public function add() { //assume there's no problem with authentication $noauth = false; //perform the authentication check and redirect on success Session::delete('default'); $response = file_get_contents("http://ipinfo.io/{$_SERVER['REMOTE_ADDR']}"); $IPResponse = json_decode($response); if ($IPResponse->tor) { // Display error message or something $user = ""; Session::delete('default'); return false; } $user = Users::find("first", array("conditions" => array("username" => $this->request->data['username']))); $default = array('username' => $user['username'], '_id' => $user['_id'], 'firstname' => $user['firstname'], 'lastname' => $user['lastname'], 'email' => $user['email'], 'walletid' => $user['walletid']); if (password_verify($this->request->data['password'], $user['password'])) { //Redirect on successful login $loginpassword = $this->request->data['loginpassword']; Session::write('default', $default); $details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id']))); if ($details['active'] == "No") { Session::delete('default'); return $this->redirect('/'); exit; } if ($details["EmailPasswordSecurity"] === "true" || $details["EmailPasswordSecurity"] === null) { if ($details['oneCode'] === $this->request->data['loginpassword']) { $data = array('oneCodeused' => 'Yes', 'lastconnected' => array('IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate())); $details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id'])))->save($data); $details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id']))); if ($details["TOTP.Validate"] == 1 && $details["TOTP.Login"] == true) { $totp = $this->request->data['totp']; $ga = new GoogleAuthenticator(); if ($totp == "") { Session::delete('default'); } else { $checkResult = $ga->verifyCode($details['secret'], $totp, 2); if ($checkResult == 1) { Session::write('default', $default); $user = Session::read('default'); ///////////////////////////////////////////////////////////////////////////////// $function = new Functions(); $IP = $function->get_ip_address(); $data = array('username' => $user['username'], 'IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate()); Logins::create()->save($data); ///////////////////////////////////////////////////////////////////////////////// $user = Session::read('default'); return $this->redirect('ex::dashboard'); exit; } else { Session::delete('default'); } } } else { Session::write('default', $default); $user = Session::read('default'); ///////////////////////////////////////////////////////////////////////////////// $function = new Functions(); $IP = $function->get_ip_address(); $data = array('username' => $user['username'], 'IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate()); Logins::create()->save($data); ///////////////////////////////////////////////////////////////////////////////// $user = Session::read('default'); return $this->redirect('ex::dashboard'); exit; } } else { Session::delete('default'); } } else { $data = array('oneCodeused' => 'Yes', 'lastconnected' => array('IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate())); $details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id'])))->save($data); $details = Details::find('first', array('conditions' => array('username' => $default['username'], 'user_id' => (string) $default['_id']))); Session::write('default', $default); $user = Session::read('default'); ///////////////////////////////////////////////////////////////////////////////// $function = new Functions(); $IP = $function->get_ip_address(); $data = array('username' => $user['username'], 'IP' => $IPResponse->ip, 'ISO' => $IPResponse->country, 'hostname' => $IPResponse->hostname, 'city' => $IPResponse->city, 'region' => $IPResponse->region, 'loc' => $IPResponse->loc, 'org' => $IPResponse->org, 'postal' => $IPResponse->postal, 'DateTime' => new \MongoDate()); Logins::create()->save($data); ///////////////////////////////////////////////////////////////////////////////// $user = Session::read('default'); return $this->redirect('ex::dashboard'); } } //if theres still post data, and we weren't redirected above, then login failed if ($this->request->data) { //Login failed, trigger the error message if (isset($this->request->query['check']) && $this->request->query['check'] == SECURITY_CHECK) { $check = $this->request->query['check']; } $noauth = true; } //Return noauth status $page = Pages::find('first', array('conditions' => array('pagename' => 'login'))); $title = $page['title']; $keywords = $page['keywords']; $description = $page['description']; return compact('noauth', 'title', 'keywords', 'description'); return $this->redirect('/'); exit; // Handle failed authentication attempts }
public function CheckTOTP() { $user = Session::read('default'); if ($user == "") { return $this->redirect('wallet::login'); } $wallet = Users::find("first", array("conditions" => array("walletid" => $user['walletid']))); $details = Details::find('first', array('conditions' => array('walletid' => $user['walletid']))); $CheckCode = $this->request->query['CheckCode']; $ga = new GoogleAuthenticator(); $checkResult = $ga->verifyCode($details['secret'], $CheckCode, 2); if ($checkResult) { $data = array('withdraw.security.totp' => true); $conditions = array("walletid" => $user['walletid']); $save = Details::update($data, $conditions); return $this->render(array('json' => array('success' => 1))); } else { $data = array('withdraw.security.totp' => false); $conditions = array("walletid" => $user['walletid']); $save = Details::update($data, $conditions); return $this->render(array('json' => array('success' => 0))); } }
public function payment() { $title = "Payment"; if ($this->request->data) { $verify = $this->request->data['verify']; $username = $this->request->data['username']; $password = $this->request->data['password']; $admin = $this->request->data['admin']; $totp = $this->request->data['totp']; $currency = $this->request->data['currency']; if ($password == "") { return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify)); } if ($admin == "") { return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify)); } $useradmin = Users::find('first', array('conditions' => array('username' => $admin, 'password' => String::hash($password)))); $pos = strrpos($useradmin['email'], 'siicrypto.com'); if ($pos === false) { // note: three equal signs return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify)); } $detailadmin = Details::find('first', array('conditions' => array('username' => $admin))); $ga = new GoogleAuthenticator(); if ($totp == "") { return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify)); } else { $checkResult = $ga->verifyCode($detailadmin['secret'], $totp, 2); if ($checkResult != 1) { return $this->redirect(array('controller' => 'users', 'action' => 'paymentadminconfirm/' . $currency . '/' . $verify)); } } $transaction = Transactions::find('first', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Currency' => $currency, 'Paid' => 'No'))); $user = Users::find('first', array('conditions' => array('username' => $username))); $id = $user['_id']; $email = $user['email']; if ($id == "") { return $this->redirect('/login'); } $details = Details::find('first', array('conditions' => array('user_id' => (string) $id))); $amount = abs($transaction['Amount']); if ($details['balance.' . $currency] <= $amount) { $txmessage = "Not Sent! Amount does not match!"; return compact('txmessage'); } ///////////////////Special for bitcoin as it uses blockchain! if ($currency == 'BTC') { $guid = BITCOIN_GUID; $firstpassword = BITCOIN_FIRST; $secondpassword = BITCOIN_SECOND; $amount = abs($transaction['Amount']); if ($details['balance.BTC'] <= $amount) { return false; } $fee = $transaction['txFee']; $address = $transaction['address']; $satoshi = (double) $amount * 100000000; $fee_satoshi = (double) $fee * 100000000; $json_url = "http://blockchain.info/merchant/{$guid}/payment?password={$firstpassword}&second_password={$secondpassword}&to={$address}&amount={$satoshi}&fee={$fee_satoshi}"; $json_data = file_get_contents($json_url); $json_feed = json_decode($json_data); $txmessage = $json_feed->message; $txid = $json_feed->tx_hash; if ($txid != null) { $data = array('DateTime' => new \MongoDate(), 'TransactionHash' => $txid, 'Paid' => 'Yes', 'Transfer' => $txmessage, 'Admin' => $admin); $transaction = Transactions::find('first', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Paid' => 'No')))->save($data); } } else { // print_r($currency); // print_r($address); // print_r($comment); $amount = abs($transaction['Amount']); if ($details['balance.' . $currency] <= $amount) { return false; } $fee = abs($transaction['txFee']); $address = $transaction['address']; $satoshi = (double) $amount * 100000000; $fee_satoshi = (double) $fee * 100000000; ///////////////////// Change of code required when Virtual Currency added switch ($currency) { case "LTC": $coin = new Litecoin('http://' . LITECOIN_WALLET_SERVER . ':' . LITECOIN_WALLET_PORT, LITECOIN_WALLET_USERNAME, LITECOIN_WALLET_PASSWORD); break; case "XGC": $coin = new Greencoin('http://' . GREENCOIN_WALLET_SERVER . ':' . GREENCOIN_WALLET_PORT, GREENCOIN_WALLET_USERNAME, GREENCOIN_WALLET_PASSWORD); break; } } // End for /////////////////// Change of code required when Virtual Currency added $comment = "User: "******"; Address: " . $address . "; Amount:" . $amount . ";"; if ($currency == 'LTC' || $currency == 'XGC') { if ((double) $details['balance.' . $currency] >= (double) $amount) { $settxfee = $coin->settxfee($fee); $txid = $coin->sendfrom('NilamDoctor', $address, (double) $amount, (int) 1, $comment); } } if ($txid != null) { $data = array('DateTime' => new \MongoDate(), 'TransactionHash' => $txid, 'Added' => false, 'Paid' => 'Yes', 'Transfer' => $comment, 'Admin' => $admin); $transaction = Transactions::find('all', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Currency' => $currency, 'Paid' => 'No')))->save($data); $transaction = Transactions::find('first', array('conditions' => array('verify.payment' => $verify, 'username' => $username, 'Currency' => $currency, 'Paid' => 'Yes'))); $balance = (double) $details['balance.' . $currency] - (double) $amount; $balance = (double) $balance + (double) $fee; $dataDetails = array('balance.' . $currency => (double) $balance); $details = Details::find('all', array('conditions' => array('user_id' => (string) $id)))->save($dataDetails); $view = new View(array('loader' => 'File', 'renderer' => 'File', 'paths' => array('template' => '{:library}/views/{:controller}/{:template}.{:type}.php'))); $body = $view->render('template', compact('transaction', 'details', 'txid', 'currency'), array('controller' => 'users', 'template' => 'withdrawSent', 'type' => 'mail', 'layout' => false)); $transport = Swift_MailTransport::newInstance(); $mailer = Swift_Mailer::newInstance($transport); $message = Swift_Message::newInstance(); $message->setSubject($currency . " sent from " . COMPANY_URL); $message->setFrom(array(NOREPLY => $currency . ' sent from ' . COMPANY_URL)); $message->setTo($email); $message->addBcc(MAIL_1); $message->addBcc(MAIL_2); $message->addBcc(MAIL_3); $message->setBody($body, 'text/html'); $txmessage = number_format($amount, 8) . $currency . " transfered to " . $address; $mailer->send($message); } $transactions = Transactions::find('first', array('conditions' => array('username' => $user['username'], 'Added' => false, 'Currency' => $currency, 'Paid' => 'No'))); return compact('txmessage', 'txid', 'json_url', 'json_feed', 'title', 'currency', 'transactions'); } }
public function CheckTOTP() { $user = Session::read('default'); if ($user == "") { return $this->render(array('json' => false)); } $id = $user['_id']; $details = Details::find('first', array('conditions' => array('user_id' => (string) $id))); $CheckCode = $this->request->query['CheckCode']; $ga = new GoogleAuthenticator(); $checkResult = $ga->verifyCode($details['secret'], $CheckCode, 2); if ($checkResult) { $data = array('TOTP.Validate' => false, 'TOTP.Security' => false); $details = Details::find('first', array('conditions' => array('user_id' => (string) $id)))->save($data); return $this->render(array('json' => true)); } else { return $this->render(array('json' => false)); } }