static function register() { if (!MValidate::password(MGet::string('pass'))) { return mapi_report('Invalid password.'); } if (MGet::string('pass') !== MGet::string('pass_repeat')) { return mapi_report('Passwords do not match.'); } $user = MObject::create('user'); $user->set_username(MGet::string('user')); $user->set_name(MGet::string('name')); $user->set_email(MGet::string('email')); $reg_group = MObject::get('preference', 'new_user_default_group'); $group = null; if (!$reg_group || $reg_group->get_value()) { $group = 3; } if ($reg_group->get_value() < 1 || $reg_group->get_value() > 3) { $group = 3; } if (!$group) { $group = $reg_group->get_value(); } $user->set_group_id($group); $user->set_activation(urlencode(MCrypt::encrypt(mapi_random(24)))); $user->set_enabled(0); $user->add(MGet::string('pass')); if (0 == MMessaging::any_errors() + MMessaging::any_warnings()) { self::send_reg_email($user); $_POST['user'] = ''; $_POST['name'] = ''; $_POST['email'] = ''; } }
/** * Confirms the existence of the user. * * @param string $user * @param string $password * @return integer */ private function searchUser($user, $password) { /* Search for the user in the database */ $sql = "SELECT * FROM user WHERE user = '******'"; $res = DB::query($sql); $row = mysqli_fetch_assoc($res); /* If the user exists verify the password */ if (mysqli_num_rows($res)) { DB::free($res); $mcrypt = new MCrypt(); //echo $mcrypt->encrypt(""); if ($row["password"] === $mcrypt->encrypt($password)) { $res = 1; } else { $res = 0; } } else { $res = 0; } return $res; }
mysql_query("set names utf8"); // 检测用户名及密码是否正确 // $check_query = mysql_query("select purchase.app_id, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id='$app_id' and member.deviceid='$deviceid' limit 1"); $check_query = mysql_query("select purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1"); $arr = array(); //空的数组 if ($result = mysql_fetch_array($check_query)) { // 登录成功 // $_SESSION['app_id'] = $result['app_id']; $_SESSION['app_id2'] = $result['app_id2']; $_SESSION['deviceid'] = $result['deviceid']; //jarname save session $_SESSION['jarname'] = $jarname; $_SESSION['sessionid'] = session_id(); // AES $mcrypt = new MCrypt(); // get secret value // $sql = "SELECT secret_value FROM app WHERE app_id='".$_SESSION['app_id']."';"; $sql = "SELECT secret_value FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';"; $result = mysql_query($sql) or die(mysql_error()); $row1 = mysql_fetch_array($result); $secret_value_set = unserialize($row1[0]); //分配 secret value for ($i = 0; $i < 3; $i++) { $n = rand(0, 4); $secret_value[] = $secret_value_set[$n]; } //get personal keys $sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';"; $result = mysql_query($sql) or die(mysql_error()); $row2 = mysql_fetch_array($result);
/** * Modify a client saved in the database. * * @param Client $client * @return integer */ public function editClient(Client $client) { $mcrypt = new MCrypt(); $sql = "UPDATE client \n\t\t\tSET id_client = '" . $client->getIdClient() . "', client_name = '" . replaceCharacters($client->getClientName()) . "', agent = '" . replaceCharacters($client->getAgent()) . "', address = '" . replaceCharacters($client->getAddress()) . "', phone = '" . $client->getPhone() . "', email = '" . $client->getEmail() . "', website = '" . $client->getWebsite() . "', user = '******', password = '******' WHERE id_client = '" . $client->getIdClient() . "'"; return DB::query($sql); }
public function login($credentials, $options = array()) { // Get the global MAuthentication object. mimport('framework.user.authentication'); $authenticate = MAuthentication::getInstance(); $response = $authenticate->authenticate($credentials, $options); if ($response->status === MAuthentication::STATUS_SUCCESS) { // validate that the user should be able to login (different to being authenticated) // this permits authentication plugins blocking the user $authorisations = $authenticate->authorise($response, $options); foreach ($authorisations as $authorisation) { $denied_states = array(MAuthentication::STATUS_EXPIRED, MAuthentication::STATUS_DENIED); if (in_array($authorisation->status, $denied_states)) { // Trigger onUserAuthorisationFailure Event. $this->triggerEvent('onUserAuthorisationFailure', array((array) $authorisation)); // If silent is set, just return false. if (isset($options['silent']) && $options['silent']) { return false; } // Return the error. switch ($authorisation->status) { case MAuthentication::STATUS_EXPIRED: return MError::raiseWarning('102002', MText::_('MLIB_LOGIN_EXPIRED')); break; case MAuthentication::STATUS_DENIED: return MError::raiseWarning('102003', MText::_('MLIB_LOGIN_DENIED')); break; default: return MError::raiseWarning('102004', MText::_('MLIB_LOGIN_AUTHORISATION')); break; } } } // Import the user plugin group. MPluginHelper::importPlugin('user'); // OK, the credentials are authenticated and user is authorised. Lets fire the onLogin event. $results = $this->triggerEvent('onUserLogin', array((array) $response, $options)); if (!in_array(false, $results, true)) { // Set the remember me cookie if enabled. if (isset($options['remember']) && $options['remember']) { // Create the encryption key, apply extra hardening using the user agent string. $privateKey = self::getHash(@$_SERVER['HTTP_USER_AGENT']); $key = new MCryptKey('simple', $privateKey, $privateKey); $crypt = new MCrypt(new MCryptCipherSimple(), $key); $rcookie = $crypt->encrypt(json_encode($credentials)); $lifetime = time() + 365 * 24 * 60 * 60; // Use domain and path set in config for cookie if it exists. $cookie_domain = $this->getCfg('cookie_domain', ''); $cookie_path = $this->getCfg('cookie_path', '/'); // Check for SSL connection $secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' || getenv('SSL_PROTOCOL_VERSION'); setcookie(self::getHash('MLOGIN_REMEMBER'), $rcookie, $lifetime, $cookie_path, $cookie_domain, $secure, true); } return true; } } // Trigger onUserLoginFailure Event. $this->triggerEvent('onUserLoginFailure', array((array) $response)); // If silent is set, just return false. if (isset($options['silent']) && $options['silent']) { return false; } // If status is success, any error will have been raised by the user plugin if ($response->status !== MAuthentication::STATUS_SUCCESS) { MError::raiseWarning('102001', $response->error_message); } return false; }
<?php //error_reporting(E_ALL); //ini_set('display_errors', 'On'); //var_dump(function_exists('utf8_decode')); /* * Following code will list the values from the query and encrypt * For the message the android application */ // array for JSON response $response = array(); // include db connect class require_once __DIR__ . '/db_connect.php'; require_once __DIR__ . '/mcrypt.php'; $db = new DB_CONNECT(); $mcrypt = new MCrypt(); //get the encrypted query and use the mycrypt libary to unencrypt it $encrypted_data = $_REQUEST["query"]; $query = $mcrypt->decrypt($encrypted_data); //run the query $result = mysql_query($query) or die(mysql_error()); // check for empty result if (mysql_num_rows($result) > 0) { /* Take all the results and encrypt them and display them. */ $response["responce"] = array(); $product = array(); $data = ""; while ($row = mysql_fetch_array($result)) { for ($i = 0; $i < count($row) / 2; $i = $i + 1) {
<?php /* ------------------------------------------------------------------------ Copyright (C) 2015 Albert Weerman This library/program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ------------------------------------------------------------------------ */ require_once 'ximcrypt.php'; $mcrypt = new MCrypt(); echo $mcrypt->encrypt(json_encode(array('api' => 'xiIsRemoteServerUp'))); echo '<hr>'; echo '<hr>'; //echo base64_encode(json_encode(array('api' => 'xiUploadToRemoteServer', 'tables' => array('data'), 'urid' => 1))); echo $mcrypt->encrypt(json_encode(array('api' => 'xiUploadToRemoteServer', 'tables' => array('data'), 'urid' => 1))); echo '<hr>'; echo json_encode(array('api' => 'xiUploadToRemoteServer', 'tables' => array('data', 'log'), 'urid' => 1));
function sendToServer($str, $id) { $postUrl = XI_REMOTE_SERVER; //$str = urlencode($this->encryptAndCompress($str)); // $str = encryptAndCompress($str); // $data['q'] = encryptAndCompress(json_encode(array('api' => 'upload', 'id' => $id, 'query' => $str))); // echo 'length before json' . strlen($str) . '---'; $mcrypt = new MCrypt(); $strToEncrypt = json_encode(array('API' => 'upload', 'ID' => $id, 'QUERY' => base64_encode($str))); // echo 'length after json:' . strlen($strToEncrypt); $data['q'] = $mcrypt->encrypt($strToEncrypt); $result = curlToServer($data, $postUrl); return trim($result); }
function write($sessionId, $data) { // Get unique key $key = $this->getkey($sessionId); // $this->err($key); // TODO::sudo php5enmod mcrypt // $crypt = new Crypt (); // $crypt->setComplexTypes(TRUE); // $crypt->setKey($key); // $crypt->setData($data); // $encrypt = $crypt->encrypt(); // $crypt = new \Crypt\AES (); // $encrypt = $crypt->encrypt($data, $this->key, $this->iv); // $security = new Security(); // $encrypt = $security->encrypt($data, $key); $crypt = new MCrypt($key); $encrypt = $crypt->encrypt($data); // $this->err($data); // $this->err($encrypt); return file_put_contents("{$this->savePath}/sess_{$sessionId}", $encrypt) === false ? false : true; }
private static function check_auth() { if (!sizeof($_COOKIE) > 0) { return null; } if (!isset($_COOKIE['mpmi_r'])) { return null; } if (!isset($_COOKIE['mpmi_t'])) { return null; } if (!isset($_COOKIE['mpmi_b'])) { return null; } $cookie_of_rand = MCrypt::decrypt($_COOKIE['mpmi_r']); $cookie_of_time = MCrypt::decrypt($_COOKIE['mpmi_t']); $cookie_of_browser = MCrypt::decrypt($_COOKIE['mpmi_b']); $rand_array = explode(' ', $cookie_of_rand); $user = new M_User($rand_array[0], true); if ($user) { if ($user->compare_lastlogin($cookie_of_rand, $cookie_of_time, $cookie_of_browser)) { self::$auth = true; self::$user = $user->get_username(); self::$user_id = $user->get_id(); self::$group_id = $user->get_group_id(); } } }
mcrypt_generic_init($td, $this->key, $iv); $decrypted = mdecrypt_generic($td, $code); mcrypt_generic_deinit($td); mcrypt_module_close($td); return utf8_encode(trim($decrypted)); } protected function hex2bin($hexdata) { $bindata = ''; for ($i = 0; $i < strlen($hexdata); $i += 2) { $bindata .= chr(hexdec(substr($hexdata, $i, 2))); } return $bindata; } } $mcrypt = new MCrypt(); // Get the connexion parameter $dbname = $mcrypt->decrypt($_REQUEST['dbname']); $host = $mcrypt->decrypt($_REQUEST['host']); $username = $mcrypt->decrypt($_REQUEST['username']); $password = $mcrypt->decrypt($_REQUEST['password']); //Open the connexion to the database $connect = new PDO('mysql:host=' . $host . ';dbname=' . $dbname, $username, $password); $connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $connect->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $connect->exec("SET CHARACTER SET utf8"); //Execute the request $result = $connect->prepare(str_replace("\\'", "'", $_REQUEST['request'])); $result->execute(); //If we need to get de last insert id if (isset($_REQUEST['isNeedToGetId'])) {
function getDateSuscription($name, $password) { require_once "../ap-admin/extensions/mcrypt/MCrypt.php"; $mcrypt = new MCrypt(); $sql = "SELECT date_suscription FROM client WHERE user = '******' AND password = '******'"; //var_dump($sql); $res = query($sql); $row = mysqli_fetch_assoc($res); //var_dump($res); //var_dump($row); return $row['date_suscription']; }
// need post include 'conn.php'; mysql_query("set names utf8"); // 檢測用戶身份是否正確 $check_query = mysql_query("select purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1"); $arr = array(); //空的陣列 if ($result = mysql_fetch_array($check_query)) { // 登入成功 $_SESSION['app_id2'] = $result['app_id2']; $_SESSION['deviceid'] = $result['deviceid']; $_SESSION['jarName'] = $jarname; //把jarName在第一次連線儲存起來,第二次連線時就不用再要求一次,減少資料冗餘成本。多完美啊~ $_SESSION['sessionid'] = session_id(); // AES $mcrypt = new MCrypt(); //get secret value $sql = "SELECT secret_value FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';"; $result = mysql_query($sql) or die(mysql_error()); $row1 = mysql_fetch_array($result); $secret_value_set = unserialize($row1[0]); //分配 secret value for ($i = 0; $i < 3; $i++) { $n = rand(0, 4); $secret_value[] = $secret_value_set[$n]; } //get personal keys $sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';"; $result = mysql_query($sql) or die(mysql_error()); $row2 = mysql_fetch_array($result); // echo ("pk1 : ".$row2[0]."sv1 : ".$secret_value[0]."<br>");
include 'conn.php'; mysql_query("set names utf8"); // 檢測用戶身份是否正確 $check_query = mysql_query("select purchase.app_id, purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1"); $arr = array(); //空的陣列 if ($result = mysql_fetch_array($check_query)) { // 登入成功 $_SESSION['app_id'] = $result['app_id']; $_SESSION['app_id2'] = $result['app_id2']; $_SESSION['deviceid'] = $result['deviceid']; // $_SESSION['androidid'] = $result['androidid']; $sessionid = session_id(); $_SESSION['$sessionid'] = $sessionid; // AES $mcrypt = new MCrypt(); // AES Encrypt(secret_value) $enable_block = $mcrypt->encrypt("1111111111123456"); //secret_value $enable_block2 = $mcrypt->encrypt("222222222123456"); //secret_value2 $enable_block3 = $mcrypt->encrypt("333333333123456"); //secret_value3 // $enable_block = $mcrypt->encrypt("9999999999123456"); //java.lang.StringIndexOutOfBoundsException // $enable_block2 = $mcrypt->encrypt("888888888123456"); //java.lang.StringIndexOutOfBoundsException $arr = array('flag' => 'success', 'enable_block' => $enable_block, 'enable_block2' => $enable_block2, 'enable_block3' => $enable_block3, 'sessionid' => $sessionid); echo json_encode($arr); } else { $arr = array('flag' => 'error', 'sessionid' => $sessionid); echo json_encode($arr); }
mysql_query("set names utf8"); // 檢測用戶身份是否正確 // $check_query = mysql_query("select purchase.app_id, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id='$app_id' and member.deviceid='$deviceid' limit 1"); $check_query = mysql_query("select purchase.app_id2, member.deviceid from purchase, member where purchase.username=member.username and purchase.app_id2='{$app_id2}' and member.deviceid='{$deviceid}' limit 1"); $arr = array(); //空的陣列 if ($result = mysql_fetch_array($check_query)) { // 登入成功 // $_SESSION['app_id'] = $result['app_id']; $_SESSION['app_id2'] = $result['app_id2']; $_SESSION['deviceid'] = $result['deviceid']; //jarname save session $_SESSION['jarname'] = $jarname; $_SESSION['sessionid'] = session_id(); // AES $mcrypt = new MCrypt(); // get secret value // $sql = "SELECT secret_value FROM app WHERE app_id='".$_SESSION['app_id']."';"; $sql = "SELECT secret_value FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';"; $result = mysql_query($sql) or die(mysql_error()); $row1 = mysql_fetch_array($result); $secret_value_set = unserialize($row1[0]); //分配 secret value for ($i = 0; $i < 3; $i++) { $n = rand(0, 4); $secret_value[] = $secret_value_set[$n]; } //get personal keys $sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';"; $result = mysql_query($sql) or die(mysql_error()); $row2 = mysql_fetch_array($result);
$len = strlen($string); $pad = $blocksize - $len % $blocksize; $string .= str_repeat(chr($pad), $pad); return $string; } private function strippadding($string) { $slast = ord(substr($string, -1)); $slastc = chr($slast); $pcheck = substr($string, -$slast); if (preg_match("/{$slastc}{" . $slast . "}/", $string)) { $string = substr($string, 0, strlen($string) - $slast); return $string; } else { return false; } } function hexToStr($hex) { $string = ''; for ($i = 0; $i < strlen($hex) - 1; $i += 2) { $string .= chr(hexdec($hex[$i] . $hex[$i + 1])); } return $string; } } $encryption = new MCrypt(); $str = '我是中国人大佛傲东方那份难'; echo $en = $encryption->encrypt($str) . PHP_EOL; echo $de = $encryption->decrypt($en); var_dump($de == $str);
<?php include 'include/config.php'; include 'include/db.php'; include 'include/gcm.php'; include 'include/mcrypt.php'; dbconnect(); include 'include/checklogin.php'; if (isset($_POST["regId"]) && isset($_POST["message"]) && isset($_POST["token"])) { $regId = $_POST["regId"]; $message = $_POST["message"]; $token = $_POST["token"]; $mcrypt = new MCrypt(); $key = $mcrypt->formatKey($token); $encrypted = $mcrypt->encrypt($message, $key); $registration_ids = array($regId); $messageA = array("message" => $encrypted); $result = send_notification($registration_ids, $messageA); } dbclose();