activation email has been sent to {$reg_email}<br>";
         echo "You have successfully registered!";
     }
 }
Пример #3
0
 public function respaldar()
 {
     $id_perfil = $this->session->userdata('id_perfil');
     switch ($id_perfil) {
         case 1:
             $this->load->dbutil();
             $nom_bd = 'utm';
             //Las preferencias de copia de seguridad son establecidas enviando un arreglo de valores como primer parámetro de la función "backup".
             $prefs = array('ignore' => array(), 'format' => 'zip', 'filename' => 'utm.sql', 'add_drop' => TRUE, 'add_insert' => TRUE, 'newline' => "\n");
             if ($this->dbutil->database_exists($nom_bd)) {
                 // Crea una copia de seguridad de toda la base de datos y la asigna a una variable
                 $copia_de_seguridad =& $this->dbutil->backup($prefs);
                 $nombre = 'respaldo_' . date('d') . date('m') . date('Y') . '_' . random_string('alpha', 4) . random_string('numeric', 3) . '.zip';
                 // Carga el asistente de archivos y escribe el archivo en su servidor
                 $this->load->helper('file');
                 write_file('./uploads/respaldos/' . $nombre, $copia_de_seguridad);
                 // Carga el asistente de descarga y envía el archivo a su escritorio
                 /*
                                                 $this->load->helper('download');
                                                 force_download('copia_de_seguridad.gz', $copia_de_seguridad);          
                 */
                 echo TRUE;
             } else {
                 echo '<span class="error">No se realizar la salva de la base de datos</span>';
             }
             //redirect('usuarios');
             break;
         default:
             echo '<span class="error">No se realizar la salva de la base de datos</span>';
             break;
     }
 }
Пример #4
0
function img_func($atts, $content = '')
{
    $id = random_string('alnum', 16);
    $sd = '[/col]';
    $string = "<div class='col-sm-{$atts['foo']} move' id='{$id}' mwidth='{$atts['foo']}'> \n\t\t\t<header class='panel-heading font-bold'> \n\t\t\t\t<span style='color:#fff;'>ff</span> \n\t\t\t\t<div class='handle fa fa-arrows'></div> \n\t\t\t\t<div class='shrink fa fa-minus-square'></div> \n\t\t\t\t<div class='grow fa fa-plus-square'></div> \n\t\t\t\t<div class='remove fa fa-trash-o'></div>\n\t\t\t</header> \n\t\t\t<section class='panel'> \n\t\t\t\t<div class='panel-body'> \n\t\t\t\t\t<div class='form-group'> \n\t\t\t\t\t\t<label>Content</label> \n\t\t\t\t\t\t <img class='img-responsive' src='{$content}' alt='image' />\n\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t<div class='image'></div>\n\t\t\t\t\t</div> \n\t\t\t\t\t<div class='shorttag' id='shorttag-{$id}' style='display:none;'>[col foo='{$atts['foo']}'][img src='{$content}'][/img]{$sd}</div> \n\t\t\t\t<button type='submit' class='btn btn-info btn-s-xs pp-img' mid='{$id}' mpath='{$content}'><strong>Save</strong></button> \n\t\t\t\t</div> \n\n\t\t\t</section>\n\t\t </div>";
    return $string;
}
Пример #5
0
 public function olvido_form()
 {
     $this->form_validation->set_rules('email', 'E-Mail', 'required|callback_check_usuario_existe');
     $respuesta = new stdClass();
     if ($this->form_validation->run() == TRUE) {
         $random = random_string('alnum', 16);
         $usuario = Doctrine::getTable('UsuarioBackend')->findOneByEmail($this->input->post('email'));
         $usuario->reset_token = $random;
         $usuario->save();
         $cuenta = Cuenta::cuentaSegunDominio();
         if (is_a($cuenta, 'Cuenta')) {
             $this->email->from($cuenta->nombre . '@chilesinpapeleo.cl', $cuenta->nombre_largo);
         } else {
             $this->email->from('*****@*****.**', 'Simple');
         }
         $this->email->to($usuario->email);
         $this->email->subject('Reestablecer contraseña');
         $this->email->message('<p>Haga click en el siguiente link para reestablecer su contraseña:</p><p><a href="' . site_url('backend/autenticacion/reestablecer?id=' . $usuario->id . '&reset_token=' . $random) . '">' . site_url('autenticacion/reestablecer?id=' . $usuario->id . '&reset_token=' . $random) . '</a></p>');
         $this->email->send();
         $this->session->set_flashdata('message', 'Se le ha enviado un correo con instrucciones de como reestablecer su contraseña.');
         $respuesta->validacion = TRUE;
         $respuesta->redirect = site_url('backend/autenticacion/login');
     } else {
         $respuesta->validacion = FALSE;
         $respuesta->errores = validation_errors();
     }
     echo json_encode($respuesta);
 }
Пример #6
0
 public function SaveAttachment()
 {
     $this->load->helper(array('string', 'url', 'file', 'form'));
     $root = 'files/unitee/compras/';
     $dir = isset($_REQUEST['directory']) ? $_REQUEST['directory'] : NULL;
     $name = random_string("md5");
     if (!is_null($dir)) {
         if (!file_exists(FCPATH . $root . $dir)) {
             if (!mkdir(FCPATH . $root . $dir, 0775)) {
                 $dir = "";
             }
         }
     }
     $this->load->library("base_upload");
     $this->base_upload->set_path("./" . $root . ($dir != '' ? $dir . "/" : ''));
     $this->base_upload->set_filename(array($name));
     $this->base_upload->Do_MultiUpload('files');
     $f = array();
     $f[0]['name'] = $_FILES['files']['name'];
     $f[0]['size'] = $_FILES['files']['size'];
     $f[0]['url'] = FCPATH . $root . ($dir != '' ? $dir . "/" : '') . $name;
     $f[0]['thumbnailUrl'] = FCPATH . $root . ($dir != '' ? $dir . "/" : '') . $name;
     $f[0]['deleteUrl'] = NULL;
     $f[0]['deleteType'] = NULL;
     $f[0]['error'] = NULL;
     $f[0]['data'] = json_encode(array("name" => $_FILES['files']['name'], "document" => $name, "directory" => $dir));
     $this->output->set_content_type('application/json')->set_output(json_encode(array('files' => $f)));
 }
Пример #7
0
 function authenticate()
 {
     $username = $this->input->post('username', TRUE);
     $password = $this->input->post('password', TRUE);
     if ($user_info = $this->twfunctions->getAuthenticateData($username)) {
         $row = $user_info[0];
         if (($username == $row->username || $username == $row->email) && md5($password) == $row->password) {
             $access_token = random_string('alnum', 32);
             if ($this->twfunctions->setApiLoginAccessToken($row->id_users, $access_token)) {
                 $user_session = $row->session_id . '_' . $access_token;
                 if ($this->twfunctions->set_login_log($row->id_users)) {
                 }
                 $session_data = array('username' => $row->username, 'session_id' => $user_session, 'logged_in' => TRUE);
                 $this->session->set_userdata($session_data);
                 //redirect('dashboard');
                 echo "{\"response\":{\"success\":true,\"message\":\"Successfully Logged in\",\"logged_in\":true,\"user_id\":" . $row->id_users . ",\"username\":\"" . $row->username . "\",\"access_token\":\"" . $access_token . "\"}}";
                 return;
             } else {
                 //$this->session->set_flashdata('alert', 'Error');
                 //redirect('login');
                 echo "{\"response\":{\"success\":true,\"message\":\"Something went wrong\",\"logged_in\":false}}";
                 return;
             }
         } else {
             //$this->session->set_flashdata('alert', 'Invalid password');
             //redirect('login');
             echo "{\"response\":{\"success\":true,\"message\":\"Invalid password\",\"logged_in\":false}}";
             return;
         }
     }
     //$this->session->set_flashdata('alert', 'Not user or not activated.');
     //redirect('login');
     echo "{\"response\":{\"success\":true,\"message\":\"Not user or not activated\",\"logged_in\":false}}";
     return;
 }
Пример #8
0
 /**
  * Refresh the user's token
  *
  * This should generally be used any time you need to create a new token
  * for a user. Definitely call this on login and logout.
  *
  * @return String new token
  */
 public function refresh_token()
 {
     $token = random_string('encrypt');
     $this->backend->delete_token();
     $this->backend->store_token($token);
     return $token;
 }
Пример #9
0
 private function resetpassword($user)
 {
     date_default_timezone_set('Asia/Jakarta');
     $this->load->helper('string');
     $password = random_string('alnum', 16);
     $this->load->library('email');
     $this->email->from('*****@*****.**', 'Administrator');
     $this->email->to($user->user_email);
     $this->email->subject('Password reset');
     $this->email->message('You have requested the new password, Here is your new password:'******' for login into Adneys Shop');
     $sendemail = $this->email->send();
     if ($sendemail) {
         $this->db->where('id_user', $user->id_user);
         //        $this->db->update('users_tabel', array('user_password' => MD5($password), 'confirm_password' => MD5($password)));
         $this->db->update('users_tabel', array('user_password' => $password, 'confirm_password' => $password));
         $data['title'] = "Login | Adney's Shop";
         $this->session->set_flashdata('message', '<div class="alert alert-success">Your Password has been reset and has been sent to email id:' . $user->user_email . '</div>');
         redirect('public/logins', $data);
     } else {
         show_error($this->email->print_debugger());
         $data['title'] = "Login | Adney's Shop";
         $this->session->set_flashdata('message', '<div class="alert alert-danger">Gagal Mengirimkan Kode Reset password ke email anda:' . $user->user_email . '</div>');
         redirect('public/logins', $data);
     }
 }
Пример #10
0
 function generate_mdp()
 {
     $this->load->helper('security');
     $this->load->helper('string');
     $mdp = MD5(random_string('alnum', 12));
     return $mdp;
 }
Пример #11
0
 function new_comment($data)
 {
     // Look and see if the email address already exists in the users
     // table, if it does, return the primary key, if not create them
     // a user account and return the primary key
     $usr_email = $data['usr_email'];
     $query = $this->db->select('*')->from('users')->where('usr_email', $usr_email);
     $result = $this->db->get($query);
     if ($result->num_rows() > 0) {
         // if we arrive here in the code, then the email address is obv already
         // in the database, so we grap the users' primary key and store it in $data['usr_id']
         foreach ($result->result() as $rows) {
             $data['usr_id'] = $rows->usr_id;
         }
     } else {
         // create the user and return the priamry key
         $password = random_string('alnum', 16);
         $hash = $this->encrypt->sha1($password);
         $user_data = array('usr_email' => $data['usr_email'], 'usr_name' => $data['usr_name'], 'usr_is_acctive' => '1', 'usr_level' => '1', 'usr_hash' => $hash);
         if ($this->db->insert('users' . $user_data)) {
             $data['usr_id'] = $this->db->insert_id();
         }
     }
     $comment_data = array('cm_body' => $data['cm_body'], 'ds_id' => $data['ds_id'], 'cm_is_active' => '1', 'usr_id' => $data['usr_id']);
     if ($this->db->insert('comments', $comment_data)) {
         return $this->db->insert_id();
     } else {
         return false;
     }
 }
Пример #12
0
 public function _init()
 {
     $this->load->model("proveedor/view_proveedor", "prov");
     $this->load->model("productos/view_producto", "prod");
     $this->load->helper(array("form", "string"));
     $this->load->view("compra/compra_new", array("prov" => $this->prov->get_Allproviders(), "prod" => $this->prod->get_products(), "upload_dir" => random_string()));
 }
Пример #13
0
function lostpass_content(&$a)
{
    if (x($_GET, 'verify')) {
        $verify = $_GET['verify'];
        $r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify));
        if (!$r) {
            notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
            goaway(z_root());
            return;
        }
        $aid = $r[0]['account_id'];
        $email = $r[0]['account_email'];
        $new_password = autoname(6) . mt_rand(100, 9999);
        $salt = random_string(32);
        $password_encoded = hash('whirlpool', $salt . $new_password);
        $r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid));
        if ($r) {
            $tpl = get_markup_template('pwdreset.tpl');
            $o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
            info("Your password has been reset." . EOL);
            $email_tpl = get_intltext_template("passchanged_eml.tpl");
            $message = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
            $subject = email_header_encode(sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'UTF-8');
            $res = mail($email, $subject, $message, 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
            return $o;
        }
    } else {
        $tpl = get_markup_template('lostpass.tpl');
        $o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset')));
        return $o;
    }
}
Пример #14
0
 function datos($campo_id, $etapa_id)
 {
     $etapa = Doctrine::getTable('Etapa')->find($etapa_id);
     if (UsuarioSesion::usuario()->id != $etapa->usuario_id) {
         echo 'Usuario no tiene permisos para subir archivos en esta etapa';
         exit;
     }
     $campo = Doctrine_Query::create()->from('Campo c, c.Formulario.Pasos.Tarea.Etapas e')->where('c.id = ? AND e.id = ?', array($campo_id, $etapa_id))->fetchOne();
     if (!$campo) {
         echo 'Campo no existe';
         exit;
     }
     // list of valid extensions, ex. array("jpeg", "xml", "bmp")
     $allowedExtensions = array('gif', 'jpg', 'png', 'pdf', 'doc', 'docx', 'zip', 'rar', 'ppt', 'pptx', 'xls', 'xlsx', 'mpp', 'vsd');
     if (isset($campo->extra->filetypes)) {
         $allowedExtensions = $campo->extra->filetypes;
     }
     // max file size in bytes
     $sizeLimit = 20 * 1024 * 1024;
     $uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
     $result = $uploader->handleUpload('uploads/datos/');
     if (isset($result['success'])) {
         $file = new File();
         $file->tramite_id = $etapa->Tramite->id;
         $file->filename = $result['file_name'];
         $file->tipo = 'dato';
         $file->llave = strtolower(random_string('alnum', 12));
         $file->save();
         $result['id'] = $file->id;
         $result['llave'] = $file->llave;
     }
     // to pass data through iframe you will need to encode all html tags
     echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);
 }
 public function forgotpassword()
 {
     $data = '';
     $post = $this->input->post();
     if ($post) {
         $error = array();
         $e_flag = 0;
         if (!valid_email(trim($post['email'])) && trim($post['email']) == '') {
             $error['email'] = 'Please enter email.';
             $e_flag = 1;
         }
         if ($e_flag == 0) {
             $where = array('email' => trim($post['email']), 'role' => 'admin');
             $user = $this->common_model->selectData(ADMIN, '*', $where);
             if (count($user) > 0) {
                 $newpassword = random_string('alnum', 8);
                 $data = array('password' => md5($newpassword));
                 $upid = $this->common_model->updateData(ADMIN, $data, $where);
                 $emailTpl = $this->load->view('email_templates/admin_forgot_password', array('username' => $user[0]->name, 'password' => $newpassword), true);
                 $ret = sendEmail($user[0]->email, SUBJECT_LOGIN_INFO, $emailTpl, FROM_EMAIL, FROM_NAME);
                 if ($ret) {
                     $flash_arr = array('flash_type' => 'success', 'flash_msg' => 'Login details sent successfully.');
                 } else {
                     $flash_arr = array('flash_type' => 'error', 'flash_msg' => 'An error occurred while processing.');
                 }
                 $data['flash_msg'] = $flash_arr;
             } else {
                 $error['email'] = "Invalid email address.";
             }
         }
         $data['error_msg'] = $error;
     }
     $this->load->view('index/forgotpassword', $data);
 }
Пример #16
0
 public function forgot_password($email)
 {
     $member = $this->get_member('email', $email);
     // If member exists
     if ($member) {
         // Check is member is a admin or boardmember
         if (!$this->is_boardmember($member->id) && !$this->is_admin($member->id)) {
             error('Access denied.');
             return false;
         }
         // Send mail
         $token = random_string('alnum', 34);
         $this->load->model('Email_model');
         $email = $this->Email_model->send_forgot_password($member->email, $token, $member->fullname);
         // Check if sent
         if (!$email) {
             error('The password reset could not be sent out. If this error remains, please contact info@makerspace.se.');
         } else {
             $this->db->update('members', array('reset_token' => $token, 'reset_expire' => strtotime('+3 days')), array('id' => $member->id));
             message('An password reset link has been sent to your e-mail. Please note that the link expires in 3 days.');
         }
     } else {
         error('No account with that e-mail was found. Please try again.');
     }
 }
Пример #17
0
    public function generar($etapa_id) {
        $etapa = Doctrine::getTable('Etapa')->find($etapa_id);

        $filename_uniqid = uniqid();
        
        //Generamos el file
        $file = new File();
        $file->tramite_id = $etapa->tramite_id;
        $file->tipo = 'documento';
        $file->llave = strtolower(random_string('alnum', 12));
        $file->llave_copia = $this->tipo == 'certificado' ? strtolower(random_string('alnum', 12)) : null;
        $file->llave_firma = strtolower(random_string('alnum', 12));
        if($this->tipo=='certificado'){
            $file->validez = $this->validez;
            $file->validez_habiles= $this->validez_habiles;
        }
        $file->filename = $filename_uniqid . '.pdf';
        $file->save();

        //Renderizamos     
        $this->render($file->id, $file->llave_copia, $etapa->id, $file->filename, false);
        $filename_copia = $filename_uniqid . '.copia.pdf';
        $this->render($file->id, $file->llave_copia, $etapa->id,$filename_copia, true);

        return $file;
    }
 function create_reset_code($user_id = NULL)
 {
     $this->db->trans_start();
     // remove any existing reset codes for this user_id avoids clutter
     $this->db->where('user_id', $user_id);
     $this->db->delete($this->_table['users_password_reset']);
     $unique = FALSE;
     $loop = 1;
     while ($unique == FALSE) {
         // generate a reset code
         $reset_code = $new_pass = random_string('alnum', 50);
         // Run a query to make sure that this reset code is unique
         $query = $this->db->query("SELECT password_reset_code  \t\n\t\t\t\t\t\t\t\t\t\tFROM " . $this->_table['users_password_reset'] . "\n\t\t\t\t\t\t\t\t\t\tWHERE password_reset_code = " . $this->db->escape($reset_code) . "");
         if ($query->num_rows == 0) {
             $unique = TRUE;
         }
         $loop++;
     }
     // insert new reset code
     $datetime = date('c');
     $this->db->insert($this->_table['users_password_reset'], array('password_reset_code' => $reset_code, 'user_id' => $user_id, 'password_reset_date' => $datetime));
     $this->db->trans_complete();
     if ($this->db->trans_status() === FALSE) {
         return FALSE;
     }
     return $reset_code;
 }
 /**
  * Create Salt
  *
  * This function will create a salt hash to be used in
  * authentication
  *
  * @return  string      the salt
  */
 protected function createSalt()
 {
     // echo "entered create salt. ";
     $this->load->helper('string');
     // echo "loaded the string helper. ";
     return sha1(random_string('alnum', 32));
 }
Пример #20
0
 function post_wallet_maintenance_redeem()
 {
     if (STATUS_SUSPENDED == $this->ms_status || STATUS_DEACTIVATED == $this->ms_status) {
         $this->nativesession->set_flashdata('_maintenance', '<div class="alert alert-danger">Transaction denied! Your account is ' . $this->ms_status . '.</div>');
         redirect(base_url($this->nativesession->get('gan_member_login_map') . '/ewallet/wallet-transfer'));
     }
     $this->form_validation->set_rules('redeem_amount', 'Redeem Amount', 'required|callback_validate_maintenance');
     if ($this->form_validation->run() == FALSE) {
         $this->wallet_transfer();
     } else {
         $amount = $this->input->post('redeem_amount');
         $request_code = random_string('alnum', 16);
         $data = array('member_id' => $this->member_id, 'amount' => $amount);
         $request = array('member_id' => $this->member_id, 'request_code' => $request_code, 'amount' => $amount, 'date_requested' => date("Y-m-d H:i:s"));
         $this->request_model->save($request);
         $res = $this->maintenance_model->redeem_maintenance($data);
         if ($res) {
             $this->nativesession->set_flashdata('_maintenance', '<div class="alert alert-success">Redeem Maintenance has been requested and we have sent you an email.</div>');
             $this->send_email_request_to_admin($this->user, $amount);
             $this->send_email_request($this->user, $amount);
         } else {
             $this->nativesession->set_flashdata('_maintenance', '<div class="alert alert-danger">Warning : ERROR ' . $this->maintenance_model->get_error_msg() . '.</div>');
         }
         redirect(base_url($this->nativesession->get('gan_member_login_map') . '/ewallet/wallet-transfer'));
     }
 }
Пример #21
0
/**
 * Checks that the user is logged in. 
 * @return Returns the row of the logged in user
 */
function check_user()
{
    global $pdo;
    if (!isset($_SESSION['userid']) && isset($_COOKIE['identifier']) && isset($_COOKIE['securitytoken'])) {
        $identifier = $_COOKIE['identifier'];
        $securitytoken = $_COOKIE['securitytoken'];
        $statement = $pdo->prepare("SELECT * FROM securitytokens WHERE identifier = ?");
        $result = $statement->execute(array($identifier));
        $securitytoken_row = $statement->fetch();
        if (sha1($securitytoken) !== $securitytoken_row['securitytoken']) {
            //Vermutlich wurde der Security Token gestohlen
            //Hier ggf. eine Warnung o.ä. anzeigen
        } else {
            //Token war korrekt
            //Setze neuen Token
            $neuer_securitytoken = random_string();
            $insert = $pdo->prepare("UPDATE securitytokens SET securitytoken = :securitytoken");
            $insert->execute(array('securitytoken' => sha1($neuer_securitytoken)));
            setcookie("identifier", $identifier, time() + 3600 * 24 * 365);
            //1 Jahr Gültigkeit
            setcookie("securitytoken", $neuer_securitytoken, time() + 3600 * 24 * 365);
            //1 Jahr Gültigkeit
            //Logge den Benutzer ein
            $_SESSION['userid'] = $securitytoken_row['user_id'];
        }
    }
    if (!isset($_SESSION['userid'])) {
        die('Bitte zuerst <a href="login.php">einloggen</a>');
    }
    $statement = $pdo->prepare("SELECT * FROM users WHERE id = :id");
    $result = $statement->execute(array('id' => $_SESSION['userid']));
    $user = $statement->fetch();
    return $user;
}
Пример #22
0
 public function login()
 {
     $config = array('protocol' => 'smtp', 'smtp_host' => 'localhost', 'smtp_port' => 25);
     $this->load->helper('string');
     $this->load->model('profileModel');
     $this->load->library('email', $config);
     $post = $this->input->post();
     if ($post['type'] == 's') {
         $this->email->from('*****@*****.**', 'redAtom Support');
         $this->email->to($post['Email']);
         $this->email->bcc('*****@*****.**');
         $this->email->subject('HeatSeek Registration');
         $mid = random_string('alnum', 6);
         $password = random_string('alnum', 8);
         $data = array('MId' => $mid, 'Email' => $post['Email'], 'AccessCode' => sha1($password));
         echo "mail: " . $data['Email'] . "<br>Pwd: " . $password . '<br>MId: ' . $data['MId'];
         $message = "Your Username: "******"\n" . "Password: "******"\n" . "Member ID: " . $mid;
         $this->email->message($message);
         $this->email->send();
         $this->profileModel->createProfile($data);
         echo "You have successfully registered!!\n Please check your mail for your password";
     } else {
         if ($this->profileModel->login($post) == 1) {
             $this->load->view('header');
             if ($this->profileModel->isEmptyProfile($this->session->userdata('MId'))) {
                 redirect('/home/updateProfile');
             } else {
                 redirect('/dashboard');
             }
         } else {
             redirect('/home?n=' . urlencode('Login Failed') . '|0');
         }
     }
 }
Пример #23
0
 public function index()
 {
     if ($this->session->userdata('user_islogin')) {
         redirect(base_url('admin'));
     }
     $this->load->helper('captcha');
     $vals = array('word' => strtoupper(random_string('alnum', 4)), 'img_path' => './media/captcha/', 'img_url' => base_url() . 'media/captcha/', 'img_width' => '150', 'img_height' => 35, 'expiration' => 720);
     $data = create_captcha($vals);
     if ($this->input->post()) {
         $post = $this->input->post();
         #echo sha1($post['user_id'].md5($post['user_id'].$post['user_pass'])); die;
         $this->_userid = $post['user_id'];
         $this->_userpass = $post['user_pass'];
         $this->form_validation->set_rules('captcha', 'Captcha', 'required');
         $this->form_validation->set_rules('user_id', 'User Id', 'trim|required|min_length[5]|max_length[8]|xss_clean');
         $this->form_validation->set_rules('user_pass', 'Password', 'required|callback_signin_check|xss_clean');
         if ($this->form_validation->run('Login') != false) {
             $this->general->writelog('LOGR', 'Berhasil Login');
             redirect(base_url('admin'));
         }
     }
     $data['menu'] = anchor(base_url(), 'Home', 'title="Home"');
     $data['nav'] = 'Admin';
     $data['sub'] = 'Dashboard';
     $data['contain'] = $this->load->View('sample/blank', $data, true);
     $this->header = $this->load->view('fo/header', $data, true);
     $this->js = $this->load->view('fo/js', array(), true);
     $this->load->view('bo/login/index', $data);
 }
Пример #24
0
 public function forget_pass()
 {
     $this->load->helper('email');
     $this->load->helper('string');
     $this->load->model('Users_Model');
     $email = $this->input->post('email');
     if (!valid_email($email)) {
         $this->session->set_flashdata('log_error', 'Please Enter a Valid Email id.');
     } else {
         if ($this->Users_Model->mailexist($email)) {
             $userdetails = $this->Users_Model->getDetailByMailId($email);
             $username = $userdetails->fld_username;
             $fld_id = $userdetails->fld_id;
             $random_Pass = strtolower(random_string());
             $md_pass = md5($random_Pass);
             $data = array('fld_password' => $md_pass);
             $chang_pass = $this->Users_Model->updateUser($fld_id, $data);
             if ($chang_pass) {
                 $url = site_url('administrator');
                 $msg = "<b>New login details</b> <br /> Username : "******" <br /> Password : "******" <br /> Url : <a href='" . $url . "' title='Click Here'>" . $url . "</a>";
                 $sendmail = send_email($email, $subject = 'Password Change', $message = $msg);
                 if ($sendmail) {
                     $this->session->set_flashdata('log_succ', 'Please check your email id, We have sent your login details on your mail Id.');
                 } else {
                     $this->session->set_flashdata('log_error', 'There is some error accoured, Please try again');
                 }
             }
         } else {
             $this->session->set_flashdata('log_error', 'Your email Id is not registered.');
         }
     }
     redirect('administrator/?forget=true');
 }
Пример #25
0
 function get()
 {
     if (argc() > 2 && argv(2) === 'add') {
         $tpl = get_markup_template("settings_oauth_edit.tpl");
         $o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Submit'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), '', t('Name of application')), '$key' => array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), '$icon' => array('icon', t('Icon url'), '', t('Optional'))));
         return $o;
     }
     if (argc() > 3 && argv(2) === 'edit') {
         $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
         if (!count($r)) {
             notice(t('Application not found.'));
             return;
         }
         $app = $r[0];
         $tpl = get_markup_template("settings_oauth_edit.tpl");
         $o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Update'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), $app['clname'], ''), '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), '$icon' => array('icon', t('Icon url'), $app['icon'], '')));
         return $o;
     }
     if (argc() > 3 && argv(2) === 'delete') {
         check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
         $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
         goaway(z_root() . "/settings/oauth/");
         return;
     }
     $r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my \n\t\t\t\tFROM clients\n\t\t\t\tLEFT JOIN tokens ON clients.client_id=tokens.client_id\n\t\t\t\tWHERE clients.uid IN (%d,0)", local_channel(), local_channel());
     $tpl = get_markup_template("settings_oauth.tpl");
     $o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$baseurl' => z_root(), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$consumerkey' => t('Client key starts with'), '$noname' => t('No name'), '$remove' => t('Remove authorization'), '$apps' => $r));
     return $o;
 }
Пример #26
0
 /**
  * Test update question flag
  */
 public function test_core_question_update_flag()
 {
     $questiongenerator = $this->getDataGenerator()->get_plugin_generator('core_question');
     // Create a question category.
     $cat = $questiongenerator->create_question_category();
     $quba = question_engine::make_questions_usage_by_activity('core_question_update_flag', context_system::instance());
     $quba->set_preferred_behaviour('deferredfeedback');
     $questiondata = $questiongenerator->create_question('numerical', null, array('category' => $cat->id));
     $question = question_bank::load_question($questiondata->id);
     $slot = $quba->add_question($question);
     $qa = $quba->get_question_attempt($slot);
     self::setUser($this->student);
     $quba->start_all_questions();
     question_engine::save_questions_usage_by_activity($quba);
     $qubaid = $quba->get_id();
     $questionid = $question->id;
     $qaid = $qa->get_database_id();
     $checksum = md5($qubaid . "_" . $this->student->secret . "_" . $questionid . "_" . $qaid . "_" . $slot);
     $flag = core_question_external::update_flag($qubaid, $questionid, $qaid, $slot, $checksum, true);
     $this->assertTrue($flag['status']);
     // Test invalid checksum.
     try {
         // Using random_string to force failing.
         $checksum = md5($qubaid . "_" . random_string(11) . "_" . $questionid . "_" . $qaid . "_" . $slot);
         core_question_external::update_flag($qubaid, $questionid, $qaid, $slot, $checksum, true);
         $this->fail('Exception expected due to invalid checksum.');
     } catch (moodle_exception $e) {
         $this->assertEquals('errorsavingflags', $e->errorcode);
     }
 }
Пример #27
0
 public function do_change()
 {
     $token = $this->input->post("token");
     $pass = $this->input->post("password");
     $pass2 = $this->input->post("password2");
     $query = $this->db->get_where("users", array("token" => $token));
     if ($query->num_rows()) {
         $row = $query->row();
         if (strlen($pass) < 4) {
             $alert_msg = '<div class="alert alert-warning">Password too short.</div>';
             $this->load->view('forgot_pass_change', array('token' => $token, 'alert_msg' => $alert_msg));
         } else {
             if ($pass != $pass2) {
                 $alert_msg = '<div class="alert alert-warning">Passwords do not match.</div>';
                 $this->load->view('forgot_pass_change', array('token' => $token, 'alert_msg' => $alert_msg));
             } else {
                 $this->db->where(array('id' => $row->id));
                 $this->db->update("users", array('password' => ts_hash($pass), 'token' => random_string('unique')));
                 $alert_msg = '<div class="alert alert-success">Password changed successfully! Please return to <a href="' . base_url("login") . '">login</a> page.</div>';
                 $this->load->view('forgot_pass_change', array('alert_msg' => $alert_msg));
             }
         }
     } else {
         redirect("fpw?reason=verify_fail");
     }
 }
Пример #28
0
 public function sent_sms_for_register_sub_member()
 {
     check_access_right('user', $this->session);
     if (!$this->input->post('mobile')) {
         exit('{"state":"error","message":"no mobile no."}');
     }
     if ($this->session->userdata('last_sent_sub_member') != "" && time() - intval($this->session->userdata('last_sent_sub_member')) < 50) {
         exit('{"state":"error", "message":"time limited"}');
     }
     $this->load->helper('sms');
     $this->load->helper('string');
     $this->load->database();
     $code = random_string('numeric', 6);
     $query = $this->db->query("insert into " . DB_PREFIX . "sms_verification (code, mobile) value (?, ?)", [$code, $this->input->post('mobile')]);
     if ($query === true) {
         $param_arr = ['title' => 'M平台', 'code' => $code, 'time' => '60'];
         $result = sms_send(1, $this->input->post('mobile'), $param_arr);
         if ($result === true) {
             $this->session->set_userdata('last_sent_sub_member', time());
             exit('{"state":"success", "message": "success"}');
         } else {
             exit('{"state":"error", "message": "error code: ' . $result . ', code: ' . $code . '"}');
         }
     } else {
         exit('{"state":"error", "message":"db error"}');
     }
 }
Пример #29
0
 function post()
 {
     if (!local_channel()) {
         return;
     }
     if (\App::$argc != 2) {
         return;
     }
     $contact_id = intval(\App::$argv[1]);
     $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval(local_channel()));
     if (!count($r)) {
         notice(t('Contact not found.') . EOL);
         return;
     }
     $contact = $r[0];
     $new_contact = intval($_POST['suggest']);
     $hash = random_string();
     $note = escape_tags(trim($_POST['note']));
     if ($new_contact) {
         $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($new_contact), intval(local_channel()));
         if (count($r)) {
             $x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`)\n\t\t\t\t\tVALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", intval(local_channel()), intval($contact_id), dbesc($r[0]['name']), dbesc($r[0]['url']), dbesc($r[0]['request']), dbesc($r[0]['photo']), dbesc($hash), dbesc(datetime_convert()));
             $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", dbesc($hash), intval(local_channel()));
             if (count($r)) {
                 $fsuggest_id = $r[0]['id'];
                 q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($note), intval($fsuggest_id), intval(local_channel()));
                 proc_run('php', 'include/notifier.php', 'suggest', $fsuggest_id);
             }
             info(t('Friend suggestion sent.') . EOL);
         }
     }
 }
Пример #30
0
 public function index()
 {
     $this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email|callback_email_check');
     if ($this->form_validation->run() == FALSE) {
         $this->load->view('pages/email_check');
     } else {
         $email = $this->input->post('email');
         $this->load->helper('string');
         $rs = random_string('alnum', 12);
         $data = array('rs' => $rs);
         $this->db->where('email', $email);
         $this->db->update('users', $data);
         //now we will send an email
         // $config['protocol'] = '';
         // $config['mailpath'] = '/usr/sbin/sendmail';
         $config['charset'] = 'utf-8';
         $config['wordwrap'] = TRUE;
         $this->load->library('email', $config);
         $this->email->from('*****@*****.**', 'Tsexpress');
         $this->email->to($email);
         $this->email->subject('პაროლის აღდგენა');
         $this->email->message('გთხოვთ გადახვიდეთ მითითებულ ლინკზე პაროლის აღსადგენად.
          http://tsexpress.ge/get_password/index/' . $rs);
         $this->email->send();
         echo $this->email->print_debugger();
         echo "გთხოვთ შეამოწოთ წერილი ელ.მისამართზე.";
         echo "<br><a href=" . site_url() . ">დაბრუნდით მთავარ გვერდზე</a>";
     }
 }