function post(&$vars) { extract($vars); $a = trim($request->params['identity']['email_value']); $i = $Identity->find_by('email_value', $a); if (is_email($a) && $i) { trigger_error('Sorry, the e-mail address already exists.', E_USER_ERROR); } $p = $Person->base(); $p->save(); if (empty($request->params['identity']['url'])) { $request->params['identity']['url'] = $a; } $request->params['identity']['token'] = make_token($p->id); $request->params['identity']['person_id'] = $p->id; $resource->insert_from_post($request); $i = $Identity->find($request->id); $i->set_etag(); $installed = environment('installed'); if (is_array($installed)) { foreach ($installed as $appname) { $app = $Setting->base(); $app->set_value('profile_id', $i->id); $app->set_value('person_id', $p->id); $app->set_value('name', 'app'); $app->set_value('value', $appname); $app->save_changes(); $app->set_etag(); } } header_status('201 Created'); redirect_to($request->resource); }
$username = $_GET['username']; $match = array(); if (preg_match("/(.*)@{$domain}/", $username, $match)) { $username = $match[1]; } $username = preg_replace('/[^a-z0-9]/', '', strtolower($username)); $year = $_GET['gradyear']; $year = preg_replace("/[^0-9]/", '', $year); $type = $_GET['type']; if ($type == "other") { $type = $_GET['other']; } if ($username == '' || get_item($dbh, 'username', 'accounts', 'username', $username)) { $thispage->append(show_username_taken($username)); } else { $token = make_token(); $data = array('username' => $username, 'year' => $year, 'type' => $type); $storable = serialize($data); $email = $username . '@' . $domain; mysql_query("insert into tentative_accounts set session = '{$storable}', token = '{$token}', created = now()"); $message = "Click the following link to activate your Plan:\n" . "www.grinnellplans.com/register.php?token={$token}\n\n" . "The link will expire in 24 hours."; if (send_mail($email, "Activate your new plan.", $message)) { $message = new InfoText("An email has been sent to {$email} with a link to activate your Plan. You will probably receive it right away, but if you don't get it within a few hours, <a href=\"mailto:{$admin_email}\">Bug us</a>.", 'Email Sent'); } else { $message = new AlertText("We were not able to send you an activation email, possibly because your email address is not accepting messages at this time. Please contact <a href=\"mailto:{$admin_email}\">{$admin_email}</a> for assistance.", 'Activation email could not be sent'); } $thispage->append($message); } } else { if ($_GET['token']) { $session = get_item($dbh, 'session', 'tentative_accounts', 'token', $token);
public function account_post() { set_req_log('/member/account', $_SERVER['HTTP_CLIENT_TYPE'], json_encode($this->post())); if ($this->post('memberKey')) { $member_key = $this->post('memberKey'); $password = $this->post('password') ? $this->post('password') : $this->post('memberKey'); $name = $this->post('name') ? $this->post('name') : ''; $birthday = $this->post('birthday') ? $this->post('birthday') : ''; $gender = $this->post('gender') ? $this->post('gender') : ''; $profile_image_url = $this->post('profileImageUrl') ? $this->post('profileImageUrl') : ''; $db_result = $this->member_db_model->set_member_account($member_key, $password, $name, $birthday, $gender, $profile_image_url); if ($db_result) { if ($db_result[0]['result'] == '01') { set_err_log('Duplication - memberKey'); echo json_encode(array('errorCode' => '01', 'errorMessage' => 'duplicate error')); } else { $xid = $db_result[0]['xid']; set_xid_log($xid); $access_token = make_token($xid); set_res_log($access_token); header('Access-Token: ' . $access_token); } } else { http_response_code(500); set_err_log('Login DB Error'); } } else { http_response_code(400); if (!array_key_exists('memberKey', $this->post())) { set_err_log('Parameter Empty - memberKey'); } echo json_encode(array('errorCode' => '00', 'errorMessage' => 'parameter error')); } }
function login_success($redirect = True) { // http://" . $gw_address . ":" . $gw_port . "/wifidog/auth?token=" . $token $token = make_token(); $url = 'http://' . $_SESSION['gw_address'] . ':' . $_SESSION['gw_port'] . '/wifidog/auth?token=' . $token; if ($redirect) { Flight::redirect($url); } else { return $url; } }
<?php // get to the root directory chdir(dirname(__FILE__)); chdir('..'); // bootstrap the framework schtuffz require_once 'framework/boot/boot.php'; // session session_start(); // make a token for database interactions $_SESSION['token'] = make_token(); // load get vars $param_controller = $_GET['controller']; $param_action = $_GET['action']; // load helpers todo: make this in the controller's context? require_once 'app/helpers/application_helper.php'; require_once 'app/helpers/' . $param_controller . '_helper.php'; // instantiate the controller $controller_string = Inflector::camelize($param_controller) . 'Controller'; $controller = new $controller_string($param_action); // call the action $controller->{$param_action}();
function post(&$vars) { extract($vars); $g = $Group->base(); $fields = $Group->fields_from_request($request); foreach ($fields['groups'] as $field => $type) { $g->set_value($field, $request->params['group'][$field]); } $g->save_changes(); $g->set_etag(get_person_id()); $subscribers = explode("\n", $request->subscribers); foreach ($subscribers as $addr) { $p = false; $i = false; $a = trim($addr); $i = $Identity->find_by('email_value', $a); if (is_email($a) && $i) { $p = $i->FirstChild('people'); } elseif (is_email($a)) { $p = $Person->base(); $p->save(); $i = $Identity->base(); $i->set_value('url', $a); $i->set_value('email_value', $a); $i->set_value('given_name', ''); $i->set_value('label', 'profile 1'); $token = make_token($p->id); $i->set_value('token', $token); $i->set_value('person_id', $p->id); $i->save_changes(); $i->set_etag($p->id); do_invite_email($a, $token, $g); } if (is_email($a) && $p) { $m = $Membership->base(); $m->set_value('group_id', $g->id); $m->set_value('person_id', $p->id); $m->save_changes(); } } header('Status: 201 Created'); redirect_to('groups'); }
function do_ajaxy_fileupload(&$request, &$route) { global $db; if (!isset($_FILES['Filedata']['name'])) { return; } if (!is_writable('cache')) { exit; } $result = $db->get_result("DELETE FROM " . $db->prefix . "uploads WHERE name = '" . $db->escape_string(urldecode($_FILES['Filedata']['name'])) . "'"); $tmp = 'cache' . DIRECTORY_SEPARATOR . make_token(); $tmp .= "." . extension_for(type_of($_FILES['Filedata']['name'])); $Upload =& $db->model('Upload'); $u = $Upload->base(); $u->set_value('name', urldecode($_FILES['Filedata']['name'])); $u->set_value('tmp_name', $tmp); $u->save_changes(); move_uploaded_file($_FILES['Filedata']['tmp_name'], $tmp); echo "200 OK"; exit; }