public function save($isNewAccount = false) { //create a new database object. $db = DB::getInstance(); if ($isNewAccount) { $data = array("userId" => Validation::xss_clean(DB::makeSafe("'{$this->userId}'")), "balance" => Validation::xss_clean(DB::makeSafe("'{$this->balance}'")), "accountNo" => Validation::xss_clean(DB::makeSafe("'{$this->accountNo}'")), "password" => Validation::xss_clean(DB::makeSafe("'{$this->password}'")), "securitytype" => Validation::xss_clean(DB::makeSafe("'{$this->sectype}'"))); $this->id = $db->insert($data, "ACCOUNTS"); } return true; }
public function save($isNewUser = false) { //create a new database object. $db = DB::getInstance(); if ($isNewUser) { $data = array("firstName" => DB::makeSafe("'{$this->firstName}'"), "lastName" => DB::makeSafe("'{$this->lastName}'"), "middleName" => DB::makeSafe("'{$this->middleName}'"), "createdDate" => DB::makeSafe("'{$this->createdDate}'"), "isActive" => DB::makeSafe("'{$this->isActive}'"), "emailId" => DB::makeSafe("'{$this->emailId}'"), "mobileNo" => DB::makeSafe("'{$this->mobileNo}'"), "isAdmin" => DB::makeSafe("'{$this->isAdmin}'")); $this->id = $db->insert($data, "USERS"); } return true; }
public function isRejected($emailId) { $db = DB::getInstance(); $emailId = DB::makeSafe($emailId); $result = $db->select('USERS', "emailId = '{$emailId}'"); if ($result["isActive"] == 2) { return true; } return false; }
require_once '../../includes/global.inc.php'; //check to see if they're logged in if(!isset($_SESSION['logged_in'])) { header("Location: banklogin.php"); } try { // Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode. NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false ); //get the user object from the session $user = unserialize(Validation::xss_clean($_SESSION['user'])); $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"])); if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $row = mysql_fetch_object(mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1")); $accountRow = mysql_fetch_object(mysql_query("SELECT * FROM ACCOUNTS WHERE userId = '$emailId'")); } catch (Exception $e) { header("Location: error.php"); } $token = NoCSRF::generate( 'csrf_token' );
if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if (!$userTools->isAdmin($sessionEmailId)) { header("Location: banklogin.php"); } try { NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false ); $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"])); if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $updateData = array ( "isAdmin" => 1 ); // Make the user active $db->update ($updateData, "USERS", "emailId = '$emailToUpdate'"); //send TAN email to the user $message = Swift_Message::newInstance()
if(!isset($_SESSION['logged_in'])) { header("Location: banklogin.php"); } try { // Run CSRF check, on POST data, in exception mode, for 10 minutes, in one-time mode. NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false ); $result = 'CSRF check passed. Form parsed.'; //get the user object from the session $user = unserialize(Validation::xss_clean($_SESSION['user'])); $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"])); $emailIdparam= Validation::xss_clean(DB::makeSafe($_GET['emailId'])); if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if($emailIdparam != "") if (filter_var($emailIdparam, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if (strlen($emailIdparam) != 0) if (!$userTools->isAdmin($emailId) && ($emailId != $emailIdparam)) { header("Location: banklogin.php"); }
<script> alert("Captcha Validation Failed"); </script> <?php exit; } //retrieve the $_POST variables $firstName = Validation::xss_clean(DB::makeSafe($_POST["firstName"])); $middleName = Validation::xss_clean(DB::makeSafe($_POST["middleName"])); $lastName = Validation::xss_clean(DB::makeSafe($_POST["lastName"])); $emailId = Validation::xss_clean(DB::makeSafe($_POST["emailId"])); $mobileNo = Validation::xss_clean(DB::makeSafe($_POST["mobileNo"])); $password = Validation::xss_clean(DB::makeSafe($_POST["password"])); $password_confirm = Validation::xss_clean(DB::makeSafe($_POST['retypePassword'])); $securityType = Validation::xss_clean(DB::makeSafe($_POST['radio'])); //initialize variables for form validation $success = true; $userTools = new UserTools(); //validate that the form was filled out correctly if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { $success = false; ?> <script> alert("Email Validation Failed"); </script> <?php }
$data = mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1 AND isAdmin = 1"); if (mysql_num_rows($data) == 1) { $updateData = array ( "isActive" => 2 ); $transactionToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["id"])); if (filter_var($transactionToUpdate, FILTER_VALIDATE_INT) != true) { header ("Location: error.php?message=Transaction ID Validation Failed"); } $emailIdOfTransaction = Validation::xss_clean(DB::makeSafe ($_GET["emailId"])); if (filter_var($emailIdOfTransaction, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $transactionArray = $db->select("TRANSACTIONS", "id = '$transactionToUpdate'"); // Check to see if the admin is rejecting its own transaction if ($emailIdOfTransaction == $emailId) { header("Location: error.php?message=You can't reject your own transaction"); return; } // Make the transaction rejected
//check to see if they're logged in if(!isset($_SESSION['logged_in'])) { header("Location: banklogin.php"); } $function = Validation::xss_clean(DB::makeSafe($_POST["function"])); $emailId = Validation::xss_clean(DB::makeSafe($_POST["emailId"])); $amount = Validation::xss_clean(DB::makeSafe($_POST["amount"])); $iban = Validation::xss_clean(DB::makeSafe($_POST["iban"])); $bic = Validation::xss_clean(DB::makeSafe($_POST["bic"])); $tan = DB::makeSafe($_POST["tan"]); $description = Validation::xss_clean(DB::makeSafe($_POST["description"])); $isActive = ($amount > 10000) ? 0 : 1; $password = Validation::xss_clean(DB::makeSafe($_POST["password"])); $error = ""; if ($function == "transaction") { $sessionEmailId = Validation::xss_clean($_SESSION["emailId"]); if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) { $error.="Email Validation Failed"; } //The Main Validation Begins if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { $error.=" Email Validation Failed "; }
//get the user object from the session $user = unserialize(Validation::xss_clean($_SESSION['user'])); $emailId = Validation::xss_clean(DB::makeSafe($_SESSION["emailId"])); if (filter_var($emailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } $row = mysql_fetch_object(mysql_query("SELECT * FROM USERS WHERE emailId = '$emailId' AND isActive = 1")); if (!empty($_POST)) { $currentpassword = Validation::xss_clean(DB::makeSafe($_POST["currentpassword"])); $newpassword = Validation::xss_clean(DB::makeSafe($_POST["newpassword"])); $confirmnewpassword = Validation::xss_clean(DB::makeSafe($_POST["confirmnewpassword"])); // Check if current password is correct $userTools = new UserTools(); if (!$userTools->login($emailId, $currentpassword)) { header ("Location: error.php?message=Current Password Wrong"); return; } if ($newpassword != $confirmnewpassword) { header ("Location: error.php?message=Confirm Password Wrong"); return; } $updateDate = array(
<?php require_once '../../includes/global.inc.php'; require_once '../../utils/Account.util.php'; require_once '../../includes/mail.inc.php'; require_once '../../utils/Generators.util.php'; //check to see if they're logged in //if(!isset($_SESSION['logged_in'])) { // header("Location: banklogin.php"); //} $emailToReset = Validation::xss_clean(DB::makeSafe($_GET["mailId"])); if (filter_var($emailToReset, FILTER_VALIDATE_EMAIL) != true) { echo("Email Validation Failed"); return; } try { $db = DB::getInstance(); $db->connect(); $accData = $db->select("ACCOUNTS", "userId = '$emailToReset'"); if (is_array($accData) && $accData["userId"] != "") { $password = Generators::randomPasswordGenerate (15); $passwordwithqoutes="'".hash('sha512', $password)."'";
$sessionEmailId = Validation::xss_clean($_SESSION["emailId"]); if (filter_var($sessionEmailId, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); } if (!$userTools->isAdmin($sessionEmailId)) { header("Location: banklogin.php"); } try { NoCSRF::check( 'csrf_token', $_GET, true, 60*10, false ); $emailToUpdate = Validation::xss_clean(DB::makeSafe ($_GET["emailId"])); $initialAmount = Validation::xss_clean(DB::makeSafe ($_GET["initial_amount"])); $updateData = array ( "isActive" => 1 ); // Update the initial balance $updateBalanceData = array ( "balance" => $initialAmount ); if (filter_var($emailToUpdate, FILTER_VALIDATE_EMAIL) != true) { header ("Location: error.php?message=Email Validation Failed"); }