Security->requireSecure(); $this->User = ClassRegistry::init('User'); $this->refreshCache(); } public function initWeb($controller){ $controller->set("isLoggedin",$this->isLoggedin()); if($this->isLoggedin()){ $controller->set("WORKER",($this->self_worker_obj)?$this->self_worker_obj:false); $controller->set("COMPANY",($this->self_company_obj)?$this->self_company_obj:false); } $controller->set("isStaff",$this->isStaff()); $controller->set("MEDIA_URL","http://dev.dreamjob.cc/media/"); $controller->set('default_sForm',array( 'inputDefaults' => array( 'div' => array('class' => 'control-group'), 'label' => array('class' => 'control-label'), 'between' => '
', 'after' => '
', 'class' => '')) ); $controller->set('default_Form',array( 'inputDefaults' => array( 'div' => array('class' => 'form-group'), 'label' => array('class' => 'col-lg-3 control-label'), 'between' => '
', 'after' => '
', 'error' => array('attribute'=>array('wrap'=>'span','class'=>'help-block')), 'class' => 'form-control ')) ); } public function refreshCache(){ if($this->isLoggedin()){ $self_company = false; $this->self_worker_obj = $this->getApplication('DreamjobWorker'); if(!is_array($this->self_worker_obj) or count($this->self_worker_obj)<= 0){ $this->self_company_obj = $this->getApplication('DreamjobCompany'); $self_company = true; } } } public function getCompany(){ return $this->self_company_obj; } public function getWorker(){ return $this->self_worker_obj; } public function isLoggedin(){ return $this->Session->check('user'); } public function isStaff(){ return false; } public function login($mail,$password){ $users=$this->User->find('first', array( 'fields' => array('User.id','User.password'), 'conditions' => array('User.mail' => $mail) )); if($this->validate_password($password,$users['User']['password']) and !$this->isLoggedin()){ echo $users['User']['id']; $this->Session->write('user',$users['User']['id']); return true; } return false; } public function logout(){ if($this->isLoggedin()){ $this->Session->delete('user'); return true; } return false; } public function setFlash($message,$element = 'flash',$params = array(),$key = 'flash') { $this->Session->setFlash($message, $element,$params,$key); } public function getApplication($appDirectory,$user_id=false){ if(!$user_id) $user_id = $this->Session->read('user'); $this->$appDirectory = ClassRegistry::init($appDirectory); return $this->$appDirectory->find('first',array( 'conditions' => array('AppUser.user_id' => $user_id) )); } /** * PasswordHasg */ private function create_hash($password) { $salt = base64_encode(mcrypt_create_iv(8, MCRYPT_DEV_URANDOM)); return "pbkdf2_sha1$10000$" . $salt . "$" .base64_encode($this->pbkdf2("sha1",$password,$salt,10000,20,true)); } private function validate_password($password, $correct_hash) { $params = explode("$", $correct_hash); if(count($params) < 4) return false; $pbkdf2 = base64_decode($params[3]); return $this->slow_equals($pbkdf2,$this->pbkdf2($params[0],$password,$params[2],(int)$params[1],strlen($pbkdf2),true)); } private function slow_equals($a, $b) { $diff = strlen($a) ^ strlen($b); for($i = 0; $i < strlen($a) && $i < strlen($b); $i++) $diff |= ord($a[$i]) ^ ord($b[$i]); return $diff === 0; } private function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false) { $algorithm = strtolower(ltrim($algorithm,"pbkdf2_")); if(!in_array($algorithm, hash_algos(), true)) die('PBKDF2 ERROR: Invalid hash algorithm.'); if($count <= 0 || $key_length <= 0) die('PBKDF2 ERROR: Invalid parameters.'); if (function_exists("hash_pbkdf2")) { if (!$raw_output) $key_length = $key_length * 2; return hash_pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output); } $hash_length = strlen(hash($algorithm, "", true)); $block_count = ceil($key_length / $hash_length); $output = ""; for($i = 1; $i <= $block_count; $i++) { $last = $salt . pack("N", $i); $last = $xorsum = hash_hmac($algorithm, $last, $password, true); for ($j = 1; $j < $count; $j++) $xorsum ^= ($last = hash_hmac($algorithm, $last, $password, true)); $output .= $xorsum; } if($raw_output) return substr($output, 0, $key_length); else return bin2hex(substr($output, 0, $key_length)); } } ?>