function CustomerAction()
{
$request = Slim::getInstance()->request();
$customer = json_decode($request->getBody());
//echo '{"users": ' . json_encode($user) . '}';exit;
$token = $customer->access_token;
//echo '{"error":{"text":"'.$token.'"}}'; exit;
if ($customer->access_token != "") {
$status_token = validate_token($customer->access_token);
//echo '{"error":{"text":"'.$status_token.'"}}'; exit;
if ($status_token == 'valid') {
$sql = "INSERT INTO user_profile (firstname, lastname) VALUES ('" . $customer->first_name . "', '" . $customer->last_name . "' )";
$db_host = "127.0.0.1";
$db_user = "******";
$db_pass = "";
$db_name = "myavazone_db";
$db = new DB();
$db->connect($db_host, $db_user, '', false, false, $db_name, 'tbl_');
$res_q = $db->query($sql);
echo '{"apidata": "User Added Sucessfully."}';
exit;
break;
//echo '{"error":{"text":'.mc_encrypt($user->password,$user->key).'}}';
//echo '{"error":{"text":"Token is valid"}}';
} else {
echo '{"error":{"text":"Token is not valid"}}';
}
} else {
echo '{"error":{"text":"Token is NULL"}}';
}
/*$user_details=array(
'password_hash' => mc_encrypt('admin@123','d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282')
);*/
}
function UserAction()
{
$request = Slim::getInstance()->request();
$user = json_decode($request->getBody());
//echo '{"users": ' . json_encode($user) . '}';exit;
$token = $user->access_token;
//echo '{"error":{"text":"'.$token.'"}}'; exit;
if ($user->access_token != "") {
$status_token = validate_token($user->access_token);
//echo '{"error":{"text":"'.$status_token.'"}}'; exit;
if ($status_token == 'valid') {
//update_token($user->access_token);
//echo '{"error":{"text":"'.$user->cmd.'"}}'; exit;
switch ($user->cmd) {
case 'user_login':
$params = array('username' => $user->username);
$get_user = GetvalidUserDetails($params);
if ($get_user == null) {
echo '{"error": "Username and password is invalid"}';
} else {
//echo '{"error":{"text":"'.$get_user.'"}}'; exit;
//echo '{"error":{"text":'.json_encode($get_user).'}}'; exit;
$hash_password = md5($user->password);
// echo '{"error":{"text":"'.$get_user->hash_password.'"}}'; exit;
// echo '{"error":{"text":"hi"}}';
// echo '{"error":{"text":"'.$get_user->hash_password.'"}}'; exit;
if ($hash_password == $get_user->hash_password) {
if ($get_user->is_active == "Y") {
echo '{"error":"","apidata": ' . json_encode($get_user) . '}';
} else {
echo '{"error": "User is not active"}';
}
} else {
echo '{"error": "password is invalid"}';
}
}
exit;
break;
}
//echo '{"error":{"text":'.mc_encrypt($user->password,$user->key).'}}';
echo '{"error":{"text":"Token is valid"}}';
} else {
echo '{"error":{"text":"Token is not valid"}}';
}
} else {
echo '{"error":{"text":"Token is NULL"}}';
}
/*$user_details=array(
'password_hash' => mc_encrypt('admin@123','d0a7e7997b6d5fcd55f4b5c32611b87cd923e88837b63bf2941ef819dc8ca282')
);*/
}
function csrfguard_start()
{
if (count($_POST)) {
if (!isset($_POST['CSRFName']) or !isset($_POST['CSRFToken'])) {
die("No CSRFName found, probable invalid request.");
}
$name = $_POST['CSRFName'];
$token = $_POST['CSRFToken'];
if (!validate_token($name, $token)) {
die("Invalid CSRF token.");
}
}
ob_start();
/* adding double quotes for "inject" to prevent:
Notice: Use of undefined constant inject - assumed 'inject' */
register_shutdown_function("inject");
}
public function loginAction(Request $request, Player $me)
{
if ($me->isValid()) {
throw new ForbiddenException("You are already logged in!");
}
$query = $request->query;
$session = $request->getSession();
$token = $query->get("token");
$username = $query->get("username");
if (!$token || !$username) {
throw new BadRequestException();
}
// Don't check whether IPs match if we're on a development environment
$checkIP = !$this->isDebug();
$info = validate_token($token, $username, array(), $checkIP);
if (!isset($info)) {
throw new ForbiddenException("There was an error processing your login. Please go back and try again.");
}
$session->set("username", $info['username']);
$session->set("groups", $info['groups']);
$redirectToProfile = false;
if (!Player::playerBZIDExists($info['bzid'])) {
// If they're new, redirect to their profile page so they can add some info
$player = Player::newPlayer($info['bzid'], $info['username']);
$redirectToProfile = true;
} else {
$player = Player::getFromBZID($info['bzid']);
if ($player->isDeleted()) {
$player->setStatus('active');
}
}
$session->set("playerId", $player->getId());
$player->updateLastLogin();
$player->setUsername($info['username']);
Visit::enterVisit($player->getId(), $request->getClientIp(), gethostbyaddr($request->getClientIp()), $request->server->get('HTTP_USER_AGENT'), $request->server->get('HTTP_REFERER'));
$this->configPromoteAdmin($player);
if ($redirectToProfile) {
$profile = Service::getGenerator()->generate('profile_show');
return new RedirectResponse($profile);
} else {
return $this->goBack();
}
}
function validate_session($conn, $token, $workerId, $userAgent)
{
$results = get_session_data($conn, $token);
// If no results, fail. If results, check
// If token is expired.
if (!$results) {
echo 'false';
return false;
} else {
$timeStart = $results[0]['timeStart'];
$timeExpire = $results[0]['timeExpire'];
$token_truth = validate_token($token, $workerId, $userAgent, $timeStart);
$time_truth = $timeExpire > time();
if ($token_truth && $time_truth) {
return true;
}
}
return false;
}
public function validateLogin(&$output)
{
global $config;
global $user;
// initialise permissions
$user->removeAllPermissions();
if (isset($_GET['auth']) === false) {
// no auth data -> no login
return false;
}
// load module specific auth helper
require dirname(__FILE__) . '/checkToken.php';
if (($this->groups = $config->getValue('login.modules.bzbb.groups')) === false || is_array($this->groups) === false) {
// no accepted groups in config -> no login
$output = 'config error : no login group was specified.';
return false;
}
$groupNames = array();
foreach ($this->groups as $group) {
$groupNames[] = $group['name'];
}
unset($group);
// validate external login data
// parameters supplied by 3rd party weblogin script
if (!($this->info = validate_token($_GET['token'], $_GET['username'], $groupNames, !$config->getValue('login.modules.bzbb.disableCheckIP')))) {
// login did not work
$output = 'Login failed: The returned values could not be validated! ' . 'You may check your username and password and <a href="./">try again</a>.';
return false;
}
// check if username is not empty or does only consist of whitespace
if (strlen(ltrim($this->getName())) === 0) {
$output = 'Login failed: Username empty. This is likely a problem with the bzbb api.';
return false;
}
// code ran successfully
return true;
}
*
*/
/* File : cancel.php.
* Description: Updates the status file of the relevant FUPS process to
* indicate that the user wants the process cancelled. Lets
* the user know the result, and directs the user back to
* the status page to wait for acknowledgement of cancellation.
* Part of the web app functionality of FUPS.
*/
require_once __DIR__ . '/common.php';
$err = '';
if (!isset($_GET['token'])) {
$err = 'Fatal error: I did not detect a URL query parameter "token".';
} else {
$token = $_GET['token'];
if (validate_token($token, $err)) {
$cancellation_filename = make_cancellation_filename($token, $err);
if (!@file_put_contents($cancellation_filename, '') === false) {
$err = 'A fatal error occurred: failed to write to the cancellation file.';
}
}
}
$page = substr(__FILE__, strlen(FUPS_INC_ROOT));
fups_output_page_start($page, 'FUPS cancellation page: cancel an in-progress task', 'Cancel an in-progress FUPS task.');
global $fups_url_run;
if (!$err) {
?>
<ul class="fups_listmin">
<li><a href="<?php
echo $fups_url_run;
?>
<?php
if (isset($_GET['bzbbauth']) && $_GET['bzbbauth']) {
require 'checkToken.php';
// initialise permissions
$user->removeAllPermissions();
// groups used for permissions
// each group can use the fine grained permission system
$groups = array('VERIFIED', 'GU-LEAGUE.REFEREES', 'GU-LEAGUE.ADMINS');
$args = explode(',', urldecode($_GET['bzbbauth']));
// $args[0] is token, $args[1] is callsign
if (!($info = validate_token($args[0], $args[1], $groups, !$config->getValue('login.modules.bzbb.disableCheckIP')))) {
// login did not work, removing permissions not necessary as additional permissions where never granted
// after permissions were removed at the beginning of the file
$helper->done('<p class="first_p">Login failed: The returned values could not be validated! You may check your username and password.</p>' . "\n" . '<p>Please <a href="./">try again</a>.</p>' . "\n");
}
// NOTE: invalid bzid should be set to -1
// assume user is in the
// VERIFIED group
// because login worked
// since we use a global login for auth any user should be in that group
$_SESSION['username'] = $info['username'];
$external_login_id = $info['bzid'];
$_SESSION['bzid'] = $external_login_id;
$_SESSION['user_logged_in'] = true;
// permissions for private messages
$user->setPermission('allow_add_messages');
$user->setPermission('allow_delete_messages');
// server tracker permissions
$user->setPermission('allow_watch_servertracker');
// test only for GU-LEAGUE.ADMINS group
$page['title'] = 'Login';
// Read user input
if (isset($_GET['token'])) {
$input['token'] = $_GET['token'];
}
if (isset($_GET['username'])) {
$input['username'] = $_GET['username'];
}
// Process data
if (isset($input['token'], $input['username'])) {
// Send a request to the list server via the CHECKTOKEN action. This will
// figure out of this token we received is valid for this use. The fourth
// argument (checkIP) is currently set to false since it impairs local
// testing.
// TODO: Remove the fourth argument, set it to true, or add a config option
$results = validate_token($_GET['token'], urldecode($_GET['username']), array($config['imageModeratorGroup']), false);
// The BZID must be returned in our response, and it must be greater than 0
if (isset($results['bzid']) && is_numeric($results['bzid']) && $results['bzid'] > 0) {
// Assign the bzid and username to our session
$_SESSION['bzid'] = $user['bzid'] = $results['bzid'];
$_SESSION['username'] = $user['username'] = $results['username'];
// If the user is in our moderator group, give them moderator rights
if (isset($results['groups']) && in_array($config['imageModeratorGroup'], $results['groups'])) {
$_SESSION['moderator'] = $user['moderator'] = true;
} else {
$_SESSION['moderator'] = $user['moderator'] = false;
}
// Since they have logged in successfully, we'll redirect them back to
// the main page in 5 seconds.
$tpl->assign('redirect', array('url' => $config['paths']['baseURL'], 'delay' => 5));
} else {
private static function validate_token()
{
if (!validate_token($_SESSION['token'])) {
die("Unable to validate token, IP address logged for potential attack: " . $_SERVER['REMOTE_ADDR']);
}
}
