public function Start() { // If user is already logged in if (jf::CurrentUser()) { if (isset($_GET["return"])) { $return = $_GET["return"]; } else { $return = ""; } $this->Redirect(SiteRoot . $return); // Site root does not contain trailing '/' } // TODO: Implement a secure 'Remember Me' if (isset($_POST["Username"]) && isset($_POST['Password'])) { $this->Result = jf::Login($_POST['Username'], $_POST['Password']); } //Login Successful if (isset($this->Result) && $this->Result) { if (isset($_GET["return"])) { $return = $_GET["return"]; } else { $return = ""; } $this->Redirect(SiteRoot . $return); } return $this->Present(); }
/** * Fetch submission details from the database * * @param int $id ID to search for * * @return array Result of the query * @throws \Exception Required parameter missing */ public static function getByID($id = null) { if ($id === null) { throw new InvalidArgumentException("Required parameter missing"); } return \jf::SQL("SELECT * FROM " . self::TABLE_NAME . " WHERE ID = ?", $id); }
public function Start() { // Check if the user is logged in and // have the required permissions if (jf::CurrentUser() && jf::Check(self::PERMISSION_NAME)) { // Check if POST parameter present if (isset($_POST['username'])) { $username = $_POST['username']; if (jf::$User->UserExists($username)) { // First remove the user role association $userId = jf::$User->UserID($username); $roleId = jf::$RBAC->Roles->TitleId(self::ROLE_NAME); jf::$RBAC->Users->Unassign($roleId, $userId); // Delete the user jf::$User->DeleteUser($username); echo json_encode(array('status' => true, 'message' => self::SUCCESS_MESSAGE)); } else { // User does not exists. Error! echo json_encode(array('status' => false, 'message' => self::USER_NOT_EXISTS_MESSAGE)); } } else { echo json_encode(array('status' => false, 'message' => self::PARAMETER_MISSING_MESSAGE)); } } else { echo json_encode(array('status' => false, 'message' => self::UNAUTHORIZED_MESSAGE)); } return true; }
/** * need to supply me with $result and $profiler * first one being test result object of PHPUnit and second an instance of profiler */ function DumpResultRows($ResultArray, $Symbol, $Text, $Odd = false) { if (count($ResultArray)) { echo $Symbol . count($ResultArray) . " " . $Text . "\n"; $n = 0; foreach ($ResultArray as $test) { echo ++$n; echo ") "; $t = $test->failedTest(); echo get_class($t); echo " :: "; echo $t->getName(); echo "\t"; $e = new Exception(); echo $test->getExceptionAsString(); echo "\t"; $trace = $test->thrownException()->getTrace(); if ($Odd) { $file = $trace[0]['file']; } else { $file = $trace[3]['file']; } $dir = substr($file, 0, strlen(jf::root())); $dir = substr($file, 0, strpos($file, DIRECTORY_SEPARATOR, strlen($dir) + 1)); $dir = substr($file, 0, strpos($file, DIRECTORY_SEPARATOR, strlen($dir) + 1)); $filename = substr($file, strlen($dir) + 1); echo $filename; echo "\n"; } echo str_repeat("-", 80) . "\n"; } }
function testStrings() { $this->assertEquals(Jalali::DateString($this->Timestamp), "1391-11-15"); $this->assertEquals(Jalali::TimeString($this->Timestamp), "01:39:26"); $this->assertEquals(new Jalali($this->Timestamp), "1391-11-15 01:39:26"); $this->assertEquals(new Jalali(), new Jalali(jf::time())); }
function Present() { //only update the csrf token on the session when outputting the field. $this->Token = jf::$Security->RandomToken(); jf::SaveSessionSetting(jFormCsrf::SettingNamePrefix . $this->Name(), $this->Token); echo "<input class='jWidget jFormCSRF' type='hidden' name='{$this->Name()}' value='{$this->Token}' />\n"; }
public function Start() { if (jf::CurrentUser() && jf::Check(self::PERMISSION_NAME)) { if (isset($_POST['username']) && isset($_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; if (empty($username) || empty($password)) { echo json_encode(array('status' => false, 'message' => self::PARAMETER_MISSING_MESSAGE)); } else { if (jf::$User->UserExists($username)) { // If user already exists echo json_encode(array('status' => false, 'message' => self::USER_EXISTS_MESSAGE)); } else { // Everything OK. Create a new user and assign the role $userId = jf::$User->CreateUser($username, $password); // Create user $roleId = jf::$RBAC->Roles->TitleId(self::ROLE_NAME); jf::$RBAC->Users->Assign($roleId, $userId); // Assign role to the newly created user echo json_encode(array('status' => true, 'message' => self::SUCCESS_MESSAGE, 'id' => $userId)); } } } else { // Required parameters are missing echo json_encode(array('status' => false, 'message' => self::PARAMETER_MISSING_MESSAGE)); } } else { // User is not authorized echo json_encode(array('status' => false, 'message' => self::UNAUTHORIZED_MESSAGE)); } return true; }
public function Start() { $request = jf::$BaseRequest; if (jf::CurrentUser()) { // User is logged in, check if the user is authorized if (jf::Check("view_contest_chal")) { if (($activeContest = \webgoat\ContestDetails::getActive()) !== null) { $this->ContestName = $activeContest[0]['ContestName']; $startTime = $activeContest[0]['StartTimestamp']; $currentTime = time(); if ($currentTime < $startTime) { $this->TimeRemaining = $startTime - $currentTime; } else { $challenges = \webgoat\ContestChallenges::getByContestID(); if (count($challenges) == 0) { $this->Error = "Currently there are no challenges in this contest"; } else { $this->Challenges = $challenges; } } } else { $this->Error = "Currently there is no active contest. Check back later!!"; } return $this->Present(); } else { // User is not authorized $this->Redirect(SiteRoot); } } else { // User is not logged in $this->Redirect(jf::url() . "/user/login?return=/{$request}"); } }
function Insert() { if (jf::$RunMode->IsCLI()) { return false; } $res = jf::SQL("INSERT INTO {$this->TablePrefix()}stats (UserID,SessionID,Timestamp,Page,Query,IP,Host,Protocol,UserAgent) VALUES\n\t\t\t(?,?,?,?,?,?,?,?,?)", jf::CurrentUser() ?: 0, jf::$Session->SessionID(), jf::time(), HttpRequest::URI(), HttpRequest::QueryString(), HttpRequest::IP(), HttpRequest::Host(), HttpRequest::Protocol(), HttpRequest::UserAgent()); return $res; }
function ActivationMail($Email, $UserID, $Username) { $ActivationToken = jf::$Security->RandomToken(); jf::SaveGeneralSetting("activation_{$ActivationToken}", $UserID); $MyEmail = "admin@" . HttpRequest::Host(); $Content = "Thank you for joininig " . constant("jf_Application_Title") . " {$Username},\n\t\t\t\tPlease open the following link in order to activate your account:\n\n\t\t\t\t" . SiteRoot . "/sys/xuser/signup?validate={$ActivationToken}\n\n\t\t\t\tIf you did not sign up on this site, just ignore this email."; return mail($Email, "Account Confirmation", $Content, "From: " . constant("jf_Application_Name") . " <{$MyEmail}>"); }
private function activationMail($email, $userId, $username) { $activationToken = jf::$Security->RandomToken(); jf::SaveGeneralSetting("activation_{$activationToken}", $userId); $myEmail = "*****@*****.**"; $content = "Thank you for joining " . constant("jf_Application_Title") . " {$username},\n Please open the following link in order to activate your account:\n " . CONTEST_MODE_DIR . "user/signup?validate={$activationToken}\n\n If you did not sign up on this site, just ignore this email."; return mail($email, "Account Confirmation", $content, "From: " . constant("jf_Application_Name") . " <{$myEmail}>"); }
function testGetTime() { $profiler = new \jf\Profiler(); $profileTime = (int) $profiler->GetTime(false); $jfTime = jf::time(); $this->assertTrue($profileTime == $jfTime or $profileTime == $jfTime - 1); $profileTime = $profiler->GetTime(false); $profileTime *= 1000000; $time = $profiler->GetTime(true); $this->assertGreaterThan($profileTime - $time, 100); }
function Start() { $this->Username = jf::$XUser->Username(); jf::$XUser->Logout(jf::CurrentUser()); setcookie("jframework_rememberme", null, null); if (isset($_GET["return"])) { $this->Return = $_GET["return"]; } else { $this->Return = "./login"; } return $this->Present(); }
/** * Test to check permissions of users */ public function testUserPermissions() { /** * Store id of the user */ $userId = jf::$User->UserID('guest'); $this->assertTrue(jf::Check('view_single_chal', $userId)); $this->assertFalse(jf::Check('view_workshop_chal', $userId)); $this->assertFalse(jf::Check('view_contest_chal', $userId)); $this->assertFalse(jf::Check('edit_contest_chal', $userId)); $this->assertFalse(jf::Check('add_workshop_users', $userId)); }
function Start() { $this->Username = jf::$XUser->Username(); $Logged = false; if (isset($_COOKIE["jframework_rememberme"])) { $rememberMeToken = $_COOKIE["jframework_rememberme"]; $userID = jf::LoadGeneralSetting("rememberme_" . $rememberMeToken); if ($userID > 0) { $Result = jf::$XUser->ForceLogin($userID); $Logged = true; } } if (isset($_POST["Username"])) { $Username = $_POST['Username']; $Password = $_POST['Password']; $loginResult = jf::$XUser->Login($Username, $Password); if ($loginResult == false) { $UserID = jf::$XUser->UserID($Username); $res = jf::$XUser->LastError; if ($res == \jf\ExtendedUserErrors::Inactive) { $ErrorString = "Your account is not activated."; } elseif ($res == \jf\ExtendedUserErrors::InvalidCredentials or $res == \jf\ExtendedUserErrors::NotFound) { $ErrorString = "Invalid Credentials."; } elseif ($res == \jf\ExtendedUserErrors::Locked) { $ErrorString = "Your account is locked. Try again in " . floor(jf::$XUser->LockTime($Username) / 60) . " minute(s)."; } elseif ($res == \jf\ExtendedUserErrors::PasswordExpired) { $Link = "./reset?user={$UserID}"; $ErrorString = "Your password is expired. You should <a href='{$Link}'>change your password</a>."; } elseif ($res == \jf\ExtendedUserErrors::TemporaryValidPassword) { $Link = "./reset?user={$UserID}&temp={$Password}"; $ErrorString = "This is a temporary password. You should <a href='{$Link}'>reset your password</a> now."; } $Logged = false; $this->Error = $ErrorString; } else { $Logged = true; if (isset($_POST['Remember'])) { $timeout = 60 * 60 * 24 * 30; $rememberMeToken = jf::$Security->RandomToken(); jf::SaveGeneralSetting("rememberme_" . $rememberMeToken, jf::CurrentUser(), $timeout); setcookie('jframework_rememberme', $rememberMeToken, jf::time() + $timeout); } } } if ($Logged == true) { if (isset($_GET['return'])) { $this->Redirect($_GET['return']); } $this->Success = true; } return $this->Present(); }
public function Start() { // If user is logged in if (jf::CurrentUser()) { jf::Logout(); } if (isset($_GET["return"])) { $Return = $_GET["return"]; } else { $Return = ""; } $this->Redirect(SiteRoot . $Return); }
/** * Launches an application controller. Returns what the controller returns. * If it is false, a not found error is displayed. * @return boolean */ function Launch() { $Parts = explode("/", $this->Request); $Type = array_shift($Parts); if (!array_key_exists($Type, self::$StaticContentPrefix)) { return false; } $Type = self::$StaticContentPrefix[$Type]; array_unshift($Parts, $Type); $file = jf::root() . DIRECTORY_SEPARATOR . implode(DIRECTORY_SEPARATOR, $Parts); $FileMan = new DownloadManager(); return $FileMan->Feed($file); }
/** * Runs a module. The difference with import is that this one uses require instead of require_once * @param string $module * @param array $scopeVars */ static function run($module, $scopeVars = null) { $file = jf::moduleFile($module); if (!file_exists($file)) { throw new ImportException("File not found : {$file}"); } if (is_array($scopeVars)) { foreach ($scopeVars as $ArgName => $ArgValue) { ${$ArgName} = $ArgValue; } } require $file; }
public function Start() { if (jf::CurrentUser()) { if (jf::Check("contest")) { if (isset($_POST['challenge']) && isset($_POST['name']) && isset($_POST['points']) && isset($_POST['flag'])) { $hashedFlag = md5($_POST['flag']); $activeContest = \webgoat\ContestDetails::getActive(); $activeContestID = $activeContest[0]['ID']; $data = array('ContestID' => $activeContestID, 'ChallengeName' => $_POST['challenge'], 'NameToDisplay' => $_POST['name'], 'Points' => $_POST['points'], 'CorrectFlag' => $hashedFlag); \webgoat\ContestChallenges::add($data); echo json_encode(array('status' => true, 'message' => 'Challenge successfully added')); return true; } } } }
/** * returns module name for this object in format control/demo/__catch */ protected function ModuleName($Object = null) { if ($Object === null) { $Object = $this; } $reflector = new \ReflectionClass(get_class($Object)); $filename = $reflector->getFileName(); $filename_inside_jf = substr($filename, strlen(jf::root()) + 1); $Parts = explode(DIRECTORY_SEPARATOR, $filename_inside_jf); $Type = array_shift($Parts); if ($Type == "_japp") { array_unshift($Parts, "jf"); } return substr(implode("/", $Parts), 0, -4); //omit .php }
/** * Returns the object of the lesson from * the application settings. * * @param string $lessonName Name of the lesson to be searched for * * @return Object Lesson object * @throws ArgumentMissingException If $lessonName is missing * @throws LessonNotFoundException If the lesson is not found * @throws GeneralSettingsMissingException If there is are no application * settings present */ public static function getLessonObject($lessonName = null) { if ($lessonName == null) { throw new ArgumentMissingException("Please select a lesson"); } if (!\jf::LoadGeneralSetting('categoryLessons')) { throw new GeneralSettingsMissingException("No settings found for 'categoryLessons'"); } foreach (\jf::LoadGeneralSetting('categoryLessons') as $lessons) { foreach ($lessons as $lesson) { if ($lesson[0] == $lessonName) { return $lesson[1]; } } } throw new LessonNotFoundException("Lesson '{$lessonName}' not found"); }
private function addSubmission($challenge) { $challengeDetails = \webgoat\ContestChallenges::getByName($challenge); $flag = $_POST['flag']; $ip = \jf\HttpRequest::IP(); $challengeID = $challengeDetails[0]['ID']; $userID = jf::CurrentUser(); $data = array('UserID' => $userID, 'ChallengeID' => $challengeID, 'Flag' => $flag, 'IP' => $ip, 'timestamp' => time()); \webgoat\ContestSubmissions::add($data); \webgoat\ContestChallenges::incrementTotalAttempts($challenge); if (\webgoat\ContestSubmissions::evaluate($challengeID, $flag)) { $this->Submission = 1; // Increment complete count \webgoat\ContestChallenges::incrementCompletedCount($challenge); } else { $this->Submission = 0; } }
/** * Adds a new connection to database manager. * If index is set, the connection is added with the index (which could be a string) * @param DatabaseSetting $dbConfig * @param integer|string $Index * @throws ImportException * @return unknown */ static function AddConnection(DatabaseSetting $dbConfig, $Index = null) { $configIndex = self::FindIndex($dbConfig); if ($configIndex != -1) { return self::$Connections[$configIndex]; } $Classname = "\\jf\\DB_{$dbConfig->Adapter}"; try { jf::import("jf/model/lib/db/adapter/{$dbConfig->Adapter}"); } catch (ImportException $e) { echo "Database adapter '{$dbConfig->Adapter}' not found."; throw $e; } if ($Index === null) { return self::$Connections[] = new $Classname($dbConfig); } else { return self::$Connections[$Index] = new $Classname($dbConfig); } }
/** * Launches a system (admin interface) controller. Returns what the controller returns. * If it is false, a not found error is displayed. * @return boolean */ function Launch() { $Parts = explode("/", $this->Request); assert($Parts[0] == "sys"); // or $Parts [0] == "app" ); $Parts[0] = "control"; array_unshift($Parts, "jf"); //go system mode for import $RequestedModule = implode("/", $Parts); //load the controller module if (!$this->StartController($RequestedModule)) { //not found! if (!headers_sent()) { # no output done, this check prevents controllers that don't return true to fail jf::run("view/_internal/error/404"); } return false; } return true; }
public function Start() { if (jf::CurrentUser()) { $userName = jf::$XUser->Username(); $oldPass = $_POST['old_password']; $newPass = $_POST['new_password']; $cnfNewPass = $_POST['cnew_password']; if ($newPass != $cnfNewPass) { echo json_encode(array('status' => false, 'error' => 'Password and Confirm Password do not match')); } elseif (!jf::Login($userName, $oldPass)) { echo json_encode(array('status' => false, 'error' => 'Old Password is incorrect')); } else { jf::$User->EditUser($userName, $userName, $newPass); echo json_encode(array('status' => true, 'message' => 'Password successfully updated')); } } else { echo json_encode(array('status' => false, 'error' => 'You are not authorized for this action')); } return true; }
/** * Returns all roles assigned to a permission * * @param integer $Permission * ID * @param boolean $OnlyIDs * if true, result would be a 1D array of IDs * @return Array 2D or 1D or null */ function Roles($Permission, $OnlyIDs = true) { if (!is_numeric($Permission)) { $Permission = $this->Permission_ID($Permission); } if ($OnlyIDs) { $Res = jf::SQL("SELECT RoleID AS `ID` FROM\n\t\t\t{$this->TablePrefix()}rbac_rolepermissions WHERE PermissionID=? ORDER BY RoleID", $Permission); if (is_array($Res)) { $out = array(); foreach ($Res as $R) { $out[] = $R['ID']; } return $out; } else { return null; } } else { return jf::SQL("SELECT `TP`.* FROM {$this->TablePrefix()}rbac_rolepermissions AS `TR`\n\t\t\tRIGHT JOIN {$this->TablePrefix()}rbac_roles AS `TP` ON (`TR`.RoleID=`TP`.ID)\n\t\t\tWHERE PermissionID=? ORDER BY TP.RoleID", $Permission); } }
public function Start() { if (jf::CurrentUser()) { if (jf::Check("contest")) { // User is authorized if (isset($_POST['contest_submit'])) { // Request to store the contest in the database $this->addContest(); } if (\webgoat\ContestDetails::isActivePresent()) { // If an active contest is present $contestDetails = \webgoat\ContestDetails::getActive(); $contestChallenges = \webgoat\ContestChallenges::getByContestID($contestDetails[0]['ID']); $contestUsers = \webgoat\ContestUsers::getAll(); $this->ContestName = $contestDetails[0]['ContestName']; $this->ContestStart = date("d/m/Y h:i:s A", $contestDetails[0]['StartTimestamp']); $this->ContestEnd = date("d/m/Y h:i:s A", $contestDetails[0]['EndTimestamp']); $this->UserCount = count($contestUsers); $this->ChallengeCount = count($contestChallenges); $this->Challenges = $contestChallenges; $this->insertNewChallenges(); } else { // Show the option to start a contest $this->noActiveContest = true; } return $this->Present(); } else { // User is not authorized $this->Redirect(SiteRoot); // Redirect to home page } } else { // User is not authenticated $this->Redirect(jf::url() . "/user/login?return=/" . jf::$BaseRequest); } }
/** * Outputs a nicely formatted error for web display * @param integer $errno * @param string $errstr * @param string $errfile * @param integer $errline * @param \Exception $exception * @return boolean */ function PresentError($errno, $errstr, $errfile, $errline, $exception = null) { if (!self::$PresentErrors) { return false; } jf::run("jf/view/_internal/error", array("errno" => $errno, "errstr" => $errstr, "errfile" => $errfile, "errline" => $errline, "exception" => $exception)); /* Don't execute PHP internal error handler */ return false; }
/** * This is a convenient wrapper for AddRule, which calls moduleFile on the module string and then adds the file to rules. * @param string $Classname * @param string $Module e.g model/folder/file * @throws AutoloadRuleException */ static function AddModule($Classname, $Module) { $File = jf::moduleFile($Module); if (!file_exists($File)) { throw new AutoloadRuleException("Invalid autoload rule added: {$File} set for autoloading of class '{$Classname}' does not exist."); } self::$List[$Classname] = $File; }
function __construct($Timestamp = null) { if ($Timestamp === null) { $Timestamp = jf::time(); } $this->Timestamp = $Timestamp; }