protected function array_keys_exist(array $needles, array $haystack)
{
if (defined('STRICT_TYPES') && CAMEL_CASE == '1') {
return (bool) self::parameters(['needles' => DT::TYPE_ARRAY, 'haystack' => DT::TYPE_ARRAY])->call(__FUNCTION__)->with($needles, $haystack)->returning(DT::BOOL);
} else {
return (bool) array_keys_exist($needles, $haystack);
}
}
/**
* Add Member resource.
*/
public function add_member()
{
// Only allow POST Requests
$this->_check_method('POST');
// Check that we got any POST-data
if (!($post = $this->input->post())) {
$this->_status(400);
// Bad Request
}
// Require X-Email/Password auth.
$this->_check_authentication();
// Remove all POST fields that we don't want.
$post = $this->_filter_member($post);
// Check after required fields
if (!array_keys_exist($this->required_member_fields, $post)) {
// ... we're missing some fields!
$this->_status(400);
// Bad Request
}
// Check if e-mail already is registered (try to get_member)
$result = $this->Member_model->get_member('email', $post['email']);
if ($result) {
// User already exists, abort!
$this->_status(409);
// Conflict
}
// Validate and normalize all POST fields.
$post = $this->_control_fields($post);
// Something failed or was wrong...
// ToDo: Return WHAT was wrong.
if (!$post) {
$this->_status(400);
// Bad request
}
// Save to database
$result = $this->Member_model->add_member($post);
if (!$result) {
$this->_status(400);
// Bad request
}
// Get new member object
$member_id = $this->db->insert_id();
$member = $this->Member_model->get_member($member_id);
// Unset password-fields
unset($member->password, $member->reset_token, $member->reset_expire);
// Remove NULL and empty fields (incl. false).
#$member = (object)array_filter((array)$member);
// Return it!
$this->_json_out($member);
}
* Sets up the database, creates user, etc
*
* @todo use check_inputs everywhere!
*/
if ($DB->connected) {
$resp->notify('No need to install...', 'It is already done!');
} else {
if (array_key_exists('install', $_POST) and is_array($_POST['install']) and array_keys_exist('root', 'head', 'site', $_POST['install'])) {
$created_con = false;
$root = (object) $_POST['install']['root'];
$root->database = 'information_schema';
$head = (object) $_POST['install']['head'];
$head->viewport = 'width=device-width, height=device-height';
$head->charset = 'UTF-8';
$site = (object) $_POST['install']['site'];
if (array_key_exists('connect', $_POST['install']) and is_array($_POST['install']['connect']) and array_keys_exist('user', 'password', 'repeat', $_POST['install']['connect'])) {
$con = (object) $_POST['install']['connect'];
$con->database = $con->user;
} else {
$con = null;
}
if (isset($site->user) and is_email($site->user) and isset($root->user) and preg_match('/^\\w+$/', $root->user) and isset($site->password) and preg_match('/' . pattern('password') . '/', $site->password) and isset($site->repeat) and $site->repeat === $site->password and isset($head->title) and preg_match('/^[\\w- ]{5,}$/', $head->title) and isset($head->keywords) and preg_match('/^[\\w, -]+$/', $head->keywords) and isset($head->description) and preg_match('/^[\\w-,\\.\\?\\! ]{1,160}$/', $head->description) and isset($head->robots) and preg_match('/^(no)?follow, (no)?index$/i', $head->robots) and (isset($head->author_g_plus) and is_url($head->author_g_plus)) and isset($head->author) and preg_match('/^[\\w- ]{5,}$/', $head->author) and (is_null($head->rss) or empty($head->rss) or is_url($head->rss)) and (is_null($head->publisher) or empty($head->publisher) or is_url($head->publisher)) and (is_null($head->google_analytics_code) or empty($head->google_analytics_code) or preg_match('/^[A-z]{2}-[A-z\\d]{8}-\\d$/', $head->google_analytics_code)) and (is_null($head->author) or empty($head->author) or preg_match('/^[\\w- ]{5,}$/', $head->author)) and (is_null($con) or preg_match('/' . pattern('password') . '/', $con->password) and $con->password === $con->repeat and !file_exists(BASE . '/config/connect.ini'))) {
$pdo = new \shgysk8zer0\Core\PDO($root);
if ($pdo->connected) {
if (is_object($con)) {
$config_dir = BASE . DIRECTORY_SEPARATOR . 'config';
if (is_writable($config_dir)) {
file_put_contents($config_dir . DIRECTORY_SEPARATOR . 'connect.json', json_encode(['user' => $con->user, 'password' => $con->password, 'database' => $con->user], JSON_PRETTY_PRINT));
} else {
$resp->notify('Could not save database connection settings to file', 'Make sure that config/ is writable');
exit($resp);
function html_include_css($script_filepath, $media = 'screen', $id = null)
{
$path_parts = path_info_query($script_filepath);
if (!array_keys_exist($path_parts, 'basename', 'filename', 'extension', 'dirname')) {
return null;
}
if (!isset($path_parts['query'])) {
$path_parts['query'] = null;
}
if (forum_get_setting('use_minified_scripts', 'Y')) {
$path_parts['basename'] = sprintf('%s.min.%s', $path_parts['filename'], $path_parts['extension']);
}
$path_parts['query'] = html_query_string_add($path_parts['query'], 'version', BEEHIVE_VERSION, '&');
$script_filepath = rtrim($path_parts['dirname'], '/') . '/' . $path_parts['basename'] . '?' . $path_parts['query'];
return sprintf("<link rel=\"stylesheet\" href=\"%s\" type=\"text/css\" media=\"%s\"%s />\n", htmlentities_array($script_filepath), htmlentities_array($media), isset($id) ? sprintf(" id=\"%s\"", htmlentities_array($id)) : '');
}
function html_include_css($script_filepath, $media = 'screen')
{
$path_parts = path_info_query($script_filepath);
if (!array_keys_exist($path_parts, 'basename', 'filename', 'extension', 'dirname')) {
return;
}
if (forum_get_setting('use_minified_scripts', 'Y')) {
$path_parts['basename'] = sprintf('%s.min.%s', $path_parts['filename'], $path_parts['extension']);
}
$script_filepath = "{$path_parts['dirname']}/{$path_parts['basename']}";
$script_filepath .= isset($path_parts['query']) ? "?{$path_parts['query']}" : '';
printf("<link rel=\"stylesheet\" href=\"%s\" type=\"text/css\" media=\"%s\" />\n", $script_filepath, $media);
}
<?php
try {
require "./db.php";
$REQUEST = get_request_data();
$dbh = open_db();
$dbh->beginTransaction();
if (!array_keys_exist(array('cohortid', 'userid1', 'userid2', 'desc'), $REQUEST)) {
throw new Exception("Insufficient \$REQUEST arguments");
}
$datestring = date("Y-m-d");
$cohortid = $REQUEST['cohortid'];
$userid1 = min($REQUEST['userid1'], $REQUEST['userid2']);
$userid2 = max($REQUEST['userid1'], $REQUEST['userid2']);
if ($userid1 == $userid2) {
throw new Exception('Cannot settle with yourself');
}
$userid_enterer = $_COOKIE['user']['userid'];
print_sql($sql = "SELECT * FROM balance WHERE userid_from={$userid1} AND userid_to={$userid2} AND cohortid={$cohortid}");
if (($res = $dbh->query($sql, PDO::FETCH_ASSOC)) == false) {
throw new Exception("Could not select balance");
}
$balance = $res->fetch();
$amount = $balance['amount'];
if ($amount < 0.0) {
$userid_payer = $balance['userid_from'];
$userid_payee = $balance['userid_to'];
} elseif ($amount > 0.0) {
$userid_payer = $balance['userid_to'];
$userid_payee = $balance['userid_from'];
} else {
return false;
}
}
return true;
}
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
$repository = Settings::getRepository();
//Validate User
if (!array_keys_exist(array('PHP_AUTH_USER', 'PHP_AUTH_PW'), $_SERVER) || $repository->hasUsers() && !$repository->isValidUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="Users"');
header('HTTP/1.0 401 Unauthorized');
echo 'HTTP/1.0 401 Unauthorized';
exit;
}
//Save if changed
if (!empty($_REQUEST['Commit']) && array_keys_exist(array('username', 'password'), $_REQUEST)) {
$user = new User();
$user->name = $_REQUEST['username'];
$user->password = $_REQUEST['password'];
$user->active = isset($_REQUEST['active']) && $_REQUEST['active'] == 'on';
$success = $repository->save($user);
if (!$success) {
//Todo: show error messages or exceptions
}
}
$criteria = new UserCriteria();
$criteria->name[] = $_REQUEST['name'];
$user = $repository->find($criteria);
if (count($user) < 1) {
$user = $user[0];
} else {
////////////////////////////////////////////////////////////////////////////////
// rudimentary error checking -- improve this section (or do it in javascript?)
if (!array_keys_exist(array('date', 'cohortid', 'whopaid', 'location', 'desc', 'amount', 'iou'), $REQUEST)) {
throw new Exception("Insufficient \$REQUEST arguments");
}
if (($date = strtotime($REQUEST["date"])) === false) {
throw new Exception("Invalid date {$REQUEST["date"]}");
}
if (!empty($REQUEST["amount"]) && !is_numeric($REQUEST["amount"])) {
throw new Exception("Invalid amount {$REQUEST["amount"]}");
}
if (!is_array($REQUEST['iou']) || count($REQUEST['iou']) == 0) {
throw new Exception("Invalid list of IOUs {$REQUEST["iou"]}");
}
foreach ($REQUEST['iou'] as $iou) {
if (!is_array($iou) || !array_keys_exist(array('amount', 'userid'), $iou)) {
throw new Exception("Invalid iou entry {$iou}");
} elseif ($iou['amount'] != "" && !is_numeric($iou['amount'])) {
throw new Exception("Invalid iou amount {$iou["amount"]} for id {$iou["userid"]}");
}
}
// if ($debug) echo("<p>Updating the database:</p>");
////////////////////////////////////////////////////////////////////////////////
// find the location specified by the user
$locationId = 1;
// Location is off for now, save all as the empty location.
if (false) {
//Remove this to re-enable locations!
print_sql($sql = "SELECT count(*) FROM location WHERE name LIKE \"%{$REQUEST["location"]}%\"");
if (($res = $dbh->query($sql)) == false) {
throw new Exception("Could not select from location table");
return false;
}
}
return true;
}
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
$repository = Settings::getRepository();
//Validate User
if (!array_keys_exist(array('PHP_AUTH_USER', 'PHP_AUTH_PW'), $_SERVER) || !$repository->isValidUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
header('WWW-Authenticate: Basic realm="Editor"');
header('HTTP/1.0 401 Unauthorized');
echo 'HTTP/1.0 401 Unauthorized';
exit;
}
//Save if changed
if (!empty($_REQUEST['Commit']) && array_keys_exist(array('name', 'mimetype', 'data'), $_REQUEST)) {
$newData = new Page();
$newData->name = $_REQUEST['name'];
$newData->type = !empty($_FILES['filedata']['type']) ? $_FILES['filedata']['type'] : $_REQUEST['mimetype'];
$newData->value = $_REQUEST['data'];
$newData->active = array_key_exists('active', $_REQUEST) && $_REQUEST['active'] == 'on';
$newData->username = $_SERVER['PHP_AUTH_USER'];
$newData->isBinary = !empty($_FILES['filedata']) && !empty($_FILES['filedata']['tmp_name']);
$success = $repository->save($newData);
if ($success) {
if (!empty($_FILES['filedata']) && !empty($_FILES['filedata']['tmp_name'])) {
$binaryRepository = Settings::getBinaryDataRepository();
$success = $binaryRepository->save($_REQUEST['name'], $_FILES['filedata']['tmp_name']);
}
}
if (!$success) {
}
die('{"title":"'.$_GET['introtitle'].'", "text":"'.addcslashes(Markdown($_GET['introtext']),"\"\r\n").'"}');
case 'editabout':
$text = sqlite_escape_string($_GET['abouttext']);
$title = sqlite_escape_string($_GET['abouttitle']);
$queries[] = "UPDATE config SET value='{$text}' WHERE opt='aboutme'";
$queries[] = "UPDATE config SET value='{$title}' WHERE opt='lang_about'";
foreach ($queries AS $sql)
{
sqlite_exec($db, $sql) or die('{}');
}
die('{"title":"'.$_GET['abouttitle'].'", "text":"'.addcslashes(Markdown($_GET['abouttext']),"\"\r\n").'"}');
break;
case 'editsong':
if (!array_keys_exist(array('songartist','songtitle','songdesc','songid'), $_GET)) die('{}');
$artist = sqlite_escape_string($_GET['songartist']);
$title = sqlite_escape_string($_GET['songtitle']);
$desc = sqlite_escape_string($_GET['songdesc']);
$id = sqlite_escape_string($_GET['songid']);
$query = "UPDATE songs SET artist='{$artist}', title='{$title}', descr='{$desc}' WHERE id='{$id}'";
sqlite_exec($db, $query) or die('{}');
$query = "SELECT * FROM songs WHERE id='{$id}'";
$result = sqlite_query($db, $query) or die('{}');
$data = sqlite_fetch_array($result) or die('{}');
die('{"id":"'.$data['id'].'", "artist":"'.addslashes($data['artist']).'", "title":"'.addslashes($data['title']).'", "desc":"'.addcslashes(Markdown($data['descr']),"\"\r\n").'","url":"'.addslashes(encodeSource($_ENV['DATA_URL'] . $data['fname'])).'"}');
break;
case 'getsongdescr':
if (!array_key_exists('songid', $_GET)) die('{}');
