public function save($isNewAccount = false) { //create a new database object. $db = DB::getInstance(); if ($isNewAccount) { $data = array("userId" => Validation::xss_clean(DB::makeSafe("'{$this->userId}'")), "balance" => Validation::xss_clean(DB::makeSafe("'{$this->balance}'")), "accountNo" => Validation::xss_clean(DB::makeSafe("'{$this->accountNo}'")), "password" => Validation::xss_clean(DB::makeSafe("'{$this->password}'")), "securitytype" => Validation::xss_clean(DB::makeSafe("'{$this->sectype}'"))); $this->id = $db->insert($data, "ACCOUNTS"); } return true; }
<?php require_once '../../includes/global.inc.php'; $message = ""; if(isset($_SESSION['logged_in'])) { header("Location: accountoverview.php"); } //check to see if they've submitted the login form if(isset($_GET['message'])) { $message = Validation::xss_clean($_GET['message']); } if (!isset($_GET["success"])) header("Location: banklogin.php"); ?> <!DOCTYPE html> <!--[if lt IE 7]> <html class="ie lt-ie9 lt-ie8 lt-ie7 "> <![endif]--> <!--[if IE 7]> <html class="ie lt-ie9 lt-ie8 "> <![endif]--> <!--[if IE 8]> <html class="ie lt-ie9 "> <![endif]--> <!--[if gt IE 8]> <html class="ie "> <![endif]--> <!--[if !IE]><!--> <html class=""> <!-- <![endif]--> <head> <title>Registration Success</title> <!-- Meta --> <meta charset="utf-8">
private function def($data = array()) { $obj = new Validation(); foreach ($data['fields'] as $key => $value) { if (isset($value['require']) && $value['require']) { if (!isset($this->foo[$key]) || $this->foo[$key] == "" || $this->foo[$key] == null) { if (!isset($this->getData[$key])) { $this->errors[] = ucwords($key) . " can't be null or blank"; } else { $this->foo[$key] = $this->getData[$key]; } } if (!($isValid = $obj->validate($value['type'], $this->foo[$key]))) { $this->errors[] = ucwords($key) . " isn't {$value['type']}"; } if (!($fieldData = $obj->xss_clean($this->foo[$key]))) { $this->errors[] = ucwords($key) . " isn't passed xss clean security"; } if (empty($this->errors)) { $fieldValue = isset($this->foo[$key]) ? $this->mysqliFilter($this->foo[$key]) : $this->getData[$key]; } } else { $fieldValue = isset($this->foo[$key]) ? $this->mysqliFilter($this->foo[$key]) : ""; } $this->setData[$key] = $fieldValue; } }
<!-- // Sidebar Menu END --> <!-- Content --> <div id="content"> <nav class="navbar hidden-print main " role="navigation"> <div class="navbar-header pull-left"> <div class="user-action user-action-btn-navbar pull-left border-right"> <button class="btn btn-sm btn-navbar btn-inverse btn-stroke"><i class="fa fa-bars fa-2x"></i> </button> </div> </div> <ul class="main pull-right "> <li class="dropdown username"> <a href="" class="dropdown-toggle" data-toggle="dropdown"> <img src="../assets/images/people/35/2.jpg" class="img-circle" width="30" /><?=Validation::xss_clean($_SESSION["emailId"])?> <span class="caret"></span> </a> <ul class="dropdown-menu pull-right"> <li><a href="changepassword.php?csrf_token=<?php echo $token; ?>" class="glyphicons edit no-ajaxify"><i></i>Change Password</a> </li> <li><a href="banklogout.php?lang=en&csrf_token=<?php echo $token; ?>" class="glyphicons lock no-ajaxify"><i></i>Logout</a> </li> </ul> </li> </ul> <div class="navbar-collapse collapse"> </div> </nav> <!-- // END navbar -->
<?php error_reporting(E_ERROR | E_PARSE | E_WARNING); // error_reporting(E_ALL); //start the session session_start(); // Requirements require_once '../../libs/nocsrf.php'; require_once '../../classes/User.class.php'; require_once '../../classes/UserTools.class.php'; require_once '../../classes/DB.class.php'; require_once '../../classes/Account.class.php'; require_once '../../includes/constants.inc.php'; require_once '../../utils/InputValidation.util.php'; //connect to the database $db = DB::getInstance(); $db->connect(); //initialize UserTools object $userTools = new UserTools(); //refresh session variables if logged in if (isset($_SESSION['logged_in'])) { $user = unserialize(Validation::xss_clean($_SESSION['user'])); $_SESSION['user'] = serialize($userTools->get(Validation::xss_clean($_SESSION["emailId"]))); }
if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if (!$userTools->isAdmin($sessionEmailId)) { header("Location: banklogin.php"); } try { NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false ); $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"])); if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $updateData = array ( "isAdmin" => 1 ); // Make the user active $db->update ($updateData, "USERS", "emailId = '$emailToUpdate'"); //send TAN email to the user $message = Swift_Message::newInstance()
<script> alert("Captcha Validation Failed"); </script> <?php exit; } //retrieve the $_POST variables $firstName = Validation::xss_clean(DB::makeSafe($_POST["firstName"])); $middleName = Validation::xss_clean(DB::makeSafe($_POST["middleName"])); $lastName = Validation::xss_clean(DB::makeSafe($_POST["lastName"])); $emailId = Validation::xss_clean(DB::makeSafe($_POST["emailId"])); $mobileNo = Validation::xss_clean(DB::makeSafe($_POST["mobileNo"])); $password = Validation::xss_clean(DB::makeSafe($_POST["password"])); $password_confirm = Validation::xss_clean(DB::makeSafe($_POST['retypePassword'])); $securityType = Validation::xss_clean(DB::makeSafe($_POST['radio'])); //initialize variables for form validation $success = true; $userTools = new UserTools(); //validate that the form was filled out correctly if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { $success = false; ?> <script> alert("Email Validation Failed"); </script> <?php }
<?php require_once("../../classes/PluploadHandler.php"); require_once '../../includes/global.inc.php'; //check to see if they're logged in if(!isset($_SESSION['logged_in'])) { header("Location: banklogin.php"); } PluploadHandler::no_cache_headers(); PluploadHandler::cors_headers(); $emailId = Validation::xss_clean($_SESSION["emailId"]); if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $targetDir = LOCATION_OF_UPLOAD_DIR . $emailId; $targetDirBlankFile = LOCATION_OF_UPLOAD_DIR . $emailId . "/index.php"; //Used to prevent listing of the folder contents $fileName = date("Y-m-d_His").".txt"; if (!file_exists($targetDir)) { mkdir($targetDir, 0777, true); } if (!file_exists($targetDirBlankFile)) { fopen($targetDirBlankFile, "w"); }
$data = mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1 AND isAdmin = 1"); if (mysql_num_rows($data) == 1) { $updateData = array ( "isActive" => 2 ); $transactionToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["id"])); if (filter_var($transactionToUpdate, FILTER_VALIDATE_INT) != true) { header ("Location: error.php?message=Transaction ID Validation Failed"); } $emailIdOfTransaction = Validation::xss_clean(DB::makeSafe ($_GET["emailId"])); if (filter_var($emailIdOfTransaction, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $transactionArray = $db->select("TRANSACTIONS", "id = '$transactionToUpdate'"); // Check to see if the admin is rejecting its own transaction if ($emailIdOfTransaction == $emailId) { header("Location: error.php?message=You can't reject your own transaction"); return; } // Make the transaction rejected
require_once '../../includes/global.inc.php'; require_once '../../libs/pdf/mpdf.php'; require_once '../../utils/Generators.util.php'; require_once '../../includes/mail.inc.php'; //check to see if they're logged in if(!isset($_SESSION['logged_in'])) { header("Location: banklogin.php"); } try { NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false ); $emailIdToRetrieveData = Validation::xss_clean(DB::makeSafe($_GET['emailId'])); $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"])); if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if (filter_var($emailIdToRetrieveData, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if (strlen($emailIdToRetrieveData) != 0) if (!$userTools->isAdmin($emailId) && ($emailId != $emailIdToRetrieveData)) { header("Location: banklogin.php"); } $userData = $db->select("USERS", "emailId = '$emailIdToRetrieveData' AND isActive = 1");
//check to see if they've submitted the login form if(isset($_POST['submit_logon'])) { //CAPTCHA Validation if (!$securimage->check($_POST['captcha_code'])) { ?> <script> alert("Captcha Validation Failed"); </script> <?php exit; } $username = Validation::xss_clean(DB::makeSafe($_POST['email'])); $password = Validation::xss_clean(DB::makeSafe($_POST['password'])); if (filter_var($username, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $userTools = new UserTools(); if ($userTools->login($username, $password)){ //successful login, redirect them to a page header("Location: accountoverview.php?csrf_token=$token"); } else { $error = "Incorrect username or password. Please try again."; } }
<?php require_once '../../includes/global.inc.php'; require_once '../../utils/Account.util.php'; require_once '../../includes/mail.inc.php'; require_once '../../utils/Generators.util.php'; //check to see if they're logged in //if(!isset($_SESSION['logged_in'])) { // header("Location: banklogin.php"); //} $emailToReset = Validation::xss_clean(DB::makeSafe($_GET["mailId"])); if (filter_var($emailToReset, FILTER_VALIDATE_EMAIL) != true) { echo("Email Validation Failed"); return; } try { $db = DB::getInstance(); $db->connect(); $accData = $db->select("ACCOUNTS", "userId = '$emailToReset'"); if (is_array($accData) && $accData["userId"] != "") { $password = Generators::randomPasswordGenerate (15); $passwordwithqoutes="'".hash('sha512', $password)."'";
$sessionEmailId = Validation::xss_clean($_SESSION["emailId"]); if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if (!$userTools->isAdmin($sessionEmailId)) { header("Location: banklogin.php"); } try { NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false ); $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"])); $initialAmount = Validation::xss_clean(DB::makeSafe ($_GET["initial_amount"])); $updateData = array ( "isActive" => 1 ); // Update the initial balance $updateBalanceData = array ( "balance" => $initialAmount ); if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); }