static function register()
{
if (!MValidate::password(MGet::string('pass'))) {
return mapi_report('Invalid password.');
}
if (MGet::string('pass') !== MGet::string('pass_repeat')) {
return mapi_report('Passwords do not match.');
}
$user = MObject::create('user');
$user->set_username(MGet::string('user'));
$user->set_name(MGet::string('name'));
$user->set_email(MGet::string('email'));
$reg_group = MObject::get('preference', 'new_user_default_group');
$group = null;
if (!$reg_group || $reg_group->get_value()) {
$group = 3;
}
if ($reg_group->get_value() < 1 || $reg_group->get_value() > 3) {
$group = 3;
}
if (!$group) {
$group = $reg_group->get_value();
}
$user->set_group_id($group);
$user->set_activation(urlencode(MCrypt::encrypt(mapi_random(24))));
$user->set_enabled(0);
$user->add(MGet::string('pass'));
if (0 == MMessaging::any_errors() + MMessaging::any_warnings()) {
self::send_reg_email($user);
$_POST['user'] = '';
$_POST['name'] = '';
$_POST['email'] = '';
}
}
/**
* Confirms the existence of the user.
*
* @param string $user
* @param string $password
* @return integer
*/
private function searchUser($user, $password)
{
/* Search for the user in the database */
$sql = "SELECT * FROM user WHERE user = '******'";
$res = DB::query($sql);
$row = mysqli_fetch_assoc($res);
/* If the user exists verify the password */
if (mysqli_num_rows($res)) {
DB::free($res);
$mcrypt = new MCrypt();
//echo $mcrypt->encrypt("");
if ($row["password"] === $mcrypt->encrypt($password)) {
$res = 1;
} else {
$res = 0;
}
} else {
$res = 0;
}
return $res;
}
mysql_query("set names utf8");
// 检测用户名及密码是否正确
// $check_query = mysql_query("select purchase.app_id, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id='$app_id' and member.deviceid='$deviceid' limit 1");
$check_query = mysql_query("select purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1");
$arr = array();
//空的数组
if ($result = mysql_fetch_array($check_query)) {
// 登录成功
// $_SESSION['app_id'] = $result['app_id'];
$_SESSION['app_id2'] = $result['app_id2'];
$_SESSION['deviceid'] = $result['deviceid'];
//jarname save session
$_SESSION['jarname'] = $jarname;
$_SESSION['sessionid'] = session_id();
// AES
$mcrypt = new MCrypt();
// get secret value
// $sql = "SELECT secret_value FROM app WHERE app_id='".$_SESSION['app_id']."';";
$sql = "SELECT secret_value FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';";
$result = mysql_query($sql) or die(mysql_error());
$row1 = mysql_fetch_array($result);
$secret_value_set = unserialize($row1[0]);
//分配 secret value
for ($i = 0; $i < 3; $i++) {
$n = rand(0, 4);
$secret_value[] = $secret_value_set[$n];
}
//get personal keys
$sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';";
$result = mysql_query($sql) or die(mysql_error());
$row2 = mysql_fetch_array($result);
/**
* Modify a client saved in the database.
*
* @param Client $client
* @return integer
*/
public function editClient(Client $client)
{
$mcrypt = new MCrypt();
$sql = "UPDATE client \n\t\t\tSET id_client = '" . $client->getIdClient() . "', client_name = '" . replaceCharacters($client->getClientName()) . "', agent = '" . replaceCharacters($client->getAgent()) . "', address = '" . replaceCharacters($client->getAddress()) . "', phone = '" . $client->getPhone() . "', email = '" . $client->getEmail() . "', website = '" . $client->getWebsite() . "', user = '******', password = '******' WHERE id_client = '" . $client->getIdClient() . "'";
return DB::query($sql);
}
public function login($credentials, $options = array())
{
// Get the global MAuthentication object.
mimport('framework.user.authentication');
$authenticate = MAuthentication::getInstance();
$response = $authenticate->authenticate($credentials, $options);
if ($response->status === MAuthentication::STATUS_SUCCESS) {
// validate that the user should be able to login (different to being authenticated)
// this permits authentication plugins blocking the user
$authorisations = $authenticate->authorise($response, $options);
foreach ($authorisations as $authorisation) {
$denied_states = array(MAuthentication::STATUS_EXPIRED, MAuthentication::STATUS_DENIED);
if (in_array($authorisation->status, $denied_states)) {
// Trigger onUserAuthorisationFailure Event.
$this->triggerEvent('onUserAuthorisationFailure', array((array) $authorisation));
// If silent is set, just return false.
if (isset($options['silent']) && $options['silent']) {
return false;
}
// Return the error.
switch ($authorisation->status) {
case MAuthentication::STATUS_EXPIRED:
return MError::raiseWarning('102002', MText::_('MLIB_LOGIN_EXPIRED'));
break;
case MAuthentication::STATUS_DENIED:
return MError::raiseWarning('102003', MText::_('MLIB_LOGIN_DENIED'));
break;
default:
return MError::raiseWarning('102004', MText::_('MLIB_LOGIN_AUTHORISATION'));
break;
}
}
}
// Import the user plugin group.
MPluginHelper::importPlugin('user');
// OK, the credentials are authenticated and user is authorised. Lets fire the onLogin event.
$results = $this->triggerEvent('onUserLogin', array((array) $response, $options));
if (!in_array(false, $results, true)) {
// Set the remember me cookie if enabled.
if (isset($options['remember']) && $options['remember']) {
// Create the encryption key, apply extra hardening using the user agent string.
$privateKey = self::getHash(@$_SERVER['HTTP_USER_AGENT']);
$key = new MCryptKey('simple', $privateKey, $privateKey);
$crypt = new MCrypt(new MCryptCipherSimple(), $key);
$rcookie = $crypt->encrypt(json_encode($credentials));
$lifetime = time() + 365 * 24 * 60 * 60;
// Use domain and path set in config for cookie if it exists.
$cookie_domain = $this->getCfg('cookie_domain', '');
$cookie_path = $this->getCfg('cookie_path', '/');
// Check for SSL connection
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || getenv('SSL_PROTOCOL_VERSION');
setcookie(self::getHash('MLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain, $secure, true);
}
return true;
}
}
// Trigger onUserLoginFailure Event.
$this->triggerEvent('onUserLoginFailure', array((array) $response));
// If silent is set, just return false.
if (isset($options['silent']) && $options['silent']) {
return false;
}
// If status is success, any error will have been raised by the user plugin
if ($response->status !== MAuthentication::STATUS_SUCCESS) {
MError::raiseWarning('102001', $response->error_message);
}
return false;
}
<?php
//error_reporting(E_ALL);
//ini_set('display_errors', 'On');
//var_dump(function_exists('utf8_decode'));
/*
* Following code will list the values from the query and encrypt
* For the message the android application
*/
// array for JSON response
$response = array();
// include db connect class
require_once __DIR__ . '/db_connect.php';
require_once __DIR__ . '/mcrypt.php';
$db = new DB_CONNECT();
$mcrypt = new MCrypt();
//get the encrypted query and use the mycrypt libary to unencrypt it
$encrypted_data = $_REQUEST["query"];
$query = $mcrypt->decrypt($encrypted_data);
//run the query
$result = mysql_query($query) or die(mysql_error());
// check for empty result
if (mysql_num_rows($result) > 0) {
/*
Take all the results and encrypt them and display them.
*/
$response["responce"] = array();
$product = array();
$data = "";
while ($row = mysql_fetch_array($result)) {
for ($i = 0; $i < count($row) / 2; $i = $i + 1) {
<?php
/*
------------------------------------------------------------------------
Copyright (C) 2015 Albert Weerman
This library/program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
------------------------------------------------------------------------
*/
require_once 'ximcrypt.php';
$mcrypt = new MCrypt();
echo $mcrypt->encrypt(json_encode(array('api' => 'xiIsRemoteServerUp')));
echo '<hr>';
echo '<hr>';
//echo base64_encode(json_encode(array('api' => 'xiUploadToRemoteServer', 'tables' => array('data'), 'urid' => 1)));
echo $mcrypt->encrypt(json_encode(array('api' => 'xiUploadToRemoteServer', 'tables' => array('data'), 'urid' => 1)));
echo '<hr>';
echo json_encode(array('api' => 'xiUploadToRemoteServer', 'tables' => array('data', 'log'), 'urid' => 1));
function sendToServer($str, $id)
{
$postUrl = XI_REMOTE_SERVER;
//$str = urlencode($this->encryptAndCompress($str));
// $str = encryptAndCompress($str);
// $data['q'] = encryptAndCompress(json_encode(array('api' => 'upload', 'id' => $id, 'query' => $str)));
// echo 'length before json' . strlen($str) . '---';
$mcrypt = new MCrypt();
$strToEncrypt = json_encode(array('API' => 'upload', 'ID' => $id, 'QUERY' => base64_encode($str)));
// echo 'length after json:' . strlen($strToEncrypt);
$data['q'] = $mcrypt->encrypt($strToEncrypt);
$result = curlToServer($data, $postUrl);
return trim($result);
}
function write($sessionId, $data)
{
// Get unique key
$key = $this->getkey($sessionId);
// $this->err($key);
// TODO::sudo php5enmod mcrypt
// $crypt = new Crypt ();
// $crypt->setComplexTypes(TRUE);
// $crypt->setKey($key);
// $crypt->setData($data);
// $encrypt = $crypt->encrypt();
// $crypt = new \Crypt\AES ();
// $encrypt = $crypt->encrypt($data, $this->key, $this->iv);
// $security = new Security();
// $encrypt = $security->encrypt($data, $key);
$crypt = new MCrypt($key);
$encrypt = $crypt->encrypt($data);
// $this->err($data);
// $this->err($encrypt);
return file_put_contents("{$this->savePath}/sess_{$sessionId}", $encrypt) === false ? false : true;
}
private static function check_auth()
{
if (!sizeof($_COOKIE) > 0) {
return null;
}
if (!isset($_COOKIE['mpmi_r'])) {
return null;
}
if (!isset($_COOKIE['mpmi_t'])) {
return null;
}
if (!isset($_COOKIE['mpmi_b'])) {
return null;
}
$cookie_of_rand = MCrypt::decrypt($_COOKIE['mpmi_r']);
$cookie_of_time = MCrypt::decrypt($_COOKIE['mpmi_t']);
$cookie_of_browser = MCrypt::decrypt($_COOKIE['mpmi_b']);
$rand_array = explode(' ', $cookie_of_rand);
$user = new M_User($rand_array[0], true);
if ($user) {
if ($user->compare_lastlogin($cookie_of_rand, $cookie_of_time, $cookie_of_browser)) {
self::$auth = true;
self::$user = $user->get_username();
self::$user_id = $user->get_id();
self::$group_id = $user->get_group_id();
}
}
}
mcrypt_generic_init($td, $this->key, $iv);
$decrypted = mdecrypt_generic($td, $code);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return utf8_encode(trim($decrypted));
}
protected function hex2bin($hexdata)
{
$bindata = '';
for ($i = 0; $i < strlen($hexdata); $i += 2) {
$bindata .= chr(hexdec(substr($hexdata, $i, 2)));
}
return $bindata;
}
}
$mcrypt = new MCrypt();
// Get the connexion parameter
$dbname = $mcrypt->decrypt($_REQUEST['dbname']);
$host = $mcrypt->decrypt($_REQUEST['host']);
$username = $mcrypt->decrypt($_REQUEST['username']);
$password = $mcrypt->decrypt($_REQUEST['password']);
//Open the connexion to the database
$connect = new PDO('mysql:host=' . $host . ';dbname=' . $dbname, $username, $password);
$connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$connect->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$connect->exec("SET CHARACTER SET utf8");
//Execute the request
$result = $connect->prepare(str_replace("\\'", "'", $_REQUEST['request']));
$result->execute();
//If we need to get de last insert id
if (isset($_REQUEST['isNeedToGetId'])) {
function getDateSuscription($name, $password)
{
require_once "../ap-admin/extensions/mcrypt/MCrypt.php";
$mcrypt = new MCrypt();
$sql = "SELECT date_suscription FROM client WHERE user = '******' AND password = '******'";
//var_dump($sql);
$res = query($sql);
$row = mysqli_fetch_assoc($res);
//var_dump($res);
//var_dump($row);
return $row['date_suscription'];
}
// need post
include 'conn.php';
mysql_query("set names utf8");
// 檢測用戶身份是否正確
$check_query = mysql_query("select purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1");
$arr = array();
//空的陣列
if ($result = mysql_fetch_array($check_query)) {
// 登入成功
$_SESSION['app_id2'] = $result['app_id2'];
$_SESSION['deviceid'] = $result['deviceid'];
$_SESSION['jarName'] = $jarname;
//把jarName在第一次連線儲存起來,第二次連線時就不用再要求一次,減少資料冗餘成本。多完美啊~
$_SESSION['sessionid'] = session_id();
// AES
$mcrypt = new MCrypt();
//get secret value
$sql = "SELECT secret_value FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';";
$result = mysql_query($sql) or die(mysql_error());
$row1 = mysql_fetch_array($result);
$secret_value_set = unserialize($row1[0]);
//分配 secret value
for ($i = 0; $i < 3; $i++) {
$n = rand(0, 4);
$secret_value[] = $secret_value_set[$n];
}
//get personal keys
$sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';";
$result = mysql_query($sql) or die(mysql_error());
$row2 = mysql_fetch_array($result);
// echo ("pk1 : ".$row2[0]."sv1 : ".$secret_value[0]."<br>");
include 'conn.php';
mysql_query("set names utf8");
// 檢測用戶身份是否正確
$check_query = mysql_query("select purchase.app_id, purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1");
$arr = array();
//空的陣列
if ($result = mysql_fetch_array($check_query)) {
// 登入成功
$_SESSION['app_id'] = $result['app_id'];
$_SESSION['app_id2'] = $result['app_id2'];
$_SESSION['deviceid'] = $result['deviceid'];
// $_SESSION['androidid'] = $result['androidid'];
$sessionid = session_id();
$_SESSION['$sessionid'] = $sessionid;
// AES
$mcrypt = new MCrypt();
// AES Encrypt(secret_value)
$enable_block = $mcrypt->encrypt("1111111111123456");
//secret_value
$enable_block2 = $mcrypt->encrypt("222222222123456");
//secret_value2
$enable_block3 = $mcrypt->encrypt("333333333123456");
//secret_value3
// $enable_block = $mcrypt->encrypt("9999999999123456"); //java.lang.StringIndexOutOfBoundsException
// $enable_block2 = $mcrypt->encrypt("888888888123456"); //java.lang.StringIndexOutOfBoundsException
$arr = array('flag' => 'success', 'enable_block' => $enable_block, 'enable_block2' => $enable_block2, 'enable_block3' => $enable_block3, 'sessionid' => $sessionid);
echo json_encode($arr);
} else {
$arr = array('flag' => 'error', 'sessionid' => $sessionid);
echo json_encode($arr);
}
mysql_query("set names utf8");
// 檢測用戶身份是否正確
// $check_query = mysql_query("select purchase.app_id, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id='$app_id' and member.deviceid='$deviceid' limit 1");
$check_query = mysql_query("select purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1");
$arr = array();
//空的陣列
if ($result = mysql_fetch_array($check_query)) {
// 登入成功
// $_SESSION['app_id'] = $result['app_id'];
$_SESSION['app_id2'] = $result['app_id2'];
$_SESSION['deviceid'] = $result['deviceid'];
//jarname save session
$_SESSION['jarname'] = $jarname;
$_SESSION['sessionid'] = session_id();
// AES
$mcrypt = new MCrypt();
// get secret value
// $sql = "SELECT secret_value FROM app WHERE app_id='".$_SESSION['app_id']."';";
$sql = "SELECT secret_value FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';";
$result = mysql_query($sql) or die(mysql_error());
$row1 = mysql_fetch_array($result);
$secret_value_set = unserialize($row1[0]);
//分配 secret value
for ($i = 0; $i < 3; $i++) {
$n = rand(0, 4);
$secret_value[] = $secret_value_set[$n];
}
//get personal keys
$sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';";
$result = mysql_query($sql) or die(mysql_error());
$row2 = mysql_fetch_array($result);
$len = strlen($string);
$pad = $blocksize - $len % $blocksize;
$string .= str_repeat(chr($pad), $pad);
return $string;
}
private function strippadding($string)
{
$slast = ord(substr($string, -1));
$slastc = chr($slast);
$pcheck = substr($string, -$slast);
if (preg_match("/{$slastc}{" . $slast . "}/", $string)) {
$string = substr($string, 0, strlen($string) - $slast);
return $string;
} else {
return false;
}
}
function hexToStr($hex)
{
$string = '';
for ($i = 0; $i < strlen($hex) - 1; $i += 2) {
$string .= chr(hexdec($hex[$i] . $hex[$i + 1]));
}
return $string;
}
}
$encryption = new MCrypt();
$str = '我是中国人大佛傲东方那份难';
echo $en = $encryption->encrypt($str) . PHP_EOL;
echo $de = $encryption->decrypt($en);
var_dump($de == $str);
<?php
include 'include/config.php';
include 'include/db.php';
include 'include/gcm.php';
include 'include/mcrypt.php';
dbconnect();
include 'include/checklogin.php';
if (isset($_POST["regId"]) && isset($_POST["message"]) && isset($_POST["token"])) {
$regId = $_POST["regId"];
$message = $_POST["message"];
$token = $_POST["token"];
$mcrypt = new MCrypt();
$key = $mcrypt->formatKey($token);
$encrypted = $mcrypt->encrypt($message, $key);
$registration_ids = array($regId);
$messageA = array("message" => $encrypted);
$result = send_notification($registration_ids, $messageA);
}
dbclose();
