function handle_auth() { $request = Flight::request(); //incoming= //outgoing= $stage = $request->query->stage; $ip = $request->query->ip; $mac = $request->query->mac; $token = $request->query->token; if (empty($stage) || empty($ip) || empty($mac) || empty($token)) { //Flight::Error('Required parameters empty!'); write_auth_response(AUTH_ERROR); } // Do some housekeeping clear_old_tokens(); // Even on STAGE_COUNTER, check token //if ($stage == STAGE_COUNTER) { // return; //} if (is_token_valid($token)) { write_auth_response(AUTH_ALLOWED); return; } write_auth_response(AUTH_DENIED); }
} else { $response .= '{"status":"NOK"}'; echo $response; error_log("{$response}", 0); } //end check false if } //end pal_keys if } //end json not null if } //end existance of json if } else { if ($token_role == "register") { //line 190: Calls the is_token_valid function $user_role = is_token_valid($con); //lines 193-253: Checks if the user_role variable value is employee and decodes the JSON message arrived from STORK ISS require_once 'wp-config.php'; if ($user_role == "employee") { if (isset($_POST["r"])) { $json_string = $_POST["r"]; $json_string = stripslashes($json_string); error_log("{$json_string}", 0); $pal = json_decode($json_string, true); if ($_POST["r"] != "{}" || $pal != NULL) { $pal_keys = array_keys($pal); $pal_count = count($pal_keys); $SS_token = $_GET["t"]; require_once 'wp-config.php'; $query = "UPDATE wp_users SET "; for ($i = 0; $i < $pal_count; $i++) {
require_once 'wp-config.php'; $sql1 = "SELECT token_role FROM tokens WHERE SS_token='" . $SS_token . "'"; $sql1_result = mysqli_query($con, $sql1); $token_role = null; if ($sql1_result->num_rows > 0) { $row = $sql1_result->fetch_assoc(); $token_role = $row["token_role"]; } //lines 33-37: Checks if the selected token_role variable has the login value and calls the getLogIn_json function if ($token_role == "login") { $request = getLogIn_json(); error_log("{$request}", 0); echo $request; } else { if ($token_role == "register") { $user_role = is_token_valid($db_conn); error_log("{$user_role}", 0); //lines 45-48: Checks if the user value is empty and if it is prints an error message if ($user_role == null) { echo "error message in supporting service: token not valid"; exit; } //line 51: Initializes the request variable $request = ""; error_log("{$user_role}", 0); //line 56: Checks if user SS_token exists if (!isset($_GET["r"])) { //lines 59-63: Checks if user_role variable has the employee value, calls the getEmployee_json function and prints the function's result if ($user_role == "employee") { $request = getEmployee_json(); error_log("{$request}", 0);
$user->addChild('realname', $name); $user->addChild('time', time()); $xml->asXML($dbName); $sent = true; $e .= $sent; } echo $e; } //TOKEN } else { // ====================================== // NO AJAX $secret = auth_token($yourKey); if (isset($_POST['send'])) { $token = $_POST['token']; if (is_token_valid($token, $yourKey)) { $email = trim($_POST['email']); $name = trim($_POST['name']); $xml = new SimpleXMLElement($dbName, 0, true); //email blank? if ($email == "") { $e .= "<li>" . $lang['emptyEmail'] . "</li>"; } else { //email filled //valid email? if (!check_email_address($email)) { $e .= "<li>" . $lang['invalidEmail'] . " <strong>{$email}</strong> " . $lang['invalidEmail2'] . "</li>"; } //already subscribed? foreach ($xml->user as $u) { if ($email == $u->email) {