function getBalance($user_phone_num)
{
checkConn();
if (!doesUserExist($user_phone_num)) {
return -1;
}
$sql = "SELECT balance from `akshhhlt_blupay`.`users` where user_phone_num={$user_phone_num}";
$result = mysqli_query($GLOBALS['sqli_conn'], $sql);
$row = mysqli_fetch_assoc($result);
logToFile("getBalance for {$user_phone_num}", "balance = {$balance}");
return $row['balance'];
}
$servername = '66.228.53.178';
$dbusername = '******';
$dbpassword = '******';
$dbname = 'chukwuma_ophion';
$conn = new PDO("mysql:host={$servername};dbname={$dbname}", $dbusername, $dbpassword);
//connects to database
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//shows errors
//checks if Account exists
function doesUserExist($username, $conn)
{
$stmt = $conn->prepare("SELECT username FROM user WHERE username = :username");
$stmt->bindParam(':username', $username);
$stmt->execute();
if ($stmt->rowCount() > 0) {
return true;
} else {
return false;
}
}
$r = doesUserExist($username, $conn);
if ($r == true) {
header("location:http://ophion.chukwumaokere.com/accountexists.html");
} else {
$acc = new Account();
$acc->createAccount($user_type, $name, $company_name, $company_id, $email, $username, $password, $address1, $address2, $country, $city, $state_province, $zip, $mainPhone, $altPhone);
$acc->insertAccount($conn);
header("location:http://ophion.chukwumaokere.com/accountcreated.html");
/* Redirect browser */
}
exit;
$textNode = $xmlDoc->createTextNode($_REQUEST['a']);
$requestOptions->appendChild($textNode);
}
foreach ($actionArray as $action) {
switch ($action) {
case "setuprecord":
$xmlRoot->appendChild(setUpRecord($dbconn, $ldapConfig, $xmlDoc, $_REQUEST['username']));
break;
case "getPosts":
$xmlRoot->appendChild(getPosts($dbConn, $xmlDoc, $_REQUEST['page'], $_REQUEST['sub'], $_REQUEST['user'], $_REQUEST['comments']));
break;
case "email":
phpMailer($xmlDoc, $_REQUEST['name'], $_REQUEST['email'], $_REQUEST['subject'], $_REQUEST['msg']);
break;
case "doesUserExist":
$xmlRoot->appendChild(doesUserExist($dbconn, $xmlDoc, $_REQUEST['id'], $_REQUEST['user_type']));
break;
case "addGoogleUser":
$xmlRoot->appendChild(addGoogleUser($dbconn, $xmlDoc, $_REQUEST['id'], $_REQUEST['name'], $_REQUEST['email'], $_REQUEST['url']));
break;
case "addPost":
$xmlRoot->appendChild(addPost($dbconn, $xmlDoc, $_REQUEST['id'], $_REQUEST['title'], $_REQUEST['text'], $_REQUEST['url'], $_REQUEST['sub']));
break;
case "userInfo":
$xmlRoot->appendChild(userInfo($dbconn, $xmlDoc, $_REQUEST['id']));
break;
case "editUsername":
$xmlRoot->appendChild(editUsername($dbconn, $xmlDoc, $_REQUEST['id'], $_REQUEST['username']));
break;
case "castVote":
$xmlRoot->appendChild(castVote($dbconn, $xmlDoc, $_REQUEST['user_id'], $_REQUEST['post_id'], $_REQUEST['vote']));
function isMemberSetup($mysqli, $userId)
{
if (doesUserExist($mysqli, $userId)) {
if ($stmt = $mysqli->prepare("SELECT setup FROM members WHERE id = ? LIMIT 1")) {
$stmt->bind_param("i", $userId);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($result);
$stmt->fetch();
// Checks if member is setup
if ($result == 0) {
return false;
} else {
if ($result == 1) {
return true;
}
}
} else {
return "Failed MYSQL Query";
}
} else {
return "User does not exist";
}
}
validateSession();
header('Location: main.php');
} else {
if (isset($_POST['submit'])) {
// Clean arrays to prevent injection attacks
slashAllInputs();
// Connects to your Database
connectDatabase();
// makes sure they filled it in
if (!$_POST['username'] || !$_POST['password']) {
echoMainHeader();
echo "<h2>You did not fill in a required field.</h2>\n";
displayLogin();
} else {
//Gives error if user dosen't exist
if (!doesUserExist($_POST['username'])) {
echoMainHeader();
echo "<h2>That user does not exist in our database.</h2>\n";
displayLogin();
} else {
if (isValidUserPassword($_POST['username'], $_POST['password'])) {
loginUser();
} else {
echoMainHeader();
echo "Incorrect password, please try again.\n";
}
}
}
echoMainFooter();
}
}
<div class="relative1"><input type="password" name="password"
placeholder="Password" required></div>
<div class="relative1"><input type="hidden" name="secondTime"
value="true"></div>
<div class="relative1"><input type="submit" value="Login"></div>
</form>
<form action="signUp.php" class="form">
<div class="relative"><input type="submit" value="Sign Up"></div>
</form>
</body>
</html>
<?php
if ($_POST['secondTime'] == 'true') {
require 'functions.php';
$userExists = doesUserExist($_POST['userName'], $_POST['password']);
//echo $userExists;
if ($userExists) {
header('Location: placeOrder.php') && exit;
} else {
echo '<font size="5" id="invalidCredentials">Incorrect
username and password combination</font>';
echo '<script language="javascript">';
echo 'document.body.style.backgroundImage =
"url(\'static/images/loginBackground.png\')";';
echo '</script>';
}
// echo '<font size="5" color="orange">Incorrect </div>
}
if (1 == $_POST["submitted"]) {
// and, every variable that is part of the form was actually received by
// this file, meaning that the form was not hi- or side-jacked,
if (whiteList()) {
// and, both the username and password contain at least one character
// (this is a redundancy check, since each form variable is marked
// as “required” in the HTML form),
if (0 < strlen($_POST['username']) && 0 < strlen($_POST['password'])) {
// then process the username and password.
// 1. Remove whitespace surrounding the username.
// 2. Convert <, >, ', and " to their respective HTML entities
// 3. Handle HTML5 code
// 4. Use the UTF-8 character set
$username = htmlentities(trim($_POST['username']), ENT_QUOTES | 'ENT_HTML5', "UTF-8");
$password = trim($_POST['password']);
if (!doesUserExist($username)) {
registerNewUser($username, $password);
include_once "includes/register_success.inc";
header("Refresh: 5; ./index.php?action=login");
//change file path to login page!
} else {
header("Location: error.php?message_type=registration_error");
}
}
}
}
}
?>
<!DOCTYPE html>
<html>
<?php
if (!isset($_SESSION)) {
session_start();
}
include_once "functions.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$salt = getSalt();
$username = $_POST['username'];
$postPassword = $_POST['password'];
$forbiddenProjects = $_POST['forbiddenProjects'];
//as json --> encoded by javascript
$accountType = $_POST['accountType'];
$newUsername = $_POST['newUsername'];
$userAlreadyExists = doesUserExist($username);
//admin is allowed to change every password --> no check needed
if (isUserAdmin($_SESSION['loggedIn'])) {
if (!$userAlreadyExists) {
addUser($newUsername, crypt($postPassword, $salt), $forbiddenProjects, $accountType);
} else {
overrideUserProperties($username, $postPassword, $forbiddenProjects, $accountType, $newUsername);
}
}
}
function overrideUserProperties($username, $password, $forbiddenProjects, $accountType, $newUsername)
{
$userArray = [];
include "getUsersFromJSON.php";
$path_config_users = "";
include "paths.php";
if (!empty($userArray)) {
// and, every variable that is part of the form was actually received by
// this file, meaning that the form was not hi- or side-jacked,
if (whiteList()) {
// and, both the email and password contain at least one character
// (this is a redundancy check, since each form variable is marked
// as “required” in the HTML form),
if (0 < strlen($_POST['email']) && 0 < strlen($_POST['password']) && 0 < strlen($_POST['firstname'])) {
// then process the email and password.
// 1. Remove whitespace surrounding the email.
// 2. Convert <, >, ', and " to their respective HTML entities
// 3. Handle HTML5 code
// 4. Use the UTF-8 character set
$email = trim($_POST['email']);
$password = trim($_POST['password']);
$firstname = trim($_POST['firstname']);
if (!doesUserExist($email)) {
registerNewUser($email, $password, $firstname);
include_once "includes/register_success.inc";
header("Refresh: 5; ./home.php");
} else {
header("Location: error.php?message_type=registration_error");
}
}
}
}
}
?>
<!DOCTYPE html>
<html lang="en">
tpl_set_var('end_przejmij', "");
$acceptList = '';
foreach (listPendingCaches($usr['userid']) as $cache) {
$acceptList .= "<tr><td>";
$acceptList .= "<a href='viewcache.php?cacheid=" . $cache['cache_id'] . "'>";
$acceptList .= $cache['name'] . "</a>";
$acceptList .= " <a href='chowner.php?cacheid=" . $cache['cache_id'] . "&accept=1'>[<font color='green'>" . tr('adopt_12') . "</font>]</a>";
$acceptList .= " <a href='chowner.php?cacheid=" . $cache['cache_id'] . "&accept=0'>[<font color='#ff0000'>" . tr('adopt_13') . "</font>]</a>";
$acceptList .= "</td>\n <td>" . strftime($dateformat, strtotime($cache['date_hidden'])) . "</td>\n </tr>\n ";
}
tpl_set_var('acceptList', $acceptList);
}
if (isset($_POST['username'])) {
if (doesUserExist($_POST['username']) > 0) {
// uzytkownik istnieje, mozna kontynuowac procedure
$newUserId = doesUserExist($_POST['username']);
$sql = "INSERT INTO chowner (cache_id, user_id) VALUES (" . sql_escape(intval($_REQUEST['cacheid'])) . ", " . $newUserId . ")";
mysql_query($sql);
if (mysql_affected_rows() > 0) {
tpl_set_var('info_msg', ' ' . tr('adopt_24') . ' <br /><br />');
$mailContent = tr('adopt_26');
$mailContent = str_replace('\\n', "\n", $mailContent);
$mailContent = str_replace('{userName}', $usr['username'], $mailContent);
$mailContent = str_replace('{cacheName}', getCacheName($_REQUEST['cacheid']), $mailContent);
mb_send_mail_2(getUserEmail($newUserId), tr('adopt_25'), $mailContent, emailHeaders());
} else {
tpl_set_var('error_msg', tr('adopt_22') . '<br /><br />');
}
} else {
$message = tr('adopt_23');
$message = str_replace('{userName}', $_POST['username'], $message);
function logOut($username)
{
$connection = pdo_connect();
$data = array();
if (doesUserExist($username)) {
$query = <<<SQL
UPDATE USERS
SET Connected = ?
WHERE Username = ?
SQL;
$statement = $connection->prepare($query);
$result = $statement->execute(array(false, $username));
if ($result == true) {
$data['logout'] = true;
} else {
$data['logout'] = false;
$data['error'] = "Failed to logout the user";
}
} else {
$data['logout'] = false;
$data['error'] = "User does not exist";
}
echo json_encode($data);
}
require_once "/home/akshhhlt/public_html/blupay/twilio-php-master/Services/Twilio.php";
require_once "/home/akshhhlt/public_html/blupay/db_helper.php";
require_once "/home/akshhhlt/public_html/blupay/keys.php";
// passwords, api key, etc.
/*** Simulates texts ***/
$testingMode = TRUE;
/***** TWILLIO ACCOUNT INFO *****/
$AccountSid = AccountSid;
$AuthToken = AuthToken;
$server_phone_num = server_phone_num;
$client = new Services_Twilio($AccountSid, $AuthToken);
// define and log relevant information
$user_phone_num = $_GET["From"];
$message_body = $_GET["Body"];
$isExistingUser = doesUserExist($user_phone_num);
$balance = getBalance($user_phone_num);
$action = parseText($message_body);
// check for keywords in message
logToFile(time(), "SMS Recieved from \"{$user_phone_num}\". isExistingUser: {$isExistingUser}. Action: {$action}. SMS: {$message_body}");
if ($isExistingUser) {
existing_user($action);
} else {
onboard_user($message_body);
}
/*** Asks new user for name, inserts user into db ***/
function onboard_user($message_body)
{
logToFile("onboard user", $message_body);
session_start();
if (!strlen($_SESSION['lastTextTime'])) {