· 8 years ago · Jun 16, 2017, 06:12 PM
1<?php
2defined('BASEPATH') OR exit('No direct script access allowed');
3
4class Init extends CI_Controller {
5
6 public function __construct(){
7 parent::__construct();
8 // Your own constructor code
9 $this->load->helper('url');
10 }
11
12 /**
13 * Index Page for this controller.
14 *
15 * Maps to the following URL
16 * http://example.com/index.php/welcome
17 * - or -
18 * http://example.com/index.php/welcome/index
19 * - or -
20 * Since this controller is set as the default controller in
21 * config/routes.php, it's displayed at http://example.com/
22 *
23 * So any other public methods not prefixed with an underscore will
24 * map to /index.php/welcome/<method_name>
25 * @see https://codeigniter.com/user_guide/general/urls.html
26 */
27 public function index()
28 {
29 $this->load->view('form');
30 //echo 'ea';
31 }
32
33 public function getValidation(){
34
35 if( isset($_POST['ps']) && isset($_POST['name']) ):
36 /*echo '<pre>';
37 print_r( $_POST );
38 echo '</pre>';*/
39
40
41
42
43
44
45
46 $rand = rand(1,5);
47 if( $rand == 1 ):
48 $encrypt_data = $this->encrypt_decrypt( 'encrypt', $this->get_falseString().$this->get_falseString().'*_'.$_POST['name'].'*_'.$_POST['ps'] );
49 elseif( $rand == 2 ):
50 $encrypt_data = $this->encrypt_decrypt( 'encrypt', $this->get_falseString().'*_'.$_POST['name'].'*_'.$_POST['ps'].'*_'.$this->get_falseString() );
51 elseif( $rand == 3 ):
52 $encrypt_data = $this->encrypt_decrypt( 'encrypt', $this->get_falseString().'*_'.$_POST['name'].'*_'.$_POST['ps'].'*_'.$this->get_falseString().$this->get_falseString() );
53 elseif( $rand == 4 ):
54 $encrypt_data = $this->encrypt_decrypt( 'encrypt', $this->get_falseString().$this->get_falseString().'*_'.$_POST['name'].'*_'.$_POST['ps'].'*_'.$this->get_falseString().$this->get_falseString().$this->get_falseString() );
55 else:
56 $encrypt_data = $this->encrypt_decrypt( 'encrypt', $this->get_falseString().'*_'.$_POST['name'].'*_'.$_POST['ps'].'*_'.$this->get_falseString().$this->get_falseString().$this->get_falseString().$this->get_falseString() );
57 endif;
58
59 echo '<pre>';
60 print_r( $encrypt_data );
61 echo '</pre>';
62 echo '<pre>';
63 print_r( strlen($encrypt_data) );
64 echo '</pre>';
65
66 $hash_fake = md5('The quick brown fox jumped over the lazy dog - '.$this->get_falseString());
67 $data_hash = str_split($hash_fake);
68
69 // Reviso el largo del fid encriptado en base 64
70 $length_fid = strlen($encrypt_data);
71 array_splice($data_hash, 3, 0, $length_fid.'_');
72
73 // Agrega el encrypt en posición 18
74 array_splice($data_hash, 18, 0, $encrypt_data);
75
76 echo '<pre>';
77 //print_r( $encrypt_data );
78 print_r( implode($data_hash) );
79 echo '</pre>';
80
81
82 echo '<pre>';
83 print_r( $this->checkData( implode($data_hash) ) );
84 echo '</pre>';
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106 //$hashed_pass = password_hash($_POST['ps'], PASSWORD_BCRYPT);
107 $hashed_pass = $_POST['ps'];
108
109
110
111 $data = file_get_contents('http://joomla.dev/eoeo.php?token=a&user='.$_POST['name'].'&pass='.$hashed_pass );
112 echo '<pre>';
113 print_r( json_decode($data) );
114 echo '</pre>';
115
116 else:
117 echo 'Error en el login.';
118 endif;
119
120 }
121
122 private function checkData( $hashed_values ){
123 $first_part = explode('_', $hashed_values);
124
125
126
127 $length_encrypted = substr($first_part[0], 3);
128 if( is_numeric($length_encrypted) ):
129 $value_encrypted = substr($hashed_values, (18+strlen($length_encrypted)), $length_encrypted);
130
131
132 if( mb_check_encoding($this->is_base64($value_encrypted)) ):
133
134 $value_original = $this->encrypt_decrypt('decrypt', $value_encrypted);
135 return $value_original;
136
137
138 else:
139 echo '****noooooo_b';
140 endif;
141
142
143 else:
144 echo '****noooooo_a';
145 endif;
146 }
147
148
149 private function get_falseString(){
150 $active_timestamp = $fecha = new DateTime();
151
152
153 $aux_rand = rand(1, 100);
154 $aux_rand_10 = rand(1, 10);
155 if( $aux_rand%2 == 0 ):
156 $number = $active_timestamp->getTimestamp().$this->generateRandomString($aux_rand_10);
157 elseif( $aux_rand%3 == 0 ):
158 $number = rand(1, 99999999).$this->generateRandomString($aux_rand_10);
159 elseif( $aux_rand%7 == 0 ):
160 $number = 5;
161 else:
162 $number = rand(100, 999).$this->generateRandomString($aux_rand_10);
163 endif;
164
165 return $number;
166 }
167
168 private function is_base64($s) {
169 return base64_decode($s);
170 }
171
172 private function encrypt_decrypt($action, $string) {
173 $output = false;
174
175 $encrypt_method = "AES-256-CBC";
176 $secret_key = 'sesecret_kkkkey';
177 $secret_iv = 'uuuu_iv_secret';
178
179 // hash
180 $key = hash('sha256', $secret_key);
181
182 // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning
183 $iv = substr(hash('sha256', $secret_iv), 0, 16);
184
185
186 if( $action == 'encrypt' ) {
187 $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv);
188 $output = base64_encode($output);
189 } else if( $action == 'decrypt' ){
190 $base_64 = base64_decode($string);
191 $output = openssl_decrypt($base_64, $encrypt_method, $key, 0, $iv);
192 }
193
194 return $output;
195 }
196
197 private
198 function generateRandomString($length = 10) {
199 $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
200 $charactersLength = strlen($characters);
201 $randomString = '';
202 for ($i = 0; $i < $length; $i++) {
203 $randomString .= $characters[rand(0, $charactersLength - 1)];
204 }
205 return $randomString;
206 }
207
208
209
210
211
212
213
214}
215
216
217
218
219
220
221
222*************************************
223
224
225<?php
226
227
228
229//$JInput = JFactory::getApplication()->input;
230//$secretKey = $JInput->get('secretKey','','string');
231//$request_data = $JInput->get('request','','array');
232
233/**
234 * Constant that is checked in included files to prevent direct access.
235 * define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower
236 */
237define('_JEXEC', 1);
238
239if (file_exists(__DIR__ . '/defines.php'))
240{
241 include_once __DIR__ . '/defines.php';
242}
243
244if (!defined('_JDEFINES'))
245{
246 define('JPATH_BASE', __DIR__);
247 require_once JPATH_BASE . '/includes/defines.php';
248}
249
250require_once JPATH_BASE . '/includes/framework.php';
251
252// Set profiler start time and memory usage and mark afterLoad in the profiler.
253JDEBUG ? JProfiler::getInstance('Application')->setStart($startTime, $startMem)->mark('afterLoad') : null;
254
255// Instantiate the application.
256$app = JFactory::getApplication('site');
257
258// Execute the application.
259//$app->execute();
260
261
262
263
264
265
266 //require_once( JPATH_COMPONENT.DS.'libraries'.DS.'helper.php' );
267 //define('JPATH_BASE', '../');
268 //require_once JPATH_BASE . '/libraries/joomla/user/helper.php';
269 //JLoader::register('JUserHelper', JPATH_ROOT . '/libraries/joomla/user/helper.php');
270
271 //echo hashPassword( '123456' );
272 $testcrypt = JUserHelper::hashPassword('123456');
273 //echo $testcrypt;
274
275 //echo '<hr />';
276
277 //$testcrypt = JUserHelper::hashPassword('12r3456');
278 //echo $testcrypt;
279
280 //echo '<hr />';
281
282 //echo JUserHelper::verifyPassword('123456', $testcrypt);
283
284
285 $aux = array(
286 'data_received' => $_GET,
287 );
288
289 $aux['status'] = 'login_fail';
290
291 if( isset($_GET['pass']) ):
292 $check_pass = JUserHelper::hashPassword( $_GET['pass'] );
293 //print_r( $check_pass );
294 if( JUserHelper::verifyPassword('123456', $check_pass) ):
295 $aux['status'] = 'login_ok';
296 endif;
297 endif;
298
299 echo json_encode($aux);
300
301?>