<?php //chdir(dirname(__DIR__)); //set_include_path('/var/www/valuation/ip/api/'); require_once 'vendor/JWT/JWT.php'; require_once 'lib/password.php'; require_once 'lib/Request.php'; require_once 'config/Config.php'; require_once 'lib/DbUtils.php'; use IP\Request; use IP\Config; use IP\DbUtils as DB; $request = new Request(); $db = new DB(); $request->setAccessHeader(); if ($request->handleOptions()) { error_log('Option request. Exit...', 0); exit; } if (!$request->isPOST()) { error_log('Only POST method allowed', 0); header('HTTP/1.0 405 Method Not Allowed'); exit; } $input = $request->getJSON(); /* * Simple sanitization */ //$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING); //$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING); $username = $input->username;
/** * @ignore * @param Request $request * @param array $options * @param bool $subrequest * @return Response\Json|Response\PageNotFound|Response\Redirect * @throws Exception * @ignore */ public function _handleOnlyRequest(\Ip\Request $request, $options = array(), $subrequest = true) { if (empty($options['skipInitEvents'])) { \Ip\ServiceLocator::dispatcher()->_bindApplicationEvents(); } $result = ipJob('ipRouteLanguage', array('request' => $request, 'relativeUri' => $request->getRelativePath())); if ($result) { $requestLanguage = $result['language']; $routeLanguage = $requestLanguage->getCode(); ipRequest()->_setRoutePath($result['relativeUri']); } else { $routeLanguage = null; $requestLanguage = ipJob('ipRequestLanguage', array('request' => $request)); ipRequest()->_setRoutePath($request->getRelativePath()); } //find out and set locale $locale = $requestLanguage->getCode(); if (strlen($locale) == '2') { $locale = strtolower($locale) . '_' . strtoupper($locale); } else { $locale = str_replace('-', '_', $locale); } $locale .= '.utf8'; if ($locale == "tr_TR.utf8" && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)) { //Overcoming this bug https://bugs.php.net/bug.php?id=18556 setlocale(LC_COLLATE, $locale); setlocale(LC_MONETARY, $locale); setlocale(LC_NUMERIC, $locale); setlocale(LC_TIME, $locale); setlocale(LC_MESSAGES, $locale); setlocale(LC_CTYPE, "en_US.utf8"); } else { setLocale(LC_ALL, $locale); } setlocale(LC_NUMERIC, "C"); //user standard C syntax for numbers. Otherwise you will get funny things with when autogenerating CSS, etc. ipContent()->_setCurrentLanguage($requestLanguage); $_SESSION['ipLastLanguageId'] = $requestLanguage->getId(); if (empty($options['skipTranslationsInit'])) { if (!empty($options['translationsLanguageCode'])) { $languageCode = $options['translationsLanguageCode']; } else { $languageCode = $requestLanguage->getCode(); } $this->initTranslations($languageCode); } if (empty($options['skipModuleInit'])) { $this->modulesInit(); } ipEvent('ipInitFinished'); $routeAction = ipJob('ipRouteAction', array('request' => $request, 'relativeUri' => ipRequest()->getRoutePath(), 'routeLanguage' => $routeLanguage)); if (!empty($routeAction)) { if (!empty($routeAction['page'])) { ipContent()->_setCurrentPage($routeAction['page']); } if (!empty($routeAction['environment'])) { ipRoute()->setEnvironment($routeAction['environment']); } else { if (!empty($routeAction['controller']) && $routeAction['controller'] == 'AdminController') { ipRoute()->setEnvironment(\Ip\Route::ENVIRONMENT_ADMIN); } else { ipRoute()->setEnvironment(\Ip\Route::ENVIRONMENT_PUBLIC); } } if (!empty($routeAction['controller'])) { ipRoute()->setController($routeAction['controller']); } if (!empty($routeAction['plugin'])) { ipRoute()->setPlugin($routeAction['plugin']); } if (!empty($routeAction['name'])) { ipRoute()->setName($routeAction['name']); } if (!empty($routeAction['action'])) { ipRoute()->setAction($routeAction['action']); } } //check for CSRF attack if (empty($options['skipCsrfCheck']) && $request->isPost() && $request->getPost('securityToken') != $this->getSecurityToken() && (empty($routeAction['controller']) || $routeAction['controller'] != 'PublicController')) { ipLog()->error('Core.possibleCsrfAttack', array('post' => ipRequest()->getPost())); $data = array('status' => 'error'); if (ipConfig()->isDevelopmentEnvironment()) { $data['errors'] = array('securityToken' => __('Possible CSRF attack. Please pass correct securityToken.', 'Ip-admin')); } // TODO JSONRPC return new \Ip\Response\Json($data); } if (empty($routeAction)) { $routeAction = array('plugin' => 'Core', 'controller' => 'PublicController', 'action' => 'pageNotFound'); } $eventInfo = $routeAction; if (!empty($routeAction['plugin'])) { $plugin = $routeAction['plugin']; $controller = $routeAction['controller']; if (in_array($plugin, \Ip\Internal\Plugins\Model::getModules())) { $controllerClass = 'Ip\\Internal\\' . $plugin . '\\' . $controller; } else { if (!in_array($plugin, \Ip\Internal\Plugins\Service::getActivePluginNames())) { throw new \Ip\Exception("Plugin '" . esc($plugin) . "' doesn't exist or isn't activated."); } $controllerClass = 'Plugin\\' . $plugin . '\\' . $controller; } if (!class_exists($controllerClass)) { throw new \Ip\Exception('Requested controller doesn\'t exist. ' . esc($controllerClass)); } // check if user is logged in if ($controller == 'AdminController' && !\Ip\Internal\Admin\Backend::userId()) { if (ipConfig()->get('rewritesDisabled')) { return new \Ip\Response\Redirect(ipConfig()->baseUrl() . 'index.php/admin'); } else { return new \Ip\Response\Redirect(ipConfig()->baseUrl() . 'admin'); } } if ($controller == 'AdminController') { if (!ipAdminPermission($plugin)) { throw new \Ip\Exception('User has no permission to access ' . esc($plugin) . ''); } } $eventInfo['controllerClass'] = $controllerClass; $eventInfo['controllerType'] = $controller; } if (empty($eventInfo['page'])) { $eventInfo['page'] = null; } // change layout if safe mode if (\Ip\Internal\Admin\Service::isSafeMode()) { ipSetLayout(ipFile('Ip/Internal/Admin/view/safeModeLayout.php')); } else { if ($eventInfo['page']) { ipSetLayout($eventInfo['page']->getLayout()); } } ipEvent('ipBeforeController', $eventInfo); $controllerAnswer = ipJob('ipExecuteController', $eventInfo); return $controllerAnswer; }
<?php chdir(dirname(__DIR__)); require_once 'vendor/JWT/JWT.php'; require_once 'lib/Request.php'; require_once 'config/Config.php'; require_once 'lib/DbUtils.php'; use IP\Request; use IP\DbUtils as DB; $db = new DB(); $request = new Request(); error_log($request->getMethod()); $request->setAccessHeader(); if ($request->handleOptions()) { error_log('Option request. Exit...', 0); exit; } if (!$request->validate()) { error_log('Validation failed. Not authorized!!'); exit; } $user = $request->getJSON(); error_log(json_encode($user)); $message = $db->updateProfile($user); $output->message = $message; header('Content-type: application/json'); echo json_encode($output);
<?php chdir(dirname(__DIR__)); require_once 'vendor/JWT/JWT.php'; require_once 'lib/Request.php'; require_once 'config/Config.php'; require_once 'lib/DbUtils.php'; use IP\DbUtils as DB; $db = new DB(); use IP\Request; $request = new Request(); $request->setAccessHeader(); if ($request->handleOptions()) { error_log('Option request. Exit...', 0); exit; } if (!$request->validate()) { error_log('Validation failed. Not authorized!!'); exit; } $input = $request->getJSON(); $key = $input->key; $value = $input->value; if ($key) { $result = $db->updateConfig($key, $value); } else { $result = "Missing Key!!"; } //$output->valuation = '1000020'; //error_log(json_encode($result)); header('Content-type: application/json');
<?php require 'vendor/PHPExcel-1.8/Classes/PHPExcel.php'; require_once 'vendor/JWT/JWT.php'; require_once 'lib/Request.php'; require_once 'config/Config.php'; require_once 'lib/DbUtils.php'; use IP\DbUtils as DB; $db = new DB(); use IP\Request; $request = new Request(); $keys = array('idvaluation' => 'id', 'name' => 'Name', 'institute' => 'Institute', 'createdDate' => 'Created On', 'userName' => 'User Created', 'developedBy' => 'Developed By', 'contactEmail' => 'Email', 'contactMobile' => 'Mobile', 'technology' => 'Technology', 'techType' => 'Type', 'ipCategory' => 'IP Category', 'ipState' => 'IP State', 'valuationMethod' => 'Method', 'valuation' => 'Valuation', 'fxa' => 'Fixed costs specific to R&D', 'ifc' => 'Incremental Fixed Costs', 'ppm' => 'Price/Unit of Compiting Product', 'pp' => 'Product Price/Unit', 'svm' => 'Units Sold Annualy of Compiting Product', 'sv' => 'Sales Volume of Developed Product', 'rm' => 'Expected Revenue of Compiting Product', 'r' => 'Expected Revenue', 'p' => 'Expected Profits (%)', 'yr' => 'Expected Life of Technology', 'dr' => 'Discount Rate (%)', 'adc' => 'Administration Cost (yearly %)', 'it' => 'Income Tax (Per year %)', 'expectedGrowth' => 'Expected Sales Growth', 'g' => 'Growth Rate (%)', 'pricingStratagy' => 'Pricing Strategy', 'pr' => 'Pricing Factor (%)', 'd' => 'Depreciation rate (%)', 'oc' => 'R&D Expenses/year', 's' => 'Salary', 't' => 'Time spent on R&D (in months)', 'op' => 'No. of Outputs from R&D', 'oh' => 'Overheads (if any)', 'ry' => 'Royalty Rate (%)', 'opx' => 'Operating Expenses(%)', 'ifx' => 'Incremental Fixed Costs(%)', 'Cost Method' => 'Cost Method', 'Royalty Method' => 'Royalty Method', 'Profit Split Method' => 'Profit Split Method', 'Market Method' => 'Market Method', 'All' => 'All'); $request->setAccessHeader(); if ($request->handleOptions()) { error_log('Option request. Exit...', 0); exit; } $input = $request->getJSON(); $token = $input->id ? $input->id : $_GET['token']; $userId = $input->userId ? $input->userId : $_GET['userId']; //error_log($token); $request->setHeader('Authorization', 'Bearer ' . $token); if (!$request->validate()) { echo 'You do not have permision to download this file!!!'; error_log('Validation failed. Not authorized!!'); exit; } $result = $db->getValuation($id, $userId); $objPHPExcel = new PHPExcel(); // DEMO ONLY (potentially unsafe) $objPHPExcel->setActiveSheetIndex(0);
<?php chdir(dirname(__DIR__)); require_once 'vendor/JWT/JWT.php'; require_once 'lib/Request.php'; require_once 'config/Config.php'; require_once 'lib/DbUtils.php'; use IP\Request; use IP\DbUtils as DB; $db = new DB(); $request = new Request(); $request->setAccessHeader(); if ($request->handleOptions()) { error_log('Option request. Exit...', 0); exit; } $user = $request->getJSON(); $username = $user->username; $password = $user->password; if (!$request->validate(null, $username)) { error_log('Validation failed. Not authorized!!'); exit; } try { $rs = $db->getUser($username); if ($rs) { if (password_verify($password, $rs['password'])) { $user->iduser = $rs['iduser']; $message = $db->updatePassword($user); } else { $message = "Current password do not match!!!";