/**
* @test
*/
public function whenTokenIsExpired()
{
require realpath(__DIR__ . '/../../../') . '/etc/app.php';
$db = $this->createMockDb();
$user = array_merge($this->createFixtureUser(), array('token_timestamp' => time() - TOKEN_VALID_TIME - 1));
$db->expects(any())->method('findUserByToken')->will(returnValue($user));
$checker = $this->createTokenChecker($db);
$request = $this->createValidRequest();
$this->assertErrorResponse(403, 'Token expired', $checker($request, $app));
}
function randomBenefit($return = false)
{
global $benefits;
$temp = array();
foreach ($benefits as $key => $ben) {
for ($i = 0; $i < count($ben); $i++) {
$temp[] = $key;
}
}
$arr = random($temp, true);
$val = ($arr == 'random' ? null : $arr) . "[br]" . random($benefits[$arr], true);
return returnValue($return, $val);
}
//change last name
//import general functions
require "functions.php";
//check input variables exist
if (isEmpty(@$_POST['newLastName'])) {
throw new GeneralException('Please enter your last name.', 00);
}
//read variables from POST to get the new last name
$newLastName = $_POST['newLastName'];
//conection to the database
$connectedDB = connectToDB();
//get data from the user logged in
session_start();
$id = $_SESSION['id'];
session_write_close();
//get data to update last name
$sql = "UPDATE users SET last_name='" . $newLastName . "' WHERE id=" . $id;
$userResource = pg_query($connectedDB, $sql);
//if the query no was succeful return an exception
if (!$userResource) {
throw new GeneralException('General Error.', 02);
} else {
// update the last name variable in current session
session_start();
$_SESSION['last_name'] = $newLastName;
session_write_close();
returnValue("ok.");
}
?>
if (isEmpty(@$_POST['fileName'])) {
die("missing data.");
}
//read variables from register user form
$name = $_POST['fileName'];
//open the file
$myfile = fopen("../fileUploads/" . $name, "r") or die("Unable to open file!");
//declare array
$data = array();
$data["name"] = array();
$data["count"] = array();
//initialize array counter
$counter = 0;
//fill the array with the information on the file
while (!feof($myfile)) {
$line = fgets($myfile);
if ($line === null) {
break;
}
$pieces = explode(" ", $line);
$data["name"][$counter] = $pieces[0];
$data["count"][$counter] = $pieces[2] * 1;
$counter++;
}
fclose($myfile);
//delete any empty spaces in the array name and count
$data["name"] = array_filter($data["name"]);
$data["count"] = array_filter($data["count"]);
//return to client the data
returnValue($data);
//query the db
$sql = "SELECT email, id, first_name, last_name FROM users WHERE email = '" . strtolower($email) . "'";
$userResource = pg_query($connectedDB, $sql);
$userResultData = pg_fetch_row($userResource);
//check if the email provided exist in db
if ($userResultData == NULL) {
throw new GeneralException('We cannot find that email. Have you registered?.', 02);
} else {
$email = $userResultData[0];
// get the email
//compiling full users name
$name = $userResultData[2] . " " . $userResultData[3];
$name = ucwords($name);
//generating a random hashed number for the new password
$generated_password = substr(md5(rand(999, 999999)), 0, 8);
//encrypt new password to update in the database
$password = md5($generated_password);
//create and excecute sql to change old password to new password
$sql = "UPDATE users SET password='******' WHERE email = '" . strtolower($email) . "'";
$newuserResource = pg_query($connectedDB, $sql);
//send email to user with new password to login
$subject = "Your password recovery";
$msg = "Hello " . $name . ",\n\n";
$msg = $msg . "Your new password is: " . $generated_password . "\n\n";
$msg = $msg . " -GenomePro Team";
//send and email to the user with new password to log in, needs to be changed when upload
//to the server
email($email, $name, $subject, $msg);
//return sent to the client
returnValue("Sent.");
}
$userResource = pg_query($connectedDB, $sql);
$userResultData = pg_fetch_row($userResource);
//if the user exist throw an exception
if ($userResultData != NULL) {
throw new GeneralException('A user with that email already exist.', 02);
}
//compare passwords to know they match
$passwordComparison = strcmp($pass, $confpass);
if ($passwordComparison !== 0) {
throw new GeneralException('Password and Password Confirmation do not match.', 01);
}
//create new user inactive
$sql = "INSERT INTO users (user_type, first_name, last_name, email, password, verified, ver_code) VALUES ('Regular User','" . $name . "','" . $lname . "','" . $email . "','" . $pass . "',0,'" . $ver_code . "')";
$newuserResource = pg_query($connectedDB, $sql);
//if the query no was succeful return an exception
if (!$newuserResource) {
throw new GeneralException('General Error.', 02);
}
//send email to user for him to know that needs to activate its account
$fullName = $name . ' ' . $lname;
$fullName = ucwords($fullName);
$subject = "New Account Creation";
$msg = "Hello " . $fullName . ",\n\n";
$msg = $msg . "FIU genome pro has created an account for you. Click on the following link to activate the account:\n\n";
$msg = $msg . "http://genomepro.cis.fiu.edu/CORE/activate.php?use=" . $ver_code . "\n\n";
$msg = $msg . " -GenomePro Team";
//send email to the user with php mailer, needs to be changed when upload to server
email($email, $fullName, $subject, $msg);
//return added to the client
returnValue("Added.");
//get logged user id, email, and name from session
session_start();
$id = $_SESSION['id'];
$email = $_SESSION['email'];
$fName = $_SESSION['first_name'];
$lName = $_SESSION['last_name'];
session_write_close();
//insert entry of file one in docs table and save into $idOne the id of the first entry
$sql = "INSERT INTO docs (user_id, doc_name, date, time_stamp) VALUES ('" . $id . "','" . $file_an["name"] . "','" . date("Y/m/d") . "','now()') RETURNING id";
$resultID = pg_query($connectedDB, $sql);
$row = pg_fetch_row($resultID);
$idOne = $row['0'];
//insert entry of file two and save into $idTwo the id of the second entry
$sql = "INSERT INTO docs (user_id, doc_name, date, time_stamp) VALUES ('" . $id . "','" . $file_result . ".results.txt','" . date("Y/m/d") . "','now()') RETURNING id";
$resultID = pg_query($connectedDB, $sql);
$row = pg_fetch_row($resultID);
$idResult = $row['0'];
//insert entry of file two and save into $idTwo the id of the second entry
$sql = "INSERT INTO data_type (user_id, an_uploaded_id, an_result_id, date, time_stamp) VALUES ('" . $id . "','" . $idOne . "','" . $idResult . "','" . date("Y/m/d") . "','now()')";
$resultID = pg_query($connectedDB, $sql);
//save in filesystem
if (!move_uploaded_file($file_an['tmp_name'], "../fileUploads/" . $idOne)) {
throw new GeneralException('File to be analyzed was not uploaded correctly.', 01);
}
//excecuting php in different proccess or thread
$call = $phpComp . ' ../CProgram/analyzeCProgram.php ' . $idOne . ' ' . $idResult . ' ' . $id . ' ' . $email . ' ' . $fName . ' ' . $lName . ' ' . $file_an["name"] . ' ' . $file_result . '.results.txt &';
shell_exec($call);
returnValue("ok." . $call);
?>
function uploadTransactionFile()
{
$return = returnValue();
//$filename = basename($_FILES["file"]["name"]);
$filename = "batchfile";
$target_dir = "../app/";
$target_file = $target_dir . $filename;
//Reject files that are not txt
if ($_FILES["file"]["type"] != "text/plain") {
$return->value = false;
$return->msg = "Invalid file type";
return $return;
}
if (!move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) {
$return->value = false;
$return->msg = "Upload failed";
return $return;
}
//Reject files that are not text/plain
$type = mime_content_type($target_file);
if ($type != "text/plain") {
$return->value = false;
$return->msg = "Invalid file type";
unlink($target_file);
return $return;
}
$return->value = $filename;
$return->msg = "Upload successful";
return $return;
}
function createTans($id)
{
$return = returnValue();
// get user's account number
$accountId = getAccountByUserId($id)->ID;
// generate 100 tans
for ($i = 0; $i < 100; $i++) {
$tanUnique = false;
while (!$tanUnique) {
$tan = generateTan();
// check if tan is unique
if (checkTanUniqueness($tan)) {
// save tan if it is unique
if (insertTan($tan, $accountId)) {
$tanUnique = true;
} else {
$return->value = false;
$return->msg = "Error inserting tans to DB";
return $return;
}
}
}
}
// send email to user with tans
if (!sendTanEmail($id, $accountId)) {
$return->value = false;
$return->msg = "Error sending tan email";
return $return;
}
$return->value = true;
$return->msg = "Tan creation process successful";
return $return;
}
//if email does not exist
if ($userResultData == NULL) {
throw new GeneralException('Email or password incorrect.', 02);
// email is not in the system
} elseif ($userResultData[6] != 1) {
throw new GeneralException('Please go to your email and verify your account.', 03);
// email is not in the system
} else {
//comparing password
$passwordComparison = strcmp($pass, $userResultData[0]);
if ($passwordComparison !== 0) {
throw new GeneralException('Email or password incorrect.', 04);
} else {
// email and password verified
//updating time logged in
session_start();
$_SESSION['time_logged_in'] = time();
$_SESSION['first_name'] = $userResultData[2];
$_SESSION['last_name'] = $userResultData[3];
$_SESSION['email'] = $userResultData[1];
$_SESSION['id'] = $userResultData[5];
session_write_close();
if ($userResultData[4] == 'Admin') {
//if user is admin
returnValue("admin.php");
} else {
//if user is regular user
returnValue("account.php");
}
}
}
if (isEmpty(@$_POST['id'])) {
die("missing data.");
}
//read variables from register user form
$id = $_POST['id'];
//get SESION INFO and check that user exists
session_start();
$userData = $_SESSION;
session_write_close();
if (is_null($userData)) {
header('Location: http://genomepro.cis.fiu.edu/index.php');
exit;
}
$sql = "SELECT user_type FROM users WHERE id = " . $userData['id'] * 1;
$userResource = pg_query($connectedDB, $sql);
$userResultData = pg_fetch_row($userResource);
//if the user exist throw an exception
if ($userResultData == NULL) {
throw new GeneralException('An error ocurred please log off and log back in.', 02);
}
//if user is not admin log off
if ($userResultData[0] != 'Admin') {
header('Location: http://genomepro.cis.fiu.edu/index.php');
exit;
}
$sql = "DELETE FROM users WHERE id=" . $id;
//query to database
$newuserResource = pg_query($connectedDB, $sql);
//return added to the client
returnValue("The user has been deleted.");
<?php
//import general functions
require "functions.php";
//checking if user is logged in
session_start();
$userData = $_SESSION;
session_write_close();
if (is_null($userData)) {
header('Location: http://genomepro.cis.fiu.edu/index.php');
exit;
}
//return sent to client
returnValue($userData);
//... remove some data
unset($arrayResult["arrives"][$key]["isHead"]);
unset($arrayResult["arrives"][$key]["destination"]);
unset($arrayResult["arrives"][$key]["stopId"]);
unset($arrayResult["arrives"][$key]["longitude"]);
unset($arrayResult["arrives"][$key]["latitude"]);
unset($arrayResult["arrives"][$key]["busPositionType"]);
unset($arrayResult["arrives"][$key]["busDistance"]);
//... and update the waiting time
$busArrivesIn = $arrival["busTimeLeft"];
if ($busArrivesIn >= $tmin && $busArrivesIn <= $tmax && $busArrivesIn < $currentWait) {
$currentWait = $busArrivesIn;
}
} else {
//Remove unwanted bus lines
unset($arrayResult["arrives"][$key]);
}
}
//Add the waiting time value and convert back to JSON
$arrayResult["wait"] = returnValue($currentWait);
print json_encode($arrayResult);
exit;
//Scale the waiting time for arduino (0..255 and 999999)
function returnValue($value)
{
global $tmin, $tmax, $NOBUS, $maxVoltage;
if ($value == $NOBUS) {
return $NOBUS;
}
return floor($maxVoltage * ($value - $tmin) / ($tmax - $tmin));
}
<?php
//contact us in home page
//import general functions
require "functions.php";
//check input variables exist
if (isEmpty(@$_POST['name'])) {
throw new GeneralException('Please enter your name.', 010);
} else {
if (isEmpty(@$_POST['from'])) {
throw new GeneralException('Please enter your email.', 011);
} else {
if (isEmpty(@$_POST['subject'])) {
throw new GeneralException('Please enter a subject.', 012);
} else {
if (isEmpty(@$_POST['msg'])) {
throw new GeneralException('Please enter a message.', 013);
}
}
}
}
//read variables from register user form
$name = $_POST['name'];
$email = $_POST['from'];
$subject = $_POST['subject'];
$msg = $_POST['msg'];
//send an email to the admin from the user, when upload to server needs to be changed
emailAdmin($email, $name, $subject, $msg);
//return sent to client
returnValue("sent.");
<?php
// to display the history of find differences
//import general functions
require "functions.php";
//conection to the database
$connectedDB = connectToDB();
//getting user logged in data
session_start();
$userData = $_SESSION;
session_write_close();
//check input variables exist
if (isEmpty(@$userData['id'])) {
die("missing data.");
}
//read variables from login user form
$id = $userData['id'];
//get data to populate history table
$sql = "\n\tSELECT doc_uploadedone.doc_name AS file1,\n\t doc_uploadedone.id AS file1id,\n\t doc_uploadedtwo.doc_name AS file2,\n\t doc_uploadedtwo.id AS file2id,\n\t doc_uploadedthree.doc_name AS file3,\n\t doc_uploadedthree.id AS file3id,\n find_differences.processed\n FROM find_differences,\n\t docs doc_uploadedone,\n\t docs doc_uploadedtwo,\n docs doc_uploadedthree\n\t WHERE find_differences.user_id = " . $id . " AND doc_uploadedone.id = find_differences.uploaded_id1 AND doc_uploadedtwo.id = find_differences.uploaded_id2 AND doc_uploadedthree.id = find_differences.result_id;";
//perform query and get results
$userResource = pg_query($connectedDB, $sql);
$userResultData = pg_fetch_all($userResource);
if ($userResultData == NULL) {
throw new GeneralException('No Files has been found.', 02);
} else {
returnValue($userResultData);
}
function emailWithAttachments($email, $name, $subject, $msg, $result_file, $file_name)
{
$from = "*****@*****.**";
// sender email
$senderName = $name;
// sender name
$to = $email;
// destination
$sub = $subject;
// subject
$message = $msg;
// message
$attach = $result_file;
// using gmail accounts for testing, we can change it once is on the server
$m = new PHPMailer();
// new php mailer object
$m->isSMTP();
// telling phpmailer we want to use the smpt option
$m->SMTPAuth = true;
// testing properties, for debuging
$m->Host = 'smtp.gmail.com';
// the smtp for gmail
$m->Username = '******';
// email for the gmail host
$m->Password = '******';
// password
$m->SMTPSecure = 'ssl';
// secure type
$m->Port = 465;
// port used
$m->From = $from;
// email sending from
$m->FromName = "Genome Pro Team";
// sender name
$m->addReplyTo($from, 'Reply address');
// method to reply to the sender
$m->addAddress($to, $senderName);
// send this to destination (admin)
$m->addAttachment($attach, $file_name);
$m->Subject = $sub;
// email subject
$m->Body = $message;
// message of the email
if ($m->send()) {
returnValue("sent.");
}
}
<?php
//logout
//import general functions
require "functions.php";
session_start();
session_unset();
// freeing all variables
session_destroy();
// destroying the session and redirecting the user to the main page
returnValue("OK.");
