function handle_auth()
{
$request = Flight::request();
//incoming=
//outgoing=
$stage = $request->query->stage;
$ip = $request->query->ip;
$mac = $request->query->mac;
$token = $request->query->token;
if (empty($stage) || empty($ip) || empty($mac) || empty($token)) {
//Flight::Error('Required parameters empty!');
write_auth_response(AUTH_ERROR);
}
// Do some housekeeping
clear_old_tokens();
// Even on STAGE_COUNTER, check token
//if ($stage == STAGE_COUNTER) {
// return;
//}
if (is_token_valid($token)) {
write_auth_response(AUTH_ALLOWED);
return;
}
write_auth_response(AUTH_DENIED);
}
} else {
$response .= '{"status":"NOK"}';
echo $response;
error_log("{$response}", 0);
}
//end check false if
}
//end pal_keys if
}
//end json not null if
}
//end existance of json if
} else {
if ($token_role == "register") {
//line 190: Calls the is_token_valid function
$user_role = is_token_valid($con);
//lines 193-253: Checks if the user_role variable value is employee and decodes the JSON message arrived from STORK ISS
require_once 'wp-config.php';
if ($user_role == "employee") {
if (isset($_POST["r"])) {
$json_string = $_POST["r"];
$json_string = stripslashes($json_string);
error_log("{$json_string}", 0);
$pal = json_decode($json_string, true);
if ($_POST["r"] != "{}" || $pal != NULL) {
$pal_keys = array_keys($pal);
$pal_count = count($pal_keys);
$SS_token = $_GET["t"];
require_once 'wp-config.php';
$query = "UPDATE wp_users SET ";
for ($i = 0; $i < $pal_count; $i++) {
require_once 'wp-config.php';
$sql1 = "SELECT token_role FROM tokens WHERE SS_token='" . $SS_token . "'";
$sql1_result = mysqli_query($con, $sql1);
$token_role = null;
if ($sql1_result->num_rows > 0) {
$row = $sql1_result->fetch_assoc();
$token_role = $row["token_role"];
}
//lines 33-37: Checks if the selected token_role variable has the login value and calls the getLogIn_json function
if ($token_role == "login") {
$request = getLogIn_json();
error_log("{$request}", 0);
echo $request;
} else {
if ($token_role == "register") {
$user_role = is_token_valid($db_conn);
error_log("{$user_role}", 0);
//lines 45-48: Checks if the user value is empty and if it is prints an error message
if ($user_role == null) {
echo "error message in supporting service: token not valid";
exit;
}
//line 51: Initializes the request variable
$request = "";
error_log("{$user_role}", 0);
//line 56: Checks if user SS_token exists
if (!isset($_GET["r"])) {
//lines 59-63: Checks if user_role variable has the employee value, calls the getEmployee_json function and prints the function's result
if ($user_role == "employee") {
$request = getEmployee_json();
error_log("{$request}", 0);
$user->addChild('realname', $name);
$user->addChild('time', time());
$xml->asXML($dbName);
$sent = true;
$e .= $sent;
}
echo $e;
}
//TOKEN
} else {
// ======================================
// NO AJAX
$secret = auth_token($yourKey);
if (isset($_POST['send'])) {
$token = $_POST['token'];
if (is_token_valid($token, $yourKey)) {
$email = trim($_POST['email']);
$name = trim($_POST['name']);
$xml = new SimpleXMLElement($dbName, 0, true);
//email blank?
if ($email == "") {
$e .= "<li>" . $lang['emptyEmail'] . "</li>";
} else {
//email filled
//valid email?
if (!check_email_address($email)) {
$e .= "<li>" . $lang['invalidEmail'] . " <strong>{$email}</strong> " . $lang['invalidEmail2'] . "</li>";
}
//already subscribed?
foreach ($xml->user as $u) {
if ($email == $u->email) {
