public function processMemberViewSecurityCheck($inputMemberID, $encryptedID) { $valid = false; try { if (EncryptionUtilities::checkStringMatchesHash($inputMemberID, $encryptedID)) { $valid = true; } } catch (Exception $ex) { $valid = false; echo 'Caught exception: ', $ex->getMessage(), "\n"; } return $valid; }
public function processBandViewSecurityCheck($memberID, $bandID, $key) { $valid = false; try { if ($memberID != null && $bandID != null && $key != null) { if (EncryptionUtilities::checkStringMatchesHash($bandID . $memberID, $key)) { $valid = true; } } } catch (Exception $ex) { $valid = false; echo 'Caught exception: ', $ex->getMessage(), "\n"; } return $valid; }
public function generateSubmissionKey($memberID, $dbConnection = null) { $returnValue = null; try { $memberKey = rand(1000, 9999) . $memberID . time(); $submissionKey = EncryptionUtilities::encryptString($memberKey); if ($submissionKey != null) { if (MemberSubmissionDao::insertMemberSubmission($memberID, $submissionKey, $dbConnection)) { $returnValue = trim($submissionKey); } } } catch (Exception $ex) { $returnValue = null; } return $returnValue; }
public function processAdvertisementPositionSecurityCheck($memberID, $inputMemberID, $encryptedID) { $valid = false; try { if ($inputMemberID != null && $encryptedID != null) { //Check that the submitted ID matches the value currently logged into Facebook. if ($inputMemberID == $memberID) { if (EncryptionUtilities::checkStringMatchesHash($memberID, $encryptedID)) { $valid = true; } } } } catch (Exception $ex) { $valid = false; echo 'Caught exception: ', $ex->getMessage(), "\n"; } return $valid; }
$dbConnection = DatabaseUtilities::getDatabaseConnection(); //Get the current user's ID and details. $memberID = LoginController::getLoggedInMemberID($dbConnection); if ($memberID == null) { header("Location: login.php"); exit; } else { if (isset($_GET['memberID'])) { $viewMemberID = $_GET['memberID']; } else { $viewMemberID = $memberID; } if ($viewMemberID != null) { $memberDetails = MemberDao::selectMemberDetails($viewMemberID); //Encrypt the ID so it can be used for submissions. $memberIDEncrypted = EncryptionUtilities::encryptString($viewMemberID); if ($memberDetails != null && $memberIDEncrypted != null) { if ($viewMemberID == $memberID) { $editable = true; } $memberInstruments = MemberInstrumentController::getMemberInstruments($viewMemberID, false, $dbConnection); $memberPurposes = MemberPurposeDao::selectMemberPurpose($viewMemberID, $dbConnection); $memberGenres = MemberGenreDao::selectMemberGenres($viewMemberID, $dbConnection); $processed = true; } else { $errorCode = 1; } } } } catch (Exception $ex) { $processed = false;
public function processBandMemberSecurityCheck($memberID, $inputMemberID, $encryptedID, $bandID, $key) { $valid = false; try { if ($memberID != null && $inputMemberID != null && $encryptedID != null && $bandID != null && $key != null) { //Check that the submitted ID matches the value currently logged into Facebook. if ($inputMemberID == $memberID) { if (EncryptionUtilities::checkStringMatchesHash($memberID, $encryptedID)) { if (EncryptionUtilities::checkStringMatchesHash($bandID . $memberID, $key)) { $valid = true; } } } } } catch (Exception $ex) { $valid = false; echo 'processSecurityCheck exception: ' . $ex->getMessage(); } return $valid; }
<?php require_once "../config.php"; require_once $config->getIncludeURL(Config::INCLUDES_PATH, "common_includes.php.inc"); require_once $config->getIncludeURL(Config::INCLUDES_PATH, "controllers%member_submission_controller.php"); require_once $config->getIncludeURL(Config::INCLUDES_PATH, "daos%member_submission_dao.php"); require_once $config->getIncludeURL(Config::INCLUDES_PATH, "captcha%recaptchalib.php"); $dbConnection = null; $memberID = null; $error = false; $errorCode = 0; try { $memberID = LoginController::getLoggedInMemberID($dbConnection); if ($memberID != null) { if (isset($_POST["memberKey"]) && isset($_POST["recaptcha_challenge_field"]) && isset($_POST["recaptcha_response_field"])) { $resp = recaptcha_check_answer(SiteConstants::CAPTCH_PRIVATE_KEY, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { if (EncryptionUtilities::checkStringMatchesHash($memberID, $_POST["memberKey"])) { //Output submission key. echo MemberSubmissionController::generateSubmissionKey($memberID, $dbConnection); } } } } } catch (Exception $ex) { //Do nothing, no information is output on error. } $dbConnection = null;