public function writeLog($message, $mode = 'all')
{
$time = date("F j, Y, g:i a");
$ip = $_SERVER['REMOTE_ADDR'];
$message = basename($_SERVER['SCRIPT_FILENAME']) . " [{$ip}] ({$time}) : " . $message;
$msg = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $message)));
DbManager::i()->insert("sf_logs", array("message", "mode"), array($msg, $mode));
}
function renewPassword($c)
{
$plain = Crypto::generateRandomPassword(15);
$info = DbManager::i()->select("sf_members", array("key", "iv"), array("userid" => intval($c)));
if ($info !== false && !is_array($info)) {
$key = base64_decode(base64_decode($info->key));
$iv = base64_decode(base64_decode($info->iv));
$password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $plain)));
if (DbManager::i()->update("sf_members", array("password" => $password), array("userid" => intval($c)))) {
unset($password);
unset($key);
unset($iv);
unset($info);
Logger::i()->writeLog("Password renewed for UserID: {$c}, password = {$plain}");
return Submission::createResult($plain, true);
}
}
Logger::i()->writeLog("Renew password failed, error = " . DbManager::i()->error, 'dev');
return Submission::createResult("Could not renew password");
}
if (Settings::i()->captcha_private) {
if (!isset($login['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$key = Crypto::GenerateKey($login['username']);
$find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key))));
if ($find !== false) {
if (!is_array($find)) {
$iv = base64_decode(base64_decode($find->iv));
$password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $login['password'])));
$find = DbManager::i()->select("sf_members", array("userid"), array("password" => $password));
if ($find !== false && !is_array($find)) {
echo Submission::createResult("login successful", true);
$_SESSION['login'] = 1;
$_SESSION['userid'] = $find->userid;
$find = DbManager::i()->select("sf_carts", array("cart"), array("userid" => $find->userid));
if ($find !== false && !is_array($find)) {
//cart already exists for user
if ($find->cart != "e30=" && strlen($find->cart) != 4) {
//not empty cart - overwrite with saved one from DB
$_SESSION['shopping-cart'] = $find->cart;
} else {
//empty cart, use session cart
if (isset($_SESSION['shopping-cart'])) {
DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => intval($_SESSION['userid'])));
} else {
if (isset($settings['btc']) && count((array) $settings['btc']) > 0) {
if ($field = Submission::checkFields(array("api_key", "api_pin"), (array) $settings['btc'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
if (isset($settings['cms_settings']) && count((array) $settings['cms_settings']) > 0) {
if ($field = Submission::checkFields(array("title"), (array) $settings['cms_settings'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
die(Submission::createResult("Invalid Settings"));
}
}
}
$settings = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $_POST['settings'])));
$find = DbManager::i()->select("sf_settings", array("settings"));
if ($find !== false && !is_array($find)) {
//settings already exists
$update = DbManager::i()->update("sf_settings", array("settings" => $settings));
if (!$update) {
Logger::i()->writeLog("Could not update settings, error = " . DbManager::i()->error, 'dev');
die;
}
} else {
$insert = DbManager::i()->insert("sf_settings", array("settings"), array($settings));
if (!$insert) {
Logger::i()->writeLog("Could not insert settings, error = " . DbManager::i()->error, 'dev');
die;
}
}
if (isset($_POST['pw'])) {
$pw = base64_decode($_POST['pw']);
$pw = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $pw)));
$update = DbManager::i()->update("sf_members", array("password" => $pw), array("userid" => $userid));
if ($update) {
Logger::i()->writeLog("User password updated, UserID = {$userid}");
echo Submission::createResult("Password updated successfully", true);
} else {
Logger::i()->writeLog("User password could not be updated, error = " . DbManager::i()->error);
echo Submission::createResult("Could not update password. Please try again later.");
}
unset($pw);
} else {
if (isset($_POST['email'])) {
$email = base64_decode($_POST['email']);
$email = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $email)));
$update = DbManager::i()->update("sf_members", array("email" => $email), array("userid" => $userid));
if ($update) {
Logger::i()->writeLog("User Email updated, UserID = {$userid}");
echo Submission::createResult("Email updated successfully", true);
} else {
Logger::i()->writeLog("User Email could not be updated, reason = " . DbManager::i()->error);
echo Submission::createResult("Could not update email. Please try again later.");
}
unset($email);
} else {
echo Submission::createResult("Invalid POST Parameter");
}
}
unset($userinfo);
} else {
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$u = $registration['username'];
$iv = Crypto::GenerateIV();
$key = Crypto::GenerateKey($u);
$username = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $u)));
$find = DbManager::i()->select("sf_members", array("userid"), array("key" => base64_encode(base64_encode($key))));
if ($find && count($find) > 0) {
die(Submission::createResult("Username is already taken"));
}
$pw = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['password'])));
$email = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['email'])));
$ip = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $_SERVER['REMOTE_ADDR'])));
$key = base64_encode(base64_encode($key));
$iv = base64_encode(base64_encode($iv));
$reg_date = date("Y-m-d");
$insert = DbManager::i()->insert("sf_members", array("username", "email", "password", "key", "iv", "register_date", "ip"), array($username, $email, $pw, $key, $iv, $reg_date, $ip));
if ($insert) {
Logger::i()->writeLog("Account created with username: {$u}");
die(Submission::createResult("Your account has been created successfully", true));
} else {
Logger::i()->writeLog("Could not register user, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not register account. Please try again later"));
}
} else {
die(Submission::createResult("Please fill in all information"));
}
