$title = 'Hack Me Sticker'; require './header.php'; $cards = fRecordSet::build('Card', array('uid=' => $_GET['cardid'])); if ($cards->count() == 0) { fURL::redirect("/kiosk/addcard.php?cardid=" . $_GET['cardid']); } $card = $cards->getRecord(0); $user = new User($card->getUserId()); $user->load(); # echo json_encode($_POST); if (isset($_POST['print']) && $user->isMember()) { try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('more_info'); $validator->validate(); $data = array('donor_id' => $user->getId(), 'donor_name' => $user->getFull_Name(), 'donor_email' => $user->getEmail(), 'dispose_date' => date('Y-m-d', strtotime("+2 weeks")), 'more_info' => $_POST['more_info']); $data_string = json_encode($data); $ch = curl_init('http://kiosk.london.hackspace.org.uk:12345/print/hackme'); curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST"); curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Content-Length: ' . strlen($data_string))); $result = curl_exec($ch); curl_close($ch); echo "<p>Your sticker is being printed now.</p>"; } catch (fValidationException $e) { $e->printMessage(); } }
public function testRemoveFieldNamesReorder() { $v = new fValidation(); $v->addRequiredFields('foobar', 'foo', 'baz', 'name'); $v->addOneOrMoreRule('email', 'phone'); $v->setMessageOrder('email', 'foo', 'baz'); $this->assertSame(array('email,phone' => 'Please enter a value for at least one', 'foobar' => 'Please enter a value', 'foo' => 'Please enter a value', 'baz' => 'Please enter a value', 'name' => 'Please enter a value'), $v->validate(TRUE, TRUE)); $this->assertNotSame(array('email,phone' => 'Please enter a value for at least one', 'foo' => 'Please enter a value', 'foobar' => 'Please enter a value', 'baz' => 'Please enter a value', 'name' => 'Please enter a value'), $v->validate(TRUE, TRUE)); }
$page = 'edit'; $title = "Edit your details"; $desc = ''; require '../header.php'; if (!isset($user)) { fURL::redirect('/login.php?forward=/members/edit.php'); } ?> <h2>Edit Your Membership Account</h2> <?php if (isset($_POST['submit'])) { try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('fullname', 'email', 'address', 'length'); $validator->addEmailFields('email'); $validator->validate(); if ($_POST['newpassword'] != '') { if ($_POST['newpassword'] != $_POST['newpasswordconfirm']) { throw new fValidationException('Passwords do not match'); } $user->setPassword(fCryptography::hashPassword($_POST['newpassword'])); } $user->setEmail(strtolower(trim($_POST['email']))); $user->setFullName(trim($_POST['fullname'])); $user->setAddress(trim($_POST['address'])); $user->setSubscriptionPeriod($_POST['length']); $user->setEmergencyName(trim($_POST['emergency_name'])); $user->setEmergencyPhone(trim($_POST['emergency_phone'])); $user->store();
<?php $page = 'login'; require 'header.php'; if ($user) { fURL::redirect('/members'); } if (isset($_POST['submit'])) { try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('password', 'email'); $validator->addEmailFields('email'); $validator->validate(); $users = fRecordSet::build('User', array('email=' => strtolower($_POST['email']))); if ($users->count() == 0) { throw new fValidationException('Invalid username or password.'); } $rec = $users->getRecords(); $user = $rec[0]; if (!fCryptography::checkPasswordHash($_POST['password'], $user->getPassword())) { throw new fValidationException('Invalid username or password.'); } fSession::set('user', $user->getId()); if (fRequest::get('persistent_login', 'boolean')) { fSession::enablePersistence(); } if (isset($_POST['forward'])) { fURL::redirect('http://' . $_SERVER['SERVER_NAME'] . $_POST['forward']); } else { fURL::redirect('/members');
<?php $page = 'membership'; require 'header.php'; if ($user) { fURL::redirect('/members'); } if (isset($_POST['submit'])) { try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('fullname', 'password', 'email', 'address'); $validator->addEmailFields('email'); $validator->validate(); if ($_POST['password'] != $_POST['passwordconfirm']) { throw new fValidationException('Passwords do not match'); } $user = new User(); $user->setEmail(strtolower($_POST['email'])); $user->setFullName($_POST['fullname']); $user->setAddress($_POST['address']); $user->setPassword(fCryptography::hashPassword($_POST['password'])); if (isset($_POST['hackney'])) { $user->setHackney(true); } $user->store(); fSession::set('user', $user->getId()); fURL::redirect('/members'); exit; } catch (fValidationException $e) { echo "<p>" . $e->printMessage() . "</p>";
<?php $page = 'cards'; $title = 'Add card'; $desc = ''; require '../header.php'; if (!isset($user)) { fURL::redirect('/login.php?forward=/members/cards.php'); } if (isset($_POST['submit'])) { try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('uid'); $validator->addRegexRule('uid', '#^[0-9a-fA-F]+$#', 'Not in hex format'); $validator->validate(); $uid = strtoupper($_POST['uid']); if ($uid == '21222324') { /* New Visa cards return this, presumably for privacy */ throw new fValidationException('Non-unique UID. This card cannot be added to the system.'); } $card = new Card(); $card->setUserId($user->getId()); $card->setAddedDate(time()); $card->setUid($uid); $card->store(); fURL::redirect('/members/cards.php'); exit; } catch (fValidationException $e) { echo "<p>" . $e->printMessage() . "</p>"; } catch (fSQLException $e) {
<?php $shells = array('/bin/bash', '/bin/sh', '/bin/zsh'); if ($user->isMember()) { $user_profile = $user->createUsersProfile(); if ($user_profile->getAllowEmail() && $user->getLdapemail() == '') { $email = $user->getEmail(); } else { $email = $user->getLdapemail(); } // Link or unlink a user. if (array_key_exists('create', $_POST) && array_key_exists('token', $_POST)) { $ok = false; try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('ldapuser', 'ldapnthash', 'ldapsshahash', 'ldapshell', 'ldapemail'); $validator->addEmailFields('ldapemail'); $validator->validate(); // Attempt account creation and promotion. if (!preg_match('/^[a-z][a-z0-9_-]{0,31}$/', $_POST['ldapuser'])) { throw new fValidationException('<p>The username must only contain a-z, 0-9 _ and -.</p>'); } $not_allowed_names = array("root" => 1, "daemon" => 1, "bin" => 1, "sys" => 1, "sync" => 1, "games" => 1, "man" => 1, "lp" => 1, "mail" => 1, "news" => 1, "uucp" => 1, "proxy" => 1, "www-data" => 1, "backup" => 1, "list" => 1, "irc" => 1, "gnats" => 1, "nobody" => 1, "libuuid" => 1, "sshd" => 1, "ntp" => 1, "messagebus" => 1, "colord" => 1, "saned" => 1, "openldap" => 1, "avahi" => 1, "mpd" => 1, "radvd" => 1, "quasselcore" => 1, "statd" => 1, "ntop" => 1, "postgres" => 1, "bitlbee" => 1, "smokeping" => 1, "debian-exim" => 1, "snmp" => 1, "asterisk" => 1, "debian-tor" => 1, "privoxy" => 1, "bind" => 1, "dhcpd" => 1, "ircensus" => 1, "cacti" => 1, "mysql" => 1, "hplip" => 1, "haldaemon" => 1, "mosquitto" => 1, "postfix" => 1, "glados" => 1, "boarded" => 1, "board" => 1, "bmeter" => 1, "netometer" => 1, "robonaut" => 1, "postmaster" => 1, "hostmaster" => 1, "webmaster" => 1, "abuse" => 1, "spam" => 1, "billing" => 1, "accounts" => 1, "support" => 1, "techsupport" => 1, "trustees" => 1, "noc" => 1, "security" => 1, "directors" => 1, "contact" => 1, "info" => 1, "property" => 1, "ebay" => 1, "elections" => 1, "accounts" => 1, "membership" => 1, "sysadmin" => 1, "anonymous" => 1, "anon" => 1, "administrator" => 1, "admin" => 1); if (array_key_exists(strtolower($_POST['ldapuser']), $not_allowed_names)) { throw new fValidationException('<p>You are not allowed to use ' . htmlspecialchars($_POST['ldapuser']) . ' as a username.</p>'); } if (!in_array($_POST['ldapshell'], $shells)) { throw new fValidationException('<p>' . htmlspecialchars($_POST['ldapshell']) . ' is not a valid shell.</p>'); } if (!preg_match('/^[A-F0-9]{32}$/', $_POST['ldapnthash'])) { throw new fValidationException('<p>That dosn\'t look like an NT hash</p>');
function build_json_response() { if (!isset($_POST['json'])) { return array('error' => array('message' => "No JSON found")); } $data = json_decode($_POST['json'], true); if (!$data) { return array('error' => array('message' => "JSON could not be decoded")); } $_POST = $data; // fValidation inspects $_POST for field data $validator = new fValidation(); $validator->addRequiredFields('title', 'details', 'venue', 'address', 'organizer', 'email', 'read_comic'); $validator->addEmailFields('email'); $validator->addRegexReplacement('#^(.*?): (.*)$#', '\\2 for <span class="field-name">\\1</span>'); // If id is specified require secret $validator->addConditionalRule(array('id'), NULL, array('secret')); $messages = $validator->validate(TRUE, TRUE); if (!$data['read_comic']) { $messages['read_comic'] = 'You must have read the Ride Leading Comic'; } if ($messages) { return array('error' => array('message' => 'There were errors in your fields', 'fields' => $messages)); } $inputDateStrings = get($data['dates'], array()); $validDates = array(); $invalidDates = array(); foreach ($inputDateStrings as $dateString) { $date = DateTime::createFromFormat('Y-m-d', $dateString); if ($date) { $validDates[] = $date; } else { $invalidDates[] = $dateString; } } if ($invalidDates) { $messages['dates'] = "Invalid dates: " . implode(', ', $invalidDates); } if (count($validDates) === 1) { $data['datestype'] = 'O'; $data['datestring'] = date_format($validDates[0], 'l, F j'); } else { // not dealing with 'consecutive' $data['datestype'] = 'S'; $data['datestring'] = 'Scattered days'; } // Converts data to an event, loading the existing one if id is included in data $event = Event::fromArray($data); // Else if ($event->exists() && !$event->secretValid($data['secret'])) { return array('error' => array('message' => 'Invalid secret, use link from email')); } $messages = $event->validate($return_messages = TRUE, $remove_column_names = TRUE); if (isset($_FILES['file'])) { $uploader = new fUpload(); $uploader->setMIMETypes(array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png'), 'The file uploaded is not an image'); $uploader->setMaxSize('2MB'); $uploader->setOptional(); $file_message = $uploader->validate('file', TRUE); if ($file_message != null) { $messages['file'] = $file_message; } global $IMAGEDIR; $file = $uploader->move($IMAGEDIR, 'file'); $event->setImage($file->getName()); } if ($messages) { return array('error' => array('message' => 'There were errors in your fields', 'fields' => $messages)); } // if needs secret generate and email if (!$event->exists()) { $includeSecret = true; } else { $includeSecret = false; } // If there are validation errors this starts spewing html, so we validate before $event->store(); // Create/delete EventTimes to match the list of dates included EventTime::matchEventTimesToDates($event, $validDates); // Returns the created object $details = $event->toDetailArray(true); if ($includeSecret) { $details['secret'] = $event->getPassword(); // Wait until after it is stored to ensure it has an id $event->emailSecret(); } return $details; }
} $user->setPassword(fCryptography::hashPassword($_POST['password'])); $user->store(); fURL::redirect('/login.php'); exit; } catch (fValidationException $e) { echo "<p>" . $e->printMessage() . "</p>"; } catch (fSQLException $e) { echo "<p>An unexpected error occurred, please try again later</p>"; trigger_error($e); } } elseif (isset($_POST['sendtoken'])) { try { fRequest::validateCSRFToken($_POST['token']); $validator = new fValidation(); $validator->addRequiredFields('email'); $validator->validate(); $user = new User(array('email' => $_POST['email'])); $token = $user->getResetPasswordToken(); $email = new fEmail(); $email->addRecipient($user->getEmail()); $email->setFromEmail('*****@*****.**', 'London Hackspace'); $email->setSubject('London Hackspace Password Reset'); $name = $user->getFullName(); $email->setBody("Hi {$name},\n\nYou (or someone pretending to be you) requested a password reset for your\nLondon Hackspace account. To reset your password, go to this address:\n\nhttp://{$_SERVER['SERVER_NAME']}/passwordreset.php?token={$token}\n\nIf you don't want to reset your password, just ignore this email.\n\nCheers,\n\nThe London Hackspace email monkey\n"); $email->send(); echo "<p>An email has been sent to you with further instructions.</p>"; } catch (fNotFoundException $e) { ?> <p>No user exists with that email address. <a href="signup.php">Sign up</a>? Or <a href="passwordreset.php">try again</a>?</p>
public function testCombo() { $this->setExpectedException('fValidationException'); $_GET['email'] = 'This is a test'; try { $v = new fValidation(); $v->addRequiredFields('foo', 'bar'); $v->addEmailFields('email'); $v->validate(); } catch (fValidationException $e) { $this->assertContains('Foo: Please enter a value', $e->getMessage()); $this->assertContains('Bar: Please enter a value', $e->getMessage()); $this->assertContains('Email: Please enter an email address in the form name@example.com', $e->getMessage()); throw $e; } }
} catch (fNoRowsException $e) { // Add the MediaWiki user to the 'sysop' group. $db->translatedQuery('INSERT INTO user_groups VALUES (%i,\'sysop\')', $user); } } elseif (array_key_exists('unlink', $_POST)) { // Delete the MediaWiki user from the 'sysop' group. $db->translatedQuery('DELETE FROM user_groups WHERE ug_user=%i AND ug_group=\'sysop\'', $user); } } catch (fNoRowsException $e) { echo '<p>That wiki account does not have a confirmed e-mail that matches the e-mail of your Hackspace account.</p>'; } } elseif (array_key_exists('create', $_POST)) { fRequest::validateCSRFToken($_POST['token']); try { $validator = new fValidation(); $validator->addRequiredFields('username', 'password'); $validator->validate(); if ($_POST['password'] !== $_POST['passwordconfirm']) { throw new fValidationException('<p>Passwords do not match.</p>'); } // Attempt account creation and promotion. $username = escapeshellarg($_POST['username']); $password = escapeshellarg($_POST['password']); $success = trim(shell_exec("unset REQUEST_METHOD;php {$path}maintenance/createAndPromote.php --globals {$username} {$password} 2>&1 1> /dev/null")); if ($success === 'account exists.') { throw new fValidationException('<p>An account on the wiki with that username already exists.</p>'); } elseif ($success !== '') { throw new fValidationException('<p>An unknown error ocurred while creating that wiki account, please contact IRC.</p>'); } else { // Update e-mail address for created user. $username = $_POST['username'];