require_once ROOT_DIR . '/class.settings.php';
error_log("[ShopFix PROHEX] CALLBACK CALLED " . print_r($_GET, true));
function generateMessage($first_name, $cart, $transid)
{
$message = 'Hallo ' . $first_name . ",\n\nWe received your Payment with the Transaction ID: " . $transid . "\n\n";
$message .= "You purchased:\n\n";
foreach ($cart as $productid => $product) {
$message .= "- " . $product->name . " (" . $product->description . ")" . "\n";
}
$message .= "\nTo download the Products you have purchased, please visit the 'Payment History' section when logged in\n\n";
$message .= "- Your " . Settings::i()->title . " Team";
return $message;
}
if (isset($_GET['token'])) {
Logger::i()->writeLog("Processing PayPal Payment");
if (!SessionManager::i()->isLoggedIn()) {
Logger::i()->writeLog("User not logged in", 'dev');
die;
}
try {
$paypal = new PayPal(true);
} catch (Exception $e) {
Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev');
die;
}
$response = $paypal->doRequest("GetExpressCheckoutDetails", array("TOKEN" => $_GET['token']));
$first_name = $response['FIRSTNAME'];
if (!$response) {
Logger::i()->writeLog("Could not get express checkout details, error = " . $paypal->error, 'dev');
header("Location: index.php");
die;
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.submission.php';
require_once ROOT_DIR . '/class.settings.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/recaptchalib.php';
if (!SessionManager::i()->validateToken("LoginToken", "token")) {
Logger::i()->writeLog("Token to login is missing", 'dev');
die(Submission::createResult("Please refresh the page and try again"));
}
if (isset($_POST['login'])) {
$login = (array) json_decode(base64_decode($_POST['login']));
if ($field = Submission::checkFields(array("username", "password"), $login)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
if (Settings::i()->captcha_private) {
if (!isset($login['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$key = Crypto::GenerateKey($login['username']);
$find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key))));
if ($find !== false) {
if (!is_array($find)) {
$username = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->username)));
$email = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->email)));
$password = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->password)));
echo json_encode(array("username" => $username, "email" => $email, "password" => $password));
unset($username);
unset($email);
unset($password);
unset($userinfo);
} else {
Logger::i()->writeLog("No user found in the database for UserID = {$userid}, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not find user"));
}
} else {
if ($request_method == "POST") {
unset($request_method);
if (!SessionManager::i()->validateToken("UpdateAccountSettingsToken", "token")) {
Logger::i()->writeLog("Token to update account settings is missing", 'access');
die(Submission::createResult("Permission denied"));
}
if ($userinfo !== false && !is_array($userinfo)) {
if (isset($_POST['pw'])) {
$pw = base64_decode($_POST['pw']);
$pw = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $pw)));
$update = DbManager::i()->update("sf_members", array("password" => $pw), array("userid" => $userid));
if ($update) {
Logger::i()->writeLog("User password updated, UserID = {$userid}");
echo Submission::createResult("Password updated successfully", true);
} else {
Logger::i()->writeLog("User password could not be updated, error = " . DbManager::i()->error);
echo Submission::createResult("Could not update password. Please try again later.");
}
die(Submission::createResult("Permission denied"));
}
header("Content-Type: application/json; charset=UTF-8");
$settings = DbManager::i()->select("sf_settings", array("settings"));
if ($settings !== false && !is_array($settings)) {
$prefs = Crypto::DecryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), base64_decode(base64_decode($settings->settings)));
echo json_encode(array("settings" => json_decode(base64_decode($prefs))));
unset($prefs);
} else {
Logger::i()->writeLog("Could not load settings, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not load Settings"));
}
} else {
if ($request_method == "POST") {
unset($request_method);
if (!SessionManager::i()->validateToken("SettingsToken", "token")) {
Logger::i()->writeLog("Token to set settings is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
if (isset($_POST['settings'])) {
$settings = (array) json_decode(base64_decode($_POST['settings']));
if (isset($settings['paypal']) && count((array) $settings['paypal']) > 0) {
if ($field = Submission::checkFields(array("username", "password", "signature"), (array) $settings['paypal'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
if (isset($settings['btc']) && count((array) $settings['btc']) > 0) {
if ($field = Submission::checkFields(array("api_key", "api_pin"), (array) $settings['btc'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.settings.php';
$loggedIn = SessionManager::i()->isLoggedIn();
$_SESSION['RegisterToken'] = SessionManager::GenerateToken();
$_SESSION['LoginToken'] = SessionManager::GenerateToken();
$_SESSION['LogoutToken'] = SessionManager::GenerateToken();
$_SESSION['GetPaymentsToken'] = SessionManager::GenerateToken();
$_SESSION['CartToken'] = SessionManager::GenerateToken();
$_SESSION['LoadProductsToken'] = SessionManager::GenerateToken();
$_SESSION['UpdateAccountSettingsToken'] = SessionManager::GenerateToken();
$_SESSION['AccountSettingsToken'] = SessionManager::GenerateToken();
$_SESSION['CheckoutToken'] = SessionManager::GenerateToken();
$_SESSION['DownloadToken'] = SessionManager::GenerateToken();
$_SESSION['PaymentStatusToken'] = SessionManager::GenerateToken();
?>
<!DOCTYPE html>
<html lang="en" ng-app="ShopFixApp">
<head>
<title><?php
echo Settings::i()->title;
?>
</title>
<!-- Handle NoScript -->
<noscript>
<meta http-equiv="refresh" content="0;url=noscript.php">
</noscript>
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin is not logged in", 'access');
die(Submission::createResult("Admin is not logged in"));
}
if (!SessionManager::i()->validateToken("UpdateCustomersToken", "token")) {
Logger::i()->writeLog("Token to update customer is missing", 'access');
die(Submission::createResult("Token mismatch"));
}
if ($field = Submission::checkFields(array("customerid", "action"), $_POST)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
function renewPassword($c)
{
$plain = Crypto::generateRandomPassword(15);
$info = DbManager::i()->select("sf_members", array("key", "iv"), array("userid" => intval($c)));
if ($info !== false && !is_array($info)) {
$key = base64_decode(base64_decode($info->key));
$iv = base64_decode(base64_decode($info->iv));
$password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $plain)));
if (DbManager::i()->update("sf_members", array("password" => $password), array("userid" => intval($c)))) {
unset($password);
unset($key);
unset($iv);
unset($info);
Logger::i()->writeLog("Password renewed for UserID: {$c}, password = {$plain}");
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require_once ROOT_DIR . '/class.logger.php';
//requires class.dbmanager
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin is not logged in", 'dev');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("LoadLogsToken", "csrf", "GET")) {
Logger::i()->writeLog("Token to load logs is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
$all_logs = Logger::i()->getLogs();
$dev_logs = array();
$access_logs = array();
foreach ($all_logs as $log) {
if ($log->mode == "dev") {
array_push($dev_logs, $log);
} else {
if ($log->mode == "access") {
array_push($access_logs, $log);
}
}
}
echo json_encode(array("all_logs" => $all_logs, "dev_logs" => $dev_logs, "access_logs" => $access_logs));
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.settings.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
require_once ROOT_DIR . '/recaptchalib.php';
if (!SessionManager::i()->validateToken("RegisterToken", "token")) {
Logger::i()->writeLog("Token to register is missing", 'dev');
echo Submission::createResult("Please refresh the page and try again");
die;
}
if (isset($_POST['registration'])) {
$registration = (array) json_decode(base64_decode($_POST['registration']));
if ($field = Submission::checkFields(array("username", "email", "password", "repeat_password"), $registration)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
} else {
if (!Submission::checkEquality($registration['password'], $registration['repeat_password'])) {
die(Submission::createResult("Passwords do not match"));
}
}
if (!is_null(Settings::i()->captcha_private)) {
if (!isset($registration['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.btc.php';
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.submission.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
if (!SessionManager::i()->isLoggedIn()) {
Logger::i()->writeLog("User not logged in", 'access');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("PaymentStatusToken", "token")) {
Logger::i()->writeLog("Token to get payment status is missing", 'access');
die(Submission::createResult("Permission denied"));
}
try {
$btc = new BTC();
$info = (array) $btc->checkPaymentStatus();
if ($info['result'] == "success") {
die(Submission::createResult($info['resultMessage'], true));
}
} catch (Exception $e) {
Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev');
}
$result = "File exists already";
} else {
if (move_uploaded_file($tmp_name, $target_file)) {
$filePath = str_replace($_SERVER['DOCUMENT_ROOT'], "", dirname(__DIR__) . "/uploads/" . $name);
} else {
$result = "Moving failed";
}
}
}
return $result;
}
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin is not logged in", 'access');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("AddProductToken", "token")) {
Logger::i()->writeLog("Token to add product is missing", 'access');
die(Submission::createResult("Please refresh the page and try again"));
}
if (isset($_POST['product'])) {
$product = (array) json_decode(base64_decode($_POST['product']));
if ($field = Submission::checkFields(array("name", "price", "description", "available"), $product)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
} else {
if (!isset($_FILES) || ($field = Submission::checkFields(array("bigimage", "productfile"), $_FILES))) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
}
$imagePath = null;
$bigImagePath = null;
$productPath = null;
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.settings.php';
require_once ROOT_DIR . '/admin/admin_config.php';
if (SessionManager::i()->isAdminLoggedIn()) {
header("Location: admincp.php");
die;
}
$_SESSION['LoginToken'] = SessionManager::GenerateToken();
?>
<!DOCTYPE html>
<html lang="en" ng-app="ShopFixAdminApp">
<head>
<title><?php
echo Settings::i()->title;
?>
- AdminCP</title>
<!-- Meta information -->
<meta charset="UTF-8">
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="ShopFix is a simple but useful shop CMS" />
<meta name="keywords" content="shopping, shopfix, cms, purchases" />
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name='expires' content='0'>
<meta content='no-cache'>
<!-- jQuery -->
<script src="../js/jquery-1.11.2.min.js"></script>
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.payments.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
if (!SessionManager::i()->isLoggedIn()) {
Logger::i()->writeLog("User is not logged in", 'dev');
SessionManager::i()->destroySession(true, "index.php");
die;
}
if (!SessionManager::i()->validateToken("DownloadToken", "token", "GET")) {
Logger::i()->writeLog("Token to download is missing", 'dev');
SessionManager::i()->destroySession(true, "index.php");
die;
}
if (!isset($_GET['productid']) || !isset($_GET['transaction_id'])) {
header("Location: index.php");
die;
}
$payments = (array) json_decode(Payments::i()->getPayments());
$payments = (array) $payments['payments'];
$payments = array_filter($payments, function ($payment) {
return $payment->token == $_GET['transaction_id'];
});
if (count($payments) == 1) {
$payment = $payments[0];
$has_purchased = false;
foreach ($payment->cart as $key => $value) {
if ($key == $_GET['productid']) {
$has_purchased = true;
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.logger.php';
if (!SessionManager::i()->validateToken("LogoutToken", "token")) {
Logger::i()->writeLog("Logout failed for UserID = " . $_SESSION['userid']);
header("Location: index.php");
die;
}
SessionManager::i()->destroySession();
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.btc.php';
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.paypal.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isLoggedIn()) {
Logger::i()->writeLog("User not logged in", 'access');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("CheckoutToken", "token")) {
Logger::i()->writeLog("Token to checkout is missing", 'access');
die(Submission::createResult("Permission denied"));
}
function createURLForScript($script)
{
$url = "";
$scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://";
$url .= $scheme . $_SERVER['SERVER_NAME'] . str_replace($_SERVER['DOCUMENT_ROOT'], "", getcwd() . "/{$script}");
return $url;
}
function checkoutWithPaypal($total, $cart)
{
try {
$paypal = new PayPal(true);
} catch (Exception $e) {
Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev');
die;
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->validateToken("LoadProductsToken", "token")) {
Logger::i()->writeLog("Token to load products is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
header("Content-Type: application/json; charset=UTF-8");
$products = DbManager::i()->select("sf_products", array("productid", "name", "price", "description", "available", "image", "bigimage", "soldOut"));
if ($products !== false) {
$prods = array();
if (!is_array($products)) {
$products = array($products);
}
foreach ($products as $product) {
array_push($prods, array("productid" => $product->productid, "name" => $product->name, "price" => $product->price, "description" => $product->description, "available" => intval($product->available), "image" => $product->image, "bigimage" => $product->bigimage, "soldOut" => intval($product->soldOut)));
}
echo json_encode(array("products" => $prods));
unset($prods);
unset($products);
} else {
Logger::i()->writeLog("Could not get products, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not get products"));
}
