public function save($isNewAccount = false)
 {
     //create a new database object.
     $db = DB::getInstance();
     if ($isNewAccount) {
         $data = array("userId" => Validation::xss_clean(DB::makeSafe("'{$this->userId}'")), "balance" => Validation::xss_clean(DB::makeSafe("'{$this->balance}'")), "accountNo" => Validation::xss_clean(DB::makeSafe("'{$this->accountNo}'")), "password" => Validation::xss_clean(DB::makeSafe("'{$this->password}'")), "securitytype" => Validation::xss_clean(DB::makeSafe("'{$this->sectype}'")));
         $this->id = $db->insert($data, "ACCOUNTS");
     }
     return true;
 }
Beispiel #2
0
 public function save($isNewUser = false)
 {
     //create a new database object.
     $db = DB::getInstance();
     if ($isNewUser) {
         $data = array("firstName" => DB::makeSafe("'{$this->firstName}'"), "lastName" => DB::makeSafe("'{$this->lastName}'"), "middleName" => DB::makeSafe("'{$this->middleName}'"), "createdDate" => DB::makeSafe("'{$this->createdDate}'"), "isActive" => DB::makeSafe("'{$this->isActive}'"), "emailId" => DB::makeSafe("'{$this->emailId}'"), "mobileNo" => DB::makeSafe("'{$this->mobileNo}'"), "isAdmin" => DB::makeSafe("'{$this->isAdmin}'"));
         $this->id = $db->insert($data, "USERS");
     }
     return true;
 }
 public function isRejected($emailId)
 {
     $db = DB::getInstance();
     $emailId = DB::makeSafe($emailId);
     $result = $db->select('USERS', "emailId = '{$emailId}'");
     if ($result["isActive"] == 2) {
         return true;
     }
     return false;
 }
require_once '../../includes/global.inc.php';

//check to see if they're logged in
if(!isset($_SESSION['logged_in'])) {
    header("Location: banklogin.php");
}

try {
    // Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode.
    NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );

    //get the user object from the session
    $user = unserialize(Validation::xss_clean($_SESSION['user']));

    $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"]));


    if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
        header ("Location: error.php?message=Email Validation Failed");
    }

    $row = mysql_fetch_object(mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1"));
    $accountRow = mysql_fetch_object(mysql_query("SELECT * FROM ACCOUNTS WHERE userId = '$emailId'"));
}
catch (Exception $e) {
    header("Location: error.php");
}

$token = NoCSRF::generate( 'csrf_token' );
Beispiel #5
0
if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }

if (!$userTools->isAdmin($sessionEmailId)) {
    header("Location: banklogin.php");
}



try {

  NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );

  $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"]));

  if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }


  $updateData = array (
      "isAdmin" => 1
    );

  // Make the user active
  $db->update ($updateData, "USERS", "emailId = '$emailToUpdate'");

  //send TAN email to the user 
    $message = Swift_Message::newInstance()
if(!isset($_SESSION['logged_in'])) {
    header("Location: banklogin.php");
}

try
    {
        // Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode.
        NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );

        $result = 'CSRF check passed. Form parsed.';

        //get the user object from the session
        $user = unserialize(Validation::xss_clean($_SESSION['user']));

        $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"]));
        $emailIdparam= Validation::xss_clean(DB::makeSafe($_GET['emailId']));

        if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
            header ("Location: error.php?message=Email Validation Failed");
        }

        if($emailIdparam != "")
            if (filter_var($emailIdparam, FILTER_VALIDATE_EMAIL) != true) {
                header ("Location: error.php?message=Email Validation Failed");
            }

        if (strlen($emailIdparam) != 0)
            if (!$userTools->isAdmin($emailId) && ($emailId != $emailIdparam)) {
                header("Location: banklogin.php");
            }
Beispiel #7
0
        <script>
          alert("Captcha Validation Failed");
        </script>
        <?php
        exit;
    }

    //retrieve the $_POST variables
    $firstName = Validation::xss_clean(DB::makeSafe($_POST["firstName"]));
    $middleName = Validation::xss_clean(DB::makeSafe($_POST["middleName"]));
    $lastName = Validation::xss_clean(DB::makeSafe($_POST["lastName"]));
    $emailId = Validation::xss_clean(DB::makeSafe($_POST["emailId"]));
    $mobileNo = Validation::xss_clean(DB::makeSafe($_POST["mobileNo"]));
    $password = Validation::xss_clean(DB::makeSafe($_POST["password"]));
    $password_confirm = Validation::xss_clean(DB::makeSafe($_POST['retypePassword']));
	$securityType = Validation::xss_clean(DB::makeSafe($_POST['radio']));

    //initialize variables for form validation
    $success = true;
    $userTools = new UserTools();
    
    //validate that the form was filled out correctly
    if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
        $success = false;
        ?>
        <script>
          alert("Email Validation Failed");
        </script>
        <?php
    }
	$data = mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1 AND isAdmin = 1");

	if (mysql_num_rows($data) == 1) {

		$updateData = array (
				"isActive" => 2
			);

		$transactionToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["id"]));

		if (filter_var($transactionToUpdate, FILTER_VALIDATE_INT) != true) {
    		header ("Location: error.php?message=Transaction ID Validation Failed");
	    }

		$emailIdOfTransaction = Validation::xss_clean(DB::makeSafe ($_GET["emailId"]));

		if (filter_var($emailIdOfTransaction, FILTER_VALIDATE_EMAIL) != true) {
    		header ("Location: error.php?message=Email Validation Failed");
 	    }

		$transactionArray = $db->select("TRANSACTIONS", "id = '$transactionToUpdate'");

		// Check to see if the admin is rejecting its own transaction
		if ($emailIdOfTransaction == $emailId) {
			header("Location: error.php?message=You can't reject your own transaction");
			return;
		}


		// Make the transaction rejected
Beispiel #9
0

//check to see if they're logged in
if(!isset($_SESSION['logged_in'])) {
    header("Location: banklogin.php");
}

$function = Validation::xss_clean(DB::makeSafe($_POST["function"]));
$emailId = Validation::xss_clean(DB::makeSafe($_POST["emailId"]));
$amount = Validation::xss_clean(DB::makeSafe($_POST["amount"]));
$iban = Validation::xss_clean(DB::makeSafe($_POST["iban"]));
$bic = Validation::xss_clean(DB::makeSafe($_POST["bic"]));
$tan = DB::makeSafe($_POST["tan"]);
$description = Validation::xss_clean(DB::makeSafe($_POST["description"]));
$isActive = ($amount > 10000) ? 0 : 1;
$password = Validation::xss_clean(DB::makeSafe($_POST["password"]));
$error = "";


if ($function == "transaction") {

	$sessionEmailId = Validation::xss_clean($_SESSION["emailId"]);

	if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) {
        $error.="Email Validation Failed";
    }

	//The Main Validation Begins
	if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
		$error.=" Email Validation Failed ";
	}
    //get the user object from the session
    $user = unserialize(Validation::xss_clean($_SESSION['user']));

    $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"]));

    if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) {
        header ("Location: error.php?message=Email Validation Failed");
    }

    $row = mysql_fetch_object(mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1"));

    if (!empty($_POST)) {

        $currentpassword = Validation::xss_clean(DB::makeSafe($_POST["currentpassword"]));
        $newpassword = Validation::xss_clean(DB::makeSafe($_POST["newpassword"]));
        $confirmnewpassword = Validation::xss_clean(DB::makeSafe($_POST["confirmnewpassword"]));

        // Check if current password is correct
        $userTools = new UserTools();

        if (!$userTools->login($emailId, $currentpassword)) { 
            header ("Location: error.php?message=Current Password Wrong");
            return;
        }

        if ($newpassword != $confirmnewpassword) {
            header ("Location: error.php?message=Confirm Password Wrong");
            return;
        }

        $updateDate = array(
<?php
require_once '../../includes/global.inc.php';
require_once '../../utils/Account.util.php';
require_once '../../includes/mail.inc.php';
require_once '../../utils/Generators.util.php';

//check to see if they're logged in
//if(!isset($_SESSION['logged_in'])) {
//    header("Location: banklogin.php");
//}

$emailToReset = Validation::xss_clean(DB::makeSafe($_GET["mailId"]));

if (filter_var($emailToReset, FILTER_VALIDATE_EMAIL) != true) {
    echo("Email Validation Failed");
    return;
}


try {

	$db = DB::getInstance();
	$db->connect();

	$accData = $db->select("ACCOUNTS", "userId = '$emailToReset'");
	
	
	if (is_array($accData) && $accData["userId"] != "") {

		$password = Generators::randomPasswordGenerate (15);
		$passwordwithqoutes="'".hash('sha512', $password)."'";
Beispiel #12
0
$sessionEmailId = Validation::xss_clean($_SESSION["emailId"]);

if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
}

if (!$userTools->isAdmin($sessionEmailId)) {
    header("Location: banklogin.php");
}

try {
  NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false );

  $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"]));
  $initialAmount = Validation::xss_clean(DB::makeSafe ($_GET["initial_amount"]));

  $updateData = array (
        "isActive" => 1
      );

  // Update the initial balance
  $updateBalanceData = array (
      "balance" => $initialAmount
    );

  if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) {
    header ("Location: error.php?message=Email Validation Failed");
  }