public static function registerData($email, $password)
{
//$hashPass = crypt($password);
$crypt = new Mcrypt();
$hashPass = $crypt->encrypt($password);
$newUser = $email . "\t" . $hashPass . "\n";
if (file_put_contents(self::$userLogFile, $newUser, FILE_APPEND) && self::createDirectory($email)) {
return true;
} else {
ErrorLogHandling::register("Wrong registration process, catch line: " . __LINE__ . " ,method: " . __METHOD__ . " ,class: " . get_class($this));
return false;
}
}
public function action_lostPass()
{
$data = AccountData::getAccountData($this->post['email_user']);
if ($data) {
$crypt = new Mcrypt();
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$email_body = "<p style='font-size: 12px; font-family: Tahoma;'>Dear User, <br>" . "<br> User email:<b> " . $this->post['email_user'] . "</b> " . "<br> Password:<b> " . trim($crypt->decrypt($data['pass'])) . "</b><br>\n <p style='font-size: 10px; font-family: Tahoma; color: #0B72B5;'>This email was generated automatically, do not reply to.</p>";
mail($post['email_user'], 'Forgot password to the DRUtES application.', $email_body, $headers);
$this->msg = 'Temporary password has been sent to email.';
return [];
} else {
$this->msg = 'The email address does not exist.';
return [];
}
}
public function _make_file_proxy($file_path)
{
if (!file_exists($file_path)) {
return '';
}
if (!$GLOBALS['is_root'] && $GLOBALS['auth']['explorer:fileDownload'] != 1) {
return '';
}
load_class('mcrypt');
$pass = $GLOBALS['config']['setting_system']['system_password'];
$fid = Mcrypt::encode($file_path, $pass, $GLOBALS['config']['settings']['download_url_time']);
//文件对外界公开的地址;有效期在user_setting.php中设定;末尾追加文件名为了kod远程下载
$file_name = urlencode(get_path_this($file_path));
return APPHOST . 'index.php?user/public_link&fid=' . $fid . '&file_name=/' . $file_name;
}
function save($id, $vars, &$errors)
{
global $cfg;
//very basic checks
$vars['name'] = Format::striptags(trim($vars['name']));
if ($id && $id != $vars['id']) {
$errors['err'] = 'Internal error. Get technical help.';
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Valid email required';
} elseif (($eid = Email::getIdByEmail($vars['email'])) && $eid != $id) {
$errors['email'] = 'Email already exits';
} elseif ($cfg && !strcasecmp($cfg->getAdminEmail(), $vars['email'])) {
$errors['email'] = 'Email already used as admin email!';
} elseif (Staff::getIdByEmail($vars['email'])) {
//make sure the email doesn't belong to any of the staff
$errors['email'] = 'Email in-use by a staff member';
}
if (!$vars['name']) {
$errors['name'] = 'Email name required';
}
if ($vars['mail_active'] || $vars['smtp_active'] && $vars['smtp_auth']) {
if (!$vars['userid']) {
$errors['userid'] = 'Username missing';
}
if (!$id && !$vars['passwd']) {
$errors['passwd'] = 'Password required';
}
}
if ($vars['mail_active']) {
//Check pop/imapinfo only when enabled.
if (!function_exists('imap_open')) {
$errors['mail_active'] = 'IMAP doesn\'t exist. PHP must be compiled with IMAP enabled.';
}
if (!$vars['mail_host']) {
$errors['mail_host'] = 'Host name required';
}
if (!$vars['mail_port']) {
$errors['mail_port'] = 'Port required';
}
if (!$vars['mail_protocol']) {
$errors['mail_protocol'] = 'Select protocol';
}
if (!$vars['mail_fetchfreq'] || !is_numeric($vars['mail_fetchfreq'])) {
$errors['mail_fetchfreq'] = 'Fetch interval required';
}
if (!$vars['mail_fetchmax'] || !is_numeric($vars['mail_fetchmax'])) {
$errors['mail_fetchmax'] = 'Maximum emails required';
}
if (!$vars['dept_id'] || !is_numeric($vars['dept_id'])) {
$errors['dept_id'] = 'You must select a Dept.';
}
if (!$vars['priority_id']) {
$errors['priority_id'] = 'You must select a priority';
}
if (!isset($vars['postfetch'])) {
$errors['postfetch'] = 'Indicate what to do with fetched emails';
} elseif (!strcasecmp($vars['postfetch'], 'archive')) {
if (!$vars['mail_archivefolder']) {
$errors['postfetch'] = 'Valid folder required';
}
}
}
if ($vars['smtp_active']) {
if (!$vars['smtp_host']) {
$errors['smtp_host'] = 'Host name required';
}
if (!$vars['smtp_port']) {
$errors['smtp_port'] = 'Port required';
}
}
//abort on errors
if ($errors) {
return false;
}
if (!$errors && ($vars['mail_host'] && $vars['userid'])) {
$sql = 'SELECT email_id FROM ' . EMAIL_TABLE . ' WHERE mail_host=' . db_input($vars['mail_host']) . ' AND userid=' . db_input($vars['userid']);
if ($id) {
$sql .= ' AND email_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['userid'] = $errors['host'] = 'Host/userid combination already in-use.';
}
}
$passwd = $vars['passwd'] ? $vars['passwd'] : $vars['cpasswd'];
if (!$errors && $vars['mail_active']) {
//note: password is unencrypted at this point...MailFetcher expect plain text.
$fetcher = new MailFetcher($vars['userid'], $passwd, $vars['mail_host'], $vars['mail_port'], $vars['mail_protocol'], $vars['mail_encryption']);
if (!$fetcher->connect()) {
$errors['err'] = 'Invalid login. Check ' . Format::htmlchars($vars['mail_protocol']) . ' settings';
$errors['mail'] = '<br>' . $fetcher->getLastError();
} elseif ($vars['mail_archivefolder'] && !$fetcher->checkMailbox($vars['mail_archivefolder'], true)) {
$errors['postfetch'] = 'Invalid or unknown mail folder! >> ' . $fetcher->getLastError() . '';
if (!$errors['mail']) {
$errors['mail'] = 'Invalid or unknown archive folder!';
}
}
}
if (!$errors && $vars['smtp_active']) {
//Check SMTP login only.
require_once 'Mail.php';
// PEAR Mail package
$smtp = mail::factory('smtp', array('host' => $vars['smtp_host'], 'port' => $vars['smtp_port'], 'auth' => $vars['smtp_auth'] ? true : false, 'username' => $vars['userid'], 'password' => $passwd, 'timeout' => 20, 'debug' => false));
$mail = $smtp->connect();
if (PEAR::isError($mail)) {
$errors['err'] = 'Unable to login. Check SMTP settings.';
$errors['smtp'] = '<br>' . $mail->getMessage();
} else {
$smtp->disconnect();
//Thank you, sir!
}
}
if ($errors) {
return false;
}
//Default to default priority and dept..
if (!$vars['priority_id'] && $cfg) {
$vars['priority_id'] = $cfg->getDefaultPriorityId();
}
if (!$vars['dept_id'] && $cfg) {
$vars['dept_id'] = $cfg->getDefaultDeptId();
}
$sql = 'updated=NOW(),mail_errors=0, mail_lastfetch=NULL' . ',email=' . db_input($vars['email']) . ',name=' . db_input(Format::striptags($vars['name'])) . ',dept_id=' . db_input($vars['dept_id']) . ',priority_id=' . db_input($vars['priority_id']) . ',noautoresp=' . db_input(isset($vars['noautoresp']) ? 1 : 0) . ',userid=' . db_input($vars['userid']) . ',mail_active=' . db_input($vars['mail_active']) . ',mail_host=' . db_input($vars['mail_host']) . ',mail_protocol=' . db_input($vars['mail_protocol'] ? $vars['mail_protocol'] : 'POP') . ',mail_encryption=' . db_input($vars['mail_encryption']) . ',mail_port=' . db_input($vars['mail_port'] ? $vars['mail_port'] : 0) . ',mail_fetchfreq=' . db_input($vars['mail_fetchfreq'] ? $vars['mail_fetchfreq'] : 0) . ',mail_fetchmax=' . db_input($vars['mail_fetchmax'] ? $vars['mail_fetchmax'] : 0) . ',smtp_active=' . db_input($vars['smtp_active']) . ',smtp_host=' . db_input($vars['smtp_host']) . ',smtp_port=' . db_input($vars['smtp_port'] ? $vars['smtp_port'] : 0) . ',smtp_auth=' . db_input($vars['smtp_auth']) . ',smtp_spoofing=' . db_input(isset($vars['smtp_spoofing']) ? 1 : 0) . ',notes=' . db_input($vars['notes']);
//Post fetch email handling...
if ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'delete')) {
$sql .= ',mail_delete=1,mail_archivefolder=NULL';
} elseif ($vars['postfetch'] && !strcasecmp($vars['postfetch'], 'archive') && $vars['mail_archivefolder']) {
$sql .= ',mail_delete=0,mail_archivefolder=' . db_input($vars['mail_archivefolder']);
} else {
$sql .= ',mail_delete=0,mail_archivefolder=NULL';
}
if ($vars['passwd']) {
//New password - encrypt.
$sql .= ',userpass='******'passwd'], SECRET_SALT));
}
if ($id) {
//update
$sql = 'UPDATE ' . EMAIL_TABLE . ' SET ' . $sql . ' WHERE email_id=' . db_input($id);
if (db_query($sql) && db_affected_rows()) {
return true;
}
$errors['err'] = 'Unable to update email. Internal error occurred';
} else {
$sql = 'INSERT INTO ' . EMAIL_TABLE . ' SET ' . $sql . ',created=NOW()';
if (db_query($sql) && ($id = db_insert_id())) {
return $id;
}
$errors['err'] = 'Unable to add email. Internal error';
}
return false;
}
/**
* Converts an encoded hash to the original value
* @param string $hash
* @param string $key
* @return string Decrypted string
*/
public static function decode_hash($hash, $key = NULL)
{
if ($key === NULL) {
$key = self::$key;
}
return Mcrypt::decrypt($hash, NULL, NULL, $key);
}
public function public_link()
{
load_class('mcrypt');
$pass = $this->config['setting_system']['system_password'];
$path = Mcrypt::decode($this->in['fid'], $pass);
//一天内解密有效
if (strlen($path) == 0) {
show_json($this->L['error'], false);
}
if (!file_exists($path)) {
show_tips($this->L['not_exists']);
}
file_put_out($path);
}
public function makeFileProxy()
{
load_class('mcrypt');
$pass = $this->config['setting_system']['system_password'];
$fid = Mcrypt::encode($this->path, $pass, 60 * 50 * 24);
show_json($fid);
}
}
#使用APP調用API
if ($model == 'AppApi') {
header('Content-Type: application/json; charset=utf-8');
$eventobj = !empty($_POST['event']) ? $_POST['event'] : '';
if (empty($eventobj)) {
$errinfo = array('status' => 1, 'msg' => 'no data.', 'alert' => '貼心提醒:APP請更新至最新版或再重新嘗試一次');
print_r(json_encode($errinfo));
exit;
} else {
#紀錄POST
dbconn::postlog($eventobj);
#解密
$key = 'FD91861EE35E838D';
$mode = MCRYPT_MODE_ECB;
$mcrypt = new Mcrypt();
$mcrypt->setkey($key);
$mcrypt->setMode($mode);
if (!isJson($eventobj)) {
$errinfo = array('status' => 2, 'msg' => 'data err.', 'alert' => '貼心提醒:APP請更新至最新版或再重新嘗試一次');
print_r(json_encode($errinfo));
exit;
}
$eventarray = json_decode($eventobj);
if (!empty($eventarray->user_id)) {
$infoarray['user_id'] = $mcrypt->testdecrypt($key, $eventarray->user_id);
}
if (!empty($eventarray->device_id)) {
$infoarray['device_id'] = $mcrypt->testdecrypt($key, $eventarray->device_id);
}
if (empty($infoarray['user_id']) or empty($infoarray['device_id'])) {
/**
* Instantiate crypt model
*
* @param string $key
* @return Crypt_Mcrypt
*/
protected function _getCrypt($key = null)
{
if (!$this->_crypt) {
$crypt = new Mcrypt();
$this->_crypt = $crypt->init($key);
}
return $this->_crypt;
}
public function _make_file_proxy($file_path)
{
if (!file_exists($file_path)) {
return '';
}
if (!$GLOBALS['is_root'] && $GLOBALS['auth']['explorer:fileDownload'] != 1) {
return '';
}
load_class('mcrypt');
$pass = $GLOBALS['config']['setting_system']['system_password'];
$fid = Mcrypt::encode($file_path, $pass, $GLOBALS['config']['settings']['download_url_time']);
//Documents outside public address; valid set of user setting.php; append the file name of the remote download kod
$file_name = urlencode(get_path_this($file_path));
return APPHOST . 'index.php?user/public_link&fid=' . $fid . '&file_name=/' . $file_name;
}
public function _make_file_proxy($file_path)
{
if (!file_exists($file_path)) {
return '';
}
load_class('mcrypt');
$pass = $GLOBALS['config']['setting_system']['system_password'];
$fid = Mcrypt::encode($file_path, $pass, $GLOBALS['config']['settings']['download_url_time']);
$file_name = urlencode(get_path_this($file_path));
return APPHOST . 'index.php?user/public_link&fid=' . $fid . '&file_name=/' . $file_name;
}
