function create_session($request)
{
$raw_input = $request->getBody();
$content_type = explode(';', $request->type)[0];
switch ($content_type) {
case 'application/json':
$input_data = json_decode($raw_input, true);
break;
case 'application/x-www-form-urlencoded':
$input_data = array();
parse_str($raw_input, $input_data);
break;
default:
Util::output_errors_and_die('', 415);
}
if ($input_data === null) {
Util::output_errors_and_die('', 400);
}
set_empty_if_undefined($input_data['username_or_email']);
set_empty_if_undefined($input_data['password']);
$msg = new Messages($GLOBALS['locale'], '/signin');
try {
$model = new Model();
$user_data = $model->is_valid_user($input_data['username_or_email'], $input_data['password']);
if (!$user_data) {
Util::output_errors_and_die($msg->_('invalid-username-pw'), 403);
}
switch ($user_data['status']) {
case 'pending-activation':
Util::output_errors_and_die($msg->_('pending-activation'), 403);
break;
case 'pending-approval':
Util::output_errors_and_die($msg->_('pending-approval'), 403);
break;
case 'banned':
Util::output_errors_and_die($msg->_('banned'), 403);
break;
case 'active':
$token = generate_token($user_data);
$now = new DateTime('now');
$expires_at = clone $now;
$expires_at->add(new DateInterval('P7D'));
$model->insert_auth_token($user_data['user_id'], $token, $now, $expires_at);
http_response_code(201);
$output = array('token' => $token, 'expires_at' => $expires_at->format('Y-m-d H:i:s'));
setcookie('authToken', $token, $expires_at->getTimestamp(), '/', '', $secure = true, $httponly = true);
header('Content-Type: application/json');
echo my_json_encode($output);
die;
break;
}
} catch (DatabaseException $e) {
Util::output_errors_and_die($e->getMessage(), 503);
} catch (Exception $e) {
Util::output_errors_and_die($e->getMessage(), 400);
}
}
private function createToken($app)
{
try {
$randToken = generate_token();
return Token::create(array('app_id' => $app->id, 'token' => $randToken));
} catch (\Exception $e) {
return $this->createToken($app);
}
}
function cobalt_password_hash($mode, $password, $username, &$salt = '', &$iteration = '', &$method = '')
{
require_once 'subclasses/system_settings.php';
$obj_settings = new system_settings();
if ($mode == 'RECREATE') {
$dbh = new data_abstraction();
$mysqli = $dbh->connect_db()->mysqli;
$clean_username = $mysqli->real_escape_string($username);
$dbh->set_table('user');
$dbh->set_fields('`salt`,`iteration`,`method`');
$dbh->set_where("`username`='{$clean_username}'");
$dbh->exec_fetch('single');
if ($dbh->num_rows == 1) {
extract($dbh->dump);
} else {
//No result found. We should produce fake data, so that the hashing process still takes place,
//mitigating probing / timing attacks
$salt = generate_token();
$method = cobalt_password_set_method();
if ($method == 'blowfish') {
$iteration = AUTH_BLOWFISH_COST_FACTOR;
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
$iteration = mt_rand($min, $max);
echo $iteration . ' ' . $method . ' ' . $salt;
}
}
$dbh->close_db();
} elseif ($mode == 'NEW') {
$salt = generate_token();
$method = cobalt_password_set_method();
if ($method == 'blowfish') {
$iteration = AUTH_BLOWFISH_COST_FACTOR;
} else {
$min = constant('AUTH_' . strtoupper($method) . '_MIN_ROUNDS');
$max = constant('AUTH_' . strtoupper($method) . '_MAX_ROUNDS');
if ($max < $min) {
$max = $min;
}
$iteration = mt_rand($min, $max);
}
} else {
error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid mode specified.");
}
if ($method == 'blowfish') {
$digest = cobalt_password_hash_bcrypt($password, $salt, $iteration);
} elseif (in_array($method, cobalt_password_methods())) {
$digest = cobalt_password_hash_process($password, $salt, $iteration, $method);
} else {
error_handler("Cobalt encountered an error during password processing.", "Cobalt Password Hash Error: Invalid hash method specified.");
}
return $digest;
}
public function output()
{
$this->smarty->display("header.tpl");
$content = $this->smarty->fetch($this->template . ".tpl");
$content = preg_replace('/(<form\\W[^>]*\\bmethod=(\'|"|)POST(\'|"|)\\b[^>]*>)/i', '$1' . "\n" . generate_token(), $content);
if ($this->exitmsg) {
$content = $this->exitmsg;
}
echo $content;
$this->smarty->display("footer.tpl");
}
function start_token_session($userid)
{
global $mysqli;
invalidate_users_token($userid);
$token = generate_token();
$_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["client"] = $_SERVER["HTTP_USER_AGENT"];
$_SESSION["token"] = $token;
$_SESSION["userid"] = $userid;
$mysqli->query("INSERT INTO `Sessions` (`Token`, `User-ID`, `IP`) VALUES ('{$token}', {$userid}, '" . $_SERVER['REMOTE_ADDR'] . "')");
}
function send_token()
{
$email = validate_email(@$_POST['email']);
if (email_overlap($email)) {
echo "email overlap";
die;
}
$mail = new PHPMailer();
//实例化
$mail->IsSMTP();
// 启用SMTP
$mail->Host = $GLOBALS['smtp_server'];
//SMTP服务器 以163邮箱为例子
$mail->Port = $GLOBALS['smtp_server_port'];
//邮件发送端口
$mail->SMTPAuth = true;
//启用SMTP认证
$mail->CharSet = "UTF-8";
//字符集
$mail->Encoding = "base64";
//编码方式
$mail->Username = $GLOBALS['smtp_user_mail'];
//你的邮箱
$mail->Password = $GLOBALS['smtp_user_pass'];
//你的密码
$mail->Subject = "NutLab SS Token";
//邮件标题
$mail->From = $GLOBALS['smtp_user_mail'];
//发件人地址(也就是你的邮箱)
$mail->FromName = "NutLab";
//发件人姓名
$address = $email;
//收件人email
$mail->AddAddress($address, "Dear");
//添加收件人(地址,昵称)
$mail->IsHTML(true);
//支持html格式内容
$token = generate_token();
$mail->Body = "感谢您在我站注册了新帐号。<br/><br/>你的验证码为" . $token;
//邮件主体内容
if (!$mail->Send()) {
echo "token sending fail:" . $mail->ErrorInfo;
echo "token sending fail";
} else {
echo "token sending success";
}
$count = count($GLOBALS['DB']->query("SELECT * FROM user WHERE email=? ", array($email)));
if ($count > 0) {
$result = $GLOBALS['DB']->query("UPDATE user SET token=? WHERE email=?", array($token, $email));
} else {
$result = $GLOBALS['DB']->query("INSERT INTO user (email,pass,passwd,u,d,transfer_enable,port,enable,activated,token) VALUES (?,'','','0','0','0',?,'0','0',?)", array($email, generate_port(), $token));
}
}
public static function add($first_name, $last_name, $phone, $email, $password, $zipcode, $referral_code = '', $device_token = '', $device_type = 'web', $membership_type = 'Member')
{
$user = new User();
$user_credit = new UserCredit();
$user->first_name = $first_name;
$user->last_name = $last_name;
$user->phone = $phone;
$user->email = $email;
$user->referred_by = 0;
$user->token = generate_token();
$user->token_expiry = generate_expiry() / 10;
$user->social_id = 0;
if ($device_type != 'web') {
$user->device_token = $device_token;
} else {
$user->device_token = '';
}
$user->device_type = $device_type;
$user->image_url = '';
$user->total_referrals = 0;
$user->remember_token = '';
$user_credit->earned = 0;
$user_credit->spent = 0;
if ($referral_code != '') {
$referrer = User::where('referral_code', $referral_code)->first();
if ($referrer) {
$user->referred_by = $referrer->id;
$user_credit->earned = 10;
// add credits to referrer
$referrer_credit = UserCredit::where('user_id', $referrer->id)->first();
$referrer_credit->earned += 5;
$referrer_credit->spent = 0;
$referrer_credit->save();
$temp_user = User::find($referrer->id);
$temp_user->total_referrals += 1;
$temp_user->save();
}
}
$user->password = Hash::make($password);
$user->membership_type = $membership_type;
$user->zipcode = $zipcode;
$user->referral_code = generate_referral_code($first_name, $last_name);
if ($membership_type == 'Member') {
$user->membership_ends_on = "2100-01-01";
} else {
$user->membership_ends_on = date('Y-m-d', strtotime('+1 years'));
}
$user->save();
$user_credit->user_id = $user->id;
$user_credit->save();
return $user;
}
function make_token()
{
// Temporary: purge tokens more often
// Tokens are cleared on GW communication,
// but there is no gateway right now
clear_old_tokens();
$db = Flight::db();
$token = generate_token();
$stmt = $db->prepare('INSERT INTO tokens (token) VALUES (:token)');
$stmt->bindParam(':token', $token);
$stmt->execute();
return $token;
}
function replace_forms($form_data_html)
{
$count = preg_match_all("/<form(.*?)>(.*?)<\\/form>/is", $form_data_html, $matches, PREG_SET_ORDER);
if (is_array($matches)) {
foreach ($matches as $m) {
if (strpos($m[1], "nocsrf") !== false) {
continue;
}
$name = "CSRFGuard_" . mt_rand(0, mt_getrandmax());
$token = generate_token($name);
$form_data_html = str_replace($m[0], "<form{$m[1]}>\n<input type='hidden' name='CSRFName' value='{$name}' />\n<input type='hidden' name='CSRFToken' value='{$token}' />{$m[2]}</form>", $form_data_html);
}
}
return $form_data_html;
}
function generate_token($username, $deep = 0)
{
global $db;
$deep++;
if ($deep > 3) {
return false;
}
$token_string = generate_string(64);
// 检测有效性
$token = $db->get('token', array('token', 'username', 'expired_time'), array('AND' => array('token' => $token_string, 'expired_time[>]' => time())));
if ($token) {
return generate_token($username, $deep);
} else {
$result = $db->insert('token', array('token' => $token_string, 'username' => $username, 'expired_time' => time() + 3600 * 2));
$active = $db->insert('active', array('content' => "登录创建 token:{$token_string} 经过 {$deep} 次", 'username' => $username, 'time' => date('Y-m-d H:i:s', time())));
return $token_string;
}
}
function widget_my_notes($vars)
{
$title = "My Notes";
$mynotes = get_query_val("tbladmins", "notes", array("id" => $vars['adminid']));
$content = '
<script>
function widgetnotessave() {
$.post("index.php", { action: "savenotes", notes: $("#widgetnotesbox").val(), token: "' . generate_token('plain') . '" });
$("#widgetnotesconfirm").slideDown().delay(2000).slideUp();
}
</script>
<div align="center">
<div id="widgetnotesconfirm" style="display:none;margin:0 0 5px 0;padding:5px 20px;background-color:#DBF3BA;font-weight:bold;color:#6A942C;">Notes Saved Successfully!</div>
<textarea id="widgetnotesbox" style="width:95%;height:100px;">' . $mynotes . '</textarea>
<input type="button" value="Save Notes" onclick="widgetnotessave()" />
</div>
';
return array('title' => $title, 'content' => $content);
}
function openform($form_name, $form_id, $method, $action, $array = false)
{
global $defender;
if (!is_array($array)) {
$class = '';
$enctype = '';
$downtime = 10;
$notice = 1;
} else {
$class = array_key_exists('class', $array) && $array['class'] ? $array['class'] : '';
$enctype = array_key_exists('enctype', $array) && $array['enctype'] == 1 ? 1 : 0;
$downtime = array_key_exists('downtime', $array) && isnum($array['downtime']) ? $array['downtime'] : 10;
$notice = array_key_exists('notice', $array) && isnum($array['notice']) ? $array['notice'] : 1;
}
$html = "<form name='" . $form_name . "' id='" . $form_id . "' method='" . $method . "' action='" . $action . "' class='" . (defined('FUSION_NULL') ? 'warning' : '') . " {$class}' " . ($enctype ? "enctype='multipart/form-data'" : '') . " >\n";
$html .= generate_token($form_name, $downtime);
if (defined('FUSION_NULL') && $notice) {
echo $defender->showNotice();
}
return $html;
}
/**
* Constructor.
*
* @param array $vars "vars" array from WHCMS.
*/
public function __construct($vars = array())
{
global $templates_compiledir, $customadminpath, $module, $_LANG, $CONFIG;
// Create smarty
$this->view = new \Smarty();
$this->view->template_dir = ROOTDIR . '/modules/addons/' . $module . '/templates/';
$this->view->compile_dir = $templates_compiledir;
// Assing WHMCS system params
$this->view->assign('_LANG', $_LANG);
$this->view->assign('_CONFIG', $CONFIG);
$this->view->assign('csrfToken', generate_token('plain'));
// Assing our module params
$this->vars = $vars;
$this->view->assign('vars', $this->vars);
$this->view->assign('customadminpath', $customadminpath);
$this->modulelink = '/' . $customadminpath . '/addonmodules.php?module=' . $module;
$this->view->assign('modulelink', $this->modulelink);
if (isset($_REQUEST['action'])) {
$this->action = $_REQUEST['action'];
}
$this->view->assign('action', $this->action);
}
function widget_my_notes($vars)
{
global $_ADMINLANG;
$title = "My Notes";
$mynotes = get_query_val("tbladmins", "notes", array("id" => $vars['adminid']));
$content = '
<script>
function widgetnotessave() {
$.post("index.php", { action: "savenotes", notes: $("#widgetnotesbox").val(), token: "' . generate_token('plain') . '" });
$("#widgetnotesconfirm").slideDown().delay(2000).slideUp();
}
</script>
<div id="widgetnotesconfirm" style="display:none;margin:0 0 5px 0;padding:5px 20px;background-color:#DBF3BA;font-weight:bold;color:#6A942C;">Notes Saved Successfully!</div>
<form>
<textarea id="widgetnotesbox" style="height:100px;" class="form-control">' . $mynotes . '</textarea>
<div class="widget-footer">
<input type="reset" value="' . $_ADMINLANG['global']['cancel'] . '" class="btn btn-default btn-sm" /> <input type="button" value="Save Notes" onclick="widgetnotessave()" class="btn btn-info btn-sm" />
</div>
</form>
';
return array('title' => $title, 'content' => $content);
}
function create_session($expire_secs = NULL, $login_id = NULL, $network_address = NULL)
{
global $dbconn;
global $auth_settings;
// Check parameters
// $network_address is mandatory, fail immediately if not set
if (is_null($network_address)) {
$network_address = $_SERVER['REMOTE_ADDR'];
}
if (strlen($network_address) < 4) {
return FALSE;
}
// Login ID is mandatory
if (is_numeric($login_id) === FALSE || $login_id < 0 || $login_id == NULL) {
return FALSE;
}
if (is_null($expire_secs) || $expire_secs < $auth_settings['session_expire_default']) {
$expire_secs = $auth_settings['session_expire_default'];
}
$session_key = generate_token();
$csrf_token = generate_token();
$create_time = time();
$expire_time = $create_time + $expire_secs;
// Add or update the session in the database
$sql = "INSERT INTO sessions (\n\t\t\tlogin_id,\n\t\t\tsession_key, csrf_token, network_address,\n\t\t\tcreate_time, expire_time\n\t\t) VALUES (\n\t\t\t:li, :sk, :csrf, :na,\n\t\t\t:ct, :et\n\t\t)\n\t\tON DUPLICATE KEY UPDATE\n\t\tlogin_id = :li,\n\t\tsession_key = :sk,\n\t\tcsrf_token = :csrf,\n\t\tnetwork_address = :na,\n\t\tcreate_time = :ct,\n\t\texpire_time = :et";
$stmt = $dbconn->prepare($sql);
$stmt->bindParam(':li', $login_id, PDO::PARAM_INT);
$stmt->bindParam(':sk', $session_key, PDO::PARAM_STR);
$stmt->bindParam(':csrf', $csrf_token, PDO::PARAM_STR);
$stmt->bindParam(':na', $network_address, PDO::PARAM_STR);
$stmt->bindParam(':ct', $create_time, PDO::PARAM_INT);
$stmt->bindParam(':et', $expire_time, PDO::PARAM_INT);
// Catch any failure to create a session
if ($stmt->execute() == FALSE) {
return FALSE;
}
set_auth_cookie($session_key, $expire_time, $domain);
return TRUE;
}
function register($email, $password, $passwordRe, $connection)
{
//test if user exists
include_once 'functions.php';
$errors = check_validity($email, $password, $passwordRe, $connection);
if (count($errors) > 0) {
return $errors;
}
$k = 0;
if ($stmt = mysqli_prepare($connection, "SELECT id FROM users WHERE email=?")) {
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($col1);
while ($stmt->fetch()) {
$k++;
}
$stmt->close();
if ($k == 0) {
include_once "functions.php";
$generatedToken = generate_token();
$sql = 'INSERT INTO users(email,password,date_registration,generated_token) VALUES(?,SHA(?),NOW(),?)';
$stmt = mysqli_prepare($connection, $sql);
$stmt->bind_param("sss", $email, $password, $generatedToken);
$stmt->execute();
if (mysqli_affected_rows($connection) == 0) {
$errors[] = 'Unfortunately registration failed!';
return $errors;
}
$stmt->close();
} else {
$errors[] = "E-mail already registered!";
return $errors;
}
}
return $errors;
}
function getTicketAttachmentsInfo($ticketid, $replyid, $attachment)
{
$attachments = array();
if ($attachment) {
$attachment = explode("|", $attachment);
foreach ($attachment as $num => $file) {
$file = substr($file, 7);
if ($replyid) {
$attachments[] = array("filename" => $file, "dllink" => "dl.php?type=ar&id=" . $replyid . "&i=" . $num, "deletelink" => "" . $PHP_SELF . "?action=viewticket&id=" . $ticketid . "&removeattachment=true&type=r&idsd=" . $replyid . "&filecount=" . $num . generate_token("link"));
continue;
}
$attachments[] = array("filename" => $file, "dllink" => "dl.php?type=a&id=" . $ticketid . "&i=" . $num, "deletelink" => "" . $PHP_SELF . "?action=viewticket&id=" . $ticketid . "&removeattachment=true&idsd=" . $ticketid . "&filecount=" . $num . generate_token("link"));
}
}
return $attachments;
}
foreach ($fraudresults as $key => $value) {
++$i;
echo "<td class=\"fieldlabel\" width=\"30%\">" . $key . "</td><td class=\"fieldarea\"";
if ($key == "Explanation") {
echo " colspan=\"3\"";
$i = 2;
} else {
echo " width=\"20%\"";
}
echo ">" . $value . "</td>";
if ($i == "2") {
echo "</tr><tr>";
$i = 0;
continue;
}
}
echo "</tr></table></div>";
$jquerycode .= "\$(\"#rerunfraud\").click(function () {\n \$(\"#rerunfraud\").html(\"<img src=\\\"../images/spinner.gif\\\" align=\\\"absmiddle\\\" /> Performing Check...\");\n \$.post(\"orders.php\", { action: \"view\", rerunfraudcheck: \"true\", orderid: " . $id . ", token: \"" . generate_token("plain") . "\" },\n function(data){\n \$(\"#fraudresults\").html(data);\n \$(\"#rerunfraud\").html(\"Update Completed\");\n });\n return false;\n});";
}
}
echo "\n</form>\n\n";
echo $aInt->jqueryDialog("affassign", $aInt->lang("orders", "affassign"), $aInt->lang("global", "loading"), array($aInt->lang("global", "savechanges") => "\$('#affiliatefield').html(\$('#affid option:selected').text());\$(this).dialog('close');\$.post('orders.php', { action: 'affassign', orderid: " . $id . ", affid: \$('#affid').val(), token: '" . generate_token("plain") . "' });", $aInt->lang("global", "cancelchanges") => ""));
$jquerycode .= "\$(\"#showaffassign\").click(\n function() {\n \$(\"#affassign\").dialog(\"open\");\n \$(\"#affassign\").load(\"orders.php?action=affassign\");\n return false;\n }\n);\n\$(\"#togglenotesbtn\").click(function() {\n\t\$(\"#notesholder\").slideToggle(\"slow\", function() {\n\t\ttoggletext = \$(\"#togglenotesbtn\").attr(\"value\");\n\t\tif(toggletext == \"Add Notes\") { \$(\"#togglenotesbtn\").fadeOut(\"fast\",function(){ \$(\"#togglenotesbtn\").attr(\"value\",\"Hide Notes\"); \$(\"#togglenotesbtn\").fadeIn(); }); }\n\t\tif(toggletext == \"Hide Notes\") { \$(\"#togglenotesbtn\").fadeOut(\"fast\",function(){ \$(\"#togglenotesbtn\").attr(\"value\",\"Add Notes\"); \$(\"#togglenotesbtn\").fadeIn(); }); }\n\t\t\$(\"#shownotesbtnholder\").slideToggle();\n\t});\n\treturn false;\n});\n\$(\"#savenotesbtn\").click(function() {\n\t\$.post(\"" . $PHP_SELF . "?action=view&id=" . $id . "\", { updatenotes: true, notes: \$('#notes').val(), token: \"" . generate_token("plain") . "\" });\n\t\$(\"#savenotesbtn\").attr(\"value\",\"Saved\");\n\treturn false;\n});\n\$(\"#notes\").keyup(function() {\n\t\$(\"#savenotesbtn\").attr(\"value\",\"Save Notes\");\n});";
$aInt->jquerycode = $jquerycode;
$aInt->jscode = $jscode;
}
}
$content = ob_get_contents();
ob_end_clean();
$aInt->content = $content;
$aInt->display();
}
</script>
<title> <?php
echo GLOBAL_PROJECT_NAME;
?>
- Powered by Cobalt</title>
<link href="css/login.css" rel="stylesheet" type="text/css">
<meta http-equiv="content-type" content="text/html; charset=<?php
echo MULTI_BYTE_ENCODING;
?>
" />
</head>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onload="document.getElementById('username').focus();">
<?php
echo '<form method="POST" action="' . basename($_SERVER['SCRIPT_NAME']) . '">';
$form_key = generate_token();
$form_identifier = $_SERVER['SCRIPT_NAME'];
$_SESSION['cobalt_form_keys'][$form_identifier] = $form_key;
echo '<input type="hidden" name="form_key" value="' . $form_key . '">';
?>
<div class="left_container">
<div class="title">
<?php
//echo GLOBAL_PROJECT_NAME;
echo 'Asia Pacific College </br>';
echo 'Internship Office </br>';
echo 'Communication Site';
?>
</div>
public function userSave()
{
$first_name = Input::get('first_name');
$last_name = Input::get('last_name');
$email = Input::get('email');
$phone = Input::get('phone');
$password = Input::get('password');
$referral_code = Input::get('referral_code');
if (Owner::where('email', $email)->count() == 0) {
$owner = new Owner();
$owner->first_name = $first_name;
$owner->last_name = $last_name;
$owner->email = $email;
$owner->phone = $phone;
if ($password != "") {
$owner->password = Hash::make($password);
}
$owner->token = generate_token();
$owner->token_expiry = generate_expiry();
if ($referral_code != "") {
if ($ledger = Ledger::where('referral_code', $referral_code)->first()) {
$referred_by = $ledger->owner_id;
$settings = Settings::where('key', 'default_referral_bonus')->first();
$referral_bonus = $settings->value;
$ledger = Ledger::find($ledger->id);
$ledger->total_referrals = $ledger->total_referrals + 1;
$ledger->amount_earned = $ledger->amount_earned + $referral_bonus;
$ledger->save();
$owner->referred_by = $ledger->owner_id;
$response_array = array('success' => true);
$response_code = 200;
}
}
$owner->save();
// send email
$settings = Settings::where('key', 'email_owner_new_registration')->first();
$pattern = $settings->value;
$pattern = str_replace('%name%', $owner->first_name, $pattern);
$subject = "Welcome On Board";
email_notification($owner->id, 'owner', $pattern, $subject);
return Redirect::to('user/signin')->with('success', 'Ypu have successfully registered. <br>Please Login');
} else {
return Redirect::to('user/signup')->with('error', 'This email ID is already registered.');
}
}
header('Access-Control-Allow-Headers: user, password');
//use files
require_once 'classes/user.php';
require_once 'classes/generatetoken.php';
//read headers
$headers = getallheaders();
//check if headers were received
if (isset($headers['user']) & isset($headers['password'])) {
try {
//create object
$u = new User($headers['user'], $headers['password']);
//display json
echo '{ "status" : 0,
"user" : "' . $u->get_id() . '",
"name" : "' . $u->get_name() . '",
"token" : "' . generate_token($u->get_id()) . '"
}';
} catch (RecordNotFoundException $ex) {
echo '{ "status" : 1, "errorMessage" : "' . $ex->get_message() . '" }';
}
} else {
echo '{ "status" : 2, "errorMessage" : "Invalid Headers" }';
}
?>
$overagesbwprice = $data['overagesbwprice'];
$affiliatepayamount = $data['affiliatepayamount'];
$affiliatepaytype = $data['affiliatepaytype'];
$affiliateonetime = $data['affiliateonetime'];
$downloads = $data['downloads'];
$retired = $data['retired'];
$freedomainpaymentterms = explode(",", $freedomainpaymentterms);
$freedomaintlds = explode(",", $freedomaintlds);
$overagesenabled = explode(",", $overagesenabled);
$upgradepackages = unserialize($upgradepackages);
$downloads = unserialize($downloads);
$order = $data['order'];
echo "<script type=\"text/javascript\" src=\"../includes/jscript/jquerylq.js\"></script>\n<script type=\"text/javascript\" src=\"../includes/jscript/jqueryFileTree.js\"></script>\n<link href=\"../includes/jscript/css/jqueryFileTree.css\" rel=\"stylesheet\" type=\"text/css\" media=\"screen\" />\n\n<h2>Edit Product</h2>\n<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?action=save&id=" . $id;
echo "\" name=\"packagefrm\">";
$jscode = "function deletecustomfield(id) {\nif (confirm(\"Are you sure you want to delete this field and ALL DATA associated with it?\")) {\nwindow.location='" . $_SERVER['PHP_SELF'] . "?action=edit&id=" . $id . "&tab=3&sub=deletecustomfield&fid='+id+'" . generate_token("link") . "';\n}}\nfunction deleteoption(id) {\nif (confirm(\"Are you sure you want to delete this product configuration?\")) {\nwindow.location='" . $_SERVER['PHP_SELF'] . "?action=edit&id=" . $id . "&tab=4&sub=deleteoption&confid='+id+'" . generate_token("link") . "';\n}}";
$jquerycode = "\$('#productdownloadsbrowser').fileTree({ root: '0', script: 'configproducts.php?action=getdownloads" . generate_token("link") . "', folderEvent: 'click', expandSpeed: 1, collapseSpeed: 1 }, function(file) {\n \$.post(\"configproducts.php?action=managedownloads&id=" . $id . generate_token("link") . "&adddl=\"+file, function(data) {\n \$(\"#productdownloadslist\").html(data);\n });\n});\n\$(\".removedownload\").livequery(\"click\", function(event) {\n var dlid = \$(this).attr(\"rel\");\n \$.post(\"configproducts.php?action=managedownloads&id=" . $id . generate_token("link") . "&remdl=\"+dlid, function(data) {\n \$(\"#productdownloadslist\").html(data);\n });\n});\n\$(\"#showquickupload\").click(\n function() {\n \$(\"#quickupload\").dialog(\"open\");\n \$(\"#quickupload\").load(\"configproducts.php?action=quickupload&id=" . $id . generate_token("link") . "\");\n return false;\n }\n);\n\$(\"#showadddownloadcat\").click(\n function() {\n \$(\"#adddownloadcat\").dialog(\"open\");\n \$(\"#adddownloadcat\").load(\"configproducts.php?action=adddownloadcat&id=" . $id . generate_token("link") . "\");\n return false;\n }\n);\n";
if ($success) {
infoBox($aInt->lang("global", "changesuccess"), $aInt->lang("global", "changesuccessdesc"));
}
echo $infobox;
echo $aInt->Tabs(array($aInt->lang("products", "tabsdetails"), $aInt->lang("global", "pricing"), $aInt->lang("products", "tabsmodulesettings"), $aInt->lang("setup", "customfields"), $aInt->lang("setup", "configoptions"), $aInt->lang("products", "tabsupgrades"), $aInt->lang("products", "tabsfreedomain"), $aInt->lang("setup", "other"), $aInt->lang("products", "tabslinks")));
echo "\n<div id=\"tab0box\" class=\"tabbox\">\n <div id=\"tab_content\">\n\n<table class=\"form\" width=\"100%\" border=\"0\" cellspacing=\"2\" cellpadding=\"3\">\n<tr><td class=\"fieldlabel\">";
echo $aInt->lang("fields", "producttype");
echo "</td><td class=\"fieldarea\">";
echo "<s";
echo "elect name=\"type\" onChange=\"doFieldUpdate()\"><option value=\"hostingaccount\"";
if ($type == "hostingaccount") {
echo " SELECTED";
}
echo ">";
echo $aInt->lang("products", "hostingaccount");
$order = $data['order'];
echo "\n<form method=\"post\" action=\"";
echo $PHP_SELF;
echo "?action=save\">\n<input type=\"hidden\" name=\"module\" value=\"";
echo $module;
echo "\">\n\n<p align=\"left\"><b>";
echo $count . ". " . $GatewayConfig[$module]['FriendlyName']['Value'];
if ($numgateways != "1") {
echo " <a href=\"#\" onclick=\"deactivateGW('" . $module . "','" . $GatewayConfig[$module]['FriendlyName']['Value'] . "');return false\" style=\"color:#cc0000\">(" . $aInt->lang("gateways", "deactivate") . ")</a> ";
}
echo "</b>";
if ($order != "1") {
echo "<a href=\"" . $PHP_SELF . "?action=moveup&order=" . $order . generate_token("link") . "\"><img src=\"images/moveup.gif\" align=\"absmiddle\" width=\"16\" height=\"16\" border=\"0\" alt=\"\"></a> ";
}
if ($order != $lastorder) {
echo "<a href=\"" . $PHP_SELF . "?action=movedown&order=" . $order . generate_token("link") . "\"><img src=\"images/movedown.gif\" align=\"absmiddle\" width=\"16\" height=\"16\" border=\"0\" alt=\"\"></a>";
}
echo "</p>\n<table class=\"form\" width=\"100%\" border=\"0\" cellspacing=\"2\" cellpadding=\"3\">\n<tr><td width=\"200\" class=\"fieldlabel\">";
echo $aInt->lang("gateways", "showonorderform");
echo "</td><td class=\"fieldarea\"><input type=\"checkbox\" name=\"field[visible]\"";
if ($GatewayValues[$module]['visible']) {
echo " checked";
}
echo " /></td></tr>\n<tr><td class=\"fieldlabel\">";
echo $aInt->lang("gateways", "displayname");
echo "</td><td class=\"fieldarea\"><input type=\"text\" name=\"field[name]\" size=\"30\" value=\"";
echo $GatewayValues[$module]['name'];
echo "\"></td></tr>\n";
foreach ($GatewayConfig[$module] as $confname => $values) {
if ($values['Type'] != "System") {
$values['Name'] = "field[" . $confname . "]";
<?php
//allow access to API
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: email, token');
//use files
require_once 'classes/person.php';
require_once 'classes/exceptions.php';
require_once 'classes/catalogs.php';
require_once 'classes/generatetoken.php';
//get headers
$headers = getallheaders();
//validate parameter and headers
if (isset($headers['email']) & isset($headers['token'])) {
//validate
if ($headers['token'] == generate_token($headers['email'])) {
try {
$json = '{ "status" : 0, "tutors" : [';
//read makes
$first = true;
foreach (Catalogs::get_tutors() as $t) {
if ($first) {
$first = false;
} else {
$json .= ',';
}
$json .= '{ "id" : "' . $t->get_id() . '",
"photo" : "' . $t->get_photo() . '",
"firstname" : "' . $t->get_first_name() . '",
"lastname" : "' . $t->get_last_name() . '",
"dateofbirth" : "' . $t->get_date_of_birth() . '",
"email" : "' . $t->get_email() . '",
<?php
//allow access to API
header('Access-Control-Allow-Origin:*');
header('Access-Control-Allow-Headers:email,password');
//use files
require_once 'classes/person.php';
require_once 'classes/generatetoken.php';
//read headers
$headers = getallheaders();
//check if headers were received
if (isset($headers['email']) & isset($headers['password'])) {
try {
//create object
$p = new Person($headers['email'], $headers['password']);
//display j
echo '{"status":0,
"id":"' . $p->get_id() . '",
"name":"' . $p->get_first_name() . '",
"email":"' . $headers['email'] . '",
"token":"' . generate_token($p->get_email()) . '"
}';
} catch (RecordNotFoundException $ex) {
echo '{"status": "1","errorMessage":"' . $ex->get_message() . '"}';
}
} else {
echo '{"status":2,"errorMessage":"invalidHeaders"}';
}
echo $aInt->lang("networkissues", "addnew");
echo "</a></p>\n\n<h2>";
echo $pagetitle;
echo " Issues</h2>\n\n";
$aInt->sortableTableInit("nopagination");
if (mysql_num_rows($result)) {
while ($open_row = mysql_fetch_assoc($result)) {
$enddate = $open_row['enddate'];
$enddate = $enddate ? fromMySQLDate($enddate, true) : "None";
if ($open_row['server']) {
$open_row->type .= " (" . $open_row['server'] . ")";
}
if ($open_row['status'] == "Resolved") {
$actions = "<a href=\"" . $_SERVER['PHP_SELF'] . "?action=reopen&id=" . $open_row['id'] . generate_token("link") . "\">Reopen</a>";
} else {
$actions = "<a href=\"" . $_SERVER['PHP_SELF'] . "?action=close&id=" . $open_row['id'] . generate_token("link") . "\">Close</a>";
}
$tabledata[] = array("<a href=\"" . $_SERVER['PHP_SELF'] . "?action=manage&id=" . $open_row['id'] . "\">" . $open_row['title'] . "</a>", $open_row['type'], $open_row['priority'], $open_row['status'], fromMySQLDate($open_row['startdate'], true), $enddate, $actions, "<a href=\"#\" onClick=\"doDelete('" . $open_row['id'] . "');return false\"><img src=\"images/delete.gif\" width=\"16\" height=\"16\" border=\"0\" alt=\"Delete\"></a>");
}
}
echo $aInt->sortableTable(array("Title", "Type", "Priority", "Status", "Start Date", "End Date", " ", ""), $tabledata);
} else {
if ($action == "manage") {
if ($errormessage) {
infoBox("Validation Failed", $errormessage);
echo $infobox;
}
echo "<script type=\"text/javascript\" src=\"../includes/jscript/jquery-ui-timepicker-addon.js\"></script>\n<link rel=\"stylesheet\" type=\"text/css\" href=\"../includes/jscript/css/jquery-ui-timepicker-addon.css\" />\n<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "?action=save\">";
if ($id) {
$pagetitle = "Modify Existing Issue";
$result = select_query("tblnetworkissues", "", array("id" => $id));
init_cobalt('View sub doc');
if (xsrf_guard()) {
init_var($_POST['btn_cancel']);
init_var($_POST['btn_submit']);
if ($_POST['btn_cancel']) {
log_action('Pressed cancel button');
redirect("listview_sub_doc.php");
}
if ($_POST['btn_submit']) {
log_action('Pressed submit button');
require 'subclasses/sub_doc.php';
$dbh_sub_doc = new sub_doc();
if ($message == "") {
log_action('Exported table data to CSV');
$timestamp = date('Y-m-d');
$token = generate_token(0, 'fs');
$csv_name = $token . $_SESSION['user'] . '_sub_doc_' . $timestamp . '.csv';
$filename = TMP_DIRECTORY . '/' . $csv_name;
$csv_contents = $dbh_sub_doc->export_to_csv();
$csv_file = fopen($filename, "wb");
fwrite($csv_file, $csv_contents);
fclose($csv_file);
chmod($filename, 0755);
$csv_name = urlencode($csv_name);
$message = 'CSV file successfully generated: <a href="/' . BASE_DIRECTORY . '/download_generic.php?filename=' . $csv_name . '">Download the CSV file.</a>';
$message_type = 'system';
}
}
}
require 'subclasses/sub_doc_html.php';
$html = new sub_doc_html();
}
echo $frmsub->dropdown("messagename", $emailarr);
echo $frmsub->submit($aInt->lang("global", "sendmessage"));
echo $frmsub->close();
echo "</td><td>";
$frmsub = new WHMCS_Form("frm4");
echo $frmsub->form("clientsemails.php?userid=" . $userid);
echo $frmsub->hidden("action", "send");
echo $frmsub->hidden("type", "product");
echo $frmsub->hidden("id", $id);
echo $frmsub->hidden("messagename", "defaultnewacc");
echo $frmsub->submit($aInt->lang("emails", "senddefaultproductwelcome"));
echo $frmsub->close();
echo "</td></tr></table>\n</div>\n\n<form method=\"post\" action=\"whois.php\" target=\"_blank\" id=\"frmWhois\">\n<input type=\"hidden\" name=\"domain\" value=\"" . $domain . "\" />\n</form>\n";
$content = ob_get_contents();
ob_end_clean();
if ($whmcs->get_req_var("ajaxupdate")) {
$content = preg_replace('/(<form\\W[^>]*\\bmethod=(\'|"|)POST(\'|"|)\\b[^>]*>)/i', '$1' . "\n" . generate_token(), $content);
echo $content;
exit;
} else {
$content = "<div id=\"servicecontent\">" . $content . "</div>";
$content .= $aInt->jqueryDialog("modcreate", $aInt->lang("services", "confirmcommand"), $aInt->lang("services", "createsure"), array($aInt->lang("global", "yes") => "runModuleCommand('create')", $aInt->lang("global", "no") => ""), "", "450");
$content .= $aInt->jqueryDialog("modsuspend", $aInt->lang("services", "confirmcommand"), $aInt->lang("services", "suspendsure") . "<br /><div align=\"center\">" . $aInt->lang("services", "suspendreason") . ": <input type=\"text\" id=\"suspreason\" size=\"20\" /><br /><br /><input type=\"checkbox\" id=\"suspemail\" /> " . $aInt->lang("services", "suspendsendemail") . "</div>", array($aInt->lang("global", "yes") => "runModuleCommand('suspend')", $aInt->lang("global", "no") => ""), "", "450");
$content .= $aInt->jqueryDialog("modunsuspend", $aInt->lang("services", "confirmcommand"), $aInt->lang("services", "unsuspendsure"), array($aInt->lang("global", "yes") => "runModuleCommand('unsuspend')", $aInt->lang("global", "no") => ""), "", "450");
$content .= $aInt->jqueryDialog("modterminate", $aInt->lang("services", "confirmcommand"), $aInt->lang("services", "terminatesure"), array($aInt->lang("global", "yes") => "runModuleCommand('terminate')", $aInt->lang("global", "no") => ""), "", "450");
$content .= $aInt->jqueryDialog("modchangepackage", $aInt->lang("services", "confirmcommand"), $aInt->lang("services", "chgpacksure"), array($aInt->lang("global", "yes") => "runModuleCommand('changepackage')", $aInt->lang("global", "no") => ""), "", "450");
$content .= $aInt->jqueryDialog("delete", $aInt->lang("services", "deleteproduct"), $aInt->lang("services", "proddeletesure"), array($aInt->lang("global", "yes") => "window.location='" . $PHP_SELF . "?userid=" . $userid . "&id=" . $id . "&action=delete" . generate_token("link") . "'", $aInt->lang("global", "no") => ""), "180", "450");
}
$aInt->content = $content;
$aInt->display();
echo "</strong>";
if ($configarray['Description']['Value']) {
echo "<br />" . $configarray['Description']['Value'];
}
echo "</td>\n\t\t<td width=\"200\" align=\"center\" ";
if ($moduleactive) {
echo "style=\"background-color:#EBFEE2;\"";
}
echo ">";
echo $moduleaction;
echo "</td>\n\t</tr>\n\t<tr><td id=\"";
echo $module;
echo "config\" class=\"config\" style=\"display:none;padding:15px;\" colspan=\"3\"><form method=\"post\" action=\"";
echo $PHP_SELF;
echo "?action=save&module=";
echo $module . generate_token("link");
echo "\">\n\t\t<table class=\"form\" width=\"100%\">\n ";
foreach ($configarray as $key => $values) {
if ($values['Type'] != "System") {
if (!$values['FriendlyName']) {
$values['FriendlyName'] = $key;
}
$values['Name'] = $key;
$values['Value'] = htmlspecialchars($moduleconfigdata[$key]);
echo "<tr><td class=\"fieldlabel\">" . $values['FriendlyName'] . "</td><td class=\"fieldarea\">" . moduleConfigFieldOutput($values) . "</td></tr>";
continue;
}
}
echo "\t\t</table><br /><div align=\"center\"><input type=\"submit\" name=\"save\" value=\"";
echo $aInt->lang("global", "savechanges");
echo "\" class=\"btn primary\" /></form></div><br />\n\t</td></tr>\n";
public function providerSave()
{
$first_name = Input::get('first_name');
$last_name = Input::get('last_name');
$email = Input::get('email');
$phone = Input::get('phone');
$password = Input::get('password');
$type = Input::get('type');
if (Input::has('type') == NULL) {
/* $var = Keywords::where('id', 1)->first();
return Redirect::to('')->with('success', 'You do not have ' . $var->keyword . ' Type. Please Contact your Admin'); */
return Redirect::to('')->with('success', 'You do not have ' . Config::get('app.generic_keywords.Provider') . ' Type. Please Contact your Admin');
}
$validator = Validator::make(array('first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'type' => $type, 'password' => $password), array('password' => 'required', 'email' => 'required', 'last_name' => 'required', 'first_name' => 'required', 'type' => 'required'));
$validator1 = Validator::make(array('email' => $email), array('email' => 'required|email'));
$validatorPhone = Validator::make(array('phone' => $phone), array('phone' => 'phone'));
if ($validator->fails()) {
$error_messages = $validator->messages();
return Redirect::to('provider/signup')->with('error', 'Please Fill all the fields.');
} else {
if ($validator1->fails()) {
return Redirect::to('provider/signup')->with('error', 'Please Enter email correctly.');
} else {
if ($validatorPhone->fails()) {
return Redirect::to('user/signup')->with('error', 'Invalid Phone Number Format');
} else {
if (Walker::where('email', $email)->count() == 0) {
$activation_code = uniqid();
$walker = new Walker();
$walker->first_name = $first_name;
$walker->last_name = $last_name;
$walker->email = $email;
$walker->phone = $phone;
$walker->activation_code = $activation_code;
$walker->is_available = 1;
if ($password != "") {
$walker->password = Hash::make($password);
}
$walker->token = generate_token();
$walker->token_expiry = generate_expiry();
$walker->type = $type;
if (Input::has('timezone')) {
$walker->timezone = Input::get('timezone');
}
$walker->save();
if (Input::has('type') != NULL) {
$ke = Input::get('type');
$proviserv = ProviderServices::where('provider_id', $walker->id)->first();
if ($proviserv != NULL) {
DB::delete("delete from walker_services where provider_id = '" . $walker->id . "';");
}
$base_price = Input::get('service_base_price');
$service_price_distance = Input::get('service_price_distance');
$service_price_time = Input::get('service_price_time');
Log::info('type = ' . print_r(Input::get('type'), true));
$cnkey = count(Input::get('type'));
Log::info('cnkey = ' . print_r($cnkey, true));
for ($i = 1; $i <= $cnkey; $i++) {
$key = Input::get('type');
$prserv = new ProviderServices();
$prserv->provider_id = $walker->id;
$prserv->type = $key;
Log::info('key = ' . print_r($key, true));
if (Input::has('service_base_price')) {
$prserv->base_price = $base_price[$i - 1];
} else {
$prserv->base_price = 0;
}
if (Input::has('service_price_distance')) {
$prserv->price_per_unit_distance = $service_price_distance[$i - 1];
} else {
$prserv->price_per_unit_distance = 0;
}
if (Input::has('service_price_distance')) {
$prserv->price_per_unit_time = $service_price_time[$i - 1];
} else {
$prserv->price_per_unit_distance = 0;
}
$prserv->save();
}
}
/* $subject = "Welcome On Board";
$email_data['name'] = $walker->first_name;
$url = URL::to('/provider/activation') . '/' . $activation_code;
$email_data['url'] = $url;
send_email($walker->id, 'walker', $email_data, $subject, 'providerregister'); */
//$settings = Settings::where('key', 'admin_email_address')->first();
//$admin_email = $settings->value;
//$pattern = array('admin_eamil' => $admin_email, 'name' => ucwords($walker->first_name . " " . $walker->last_name), 'web_url' => web_url());
//$subject = "Welcome to " . ucwords(Config::get('app.website_title')) . ", " . ucwords($walker->first_name . " " . $walker->last_name) . "";
//email_notification($walker->id, 'walker', $pattern, $subject, 'walker_register', "imp");
return Redirect::to('provider/signin')->with('success', 'You have successfully registered. <br>Please Activate your Email to Login');
} else {
return Redirect::to('provider/signup')->with('error', 'This email ID is already registered.');
}
}
}
}
}
