/**
* Grab post data, but only if the CSRF token is valid
*
* @param InputFilterContainer $filterContainer - Type filter for POST data
* @param bool $ignoreCSRFToken - Don't validate CSRF tokens
*
* @return array|bool
* @throws SecurityAlert
*/
protected function post(InputFilterContainer $filterContainer = null, bool $ignoreCSRFToken = false)
{
if ($this->airship_http_method !== 'POST' || empty($_POST)) {
return false;
}
if ($ignoreCSRFToken) {
if ($filterContainer) {
try {
return $filterContainer($_POST);
} catch (\TypeError $ex) {
$this->log('Input validation threw a TypeError', LogLevel::ALERT, \Airship\throwableToArray($ex));
return false;
}
}
return $_POST;
}
if ($this->airship_csrf->check()) {
if ($filterContainer) {
try {
return $filterContainer($_POST);
} catch (\TypeError $ex) {
$this->log('Input validation threw a TypeError', LogLevel::ALERT, \Airship\throwableToArray($ex));
return false;
}
}
return $_POST;
}
$state = State::instance();
if ($state->universal['debug']) {
// This is only thrown during development, to be noisy.
throw new SecurityAlert(\__('CSRF validation failed'));
}
$this->log('CSRF validation failed', LogLevel::ALERT);
return false;
}
public function before()
{
parent::before();
if (!CSRF::check()) {
throw new ApplicationException("Cross site request forgery.", 403);
}
// Set base title
$this->template->title = array('Hacker Tees');
$this->template->section = NULL;
}
<div class="contents">
<h1>Indi</h1>
<p>Make a standalone Lobby app.</p>
<h2>Config</h2>
<?php
$appID = Request::postParam("appID");
if ($appID !== null && CSRF::check()) {
if ($appID === "") {
$this->removeData("appID");
} else {
$this->saveData("appID", $appID);
}
echo sss("Saved", "Settings has been saved.");
}
$appID = $this->getData("appID");
?>
<form action="<?php
echo Lobby::u("/admin/app/indi");
?>
" method="POST">
<label>
<span>App ID</span>
<select name="appID">
<option value="">Choose App:</option>
<?php
foreach (Lobby\Apps::getEnabledApps() as $app) {
echo "<option value='{$app}' " . ($appID === $app ? "selected='selected'" : "") . ">{$app}</option>";
}
?>
</select>
</label>
$some_name = session_name("JBIMSAdmission");
session_start();
}
include dirname(__FILE__) . '/config/config.php';
include dirname(__FILE__) . '/config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include dirname(__FILE__) . '/language/' . $language[$_GET['lang']] . '.php';
} else {
include dirname(__FILE__) . '/language/en.php';
}
$useremail = strip_tags(trim($_POST["useremail"]));
$verification = strip_tags(trim($_POST["captcha"]));
$finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8');
$finalverification = htmlspecialchars($verification, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('resend-form')) {
echo $lang['resend_activation_token_wrong_security_token'];
} else {
$datetime = date("Y-m-d H:i:s");
$searchblock = mysql_query("SELECT login_system_email_activation_status, login_system_email_activation_attempts, login_system_email_activation_blocked_time FROM " . $mysqltable_name_4 . " WHERE login_system_email_activation_useremail = '" . mysql_real_escape_string($finaluseremail) . "'");
$resultblock = mysql_num_rows($searchblock);
$blockResult = mysql_fetch_array($searchblock);
if ($SMTP == true) {
if ($mysql == true) {
if ($blockResult['login_system_email_activation_status'] == 0) {
if ($datetime > $blockResult['login_system_email_activation_blocked_time']) {
$search = mysql_query("SELECT * FROM " . $mysqltable_name_4 . " WHERE login_system_email_activation_useremail = '" . mysql_real_escape_string($finaluseremail) . "'");
$result = mysql_num_rows($search);
$searchuser = mysql_query("SELECT f_name, l_name, application_id FROM " . $mysqltable_name_1 . " WHERE email_id = '" . mysql_real_escape_string($finaluseremail) . "'");
$resultusercount = mysql_num_rows($searchuser);
$resultuser = mysql_fetch_array($searchuser);
<?php
require "../../../../load.php";
$file = \Request::postParam('cx74e9c6a45', '');
$appID = \Request::postParam('s7c8csw91', '');
if ($file != "" && CSRF::check()) {
if ($appID !== "") {
$App = new \Lobby\Apps($appID);
if ($App->exists && $App->enabled) {
$AppClass = $App->run();
$html = $AppClass->page("/ajax/{$file}");
if ($html === "auto") {
$html = $AppClass->inc("/src/ajax/{$file}");
}
echo $html;
}
} else {
if (\Lobby\FS::exists($file)) {
require_once \Lobby\FS::loc($file);
} else {
echo "fileNotFound";
}
}
}
include '../csrf_protection/csrf-class.php';
if (!isset($_SESSION)) {
$some_name = session_name("VedicaAdmission");
session_start();
}
include '../config/config.php';
include '../config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include '../language/' . $language[$_GET['lang']] . '.php';
} else {
include '../language/en.php';
}
$update_username = strip_tags(trim_awesome($_POST["update_username"]));
$update_finalusername = htmlspecialchars($update_username, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('update-username-form')) {
echo $lang['update_username_wrong_security_token'];
} else {
$usersearch = mysql_query("SELECT * FROM " . $admission_users . " WHERE application_id = " . mysql_real_escape_string_awesome($update_finalusername) . "");
$userresult = mysql_num_rows($usersearch);
$userquery = mysql_fetch_array($usersearch);
if ($userquery && $userquery['login_system_registrations_user_id'] != $_SESSION['userLogin']) {
echo $lang['update_username_already_taken'];
} else {
$update1 = "UPDATE " . $admission_users . " SET application_id = " . mysql_real_escape_string_awesome($update_finalusername) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery1 = mysql_query($update1);
$update2 = "UPDATE " . $mysqltable_name_2 . " SET login_system_login_attempts_username = "******" WHERE login_system_login_attempts_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery2 = mysql_query($update2);
$update3 = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_username = "******" WHERE login_system_forgot_password_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery3 = mysql_query($update3);
$update4 = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_username = "******" WHERE login_system_email_activation_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
<?php
$this->setTitle("New App");
?>
<div class="contents">
<h1>Add App</h1>
<?php
$app_info = array("id" => \Request::get("app_id"), "name" => \Request::get("app_name"), "git_url" => \Request::get("app_download"), "requires" => \Request::get("app_requires"), "short_description" => \Request::get("app_short_description"), "description" => \Request::get("app_description"), "category" => \Request::get("app_category"), "sub_category" => \Request::get("app_sub_category"), "version" => \Request::get("app_version"), "page" => \Request::get("app_page"), "author_id" => \Request::get("author_id"));
if (isset($_POST['app_id']) && array_search(null, $app_info) === false && CSRF::check()) {
$apps_sql = \Lobby\DB::getDBH()->prepare("SELECT COUNT(1) FROM `apps` WHERE `id` = ?");
$apps_sql->execute(array($app_info['id']));
if ($apps_sql->fetchColumn() != 0) {
ser("App Exists", "Hmmm... Looks like the App ID you submitted already exists either on App Center Or in the App Queue. " . \Lobby::l("/apps/{$app_info['id']}", "See Existing App"));
} else {
$app_info["logo"] = isset($_POST["app_logo"]) ? "1" : "0";
$lobby_web = isset($_POST['app_lobby_web']) ? 1 : 0;
$sql = \Lobby\DB::getDBH()->prepare("INSERT INTO `apps` (`id`, `name`, `version`, `logo`, `requires`, `git_url`, `description`, `short_description`, `category`, `sub_category`, `app_page`, `author`, `lobby_web`, `updated`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW());");
$sql->execute(array($app_info['id'], $app_info['name'], $app_info['version'], $app_info['logo'], $app_info['requires'], $app_info['git_url'], $app_info['description'], $app_info['short_description'], $app_info['category'], $app_info['sub_category'], $app_info['page'], $app_info['author_id'], $lobby_web));
require_once __DIR__ . "/../../inc/LobbyGit.php";
$LG = new LobbyGit($app_info["id"], $app_info["git_url"]);
$LG->register();
sss("App Added", "App was added to the repository");
}
}
?>
<form action="<?php
echo \Lobby::u();
?>
" method="POST">
<label>
<span>App ID</span>
}
include dirname(__FILE__) . '/config/config.php';
include dirname(__FILE__) . '/config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include dirname(__FILE__) . '/language/' . $language[$_GET['lang']] . '.php';
} else {
include dirname(__FILE__) . '/language/en.php';
}
$user_name = strip_tags(trim_awesome($_POST["username"]));
$password = strip_tags(trim_awesome($_POST["password"]));
$verification = strip_tags(trim_awesome($_POST["captcha"]));
$finalusername = htmlspecialchars($user_name, ENT_QUOTES, 'UTF-8');
$finalpassword = htmlspecialchars($password, ENT_QUOTES, 'UTF-8');
$finalverification = htmlspecialchars($verification, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('login-form')) {
echo $lang['login_wrong_security_token'];
} else {
$datetime = date("Y-m-d H:i:s");
$userInfo = mysql_query("SELECT login_system_registrations_user_id, application_id, password, salt FROM " . $admission_users . " WHERE application_id = " . mysql_real_escape_string_awesome($finalusername) . "");
$userQuery = mysql_num_rows($userInfo);
$userSql = mysql_fetch_array($userInfo);
$userstatus = mysql_query("SELECT login_system_email_activation_status FROM " . $mysqltable_name_4 . " WHERE login_system_email_activation_username = "******"");
$userselect = mysql_num_rows($userstatus);
$userresult = mysql_fetch_array($userstatus);
$infoUser = mysql_query("SELECT login_system_login_attempts_attempts, login_system_login_attempts_blocked_time FROM " . $mysqltable_name_2 . " WHERE login_system_login_attempts_username = "******"");
$queryUser = mysql_num_rows($infoUser);
$sqlUser = mysql_fetch_array($infoUser);
if ($userQuery == 1) {
if ($userresult['login_system_email_activation_status'] == 1) {
if ($datetime > $sqlUser['login_system_login_attempts_blocked_time']) {
include '../csrf_protection/csrf-class.php';
if (!isset($_SESSION)) {
$some_name = session_name("VedicaAdmission");
session_start();
}
include '../config/config.php';
include '../config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include '../language/' . $language[$_GET['lang']] . '.php';
} else {
include '../language/en.php';
}
$update_email = strip_tags(trim_awesome($_POST["update_email"]));
$update_finalemail = htmlspecialchars($update_email, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('update-email-form')) {
echo $lang['update_email_wrong_security_token'];
} else {
$emailsearch = mysql_query("SELECT * FROM " . $admission_users . " WHERE email_id = " . mysql_real_escape_string_awesome($update_finalemail) . "");
$emailresult = mysql_num_rows($emailsearch);
$emailquery = mysql_fetch_array($emailsearch);
if ($emailquery && $emailquery['login_system_registrations_user_id'] != $_SESSION['userLogin']) {
echo $lang['update_email_already_taken'];
} else {
$update1 = "UPDATE " . $admission_users . " SET email_id = " . mysql_real_escape_string_awesome($update_finalemail) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery1 = mysql_query($update1);
$update2 = "UPDATE " . $mysqltable_name_3 . " SET login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($update_finalemail) . " WHERE login_system_forgot_password_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery2 = mysql_query($update2);
$update3 = "UPDATE " . $mysqltable_name_4 . " SET login_system_email_activation_useremail = " . mysql_real_escape_string_awesome($update_finalemail) . " WHERE login_system_email_activation_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery3 = mysql_query($update3);
if ($updatequery1 && $updatequery2 && $updatequery3) {
echo sss("Removed", "The App <b>{$displayID}</b> was successfully removed.");
} else {
if ($action === "clear-data" && CSRF::check()) {
if ($App->clearData()) {
echo sss("Cleared Data", "The data of <b>{$displayID}</b> was successfully cleared from the database.");
}
} else {
if ($appID != null && $action == null && CSRF::check()) {
?>
<h1>Install App</h1>
<p>The install progress will be displayed below. If this doesn't work, try the <?php
echo \Lobby::l("/admin/install-app.php?app={$appID}&do=alternate-install" . CSRF::getParam(), "alternate install");
?>
.</p>
<?php
if (isset($_GET["do"]) && $_GET["do"] === "alternate-install" && CSRF::check()) {
?>
<iframe src="<?php
echo L_URL . "/admin/download.php?type=app&app={$appID}" . CSRF::getParam();
?>
" style="border: 0;width: 100%;height: 300px;"></iframe>
<?php
} else {
?>
<ul id="appInstallationProgress" class="collection"></ul>
<script>
lobby.load(function(){
lobby.installApp("<?php
echo $appID;
?>
", $("#appInstallationProgress"));
<?php
require "../../../../load.php";
if (isset($_POST['key']) && isset($_POST['value']) && CSRF::check()) {
$key = urldecode($_POST['key']);
$val = urldecode($_POST['value']);
if (!saveOption($key, $val)) {
echo "bad";
} else {
echo "good";
}
} else {
echo "fieldsMissing";
}
header('Cache-Control: no-cache');
$appID = Request::get("app");
$type = Request::get("type");
$isUpdate = Request::get("isUpdate") !== null;
// Turn off output buffering
ini_set('output_buffering', 'off');
// Turn off PHP output compression
ini_set('zlib.output_compression', false);
//Flush (send) the output buffer and turn off output buffering
//ob_end_flush();
while (@ob_end_flush()) {
}
// Implicitly flush the buffer(s)
ini_set('implicit_flush', true);
ob_implicit_flush(true);
if (CSRF::check() === false) {
exit;
}
if ($type == "app") {
$app = \Lobby\Server::store(array("get" => "app", "id" => $appID));
if ($app == "false") {
echo "Error - App '<b>{$appID}</b>' does not exist in Lobby.";
exit;
}
$name = $app['name'];
} else {
$name = "Lobby {$appID}";
}
$GLOBALS['name'] = $name;
?>
<p>
<?php
\Hooks::doAction("admin.head.begin");
\Response::head("Change Settings");
?>
</head>
<body>
<?php
\Hooks::doAction("admin.body.begin");
?>
<div id="workspace">
<div class="contents">
<?php
if (isset($_GET['updated']) && CSRF::check()) {
echo sss("Updated", "Lobby was successfully updated to Version <b>" . \Lobby::$version . "</b> from the old " . htmlspecialchars($_GET['oldver']) . " version.");
}
if (isset($_POST['update_settings']) && \CSRF::check()) {
/**
* Sadly, PHP supports GMT+ and not UTC+
*/
$time_zone = $_POST['timezone'];
if ($time_zone === "") {
Lobby\DB::saveOption("lobby_timezone", "UTC");
\Lobby\Time::loadConfig();
} else {
if (@date_default_timezone_set($time_zone)) {
Lobby\DB::saveOption("lobby_timezone", $time_zone);
\Lobby\Time::loadConfig();
} else {
echo ser("Invalid Timezone", "Your PHP server doesn't support the timezone " . htmlspecialchars($time_zone));
}
}
<?php
include '../csrf_protection/csrf-token.php';
include '../csrf_protection/csrf-class.php';
if (!isset($_SESSION)) {
$some_name = session_name("VedicaAdmission");
session_start();
}
include '../config/config.php';
include '../config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include '../language/' . $language[$_GET['lang']] . '.php';
} else {
include '../language/en.php';
}
$update_firstname = strip_tags(trim_awesome($_POST["update_firstname"]));
$update_lastname = strip_tags(trim_awesome($_POST["update_lastname"]));
$update_finalfirstname = htmlspecialchars($update_firstname, ENT_QUOTES, 'UTF-8');
$update_finallastname = htmlspecialchars($update_lastname, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('update-account-form')) {
echo $lang['update_account_wrong_security_token'];
} else {
$update1 = "UPDATE " . $admission_users . " SET f_name = " . mysql_real_escape_string_awesome($update_finalfirstname) . ", l_name = " . mysql_real_escape_string_awesome($update_finallastname) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery1 = mysql_query($update1);
if ($updatequery1) {
echo $lang['update_account_successful'];
} else {
echo $lang['update_account_unsuccessful'];
}
}
/**
* Give warning when using SQLite on a web server
*/
echo "<a class='btn red' href='?step=3&db_type=sqlite" . CSRF::getParam() . "'>SQLite</a><p style='color:red;'>WARNING<br/>It is very unsafe to use SQLite on a non localhost server</p>";
}
} else {
echo "<a class='btn disabled'>SQLite Not Available</a><p>Lobby Requires SQLite version atleast 3.8</p>";
}
?>
</td>
</tr>
</tbody>
</table>
<?php
} else {
if ($install_step === "3" && CSRF::check()) {
$db_type = Request::get("db_type");
/**
* We call it again, so that the user had already went through the First Step
*/
if (\Lobby\Install::step1() === false) {
// The stuff mentioned in step 1 hasn't been done
} else {
if (isset($_POST['submit'])) {
if ($db_type === "mysql") {
$dbhost = \Request::postParam('dbhost', "");
$dbport = \Request::postParam('dbport', "");
$dbname = \Request::postParam('dbname', "");
$username = \Request::postParam('dbusername', "");
$password = \Request::postParam('dbpassword', "");
$prefix = \Request::postParam('prefix', "");
?>
<div class="contents">
<?php
if ($app_edit && isset($_GET['update']) && !isset($_GET['app-updated'])) {
require_once $this->dir . "/src/inc/LobbyGit.php";
$lg = new \LobbyGit($AppID, $app_info['git_url']);
$lg->update();
Response::redirect("/me/app/{$AppID}?app-updated");
}
if (isset($_POST['app_name'])) {
$app_info_required = array("id" => $app_edit ? $path[3] : \Request::get("app_id"), "name" => \Request::get("app_name"), "git_url" => \Request::get("app_src"), "description" => \Request::get("app_description"), "category" => \Request::get("app_category"), "sub_category" => \Request::get("app_sub_category"), "app_page" => \Request::get("app_page"));
$app_info = array_merge($app_info, $app_info_required);
$app_info["lobby_web"] = isset($_POST["app_lobby_web"]) ? "1" : "0";
$app_info["logo"] = isset($_POST["app_logo"]) ? "1" : "0";
}
if (isset($_POST['app_name']) && CSRF::check() && array_search(null, $app_info_required) === false) {
$apps_sql = \Lobby\DB::getDBH()->prepare("SELECT COUNT(1) FROM `apps` WHERE `id` = ?");
$apps_sql->execute(array($app_info['id']));
$queue_sql = \Lobby\DB::getDBH()->prepare("SELECT COUNT(1) FROM `apps_queue` WHERE `id` = ?");
$queue_sql->execute(array($app_info['id']));
if ($app_edit != true && ($queue_sql->fetchColumn() != 0 || $apps_sql->fetchColumn() != 0)) {
ser("App Exists", "Hmmm... Looks like the App ID you submitted already exists either on App Center Or in the App Queue. " . \Lobby::l("/apps/{$app_info['id']}", "See Existing App"));
} else {
if ($app_edit != true && preg_match("/\\b(?:(?:https?|ftp):\\/\\/|www\\.)[-a-z0-9+&@#\\/%?=~_|!:,.;]*[-a-z0-9+&@#\\/%=~_|]/i", $app_info['git_url']) == 0) {
ser("Invalid URL", "The app's source code URL you provided was invalid.");
} else {
if ($app_edit != true) {
$sql = \Lobby\DB::getDBH()->prepare("INSERT INTO `apps_queue` (`id`, `name`, `src`, `description`, `category`, `sub_category`, `app_page`, `author`, `updated`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW());");
$sql->execute(array($app_info['id'], $app_info['name'], $app_info['git_url'], $app_info['description'], $app_info['category'], $app_info['sub_category'], $app_info['app_page'], \Fr\LS2::$user));
$admin_access_token = \Fr\LS2::getUser("username", 1);
require_once $this->dir . "/src/inc/open.auth.php";
switch ($action) {
case "disable":
echo sss("Disabled", "The App <strong>{$appIDEscaped}</strong> has been disabled.");
break;
case "disable-fail":
echo ser("Error", "The App <strong>{$appIDEscaped}</strong> couldn't be disabled. Try again.");
break;
case "enable":
echo sss("Enabled", "The App <strong>{$appIDEscaped}</strong> has been enabled.");
break;
case "enable-fail":
echo ser("Error", "The App couldn't be enabled. Try again.", false);
break;
}
} else {
if ($action !== null && CSRF::check()) {
if ($action === "remove") {
/**
* Do not show app info during confirmation
*/
$showAppInfo = false;
echo sme("Confirm", "<p>Are you sure you want to remove the app <b>{$appIDEscaped}</b> ? This cannot be undone.</p>" . Lobby::l("/admin/install-app.php?action=remove&app={$appID}" . CSRF::getParam(), "Yes, I'm sure", "class='btn red'") . Lobby::l("/admin/apps.php?app={$appID}" . CSRF::getParam(), "No, I'm not", "class='btn blue' id='cancel'"));
} else {
if ($action === "clear-data") {
$showAppInfo = false;
echo sme("Confirm", "<p>Are you sure you want to clear the data of app <b>{$appIDEscaped}</b> ? This cannot be undone.</p>" . Lobby::l("/admin/install-app.php?action=clear-data&app={$appID}" . CSRF::getParam(), "Yes, I'm sure", "class='btn red'") . Lobby::l("/admin/apps.php?app={$appID}" . CSRF::getParam(), "No, I'm not", "class='btn blue' id='cancel'"));
}
}
}
}
if ($showAppInfo) {
include dirname(__FILE__) . '/csrf_protection/csrf-class.php';
if (!isset($_SESSION)) {
$some_name = session_name("VedicaAdmission");
session_start();
}
include dirname(__FILE__) . '/config/config.php';
include dirname(__FILE__) . '/config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include dirname(__FILE__) . '/language/' . $language[$_GET['lang']] . '.php';
} else {
include dirname(__FILE__) . '/language/en.php';
}
$useremail = strip_tags(trim_awesome($_POST["useremail"]));
$finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('complete-social-register-form')) {
echo $lang['complete_registration_wrong_security_token'];
} else {
if ($_SESSION['loginProviderID'] && $_SESSION['loginProviderDisplayName']) {
$config = dirname(__FILE__) . '/hybridauth/config.php';
include dirname(__FILE__) . '/hybridauth/Hybrid/Auth.php';
try {
$hybridauth = new Hybrid_Auth($config);
$provider = @trim(strip_tags($_GET["provider"]));
$adapter = $hybridauth->getAdapter($provider);
$finalemailtoken = md5(uniqid(rand(), true));
$datetime = date("Y-m-d H:i:s");
$expiretokenemail = date("Y-m-d H:i:s", strtotime('+1 hour'));
$duplicate = mysql_query("SELECT * FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($finaluseremail) . "");
$result = mysql_num_rows($duplicate);
if ($result == 0) {
$some_name = session_name("VedicaAdmission");
session_start();
}
include dirname(__FILE__) . '/config/config.php';
include dirname(__FILE__) . '/config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include dirname(__FILE__) . '/language/' . $language[$_GET['lang']] . '.php';
} else {
include dirname(__FILE__) . '/language/en.php';
}
$useremail = strip_tags(trim_awesome($_POST["useremail"]));
$verification = strip_tags(trim_awesome($_POST["captcha"]));
$finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8');
$finalverification = htmlspecialchars($verification, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('forgot-form')) {
echo $lang['forgot_wrong_security_token'];
} else {
$datetime = date("Y-m-d H:i:s");
$searchblock = mysql_query("SELECT login_system_forgot_password_attempts, login_system_forgot_password_blocked_time FROM " . $mysqltable_name_3 . " WHERE login_system_forgot_password_useremail = " . mysql_real_escape_string_awesome($finaluseremail) . "");
$resultblock = mysql_num_rows($searchblock);
$blockResult = mysql_fetch_array($searchblock);
$searchid = mysql_query("SELECT login_system_registrations_user_id FROM " . $admission_users . " WHERE email_id = " . mysql_real_escape_string_awesome($finaluseremail) . "");
$resultid = mysql_num_rows($searchid);
$queryid = mysql_fetch_array($searchid);
if ($SMTP == true) {
if ($mysql == true) {
if ($datetime > $blockResult['login_system_forgot_password_blocked_time']) {
$search = mysql_query("SELECT application_id, f_name, l_name FROM " . $admission_users . " WHERE email_id = " . mysql_real_escape_string_awesome($finaluseremail) . "");
$result = mysql_num_rows($search);
$resultInfo = mysql_fetch_array($search);
$useremail = strip_tags(trim($_GET["email"]));
$passtoken = strip_tags(trim($_GET["token"]));
$finaluseremail = htmlspecialchars($useremail, ENT_QUOTES, 'UTF-8');
$finalpasstoken = htmlspecialchars($passtoken, ENT_QUOTES, 'UTF-8');
$passtime = date("Y-m-d H:i:s");
$selectexpire = mysql_query("SELECT * FROM " . $mysqltable_name_3 . " WHERE login_system_forgot_password_token = '" . mysql_real_escape_string($finalpasstoken) . "' AND login_system_forgot_password_expire > '" . mysql_real_escape_string($passtime) . "'");
$resultexpire = mysql_num_rows($selectexpire);
if ($resultexpire == 1) {
$search = mysql_query("SELECT login_system_forgot_password_useremail, login_system_forgot_password_token FROM " . $mysqltable_name_3 . " WHERE login_system_forgot_password_useremail = '" . mysql_real_escape_string($finaluseremail) . "' AND login_system_forgot_password_token = '" . mysql_real_escape_string($finalpasstoken) . "'");
$result = mysql_num_rows($search);
if ($result == 1) {
$newpassword = strip_tags(trim($_POST["password"]));
$newretypepassword = strip_tags(trim($_POST["retypepassword"]));
$newfinalpass = htmlspecialchars($newpassword, ENT_QUOTES, 'UTF-8');
$newfinalretypepass = htmlspecialchars($newretypepassword, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('newpassword-form')) {
echo $lang['new_password_wrong_security_token'];
} else {
include dirname(__FILE__) . '/php-pass-framework/PasswordHash.php';
$hasher = new PasswordHash(8, false);
$finalsalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$newpassword = $hasher->HashPassword($newfinalpass . $finalsalt . $passwordsalt);
$update = "UPDATE " . $mysqltable_name_1 . " SET password = '******', salt = '" . mysql_real_escape_string($finalsalt) . "' WHERE email_id = '" . mysql_real_escape_string($finaluseremail) . "'";
$updatequery = mysql_query($update);
if ($updatequery) {
echo $lang['new_password_successful'];
} else {
echo $lang['new_password_unsuccessful'];
}
}
} else {
<?php
$this->setTitle("Admin");
?>
<div class="contents">
<h1>Lobby Admin</h1>
<?php
echo \Lobby::l("/admin/app/lobby-server/new-app", "New App", "class='btn green' clear");
echo \Lobby::l("/admin/app/lobby-server/downloads", "Download Stats", "class='btn' clear");
echo \Lobby::l("https://lobby-subins.rhcloud.com/phpmyadmin", "Database", "class='btn red' clear target='_blank'");
echo \Lobby::l("/admin/app/lobby-server?clear-git-cache" . \CSRF::getParam(), "Clear Git Cache", "class='btn orange' clear");
if (isset($_GET["clear-git-cache"]) && \CSRF::check()) {
\Lobby\DB::getDBH()->exec("TRUNCATE TABLE `git_cache`");
echo "<h2>cleared</h2>";
}
?>
</div>
require_once __DIR__ . '/../includes/helpers.php';
require_once __DIR__ . '/../loader.php';
if (empty($_GET['id']) and empty($_GET['slug'])) {
redirect_to("index.php");
}
if (isset($_GET['id'])) {
$p = Pics::getPic($_GET['id']);
} else {
$p = Pics::getBySlug($_GET['slug']);
}
$c = Comment::findComments($p->id);
if (!$p) {
redirect_to("index.php");
}
if (isset($_POST['submit'])) {
if (CSRF::check($_POST['token'])) {
$author = htmlspecialchars($_POST['author']);
$body = htmlspecialchars($_POST['body']);
$comment = Comment::make($p->id, $author, $body);
if ($comment) {
$comment->create();
$msg = opmsg("Comment posted successfully and awaiting moderation!", "success");
} else {
$msg = opmsg("Failed", "danger");
}
} else {
$msg = opmsg("Failed", "danger");
}
} else {
$author = "";
$body = "";
<?php
use Fr\Process;
$appID = \Request::postParam("id");
if (!CSRF::check()) {
echo json_encode(array("statusID" => "error", "status" => "CSRF Token didn't match"));
} else {
if ($appID === null) {
echo json_encode(array("statusID" => "error", "status" => "Invalid App ID"));
} else {
/**
* A queue of App downloads
*/
$appInstallQueue = Lobby\DB::getJSONOption("lobby_app_downloads");
/**
* If the $appID is in the queue, then give the download status of it
* If the updated value is less than 20 seconds ago, then restart the download
*/
if (isset($appInstallQueue[$appID]) && $appInstallQueue[$appID]["updated"] > strtotime("-20 seconds")) {
echo json_encode(array("statusID" => $appInstallQueue[$appID]["statusID"], "status" => $appInstallQueue[$appID]["status"]));
} else {
$appInfo = \Lobby\Server::store(array("get" => "app", "id" => $appID));
/**
* App doesn't exist on Lobby Store
*/
if ($appInfo === "false") {
echo json_encode(array("status" => "error", "error" => "App Doesn't Exist"));
} else {
$appName = $appInfo["name"];
$Process = new Process(Process::getPHPExecutable(), array("arguments" => array(L_DIR . "/admin/ajax/install-app-bg.php", \Lobby::getLID(), base64_encode(serialize($_SERVER)), $appID)));
/**
include '../csrf_protection/csrf-class.php';
if (!isset($_SESSION)) {
$some_name = session_name("VedicaAdmission");
session_start();
}
include '../config/config.php';
include '../config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include '../language/' . $language[$_GET['lang']] . '.php';
} else {
include '../language/en.php';
}
$update_social_email = strip_tags(trim_awesome($_POST["update_social_useremail"]));
$update_final_social_email = htmlspecialchars($update_social_email, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('update-social-account')) {
echo $lang['update_social_account_wrong_security_token'];
} else {
$emailsearch = mysql_query("SELECT * FROM " . $mysqltable_name_5 . " WHERE login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($update_final_social_email) . "");
$emailresult = mysql_num_rows($emailsearch);
$emailquery = mysql_fetch_array($emailsearch);
if ($emailquery && $emailquery['login_system_register_social_networks_provider_user_id'] != $_SESSION['loginProviderID']) {
echo $lang['update_social_account_already_taken'];
} else {
$update1 = "UPDATE " . $mysqltable_name_5 . " SET login_system_register_social_networks_email = " . mysql_real_escape_string_awesome($update_final_social_email) . " WHERE login_system_register_social_networks_provider_user_id = " . mysql_real_escape_string_awesome($_SESSION['loginProviderID']) . "";
$updatequery1 = mysql_query($update1);
if ($updatequery1) {
echo $lang['update_social_account_successful'];
} else {
echo $lang['update_social_account_unsuccessful'];
}
<?php
if (isset($_POST['diary']) && CSRF::check()) {
// Set name
$this->saveData("name", $_POST['diary']);
}
?>
<div class="contents">
<h1>Diary</h1>
<p style="font-style: italic;margin-bottom: 20px;">Saving memories of your life</p>
<h2>Entries</h2>
<p>Choose a date to view it's entry or <?php
echo $this->l("/entry", "write today's", "class='btn'");
?>
</p>
<div class="datepicker" style="margin: 10px auto;"></div>
<?php
if (isset($_POST['diary'])) {
echo sss("Name Set", "Your diary's name has been set.");
}
?>
<h2>Name</h2>
<form action="<?php
echo \Lobby::u();
?>
" method="POST">
<p>Want to name your diary ?</p>
<?php
CSRF::getInput();
?>
<input type="text" name="diary" placeholder="Type name here... (Kitty, John)" value="<?php
if (!isset($_SESSION)) {
$some_name = session_name("VedicaAdmission");
session_start();
}
include '../config/config.php';
include '../config/functions.php';
$language = array('en' => 'en', 'pt' => 'pt');
if (isset($_GET['lang']) and array_key_exists($_GET['lang'], $language)) {
include '../language/' . $language[$_GET['lang']] . '.php';
} else {
include '../language/en.php';
}
$update_password = strip_tags(trim_awesome($_POST["update_password"]));
$update_retypepassword = strip_tags(trim_awesome($_POST["update_retypepassword"]));
$update_finalpass = htmlspecialchars($update_password, ENT_QUOTES, 'UTF-8');
$update_finalretypepass = htmlspecialchars($update_retypepassword, ENT_QUOTES, 'UTF-8');
if (!CSRF::check('update-password-form')) {
echo $lang['update_password_wrong_security_token'];
} else {
include '../php-pass-framework/PasswordHash.php';
$hasher = new PasswordHash(8, false);
$finalsalt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
$newpassword = $hasher->HashPassword($update_finalpass . $finalsalt . $passwordsalt);
$update = "UPDATE " . $admission_users . " SET password = "******", salt = " . mysql_real_escape_string_awesome($finalsalt) . " WHERE login_system_registrations_user_id = " . mysql_real_escape_string_awesome($_SESSION['userLogin']) . "";
$updatequery = mysql_query($update);
if ($updatequery) {
echo $lang['update_password_successful'];
} else {
echo $lang['update_password_unsuccessful'];
}
}
<?php
require "../../../../load.php";
$app = Request::postParam('appID');
$key = Request::postParam('key');
$val = Request::postParam('value');
if ($app !== null && $key !== null && $val !== null && CSRF::check()) {
$App = new Lobby\Apps($app);
if (!$App->exists) {
die("bad");
}
var_dump($key);
if (!$App->getInstance()->saveData($key, $val)) {
die("bad");
}
} else {
echo "fieldsMissing";
}
Singleton::getInstance('Clockwork')->init();
// --- error handling
if (!Config::getSetting('debug')) {
error_reporting(0);
ini_set('display_errors', false);
}
// --- sanitize
if (Clockwork::isLibraryLoaded('sanitize') && Config::getSetting('sanitize_request')) {
$_REQUEST = array();
$_GET = sanitize($_GET);
$_POST = sanitize($_POST);
}
// --- CSRF
if (Clockwork::isModuleLoaded('CSRF') && $_POST) {
try {
CSRF::check($_POST['CSRF-key']);
} catch (Exception $e) {
unset($_POST);
$_POST = [];
}
}
// --- locale
if (Config::getSetting('locale', false)) {
setlocale(LC_ALL, Config::getSetting('locale'));
}
// --- Login
if (Clockwork::isModuleLoaded('Login') && !defined('CW_CRON') && !defined('CW_SKIP_LOGIN')) {
new Login();
$_loginpage = Config::getSetting('login_loginpage', false, false) ? Config::getSetting('login_loginpage') : 'login/';
$_allowed = Config::getSetting('login_no_login', false, false) ? Config::getSetting('login_no_login') : [];
$_allowed[] = $_loginpage;
}
?>
<p>
Looks like everything is ok. Hope you backed up Lobby installation & Database.
<div clear></div>
You can update now.
</p>
<?php
echo \Lobby::l("/admin/update.php?step=2" . CSRF::getParam(), "Start Update", "clear class='btn green'");
} elseif ($step == 2) {
$version = Lobby\DB::getOption("lobby_latest_version");
echo '<iframe src="' . L_URL . "/admin/download.php?type=lobby" . CSRF::getParam() . '" style="border: 0;width: 100%;height: 200px;"></iframe>';
}
}
$shouldUpdate = Request::postParam("updateApp");
if ($action === "updateApps" && is_array($shouldUpdate) && CSRF::check()) {
foreach ($shouldUpdate as $appID) {
echo '<iframe src="' . L_URL . "/admin/download.php?type=app&app={$appID}&isUpdate=1" . CSRF::getParam() . '" style="border: 0;width: 100%;height: 200px;"></iframe>';
}
}
if ($step === null) {
echo "<h2>Apps</h2>";
}
$appUpdates = Update::getApps();
if ($step === null && empty($appUpdates)) {
echo "<p>All apps are up to date.</p>";
} else {
if ($step === null && isset($appUpdates) && count($appUpdates)) {
?>
<p>New versions of apps are available. Choose which apps to update from the following :</p>
<form method="POST" clear>
