public function getcallback($token = false, $relid = false)
{
// Generate token if needed
if (empty($token)) {
$remote_token = $this->genstring('16');
} else {
$remote_token = $token;
}
if (!empty($relid)) {
$relid = '&id=' . $relid;
}
// Get callback page
$this_url = $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'];
$this_page = str_replace('ajax/ajax.php', '', $this_url);
$this_page = str_replace('api/api.php', '', $this_page);
$this_page .= '/includes/callback.php?token=' . $remote_token . $relid;
$this_page = preg_replace('/\\/+/', '/', $this_page);
// Remove extra slashes
// Get proper HTTP or HTTPS protocol
function isSecure()
{
return !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
}
if (isSecure()) {
$web_protocol = 'https';
} else {
$web_protocol = 'http';
}
$this_page = $web_protocol . '://' . $this_page;
$ret_arr = array();
$ret_arr['token'] = $remote_token;
$ret_arr['callback'] = $this_page;
return $ret_arr;
}
<?php
$ingredient_name = isSecure(@$_POST['ingredient_name']);
$amount = isSecure(@$_POST['amount']);
$stock = isSecure(@$_POST['stock']);
$min_stock = isSecure(@$_POST['min_stock']);
$entry_date = isSecure(@$_POST['entry_date']);
$expired = isSecure(@$_POST['expired']);
$entry = date('Y-m-d', strtotime(str_replace('-', '/', $entry_date)));
$exp = date('Y-m-d', strtotime(str_replace('-', '/', $expired)));
?>
<div class="panel-body">
<div class="modal fade" id="insert" tabindex="-1" role="dialog" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true"></button>
<h5 class="modal-title">Insert New Material</h5>
</div>
<div class="modal-body">
<form class="form-vertical" method="post">
<?php
if (isset($_POST['insertdata'])) {
if (strlen($ingredient_name) > 2 && !is_numeric($ingredient_name)) {
if (is_numeric($amount)) {
if (is_numeric($stock)) {
if (is_numeric($min_stock)) {
if ($entry_date < $expired) {
$insert_query = "INSERT INTO ingredients (employee_id, material_name, min_stock, stock, entry_date, exp_date, amount) VALUES ('" . $_SESSION['pantry'] . "', '{$ingredient_name}', '{$min_stock}', '{$stock}', '{$entry}', '{$exp}', '{$amount}')";
$sql_insert = mysql_query($insert_query);
if ($sql_insert) {
<?php
function isSecure()
{
$url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if (false !== strpos($url, 'd=1')) {
return true;
}
return !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
}
style('passwords', 'style');
// check if secure (https)
if (isSecure()) {
script('passwords', 'handlebars');
script('passwords', 'script');
script('passwords', 'sorttable');
?>
<div id="app">
<div id="app-navigation">
<?php
print_unescaped($this->inc('part.navigation'));
?>
<?php
print_unescaped($this->inc('part.settings'));
?>
</div>
<div id="app-content">
<div id="app-content-wrapper">
<?php
function put()
{
if (!isSecure()) {
error_log("ERROR: MUST USE HTTPS!!");
echo json_encode(array("status" => "ERROR: MUST USE HTTPS!!"));
exit;
}
require 'config.php';
$request = check_and_clean_json('Username');
//error_log("get_device_data:".print_r($request, true));
//error_log('REQUEST_URI:'.$_SERVER['REQUEST_URI']);
//$response = array();
if ($request != null) {
$conn = open_db();
//Validate the user and get the list of devices the user is authorized to download
$sql = "\n SELECT device_id FROM sys_users su, link_users_devices sud\n WHERE password = md5(:password) AND username = :username AND sud.user_id = su.user_id AND device_id = :device_id;\n ";
$sth = $conn->prepare($sql);
if ($sth->execute(array('username' => $request->Username, 'password' => $request->Password, 'device_id' => $request->device_id))) {
//Successful authentication and device verification
$auth_devices = $sth->fetchAll(PDO::FETCH_ASSOC);
//error_log(print_r($auth_devices, true));
if (count($auth_devices) == 0) {
//incorrect username/password or the user does not have access to ANY device data
echo json_encode(array("status" => "ERROR: Incorrect username/password or the user does not have access to the device data!!"));
error_log("get_device_drd_data: Login error or invalid device_id requested bu user " . $request->Username . " - device_id: " . $request->device_id);
exit;
}
} else {
error_log(print_r($sth->errorInfo(), true));
echo json_encode(array("status" => "ERROR: DB Error 1, see log!!"));
exit;
}
//Set time zone
$sql = "SET TIME ZONE '" . $request->TZ . "';";
$sth = $conn->prepare($sql);
if ($sth->execute()) {
//success
//Do nothing
} else {
echo json_encode(array("status" => "ERROR: Incorrect time zone!!"));
exit;
}
$dateStart = strtotime($request->dateStart);
if (!$dateStart) {
//bad date provided
echo json_encode(array("status" => "ERROR: Incorrectly formatted start date provided!!"));
exit;
}
$dateEnd = strtotime($request->dateEnd);
if (!$dateEnd) {
//bad date provided
echo json_encode(array("status" => "ERROR: Incorrectly formatted end date provided!!"));
exit;
}
//Hard limit of 7 days of data
if ($dateEnd - $dateStart > 86400 * 7) {
echo json_encode(array("status" => "ERROR: Maximum limit of 7 days data in one request!!"));
exit;
}
if (!is_numeric($request->device_id)) {
echo json_encode(array("status" => "ERROR: device_id must be numeric!!"));
exit;
}
if (!is_numeric($request->param_id)) {
echo json_encode(array("status" => "ERROR: param_id must be numeric!!"));
exit;
}
//Perform COUNT query
$sth = $conn->prepare("\n SELECT COUNT(*) FROM (\n SELECT row_number() OVER(ORDER BY gmt_timestamp ASC) AS row, gmt_timestamp AT TIME ZONE 'UTC' AS timestamp FROM device_raw_data\n WHERE device_id = :device_id AND param_id = :param_id AND gmt_timestamp BETWEEN (:dateStart::TIMESTAMP WITH TIME ZONE AT TIME ZONE 'UTC') AND (:dateEnd::TIMESTAMP WITH TIME ZONE AT TIME ZONE 'UTC')\n ) as t\n ");
if ($sth->execute(array('device_id' => $request->device_id, 'param_id' => $request->param_id, 'dateStart' => $request->dateStart, 'dateEnd' => $request->dateEnd))) {
//Success
$count = $sth->fetch(PDO::FETCH_ASSOC);
} else {
error_log(print_r($sth->errorInfo(), true));
echo json_encode(array("status" => "ERROR: DB Error 2, see log!!"));
exit;
}
//error_log(print_r($count, true));
$count = $count['count'];
if ($count == 0) {
error_log("NO DATA RECORDS: device_id=" . $request->device_id . " - param_id: " . $request->param_id . " - dateStart " . $request->dateStart . " - dateEnd: " . $request->dateEnd);
echo json_encode(array("status" => "ERROR: No data for the requested device within the selected period!!"));
}
//Set how many records are returned by the query
//depending on the number returned by the count query
//Limit the count to 5000
if ($count > 5000) {
$mod = intval($count / 5000) + 1;
} else {
$mod = 1;
}
//return all records
//Perform main query
$sth = $conn->prepare("\n SELECT timestamp, log_value FROM (\n SELECT row_number() OVER(ORDER BY gmt_timestamp ASC) AS row, gmt_timestamp AT TIME ZONE 'UTC' AS timestamp, log_value FROM device_raw_data\n WHERE device_id = :device_id AND param_id = :param_id AND gmt_timestamp BETWEEN (:dateStart::TIMESTAMP WITH TIME ZONE AT TIME ZONE 'UTC') AND (:dateEnd::TIMESTAMP WITH TIME ZONE AT TIME ZONE 'UTC')\n ORDER BY gmt_timestamp\n ) as t\n WHERE t.row % :mod = 0\n ");
if ($sth->execute(array('device_id' => $request->device_id, 'param_id' => $request->param_id, 'dateStart' => $request->dateStart, 'dateEnd' => $request->dateEnd, 'mod' => $mod))) {
//Success
$readings = $sth->fetchAll(PDO::FETCH_ASSOC);
} else {
error_log(print_r($sth->errorInfo(), true));
echo json_encode(array("status" => "ERROR: DB Error 3, see log!!"));
exit;
}
$response = array("status" => "OK", "logReadings" => $readings);
} else {
//bad request
$response = array("status" => "ERROR: Bad request format!!");
error_log("get_device_data: Bad JSON request format for user: " . $request->Username);
}
//Send the response
echo json_encode($response);
}
/**
* Make given string a proper URL
*
* @author Krzysztof Kalkhoff
*
* @param string $url
* @return string
*/
public static function makeUrl($url)
{
if (!preg_match("~^(?:f|ht)tps?://~i", $url)) {
$url = 'http' . (isSecure() ? 's' : '') . "://" . $url;
}
return $url;
}
function save_remote_file($file)
{
$protocol = isSecure() ? 'https://' : 'http://';
file_put_contents('./files/updates/' . $file, fopen($protocol . 'tecdiary.com/api/v1/download/file/' . $file, 'r'));
return true;
}
function fullBaseUrl($path)
{
$protocol = isSecure() ? 'https://' : 'http://';
$host = $_SERVER['HTTP_HOST'];
return $protocol . $host . baseUrl($path);
}
<?php
$employee_id = isSecure(@$_POST['employee_id']);
$password = isSecure(@$_POST['password']);
$name = isSecure(@$_POST['name']);
$employee_type = isSecure(@$_POST['employee_type']);
?>
<div class="panel-body">
<div class="modal fade" id="insert" tabindex="-1" role="dialog" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true"></button>
<h5 class="modal-title">Insert New Employee Data</h5>
</div>
<div class="modal-body">
<form class="form-vertical" method="post">
<?php
if (isset($_POST['insertdata'])) {
if (strlen($employee_id) <= 7) {
if (strlen($password) > 5) {
if (strlen($name) > 2 && !is_numeric($name)) {
$check_query = "SELECT employee_id FROM employee WHERE employee_id = '{$employee_id}'";
$sql_check = mysql_query($check_query);
$row = mysql_num_rows($sql_check);
if ($row > 0) {
echo '<div class="alert alert-danger" role="alert">
<span class="sr-only">Error: </span>
Employee ID already exists.
</div>';
} else {
<?php
$category = isSecure(@$_POST['category']);
$name = isSecure(@$_POST['name']);
$desc = isSecure(@$_POST['desc']);
$price = isSecure(@$_POST['price']);
$discount = isSecure(@$_POST['discount']);
?>
<div class="panel-body">
<div class="modal fade" id="insert" tabindex="-1" role="dialog" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true"></button>
<h5 class="modal-title">Insert New Menu</h5>
</div>
<div class="modal-body">
<form class="form-vertical" method="post" enctype="multipart/form-data">
<?php
if (isset($_POST['insertdata'])) {
if (strlen($name) > 2 && !is_numeric($name)) {
if (strlen($desc) > 2 && !is_numeric($desc)) {
if (is_numeric($price)) {
if (is_numeric($discount) && $discount > 0 && $discount < 100) {
$file_name = $_FILES['photo']['name'];
$file_size = $_FILES['photo']['size'];
$file_type = $_FILES['photo']['type'];
$tmp_file = $_FILES['photo']['tmp_name'];
$path = 'assets/images/menu';
$check_query = "SELECT menu_id FROM menus WHERE menu_id = '{$menu_id}'";
$sql_check = mysql_query($check_query);
/**
* Return current URL
* @return string
*/
function currentUrl()
{
if (isSecure()) {
$protocol = 'https://';
} else {
$protocol = 'http://';
}
return $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
}
require_once $mageFilename;
#Varien_Profiler::enable();
if (isset($_SERVER['MAGE_IS_DEVELOPER_MODE'])) {
Mage::setIsDeveloperMode(true);
}
#ini_set('display_errors', 1);
umask(0);
/* Store or website code */
$mageRunCode = isset($_SERVER['MAGE_RUN_CODE']) ? $_SERVER['MAGE_RUN_CODE'] : '';
/* Run store or run website */
$mageRunType = isset($_SERVER['MAGE_RUN_TYPE']) ? $_SERVER['MAGE_RUN_TYPE'] : 'store';
//Mage::run($mageRunCode, $mageRunType);
$ip = getenv('HTTP_X_FORWARDED_FOR');
$array_ip = explode(",", $ip);
$country_code = getCountry($array_ip[0]);
$protocol = isSecure() ? 'https://' : 'http://';
if ($country_code == "IT") {
if ($_SERVER['REQUEST_URI'] === '/') {
header('Location: ' . $protocol . $_SERVER['HTTP_HOST'] . '/it');
exit;
}
} else {
if ($country_code != "IT") {
if ($_SERVER['REQUEST_URI'] === '/') {
header('Location: ' . $protocol . $_SERVER['HTTP_HOST'] . '/en');
exit;
}
} else {
/* Auto redirect to language store view if request is for root */
if ($_SERVER['REQUEST_URI'] === '/') {
header('Location: ' . getStoreForLanguage()->getBaseUrl());
<!-- Modal EDIT -->
<div class="panel-body">
<div id="edit" class="modal fade" tabindex="-1" role="dialog" aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">x</button>
<h5 class="modal-title">Edit Employee Data</h5>
</div>
<div class="modal-body">
<form class="form-vertical" method="post">
<?php
if (isset($_POST['editdata'])) {
$empId = isSecure($_POST['empId']);
$empName = isSecure($_POST['empName']);
$empType = isSecure($_POST['empType']);
if (strlen($empName) > 2 && !is_numeric($empName)) {
$update_query = "UPDATE employee SET employee_name = '{$empName}', employee_type = '{$empType}' WHERE employee_id = '{$empId}';";
$sql_update = mysql_query($update_query);
if ($sql_update) {
echo '<script>alert("Data successfully updated.");window.location="admin.php";</script>';
} else {
echo "Error :" . mysql_error();
}
} else {
echo '<div class="alert alert-danger" role="alert">
<span class="sr-only">Error: </span>
Please check the name.
</div>';
}
}
// Without this step anyone can fake IPN data
if (USE_SANDBOX == true) {
$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == FALSE) {
return FALSE;
}
// Check if we're on a secure connection, and disable SSL_VERIFYPEER if there is no HTTPS
function isSecure()
{
return !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
}
$VerifyPeer = isSecure() ? 1 : 0;
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $VerifyPeer);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if (DEBUG == true) {
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
*/
$GLOBAL_VARS = array();
/*
* 배포 환경에서 TRUE 상태가 되지 않도록 주의 하십시요.
* is_test TRUE : 에러 출력 등
* is_debug TRUE : 프로파일링, DB쿼리 저장 등
*/
$GLOBAL_VARS['is_test'] = TRUE;
$GLOBAL_VARS['is_debug'] = TRUE;
# 도메인 명
$GLOBAL_VARS['domain'] = 'noxportal.com';
$GLOBAL_VARS['cookie_domain'] = '.noxportal.com';
# 프로젝트 Document root path
$GLOBAL_VARS['document_root'] = filter_input(INPUT_SERVER, 'DOCUMENT_ROOT', FILTER_SANITIZE_SPECIAL_CHARS);
# 프로토콜 : http, https
$GLOBAL_VARS['is_secure'] = isSecure();
$GLOBAL_VARS['protocol'] = getProtocol($GLOBAL_VARS['is_secure']);
# DATABASE 관련 설정
$GLOBAL_VARS['db']['hostname'] = 'localhost';
$GLOBAL_VARS['db']['username'] = '******';
$GLOBAL_VARS['db']['password'] = '******';
$GLOBAL_VARS['db']['database'] = 'noxportal';
# DATABASE - TABLE 이름
$GLOBAL_VARS['db']['tables']['prefix'] = 'noxent_';
$GLOBAL_VARS['db']['tables']['members'] = $GLOBAL_VARS['db']['tables']['prefix'] . 'members';
$GLOBAL_VARS['db']['tables']['admin_members'] = $GLOBAL_VARS['db']['tables']['prefix'] . 'admin_members';
$GLOBAL_VARS['db']['tables']['board'] = $GLOBAL_VARS['db']['tables']['prefix'] . 'board';
$GLOBAL_VARS['db']['tables']['board_content'] = $GLOBAL_VARS['db']['tables']['prefix'] . 'board_content';
# autoload 설정 (콤마로 구분 문자열 배열에 추가)
$GLOBAL_VARS['autoload']['packages'] = array();
$GLOBAL_VARS['autoload']['libraries'] = array('database', 'session', 'app_lib');
<div class="alert alert-success" role="success">
<span class="fa fa-check" aria-hidden="true"></span>
<span class="sr-only">Success:</span>
<?php
echo _settings_msgbox;
?>
<?php
echo date('d-m-Y H:i:s', $db_cronjob_lastrun);
?>
<?php
echo _settings_msgbox_executed;
?>
</div>
<?php
}
if (isSecure() == true) {
?>
<div class="alert alert-dismissible alert-info">
<span class="fa fa-check" aria-hidden="true"></span>
<?php
echo _settings_message_ssl_true;
?>
</div>
<?php
} else {
?>
<div class="alert alert-danger" role="alert">
<span class="fa fa-warning" aria-hidden="true"></span>
<span class="sr-only">Error:</span>
<?php
echo _settings_message_ssl_false;
<?php $secure = isSecure() ? 'https://' : 'http://'; //All links defined here. MODIFY IT WHEN FOLDER/SITE STRUCTURE CHANGES! $link = array(); $link['root'] = GetRootDir(); $link['url'] = $secure . $_SERVER['HTTP_HOST'] . "/"; $link['favicon'] = $link['url'] . "favicon.ico"; $link['download'] = $link['url'] . 'downloads/'; $link['rss'] = $link['url'] . 'rss/'; $link['home'] = $link['url']; $link['forum'] = $link['url'] . 'forum/'; $link['admin']['forum-panel'] = $link['forum'] . '?action=admin'; $link['login'] = $link['forum'] . '?action=login'; $link['support'] = $link['url'] . 'support/'; $link['addon']['home'] = $link['url'] . 'addons/'; $link['addon']['dashboard'] = $link['url'] . 'dashboard/'; $link['help'] = $link['url'] . 'help/'; $link['faq'] = $link['help'] . 'faq/'; $link['release-note'] = $link['help'] . 'release-note/'; $link['press'] = $link['help'] . 'press/'; $link['api'] = $link['help'] . 'api/'; $link['bugreport'] = $link['url'] . 'bug/'; $link['redirect'] = $link['url'] . 'out/'; $link['404'] = $link['root'] . "pages/error/404.php"; $link['kb'] = $link['url'] . 'kb/'; $link['credit'] = $link['help'] . 'credit/'; $link['logout'] = $link['url'] . 'logout/'; /** * Check if the server has SSL or not *
###########################################################
#own libraries
require realpath(dirname(__FILE__)) . "/classes/TelegramBotAPI.php";
#config
require realpath(dirname(__FILE__)) . "/../config/config.php";
function _log($str)
{
print_r($str);
}
function isSecure()
{
return !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
}
$setHook = true;
$deleteWebhook = isset($_GET['delete']);
if (!isSecure()) {
_log("You need to use a secure conection to set a webhook \n\n");
$setHook = false;
} else {
_log("This connection is secure \n\n");
}
if (file_exists($ssl_cert_location)) {
_log("Certificate found \n\n");
} else {
_log("Certificate NOT found \n\n");
$setHook = false;
}
if ($setHook || $deleteWebhook) {
$telegram = new TelegramBot(BOT_AUTH_TOKEN);
if (!$deleteWebhook) {
$url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
<?php
session_start();
include '../config/config.php';
include '../function/isSecure.php';
if (isset($_POST['login'])) {
$employee_id = isSecure($_POST['employee_id']);
$password = isSecure(md5($_POST['password']));
$query = "SELECT * FROM employee WHERE employee_id = '{$employee_id}'";
$sql = mysql_query($query);
$data = mysql_fetch_array($sql);
$row = mysql_num_rows($sql);
$employee_type = $data['employee_type'];
if ($row == 1 && $data['password'] == $password) {
if ($employee_type == 'Admin') {
$_SESSION['admin'] = $data['employee_id'];
echo '<script>window.location="../admin.php";</script>';
} elseif ($employee_type == 'Waiter') {
$_SESSION['waiter'] = $data['employee_id'];
echo '<script>window.location="../waiter.php";</script>';
} elseif ($employee_type == 'Chef') {
$_SESSION['chef'] = $data['employee_id'];
echo '<script>window.location="../chef.php";</script>';
} elseif ($employee_type == 'CS') {
$_SESSION['cs'] = $data['employee_id'];
echo '<script>window.location="../customerservice.php";</script>';
} elseif ($employee_type == 'Pantry') {
$_SESSION['pantry'] = $data['employee_id'];
echo '<script>window.location="../pantry.php";</script>';
} elseif ($employee_type == 'Cashier') {
$_SESSION['cashier'] = $data['employee_id'];
