function setNewProfileImage($get) { $conf = $get['hash']; $s = $get['secret']; $id = $get['dblink']; if (!empty($conf) && !empty($s) && !empty($id)) { $u = new UserFunctions(); if ($u->validateUser($id, $conf, $s)) { $result = $u->setUserPicture($get); if (!is_array($result)) { $result = array('status' => false, 'error' => 'Invalid server response setting image', 'human_error' => 'There was a server error setting your image', 'app_error_code' => 121); } return $result; } else { return array('status' => false, 'error' => 'Invalid user', 'human_error' => 'The app could not authorize you to the server', 'app_error_code' => 106); } } $emptyState = array('hash' => $conf, 'secret' => $s, 'userid' => $id, 'provided' => $get); return array('status' => false, 'error' => 'One or more required fields were left blank', 'human_error' => 'There was a problem communicating with the server', 'app_error_code' => 107, 'details' => $emptyState); }
require_once dirname(__FILE__) . '/core/core.php'; require_once dirname(__FILE__) . '/handlers/login_functions.php'; $xml = new Xml(); $user = new UserFunctions(); if ($debug) { /*if($r===true) echo "<p>(Database OK)</p>"; else echo "<p>(Database Error - ' $r ')</p>";*/ echo "<p>Visiting {$baseurl} on '{$shorturl}' with a human domain '{$domain}'</p>"; echo displayDebug($_REQUEST); echo "<p>" . displayDebug(DBHelper::staticSanitize('*****@*****.**')) . "</p>"; $xkcd_check = "Robert'); DROP TABLE Students;--"; // https://xkcd.com/327/ echo "<p>" . displayDebug(DBHelper::staticSanitize($xkcd_check)) . "</p>"; // This should have escaped code echo "<p>User Validation:</p>"; echo displayDebug($user->validateUser($_COOKIE[$cookielink], null, null, true)); echo displayDebug($_COOKIE[$cookielink]); echo displayDebug($_COOKIE); echo "</div>"; } $login_output = ""; if ($_REQUEST['q'] == 'logout') { setcookie($cookieuser, false, time() - 3600 * 24 * 365, '/'); setcookie($cookieperson, false, time() - 3600 * 24 * 365, '/'); setcookie($cookieauth, false, time() - 3600 * 24 * 365, '/'); setcookie($cookiekey, false, time() - 3600 * 24 * 365, '/'); setcookie($cookiepic, false, time() - 3600 * 24 * 365, '/'); // do JS cookie wipe too $deferredJS .= "\n\$.removeCookie('{$cookieuser}',{path:'/'});"; $deferredJS .= "\n\$.removeCookie('{$cookieperson}',{path:'/'});"; $deferredJS .= "\n\$.removeCookie('{$cookieauth}',{path:'/'});";
<div> <h3>Test Hash</h3> <p>You can check to ensure the proper functioning of the hashing here. Please note these passwords in the next field are plaintext.</p> <form action='?t=hash' method='post'> <input type='email' name='user' placeholder='username'/><br/> <input type='text' name='pw_base' placeholder='pass'/><br/> <input type='submit'/> </form> </div> <div> <h3>Test Safe Write</h3> <p>You can check to ensure the proper functioning of the writing to the user database here..</p> <?php try { $u = new UserFunctions(); if ($u->validateUser()) { $select = "<select name='col'>"; foreach ($db_cols as $col => $type) { if ($col != 'username' && $col != 'password' && $col != 'auth_key') { $select .= "<option value='{$col}'>{$col}</option>"; } } $select .= "</select>"; ?> <form action='?t=write' method='post'> <input type='text' name='data' placeholder='Data to save'/><br/> <?php echo $select; ?> <br/> <input type='submit'/>