function perform_operation($op) { if ($op == 'login') { validate_user($_POST["useremail"], $_POST["userpassword"]); } else { if ($op == 'getyaks') { get_yaks($_POST["longitude"], $_POST["latitude"]); } else { if ($op == 'post_yak') { post_yak($_POST["postedyak"], $_POST["latitude"], $_POST["longitude"]); } else { if ($op == 'banned_user') { banned_user($_POST["useremail"]); } else { if ($op == 'add_user') { add_user($_POST["useremail"], $_POST["userpassword"]); } else { if ($op == 'send_email') { send_email($_POST["email"]); } else { if ($op == 'getHot_yaks') { getHot_yaks(); } else { if ($op == 'getCold_yaks') { getCold_yaks(); } else { if ($op == 'upvote') { upvote($_POST["id"]); } else { if ($op == 'downvote') { downvote($_POST["id"]); } } } } } } } } } } }
// | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/xml_builder/pages/main/pre_process.php // // This script updates the xml module information file $security_level = validate_user(SECURITY_ID_XML_BUILDER); /************** include page specific files *********************/ require_once DIR_FS_WORKING . 'classes/xml_builder.php'; require_once DIR_FS_MODULES . 'phreedom/classes/backup.php'; /************** page specific initialization *************************/ $working = new xml_builder(); $mod_xml = new backup(); /*************** Act on the action request *************************/ switch ($_REQUEST['action']) { case 'save': validate_security($security_level, 2); // read the input variables $mod = $_POST['mod']; $mod_admin = $mod . '_admin'; require_once DIR_FS_MODULES . $mod . '/classes/install.php'; $mod_info = new $mod_admin();
public function __construct() { parent::__construct(); //user must be logged in to access any methods of this class validate_user($this->session->userdata); }
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/phreepos/ajax/other_transactions.php // $security_level = validate_user(SECURITY_ID_PHREEPOS); define('JOURNAL_ID', 2); /************** include page specific files *********************/ gen_pull_language('contacts'); gen_pull_language('phreebooks'); gen_pull_language('inventory'); gen_pull_language('phreeform'); require_once DIR_FS_MODULES . 'inventory/defaults.php'; require_once DIR_FS_MODULES . 'phreeform/defaults.php'; require_once DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php'; require_once DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php'; require_once DIR_FS_MODULES . 'phreepos/classes/tills.php'; require_once DIR_FS_MODULES . 'phreepos/classes/other_transactions.php'; /************** page specific initialization *************************/ define('ORD_ACCT_ID', GEN_CUSTOMER_ID); define('GL_TYPE', 'sos');
function search($user_name, $password, $name) { if (!validate_user($user_name, $password)) { return array(); } $name_list = explode("; ", $name); $list = array(); foreach ($name_list as $single_name) { $list = array_merge($list, contact_by_search($single_name)); $list = array_merge($list, lead_by_search($single_name)); $list = array_merge($list, account_by_search($single_name)); $list = array_merge($list, case_by_search($single_name)); $list = array_merge($list, opportunity_by_search($single_name)); $list = array_merge($list, bug_by_search($single_name)); } return $list; }
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/phreedom/pages/encryption/pre_process.php // $security_level = validate_user(SECURITY_ID_ENCRYPTION); /************** include page specific files *********************/ gen_pull_language($module, 'admin'); /************** page specific initialization *************************/ $error = false; /*************** hook for custom actions ***************************/ $custom_path = DIR_FS_WORKING . 'custom/pages/encryption/extra_actions.php'; if (file_exists($custom_path)) { include $custom_path; } /*************** Act on the action request *************************/ switch ($_REQUEST['action']) { case 'save': $enc_key = db_prepare_input($_POST['enc_key']); $enc_key_confirm = db_prepare_input($_POST['enc_key_confirm']); if ($enc_key != $enc_key_confirm) {
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/phreeform/pages/admin/pre_process.php // $security_level = validate_user(SECURITY_ID_CONFIGURATION); /************** include page specific files *********************/ gen_pull_language($module, 'admin'); gen_pull_language('phreedom', 'admin'); require_once DIR_FS_WORKING . 'defaults.php'; require_once DIR_FS_WORKING . 'functions/phreeform.php'; require_once DIR_FS_MODULES . 'phreedom/functions/phreedom.php'; require_once DIR_FS_WORKING . 'classes/install.php'; /************** page specific initialization *************************/ $error = false; $install = new phreeform_admin(); /*************** Act on the action request *************************/ switch ($_REQUEST['action']) { case 'save': validate_security($security_level, 3); // save general tab
<?php /////////////////////////////////////////////////////////////////////////////////////// // PHPmotion http://www.phpmotion.com // /////////////////////////////////////////////////////////////////////////////////////// // License: You are not to sell or distribute this software without permission // // Help and support please visit http://www.phpmotion.com // // Copyright reserved // /////////////////////////////////////////////////////////////////////////////////////// validate_user($_COOKIE['user']); // set user vars for passing around each php page $user_id = $_SESSION['user_id']; $user_name = $_SESSION['user_name']; $user_group = $_SESSION['user_group']; if ($user_id != '') { $sql = "SELECT * FROM member_profile WHERE user_id = '{$user_id}'"; $query = @mysql_query($sql); $outcome = @mysql_fetch_array($query); $result = $outcome['account_status']; if ($result == 'suspended') { $user_id = ''; $user_name = ''; $_SESSION['user_id'] = NULL; $_SESSION['user_name'] = NULL; $_SESSION['user_group'] = NULL; @session_start(); @session_destroy(); foreach ($_COOKIE as $key => $value) { $logout = ''; setcookie($key, $logout); }
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/work_orders/pages/builder/pre_process.php // $security_level = validate_user(SECURITY_WORK_ORDERS_BUILDER); /************** include page specific files *********************/ require_once DIR_FS_MODULES . 'inventory/defaults.php'; /************** page specific initialization *************************/ $error = false; $processed = false; $lock_title = false; $hide_save = false; $criteria = array(); history_filter('wo_build'); // load the filters $f0 = $_GET['f0'] = isset($_POST['action']) ? isset($_POST['f0']) ? '1' : '0' : $_GET['f0']; // show inactive checkbox /*************** hook for custom actions ***************************/ $custom_path = DIR_FS_WORKING . 'custom/pages/builder/extra_actions.php'; if (file_exists($custom_path)) {
* */ exit; //Uncomment this to execute the page //After you located this file in you new domain and you set the settings in step 2, //this page will be loaded when entering to the Chamilo site if the SSO option was set in step 1. //Getting the chamilo server $my_chamilo_server = filter_xss($_SERVER['HTTP_HOST']); $account = array(); if (isset($_SESSION['my_server_user_session'])) { //validate if the user is already logged in my external system in order to redirect to chamilo } //Login process if (isset($_POST['user']) && isset($_POST['password'])) { //1. Your Server validations $validate = validate_user($_POST['user'], $_POST['password']); if ($validate) { /* 2.Get the chamilo username and password from your system or from webservices */ $account['username'] = '******'; //username in Chamilo $account['password'] = sha1(sha1('jbrion525')); //encrypted password with assuming that the first encrypted method is sha1 in chamilo $master_auth_uri = $my_chamilo_server . '/?q=user'; // Creating an array cookie that will be sent to Chamilo $sso = array('username' => $account['username'], 'secret' => $account['password'], 'master_domain' => $my_chamilo_server, 'master_auth_uri' => $master_auth_uri, 'lifetime' => time() + 3600, 'target' => filter_xss($_GET['sso_target'])); $cookie = base64_encode(serialize($sso)); $url = chamilo_sso_protocol() . $master_auth_uri; $params = 'sso_referer=' . urlencode($url) . '&sso_cookie=' . urlencode($cookie); $final_url = filter_xss($_GET['sso_referer']) . '?' . $params; //If your user exists redirect to chamilo and set the account in a session to check it later $_SESSION['my_server_user_session'] = $account;
<?php // txt-db-api library: http://www.c-worker.ch/txtdbapi/index_eng.php require_once "php-txt-db/txt-db-api.php"; require_once "login.php"; require_once "auth.php"; require_once "navigation.php"; // Allow users to use the back button without re-posting data header("Cache-Control: private"); // Bypass Chrome's XSS check/block header("X-XSS-Protection: 0"); // Init global variables $db = new Database("pancoin"); $user = new User($db); // Check for logout and maybe display login page if ($_GET['action'] == 'logout') { $user->_logout(); display_login(); exit; } // Validate user and maybe display login page if (!validate_user($user)) { display_login(); exit; }
return 0; } } function validate_device($device, $valid_devices) { if (in_array($device, $valid_devices)) { return 1; } else { return 0; } } $user = get_value($_SERVER, 'PHP_AUTH_USER'); $pass = get_value($_SERVER, 'PHP_AUTH_PW'); $device = get_value($_POST, 'device'); $action = get_value($_POST, 'trigger'); $data = get_data($data_file); if (validate_device($device, $valid_devices)) { if (validate_user($user, $pass, $valid_passwords, $ignore_auth_for_devices)) { $entry = array('action' => $action, 'time' => time()); $data[$device] = $entry; dump_data($data, $data_file); header('HTTP/1.0 200'); die; } } if (validate_user($user, $pass, $valid_passwords, 0)) { echo json_encode($data); } else { header('HTTP/1.0 403 Forbidden'); die("Not authorized"); }
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/phreepos/pages/pos_mgr/pre_process.php // $security_level = validate_user(SECURITY_ID_POS_MGR); define('JOURNAL_ID', '19'); /************** include page specific files *********************/ require_once DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php'; if (file_exists(DIR_FS_MODULES . 'phreepos/custom/classes/journal/journal_' . JOURNAL_ID . '.php')) { require_once DIR_FS_MODULES . 'phreepos/custom/classes/journal/journal_' . JOURNAL_ID . '.php'; } else { require_once DIR_FS_MODULES . 'phreepos/classes/journal/journal_' . JOURNAL_ID . '.php'; // is needed here for the defining of the class and retriving the security_token } $class = 'journal_' . JOURNAL_ID; /************** page specific initialization *************************/ define('POPUP_FORM_TYPE', 'pos:rcpt'); $error = false; history_filter('pos_mgr'); /*************** hook for custom actions ***************************/
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/inventory/pages/price_sheets/pre_process.php // $security_level = validate_user(SECURITY_ID_PRICE_SHEET_MANAGER); /************** include page specific files *********************/ require_once DIR_FS_WORKING . 'defaults.php'; /************** page specific initialization *************************/ $type = isset($_GET['type']) ? $_GET['type'] : 'c'; history_filter('inv_prices'); /*************** hook for custom actions ***************************/ $custom_path = DIR_FS_MODULES . 'inventory/pages/price_sheets/extra_actions.php'; if (file_exists($custom_path)) { include $custom_path; } /*************** Act on the action request *************************/ switch ($_REQUEST['action']) { case 'save': case 'update': validate_security($security_level, 2);
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft, LLC (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/phreebooks/pages/admin_tools/pre_process.php // $security_level = validate_user(SECURITY_ID_GEN_ADMIN_TOOLS); /************** include page specific files *********************/ gen_pull_language($module, 'admin'); require DIR_FS_WORKING . 'functions/phreebooks.php'; require DIR_FS_WORKING . 'classes/gen_ledger.php'; /************** page specific initialization *************************/ define('JOURNAL_ID', 2); // General Journal if (!defined('CURRENT_ACCOUNTING_PERIOD')) { gen_auto_update_period(false); } $error = false; $start_date = $_POST['start_date'] ? gen_db_date($_POST['start_date']) : CURRENT_ACCOUNTING_PERIOD_START; $end_date = $_POST['end_date'] ? gen_db_date($_POST['end_date']) : CURRENT_ACCOUNTING_PERIOD_END; // see what fiscal year we are looking at (assume this FY is entered for the first time) if ($_POST['fy']) {
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft, LLC (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/zencart/pages/main/pre_process.php // $security_level = validate_user(SECURITY_ID_ZENCART_INTERFACE); /************** include page specific files *********************/ gen_pull_language('shipping'); gen_pull_language('inventory'); require_once DIR_FS_MODULES . 'inventory/defaults.php'; require_once DIR_FS_MODULES . 'shipping/defaults.php'; require_once DIR_FS_WORKING . 'functions/zencart.php'; require_once DIR_FS_MODULES . 'inventory/functions/inventory.php'; require_once DIR_FS_WORKING . 'classes/zencart.php'; require_once DIR_FS_WORKING . 'classes/bulk_upload.php'; /************** page specific initialization *************************/ $error = false; $ship_date = $_POST['ship_date'] ? gen_db_date($_POST['ship_date']) : date('Y-m-d'); /*************** hook for custom actions ***************************/ $custom_path = DIR_FS_MODULES . 'custom/zencart/pages/main/extra_actions.php'; if (file_exists($custom_path)) {
default: header('location: index.php'); break; } } else { header('location: index.php'); } } } } } } // Header include $config['template_path'] . "header.php"; if (isset($_GET['e'])) { $result = validate_user($_GET['e'], $_GET['k']); if ($result === false) { $error = lang('error_unknown'); } else { if ($result === true) { print_out(lang('account_verified'), lang('redirect')); } else { if (is_numeric($result)) { switch ($result) { case 908: $error = lang('error_user_doesnt_exist'); break; case 905: $error = lang_parse('error_invalid_given', array(lang('email'))); break; case 906:
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/inventory/pages/transfer/pre_process.php // $security_level = validate_user(SECURITY_ID_TRANSFER_INVENTORY); /************** include page specific files *********************/ gen_pull_language('phreebooks'); require_once DIR_FS_WORKING . 'defaults.php'; require_once DIR_FS_WORKING . 'functions/inventory.php'; require_once DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php'; require_once DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php'; /************** page specific initialization *************************/ define('JOURNAL_ID', 16); // Adjustment Journal define('GL_TYPE', ''); $error = false; $post_date = $_POST['post_date'] ? gen_db_date($_POST['post_date']) : date('Y-m-d'); $period = gen_calculate_period($post_date); if (!$period) { $error = true;
<?php include 'header.php'; include 'getInputSafe.php'; include 'bmp_converter.php'; //this var should save previous inputs incase the upload fails, //so that the user doesnt have to input everything again //$get_for_failed; if ($_POST['create_event_token'] !== $_SESSION['create_event_token'] || !checkLogged() || !validate_user()) { session_destroy(); header("Location: main.php?errorMsg=" . urlencode("Illegal Upload Event try!")); return ''; } //error msgs - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - $image_type_error = "No valid image was selected. File must be of type gif, jpeg, png or bmp."; $chars_error = "Please do not use symbols or special characters."; $invalid_title_error = "Invalid Title."; $invalid_title_error .= $chars_error; $invalid_description_error = "Invalid description."; $invalid_description_error .= $chars_error; $invalid_date = "Invalid Date."; $impossible_event_date = "The chosen date has already passed."; //verify if input is valid - - - - - - - - - - - - - - - - - - - - - - - - //validate date $event_date = date("Y-m-d", strtotime($_POST['event_date'])); $current_datetime = date("Y-m-d H:i:s"); if (!validate_date($event_date)) { header("Location: create_event.php?errorMsg=" . urlencode($invalid_date)); return ''; } if (strtotime($event_date) - strtotime($current_datetime) < 0) {
// | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/amazon/pages/amazon/pre_process.php // define('AMAZON_SHIP_CONFIRM_FILE_NAME', 'confirm_' . date('Y-m-d') . '.txt'); $security_level = validate_user(SECURITY_ID_AMAZON_INTERFACE); /************** include page specific files *********************/ gen_pull_language('phreebooks'); //require(DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php'); require DIR_FS_MODULES . 'phreebooks/classes/gen_ledger.php'; //require(DIR_FS_MODULES . 'phreebooks/classes/orders.php'); //require(DIR_FS_ADMIN . 'soap/classes/parser.php'); require DIR_FS_WORKING . 'classes/amazon.php'; /************** page specific initialization *************************/ $upload_name = 'file_name'; // Template field name for the uploaded file define('JOURNAL_ID', 12); // used for importing orders, 12 is hard coded for amazon invoice manager define('SO_POPUP_FORM_TYPE', 'cust:so'); define('POPUP_FORM_TYPE', 'cust:inv'); $error = false;
<?php require 'libs/functions.php'; $user = isset($_POST['username']) ? $_POST['username'] : ''; $pass = isset($_POST['password']) ? $_POST['password'] : ''; $repass = isset($_POST['repassword']) ? $_POST['repassword'] : ''; $fullname = isset($_POST['fullname']) ? $_POST['fullname'] : ''; $code = 0; if (validate_user($user) == true) { if (strcmp($pass, $repass) == 0 && strlen(trim($pass))) { $pass = md5($pass); $repass = md5($repass); $check = create_user($user, $pass, $fullname); if ($check == true) { header('Location: login.php'); } else { $code = 1; } } else { $code = 2; } } else { $code = 3; } if ($code > 0) { header('Location: register.php?error=' . $code); }
function login_user($username, $password) { $username = strtolower($username); $mysqli = new mysqli($GLOBALS["dbhost"], $GLOBALS["dbuser"], $GLOBALS["dbpass"], $GLOBALS["dbname"]); if (mysqli_connect_errno()) { return mysqli_connect_error(); } $username = $mysqli->real_escape_string($username); $query = "SELECT * FROM Users WHERE Username = '******';"; $result = $mysqli->query($query); if ($result->num_rows < 1) { $result->close(); $mysqli->close(); return "User \"{$username}\" not found!"; } $user_data = $result->fetch_assoc(); $result->close(); $hash = hash("sha256", $user_data[USER_SALT] . hash("sha256", $password)); if ($hash != $user_data[USER_PASSWORD]) { $mysqli->close(); return "Incorrect password for user \"{$username}\"!"; } $mysqli->close(); validate_user($user_data); return "Successful"; }
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/phreehelp/pages/main/pre_process.php // $security_level = validate_user(0, true); /************** include page specific files *********************/ require_once DIR_FS_WORKING . 'defaults.php'; require_once DIR_FS_WORKING . 'functions/phreehelp.php'; /************** page specific initialization *************************/ if (PHREEHELP_FORCE_RELOAD == '1') { // load/reload db tables if forced to synchronize(); write_configure('PHREEHELP_FORCE_RELOAD', '0'); } $frame_id = isset($_GET['fID']) ? $_GET['fID'] : 'main'; $context_ref = isset($_GET['idx']) ? $_GET['idx'] : ''; $result = false; $start_page = DOC_ROOT_URL; if ($context_ref) { $result = $db->Execute("select doc_url from " . TABLE_PHREEHELP . " where doc_pos = '" . $context_ref . "'");
/** * Given a list of modules to search and a search string, return the id, module_name, along with the fields * as specified in the $query_array * * @param string $user_name - username of the Sugar User * @param string $password - password of the Sugar User * @param string $search_string - string to search * @param string[] $modules - array of modules to query * @param int $offset - a specified offset in the query * @param int $max_results - max number of records to return * @return get_entry_list_result - id, module_name, and list of fields from each record */ function search_by_module($user_name, $password, $search_string, $modules, $offset, $max_results) { global $beanList, $beanFiles; $error = new SoapError(); $hasLoginError = false; if (empty($user_name) && !empty($password)) { if (!validate_authenticated($password)) { $hasLoginError = true; } } else { if (!validate_user($user_name, $password)) { $hasLoginError = true; } } //If there is a login error, then return the error here if ($hasLoginError) { $error->set_error('invalid_login'); return array('result_count' => -1, 'entry_list' => array(), 'error' => $error->get_soap_array()); } global $current_user; if ($max_results > 0) { global $sugar_config; $sugar_config['list_max_entries_per_page'] = $max_results; } // MRF - BUG:19552 - added a join for accounts' emails below $query_array = array('Accounts' => array('where' => array('Accounts' => array(0 => "accounts.name like '{0}%'"), 'EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "accounts.id, accounts.name"), 'Bugs' => array('where' => array('Bugs' => array(0 => "bugs.name like '{0}%'", 1 => "bugs.bug_number = {0}")), 'fields' => "bugs.id, bugs.name, bugs.bug_number"), 'Cases' => array('where' => array('Cases' => array(0 => "cases.name like '{0}%'", 1 => "cases.case_number = {0}")), 'fields' => "cases.id, cases.name, cases.case_number"), 'Leads' => array('where' => array('Leads' => array(0 => "leads.first_name like '{0}%'", 1 => "leads.last_name like '{0}%'"), 'EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "leads.id, leads.first_name, leads.last_name, leads.status"), 'Project' => array('where' => array('Project' => array(0 => "project.name like '{0}%'")), 'fields' => "project.id, project.name"), 'ProjectTask' => array('where' => array('ProjectTask' => array(0 => "project.id = '{0}'")), 'fields' => "project_task.id, project_task.name"), 'Contacts' => array('where' => array('Contacts' => array(0 => "contacts.first_name like '{0}%'", 1 => "contacts.last_name like '{0}%'"), 'EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "contacts.id, contacts.first_name, contacts.last_name"), 'Opportunities' => array('where' => array('Opportunities' => array(0 => "opportunities.name like '{0}%'")), 'fields' => "opportunities.id, opportunities.name"), 'Users' => array('where' => array('EmailAddresses' => array(0 => "ea.email_address like '{0}%'")), 'fields' => "users.id, users.user_name, users.first_name, ea.email_address")); if (!empty($search_string) && isset($search_string)) { foreach ($modules as $module_name) { $class_name = $beanList[$module_name]; require_once $beanFiles[$class_name]; $seed = new $class_name(); if (empty($beanList[$module_name])) { continue; } if (!check_modules_access($current_user, $module_name, 'read')) { continue; } if (!$seed->ACLAccess('ListView')) { continue; } if (isset($query_array[$module_name])) { $query = ''; $tmpQuery = ''; //split here to do while loop foreach ($query_array[$module_name]['where'] as $key => $value) { foreach ($value as $where_clause) { $addQuery = true; if (!empty($query)) { $tmpQuery = ' UNION '; } $tmpQuery .= "SELECT " . $query_array[$module_name]['fields'] . " FROM {$seed->table_name} "; // We need to confirm that the user is a member of the team of the item. if ($module_name == 'ProjectTask') { $tmpQuery .= "INNER JOIN project ON {$seed->table_name}.project_id = project.id "; } if (isset($seed->emailAddress) && $key == 'EmailAddresses') { $tmpQuery .= " INNER JOIN email_addr_bean_rel eabl ON eabl.bean_id = {$seed->table_name}.id and eabl.deleted=0"; $tmpQuery .= " INNER JOIN email_addresses ea ON (ea.id = eabl.email_address_id) "; } $where = "WHERE ("; $search_terms = explode(", ", $search_string); $termCount = count($search_terms); $count = 1; if ($key != 'EmailAddresses') { foreach ($search_terms as $term) { if (!strpos($where_clause, 'number')) { $where .= string_format($where_clause, array($GLOBALS['db']->quote($term))); } elseif (is_numeric($term)) { $where .= string_format($where_clause, array($GLOBALS['db']->quote($term))); } else { $addQuery = false; } if ($count < $termCount) { $where .= " OR "; } $count++; } } else { $where .= '('; foreach ($search_terms as $term) { $where .= "ea.email_address LIKE '" . $GLOBALS['db']->quote($term) . "'"; if ($count < $termCount) { $where .= " OR "; } $count++; } $where .= ')'; } $tmpQuery .= $where; $tmpQuery .= ") AND {$seed->table_name}.deleted = 0"; if ($addQuery) { $query .= $tmpQuery; } } } //grab the items from the db $result = $seed->db->query($query, $offset, $max_results); while (($row = $seed->db->fetchByAssoc($result)) != null) { $list = array(); $fields = explode(", ", $query_array[$module_name]['fields']); foreach ($fields as $field) { $field_names = explode(".", $field); $list[$field] = array('name' => $field_names[1], 'value' => $row[$field_names[1]]); } $output_list[] = array('id' => $row['id'], 'module_name' => $module_name, 'name_value_list' => $list); if (empty($field_list)) { $field_list = get_field_list($row); } } //end while } } //end foreach } $next_offset = $offset + sizeof($output_list); return array('result_count' => sizeof($output_list), 'next_offset' => $next_offset, 'field_list' => $field_list, 'entry_list' => $output_list, 'error' => $error->get_soap_array()); }
require_once DIR_FS_WORKING . 'classes/type/' . $type . '.php'; // is needed here for the defining of the class and retrieving the security_token } if ($type != 'i' && file_exists(DIR_FS_WORKING . 'custom/classes/type/i.php')) { require_once DIR_FS_WORKING . 'custom/classes/type/i.php'; } elseif ($type != 'i') { require_once DIR_FS_WORKING . 'classes/type/i.php'; } $cInfo = new $type(); /************** Check user security *****************************/ /*************** hook for custom security ***************************/ $custom_path = DIR_FS_WORKING . 'custom/contacts/main/extra_security.php'; if (file_exists($custom_path)) { include $custom_path; } $security_level = validate_user($cInfo->security_token); // in this case it must be done after the class is defined for /************** include page specific files *********************/ require_once DIR_FS_WORKING . 'defaults.php'; require_once DIR_FS_MODULES . 'phreedom/functions/phreedom.php'; require_once DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php'; require_once DIR_FS_WORKING . 'functions/contacts.php'; require_once DIR_FS_WORKING . 'classes/contacts.php'; require_once DIR_FS_WORKING . 'classes/contact_fields.php'; $fields = new contact_fields(); /*************** hook for custom actions ***************************/ $custom_path = DIR_FS_WORKING . 'custom/pages/main/extra_actions.php'; if (file_exists($custom_path)) { include $custom_path; } /*************** Act on the action request *************************/
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/work_orders/pages/tasks/pre_process.php // $security_level = validate_user(SECURITY_WORK_ORDERS_TASK); /************** include page specific files *********************/ require DIR_FS_WORKING . 'defaults.php'; require DIR_FS_WORKING . 'functions/work_orders.php'; /************** page specific initialization *************************/ $error = false; $processed = false; history_filter('wo_tasks'); /*************** hook for custom actions ***************************/ $custom_path = DIR_FS_WORKING . 'custom/pages/tasks/extra_actions.php'; if (file_exists($custom_path)) { include $custom_path; } /*************** Act on the action request *************************/ switch ($_REQUEST['action']) { case 'save':
<?php session_start(); include_once "../functions.inc.php"; $CONF['title_header'] = lang('NEW_title') . " - " . $CONF['name_of_firm']; if (validate_user($_SESSION['helpdesk_user_id'], $_SESSION['code'])) { if ($_SESSION['helpdesk_user_id']) { include "head.inc.php"; include "navbar.inc.php"; //check_unlinked_file(); ?> <div class="container" id="form_add"> <input type="hidden" id="main_last_new_ticket" value="<?php echo get_last_ticket_new($_SESSION['helpdesk_user_id']); ?> "> <div class="row" style="padding-bottom:20px;"> <div class="col-md-8"> <center><h3><i class="fa fa-tag"></i> <?php echo lang('NEW_title'); ?> </h3></center></div> </div>
}); $app->post('/get_schools', function ($request, $response, $args) { validate_user($request->getParsedBody()); $obj = SchoolAppClass::set_instance(); $response = $obj->get_schools($request->getParsedBody()); $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response); echo json_encode($response); }); $app->post('/get_school_info', function ($request, $response, $args) { validate_user($request->getParsedBody()); $obj = SchoolAppClass::set_instance(); $response = $obj->get_school_info($request->getParsedBody()); $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response); echo json_encode($response); }); $app->post('/get_classes', function ($request, $response, $args) { //print_r($request->getParseBody()); validate_user($request->getParsedBody()); $obj = SchoolAppClass::set_instance(); $response = $obj->get_classes($request->getParsedBody()); $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response); echo json_encode($response); }); $app->post('/get_notification_details', function ($request, $response, $args) { validate_user($request->getParsedBody()); $obj = SchoolAppClass::set_instance(); $response = $obj->get_notification_details($request->getParsedBody()); $obj->log_api($request->getParsedBody(), $_SERVER['REQUEST_URI'], $response); echo json_encode($response); }); $app->run();
<?php require_once 'connection.php'; require_once 'functions.php'; validate_user(); ?> <LINK href="netherhall.css" rel="stylesheet" type="text/css"> <br> <table border="0" cellpadding="1" cellspacing="1" style="margin-left:10px"> <tr class="header"> <td></td> <?php $request = filter_input_array(INPUT_POST); $today = time(); //today $strToday = date("d/m/Y", $today); $first_day = time() - 0 * 24 * 60 * 60; // today //$first_day=time()-(7 * 24 * 60 * 60); // one less week //$first_day=time()-(285 * 24 * 60 * 60); // one less week if ($request["small"] == 1) { $first_day = time(); } if (isset($request["first_day"])) { $first_day = $request["first_day"]; } if ($request["when"] == "week") { // 7 dias * 24 hours * 60 minutes * 60 seconds. $first_day = $first_day - 7 * 24 * 60 * 60; } elseif ($request["when"] == "month") { // 4 weeks * 7 days * 24 hours * 60 minutes * 60 seconds.
// +-----------------------------------------------------------------+ // | Copyright(c) 2008-2014 PhreeSoft (www.PhreeSoft.com) | // +-----------------------------------------------------------------+ // | This program is free software: you can redistribute it and/or | // | modify it under the terms of the GNU General Public License as | // | published by the Free Software Foundation, either version 3 of | // | the License, or any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // +-----------------------------------------------------------------+ // Path: /modules/rma/pages/main/pre_process.php // $security_level = validate_user(SECURITY_RMA_MGT); /************** include page specific files *********************/ require_once DIR_FS_WORKING . 'defaults.php'; require_once DIR_FS_MODULES . 'inventory/defaults.php'; /************** page specific initialization *************************/ if (!isset($_REQUEST['list'])) { $_REQUEST['list'] = 1; } $error = false; $processed = false; $cInfo = new objectInfo(array()); $creation_date = isset($_POST['creation_date']) ? gen_db_date($_POST['creation_date']) : date('Y-m-d'); $receive_date = isset($_POST['receive_date']) ? gen_db_date($_POST['receive_date']) : ''; $closed_date = isset($_POST['closed_date']) ? gen_db_date($_POST['closed_date']) : ''; $invoice_date = isset($_POST['invoice_date']) ? gen_db_date($_POST['invoice_date']) : ''; history_filter();