Exemple #1
0
function secure_get_data($lat, $lng, $radius, $key)
{
    // $radius = 12000;
    //$cordinate = get_geometry($address);
    // $query = "select *from markers where GeoDistDiff('mi','".$cordinate['lat']."','".$cordinate['lon']."',lat,lng)<".$radius;
    if (validate_key($key)) {
        $query = "select *from markers where GeoDistDiff('mi','" . $lat . "','" . $lng . "',lat,lng)<" . $radius;
        $db = getConnection();
        $stmt = $db->query($query);
        $all_cities = $stmt->fetchAll(PDO::FETCH_OBJ);
        //$db = null;
        echo json_encode($all_cities);
    } else {
        $data = array("error" => true, "message" => "your key expire please login");
        echo json_encode($data);
    }
}
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
include_once 'hndl/common.php';
include_once 'inc/game.php';
$return_page = 'gold';
do {
    // Dummy Loop
    if (!isset($_REQUEST['key']) || !validate_key($_REQUEST['key'])) {
        $return_codes[] = 1121;
        break;
    }
    $key = $_REQUEST['key'];
    $user = 0;
    $db_user = isset($db_user) ? $db_user : new DB(true);
    $rs = $db_user->get_db()->query("select `user` from gold_keys where `key` = '" . $key . "' and `used` <= 0 limit 1");
    $rs->data_seek(0);
    if ($row = $rs->fetch_assoc()) {
        $user = $row['user'];
    } else {
        $return_codes[] = 1123;
        break;
    }
    if ($user <= 0) {
<?php

require '../utility/common.php';
require '../utility/htmlcommon.php';
logged_out();
validate_key();
$params = validate_params('POST', array('email'), array(FILTER_VALIDATE_EMAIL), array(FILTER_SANITIZE_EMAIL));
if (!$params) {
    error('Invalid params', 'login.php');
}
$select_db = connect('select');
$stmt = dbexec($select_db, 'SELECT username FROM users WHERE email = ?', array($params['email']), array(PDO::PARAM_STR));
$res = $stmt->fetch(PDO::FETCH_ASSOC);
if ($stmt->rowCount() === 0) {
    echo 'That email does not exist in our database';
    die;
}
$message = 'Hello, you recently requested to recover your username for the account associated
			with this email at Classmatches. If you did not request this information, we suggest
			you change your password at Classmatches as soon as possible. Your username is: ' . $res['username'] . '. Thank you for using Classmatches.';
$message = wordwrap($message, 100);
mail($params['email'], 'Username account recovery', $message, 'From: accountrecovery@classmatches.com');
top(false, 'Account recovery submit');
?>
		<div>
			<p>An email has been sent to <?php 
echo htmlspecialchars($params['email']);
?>
 with your username</p>
			<p><a href="login.php">Log In</a></p>
		</div>
Exemple #4
0
 function _doc_upload()
 {
     //cek token is valid
     print "test";
     print $this->input->get_post("token");
     $is_valid = validate_key($this->input->get_post("token"));
     print $is_valid;
     if (!$is_valid) {
         if ($this->agent->is_referral()) {
             //echo $this->agent->referrer();
             set_message("error", "Your form has expired, reload page and then submit again");
             redirect($this->module . "add");
         } else {
             redirect($this->module . "add");
         }
         exit;
     }
     //$category=$this->input->post("category")?$this->input->post("category"):"0";
     $uploadPath = "docs/wa_doc/raw/";
     check_folder($uploadPath);
     $config['upload_path'] = $uploadPath;
     $config['allowed_types'] = "docx|doc|jpg|jpeg|png|bmp|xls|xlsx|pdf";
     $this->load->library('upload', $config);
     if (!$this->upload->do_upload()) {
         $error = $this->upload->display_errors();
         print $error;
         set_message("error", $error);
         if ($this->agent->is_referral) {
             redirect($this->agent->referrer());
         }
         exit;
     } else {
         $tmpName = basename($_FILES["userfile"]["tmp_name"]);
         $data = $this->upload->data();
         $data["file_temp"] = $tmpName;
         return $data;
     }
     return FALSE;
 }
Exemple #5
0
 function comments_reply_save()
 {
     //debug();
     $is_valid = validate_key($this->input->get_post("token"));
     if (!$is_valid) {
         if ($this->agent->is_referral()) {
             set_message("error", "Your form has expired, reload page and then submit again");
             redirect($this->agent->referrer());
         } else {
             redirect($this->module . "doc_add");
         }
         exit;
     }
     $data = get_post();
     $this->conn->StartTrans();
     $this->adodbx->Insert("cms_comments", $data);
     $ok = $this->conn->CompleteTrans();
     if ($ok) {
         if (!$this->input->is_ajax_request()) {
             redirect($this->agent->referrer());
         } else {
             print "ok";
         }
     } else {
         print "failed";
     }
 }
if (isset($_POST['password'])) {
    $password = fix_string($_POST['password']);
}
if (isset($_POST['email'])) {
    $email = fix_string($_POST['email']);
    $em_val = $email;
}
if (isset($_POST['key'])) {
    $key = fix_string($_POST['key']);
    $key_val = $key;
}
if (isset($_POST['submit'])) {
    $fail = validate_username($username);
    $fail .= validate_password($password);
    $fail .= validate_email($email);
    $fail .= validate_key($key);
    if ($fail == "" && isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']) && isset($_POST['key'])) {
        $connection = new mysqli($db_hostname, $db_username, $db_password, $db_database);
        $un_temp = mysql_entities_fix_string($connection, $_POST['username']);
        $pw_temp = mysql_entities_fix_string($connection, $_POST['password']);
        $em_temp = mysql_entities_fix_string($connection, $_POST['email']);
        $key_temp = mysql_entities_fix_string($connection, $_POST['key']);
        $query = "SELECT * FROM users WHERE username='******'";
        $query2 = "SELECT * FROM users WHERE email='{$em_temp}'";
        $query3 = "SELECT used FROM user_keys WHERE user_key='{$key_temp}'";
        $result = $connection->query($query);
        $result2 = $connection->query($query2);
        $result3 = $connection->query($query3);
        if (!$result) {
            die($connection->error);
        } elseif ($result->num_rows) {
Exemple #7
0
    return $app['twig']->render('register.twig', array('userdata' => array('key' => $key)));
});
$root->get('/register', function () use($app) {
    // return "no key lol";
    return $app['twig']->render('invalid.twig');
});
$root->post('/register', function () use($app) {
    $error = array();
    $request = $app['request_stack']->getCurrentRequest();
    $userdata = array();
    $userdata['username'] = $request->get('username');
    $userdata['password'] = $request->get('password');
    $userdata['confirm'] = $request->get('cfpassword');
    $userdata['email'] = $request->get('email');
    $userdata['key'] = $request->get('key');
    if (!validate_key($userdata['key'])) {
        $error[] = 'yo that\'s an invalid key';
    }
    if (empty($userdata['username'])) {
        $error[] = 'No username specified';
    }
    if (strlen($userdata['username']) > 24 || strlen($userdata['username']) < 4) {
        $error[] = 'Username is too long or too short. (min. length is 4, max. length is 24)';
    }
    if (strlen($userdata['password']) > 24 || strlen($userdata['password']) < 8) {
        $error[] = 'Password is too long or too short. (min. length is 8, max. length is 24)';
    }
    if ($userdata['password'] != $userdata['confirm']) {
        $error[] = 'Password confirmation does not match.';
    }
    if (empty($userdata['email'])) {
Exemple #8
0
function validate_all($parameters)
{
    $result = validate_domain_ip($parameters['AIP']) && validate_protocol($parameters['protocol']) && \validate_port($parameters['port']) && validate_domain_ip($parameters['SIP']) && validate_protocol($parameters['access_proto']) && validate_port($parameters['access_port']) && validate_key($parameters['RIJK']);
    return $result;
}
 $db_user = isset($db_user) ? $db_user : new DB(true);
 if (!($st = $db_user->get_db()->prepare('insert into gold_keys (`type`, `key`, `time`) values (?, ?, ?)'))) {
     error_log(__FILE__ . '::' . __LINE__ . " Prepare failed: (" . $db_user->get_db()->errno . ") " . $db_user->get_db()->error);
     $return_codes[] = 1006;
     break;
 }
 $type = 0;
 $key = '';
 $time = PAGE_START_TIME;
 $st->bind_param("isi", $type, $key, $time);
 foreach ($keys as $key) {
     $key = trim($key);
     if ($key == '') {
         continue;
     }
     if (!validate_key($key)) {
         $return_codes[] = 1121;
         break 2;
     }
     $type_str = substr($key, 9, 4);
     switch ($type_str) {
         case 'GIFT':
             $type = 1;
             break;
         default:
             $type = 0;
             break;
     }
     $time_str = substr($key, 14, 3);
     $time = 86400;
     if (is_numeric($time_str)) {