function getUploadToken()
 {
     requireRequestMethod("POST");
     /* FIXME: token should expire, based on server request? */
     /* FIXME: what if upload size is not known in time? transcode web service for example... */
     $absPath = $this->validatePath(getRequest('relativePath', TRUE), FTS_PARENT);
     /* make sure the uploaded file name is unique */
     $absPath = $this->getUniqueName($absPath);
     /* verify fileSize
      *
      * NOTE: fileSize *is* required, but 0 is a valid file size, but also
      * seen as "empty" by PHP, so we work around it like this...
      */
     $fileSize = (int) getRequest('fileSize', FALSE, 0);
     if ($fileSize < 0) {
         throw new Exception("invalid filesize");
     }
     $token = generateToken();
     try {
         $stmt = $this->dbh->prepare("INSERT INTO uploadTokens (token, filePath, fileSize) VALUES (:token, :filePath, :fileSize)");
         $stmt->bindParam(':token', $token);
         $stmt->bindParam(':filePath', $absPath);
         $stmt->bindParam(':fileSize', $fileSize);
         $stmt->execute();
         $uploadLocation = getProtocol() . getServerName() . $_SERVER['PHP_SELF'] . "?action=uploadFile&token={$token}";
         return array("uploadLocation" => $uploadLocation, "absPath" => $absPath);
     } catch (Exception $e) {
         throw new Exception("database query failed");
     }
 }
Beispiel #2
0
function DoQuery($n, $c, $p1, $p2, $p3, $p4, $p5) {
	$str = "{\"result\":1}";
	date_default_timezone_set("Asia/Hong_Kong");
	$t_str = date("YmdHis");
	$commit_date = date("Y-m-d H:i:s");
	$pname = generateToken().".${t_str}.";
	$path1 = "./files/${pname}1";
	$path2 = "./files/${pname}2";
	$path3 = "./files/${pname}3";
	$path4 = "./files/${pname}4";
	$path5 = "./files/${pname}5";
	$dbp1 = "";
	$dbp2 = "";
	$dbp3 = "";
	$dbp4 = "";
	$dbp5 = "";
	if (isset($p1)) { move_uploaded_file($p1["tmp_name"], $path1); $dbp1 = "${pname}1"; }
	if (isset($p2)) { move_uploaded_file($p2["tmp_name"], $path2); $dbp2 = "${pname}2"; }
	if (isset($p3)) { move_uploaded_file($p3["tmp_name"], $path3); $dbp3 = "${pname}3"; }
	if (isset($p4)) { move_uploaded_file($p4["tmp_name"], $path4); $dbp4 = "${pname}4"; }
	if (isset($p5)) { move_uploaded_file($p5["tmp_name"], $path5); $dbp5 = "${pname}5"; }
	$db = openConnection();
	$stmt = $db->prepare("insert into feedback(nickname, comment, photo1, photo2, photo3, photo4, photo5, commit_date) values (?, ?, ?, ?, ?, ?, ?, ?)");
	$stmt->bind_param("ssssssss", $n, $c, $dbp1, $dbp2, $dbp3, $dbp4, $dbp5, $commit_date);
	$stmt->execute();
	$rows = intval($stmt->affected_rows);
	$stmt->close();
	closeConnection($db);
	if ($rows != 0) {
		$str = "{\"result\":0}";
	}
	return $str;	
}
function checkToken()
{
    /*****************************************************************************************
     * Check the posted token for correctness
     ******************************************************************************************/
    $oldToken = "";
    $testToken = "";
    $tokenStr = "";
    $page = basename($_SERVER['PHP_SELF']);
    $oldToken = $_POST["token"];
    $tokenStr = "IP:" . $_SESSION["ip"] . ",SESSIONID:" . session_id() . ",GUID:" . $_SESSION["guid"];
    $testToken = sha1($tokenStr . $_SESSION["salt"] . $_SESSION["salt"]);
    $checkToken = False;
    if ($oldToken === $testToken) {
        $diff = time() - $_SESSION["time"];
        if ($diff <= 300) {
            // Five minutes max
            if ($_SESSION["usecookie"]) {
                if ($_COOKIE["token"] === $oldToken) {
                    /*****************************************************************************************
                     * Destroy the old form token, then
                     * generate a new token for the form, which may or may not be needed. We want to do this
                     * before headers are written. When writeToken() or writeTokenH() is called we are only 
                     * writing the pre-generated token to the form. The cookie will have already been written.
                     ******************************************************************************************/
                    setcookie("token", '', time() - 42000);
                    generateToken();
                    return true;
                } else {
                    $_SESSION = array();
                    if (isset($_COOKIE[session_name()])) {
                        setcookie(session_name(), '', time() - 42000);
                    }
                    session_destroy();
                    header("Location: http://" . lg_domain . lg_form_error . "?p=" . $page . "&t=ec");
                }
            } else {
                return True;
            }
        } else {
            $_SESSION = array();
            if (isset($_COOKIE[session_name()])) {
                setcookie(session_name(), '', time() - 42000);
            }
            session_destroy();
            header("Location: http://" . lg_domain . lg_form_error . "?p=" . $page . "&t=et");
        }
    } else {
        $_SESSION = array();
        if (isset($_COOKIE[session_name()])) {
            setcookie(session_name(), '', time() - 42000);
        }
        session_destroy();
        header("Location: http://" . lg_domain . lg_form_error . "?p=" . $page . "&t=e");
    }
}
/**
 * A function that generates a hash that is not already 
 * in use. Adds letters to username and password until 
 * something unique is created.
 */
function generateToken($pdo, $username, $password)
{
    $hash = hash('ripemd160', $username . $password);
    $sql = "SELECT COUNT(*) FROM calendars WHERE token = :hash";
    $result = $pdo->prepare($sql);
    $result->execute(array('hash' => $hash));
    if ($result->fetchColumn() > 0) {
        return generateToken($pdo, $username . 'a', $password . 'b');
    }
    return $hash;
}
Beispiel #5
0
 public function run()
 {
     parent::run();
     $this->getInputJson();
     $userId = login($this->input['username'], $this->input['password']);
     if (!$userId) {
         throw new \Exception("Invalid username or password.");
     }
     $token = generateToken($userId);
     $this->return['token'] = $token;
 }
Beispiel #6
0
function sendTokenChange($email, $username, $old_email)
{
    require_once MODELES . 'membres/token.php';
    if ($token = generateToken($email, $username, $old_email)) {
        $tokenlink = 'http://' . $_SERVER['HTTP_HOST'] . getLink(['membres', 'confirm', $token]);
    } else {
        return False;
    }
    if (mail($email, 'Confirmer votre nouvelle adresse e-mail', "Bonjour !\n" . "Merci de cliquer sur le lien ci-dessous pour confirmer votre nouvelle adresse e-mail :\n" . $tokenlink . "\n" . "Si le lien ne fonctionne pas, copiez-collez l'adresse dans votre navigateur.\n\n" . "Merci et à bientôt !\n" . "-- L'équipe EventEase", 'From: no-reply@eventease.com')) {
        return True;
    } else {
        return False;
    }
}
 public function firstUse($stunum)
 {
     $url = 'http://hongyan.cqupt.edu.cn/RedCenter/Api/Handle/index';
     //        $tmpArr = array('cyxbs',"$stunum",'firstUse');
     //        sort($tmpArr, SORT_STRING);
     //        $t = md5( sha1( implode( $tmpArr, '|' ) ) );
     $token = generateToken('cyxbs', $stunum, 'firstUse');
     $ch = curl_init($url);
     curl_setopt($ch, CURLOPT_HEADER, false);
     curl_setopt($ch, CURLOPT_POST, 1);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     curl_setopt($ch, CURLOPT_POSTFIELDS, "type=firstUse&stu={$stunum}&id=cyxbs&token=" . $token);
     curl_exec($ch);
     //$output = json_decode(curl_exec($ch),TRUE);
 }
 function post_login($data)
 {
     if ($_SESSION["login_id"] != null) {
         $response["success"] = "true";
         $response["code"] = "1";
         $response["message"] = "você esta logado";
         return json_encode($response);
         #throw new Exception("você esta logado");
     } else {
         if (empty($data->username) or empty($data->password)) {
             throw new Exception("Login ou senha precisam ser preenchidos");
         }
         #verifica usario no banco
         $db_user = User::find('all', array('conditions' => array('username = ? AND password = ? ', $data->username, hashpassword($data->password))));
         #->to_json() $data->id
         #fim
         if ($db_user != null) {
             //array push result
             $result = array();
             foreach ($db_user as $data) {
                 //update ip e login
                 $sql = User::find($data->id);
                 $sql->update_attributes(array('last_ip' => $_SERVER['REMOTE_ADDR'], 'last_login' => date("Y-m-d  H:i:s")));
                 $sql->save();
                 array_push($result, $data->to_array());
                 //using to_array instead of to_json
             }
             $token = generateToken($db_user);
             #fazer o login so add apikey e session
             $this->doLogin($db_user);
             unset($result->password);
             unset($result->password_salt);
             unset($result->last_ip);
             $response["success"] = "true";
             $response["code"] = "1";
             $response["message"] = "Sucesso - Bem vindo ";
             //para enviar dados atuais
             $newresult = $this->getPerfile();
             $response["result"] = $newresult;
             return json_encode($response);
         } else {
             throw new Exception("Erro ao efetuar login. Usuário/Senha incorretos");
         }
         return false;
     }
 }
function register($conn)
{
    $username = $_POST['username'];
    $password = sha1($_POST['password']);
    $email = $_POST['email'];
    $token = generateToken();
    $sql = 'INSERT INTO users (username, password, email, token) VALUES (?, ?, ?, ?)';
    $stmt = $conn->prepare($sql);
    try {
        if ($stmt->execute(array($username, $password, $email, $token))) {
            setcookie('token', $token, 0, "/");
            echo 'Account Registered';
        }
    } catch (PDOException $e) {
        echo $e->getMessage();
        //echo 'Username or Email Already Registered';
    }
}
function register($conn)
{
    $password = sha1($_POST['password']);
    $email = $_POST['email'];
    $token = generateToken();
    $sql = 'INSERT INTO users (password, email, token) VALUES (?, ?, ?)';
    $stmt = $conn->prepare($sql);
    try {
        if ($stmt->execute(array($password, $email, $token))) {
            setcookie('token', $token, 0, "/");
            $sql = 'INSERT INTO orders (users_id, status) (SELECT u.id, "new" FROM users u WHERE u.token = ?)';
            $stmt1 = $conn->prepare($sql);
            if ($stmt1->execute(array($token))) {
                echo 'Account Registered';
            }
        }
    } catch (PDOException $e) {
        echo $e->getMessage();
    }
}
Beispiel #11
0
 public function create($options = array())
 {
     if (!isValid($options['email'], 'email')) {
         return formatErrors(604);
     }
     if (!isValid($options['password'], 'password')) {
         return formatErrors(602);
     }
     // Make sure email does not exist already
     $total = $this->count("email = '" . $options['email'] . "'");
     if ($total > 0) {
         return formatErrors(603);
     }
     // If you made it this far, we need to add the record to the DB
     $options['password'] = generateHash($options['password']);
     $options['created_on'] = date("Y-m-d H:i:s");
     // Create user token
     do {
         $options['user_token'] = generateToken(30) . md5(time());
         $total = $this->count("user_token = '" . $options['user_token'] . "'");
         // If by some freak chance there is a collision
         // Report it
         if ($total > 0) {
             log_message('debug', 'User token collision detected on key of `' . $options['user_token'] . '`');
         }
     } while ($total > 0);
     // Add record
     $q = $this->db->insert_string('users', $options);
     $res = $this->db->query($q);
     // Check for errors
     $this->sendException();
     if ($res === true) {
         $user_id = $this->db->insert_id();
         return $this->read($user_id);
     } else {
         return formatErrors(500);
     }
 }
Beispiel #12
0
function login($conn)
{
    setcookie('token', "", 0, "/");
    $username = $_POST['username'];
    $password = sha1($_POST['password']);
    $sql = 'SELECT * FROM users WHERE username = ? AND password = ?';
    $stmt = $conn->prepare($sql);
    if ($stmt->execute(array($username, $password))) {
        $valid = false;
        while ($row = $stmt->fetch()) {
            $valid = true;
            $token = generateToken();
            $sql = 'UPDATE users SET token = ? WHERE username = ?';
            $stmt1 = $conn->prepare($sql);
            if ($stmt1->execute(array($token, $username))) {
                echo 'Login Successful';
            }
        }
        if (!$valid) {
            echo 'Username or Password Incorrect';
        }
    }
}
function register($conn)
{
    $password = sha1($_POST['password']);
    $email = $_POST['email'];
    $name_first = $_POST['name_first'];
    $name_last = $_POST['name_last'];
    $address = $_POST['address'];
    $realtor = $_POST['realtor'];
    $token = generateToken();
    $sql = 'INSERT INTO users (password, email, name_first, name_last, address, realtor, token) VALUES (?, ?, ?, ?, ?, ?, ?)';
    $stmt = $conn->prepare($sql);
    try {
        if ($stmt->execute(array($password, $email, $name_first, $name_last, $address, $realtor, $token))) {
            setcookie('token', $token, 0, "/");
            $sql = 'INSERT INTO orders (users_id, status) (SELECT u.id, "new" FROM users u WHERE u.token = ?)';
            $stmt1 = $conn->prepare($sql);
            if ($stmt1->execute(array($token))) {
                echo 'Account Registered';
            }
        }
    } catch (PDOException $e) {
        echo 'Email already registered.';
    }
}
Beispiel #14
0
function generateHash($str)
{
    $salt = generateToken(50);
    if (CRYPT_SHA512 == 1) {
        return crypt($str, '$6$rounds=5000$' . $salt . '$');
    }
    if (CRYPT_SHA256 == 1) {
        return crypt($str, '$5$rounds=5000$' . $salt . '$');
    }
    if (CRYPT_BLOWFISH == 1) {
        return crypt($str, '$2a$07$' . $salt . '$');
    }
    if (CRYPT_MD5 == 1) {
        return crypt($str, '$1$' . $salt . '$');
    }
    if (CRYPT_EXT_DES == 1) {
        return crypt($str, '_J9' . $salt);
    }
    if (CRYPT_STD_DES == 1) {
        return crypt($str, $salt);
    }
    return false;
    // Throw exception once everything is hooked up
}
?>



    <!-- Test, Bild -->
    <img class="img-responsive" src="coverphoto.jpg" alt="Coverphoto">


    <!-- Visa produkter -->
    <?php 
$con = connect();
// to prevent undefined index notice
$action = isset($_GET['action']) ? $_GET['action'] : "";
$product_id = isset($_GET['product_id']) ? $_GET['product_id'] : "1";
$productName = isset($_GET['productName']) ? $_GET['productName'] : "";
$token = generateToken();
if ($action == 'added') {
    echo "<div class='alert alert-info'>";
    echo "<strong>{$productName}</strong> tillagt i varukorgen!";
    echo "</div>";
}
if ($action == 'exists') {
    echo "<div class='alert alert-info'>";
    echo "<strong>{$productName}</strong> finns redan i varukorgen!";
    echo "</div>";
}
$query = "SELECT id, productName, price FROM Products ORDER BY productName";
$stmt = $con->prepare($query);
$stmt->execute();
$num = $stmt->rowCount();
if ($num > 0) {
			<tbody>
	<?php 
            $i = 1;
            foreach ($set as $row) {
                //Country  Repayment Instructions
                if (!isset($row['name'])) {
                    $row['name'] = 'All Active Countries';
                }
                $country = $row['name'];
                $description = nl2br($row['description']);
                $id = $row['id'];
                $editurl = SITE_URL . "index.php?p=11&a=13&ac=edit&id=" . $id;
                $delurl = SITE_URL . "index.php?p=11&a=13&ac=del&id=" . $id;
                echo "<form enctype='multipart/form-data' method='post' action='updateprocess.php' id='del_repayment_instruction{$id}'>";
                echo "<input type='hidden' name='ac' value='del'>";
                echo "<input type='hidden' name='del-repayment_instruction'>";
                echo "<input type='hidden' name='user_guess' value='" . generateToken('del-repayment_instruction') . "'>";
                echo "<input type='hidden' name='id' value='{$id}'></form>";
                echo "<tr align='center'>";
                echo "<td>{$i}</td><td>{$country}</a></td><td>{$description}</td>";
                echo "<td>\n\t\t\t\t\t\t\t<a href='{$editurl}'>\n\t\t\t\t\t\t\t\t<img alt='Edit' title='Edit' src='images/layout/icons/edit.png'/>\n\t\t\t\t\t\t\t</a>&nbsp;&nbsp;\n\t\t\t\t\t\t\t<a href='javascript:void(0)' onClick='javascript:myDelete(\"{$id}\")'>\n\t\t\t\t\t\t\t\t<img alt='Delete' title='Delete' src='images/layout/icons/x.png'/>\n\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t</td>";
                echo "</tr>";
                $i++;
            }
            ?>
			</tbody>
		</table>
	<?php 
        }
    }
}
</div>
													</td>
												</tr>
												<tr>
													<td>&nbsp;</td>
													<td style="padding-top:10px;">
														<div>
															<div class="left">
																<div class="left"><input name="sendme" type="checkbox" /></div>
																<div class="right" style="font-family:Arial;margin-top:3px;">Send me a copy</div>
																<div class="clear"></div>
															</div>
															<div class="right" style="margin-right:5px;">
																<input type="hidden" id="sendJoinEmail" name="sendJoinEmail" />
																<input type="hidden" name="user_guess" value="<?php 
echo generateToken('sendJoinEmail');
?>
"/>
																<input type="hidden" name="formbidpos" value="<?php 
echo $showShareBox;
?>
" />
																<input type="hidden" name="email_sub" value="<?php 
echo $share_msg;
?>
" />
																<?php 
unset($_SESSION['shareEmailValidate']);
?>
																<input type="image" src="images/layout/popup/send_button.png" name="Send"/>
															</div>
Beispiel #18
0
function wifidog_login($error = null)
{
    $sock = new sockets();
    session_start();
    $ipClass = new IP();
    $tpl = new templates();
    $USE_TERMS_ACCEPTED = false;
    header('Content-Type: text/html; charset=iso-8859-1');
    $gateway_addr = $_REQUEST["gw_address"];
    $gw_port = $_REQUEST["gw_port"];
    $gw_id = $_REQUEST["gw_id"];
    $ARP = $_REQUEST["mac"];
    $url = $_REQUEST["url"];
    if (isset($_POST["wifidog-terms"])) {
        $_SESSION["USE_TERMS_ACCEPTED"] = true;
        $USE_TERMS_ACCEPTED = true;
    }
    if (isset($_SESSION["USE_TERMS_ACCEPTED"])) {
        $USE_TERMS_ACCEPTED = true;
    }
    if (!$ipClass->IsvalidMAC($ARP)) {
        $text_form = $tpl->_ENGINE_parse_body(FATAL_ERROR_SHOW_128("{hostspot_network_incompatible}"));
    }
    if (!isset($_REQUEST["token"])) {
        $_REQUEST["token"] = generateToken($ARP);
    }
    $wifidog_build_uri = wifidog_build_uri();
    $uriext = $wifidog_build_uri[0];
    $HiddenFields = $wifidog_build_uri[1];
    $ArticaHotSpotSMTP = SMTP_SETTINGS();
    if ($ArticaHotSpotSMTP["USE_TERMS"] == 1) {
        if (!$USE_TERMS_ACCEPTED) {
            return wifidog_terms();
        }
    }
    $fontsize = $ArticaHotSpotSMTP["SKIN_FONT_SIZE"];
    $ArticaSplashHotSpotTitle = $sock->GET_INFO("ArticaSplashHotSpotTitle");
    if ($ArticaSplashHotSpotTitle == null) {
        $ArticaSplashHotSpotTitle = "HotSpot system";
    }
    $tpl = new templates();
    $username = $tpl->_ENGINE_parse_body("{username}");
    $password = $tpl->_ENGINE_parse_body("{password}");
    $please_sign_in = $tpl->_ENGINE_parse_body("{please_sign_in}");
    $page = CurrentPageName();
    $ArticaSplashHotSpotTitle = $sock->GET_INFO("ArticaSplashHotSpotTitle");
    if ($ArticaSplashHotSpotTitle == null) {
        $ArticaSplashHotSpotTitle = "HotSpot system";
    }
    $lost_password_text = $tpl->_ENGINE_parse_body("{lost_password}");
    if (!isset($ArticaHotSpotSMTP["ENABLED_AUTO_LOGIN"])) {
        $ArticaHotSpotSMTP["ENABLED_AUTO_LOGIN"] = 0;
    }
    if (!isset($ArticaHotSpotSMTP["ENABLED_SMTP"])) {
        $ArticaHotSpotSMTP["ENABLED_SMTP"] = 0;
    }
    $t = time();
    unset($_SESSION["HOTSPOT_AUTO_RECOVER"]);
    $_SESSION["HOTSPOT_REDIRECT_URL"] = $url;
    $url_encoded = urlencode($url);
    $Connexion = $tpl->_ENGINE_parse_body("{connection}");
    $page = CurrentPageName();
    $f[] = "";
    $f[] = "    <div id='content'>";
    $f[] = "    ";
    $f[] = "\t\t\t<form id='wifidogform' action=\"{$page}\" method=\"post\">";
    $f[] = "{$HiddenFields}";
    $f[] = "\t\t\t\t<div class=\"f\">";
    $f[] = "\t\t\t\t\t<div class=\"field\">";
    $f[] = "\t\t\t\t\t\t<label for=\"username\" style='font-size:{$ArticaHotSpotSMTP["SKIN_LABEL_FONT_SIZE"]}'>{$username}:</label> <input type=\"text\" \n\t\tname=\"username\" \n\t\tid=\"username\"\n\t\tvalue=\"{$_REQUEST["username"]}\" \n\t\tonfocus=\"this.setAttribute('class','active');RemoveLogonCSS();\" \n\t\tonblur=\"this.removeAttribute('class');\" \n\t\tOnKeyPress=\"javascript:SendLogon{$t}(event)\">";
    $f[] = "\t\t";
    $f[] = "</div>";
    $f[] = "\t<div class=\"field\">";
    $f[] = "\t\t<label for=\"password\" style='font-size:{$ArticaHotSpotSMTP["SKIN_LABEL_FONT_SIZE"]}'>{$password}:</label> <input type=\"password\" name=\"password\" \n\t\t\t\tvalue=\"{$_REQUEST["password"]}\"\n\t\t\t\tid=\"password\" onfocus=\"this.setAttribute('class','active');RemoveLogonCSS();\" \n\t\t\t\tonblur=\"this.removeAttribute('class');\" OnKeyPress=\"javascript:SendLogon{$t}(event)\">";
    if ($ArticaHotSpotSMTP["ENABLED_SMTP"] == 1) {
        $f[] = "<div style='text-align:right'><a href=\"{$page}?wifidog-recover=yes&email={$_REQUEST["username"]}&{$uriext}\">{$lost_password_text}</a></div>";
    }
    $f[] = "\t\t\t\t\t</div>";
    $f[] = "\t\t\t\t\t<div class=\"field button\">";
    if ($ArticaHotSpotSMTP["ENABLED_AUTO_LOGIN"] == 1) {
        $register = $tpl->_ENGINE_parse_body("{register}");
        $f[] = "\t\t\t\t\t\t<a data-loading-text=\"Chargement...\"\n\t\tstyle=\"font-size:{$fontsize};text-transform:capitalize\"\n\t\tclass=\"Button2014 Button2014-success Button2014-lg\"\n\t\tid=\"fb92ae5e1f7bbea3b5044cbcdd40f088\"\n\t\thref=\"{$page}?wifidog-register=yes&{$uriext}\">&laquo;&nbsp;{$register}&nbsp;&raquo;</a>";
    }
    $f[] = "<a data-loading-text=\"Chargement...\" \n\t\t\tstyle=\"font-size:{$fontsize};text-transform:capitalize\" \n\t\t\tclass=\"Button2014 Button2014-success Button2014-lg\" \n\t\t\tid=\"fb92ae5e1f7bbea3b5044cbcdd40f088\" \n\t\t\tonclick=\"javascript:document.forms['wifidogform'].submit();\" \n\t\t\thref=\"javascript:Blurz()\">&laquo;&nbsp;{$Connexion}&nbsp;&raquo;</a>";
    $f[] = "\t\t\t\t\t</div>";
    if ($ArticaHotSpotSMTP["SKIN_TEXT_LOGON"] != null) {
        $f[] = "<p style='font-size:{$ArticaHotSpotSMTP["SKIN_FONT_SIZE"]};padding:8px'>{$ArticaHotSpotSMTP["SKIN_TEXT_LOGON"]}</p>";
    }
    $f[] = "\t\t\t\t</div>";
    $f[] = "\t\t";
    $f[] = "\t\t\t</form>\t";
    $f[] = "</div>\n\t<script>\n\t\tfunction SendLogon{$t}(e){\n\t\t\tif(!checkEnter(e)){return;}\n\t\t\tdocument.forms['wifidogform'].submit();\n\t\t}\n\t</script>\n\t\n";
    $text_form = @implode("\n", $f);
    echo BuildFullPage($text_form, $error);
}
Beispiel #19
0
    ?>
</td>
                    <td>
                        <?php 
    if ($deletable) {
        ?>
                            <form action="updateprocess.php" method="post" onsubmit="return confirm('<?php 
        echo $lang['invite']['delete_confirm'];
        ?>
')">
                                <input type="hidden" name="id" value="<?php 
        echo $rows['id'];
        ?>
"/>
                                <input type='hidden' name='user_guess' value="<?php 
        echo generateToken('bdelete_invitee');
        ?>
"/>
                                <input type="hidden" name="bdelete_invitee" value="bdelete_invitee"/>
                                <input type="submit" value="<?php 
        echo $lang['invite']['delete'];
        ?>
"/>
                            </form>
                        <?php 
    }
    ?>
                    </td>
				</tr>
	<?php 
}
Beispiel #20
0
}
if (isset($_SESSION['not_athorized'])) {
    ?>
<div style="color:red">You are not authorized to do this.</div>
<?php 
    unset($_SESSION['not_athorized']);
}
?>
	<form method="post" action="process.php">
	<table class='detail'>
	<tr>
		<td>Enter payment id</td>
		<td>
			<input type='text' name='payment_id'/>
			<input type="hidden" name="remove_payment">
			<input type="hidden" name="user_guess" value="<?php 
echo generateToken('remove_payment');
?>
"/>
		</td>
	</tr>
	<tr>
		<td></td>
		<td>
			<input type="submit" class='btn' value='Remove'>
		</td>
	</tr>
	</table>
		
	</form>
</div>
Beispiel #21
0
' />
							</form>
						</td>
						<td>
							<form method='post' action='updateprocess.php'>
								<input type='hidden' name='uid' value='<?php 
        echo $uid;
        ?>
' />
								<input type='hidden' name='active' value='<?php 
        echo $active;
        ?>
' />
								<input type='hidden' name='translatorhidden' id='translatorhidden' />
								<input type="hidden" name="user_guess" value="<?php 
        echo generateToken('translatorhidden');
        ?>
"/>
						<?php 
        if ($active == 1) {
            ?>
									<span style='display:none'>1</span><input type='image' alt='Active' title='Deactivate Translator' src='images/layout/icons/tick.png'/>

						<?php 
        }
        ?>
						<?php 
        if ($active == 0) {
            ?>
									<span style='display:none'>0</span><input type='image' alt='Deactive' title='Activate Translator' src='images/layout/icons/x.png'/>
						<?php 
Beispiel #22
0
						<tr>
							<td >
								<?php 
$bassignedstatus = $database->getAssignedStatus($userid);
?>
								<input type="hidden" name="bassignedstatus" id="bassignedstatus" value='<?php 
echo $bassignedstatus;
?>
' />	
								<input type="hidden" name="borrowerid" value='<?php 
echo $userid;
?>
' />
								<input type="hidden" name="verify_borrower" />
								<input type="hidden" name="user_guess" value="<?php 
echo generateToken('verify_borrower');
?>
"/>
								<input type="hidden" name="verify_borrower" />
								<input type="hidden" name="complete_later" value="<?php 
echo $complete_later;
?>
">
								<input type='submit' class='btn' name='submit_bverification' onclick="needToConfirm = false;" value='<?php 
echo $lang['brwrlist-i']['comlete_later'];
?>
'>
							</td>
							<td>
								<input type='submit' class='btn' name='submit_bverification' onclick="needToConfirm = false;" value='<?php 
echo $lang['brwrlist-i']['submit_report'];
Beispiel #23
0
        ?>
						<div class="clearfix">
							<a href="javascript:void(0)" onClick='fillAmount();'><strong style="color:#3999D8;">Complete <?php 
        echo $brw['FirstName'];
        ?>
’s Loan (USD <?php 
        echo number_format($stilneed, 2, '.', '');
        ?>
)</strong></a>
						</div>
						<?php 
    }
    ?>
						<input type="hidden" id="lenderbid" name="lenderbid" value="" />
						<input type="hidden" name="user_guess" value="<?php 
    echo generateToken('lenderbid');
    ?>
"/>
						<input type="hidden" id="bidid" name="bidid" value="<?php 
    echo $form->value('bidid');
    ?>
" />
						<input type="hidden" id="borrowerid" name="bid" value="<?php 
    echo $ud;
    ?>
" />
						<input type="hidden" name="lid" value="<?php 
    echo $loanid;
    ?>
" />
						<?php 
Beispiel #24
0
			<td><input type="text" name="cpassword" id="cpassword" size="24" value="<?php 
    echo $form->value("cpassword");
    ?>
"></td>
			<td><?php 
    echo $form->error("cpassword");
    ?>
</td>
		</tr>
		<tr>
			<td></td>
			<td><br/>
				<input class='btn' type="Submit" value="Change Password">
				<input type="hidden" name="changePassword">
				<input type="hidden" name="user_guess" value="<?php 
    echo generateToken('changePassword');
    ?>
"/>
			</td>
		</tr>
	</table>
</form>
<?php 
} else {
    echo "<div>";
    echo $lang['admin']['allow'];
    echo "<br />";
    echo $lang['admin']['Please'];
    echo "<a href='index.php'>click here</a>" . $lang['admin']['for_more'] . "<br />";
    echo "</div>";
}
Beispiel #25
0
						<?php 
                                        foreach ($endorse_details as $endorse_detail) {
                                            if ($endorse_detail['endorserid'] == '') {
                                                $id = $endorse_detail['id'];
                                                ?>
										<form name='resendendorsermail' id="resendendorsermail<?php 
                                                echo $id;
                                                ?>
" method="post" action="updateprocess.php">
										<input type="hidden" name="resendendorsermail"/>
										<input type="hidden" name="id" value="<?php 
                                                echo $id;
                                                ?>
"/>
										<input type="hidden" name="user_guess" value="<?php 
                                                echo generateToken('resendendorsermail');
                                                ?>
"/>
					<?php 
                                                $recived = "Endorsement Not Received&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a\n\t\t\t\t\t\t\t\t\thref='javascript:void()' onclick='resendEndorsermail({$id});'>Resend Email</a>";
                                                ?>
										</form>
					<?php 
                                            } else {
                                                $recived = 'Endorsement Received';
                                            }
                                            ?>
					
										<tr><td><?php 
                                            echo $endorse_detail['ename'];
                                            ?>
Beispiel #26
0
    if ($v == 1) {
        $date1 = $_SESSION['value_array']['date1'];
        $date2 = $_SESSION['value_array']['date2'];
    } else {
        $date1 = $form->value("date1");
        $date2 = $form->value("date2");
    }
    ?>
		<input name="date1" id="date1" type="hidden" value='01/01/2009'/>To Date:
		<input  name="date2" id="date2"type="text"value='<?php 
    echo $date2;
    ?>
'/>
		<input type="hidden" size="3" name="portfolioreport" id="portfolioreport">
		<input type="hidden" name="user_guess" value="<?php 
    echo generateToken('portfolioreport');
    ?>
"/>
		<input class='btn' type='submit' name='report' value='Report' /><br/>
		<?php 
    echo $form->error("fromdate");
    ?>
		<?php 
    echo $form->error("todate");
    ?>
<br/>
		<?php 
    echo $form->error("wrongdate1");
    ?>
		<?php 
    echo $form->error("wrongdate2");
/**
 * Returns:
 * 0: Password correct
 * 1: No password entered
 * 2: Password incorrect
 * @param unknown_type $password
 */
function login($password)
{
    $filePath = $_SERVER['DOCUMENT_ROOT'] . '/' . 'FileViewer/config.ini';
    $content = parse_ini_file($filePath);
    if (!isset($password) || '' == $password) {
        echo '1';
    } else {
        if (md5($password) == $content['password']) {
            $token = generateToken();
            setcookie('token', $token);
            setToken($token);
            echo '0';
        } else {
            echo '2';
        }
    }
}
         echo "specify a (unique) consumerKey value, for example the name of the consumer\n";
         exit(1);
     }
     $stmt = $dbh->prepare('INSERT INTO storageConsumers (consumerKey, consumerSecret) VALUES(:key, :secret)');
     $stmt->bindValue(':key', $argv[2]);
     if ($argc > 3) {
         /* secret specified */
         if (file_exists($argv[3]) && is_file($argv[3]) && is_readable($argv[3])) {
             /* assume certificate instead of secret specified */
             $secret = file_get_contents($argv[3]);
         } else {
             $secret = $argv[3];
         }
     } else {
         /* generate us a new secret */
         $secret = generateToken();
     }
     $stmt->bindValue(':secret', $secret);
     $stmt->execute();
     echo "ADDED consumer '" . $argv[2] . "'\n";
     break;
 case "del":
     if ($argc != 3) {
         echo "specify a the consumerKey value which you want to delete (see list)\n";
         exit(1);
     }
     $stmt = $dbh->prepare('DELETE FROM storageConsumers WHERE consumerKey = :key');
     $stmt->bindValue(':key', $argv[2]);
     $stmt->execute();
     echo "DELETED consumer '" . $argv[2] . "'\n";
     break;
Beispiel #29
0
        $hash = substr($str, 0, 32);
        $str = substr($str, 32);
        if (md5($privateKey . $str) === $hash) {
            $options = unserialize($str);
            $publicKey = $options['publicKey'];
            $tokenLength = $options['tokenLength'];
            $caseSensitive = $options['caseSensitive'];
            $alphabet = $options['alphabet'];
            $fontSize = $options['fontSize'];
            $theme = $options['theme'];
            if (($randomSeed = $options['randomSeed']) > 0) {
                srand($randomSeed);
            } else {
                srand((int) (microtime() * 1000000));
            }
            $token = generateToken($publicKey, $privateKey, $alphabet, $tokenLength, $caseSensitive);
        }
    }
}
displayToken($token, $fontSize, $theme);
function generateToken($publicKey, $privateKey, $alphabet, $tokenLength, $caseSensitive)
{
    $token = substr(hash2string(md5($publicKey . $privateKey), $alphabet) . hash2string(md5($privateKey . $publicKey), $alphabet), 0, $tokenLength);
    return $caseSensitive ? $token : strtoupper($token);
}
function hash2string($hex, $alphabet)
{
    if (strlen($alphabet) < 2) {
        $alphabet = '234578adefhijmnrtABDEFGHJLMNRT';
    }
    $hexLength = strlen($hex);
Beispiel #30
0
<?php

if ($session->userlevel != LENDER_LEVEL) {
    if ($session->userlevel == GUEST_LEVEL) {
        return $smarty->display('lender_invite_guest.tpl');
    }
    header("Location: " . SITE_URL);
    exit;
}
$invite_url = SITE_URL . 'i/' . $session->username;
$twitterParams = array("url" => $invite_url . "?s=2", "text" => "Use this link to receive \$25 in free Zidisha microlending credit! @ZidishaInc");
$twitter_url = "http://twitter.com/share?" . http_build_query($twitterParams);
$relative_invite_url = str_replace("https://www.", "", $invite_url);
$facebook_url = "http://www.facebook.com/sharer.php?s=100&p[url]=" . urlencode($relative_invite_url . "?s=3");
$invites = $database->getLenderInvites($session->userid);
$count_invites = count($invites);
$count_joined_invites = 0;
foreach ($invites as $i => $invite) {
    if ($invite['invitee_id']) {
        $invitee = $database->getLenderDetails($invite['invitee_id']);
        $invitee['profile_url'] = SITE_URL . 'microfinance/profile/' . $invitee['username'] . '.html';
        $invitee['profile_image'] = $database->getProfileImage($invitee['userid']);
        $count_joined_invites += 1;
    } else {
        $invitee = null;
    }
    $invites[$i]['invitee'] = $invitee;
}
$user_guess = generateToken('lender_invite');
$smarty->assign(compact('invite_url', 'facebook_url', 'twitter_url', 'invites', 'count_invites', 'count_joined_invites', 'user_guess'));
$smarty->display('lender_invite.tpl');