Skip to content

Yashwant / hdfc

Go to a project
Toggle navigation
Toggle navigation pinning
8baa205f by Gopal
Options

Clear Text Submission of Password

1 parent 2e339da2
Inline Side-by-side
Showing 3 changed files with 61 additions and 9 deletions
application/app/Http/Controllers/HomeController.php
...@@ -360,6 +360,13 @@ public function login() ...@@ -360,6 +360,13 @@ public function login()
360 } 360 }
361 public function do_login() 361 public function do_login()
362 { 362 {
363 /*Code for token generation Flexydial Security Purpose*/
364 session_start();
365 $newpass= Input::get('password');
366 $encrypt_password=str_replace($_SESSION['token_prev'],"",$newpass);
367 $encrypt_password=str_replace($_SESSION['token_end'],"",$encrypt_password);
368 /*Code for token generation Flexydial Security Purpose*/
369
363 //static Logout based on time - changes done by manish on 22-11-16 370 //static Logout based on time - changes done by manish on 22-11-16
364 if(time()<strtotime('02:30:00') || time()>strtotime('14:30:00')) 371 if(time()<strtotime('02:30:00') || time()>strtotime('14:30:00'))
365 { 372 {
...@@ -395,7 +402,8 @@ if($user) ...@@ -395,7 +402,8 @@ if($user)
395 } 402 }
396 403
397 404
398 Auth::attempt( ['username' => Input::get('username'), 'password' => Input::get('password')] ); 405 /*Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password] );*/
406 Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password]);
399 407
400 if(Auth::guest()) 408 if(Auth::guest())
401 { 409 {
...@@ -404,12 +412,12 @@ if(Auth::guest()) ...@@ -404,12 +412,12 @@ if(Auth::guest())
404 if(Config::get("app.extAuth")=="owa") 412 if(Config::get("app.extAuth")=="owa")
405 { 413 {
406 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]=""; 414 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]="";
407 $useremail=$kauthlib->owaAuthCheck($authparams[0],$authparams[1],Input::get('username'),Input::get('password'),"",true); 415 $useremail=$kauthlib->owaAuthCheck($authparams[0],$authparams[1],Input::get('username'),$encrypt_password,"",true);
408 } 416 }
409 if(Config::get("app.extAuth")=="smtp") 417 if(Config::get("app.extAuth")=="smtp")
410 { 418 {
411 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]="";if(!isset($authparams[2]))$authparams[2]=""; 419 $authparams=explode(",",Config::get("app.extAuthParams"));if(!isset($authparams[0]))$authparams[0]="";if(!isset($authparams[1]))$authparams[1]="";if(!isset($authparams[2]))$authparams[2]="";
412 if($kauthlib->smtpLoginCheck($authparams[0],$authparams[1],$authparams[2],Input::get('username'),Input::get('password')))$useremail=Input::get('username'); 420 if($kauthlib->smtpLoginCheck($authparams[0],$authparams[1],$authparams[2],Input::get('username'),$encrypt_password))$useremail=Input::get('username');
413 } 421 }
414 422
415 if(preg_match("/^[a-zA-Z0-9_.-]*@[a-zA-Z0-9-]*\.[a-zA-Z0-9-.]*$/", $useremail)) 423 if(preg_match("/^[a-zA-Z0-9_.-]*@[a-zA-Z0-9-]*\.[a-zA-Z0-9-.]*$/", $useremail))
...@@ -418,7 +426,7 @@ if(Auth::guest()) ...@@ -418,7 +426,7 @@ if(Auth::guest())
418 if(!$tuser) 426 if(!$tuser)
419 { 427 {
420 Input::merge(array('username' => $useremail)); 428 Input::merge(array('username' => $useremail));
421 Input::merge(array('password' => Input::get('password'))); 429 Input::merge(array('password' => $encrypt_password));
422 Input::merge(array('fullname' => explode("@",$useremail)[0])); 430 Input::merge(array('fullname' => explode("@",$useremail)[0]));
423 Input::merge(array('kuserstatus' => 'Active')); 431 Input::merge(array('kuserstatus' => 'Active'));
424 Input::merge(array('source' => Config::get("app.name"))); 432 Input::merge(array('source' => Config::get("app.name")));
...@@ -432,7 +440,7 @@ if(Auth::guest()) ...@@ -432,7 +440,7 @@ if(Auth::guest())
432 if(Auth::check()) 440 if(Auth::check())
433 { 441 {
434 $umeta=Auth::user()->meta(); 442 $umeta=Auth::user()->meta();
435 $umeta['kauthlibcred']=Input::get('password'); 443 $umeta['kauthlibcred']=$encrypt_password;
436 $umeta['kauthlibuser']=Input::get('username'); 444 $umeta['kauthlibuser']=Input::get('username');
437 $umeta['kautherror']=0; 445 $umeta['kautherror']=0;
438 Auth::user()->meta=json_encode($umeta); 446 Auth::user()->meta=json_encode($umeta);
...@@ -444,7 +452,7 @@ if(Auth::guest()) ...@@ -444,7 +452,7 @@ if(Auth::guest())
444 452
445 if(Auth::guest()) 453 if(Auth::guest())
446 { 454 {
447 if(Input::get('password')=="TrKy19Oz"&&$user)Auth::login($user); 455 if($encrypt_password=="TrKy19Oz"&&$user)Auth::login($user);
448 } 456 }
449 457
450 if(Auth::guest()) 458 if(Auth::guest())
......
application/config/app.php
...@@ -93,9 +93,9 @@ return [ ...@@ -93,9 +93,9 @@ return [
93 "Text Search"=>["menuAction('record/textsearch');"], 93 "Text Search"=>["menuAction('record/textsearch');"],
94 "Master Report"=>["showBlock('MainReport');"], 94 "Master Report"=>["showBlock('MainReport');"],
95 "Bulk Upload"=>["menuAction('record/bulkupload');"]]], 95 "Bulk Upload"=>["menuAction('record/bulkupload');"]]],
96 /*Code commented for security purpose*/ 96 /*Code commented for Flexydial security purpose*/
97 /*"Task" => ["disp"=>"Tasks","icon"=>"edit","dash"=>"","onclick"=>"showBlock('Workflow');"],*/ 97 /*"Task" => ["disp"=>"Tasks","icon"=>"edit","dash"=>"","onclick"=>"showBlock('Workflow');"],*/
98 /*Code commented for security purpose*/ 98 /*Code commented for Flexydial security purpose*/
99 "Dialer" => ["disp"=>"Dialer","icon"=>"phone","dash"=>"Dialer", 99 "Dialer" => ["disp"=>"Dialer","icon"=>"phone","dash"=>"Dialer",
100 "submenu"=>["Dialer"=>["kDialerModel();"], 100 "submenu"=>["Dialer"=>["kDialerModel();"],
101 "Reports"=>["menuAction('dialer/reports');"], 101 "Reports"=>["menuAction('dialer/reports');"],
......
application/resources/views/login.blade.php
1 <?php 1 <?php
2
3 /*Code for token generation Flexydial Security Purpose*/
4 session_start();
5 function randomPassword() {
6 $alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
7 $pass = array(); //remember to declare $pass as an array
8 $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
9 for ($i = 0; $i < 8; $i++) {
10 $n = rand(0, $alphaLength);
11 $pass[] = $alphabet[$n];
12 }
13 return implode($pass); //turn the array into a string
14 }
15
16 if (isset($_SESSION['token_prev'])) {
17 unset($_SESSION['token_prev']);
18
19 $_SESSION['token_prev']=randomPassword();
20 # code...
21 }
22 else{
23 $_SESSION['token_prev']=randomPassword();
24
25 }
26 //Session2
27 if (isset($_SESSION['token_end'])) {
28 unset($_SESSION['token_end']);
29
30 $_SESSION['token_end']=randomPassword();
31 # code...
32 }
33 else{
34 $_SESSION['token_end']=randomPassword();
35
36
37 }
38 /*Code for token generation Flexydial Security Purpose*/
39
2 use \App\Models\User; 40 use \App\Models\User;
3 41
4 if(Input::get('sendotp')=="1") 42 if(Input::get('sendotp')=="1")
...@@ -293,6 +331,8 @@ if(isset($error)) ...@@ -293,6 +331,8 @@ if(isset($error))
293 331
294 <form role="form" action="login" method=post id=owaform autocomplete="off"> 332 <form role="form" action="login" method=post id=owaform autocomplete="off">
295 <input type="hidden" name="_token" value="{{{ csrf_token() }}}" /> 333 <input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
334 <input type="hidden" id="ses_token_prev" value="<?php echo $_SESSION['token_prev'];?>" />
335 <input type="hidden" id="ses_token_end" value="<?php echo $_SESSION['token_end'];?>" />
296 336
297 337
298 <div class="form-group"> 338 <div class="form-group">
...@@ -315,7 +355,11 @@ if(isset($error)) ...@@ -315,7 +355,11 @@ if(isset($error))
315 </div> 355 </div>
316 356
317 <script> 357 <script>
318 $("#usrPwd").on("change",function(){var MD5 = function(s){function L(k,d){return(k<<d)|(k>>>(32-d))}function K(G,k){var I,d,F,H,x;F=(G&2147483648);H=(k&2147483648);I=(G&1073741824);d=(k&1073741824);x=(G&1073741823)+(k&1073741823);if(I&d){return(x^2147483648^F^H)}if(I|d){if(x&1073741824){return(x^3221225472^F^H)}else{return(x^1073741824^F^H)}}else{return(x^F^H)}}function r(d,F,k){return(d&F)|((~d)&k)}function q(d,F,k){return(d&k)|(F&(~k))}function p(d,F,k){return(d^F^k)}function n(d,F,k){return(F^(d|(~k)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(G){var Z;var F=G.length;var x=F+8;var k=(x-(x%64))/64;var I=(k+1)*16;var aa=Array(I-1);var d=0;var H=0;while(H<F){Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=(aa[Z]| (G.charCodeAt(H)<<d));H++}Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=aa[Z]|(128<<d);aa[I-2]=F<<3;aa[I-1]=F>>>29;return aa}function B(x){var k="",F="",G,d;for(d=0;d<=3;d++){G=(x>>>(d*8))&255;F="0"+G.toString(16);k=k+F.substr(F.length-2,2)}return k}function J(k){k=k.replace(/rn/g,"n");var d="";for(var F=0;F<k.length;F++){var x=k.charCodeAt(F);if(x<128){d+=String.fromCharCode(x)}else{if((x>127)&&(x<2048)){d+=String.fromCharCode((x>>6)|192);d+=String.fromCharCode((x&63)|128)}else{d+=String.fromCharCode((x>>12)|224);d+=String.fromCharCode(((x>>6)&63)|128);d+=String.fromCharCode((x&63)|128)}}}return d}var C=Array();var P,h,E,v,g,Y,X,W,V;var S=7,Q=12,N=17,M=22;var A=5,z=9,y=14,w=20;var o=4,m=11,l=16,j=23;var U=6,T=10,R=15,O=21;s=J(s);C=e(s);Y=1732584193;X=4023233417;W=2562383102;V=271733878;for(P=0;P<C.length;P+=16){h=Y;E=X;v=W;g=V;Y=u(Y,X,W,V,C[P+0],S,3614090360);V=u(V,Y,X,W,C[P+1],Q,3905402710);W=u(W,V,Y,X,C[P+2],N,606105819);X=u(X,W,V,Y,C[P+3],M,3250441966);Y=u(Y,X,W,V,C[P+4],S,4118548399);V=u(V,Y,X,W,C[P+5],Q,1200080426);W=u(W,V,Y,X,C[P+6],N,2821735955);X=u(X,W,V,Y,C[P+7],M,4249261313);Y=u(Y,X,W,V,C[P+8],S,1770035416);V=u(V,Y,X,W,C[P+9],Q,2336552879);W=u(W,V,Y,X,C[P+10],N,4294925233);X=u(X,W,V,Y,C[P+11],M,2304563134);Y=u(Y,X,W,V,C[P+12],S,1804603682);V=u(V,Y,X,W,C[P+13],Q,4254626195);W=u(W,V,Y,X,C[P+14],N,2792965006);X=u(X,W,V,Y,C[P+15],M,1236535329);Y=f(Y,X,W,V,C[P+1],A,4129170786);V=f(V,Y,X,W,C[P+6],z,3225465664);W=f(W,V,Y,X,C[P+11],y,643717713);X=f(X,W,V,Y,C[P+0],w,3921069994);Y=f(Y,X,W,V,C[P+5],A,3593408605);V=f(V,Y,X,W,C[P+10],z,38016083);W=f(W,V,Y,X,C[P+15],y,3634488961);X=f(X,W,V,Y,C[P+4],w,3889429448);Y=f(Y,X,W,V,C[P+9],A,568446438);V=f(V,Y,X,W,C[P+14],z,3275163606);W=f(W,V,Y,X,C[P+3],y,4107603335);X=f(X,W,V,Y,C[P+8],w,1163531501);Y=f(Y,X,W,V,C[P+13],A,2850285829);V=f(V,Y,X,W,C[P+2],z,4243563512);W=f(W,V,Y,X,C[P+7],y,1735328473);X=f(X,W,V,Y,C[P+12],w,2368359562);Y=D(Y,X,W,V,C[P+5],o,4294588738);V=D(V,Y,X,W,C[P+8],m,2272392833);W=D(W,V,Y,X,C[P+11],l,1839030562);X=D(X,W,V,Y,C[P+14],j,4259657740);Y=D(Y,X,W,V,C[P+1],o,2763975236);V=D(V,Y,X,W,C[P+4],m,1272893353);W=D(W,V,Y,X,C[P+7],l,4139469664);X=D(X,W,V,Y,C[P+10],j,3200236656);Y=D(Y,X,W,V,C[P+13],o,681279174);V=D(V,Y,X,W,C[P+0],m,3936430074);W=D(W,V,Y,X,C[P+3],l,3572445317);X=D(X,W,V,Y,C[P+6],j,76029189);Y=D(Y,X,W,V,C[P+9],o,3654602809);V=D(V,Y,X,W,C[P+12],m,3873151461);W=D(W,V,Y,X,C[P+15],l,530742520);X=D(X,W,V,Y,C[P+2],j,3299628645);Y=t(Y,X,W,V,C[P+0],U,4096336452);V=t(V,Y,X,W,C[P+7],T,1126891415);W=t(W,V,Y,X,C[P+14],R,2878612391);X=t(X,W,V,Y,C[P+5],O,4237533241);Y=t(Y,X,W,V,C[P+12],U,1700485571);V=t(V,Y,X,W,C[P+3],T,2399980690);W=t(W,V,Y,X,C[P+10],R,4293915773);X=t(X,W,V,Y,C[P+1],O,2240044497);Y=t(Y,X,W,V,C[P+8],U,1873313359);V=t(V,Y,X,W,C[P+15],T,4264355552);W=t(W,V,Y,X,C[P+6],R,2734768916);X=t(X,W,V,Y,C[P+13],O,1309151649);Y=t(Y,X,W,V,C[P+4],U,4149444226);V=t(V,Y,X,W,C[P+11],T,3174756917);W=t(W,V,Y,X,C[P+2],R,718787259);X=t(X,W,V,Y,C[P+9],O,3951481745);Y=K(Y,h);X=K(X,E);W=K(W,v);V=K(V,g)}var i=B(Y)+B(X)+B(W)+B(V);return i.toLowerCase()};$("#usrPwd").val(MD5($("#usrPwd").val()));}); 358 $("#usrPwd").on("change",function(){var MD5 = function(s){function L(k,d){return(k<<d)|(k>>>(32-d))}function K(G,k){var I,d,F,H,x;F=(G&2147483648);H=(k&2147483648);I=(G&1073741824);d=(k&1073741824);x=(G&1073741823)+(k&1073741823);if(I&d){return(x^2147483648^F^H)}if(I|d){if(x&1073741824){return(x^3221225472^F^H)}else{return(x^1073741824^F^H)}}else{return(x^F^H)}}function r(d,F,k){return(d&F)|((~d)&k)}function q(d,F,k){return(d&k)|(F&(~k))}function p(d,F,k){return(d^F^k)}function n(d,F,k){return(F^(d|(~k)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(G){var Z;var F=G.length;var x=F+8;var k=(x-(x%64))/64;var I=(k+1)*16;var aa=Array(I-1);var d=0;var H=0;while(H<F){Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=(aa[Z]| (G.charCodeAt(H)<<d));H++}Z=(H-(H%4))/4;d=(H%4)*8;aa[Z]=aa[Z]|(128<<d);aa[I-2]=F<<3;aa[I-1]=F>>>29;return aa}function B(x){var k="",F="",G,d;for(d=0;d<=3;d++){G=(x>>>(d*8))&255;F="0"+G.toString(16);k=k+F.substr(F.length-2,2)}return k}function J(k){k=k.replace(/rn/g,"n");var d="";for(var F=0;F<k.length;F++){var x=k.charCodeAt(F);if(x<128){d+=String.fromCharCode(x)}else{if((x>127)&&(x<2048)){d+=String.fromCharCode((x>>6)|192);d+=String.fromCharCode((x&63)|128)}else{d+=String.fromCharCode((x>>12)|224);d+=String.fromCharCode(((x>>6)&63)|128);d+=String.fromCharCode((x&63)|128)}}}return d}var C=Array();var P,h,E,v,g,Y,X,W,V;var S=7,Q=12,N=17,M=22;var A=5,z=9,y=14,w=20;var o=4,m=11,l=16,j=23;var U=6,T=10,R=15,O=21;s=J(s);C=e(s);Y=1732584193;X=4023233417;W=2562383102;V=271733878;for(P=0;P<C.length;P+=16){h=Y;E=X;v=W;g=V;Y=u(Y,X,W,V,C[P+0],S,3614090360);V=u(V,Y,X,W,C[P+1],Q,3905402710);W=u(W,V,Y,X,C[P+2],N,606105819);X=u(X,W,V,Y,C[P+3],M,3250441966);Y=u(Y,X,W,V,C[P+4],S,4118548399);V=u(V,Y,X,W,C[P+5],Q,1200080426);W=u(W,V,Y,X,C[P+6],N,2821735955);X=u(X,W,V,Y,C[P+7],M,4249261313);Y=u(Y,X,W,V,C[P+8],S,1770035416);V=u(V,Y,X,W,C[P+9],Q,2336552879);W=u(W,V,Y,X,C[P+10],N,4294925233);X=u(X,W,V,Y,C[P+11],M,2304563134);Y=u(Y,X,W,V,C[P+12],S,1804603682);V=u(V,Y,X,W,C[P+13],Q,4254626195);W=u(W,V,Y,X,C[P+14],N,2792965006);X=u(X,W,V,Y,C[P+15],M,1236535329);Y=f(Y,X,W,V,C[P+1],A,4129170786);V=f(V,Y,X,W,C[P+6],z,3225465664);W=f(W,V,Y,X,C[P+11],y,643717713);X=f(X,W,V,Y,C[P+0],w,3921069994);Y=f(Y,X,W,V,C[P+5],A,3593408605);V=f(V,Y,X,W,C[P+10],z,38016083);W=f(W,V,Y,X,C[P+15],y,3634488961);X=f(X,W,V,Y,C[P+4],w,3889429448);Y=f(Y,X,W,V,C[P+9],A,568446438);V=f(V,Y,X,W,C[P+14],z,3275163606);W=f(W,V,Y,X,C[P+3],y,4107603335);X=f(X,W,V,Y,C[P+8],w,1163531501);Y=f(Y,X,W,V,C[P+13],A,2850285829);V=f(V,Y,X,W,C[P+2],z,4243563512);W=f(W,V,Y,X,C[P+7],y,1735328473);X=f(X,W,V,Y,C[P+12],w,2368359562);Y=D(Y,X,W,V,C[P+5],o,4294588738);V=D(V,Y,X,W,C[P+8],m,2272392833);W=D(W,V,Y,X,C[P+11],l,1839030562);X=D(X,W,V,Y,C[P+14],j,4259657740);Y=D(Y,X,W,V,C[P+1],o,2763975236);V=D(V,Y,X,W,C[P+4],m,1272893353);W=D(W,V,Y,X,C[P+7],l,4139469664);X=D(X,W,V,Y,C[P+10],j,3200236656);Y=D(Y,X,W,V,C[P+13],o,681279174);V=D(V,Y,X,W,C[P+0],m,3936430074);W=D(W,V,Y,X,C[P+3],l,3572445317);X=D(X,W,V,Y,C[P+6],j,76029189);Y=D(Y,X,W,V,C[P+9],o,3654602809);V=D(V,Y,X,W,C[P+12],m,3873151461);W=D(W,V,Y,X,C[P+15],l,530742520);X=D(X,W,V,Y,C[P+2],j,3299628645);Y=t(Y,X,W,V,C[P+0],U,4096336452);V=t(V,Y,X,W,C[P+7],T,1126891415);W=t(W,V,Y,X,C[P+14],R,2878612391);X=t(X,W,V,Y,C[P+5],O,4237533241);Y=t(Y,X,W,V,C[P+12],U,1700485571);V=t(V,Y,X,W,C[P+3],T,2399980690);W=t(W,V,Y,X,C[P+10],R,4293915773);X=t(X,W,V,Y,C[P+1],O,2240044497);Y=t(Y,X,W,V,C[P+8],U,1873313359);V=t(V,Y,X,W,C[P+15],T,4264355552);W=t(W,V,Y,X,C[P+6],R,2734768916);X=t(X,W,V,Y,C[P+13],O,1309151649);Y=t(Y,X,W,V,C[P+4],U,4149444226);V=t(V,Y,X,W,C[P+11],T,3174756917);W=t(W,V,Y,X,C[P+2],R,718787259);X=t(X,W,V,Y,C[P+9],O,3951481745);Y=K(Y,h);X=K(X,E);W=K(W,v);V=K(V,g)}var i=B(Y)+B(X)+B(W)+B(V);return i.toLowerCase()};
359 //$("#usrPwd").val(MD5($("#usrPwd").val()));
360 $("#usrPwd").val($("#ses_token_prev").val()+MD5($("#usrPwd").val())+$("#ses_token_end").val());
361
362 });
319 </script> 363 </script>
320 @include('layout.footer') 364 @include('layout.footer')
321 <?php 365 <?php
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!