function voucher_action()
{
global $wpdb;
$result = array('message' => '', 'result' => array(), 'status' => false, 'post_id' => '', 'error' => '');
$id = (int) $_REQUEST['code'];
$fullname = $_REQUEST['fullname'];
$email = $_REQUEST['email'];
$phone = $_REQUEST['phone'];
$note = $_REQUEST['note'];
$total = $_REQUEST['total'];
$code = random_code();
if (empty($fullname)) {
$result['error'] .= '- Họ tên không được bỏ trống.<br>';
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$result['error'] .= '- Định dạng email không hợp lệ. <br>';
}
if (empty($phone)) {
$result['error'] .= '- Số điện thoại được bỏ trống.<br>';
}
if (!is_numeric($total) || $total > 7) {
$result['error'] .= '- Số lượng phải nhỏ hơn 7 và là số nguyên. <br>';
}
$list_code = get_field('code', $id);
$list_code = explode(',', $list_code);
if (is_numeric($total) && $total > count($list_code)) {
$result['error'] .= '- Hiện tại chúng tôi chỉ còn ' . count($list_code) . ' Voucher.';
}
if (empty($result[error])) {
$data = array('post_id' => $id, 'fullname' => $fullname, 'email' => $email, 'phone' => $phone, 'note' => $note, 'created' => time(), 'code' => $code, 'total' => $total, 'status' => 0);
if ($data) {
$insert = $wpdb->insert('wp_voucher_post', $data, array("%s", "%s", "%s", "%s", "%s", "%s", "%s"));
if ($insert == true) {
// send email
$title = 'Nhận mã kích hoạt Voucher - unimedia.vn';
$message = 'Chào bạn ' . $fullname . ',<br><br> Cám ơn bạn đã đăng ký voucher của chúng tôi.<br><br>';
$message .= 'Mã kích hoạt là:' . $code;
if ($message && !wp_mail($email, $title, $message)) {
wp_die(__('Không thể gửi email.') . "<br />\n" . __('Lỗi không thể gửi email...'));
} else {
$result['message'] = 'Mã kích hoạt đã được gửi về email của bạn. Bạn kiểm tra email để kích hoat.';
$result['status'] = true;
$result['post_id'] = $id;
}
} else {
$result['message'] = 'Gửi thông tin thất bại vui lòng kiểm tra lại.';
}
}
}
$result['result'] = $data;
echo json_encode($result);
die;
}
$banned = false;
switch ($action) {
case 'login':
$name = htmlspecialchars(trim($_REQUEST['name']));
$password = $_REQUEST['password'];
// perform login of user
if ($authPlugin->authenticate($name, $password, $userId)) {
if ($userId === false) {
$userId = usr_create(array('usr_name' => $name, 'usr_grp' => $authPlugin->getDefaultGroupId(), 'usr_sts' => 2, 'usr_active' => 1));
}
$userData = usr_get_data($userId);
if ($userData['ban'] < $kga['conf']['loginTries'] || time() - $userData['banTime'] > $kga['conf']['loginBanTime']) {
// logintries not used up OR
// bantime is over
// => grant access
$keymai = random_code(30);
setcookie("kimai_key", $keymai);
setcookie("kimai_usr", $userData['usr_name']);
loginSetKey($userId, $keymai);
header("Location: record.php");
} else {
// login attempt even though logintries are used up and bantime is not over => deny
setcookie("kimai_key", "0");
setcookie("kimai_usr", "0");
loginUpdateBan($userId);
$banned = true;
}
} else {
// wrong username/password => deny
setcookie("kimai_key", "0");
setcookie("kimai_usr", "0");
// Prevent multiple auths in case the user returns to this page.
$_SESSION['s_preauth'] = "HAS_PREAUTH";
$_SESSION['s_codeToEnter'] = "";
header('Location: msg_main.php');
exit;
} else {
echo "Invalid Code Entered.";
exit;
}
} else {
if ($_SESSION['s_delivery'] == "s") {
// sms auth
sms_random_code_auth();
} else {
// Phone auth
$data = random_code();
send_phone_auth($data);
}
?>
<b> Your security code has been sent and you will receive a call (there will be a two second delay before hearing the code). Please enter the code in the box below.</b><p>
<form method="post" action="<?php
print $_SERVER['PHP_SELF'];
?>
">
One-time code: <input type="text" size="6" name="code"> <input type="submit" name="submit" value="Submit">
<form>
function user_login($login, $index, $url)
{
if (!empty($login['username']) && !empty($login['password'])) {
$result = request_select($index, $login);
if ($result) {
foreach ($result as $row) {
if ($row->user_username == $login['username'] && $row->user_password == $login['password']) {
if ($row->user_role == 'admin') {
$username = $login['username'];
$res = request_select('isset-cookie', $username);
// is username exit in cookie table
if ($res) {
foreach ($res as $user) {
$cookie_name = $user->cookie_name;
}
// if username exist && a cookie exist and isset
if ($username == $user->cookie_username && isset($_COOKIE[$cookie_name]) && $_COOKIE[$cookie_name] == $user->cookie_value) {
if ($url) {
header("location:{$url}");
exit;
} else {
header("location:admin/index.php");
exit;
}
// end else
} elseif ($username == $user->cookie_username && !isset($_COOKIE[$cookie_name]) && $_COOKIE[$cookie_name] != $user->cookie_value) {
$cookie_name = random_code();
$cookie_value = random_code();
$update = array("cookie_name" => "{$cookie_name}", "cookie_value" => "{$cookie_value}", "cookie_username" => "{$user->cookie_username}");
$upd = request_update('cookie_update', $update);
if ($upd) {
setcookie($cookie_name, $cookie_value, time() + 86400 * 30, "/");
if ($url) {
header("location:{$url}");
exit;
} else {
header("location:admin/index.php");
exit;
}
// end else
}
// end if($upd)
}
// end elseif
} elseif (!$res) {
$cookie_name = random_code();
//$login['username'];
$cookie_value = random_code();
//md5($login['username']);
$cookie = array("cookie_name" => "{$cookie_name}", "cookie_value" => "{$cookie_value}", "cookie_username" => "{$username}");
$coo = request_insert('create-cookie', $cookie);
if ($coo) {
setcookie($cookie_name, $cookie_value, time() + 86400 * 30, "/");
if ($url) {
header("location:{$url}");
exit;
} else {
header("location:admin/index.php");
exit;
}
// end else
}
// end if($coo)
}
// end elseif(!$res)
} elseif ($row->user_role != 'admin') {
echo "you can not login because you are not admin";
}
}
// end if
}
// end foreach()
}
// end if($result)
if (!$result) {
echo "username or passwrod is not correct";
}
} elseif (empty($login['username']) && empty($login['password'])) {
echo "please full username and password fields";
}
}
$site_name = mysql_real_escape_string($_POST['site_name']);
$site_base_url = mysql_real_escape_string($_POST['site_base_url']);
//remove starting /
if (substr($site_base_url, 0, 1) == '/') {
$site_base_url = substr($site_base_url, 1);
}
$date_format = mysql_real_escape_string($_POST['date_format']);
$path_to_ffmpeg = mysql_real_escape_string($_POST['path_to_ffmpeg']);
$path_to_flvtool2 = mysql_real_escape_string($_POST['path_to_flvtool2']);
$path_to_mencoder = mysql_real_escape_string($_POST['path_to_mencoder']);
$notifications_from_email = mysql_real_escape_string($_POST['notifications_from_email']);
$from_system_name = mysql_real_escape_string($_POST['from_system_name']);
//Update Database
$dbase->UpdateRecord("UPDATE general_settings SET\r\n site_name\t='{$site_name}',\r\n\t\t\t\t\t\t\t\t\tsite_base_url\t='{$site_base_url}',\r\n\t\t\t\t\t\t\t\t\tdate_format\t='{$date_format}',\r\n\t\t\t\t\t\t\t\t\tpath_to_ffmpeg\t='{$path_to_ffmpeg}',\r\n\t\t\t\t\t\t\t\t\tpath_to_flvtool2\t='{$path_to_flvtool2}',\r\n\t\t\t\t\t\t\t\t\tpath_to_mencoder\t='{$path_to_mencoder}',\r\n\t\t\t\t\t\t\t\t\tnotifications_from_email\t='{$notifications_from_email}',\r\n\t\t\t\t\t\t\t\t\tfrom_system_name\t='{$from_system_name}'");
//set password etc
$random_code = random_code();
$password = md5($admin_password);
$passwordSalt = substr(md5(rand()), 0, 4);
//add the admin user
$dbase->InsertRecord("INSERT into member_profile (\r\n\t\t user_name, password, passwordSalt, email_address, account_status, account_type, date_created, random_code, user_group\r\n\t\t\t\t ) VALUES (\r\n\t\t\t\t '{$admin_username}', '{$password}', '{$passwordSalt}', '{$admin_email}', 'active', 'standard', NOW(), '{$random_code}', 'admin')");
//create admin privacy
$dbase->InsertRecord("INSERT INTO privacy (\r\n\t\t videocomments, profilecomments, privatemessage, friendsinvite, newsletter, user_id, publicfavorites, publicplaylists\r\n\t\t\t\t\t\t\t ) VALUES (\r\n\t\t\t\t\t\t\t 'yes', 'yes', 'yes', 'yes', 'yes', 1, 'yes', 'yes')");
//check mysql errors
if (!$dbase->obj_status) {
$notifications = 1;
$notice = "Error! - Mysql error: " . $dbase->last_error;
$proceed = false;
}
//write to file
if ($proceed) {
include_once BASE_PATH . '/siteadmin/configbuilder.php';
<?php
require_once '../core/init.php';
req::once('functions/rand_pass.php');
$user = new user();
if ($user->hasPermission('logged in')) {
redirect::to('index.php');
}
if (input::exists()) {
$validate = new validate();
$validate->check($_POST, array('email' => array('required' => true, 'min' => 2, 'max' => 32, 'unique' => 'users', 'email' => true), 'password' => array('required' => true, 'min' => 6, 'max' => 32), 'confirmation' => array('required' => true, 'matches' => 'password')));
if ($validate->passed()) {
$user = new user();
$salt = hash::salt(32);
$activation_code = random_code(16);
$activation_hash = hash::make($activation_code);
try {
$id = $user->create(array('email' => input::get('email'), 'type' => input::get('account_type'), 'status' => 'u', 'password' => hash::make(input::get('password'), $salt), 'salt' => $salt, 'activation_code' => $activation_hash));
mail(input::get('email'), 'Thank you for registering with MyBasket', 'To activate your account, go here: ' . config::get('site_url') . '/activate.php?code=' . $activation_code . '&user='******'email'));
$db = db::getInstance();
if (input::get('account_type') === 'l') {
$db->insert('lab_user_data', array('user_id' => $id));
} else {
if (input::get('account_type') === 'd') {
$db->insert('ds_user_data', array('user_id' => $id));
}
}
} catch (Exception $e) {
die($e->getMessage());
}
}
<?php
function random_code($length = 16)
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#\$%^&*()_-=+;:,.?";
$code = substr(str_shuffle($chars), 0, $length);
return $code;
}
include "gmail.php";
require "header.php";
if (isset($_SESSION['SESS_LOGGEDIN'])) {
if (isset($_POST['paypalsubmit'])) {
$email_rec = $_POST['email'];
$code = random_code(16);
$subject = "This is a gift from your friend!";
$message = "<p>This is a gift from your friend to redeem, please visit.<br>\n\t\t\tPlease go to Login/Register->Myaccount->Redeem Giftcard. Thank you.<br>\n\t\t\tIf you have any questions, Please email me back.</p><p>Redeem code: {$code}</p>";
gmail($email_rec, $subject, $message);
$upsql = "UPDATE orders SET date = now(), Paid = 1, code = '" . $code . "' WHERE id = " . $_SESSION['SESS_ORDERNUM'];
$upres = mysqli_query($mysqli, $upsql) or die(mysqli_error($mysqli));
$itemssql = "SELECT * FROM orders WHERE id = " . $_SESSION['SESS_ORDERNUM'];
unset($_SESSION['SESS_ORDERNUM']);
$itemsres = mysqli_query($mysqli, $itemssql) or die(mysqli_error($mysqli));
$row = mysqli_fetch_assoc($itemsres);
header("Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=you%40youraddress.com&item_name=" . urlencode($config_sitename) . "+Order&item_number=PROD" . $row['id'] . "&amount=" . urlencode(sprintf('%.2f', $row['total'])) . "&no_note=1¤cy_code=USD&lc=US&submit.x=41&submit.y=15");
}
$total = 0;
$custsql = "SELECT id from orders WHERE Paid = 0 AND customer_id = " . $_SESSION['SESS_USERID'];
$custres = mysqli_query($mysqli, $custsql) or die(mysqli_error($mysqli));
$custnumrows = mysqli_num_rows($custres);
if ($custnumrows != 0) {
$custrow = mysqli_fetch_assoc($custres);
*/
function random_code($length = 8)
{
srand();
$possible_charactors = "0123456789";
$string = "";
while (strlen($string) < $length) {
$string .= substr($possible_charactors, rand() % strlen($possible_charactors), 1);
}
return $string;
}
ob_clean();
//关键代码,防止出现'图像因其本身有错无法显示'的问题。
Header("Content-type: image/PNG");
session_start();
$str = strtoupper(random_code(4));
//随机生成的字符串
$width = 60;
//验证码图片的宽度
$height = 20;
//验证码图片的高度
setcookie('verifycode', $str, time() + 3600, "/");
// $_SESSION["verifycode"] = $str;
$im = imagecreate($width, $height);
//要先开启GD库,解决办法:在php.ini中找到;extension=php_gd2.dll去掉前边的分号
$back = imagecolorallocate($im, 0xff, 0xff, 0xff);
//背景色
$pix = imagecolorallocate($im, 231, 248, 252);
//模糊点颜色
//$font=imagecolorallocate($im,41,163,238);
$font = imagecolorallocate($im, 238, 0, 148);
$view->assign('headline', $kga['lang']['accessDenied']);
$view->assign('message', $kga['lang']['wrongPass']);
$view->assign('refresh', '<meta http-equiv="refresh" content="5;URL=index.php">');
echo $view->render('misc/error.php');
}
} else {
// perform login of user
if ($authPlugin->authenticate($name, $password, $userId)) {
if ($userId === false) {
$userId = $database->user_create(array('name' => $name, 'globalRoleID' => $authPlugin->getDefaultGlobalRole(), 'active' => 1));
$database->setGroupMemberships($userId, array($authPlugin->getDefaultGroups()));
}
$userData = $database->user_get_data($userId);
if ($userData['ban'] < $kga->getLoginTriesBeforeBan() || time() - $userData['banTime'] > $kga->getLoginBanTime()) {
// login tries not used up OR bantime is over => grant access
$loginKey = random_code(30);
setcookie('kimai_key', $loginKey);
setcookie('kimai_user', $userData['name']);
$database->user_loginSetKey($userId, $loginKey);
header('Location: core/kimai.php');
} else {
// login attempt even though logintries are used up and bantime is not over => deny
setcookie('kimai_key', '0');
setcookie('kimai_user', '0');
$database->loginUpdateBan($userId);
$view->assign('headline', $kga['lang']['banned']);
$view->assign('message', $kga['lang']['tooManyLogins']);
$view->assign('refresh', '<meta http-equiv="refresh" content="5;URL=index.php">');
echo $view->render('misc/error.php');
}
} else {
