function getUploadToken()
{
requireRequestMethod("POST");
/* FIXME: token should expire, based on server request? */
/* FIXME: what if upload size is not known in time? transcode web service for example... */
$absPath = $this->validatePath(getRequest('relativePath', TRUE), FTS_PARENT);
/* make sure the uploaded file name is unique */
$absPath = $this->getUniqueName($absPath);
/* verify fileSize
*
* NOTE: fileSize *is* required, but 0 is a valid file size, but also
* seen as "empty" by PHP, so we work around it like this...
*/
$fileSize = (int) getRequest('fileSize', FALSE, 0);
if ($fileSize < 0) {
throw new Exception("invalid filesize");
}
$token = generateToken();
try {
$stmt = $this->dbh->prepare("INSERT INTO uploadTokens (token, filePath, fileSize) VALUES (:token, :filePath, :fileSize)");
$stmt->bindParam(':token', $token);
$stmt->bindParam(':filePath', $absPath);
$stmt->bindParam(':fileSize', $fileSize);
$stmt->execute();
$uploadLocation = getProtocol() . getServerName() . $_SERVER['PHP_SELF'] . "?action=uploadFile&token={$token}";
return array("uploadLocation" => $uploadLocation, "absPath" => $absPath);
} catch (Exception $e) {
throw new Exception("database query failed");
}
}
function DoQuery($n, $c, $p1, $p2, $p3, $p4, $p5) {
$str = "{\"result\":1}";
date_default_timezone_set("Asia/Hong_Kong");
$t_str = date("YmdHis");
$commit_date = date("Y-m-d H:i:s");
$pname = generateToken().".${t_str}.";
$path1 = "./files/${pname}1";
$path2 = "./files/${pname}2";
$path3 = "./files/${pname}3";
$path4 = "./files/${pname}4";
$path5 = "./files/${pname}5";
$dbp1 = "";
$dbp2 = "";
$dbp3 = "";
$dbp4 = "";
$dbp5 = "";
if (isset($p1)) { move_uploaded_file($p1["tmp_name"], $path1); $dbp1 = "${pname}1"; }
if (isset($p2)) { move_uploaded_file($p2["tmp_name"], $path2); $dbp2 = "${pname}2"; }
if (isset($p3)) { move_uploaded_file($p3["tmp_name"], $path3); $dbp3 = "${pname}3"; }
if (isset($p4)) { move_uploaded_file($p4["tmp_name"], $path4); $dbp4 = "${pname}4"; }
if (isset($p5)) { move_uploaded_file($p5["tmp_name"], $path5); $dbp5 = "${pname}5"; }
$db = openConnection();
$stmt = $db->prepare("insert into feedback(nickname, comment, photo1, photo2, photo3, photo4, photo5, commit_date) values (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssssss", $n, $c, $dbp1, $dbp2, $dbp3, $dbp4, $dbp5, $commit_date);
$stmt->execute();
$rows = intval($stmt->affected_rows);
$stmt->close();
closeConnection($db);
if ($rows != 0) {
$str = "{\"result\":0}";
}
return $str;
}
function checkToken()
{
/*****************************************************************************************
* Check the posted token for correctness
******************************************************************************************/
$oldToken = "";
$testToken = "";
$tokenStr = "";
$page = basename($_SERVER['PHP_SELF']);
$oldToken = $_POST["token"];
$tokenStr = "IP:" . $_SESSION["ip"] . ",SESSIONID:" . session_id() . ",GUID:" . $_SESSION["guid"];
$testToken = sha1($tokenStr . $_SESSION["salt"] . $_SESSION["salt"]);
$checkToken = False;
if ($oldToken === $testToken) {
$diff = time() - $_SESSION["time"];
if ($diff <= 300) {
// Five minutes max
if ($_SESSION["usecookie"]) {
if ($_COOKIE["token"] === $oldToken) {
/*****************************************************************************************
* Destroy the old form token, then
* generate a new token for the form, which may or may not be needed. We want to do this
* before headers are written. When writeToken() or writeTokenH() is called we are only
* writing the pre-generated token to the form. The cookie will have already been written.
******************************************************************************************/
setcookie("token", '', time() - 42000);
generateToken();
return true;
} else {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000);
}
session_destroy();
header("Location: http://" . lg_domain . lg_form_error . "?p=" . $page . "&t=ec");
}
} else {
return True;
}
} else {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000);
}
session_destroy();
header("Location: http://" . lg_domain . lg_form_error . "?p=" . $page . "&t=et");
}
} else {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000);
}
session_destroy();
header("Location: http://" . lg_domain . lg_form_error . "?p=" . $page . "&t=e");
}
}
/**
* A function that generates a hash that is not already
* in use. Adds letters to username and password until
* something unique is created.
*/
function generateToken($pdo, $username, $password)
{
$hash = hash('ripemd160', $username . $password);
$sql = "SELECT COUNT(*) FROM calendars WHERE token = :hash";
$result = $pdo->prepare($sql);
$result->execute(array('hash' => $hash));
if ($result->fetchColumn() > 0) {
return generateToken($pdo, $username . 'a', $password . 'b');
}
return $hash;
}
public function run()
{
parent::run();
$this->getInputJson();
$userId = login($this->input['username'], $this->input['password']);
if (!$userId) {
throw new \Exception("Invalid username or password.");
}
$token = generateToken($userId);
$this->return['token'] = $token;
}
function sendTokenChange($email, $username, $old_email)
{
require_once MODELES . 'membres/token.php';
if ($token = generateToken($email, $username, $old_email)) {
$tokenlink = 'http://' . $_SERVER['HTTP_HOST'] . getLink(['membres', 'confirm', $token]);
} else {
return False;
}
if (mail($email, 'Confirmer votre nouvelle adresse e-mail', "Bonjour !\n" . "Merci de cliquer sur le lien ci-dessous pour confirmer votre nouvelle adresse e-mail :\n" . $tokenlink . "\n" . "Si le lien ne fonctionne pas, copiez-collez l'adresse dans votre navigateur.\n\n" . "Merci et à bientôt !\n" . "-- L'équipe EventEase", 'From: no-reply@eventease.com')) {
return True;
} else {
return False;
}
}
public function firstUse($stunum)
{
$url = 'http://hongyan.cqupt.edu.cn/RedCenter/Api/Handle/index';
// $tmpArr = array('cyxbs',"$stunum",'firstUse');
// sort($tmpArr, SORT_STRING);
// $t = md5( sha1( implode( $tmpArr, '|' ) ) );
$token = generateToken('cyxbs', $stunum, 'firstUse');
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, "type=firstUse&stu={$stunum}&id=cyxbs&token=" . $token);
curl_exec($ch);
//$output = json_decode(curl_exec($ch),TRUE);
}
function post_login($data)
{
if ($_SESSION["login_id"] != null) {
$response["success"] = "true";
$response["code"] = "1";
$response["message"] = "você esta logado";
return json_encode($response);
#throw new Exception("você esta logado");
} else {
if (empty($data->username) or empty($data->password)) {
throw new Exception("Login ou senha precisam ser preenchidos");
}
#verifica usario no banco
$db_user = User::find('all', array('conditions' => array('username = ? AND password = ? ', $data->username, hashpassword($data->password))));
#->to_json() $data->id
#fim
if ($db_user != null) {
//array push result
$result = array();
foreach ($db_user as $data) {
//update ip e login
$sql = User::find($data->id);
$sql->update_attributes(array('last_ip' => $_SERVER['REMOTE_ADDR'], 'last_login' => date("Y-m-d H:i:s")));
$sql->save();
array_push($result, $data->to_array());
//using to_array instead of to_json
}
$token = generateToken($db_user);
#fazer o login so add apikey e session
$this->doLogin($db_user);
unset($result->password);
unset($result->password_salt);
unset($result->last_ip);
$response["success"] = "true";
$response["code"] = "1";
$response["message"] = "Sucesso - Bem vindo ";
//para enviar dados atuais
$newresult = $this->getPerfile();
$response["result"] = $newresult;
return json_encode($response);
} else {
throw new Exception("Erro ao efetuar login. Usuário/Senha incorretos");
}
return false;
}
}
function register($conn)
{
$username = $_POST['username'];
$password = sha1($_POST['password']);
$email = $_POST['email'];
$token = generateToken();
$sql = 'INSERT INTO users (username, password, email, token) VALUES (?, ?, ?, ?)';
$stmt = $conn->prepare($sql);
try {
if ($stmt->execute(array($username, $password, $email, $token))) {
setcookie('token', $token, 0, "/");
echo 'Account Registered';
}
} catch (PDOException $e) {
echo $e->getMessage();
//echo 'Username or Email Already Registered';
}
}
function register($conn)
{
$password = sha1($_POST['password']);
$email = $_POST['email'];
$token = generateToken();
$sql = 'INSERT INTO users (password, email, token) VALUES (?, ?, ?)';
$stmt = $conn->prepare($sql);
try {
if ($stmt->execute(array($password, $email, $token))) {
setcookie('token', $token, 0, "/");
$sql = 'INSERT INTO orders (users_id, status) (SELECT u.id, "new" FROM users u WHERE u.token = ?)';
$stmt1 = $conn->prepare($sql);
if ($stmt1->execute(array($token))) {
echo 'Account Registered';
}
}
} catch (PDOException $e) {
echo $e->getMessage();
}
}
public function create($options = array())
{
if (!isValid($options['email'], 'email')) {
return formatErrors(604);
}
if (!isValid($options['password'], 'password')) {
return formatErrors(602);
}
// Make sure email does not exist already
$total = $this->count("email = '" . $options['email'] . "'");
if ($total > 0) {
return formatErrors(603);
}
// If you made it this far, we need to add the record to the DB
$options['password'] = generateHash($options['password']);
$options['created_on'] = date("Y-m-d H:i:s");
// Create user token
do {
$options['user_token'] = generateToken(30) . md5(time());
$total = $this->count("user_token = '" . $options['user_token'] . "'");
// If by some freak chance there is a collision
// Report it
if ($total > 0) {
log_message('debug', 'User token collision detected on key of `' . $options['user_token'] . '`');
}
} while ($total > 0);
// Add record
$q = $this->db->insert_string('users', $options);
$res = $this->db->query($q);
// Check for errors
$this->sendException();
if ($res === true) {
$user_id = $this->db->insert_id();
return $this->read($user_id);
} else {
return formatErrors(500);
}
}
function login($conn)
{
setcookie('token', "", 0, "/");
$username = $_POST['username'];
$password = sha1($_POST['password']);
$sql = 'SELECT * FROM users WHERE username = ? AND password = ?';
$stmt = $conn->prepare($sql);
if ($stmt->execute(array($username, $password))) {
$valid = false;
while ($row = $stmt->fetch()) {
$valid = true;
$token = generateToken();
$sql = 'UPDATE users SET token = ? WHERE username = ?';
$stmt1 = $conn->prepare($sql);
if ($stmt1->execute(array($token, $username))) {
echo 'Login Successful';
}
}
if (!$valid) {
echo 'Username or Password Incorrect';
}
}
}
function register($conn)
{
$password = sha1($_POST['password']);
$email = $_POST['email'];
$name_first = $_POST['name_first'];
$name_last = $_POST['name_last'];
$address = $_POST['address'];
$realtor = $_POST['realtor'];
$token = generateToken();
$sql = 'INSERT INTO users (password, email, name_first, name_last, address, realtor, token) VALUES (?, ?, ?, ?, ?, ?, ?)';
$stmt = $conn->prepare($sql);
try {
if ($stmt->execute(array($password, $email, $name_first, $name_last, $address, $realtor, $token))) {
setcookie('token', $token, 0, "/");
$sql = 'INSERT INTO orders (users_id, status) (SELECT u.id, "new" FROM users u WHERE u.token = ?)';
$stmt1 = $conn->prepare($sql);
if ($stmt1->execute(array($token))) {
echo 'Account Registered';
}
}
} catch (PDOException $e) {
echo 'Email already registered.';
}
}
function generateHash($str)
{
$salt = generateToken(50);
if (CRYPT_SHA512 == 1) {
return crypt($str, '$6$rounds=5000$' . $salt . '$');
}
if (CRYPT_SHA256 == 1) {
return crypt($str, '$5$rounds=5000$' . $salt . '$');
}
if (CRYPT_BLOWFISH == 1) {
return crypt($str, '$2a$07$' . $salt . '$');
}
if (CRYPT_MD5 == 1) {
return crypt($str, '$1$' . $salt . '$');
}
if (CRYPT_EXT_DES == 1) {
return crypt($str, '_J9' . $salt);
}
if (CRYPT_STD_DES == 1) {
return crypt($str, $salt);
}
return false;
// Throw exception once everything is hooked up
}
?>
<!-- Test, Bild -->
<img class="img-responsive" src="coverphoto.jpg" alt="Coverphoto">
<!-- Visa produkter -->
<?php
$con = connect();
// to prevent undefined index notice
$action = isset($_GET['action']) ? $_GET['action'] : "";
$product_id = isset($_GET['product_id']) ? $_GET['product_id'] : "1";
$productName = isset($_GET['productName']) ? $_GET['productName'] : "";
$token = generateToken();
if ($action == 'added') {
echo "<div class='alert alert-info'>";
echo "<strong>{$productName}</strong> tillagt i varukorgen!";
echo "</div>";
}
if ($action == 'exists') {
echo "<div class='alert alert-info'>";
echo "<strong>{$productName}</strong> finns redan i varukorgen!";
echo "</div>";
}
$query = "SELECT id, productName, price FROM Products ORDER BY productName";
$stmt = $con->prepare($query);
$stmt->execute();
$num = $stmt->rowCount();
if ($num > 0) {
<tbody>
<?php
$i = 1;
foreach ($set as $row) {
//Country Repayment Instructions
if (!isset($row['name'])) {
$row['name'] = 'All Active Countries';
}
$country = $row['name'];
$description = nl2br($row['description']);
$id = $row['id'];
$editurl = SITE_URL . "index.php?p=11&a=13&ac=edit&id=" . $id;
$delurl = SITE_URL . "index.php?p=11&a=13&ac=del&id=" . $id;
echo "<form enctype='multipart/form-data' method='post' action='updateprocess.php' id='del_repayment_instruction{$id}'>";
echo "<input type='hidden' name='ac' value='del'>";
echo "<input type='hidden' name='del-repayment_instruction'>";
echo "<input type='hidden' name='user_guess' value='" . generateToken('del-repayment_instruction') . "'>";
echo "<input type='hidden' name='id' value='{$id}'></form>";
echo "<tr align='center'>";
echo "<td>{$i}</td><td>{$country}</a></td><td>{$description}</td>";
echo "<td>\n\t\t\t\t\t\t\t<a href='{$editurl}'>\n\t\t\t\t\t\t\t\t<img alt='Edit' title='Edit' src='images/layout/icons/edit.png'/>\n\t\t\t\t\t\t\t</a> \n\t\t\t\t\t\t\t<a href='javascript:void(0)' onClick='javascript:myDelete(\"{$id}\")'>\n\t\t\t\t\t\t\t\t<img alt='Delete' title='Delete' src='images/layout/icons/x.png'/>\n\t\t\t\t\t\t\t</a>\n\t\t\t\t\t\t</td>";
echo "</tr>";
$i++;
}
?>
</tbody>
</table>
<?php
}
}
}
</div>
</td>
</tr>
<tr>
<td> </td>
<td style="padding-top:10px;">
<div>
<div class="left">
<div class="left"><input name="sendme" type="checkbox" /></div>
<div class="right" style="font-family:Arial;margin-top:3px;">Send me a copy</div>
<div class="clear"></div>
</div>
<div class="right" style="margin-right:5px;">
<input type="hidden" id="sendJoinEmail" name="sendJoinEmail" />
<input type="hidden" name="user_guess" value="<?php
echo generateToken('sendJoinEmail');
?>
"/>
<input type="hidden" name="formbidpos" value="<?php
echo $showShareBox;
?>
" />
<input type="hidden" name="email_sub" value="<?php
echo $share_msg;
?>
" />
<?php
unset($_SESSION['shareEmailValidate']);
?>
<input type="image" src="images/layout/popup/send_button.png" name="Send"/>
</div>
function wifidog_login($error = null)
{
$sock = new sockets();
session_start();
$ipClass = new IP();
$tpl = new templates();
$USE_TERMS_ACCEPTED = false;
header('Content-Type: text/html; charset=iso-8859-1');
$gateway_addr = $_REQUEST["gw_address"];
$gw_port = $_REQUEST["gw_port"];
$gw_id = $_REQUEST["gw_id"];
$ARP = $_REQUEST["mac"];
$url = $_REQUEST["url"];
if (isset($_POST["wifidog-terms"])) {
$_SESSION["USE_TERMS_ACCEPTED"] = true;
$USE_TERMS_ACCEPTED = true;
}
if (isset($_SESSION["USE_TERMS_ACCEPTED"])) {
$USE_TERMS_ACCEPTED = true;
}
if (!$ipClass->IsvalidMAC($ARP)) {
$text_form = $tpl->_ENGINE_parse_body(FATAL_ERROR_SHOW_128("{hostspot_network_incompatible}"));
}
if (!isset($_REQUEST["token"])) {
$_REQUEST["token"] = generateToken($ARP);
}
$wifidog_build_uri = wifidog_build_uri();
$uriext = $wifidog_build_uri[0];
$HiddenFields = $wifidog_build_uri[1];
$ArticaHotSpotSMTP = SMTP_SETTINGS();
if ($ArticaHotSpotSMTP["USE_TERMS"] == 1) {
if (!$USE_TERMS_ACCEPTED) {
return wifidog_terms();
}
}
$fontsize = $ArticaHotSpotSMTP["SKIN_FONT_SIZE"];
$ArticaSplashHotSpotTitle = $sock->GET_INFO("ArticaSplashHotSpotTitle");
if ($ArticaSplashHotSpotTitle == null) {
$ArticaSplashHotSpotTitle = "HotSpot system";
}
$tpl = new templates();
$username = $tpl->_ENGINE_parse_body("{username}");
$password = $tpl->_ENGINE_parse_body("{password}");
$please_sign_in = $tpl->_ENGINE_parse_body("{please_sign_in}");
$page = CurrentPageName();
$ArticaSplashHotSpotTitle = $sock->GET_INFO("ArticaSplashHotSpotTitle");
if ($ArticaSplashHotSpotTitle == null) {
$ArticaSplashHotSpotTitle = "HotSpot system";
}
$lost_password_text = $tpl->_ENGINE_parse_body("{lost_password}");
if (!isset($ArticaHotSpotSMTP["ENABLED_AUTO_LOGIN"])) {
$ArticaHotSpotSMTP["ENABLED_AUTO_LOGIN"] = 0;
}
if (!isset($ArticaHotSpotSMTP["ENABLED_SMTP"])) {
$ArticaHotSpotSMTP["ENABLED_SMTP"] = 0;
}
$t = time();
unset($_SESSION["HOTSPOT_AUTO_RECOVER"]);
$_SESSION["HOTSPOT_REDIRECT_URL"] = $url;
$url_encoded = urlencode($url);
$Connexion = $tpl->_ENGINE_parse_body("{connection}");
$page = CurrentPageName();
$f[] = "";
$f[] = " <div id='content'>";
$f[] = " ";
$f[] = "\t\t\t<form id='wifidogform' action=\"{$page}\" method=\"post\">";
$f[] = "{$HiddenFields}";
$f[] = "\t\t\t\t<div class=\"f\">";
$f[] = "\t\t\t\t\t<div class=\"field\">";
$f[] = "\t\t\t\t\t\t<label for=\"username\" style='font-size:{$ArticaHotSpotSMTP["SKIN_LABEL_FONT_SIZE"]}'>{$username}:</label> <input type=\"text\" \n\t\tname=\"username\" \n\t\tid=\"username\"\n\t\tvalue=\"{$_REQUEST["username"]}\" \n\t\tonfocus=\"this.setAttribute('class','active');RemoveLogonCSS();\" \n\t\tonblur=\"this.removeAttribute('class');\" \n\t\tOnKeyPress=\"javascript:SendLogon{$t}(event)\">";
$f[] = "\t\t";
$f[] = "</div>";
$f[] = "\t<div class=\"field\">";
$f[] = "\t\t<label for=\"password\" style='font-size:{$ArticaHotSpotSMTP["SKIN_LABEL_FONT_SIZE"]}'>{$password}:</label> <input type=\"password\" name=\"password\" \n\t\t\t\tvalue=\"{$_REQUEST["password"]}\"\n\t\t\t\tid=\"password\" onfocus=\"this.setAttribute('class','active');RemoveLogonCSS();\" \n\t\t\t\tonblur=\"this.removeAttribute('class');\" OnKeyPress=\"javascript:SendLogon{$t}(event)\">";
if ($ArticaHotSpotSMTP["ENABLED_SMTP"] == 1) {
$f[] = "<div style='text-align:right'><a href=\"{$page}?wifidog-recover=yes&email={$_REQUEST["username"]}&{$uriext}\">{$lost_password_text}</a></div>";
}
$f[] = "\t\t\t\t\t</div>";
$f[] = "\t\t\t\t\t<div class=\"field button\">";
if ($ArticaHotSpotSMTP["ENABLED_AUTO_LOGIN"] == 1) {
$register = $tpl->_ENGINE_parse_body("{register}");
$f[] = "\t\t\t\t\t\t<a data-loading-text=\"Chargement...\"\n\t\tstyle=\"font-size:{$fontsize};text-transform:capitalize\"\n\t\tclass=\"Button2014 Button2014-success Button2014-lg\"\n\t\tid=\"fb92ae5e1f7bbea3b5044cbcdd40f088\"\n\t\thref=\"{$page}?wifidog-register=yes&{$uriext}\">« {$register} »</a>";
}
$f[] = "<a data-loading-text=\"Chargement...\" \n\t\t\tstyle=\"font-size:{$fontsize};text-transform:capitalize\" \n\t\t\tclass=\"Button2014 Button2014-success Button2014-lg\" \n\t\t\tid=\"fb92ae5e1f7bbea3b5044cbcdd40f088\" \n\t\t\tonclick=\"javascript:document.forms['wifidogform'].submit();\" \n\t\t\thref=\"javascript:Blurz()\">« {$Connexion} »</a>";
$f[] = "\t\t\t\t\t</div>";
if ($ArticaHotSpotSMTP["SKIN_TEXT_LOGON"] != null) {
$f[] = "<p style='font-size:{$ArticaHotSpotSMTP["SKIN_FONT_SIZE"]};padding:8px'>{$ArticaHotSpotSMTP["SKIN_TEXT_LOGON"]}</p>";
}
$f[] = "\t\t\t\t</div>";
$f[] = "\t\t";
$f[] = "\t\t\t</form>\t";
$f[] = "</div>\n\t<script>\n\t\tfunction SendLogon{$t}(e){\n\t\t\tif(!checkEnter(e)){return;}\n\t\t\tdocument.forms['wifidogform'].submit();\n\t\t}\n\t</script>\n\t\n";
$text_form = @implode("\n", $f);
echo BuildFullPage($text_form, $error);
}
?>
</td>
<td>
<?php
if ($deletable) {
?>
<form action="updateprocess.php" method="post" onsubmit="return confirm('<?php
echo $lang['invite']['delete_confirm'];
?>
')">
<input type="hidden" name="id" value="<?php
echo $rows['id'];
?>
"/>
<input type='hidden' name='user_guess' value="<?php
echo generateToken('bdelete_invitee');
?>
"/>
<input type="hidden" name="bdelete_invitee" value="bdelete_invitee"/>
<input type="submit" value="<?php
echo $lang['invite']['delete'];
?>
"/>
</form>
<?php
}
?>
</td>
</tr>
<?php
}
}
if (isset($_SESSION['not_athorized'])) {
?>
<div style="color:red">You are not authorized to do this.</div>
<?php
unset($_SESSION['not_athorized']);
}
?>
<form method="post" action="process.php">
<table class='detail'>
<tr>
<td>Enter payment id</td>
<td>
<input type='text' name='payment_id'/>
<input type="hidden" name="remove_payment">
<input type="hidden" name="user_guess" value="<?php
echo generateToken('remove_payment');
?>
"/>
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" class='btn' value='Remove'>
</td>
</tr>
</table>
</form>
</div>
' />
</form>
</td>
<td>
<form method='post' action='updateprocess.php'>
<input type='hidden' name='uid' value='<?php
echo $uid;
?>
' />
<input type='hidden' name='active' value='<?php
echo $active;
?>
' />
<input type='hidden' name='translatorhidden' id='translatorhidden' />
<input type="hidden" name="user_guess" value="<?php
echo generateToken('translatorhidden');
?>
"/>
<?php
if ($active == 1) {
?>
<span style='display:none'>1</span><input type='image' alt='Active' title='Deactivate Translator' src='images/layout/icons/tick.png'/>
<?php
}
?>
<?php
if ($active == 0) {
?>
<span style='display:none'>0</span><input type='image' alt='Deactive' title='Activate Translator' src='images/layout/icons/x.png'/>
<?php
<tr>
<td >
<?php
$bassignedstatus = $database->getAssignedStatus($userid);
?>
<input type="hidden" name="bassignedstatus" id="bassignedstatus" value='<?php
echo $bassignedstatus;
?>
' />
<input type="hidden" name="borrowerid" value='<?php
echo $userid;
?>
' />
<input type="hidden" name="verify_borrower" />
<input type="hidden" name="user_guess" value="<?php
echo generateToken('verify_borrower');
?>
"/>
<input type="hidden" name="verify_borrower" />
<input type="hidden" name="complete_later" value="<?php
echo $complete_later;
?>
">
<input type='submit' class='btn' name='submit_bverification' onclick="needToConfirm = false;" value='<?php
echo $lang['brwrlist-i']['comlete_later'];
?>
'>
</td>
<td>
<input type='submit' class='btn' name='submit_bverification' onclick="needToConfirm = false;" value='<?php
echo $lang['brwrlist-i']['submit_report'];
?>
<div class="clearfix">
<a href="javascript:void(0)" onClick='fillAmount();'><strong style="color:#3999D8;">Complete <?php
echo $brw['FirstName'];
?>
’s Loan (USD <?php
echo number_format($stilneed, 2, '.', '');
?>
)</strong></a>
</div>
<?php
}
?>
<input type="hidden" id="lenderbid" name="lenderbid" value="" />
<input type="hidden" name="user_guess" value="<?php
echo generateToken('lenderbid');
?>
"/>
<input type="hidden" id="bidid" name="bidid" value="<?php
echo $form->value('bidid');
?>
" />
<input type="hidden" id="borrowerid" name="bid" value="<?php
echo $ud;
?>
" />
<input type="hidden" name="lid" value="<?php
echo $loanid;
?>
" />
<?php
<td><input type="text" name="cpassword" id="cpassword" size="24" value="<?php
echo $form->value("cpassword");
?>
"></td>
<td><?php
echo $form->error("cpassword");
?>
</td>
</tr>
<tr>
<td></td>
<td><br/>
<input class='btn' type="Submit" value="Change Password">
<input type="hidden" name="changePassword">
<input type="hidden" name="user_guess" value="<?php
echo generateToken('changePassword');
?>
"/>
</td>
</tr>
</table>
</form>
<?php
} else {
echo "<div>";
echo $lang['admin']['allow'];
echo "<br />";
echo $lang['admin']['Please'];
echo "<a href='index.php'>click here</a>" . $lang['admin']['for_more'] . "<br />";
echo "</div>";
}
<?php
foreach ($endorse_details as $endorse_detail) {
if ($endorse_detail['endorserid'] == '') {
$id = $endorse_detail['id'];
?>
<form name='resendendorsermail' id="resendendorsermail<?php
echo $id;
?>
" method="post" action="updateprocess.php">
<input type="hidden" name="resendendorsermail"/>
<input type="hidden" name="id" value="<?php
echo $id;
?>
"/>
<input type="hidden" name="user_guess" value="<?php
echo generateToken('resendendorsermail');
?>
"/>
<?php
$recived = "Endorsement Not Received <a\n\t\t\t\t\t\t\t\t\thref='javascript:void()' onclick='resendEndorsermail({$id});'>Resend Email</a>";
?>
</form>
<?php
} else {
$recived = 'Endorsement Received';
}
?>
<tr><td><?php
echo $endorse_detail['ename'];
?>
if ($v == 1) {
$date1 = $_SESSION['value_array']['date1'];
$date2 = $_SESSION['value_array']['date2'];
} else {
$date1 = $form->value("date1");
$date2 = $form->value("date2");
}
?>
<input name="date1" id="date1" type="hidden" value='01/01/2009'/>To Date:
<input name="date2" id="date2"type="text"value='<?php
echo $date2;
?>
'/>
<input type="hidden" size="3" name="portfolioreport" id="portfolioreport">
<input type="hidden" name="user_guess" value="<?php
echo generateToken('portfolioreport');
?>
"/>
<input class='btn' type='submit' name='report' value='Report' /><br/>
<?php
echo $form->error("fromdate");
?>
<?php
echo $form->error("todate");
?>
<br/>
<?php
echo $form->error("wrongdate1");
?>
<?php
echo $form->error("wrongdate2");
/**
* Returns:
* 0: Password correct
* 1: No password entered
* 2: Password incorrect
* @param unknown_type $password
*/
function login($password)
{
$filePath = $_SERVER['DOCUMENT_ROOT'] . '/' . 'FileViewer/config.ini';
$content = parse_ini_file($filePath);
if (!isset($password) || '' == $password) {
echo '1';
} else {
if (md5($password) == $content['password']) {
$token = generateToken();
setcookie('token', $token);
setToken($token);
echo '0';
} else {
echo '2';
}
}
}
echo "specify a (unique) consumerKey value, for example the name of the consumer\n";
exit(1);
}
$stmt = $dbh->prepare('INSERT INTO storageConsumers (consumerKey, consumerSecret) VALUES(:key, :secret)');
$stmt->bindValue(':key', $argv[2]);
if ($argc > 3) {
/* secret specified */
if (file_exists($argv[3]) && is_file($argv[3]) && is_readable($argv[3])) {
/* assume certificate instead of secret specified */
$secret = file_get_contents($argv[3]);
} else {
$secret = $argv[3];
}
} else {
/* generate us a new secret */
$secret = generateToken();
}
$stmt->bindValue(':secret', $secret);
$stmt->execute();
echo "ADDED consumer '" . $argv[2] . "'\n";
break;
case "del":
if ($argc != 3) {
echo "specify a the consumerKey value which you want to delete (see list)\n";
exit(1);
}
$stmt = $dbh->prepare('DELETE FROM storageConsumers WHERE consumerKey = :key');
$stmt->bindValue(':key', $argv[2]);
$stmt->execute();
echo "DELETED consumer '" . $argv[2] . "'\n";
break;
$hash = substr($str, 0, 32);
$str = substr($str, 32);
if (md5($privateKey . $str) === $hash) {
$options = unserialize($str);
$publicKey = $options['publicKey'];
$tokenLength = $options['tokenLength'];
$caseSensitive = $options['caseSensitive'];
$alphabet = $options['alphabet'];
$fontSize = $options['fontSize'];
$theme = $options['theme'];
if (($randomSeed = $options['randomSeed']) > 0) {
srand($randomSeed);
} else {
srand((int) (microtime() * 1000000));
}
$token = generateToken($publicKey, $privateKey, $alphabet, $tokenLength, $caseSensitive);
}
}
}
displayToken($token, $fontSize, $theme);
function generateToken($publicKey, $privateKey, $alphabet, $tokenLength, $caseSensitive)
{
$token = substr(hash2string(md5($publicKey . $privateKey), $alphabet) . hash2string(md5($privateKey . $publicKey), $alphabet), 0, $tokenLength);
return $caseSensitive ? $token : strtoupper($token);
}
function hash2string($hex, $alphabet)
{
if (strlen($alphabet) < 2) {
$alphabet = '234578adefhijmnrtABDEFGHJLMNRT';
}
$hexLength = strlen($hex);
<?php
if ($session->userlevel != LENDER_LEVEL) {
if ($session->userlevel == GUEST_LEVEL) {
return $smarty->display('lender_invite_guest.tpl');
}
header("Location: " . SITE_URL);
exit;
}
$invite_url = SITE_URL . 'i/' . $session->username;
$twitterParams = array("url" => $invite_url . "?s=2", "text" => "Use this link to receive \$25 in free Zidisha microlending credit! @ZidishaInc");
$twitter_url = "http://twitter.com/share?" . http_build_query($twitterParams);
$relative_invite_url = str_replace("https://www.", "", $invite_url);
$facebook_url = "http://www.facebook.com/sharer.php?s=100&p[url]=" . urlencode($relative_invite_url . "?s=3");
$invites = $database->getLenderInvites($session->userid);
$count_invites = count($invites);
$count_joined_invites = 0;
foreach ($invites as $i => $invite) {
if ($invite['invitee_id']) {
$invitee = $database->getLenderDetails($invite['invitee_id']);
$invitee['profile_url'] = SITE_URL . 'microfinance/profile/' . $invitee['username'] . '.html';
$invitee['profile_image'] = $database->getProfileImage($invitee['userid']);
$count_joined_invites += 1;
} else {
$invitee = null;
}
$invites[$i]['invitee'] = $invitee;
}
$user_guess = generateToken('lender_invite');
$smarty->assign(compact('invite_url', 'facebook_url', 'twitter_url', 'invites', 'count_invites', 'count_joined_invites', 'user_guess'));
$smarty->display('lender_invite.tpl');