public function login($type = 'public', $redirect = true)
{
// Initialize
global $config;
// Get user row
if (!($user_row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", strtolower($_POST['username'])))) {
$this->invalid_login($type);
}
// Check password
$client = new encrypt();
if ($client->get_password_hash($_POST['password'], $user_row['id']) != $user_row['password']) {
$this->invalid_login($type);
}
// Get session ID
do {
$session_id = generate_random_string(60);
$exists = DB::queryFirstRow("SELECT * FROM auth_sessions WHERE auth_hash = %s", hash('sha512', $session_id)) ? 1 : 0;
} while ($exists > 0);
// Check for 2FA
$require_2fa = false;
if ($config['enable_2fa'] == 'all') {
$require_2fa = true;
} elseif ($config['enable_2fa'] == 'admin' && $user_row['group_id'] == 1) {
$require_2fa = true;
}
// Generate 2FA hash, if needed
if ($require_2fa === true) {
$status_2fa = 0;
$hash_2fa = generate_random_string(60);
// Send e-mail
$url = "http://" . $_SERVER['HTTP_HOST'] . '/2fa/' . $hash_2fa;
mail($user_row['email'], "2FA Authentication - {$config['site_name']}", "You are receiving this e-mail because you just tried to login to {$config['site_name']}, which required 2FA. To proceed with your login, please click on the below URL:\r\n\r\n\t{$url}\r\n\r\nThank you,\r\n{$config['site_name']}\r\n");
} else {
$status_2fa = 1;
$hash_2fa = '';
}
// Create session
DB::insert('auth_sessions', array('userid' => $user_row['id'], 'last_active' => time(), 'auth_hash' => hash('sha512', $session_id), '2fa_status' => $status_2fa, '2fa_hash' => $hash_2fa));
// Set cookie
$cookie_name = COOKIE_NAME . 'auth_hash';
setcookie($cookie_name, $session_id);
// Update alerts
DB::query("UPDATE alerts SET is_new = 0 WHERE is_new = 2 AND userid = %d", $user_row['id']);
DB::query("UPDATE alerts SET is_new = 2 WHERE is_new = 1 AND userid = %d", $user_row['id']);
// Redirect user
if ($status_2fa == 0) {
$route = $type == 'admin' ? 'admin/2fa' : '2fa';
$template = new template($route);
echo $template->parse();
exit(0);
} elseif ($type == 'admin' && $redirect === true) {
header("Location: " . SITE_URI . "/admin/index");
exit(0);
}
// Return
return $user_row['id'];
}
function Login_Validate($User, $Password)
{
echo $Password;
$_SESSION['User'] = '';
$this->AuthUser = new Memberdetails();
$conditions = QQ::Equal(QQN::Memberdetails()->MemberId, $User);
$this->AuthUser = Memberdetails::QuerySingle($conditions);
if (!isset($this->AuthUser)) {
$_SESSION['User'] = '';
return 'Wrong';
} else {
$encrypt = new encrypt();
$storedpass = $encrypt->decrypt_sha1($this->AuthUser->Password);
if ($storedpass != $Password) {
$_SESSION['User'] = '';
return 'Wrong';
} else {
$_SESSION['objUser'] = $this->AuthUser;
return 'Right';
}
}
}
// Check for unspent inputs
$count = DB::queryFirstField("SELECT count(*) FROM coin_inputs WHERE wallet_id = %d AND is_spent = 0", $id);
if ($count > 0) {
$template->add_message("Unable to delete wallet ID# {$id}, as it has unspent inputs. Please transfer the wallet first via the Financial->Transfer Wallet menu.", 'error');
} else {
DB::query("DELETE FROM coin_wallets WHERE id = %d", $id);
}
}
// User message
if ($template->has_errors != 1) {
$template->add_message("Successfully deleted all checked wallets.");
}
// Verify public key
} elseif (isset($_POST['submit']) && $_POST['submit'] == tr('Verify Public Key')) {
// Initialize
$enc = new encrypt();
$b32 = new bip32();
// Get wallet ID
if (!isset($_POST['verify_wallet_id'])) {
$wallet_id = DB::queryFirstField("SELECT id FROM coin_wallets WHERE status = 'active' ORDER BY id LIMIT 0,1");
} else {
$wallet_id = $_POST['verify_wallet_id'];
}
// Gather private keys
$x = 1;
$privkeys = array();
while (1) {
$var = 'verify_private_key' . $x;
if (!isset($_POST[$var])) {
break;
}
<?php
// Initialize
global $template, $config;
$bip32 = new bip32();
// Transfer wallet
if (isset($_POST['submit']) && $_POST['submit'] == tr('Transfer Wallet')) {
// Initialize
$enc_client = new encrypt();
// Get wallet
if (!($wrow = DB::queryFirstRow("SELECT * FROM coin_wallets WHERE id = %d", $_POST['wallet_id']))) {
trigger_error("Wallet does not exist, ID# {$wallet_id}", E_USER_ERROR);
}
// Add new wallet to DB
DB::insert('coin_wallets', array('address_type' => $wrow['address_type'], 'sigs_required' => $wrow['sigs_required'], 'sigs_total' => $wrow['sigs_total'], 'display_name' => $wrow['display_name']));
$new_wallet_id = DB::insertId();
// Gather BIP32 keys
for ($x = 1; $x <= $wrow['sigs_total']; $x++) {
$public_key = $enc_client->encrypt($_POST['public_key' . $x]);
DB::insert('coin_wallets_keys', array('wallet_id' => $new_wallet_id, 'public_key' => $public_key));
}
// Gather private keys
$x = 1;
$privkeys = array();
while (1) {
$var = 'private_key' . $x;
if (!isset($_POST[$var])) {
break;
}
$privkeys[] = $_POST[$var];
$x++;
protected function Register_Click($strFormId, $strControlId, $strParameter)
{
$encrypt = new encrypt();
$this->txtPassword->Text = $encrypt->encrypt_sha1($this->txtPassword->Text);
$this->objMember = new Memberdetails();
$this->objMember->FullName = $this->txtFullName->Text;
$this->objMember->MemberId = $this->txtMemberId->Text;
$this->objMember->Password = $this->txtPassword->Text;
$this->objMember->Active = false;
$this->objMember->Save();
QApplicationBase::Redirect('index.php');
}
include "studentSidebar.php";
?>
<br>
<div class="jumbotron col-sm-6 col-sm-offset-1">
<h3><strong>UCSC Registration</strong></h3>
<?php
//payfor other person check
if (isset($_SESSION['p4o']) && $_SESSION['p4o'] == 1) {
echo "<div class='text text-info'><strong>You are paying for " . $_SESSION['payeeName'] . ". </strong><button class='btn btn-default btn-xs'><a href='payForOtherRemove.php' title='Click here to remove other person.'>I have changed my mind</a></button></div> ";
}
?>
<div class="gap">
<span class="redColor"><strong>* This will not available for undergraduates who already registered with UCSC.</strong></span>
<?php
$encryptObject = new encrypt();
$tra = new Transaction();
$fileObject = new accessFile();
$dataArray = $fileObject->read('Files/data_UCSCregistration');
$urlArray = $fileObject->read_newLine('Files/URLs');
$user = new User();
$amount = $dataArray[0];
if (!$user->isLoggedIn()) {
Redirect::to('index.php');
}
$date1 = strtotime($dataArray[1]);
$date2 = time();
$dayLimit = $date1 - $date2;
$dayLimit = floor($dayLimit / (60 * 60 * 24));
if ($dayLimit < 0) {
// echo "payment is closed!";
public function update()
{
// Initialize
global $template, $config;
// Checks
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$template->add_message("Invalid e-mail address, {$_POST['email']}", 'error');
}
// Set variables
$updates = array();
if ($config['username_field'] == 'email') {
$_POST['new_username'] = $_POST['email'];
}
$old_username = DB::queryFirstField("SELECT username FROM users WHERE id = %d", $this->userid);
// Set updates array
if ($old_username != $_POST['new_username']) {
if ($row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", strtolower($_POST['new_username']))) {
$template->add_message("Unable to change username, as username already exists, {$_POST['new_username']}", 'error');
} else {
$updates['username'] = strtolower($_POST['new_username']);
}
}
// Set other variables
if (isset($_POST['is_admin'])) {
$updates['group_id'] = $_POST['is_admin'] == 1 ? 1 : 2;
}
if (isset($_POST['is_active'])) {
$updates['status'] = $_POST['is_active'] == 1 ? 'active' : 'inactive';
}
if (isset($_POST['full_name'])) {
$updates['full_name'] = $_POST['full_name'];
}
$updates['email'] = strtolower($_POST['email']);
// Update password, if needed
if ($_POST['password'] != '' && $_POST['password'] == $_POST['password2']) {
$client = new encrypt();
$updates['password'] = $client->get_password_hash($_POST['password'], $this->userid);
}
// Get custom fields
$custom_fields = array();
$rows = DB::query("SELECT * FROM users_custom_fields ORDER BY id");
foreach ($rows as $row) {
$var = 'custom' . $row['id'];
if (!isset($_POST[$var])) {
continue;
}
$custom_fields[$var] = $_POST[$var];
}
$updates['custom_fields'] = serialize($custom_fields);
// Update database
if ($template->has_errors != 1) {
DB::update('users', $updates, "id = %d", $this->userid);
return true;
} else {
return false;
}
}
public function address_to_sigscript($address)
{
// Initialize
$enc = new encrypt();
// Get address
if (!($addr_row = DB::queryFirstRow("SELECT * FROM coin_addresses WHERE address = %s", $address))) {
trigger_error("Address does not exist, {$address}", E_USER_ERROR);
}
// Get wallet
if (!($wallet = DB::queryFirstRow("SELECT * FROM coin_wallets WHERE id = %d", $addr_row['wallet_id']))) {
trigger_error("Wallet does not exist, ID# {$addr_row['wallet_id']}", E_USER_ERROR);
}
// Multisig
if ($wallet['address_type'] == 'multisig') {
// Go through addresses
$public_keys = array();
$rows = DB::query("SELECT * FROM coin_addresses_multisig WHERE address = %s ORDER BY id", $address);
foreach ($rows as $row) {
$keyindex = $addr_row['is_change_address'] . '/' . $row['address_num'];
$ext_pubkey = trim($enc->decrypt(DB::queryFirstField("SELECT public_key FROM coin_wallets_keys WHERE id = %d", $row['key_id'])));
$child_pubkey = $this->build_key($ext_pubkey, $keyindex)[0];
$public_keys[] = $this->import($child_pubkey)['key'];
}
// Create redeem script
$scriptsig = $this->create_redeem_script($wallet['sigs_required'], $public_keys);
// Standard
} else {
$decode_address = $this->base58_decode($address);
$scriptsig = '76a914' . substr($decode_address, 2, 40) . '88ac';
}
// Return
return $scriptsig;
}
// Execute hooks
execute_hooks('funds_sent', $send_id);
// User message
$this->add_message("Successfully processed send and broadcast transaction, TxID {$txid}");
// Offline send
} else {
$client = new transaction();
$client->add_send($_POST['wallet_id'], 'pending', $_POST['note'], '', $outputs);
$template->add_message("Successfully queued new send. You may download the appropriate JSON for offline signing via the Pending Sends tab.");
}
}
// Download JSON file
} elseif (isset($_POST['submit']) && $_POST['submit'] == tr('Download JSON File')) {
// Initialize
$bip32 = new bip32();
$encrypt = new encrypt();
// Set variables
$testnet = TESTNET == 1 ? true : false;
$json = array('testnet' => $testnet, 'inputs' => array(), 'outputs' => array());
$send_amount = DB::queryFirstField("SELECT sum(amount) FROM coin_sends WHERE status = 'pending'");
// Get wallet row
if (!($wrow = DB::queryFirstRow("SELECT * FROM coin_wallets WHERE id = %d", $_POST['pending_wallet_id']))) {
trigger_error("Wallet does not exist, ID# {$_POST['pending_wallet_id']}", E_USER_ERROR);
}
// Gather inputs
$input_amount = 0;
$rows = DB::query("SELECT * FROM coin_inputs WHERE is_spent = 0 AND is_confirmed = 1 ORDER BY id");
foreach ($rows as $row) {
if ($input_amount >= $send_amount) {
break;
}
if (empty($_POST['uname'])) {
$res = json_encode(array('error_msg' => 'param is empty(uname)', 'error_code' => -2));
exit($res);
}
if (empty($_POST['code'])) {
$res = json_encode(array('error_msg' => 'param is empty(code)', 'error_code' => -3));
exit($res);
}
//客户端接收数据
$uname = $_POST['uname'];
//加密后MD5值
$code = $_POST['code'];
//服务器端查询数据库
$db = new DB();
$res = $db->get_one('SELECT pwd FROM user where uname="' . $uname . '"');
$pwd = $res['pwd'];
if (empty($pwd)) {
$res = json_encode(array('error_msg' => 'user is not exist', 'error_code' => -4));
exit($res);
}
//加密
$ept = new encrypt();
$server_code = $ept->encrypt($uname, $pwd);
if ($server_code == $code) {
$_SESSION['uname'] = $uname;
$res = json_encode(array('error_msg' => 'success.', 'error_code' => 200));
exit($res);
} else {
$res = json_encode(array('error_msg' => 'password is wrong.', 'error_code' => -1));
exit($res);
}
public function gather_inputs($wallet_id, $amount, $privkeys = array())
{
// Initialize
global $config;
$bip32 = new bip32();
$enc = new encrypt();
// Get wallet
if (!($wallet = DB::queryFirstRow("SELECT * FROM coin_wallets WHERE id = %d", $wallet_id))) {
trigger_error("Wallet does not exist, ID# {$wallet_id}", E_USER_ERROR);
}
// Go through inputs
$inputs = array();
$input_amount = 0;
$rows = DB::query("SELECT * FROM coin_inputs WHERE is_spent = 0 AND is_confirmed = 1 ORDER BY id");
foreach ($rows as $row) {
if ($input_amount >= $amount) {
break;
}
// Get address row
if (!($addr_row = DB::queryFirstRow("SELECT * FROM coin_addresses WHERE address = %s", $row['address']))) {
continue;
}
// Multisig address
if ($wallet['address_type'] == 'multisig') {
// Go through addresses
$keys = array();
$public_keys = array();
$arows = DB::query("SELECT * FROM coin_addresses_multisig WHERE address = %s ORDER BY id", $row['address']);
foreach ($arows as $arow) {
// Get public key
$keyindex = $addr_row['is_change_address'] . '/' . $arow['address_num'];
$ext_pubkey = trim($enc->decrypt(DB::queryFirstField("SELECT public_key FROM coin_wallets_keys WHERE id = %d", $arow['key_id'])));
$child_pubkey = $bip32->build_key($ext_pubkey, $keyindex)[0];
$import = $bip32->import($child_pubkey);
$public_keys[] = $import['key'];
// Go through private keys
foreach ($privkeys as $privkey) {
// Get child key
$child_privkey = $bip32->build_key($privkey, $keyindex)[0];
$chk_pubkey = $bip32->extended_private_to_public($child_privkey);
if ($chk_pubkey != $child_pubkey) {
continue;
}
// Validate privkey
if (!in_array($child_privkey, $keys)) {
$keys[] = $child_privkey;
}
}
}
if (count($keys) < $wallet['sigs_required']) {
continue;
}
// Add to inputs
$vars = array('input_id' => $row['id'], 'txid' => $row['txid'], 'vout' => $row['vout'], 'amount' => $row['amount'], 'scriptsig' => $bip32->create_redeem_script($wallet['sigs_required'], $public_keys), 'public_keys' => $public_keys, 'privkeys' => $keys);
array_push($inputs, $vars);
// Standard address
} else {
// Get private key
$keyindex = $addr_row['is_change_address'] . '/' . $addr_row['address_num'];
$privkey = $bip32->build_key($privkeys[0], $keyindex)[0];
// Get script sig
$decode_address = $bip32->base58_decode($row['address']);
$scriptsig = '76a914' . substr($decode_address, 2, 40) . '88ac';
// Get public key
$public_key = DB::queryFirstField("SELECT public_key FROM coin_wallets_keys WHERE wallet_id = %d ORDER BY id LIMIT 0,1", $wallet_id);
$public_key = trim($enc->decrypt($public_key));
$child_pubkey = $bip32->build_key($public_key, $keyindex)[0];
// Validate key
$chk_pubkey = $bip32->extended_private_to_public($privkey);
if ($chk_pubkey != $child_pubkey) {
continue;
}
// Add to inputs
$vars = array('input_id' => $row['id'], 'txid' => $row['txid'], 'vout' => $row['vout'], 'amount' => $row['amount'], 'scriptsig' => $scriptsig, 'public_keys' => array($public_key), 'privkeys' => array($privkey));
array_push($inputs, $vars);
}
// Add to amounts
$input_amount += $row['amount'];
$amount += $config['btc_txfee'];
}
// Check amount
if ($input_amount < $amount) {
return false;
}
// Return
return $inputs;
}
