function voucher_action() { global $wpdb; $result = array('message' => '', 'result' => array(), 'status' => false, 'post_id' => '', 'error' => ''); $id = (int) $_REQUEST['code']; $fullname = $_REQUEST['fullname']; $email = $_REQUEST['email']; $phone = $_REQUEST['phone']; $note = $_REQUEST['note']; $total = $_REQUEST['total']; $code = random_code(); if (empty($fullname)) { $result['error'] .= '- Họ tên không được bỏ trống.<br>'; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $result['error'] .= '- Định dạng email không hợp lệ. <br>'; } if (empty($phone)) { $result['error'] .= '- Số điện thoại được bỏ trống.<br>'; } if (!is_numeric($total) || $total > 7) { $result['error'] .= '- Số lượng phải nhỏ hơn 7 và là số nguyên. <br>'; } $list_code = get_field('code', $id); $list_code = explode(',', $list_code); if (is_numeric($total) && $total > count($list_code)) { $result['error'] .= '- Hiện tại chúng tôi chỉ còn ' . count($list_code) . ' Voucher.'; } if (empty($result[error])) { $data = array('post_id' => $id, 'fullname' => $fullname, 'email' => $email, 'phone' => $phone, 'note' => $note, 'created' => time(), 'code' => $code, 'total' => $total, 'status' => 0); if ($data) { $insert = $wpdb->insert('wp_voucher_post', $data, array("%s", "%s", "%s", "%s", "%s", "%s", "%s")); if ($insert == true) { // send email $title = 'Nhận mã kích hoạt Voucher - unimedia.vn'; $message = 'Chào bạn ' . $fullname . ',<br><br> Cám ơn bạn đã đăng ký voucher của chúng tôi.<br><br>'; $message .= 'Mã kích hoạt là:' . $code; if ($message && !wp_mail($email, $title, $message)) { wp_die(__('Không thể gửi email.') . "<br />\n" . __('Lỗi không thể gửi email...')); } else { $result['message'] = 'Mã kích hoạt đã được gửi về email của bạn. Bạn kiểm tra email để kích hoat.'; $result['status'] = true; $result['post_id'] = $id; } } else { $result['message'] = 'Gửi thông tin thất bại vui lòng kiểm tra lại.'; } } } $result['result'] = $data; echo json_encode($result); die; }
$banned = false; switch ($action) { case 'login': $name = htmlspecialchars(trim($_REQUEST['name'])); $password = $_REQUEST['password']; // perform login of user if ($authPlugin->authenticate($name, $password, $userId)) { if ($userId === false) { $userId = usr_create(array('usr_name' => $name, 'usr_grp' => $authPlugin->getDefaultGroupId(), 'usr_sts' => 2, 'usr_active' => 1)); } $userData = usr_get_data($userId); if ($userData['ban'] < $kga['conf']['loginTries'] || time() - $userData['banTime'] > $kga['conf']['loginBanTime']) { // logintries not used up OR // bantime is over // => grant access $keymai = random_code(30); setcookie("kimai_key", $keymai); setcookie("kimai_usr", $userData['usr_name']); loginSetKey($userId, $keymai); header("Location: record.php"); } else { // login attempt even though logintries are used up and bantime is not over => deny setcookie("kimai_key", "0"); setcookie("kimai_usr", "0"); loginUpdateBan($userId); $banned = true; } } else { // wrong username/password => deny setcookie("kimai_key", "0"); setcookie("kimai_usr", "0");
// Prevent multiple auths in case the user returns to this page. $_SESSION['s_preauth'] = "HAS_PREAUTH"; $_SESSION['s_codeToEnter'] = ""; header('Location: msg_main.php'); exit; } else { echo "Invalid Code Entered."; exit; } } else { if ($_SESSION['s_delivery'] == "s") { // sms auth sms_random_code_auth(); } else { // Phone auth $data = random_code(); send_phone_auth($data); } ?> <b> Your security code has been sent and you will receive a call (there will be a two second delay before hearing the code). Please enter the code in the box below.</b><p> <form method="post" action="<?php print $_SERVER['PHP_SELF']; ?> "> One-time code: <input type="text" size="6" name="code"> <input type="submit" name="submit" value="Submit"> <form>
function user_login($login, $index, $url) { if (!empty($login['username']) && !empty($login['password'])) { $result = request_select($index, $login); if ($result) { foreach ($result as $row) { if ($row->user_username == $login['username'] && $row->user_password == $login['password']) { if ($row->user_role == 'admin') { $username = $login['username']; $res = request_select('isset-cookie', $username); // is username exit in cookie table if ($res) { foreach ($res as $user) { $cookie_name = $user->cookie_name; } // if username exist && a cookie exist and isset if ($username == $user->cookie_username && isset($_COOKIE[$cookie_name]) && $_COOKIE[$cookie_name] == $user->cookie_value) { if ($url) { header("location:{$url}"); exit; } else { header("location:admin/index.php"); exit; } // end else } elseif ($username == $user->cookie_username && !isset($_COOKIE[$cookie_name]) && $_COOKIE[$cookie_name] != $user->cookie_value) { $cookie_name = random_code(); $cookie_value = random_code(); $update = array("cookie_name" => "{$cookie_name}", "cookie_value" => "{$cookie_value}", "cookie_username" => "{$user->cookie_username}"); $upd = request_update('cookie_update', $update); if ($upd) { setcookie($cookie_name, $cookie_value, time() + 86400 * 30, "/"); if ($url) { header("location:{$url}"); exit; } else { header("location:admin/index.php"); exit; } // end else } // end if($upd) } // end elseif } elseif (!$res) { $cookie_name = random_code(); //$login['username']; $cookie_value = random_code(); //md5($login['username']); $cookie = array("cookie_name" => "{$cookie_name}", "cookie_value" => "{$cookie_value}", "cookie_username" => "{$username}"); $coo = request_insert('create-cookie', $cookie); if ($coo) { setcookie($cookie_name, $cookie_value, time() + 86400 * 30, "/"); if ($url) { header("location:{$url}"); exit; } else { header("location:admin/index.php"); exit; } // end else } // end if($coo) } // end elseif(!$res) } elseif ($row->user_role != 'admin') { echo "you can not login because you are not admin"; } } // end if } // end foreach() } // end if($result) if (!$result) { echo "username or passwrod is not correct"; } } elseif (empty($login['username']) && empty($login['password'])) { echo "please full username and password fields"; } }
$site_name = mysql_real_escape_string($_POST['site_name']); $site_base_url = mysql_real_escape_string($_POST['site_base_url']); //remove starting / if (substr($site_base_url, 0, 1) == '/') { $site_base_url = substr($site_base_url, 1); } $date_format = mysql_real_escape_string($_POST['date_format']); $path_to_ffmpeg = mysql_real_escape_string($_POST['path_to_ffmpeg']); $path_to_flvtool2 = mysql_real_escape_string($_POST['path_to_flvtool2']); $path_to_mencoder = mysql_real_escape_string($_POST['path_to_mencoder']); $notifications_from_email = mysql_real_escape_string($_POST['notifications_from_email']); $from_system_name = mysql_real_escape_string($_POST['from_system_name']); //Update Database $dbase->UpdateRecord("UPDATE general_settings SET\r\n site_name\t='{$site_name}',\r\n\t\t\t\t\t\t\t\t\tsite_base_url\t='{$site_base_url}',\r\n\t\t\t\t\t\t\t\t\tdate_format\t='{$date_format}',\r\n\t\t\t\t\t\t\t\t\tpath_to_ffmpeg\t='{$path_to_ffmpeg}',\r\n\t\t\t\t\t\t\t\t\tpath_to_flvtool2\t='{$path_to_flvtool2}',\r\n\t\t\t\t\t\t\t\t\tpath_to_mencoder\t='{$path_to_mencoder}',\r\n\t\t\t\t\t\t\t\t\tnotifications_from_email\t='{$notifications_from_email}',\r\n\t\t\t\t\t\t\t\t\tfrom_system_name\t='{$from_system_name}'"); //set password etc $random_code = random_code(); $password = md5($admin_password); $passwordSalt = substr(md5(rand()), 0, 4); //add the admin user $dbase->InsertRecord("INSERT into member_profile (\r\n\t\t user_name, password, passwordSalt, email_address, account_status, account_type, date_created, random_code, user_group\r\n\t\t\t\t ) VALUES (\r\n\t\t\t\t '{$admin_username}', '{$password}', '{$passwordSalt}', '{$admin_email}', 'active', 'standard', NOW(), '{$random_code}', 'admin')"); //create admin privacy $dbase->InsertRecord("INSERT INTO privacy (\r\n\t\t videocomments, profilecomments, privatemessage, friendsinvite, newsletter, user_id, publicfavorites, publicplaylists\r\n\t\t\t\t\t\t\t ) VALUES (\r\n\t\t\t\t\t\t\t 'yes', 'yes', 'yes', 'yes', 'yes', 1, 'yes', 'yes')"); //check mysql errors if (!$dbase->obj_status) { $notifications = 1; $notice = "Error! - Mysql error: " . $dbase->last_error; $proceed = false; } //write to file if ($proceed) { include_once BASE_PATH . '/siteadmin/configbuilder.php';
<?php require_once '../core/init.php'; req::once('functions/rand_pass.php'); $user = new user(); if ($user->hasPermission('logged in')) { redirect::to('index.php'); } if (input::exists()) { $validate = new validate(); $validate->check($_POST, array('email' => array('required' => true, 'min' => 2, 'max' => 32, 'unique' => 'users', 'email' => true), 'password' => array('required' => true, 'min' => 6, 'max' => 32), 'confirmation' => array('required' => true, 'matches' => 'password'))); if ($validate->passed()) { $user = new user(); $salt = hash::salt(32); $activation_code = random_code(16); $activation_hash = hash::make($activation_code); try { $id = $user->create(array('email' => input::get('email'), 'type' => input::get('account_type'), 'status' => 'u', 'password' => hash::make(input::get('password'), $salt), 'salt' => $salt, 'activation_code' => $activation_hash)); mail(input::get('email'), 'Thank you for registering with MyBasket', 'To activate your account, go here: ' . config::get('site_url') . '/activate.php?code=' . $activation_code . '&user='******'email')); $db = db::getInstance(); if (input::get('account_type') === 'l') { $db->insert('lab_user_data', array('user_id' => $id)); } else { if (input::get('account_type') === 'd') { $db->insert('ds_user_data', array('user_id' => $id)); } } } catch (Exception $e) { die($e->getMessage()); } }
<?php function random_code($length = 16) { $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#\$%^&*()_-=+;:,.?"; $code = substr(str_shuffle($chars), 0, $length); return $code; } include "gmail.php"; require "header.php"; if (isset($_SESSION['SESS_LOGGEDIN'])) { if (isset($_POST['paypalsubmit'])) { $email_rec = $_POST['email']; $code = random_code(16); $subject = "This is a gift from your friend!"; $message = "<p>This is a gift from your friend to redeem, please visit.<br>\n\t\t\tPlease go to Login/Register->Myaccount->Redeem Giftcard. Thank you.<br>\n\t\t\tIf you have any questions, Please email me back.</p><p>Redeem code: {$code}</p>"; gmail($email_rec, $subject, $message); $upsql = "UPDATE orders SET date = now(), Paid = 1, code = '" . $code . "' WHERE id = " . $_SESSION['SESS_ORDERNUM']; $upres = mysqli_query($mysqli, $upsql) or die(mysqli_error($mysqli)); $itemssql = "SELECT * FROM orders WHERE id = " . $_SESSION['SESS_ORDERNUM']; unset($_SESSION['SESS_ORDERNUM']); $itemsres = mysqli_query($mysqli, $itemssql) or die(mysqli_error($mysqli)); $row = mysqli_fetch_assoc($itemsres); header("Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=you%40youraddress.com&item_name=" . urlencode($config_sitename) . "+Order&item_number=PROD" . $row['id'] . "&amount=" . urlencode(sprintf('%.2f', $row['total'])) . "&no_note=1¤cy_code=USD&lc=US&submit.x=41&submit.y=15"); } $total = 0; $custsql = "SELECT id from orders WHERE Paid = 0 AND customer_id = " . $_SESSION['SESS_USERID']; $custres = mysqli_query($mysqli, $custsql) or die(mysqli_error($mysqli)); $custnumrows = mysqli_num_rows($custres); if ($custnumrows != 0) { $custrow = mysqli_fetch_assoc($custres);
*/ function random_code($length = 8) { srand(); $possible_charactors = "0123456789"; $string = ""; while (strlen($string) < $length) { $string .= substr($possible_charactors, rand() % strlen($possible_charactors), 1); } return $string; } ob_clean(); //关键代码,防止出现'图像因其本身有错无法显示'的问题。 Header("Content-type: image/PNG"); session_start(); $str = strtoupper(random_code(4)); //随机生成的字符串 $width = 60; //验证码图片的宽度 $height = 20; //验证码图片的高度 setcookie('verifycode', $str, time() + 3600, "/"); // $_SESSION["verifycode"] = $str; $im = imagecreate($width, $height); //要先开启GD库,解决办法:在php.ini中找到;extension=php_gd2.dll去掉前边的分号 $back = imagecolorallocate($im, 0xff, 0xff, 0xff); //背景色 $pix = imagecolorallocate($im, 231, 248, 252); //模糊点颜色 //$font=imagecolorallocate($im,41,163,238); $font = imagecolorallocate($im, 238, 0, 148);
$view->assign('headline', $kga['lang']['accessDenied']); $view->assign('message', $kga['lang']['wrongPass']); $view->assign('refresh', '<meta http-equiv="refresh" content="5;URL=index.php">'); echo $view->render('misc/error.php'); } } else { // perform login of user if ($authPlugin->authenticate($name, $password, $userId)) { if ($userId === false) { $userId = $database->user_create(array('name' => $name, 'globalRoleID' => $authPlugin->getDefaultGlobalRole(), 'active' => 1)); $database->setGroupMemberships($userId, array($authPlugin->getDefaultGroups())); } $userData = $database->user_get_data($userId); if ($userData['ban'] < $kga->getLoginTriesBeforeBan() || time() - $userData['banTime'] > $kga->getLoginBanTime()) { // login tries not used up OR bantime is over => grant access $loginKey = random_code(30); setcookie('kimai_key', $loginKey); setcookie('kimai_user', $userData['name']); $database->user_loginSetKey($userId, $loginKey); header('Location: core/kimai.php'); } else { // login attempt even though logintries are used up and bantime is not over => deny setcookie('kimai_key', '0'); setcookie('kimai_user', '0'); $database->loginUpdateBan($userId); $view->assign('headline', $kga['lang']['banned']); $view->assign('message', $kga['lang']['tooManyLogins']); $view->assign('refresh', '<meta http-equiv="refresh" content="5;URL=index.php">'); echo $view->render('misc/error.php'); } } else {