public function processMemberViewSecurityCheck($inputMemberID, $encryptedID)
{
$valid = false;
try {
if (EncryptionUtilities::checkStringMatchesHash($inputMemberID, $encryptedID)) {
$valid = true;
}
} catch (Exception $ex) {
$valid = false;
echo 'Caught exception: ', $ex->getMessage(), "\n";
}
return $valid;
}
public function processBandViewSecurityCheck($memberID, $bandID, $key)
{
$valid = false;
try {
if ($memberID != null && $bandID != null && $key != null) {
if (EncryptionUtilities::checkStringMatchesHash($bandID . $memberID, $key)) {
$valid = true;
}
}
} catch (Exception $ex) {
$valid = false;
echo 'Caught exception: ', $ex->getMessage(), "\n";
}
return $valid;
}
public function generateSubmissionKey($memberID, $dbConnection = null)
{
$returnValue = null;
try {
$memberKey = rand(1000, 9999) . $memberID . time();
$submissionKey = EncryptionUtilities::encryptString($memberKey);
if ($submissionKey != null) {
if (MemberSubmissionDao::insertMemberSubmission($memberID, $submissionKey, $dbConnection)) {
$returnValue = trim($submissionKey);
}
}
} catch (Exception $ex) {
$returnValue = null;
}
return $returnValue;
}
public function processAdvertisementPositionSecurityCheck($memberID, $inputMemberID, $encryptedID)
{
$valid = false;
try {
if ($inputMemberID != null && $encryptedID != null) {
//Check that the submitted ID matches the value currently logged into Facebook.
if ($inputMemberID == $memberID) {
if (EncryptionUtilities::checkStringMatchesHash($memberID, $encryptedID)) {
$valid = true;
}
}
}
} catch (Exception $ex) {
$valid = false;
echo 'Caught exception: ', $ex->getMessage(), "\n";
}
return $valid;
}
$dbConnection = DatabaseUtilities::getDatabaseConnection();
//Get the current user's ID and details.
$memberID = LoginController::getLoggedInMemberID($dbConnection);
if ($memberID == null) {
header("Location: login.php");
exit;
} else {
if (isset($_GET['memberID'])) {
$viewMemberID = $_GET['memberID'];
} else {
$viewMemberID = $memberID;
}
if ($viewMemberID != null) {
$memberDetails = MemberDao::selectMemberDetails($viewMemberID);
//Encrypt the ID so it can be used for submissions.
$memberIDEncrypted = EncryptionUtilities::encryptString($viewMemberID);
if ($memberDetails != null && $memberIDEncrypted != null) {
if ($viewMemberID == $memberID) {
$editable = true;
}
$memberInstruments = MemberInstrumentController::getMemberInstruments($viewMemberID, false, $dbConnection);
$memberPurposes = MemberPurposeDao::selectMemberPurpose($viewMemberID, $dbConnection);
$memberGenres = MemberGenreDao::selectMemberGenres($viewMemberID, $dbConnection);
$processed = true;
} else {
$errorCode = 1;
}
}
}
} catch (Exception $ex) {
$processed = false;
public function processBandMemberSecurityCheck($memberID, $inputMemberID, $encryptedID, $bandID, $key)
{
$valid = false;
try {
if ($memberID != null && $inputMemberID != null && $encryptedID != null && $bandID != null && $key != null) {
//Check that the submitted ID matches the value currently logged into Facebook.
if ($inputMemberID == $memberID) {
if (EncryptionUtilities::checkStringMatchesHash($memberID, $encryptedID)) {
if (EncryptionUtilities::checkStringMatchesHash($bandID . $memberID, $key)) {
$valid = true;
}
}
}
}
} catch (Exception $ex) {
$valid = false;
echo 'processSecurityCheck exception: ' . $ex->getMessage();
}
return $valid;
}
<?php
require_once "../config.php";
require_once $config->getIncludeURL(Config::INCLUDES_PATH, "common_includes.php.inc");
require_once $config->getIncludeURL(Config::INCLUDES_PATH, "controllers%member_submission_controller.php");
require_once $config->getIncludeURL(Config::INCLUDES_PATH, "daos%member_submission_dao.php");
require_once $config->getIncludeURL(Config::INCLUDES_PATH, "captcha%recaptchalib.php");
$dbConnection = null;
$memberID = null;
$error = false;
$errorCode = 0;
try {
$memberID = LoginController::getLoggedInMemberID($dbConnection);
if ($memberID != null) {
if (isset($_POST["memberKey"]) && isset($_POST["recaptcha_challenge_field"]) && isset($_POST["recaptcha_response_field"])) {
$resp = recaptcha_check_answer(SiteConstants::CAPTCH_PRIVATE_KEY, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
if (EncryptionUtilities::checkStringMatchesHash($memberID, $_POST["memberKey"])) {
//Output submission key.
echo MemberSubmissionController::generateSubmissionKey($memberID, $dbConnection);
}
}
}
}
} catch (Exception $ex) {
//Do nothing, no information is output on error.
}
$dbConnection = null;
