public function lostPassAction()
{
if (BTAuth::logged_in()) {
header('location: /overview');
BTApp::end();
}
if (isset($_POST['cancel']) && $_POST['cancel']) {
header("Location: /login");
BTApp::end();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$mysql['user_name'] = $_POST['user_name'];
$mysql['email'] = $_POST['email'];
$user_row = UserModel::model()->getRow(array('conditions' => array('email' => $_POST['email'])));
if ($user_row && $user_row->get('user_name') != $_POST['user_name']) {
$user_row = null;
}
if (!$user_row) {
$error['user'] = '******';
}
//i there isn't any error, give this user, a new password, and email it to them!
if (!$error) {
$mysql['user_id'] = $user_row->id();
//generate random key
$pass_key = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$pass_key = substr(str_shuffle($pass_key), 0, 40) . time();
$mysql['pass_key'] = $pass_key;
//set the user pass time
$mysql['pass_time'] = time();
//insert this verification key into the database, and the timestamp of inserting it
$user_row->pass_key = $mysql['pass_key'];
$user_row->pass_time = $mysql['pass_time'];
$user_row->save();
//now email the user the script to reset their email
$to = $_POST['email'];
$subject = "Ballistic Tracking Password Reset";
$message = "\n\t\t<p>Someone has asked to reset the password for the following username.</p>\n\t\t\t\t\n\t\t<p>Username: "******"</p>\n\t\t\n\t\t<p>To reset your password visit the following address, otherwise just ignore this email and nothing will happen.</p>\n\t\t\n\t\t<p><a href=\"" . getBTUrl() . "/login/passReset?key={$pass_key}\">" . getBTUrl() . "/login/passReset?key={$pass_key}</a></p>";
$from = "ballistictracking@" . $_SERVER['SERVER_NAME'];
$header = "From: Ballistic Tracking<" . $from . "> \r\n";
$header .= "Reply-To: " . $from . " \r\n";
$header .= "To: " . $to . " \r\n";
$header .= "Content-Type: text/html; charset=\"iso-8859-1\" \r\n";
$header .= "Content-Transfer-Encoding: 8bit \r\n";
$header .= "MIME-Version: 1.0 \r\n";
mail($to, $subject, $message, $header);
$success = true;
}
$html['user_name'] = BTHtml::encode($_POST['user_name']);
$html['email'] = BTHtml::encode($_POST['email']);
}
$this->setVar("title", "Reset Your Password");
$this->loadTemplate("public_header");
$this->setVar("success", $success);
$this->setVar("html", $html);
$this->setVar("error", $error);
$this->loadView("login/lostpass");
$this->loadTemplate("public_footer");
}
public function ajaxAction($command = '', $params = array())
{
switch ($command) {
case 'view_cloaker_list':
$cloakers = CloakerModel::model()->getRows();
$this->setVar("cloakers", $cloakers);
$this->loadView("cloaker/view_cloaker_list");
break;
case 'post_cloaker_add':
$cloaker = CloakerModel::model();
$cloaker->useRuleSet('new');
$cloaker->url = $_POST['url'];
$cloaker->name = $_POST['name'];
if ($cloaker->save()) {
echo 1;
} else {
echo 0;
}
break;
case 'post_cloaker_delete':
$cloaker = CloakerModel::model()->getRow(array('conditions' => array('cloaker_id' => $_POST['id'])));
if ($cloaker) {
$cloaker->delete();
$this->setVar("success", "Redirect Deleted");
}
break;
case 'misc_download':
$file = BT_ROOT . '/private/downloads/index.php';
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
$content = file_get_contents($file);
$content = str_replace("{BT_URL}", getBTUrl(), $content);
echo $content;
BTApp::end();
break;
case 'post_cloaker_duplicate':
if ($_POST['id']) {
CloakerModel::model()->duplicate($_POST['id']);
}
break;
}
}
public function cloakerAction()
{
if (!($ip = $_POST['ip'])) {
echo '0';
exit;
}
if (!($slug = $_POST['slug'])) {
echo '0';
exit;
}
$row = DB::getRow("select * from bt_u_campaigns camp left join bt_u_cloakers cloak on cloak.cloaker_id=camp.cloaker_id\nwhere ((cloak.slug > '' and concat('/',cloak.slug,'/',camp.slug)='" . DB::quote($slug) . "')\nor (cloak.slug = '' and concat('/',camp.slug)='" . DB::quote($slug) . "'))");
$campaign = CampaignModel::model()->getRowFromPk($row['campaign_id']);
$cloaker = $campaign->cloaker;
if (!$campaign) {
echo '0';
exit;
}
$ip_id = INDEXES::get_ip_id($ip);
$referer = isset($_POST['referer']) ? $_POST['referer'] : '';
$user_agent = isset($_POST['user_agent']) ? $_POST['user_agent'] : '';
$hostname = gethostbyaddr($ip);
$_SERVER['REMOTE_ADDR'] = $ip;
$_SERVER['HTTP_REFERER'] = $referer;
$_SERVER['HTTP_USER_AGENT'] = $user_agent;
$_GET = array();
parse_str($_POST['query'], $_GET);
$paused_redir = false;
if ($campaign->option('advanced_redirect_status')->value) {
$num_prev_visits = ClickAdvancedModel::getNumPreviousClicks($campaign->id(), $ip_id);
$options = $cloaker->options;
foreach ($options as $opt) {
$opts[$opt->name] = $opt->value;
}
$opts = array_merge(CloakerOptionModel::defaultOptions(), $opts);
$url = '';
//Check 1: blank referer?
/*if(!trim($referer)) {
$url = $opts['exclude_url'];
}*/
$ip = DB::quote(ip2long($ip));
$referer = DB::quote($referer);
$user_agent = DB::quote($user_agent);
$hostname = DB::quote($hostname);
$cloaker_id = DB::quote($cloaker->cloaker_id);
if (!$url) {
if (!($row = DB::getRow("select url from bt_u_cloaker_ips where cloaker_id='{$cloaker_id}' and ip_from <= '{$ip}' and ip_to >= '{$ip}'", null))) {
if (!($row = DB::getRow("select url from bt_u_cloaker_referers where cloaker_id='{$cloaker_id}' and '{$referer}' REGEXP referer", null))) {
if (!($row = DB::getRow("select url from bt_u_cloaker_hostnames where cloaker_id='{$cloaker_id}' and '{$hostname}' REGEXP hostname", null))) {
$row = DB::getRow("select url from bt_u_cloaker_user_agents where cloaker_id='{$cloaker_id}' and '{$user_agent}' REGEXP user_agent", null);
}
}
}
}
/******** ORG CHECK ***********/
// We always check the server too, in case the visitor is a known super-bad guy who should be
// avoided, at all costs.
if (!isset($opts['organizations'])) {
$opts['organizations'] = '[]';
}
$orgs_data = json_decode($opts['organizations']);
$orgs = array();
foreach ($orgs_data as $data) {
$orgs[] = $data[0];
}
//CHECK BALLISTIC API SERVER
$payload = array('ip' => getArrayVar($_POST, 'ip'), 'user_agent' => getArrayVar($_POST, 'user_agent'), 'orgs' => implode(',', $orgs), 'has_referer' => $_SERVER['HTTP_REFERER'] ? '1' : '0', 'version' => '1.0');
$ch = curl_init(API_SERVER . '/check.php?' . http_build_query($payload));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$ret = curl_exec($ch);
$org_url = '';
if ($ret != 0) {
foreach ($orgs_data as $data) {
if ($data[0] == $ret) {
$org_url = $data[1];
}
}
if (!$org_url) {
$org_url = $opts['exclude_url'];
}
}
/****** END ORG CHECK *********/
if (!$url) {
if (!$row) {
//only use org url if it did not match any filtets locally
$url = $org_url;
} else {
// found local match
$url = $row['url'] ? $row['url'] : $opts['exclude_url'];
}
}
//handle expiration first
if (!$url && $campaign->option('adv_redir_clicks')->value < $opts['expiration']) {
$is_cloaked = 1;
$url = $opts['exclude_url'];
} elseif (!$url && ($opts['clickfrequency'] && $num_prev_visits >= $opts['clickfrequency'])) {
$is_cloaked = 1;
$url = $opts['exclude_url'];
} elseif (!isset($url) || !$url) {
//redirect to offer, no cloak
$is_cloaked = 0;
$url = '';
} else {
$is_cloaked = 1;
}
//Uptick click count, regardless of cloak status
$clicks = $campaign->option('adv_redir_clicks');
$clicks->value = $clicks->value + 1;
$clicks->save();
} else {
$options = $cloaker->options;
foreach ($options as $opt) {
$opts[$opt->name] = $opt->value;
}
$opts = array_merge(CloakerOptionModel::defaultOptions(), $opts);
//if the adv. redirect is paused
$is_cloaked = 0;
$url = $opts['exclude_url'];
$paused_redir = true;
}
//save click data, this will also set the clickid cookie :)
$tracker_controller = new TrackerController();
$url = $tracker_controller->saveData($campaign, $is_cloaked, $url);
if (!$is_cloaked && !$paused_redir) {
//record uncloaked (normal) visitors. First we redirect through the tracking system
$click_id = $_COOKIE['btclickid'];
$type = $campaign->option('redirect_method')->value;
echo getBTUrl() . "/tracker/advRedirect/?click_id={$click_id}&t={$type}";
} else {
if (!$is_cloaked && $paused_redir) {
echo $url;
} else {
echo $url;
}
}
exit;
}