| Server IP : 103.234.187.230 / Your IP : 216.73.216.216 Web Server : Apache System : Linux lserver42043-ind.megavelocity.net 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64 User : apache ( 48) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /var/www/html/dcb/library/Catabatic/ |
Upload File : |
<?php
class Catabatic_ValidateDcb extends Zend_Controller_Action {
public function init() {
parent::init();
$user = new Admin_Model_User();
$auth = Zend_Auth::getInstance();
/* * ************* check admin identity *********** */
$IsActive = isset(Admin_Model_UserAuth::getIdentity()->status) ? Admin_Model_UserAuth::getIdentity()->status : null;
$username = isset(Admin_Model_UserAuth::getIdentity()->username) ? Admin_Model_UserAuth::getIdentity()->username : null;
$type = isset(Admin_Model_UserAuth::getIdentity()->type) ? Admin_Model_UserAuth::getIdentity()->type : null;
$IsVerified = isset(Admin_Model_UserAuth::getIdentity()->IsVerified) ? trim(Admin_Model_UserAuth::getIdentity()->IsVerified) : null;
if (($IsVerified && $IsVerified == 1) && ($username && $username != '')) {
$detailData = $user->getUserDetail(trim($username));
$LastActiveOn = $detailData['LastActiveOn'];
$datetime = new DateTime($LastActiveOn);
$minutesToAdd = 15;
$datetime->modify("+{$minutesToAdd} minutes");
$RandomCodeValidTo = $datetime->format('Y-m-d H:i:s');
$currentDate = date("Y-m-d H:i:s");
if (empty($_SESSION['token'])) {
if (function_exists('mcrypt_create_iv')) {
$_SESSION['token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
} else {
$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(32));
}
}
if ($RandomCodeValidTo >= $currentDate) {
$editDataUpdate = array('LastActiveOn' => $currentDate);
$whereUpdate = array('username =?' => $username);
$user->edit($editDataUpdate, $whereUpdate);
} else {
$this->logoutAdmin();
}
} else if (!$auth->hasIdentity()) {
$this->logoutAdmin();
} else if (isset($_COOKIE['PHPSESSID'])) {
$exitingB = file_get_contents('data/logs/' . md5($_COOKIE['PHPSESSID']) . '.txt',
FALSE, NULL, 0, 500);
$chVV = md5($_SERVER['HTTP_USER_AGENT']);
if ($chVV != $exitingB) {
$this->logoutAdmin();
}
} else {
$this->logoutAdmin();
}
}
private function logoutAdmin() {
$username = isset(Admin_Model_UserAuth::getIdentity()->username) ? Admin_Model_UserAuth::getIdentity()->username : null;
$user = new Admin_Model_User();
if ($username) {
$whereUpdate = array('username =?' => $username);
$editDataUpdate = array('IsLoggedIn' => '0', 'PHPSESSID' => '', 'LastActiveOn' => '2022-01-02 00:00:00', 'USERAGENT' => '');
$user->edit($editDataUpdate, $whereUpdate);
}
if (isset($_COOKIE['PHPSESSID'])) {
unset($_COOKIE['PHPSESSID']);
}
setcookie("PHPSESSID", "", time() - 3600, "/");
Zend_Session::destroy();
$this->_redirect('admin/index');
}
public function sanitize_data($input_data) {
$searchArr = array("document", "write", "alert", "%", "$", ";", "+", "|", "#", "<", ">", ")", "(", "'", "\'", ",", "AND", "JAVASCRIPT");
$input_data = str_replace("script", "", $input_data);
$input_data = str_replace("iframe", "", $input_data);
$input_data = str_replace($searchArr, "", $input_data);
return htmlentities(stripslashes($input_data), ENT_QUOTES);
}
public function sanitize_html_data($input_data) {
$searchArr = array("write", "alert", "AND", "JAVASCRIPT");
$input_data = str_replace("script", "", $input_data);
$input_data = str_replace("iframe", "", $input_data);
$input_data = str_replace($searchArr, "", $input_data);
return $input_data;
}
}