function api_output_get_format()
{
    $format = null;
    $possible = null;
    if (request_isset('format')) {
        $possible = request_str('format');
    } elseif (function_exists('getallheaders')) {
        $headers = getallheaders();
        if (isset($headers['Accept'])) {
            foreach (explode(",", $headers['Accept']) as $what) {
                list($type, $q) = explode(";", $what, 2);
                if (preg_match("!^application/(\\w+)\$!", $type, $m)) {
                    $possible = $m[1];
                    break;
                }
            }
        }
    } else {
    }
    if ($possible) {
        if (in_array($possible, $GLOBALS['cfg']['api']['formats'])) {
            $format = $possible;
        }
    }
    return $format;
}
function _api_output_rest_send_json_headers()
{
    $content_type = 'application/json';
    if (request_isset('_jsondebug')) {
        $content_type = 'text/plain';
    }
    utf8_headers($content_type);
}
function api_output_send($rsp, $more = array())
{
    $rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok';
    api_log(array('stat' => $rsp['stat']), 'write');
    api_output_utils_start_headers($rsp, $more);
    if (features_is_enabled("api_cors")) {
        if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) {
            header("Access-Control-Allow-Origin: " . htmlspecialchars($origin));
        }
    }
    if (!request_isset("inline")) {
        header("Content-Type: text/json");
    }
    $json = json_encode($rsp);
    header("Content-Length: " . strlen($json));
    echo $json;
    exit;
}
function api_output_send($rsp, $callback, $more = array())
{
    $rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok';
    api_log(array('stat' => $rsp['stat']), 'write');
    api_output_utils_start_headers($rsp, $more);
    if (features_is_enabled("api_cors")) {
        if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) {
            header("Access-Control-Allow-Origin: " . htmlspecialchars($origin));
        }
    }
    $json = json_encode($rsp);
    # http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
    $jsonp = "/**/" . $callback . "(" . $json . ")";
    header("Content-Disposition: attachment; filename=f.txt,");
    header("X-Content-Type-Options: nosniff");
    header("Content-Length: " . strlen($jsonp));
    if (!request_isset("inline")) {
        header("Content-Type: application/javascript");
    }
    echo $jsonp;
    exit;
}
    mysql_connect($DB_ADDRESS, $DB_USER, $DB_PASS) or die(mysql_error());
    mysql_select_db($DB_NAME) or die(mysql_error());
    // To protect MySQL injection (more detail about MySQL injection)
    $username = mysql_real_escape_string(stripslashes(request_isset('myusername')));
    $password = mysql_real_escape_string(stripslashes(request_isset('mypassword')));
    $authManager = new AuthManager();
    $checkLogin = $authManager->checkLogin($username, $password);
    // if a single record was found given the username and password
    if ($checkLogin['count'] == 1) {
        // store  nessasary data to the session
        $_SESSION['USER_ID'] = $checkLogin['USER_ID'];
        $_SESSION['usertype'] = $checkLogin['user_type'];
        $_SESSION['username'] = $username;
        $sessionManager = new sessionManager($checkLogin['USER_ID'], $checkLogin['user_type'], $username);
        $_SESSION['sessionManager'] = serialize($sessionManager);
    }
}
// END -----------------------------------------------------------------------------------
if ($sessionManager->isAuthorized()) {
    $USER_ID = $_SESSION['USER_ID'];
    $page_action = request_isset('action');
    $db_link = DB_Connect($DB_ADDRESS, $DB_USER, $DB_PASS, $DB_NAME);
} else {
    if (isset($forceLogin)) {
        if ($forceLogin == true) {
            require_once $relative_base_path . 'auth/login.php';
        }
    } else {
        require_once $relative_base_path . 'auth/login.php';
    }
}
<?php

require_once '../../views/_secureHead.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $PASSMAN_ID = request_isset('id');
    $site = request_isset('site');
    $url = request_isset('url');
    $username = request_isset('username');
    $password = request_isset('password');
    switch ($page_action) {
        case 'update_by_id':
            $db_update_success = PasswordManager::updateRecord($PASSMAN_ID, $USER_ID, $site, $url, $username, $password);
            break;
        case 'add_password':
            $db_add_success = PasswordManager::addRecord($USER_ID, $site, $url, $username, $password);
            break;
        case 'delete_by_id':
            $db_delete_success = PasswordManager::deleteRecord($PASSMAN_ID, $USER_ID);
            break;
    }
    $passman_records = PasswordManager::getAllRecords($USER_ID);
    $page_title = 'PassMan';
    $alt_menu = getAddButton();
    // build add view
    $addView = new AddView('Add', 'add_password');
    $addView->addRow('site', 'Site');
    $addView->addRow('url', 'URL');
    $addView->addRow('username', 'Username');
    $addView->addRow('password', 'Password');
<?php

require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $KEYMAN_ID = request_isset('id');
    $record = KeyManager::getRecord($KEYMAN_ID, $USER_ID);
    $app_title = 'Edit | ' . $app_title;
    // build edit view
    $editModel = new EditModel('Edit', 'update_by_id', $KEYMAN_ID);
    $editModel->addRow('name', 'Name', $record->getName());
    $editModel->addTextarea('private_key', 'Private key', $record->getPrivateKey());
    $editModel->addTextarea('public_key', 'Public key', $record->getPublicKey());
    $editModel->addRow('passphrase', 'Passphrase', $record->getPassphrase());
    $views_to_load = array();
    $views_to_load[] = ' ' . EditView2::render($editModel);
    include $relative_base_path . 'views/_generic.php';
}
login_ensure_loggedin();
loadlib("api_keys");
loadlib("api_keys_utils");
loadlib("api_oauth2_access_tokens");
loadlib("api_oauth2_grant_tokens");
$key_more = array('ensure_isown' => 0);
$key_row = api_keys_utils_get_from_url($key_more);
$GLOBALS['smarty']->assign_by_ref("key", $key_row);
$crumb_key = 'access_token_register';
$GLOBALS['smarty']->assign("crumb_key", $crumb_key);
$perms_map = api_oauth2_access_tokens_permissions_map();
$GLOBALS['smarty']->assign_by_ref("permissions", $perms_map);
$ttl_map = api_oauth2_access_tokens_ttl_map();
$GLOBALS['smarty']->assign_by_ref("ttl_map", $ttl_map);
# Handy helper mode to create auth tokens for yourself...
if (request_isset("self")) {
    features_ensure_enabled("api_authenticate_self");
    if ($key_row['user_id'] != $GLOBALS['cfg']['user']['id']) {
        error_403();
    }
    if ($token_row = api_oauth2_access_tokens_get_for_user_and_key($GLOBALS['cfg']['user'], $key_row)) {
        $GLOBALS['smarty']->assign_by_ref("token_row", $token_row);
        $GLOBALS['smarty']->assign("has_token", 1);
    } else {
        if (post_isset("confirm") && crumb_check($crumb_key)) {
            $perms = request_str("perms");
            $ttl = request_int32("ttl");
            if (!api_oauth2_access_tokens_is_valid_permission($perms)) {
                $GLOBALS['smarty']->assign("error", "bad_perms");
            } else {
                $rsp = api_oauth2_access_tokens_create($key_row, $GLOBALS['cfg']['user'], $perms, $ttl);
Beispiel #9
0
<?php

require_once '../../views/_secureHead.php';
require_once '../../libs/simple_html_dom.php';
require_once '../../models/_header.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $STOCK_ID = request_isset('id');
    $ticker = request_isset('ticker');
    $stockManager = new StockManager();
    if ($sessionManager->getUserType() != 'ADMIN') {
        switch ($page_action) {
            case 'update_by_id':
                $db_update_success = $stockManager->updateRecord($STOCK_ID, $USER_ID, $ticker);
                break;
            case 'add_stock':
                $db_add_success = $stockManager->addRecord($USER_ID, $ticker);
                break;
            case 'delete_by_id':
                $db_delete_success = $stockManager->deleteRecord($STOCK_ID, $USER_ID);
                break;
        }
    }
    $stock_records = $stockManager->getAllRecords();
    // build header view
    $headerView = new HeaderView(($sessionManager->getUserType() == 'ADMIN' ? 'Indexer | ' : '') . 'Stocks');
    $headerView->setLink('<link rel="stylesheet" type="text/css" href="css/styles.css" />');
    if ($sessionManager->getUserType() == 'ADMIN') {
        $headerView->setMeta('<meta http-equiv="refresh" content="1800;url=#" />');
    } else {
 $id = request_isset('id');
 $store = request_isset('store');
 $dateOption = request_isset('dateOption');
 $selectTimeDate = request_isset('selectTime-date');
 $selectTimeTime = request_isset('selectTime-time');
 $budget_id = request_isset('budget_id');
 $item_id = request_isset('item_id');
 $item_name = request_isset('item_name');
 $amount = request_isset('amount');
 $qty = request_isset('qty');
 $category = request_isset('category');
 $brand = request_isset('brand');
 $size = request_isset('size');
 $size_unit = request_isset('size_unit');
 $tax = request_isset('tax');
 $sale = request_isset('sale');
 // figure out what $date should be
 if ($dateOption == 'dateOption-current') {
     $date = 'CURRENT_TIMESTAMP';
 } else {
     if ($dateOption == 'dateOption-selectTime') {
         $date = "{$selectTimeDate} {$selectTimeTime}";
     }
 }
 switch ($page_action) {
     case 'update_item_by_id':
         $id = BudgetManager::getBudgetIdFromItemId($item_id);
         $db_update_success = BudgetManager::updateItemRecord($item_id, $item_name, $amount, $qty, $category, $brand, $size, $size_unit, $tax, $sale);
         break;
     case 'add_receipt_item':
         $id = $budget_id;
<?php

require_once '../../views/_secureHead.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $id = request_isset('id');
    $sbookmark = request_isset('sbookmark');
    $title = request_isset('title');
    $url = request_isset('url');
    switch ($page_action) {
        case 'update_by_id':
            $db_update_success = BookmarkManager::updateRecord($id, $title, $url);
            break;
        case 'add_bookmark':
            $db_update_success = BookmarkManager::addRecord($title, $url);
            break;
        case 'delete_by_id':
            $db_delete_success = BookmarkManager::deleteRecord($id);
            break;
    }
    $page_title = 'Bookmarks';
    $search_target = 'bookmarks';
    $bookmark_data = BookmarkManager::getAllRecords();
    $alt_menu = getAddButton() . getSearchButton();
    $searchModel = new SearchModel($search_target);
    $addModel = new AddModel('Add', 'add_bookmark');
    $addModel->addRow('title', 'Title');
    $addModel->addRow('url', 'URL');
    $bookmarkModel = new TableModel('', $search_target);
    /*$bookmarkModel->addRow ( array (
    			TableView2::createCell ('site', 'Site', 'th'),
    			TableView2::createCell ()
<?php

require_once '../../views/_secureHead.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
KeyManager::initDB(new KeyManager());
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $KEYSTORE_ID = request_isset('id');
    $name = request_isset('name');
    $private_key = request_isset('private_key');
    $public_key = request_isset('public_key');
    $passphrase = request_isset('passphrase');
    switch ($page_action) {
        case 'update_by_id':
            $db_update_success = KeyManager::updateRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase);
            break;
        case 'add_key':
            $db_add_success = KeyManager::addRecord($KEYSTORE_ID, $USER_ID, $name, $private_key, $public_key, $passphrase);
            break;
        case 'delete_by_id':
            $db_delete_success = KeyManager::deleteRecord($KEYSTORE_ID, $USER_ID);
            break;
    }
    $keyman_records = KeyManager::getAllRecords($USER_ID);
    $alt_menu = getAddButton();
    // build add view
    $addView = new AddView('Add', 'add_key');
    $addView->addRow('name', 'Name');
    $addView->addRow('private_key', 'Private key');
    $addView->addRow('public_key', 'Public key');
    $addView->addRow('passphrase', 'Passphrase');
<?php

require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $PASSMAN_ID = request_isset('id');
    $passwordManager = new PasswordManager();
    $record = $passwordManager->getRecord($PASSMAN_ID, $USER_ID);
    $page_title = 'Edit | PassMan';
    // build edit view
    $editModel = new EditModel('Edit', 'update_by_id', $PASSMAN_ID);
    $editModel->addRow('site', 'Site', $record->getSite());
    $editModel->addRow('url', 'URL', $record->getUrl());
    $editModel->addRow('username', 'Username', $record->getUsername());
    $editModel->addRow('password', 'Password', $record->getPassword());
    $views_to_load = array();
    $views_to_load[] = ' ' . EditView2::render($editModel);
    include $relative_base_path . 'views/_generic.php';
}
Beispiel #14
0
<?php

require_once '../../views/_secureHead.php';
require_once '../../libs/simple_html_dom.php';
require_once '../../models/_edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $STOCK_ID = request_isset('id');
    $stockManager = new StockManager();
    $record = $stockManager->getRecord($STOCK_ID);
    $page_title = 'Edit | Stocks';
    // build edit view
    $editView = new EditView('Edit', 'update_by_id', $STOCK_ID);
    $editView->addRow('stock', 'Stock', $record->getStock());
    $editView->addRow('ticker', 'Ticker', $record->getSymbol());
    $views_to_load = array();
    $views_to_load[] = '../../views/_edit.php';
    include '../../views/_generic.php';
}
<?php

require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/add.php';
require_once $relative_base_path . 'models/table.php';
require_once $relative_base_path . 'models/button.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $id = request_isset('id');
    $amount = request_isset('amount');
    $category = request_isset('category');
    $store = request_isset('store');
    $items = request_isset('items');
    $startdate = request_isset('startdate');
    $enddate = request_isset('enddate');
    switch ($page_action) {
        case 'update_by_id':
            $db_update_success = BudgetManager::updateRecurringRecord($id, $amount, $category, $store, $items, $startdate, $enddate);
            break;
        case 'add_budget_item':
            $db_add_success = BudgetManager::addRecurringRecord($amount, $category, $store, $items, $startdate, $enddate);
            break;
        case 'delete_by_id':
            $db_delete_success = BudgetManager::deleteRecurringRecord($id);
            break;
    }
    $page_title = 'Recurring | Budget';
    $alt_menu = getAddButton() . getBackButton();
    $addModel = new AddModel('Add', 'add_budget_item');
    $addModel->addRow('amount', 'Amount');
    $addModel->addRow('category', 'Category');
    $addModel->addRow('store', 'Store');
<?php

require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $BOOKMARK_ID = request_isset('id');
    $bookmarkManager = new BookmarkManager();
    $record = $bookmarkManager->getRecord($BOOKMARK_ID);
    $page_title = 'Edit | Bookmarks';
    // build edit view
    $editModel = new EditModel('Edit', 'update_by_id', $BOOKMARK_ID);
    $editModel->addRow('title', 'Title', $record->getTitle());
    $editModel->addRow('url', 'URL', $record->getUrl());
    $views_to_load = array();
    $views_to_load[] = ' ' . EditView2::render($editModel);
    include $relative_base_path . 'views/_generic.php';
}
<?php

require_once '../../views/_secureHead.php';
require_once '../../models/_header.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
require_once $relative_base_path . 'auth/_model.php';
if (isset($sessionManager) && $sessionManager->getUserType() == 'ADMIN') {
    require_once 'usertypes.php';
    $id = request_isset("id");
    $user_type = request_isset("user_type");
    $username = request_isset("username");
    $new_password = request_isset("new_password");
    $password = request_isset("password");
    $userManager = new UserManager();
    $authManager = new AuthManager();
    switch ($page_action) {
        case 'update_by_id':
            //$db_update_success = $userManager->updateRecord ($id, $user_type, $username, $password);
            $db_update_success = $authManager->updateRecord($id, $user_type, $username, $new_password);
            break;
        case "add_user":
            //$userManager->addRecord($user_type, $username, $password);
            $db_add_success = $authManager->addUser($user_type, $username, $password);
            break;
        case "delete_by_id":
            //$userManager->deleteRecord ($id);
            $db_delete_success = $authManager->deleteUser($id);
            break;
    }
    $users_data = $userManager->getAllRecords();
<?php

require_once '../../views/_secureHead.php';
require_once '../../models/_header.php';
require_once '../../models/_add.php';
require_once '../../models/_table.php';
if (isset($sessionManager) && $sessionManager->getUserType() == 'ADMIN') {
    $id = request_isset('id');
    $key = request_isset('key');
    $value = request_isset('value');
    $settingsManager = new SettingsManager();
    switch ($page_action) {
        case 'add_setting':
            $settingsManager->addRecord($key, $value);
            break;
        case 'delete_by_id':
            $settingsManager->deleteRecord($id);
            break;
        case 'update_by_id':
            $settingsManager->updateRecord($id, $key, $value);
            break;
    }
    $settings_data = $settingsManager->getAllRecords();
    $page_title = 'Settings';
    $alt_menu = '<a href="#" class="add">Add</a>';
    $addView = new AddView('Add', 'add_setting');
    $addView->addRow('key', 'Key');
    $addView->addRow('value', 'Value');
    $tableView = new TableView(array('Key', 'Value', ''));
    while (($settings_row = mysql_fetch_array($settings_data)) != null) {
        $tableView->addRow(array(TableView::createCell('key', $settings_row['key']), TableView::createCell('value', $settings_row['value']), TableView::createEdit($settings_row['SETTING_ID'])));
<?php

require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/edit.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $id = request_isset('id');
    $record = BudgetManager::getRecurringRecord($id);
    $page_title = 'Edit | Bookmarks';
    // build edit view
    $editModel = new EditModel('Edit', 'update_by_id', $id, 'recurring.php');
    $editModel->addRow('amount', 'Amount', $record['amount']);
    $editModel->addRow('category', 'Category', $record['category']);
    $editModel->addRow('store', 'Store', $record['store']);
    $editModel->addRow('items', 'Items', $record['items']);
    $editModel->addRow('startdate', 'Start date', $record['startDate']);
    $editModel->addRow('enddate', 'End date', $record['endDate']);
    $views_to_load = array();
    $views_to_load[] = ' ' . EditView2::render($editModel);
    include $relative_base_path . 'views/_generic.php';
}
Beispiel #20
0
<?php

require_once '../../views/_secureHead.php';
require_once $relative_base_path . 'models/add.php';
require_once $relative_base_path . 'models/table.php';
require_once $relative_base_path . 'models/button.php';
if (isset($sessionManager) && $sessionManager->isAuthorized()) {
    $id = request_isset('id');
    $year = request_isset('year');
    $month = request_isset('month');
    $store = request_isset('store');
    $dateOption = request_isset('dateOption');
    $selectTimeDate = request_isset('selectTime-date');
    $selectTimeTime = request_isset('selectTime-time');
    // figure out what $date should be
    if ($dateOption == 'dateOption-current') {
        $date = 'CURRENT_TIMESTAMP';
    } else {
        if ($dateOption == 'dateOption-selectTime') {
            $date = "{$selectTimeDate} {$selectTimeTime}";
        }
    }
    $hasTitle = $year != null && $month != null;
    $total_spent = 0;
    $totals = array();
    $index = 0;
    $budget_line_items = '';
    if ($hasTitle) {
        $todayDate = new DateTime("{$year}-{$month}-01 00:00:01");
        $todayDateFormated = date('F Y', $todayDate->getTimestamp());
    }