<input type='text' name='data' placeholder='Data to save'/><br/>
<?php
echo $select;
?>
<br/>
<input type='submit'/>
</form>
<?php
} else {
echo "Please log in above to test this.";
}
} catch (Exception $e) {
echo "You've not logged in. Please log in above to test this.";
}
if ($_REQUEST['t'] == 'write') {
echo displayDebug($u->writeToUser($_POST['data'], $_POST['col']));
}
?>
</div>
<div>
<h3>Show User Data</h3>
<?php
try {
if ($u->validateUser()) {
?>
<form action='?t=show' method='post'>
<p>User: <?php
echo $_COOKIE[$cookieuser];
?>
</p>
<input type='password' name='pw' placeholder='password'/><br/>
function saveToUser($get)
{
/***
* These are OK to pass with plaintext, they'll change with a different device anyway (non-persistent).
* Worst-case scenario it only exposes public function calls. Sensitive things will need explicit revalidation.
***/
$conf = $get['hash'];
$s = $get['secret'];
$id = $get['dblink'];
$replace = boolstr($get['replace']);
/***
* These fields can only be written to from directly inside of a script, rather than an AJAX call.
***/
$protected_fields = array('username', 'password', 'admin_flag', 'su_flag', 'private_key', 'public_key', 'creation', 'dblink', 'secret', 'emergency_code');
if (!empty($conf) && !empty($s) && !empty($id) && !empty($get['data']) && !empty($get['col'])) {
$u = new UserFunctions();
if ($u->validateUser($id, $conf, $s)) {
// Yes, writeToUser looks up the validation again, but it is a more robust feedback like this
// Could pass in $get for validation data, but let's be more limited
$val = array('dblink' => $id, 'hash' => $conf, 'secret' => $s);
$data = decode64($get['data']);
$col = decode64($get['col']);
if (empty($data) || empty($col)) {
return array('status' => false, 'error' => 'Invalid data format (required valid base64 data)');
}
// User safety
if (in_array($col, $protected_fields, true)) {
return array('status' => false, 'error' => 'Cannot write to $col : protected field');
}
return $u->writeToUser($data, $col, $val);
} else {
return array('status' => false, 'error' => 'Invalid user');
}
}
return array('status' => false, 'error' => 'One or more required fields were left blank');
}
function updateOwnProfile($get, $col = "public_profile")
{
/***
* Update the self-profile of a user
*
*
*
***/
# Verify the JSON integrity of the file
$structuredData = smart_decode64($get["data"]);
if (!is_array($structuredData)) {
$raw = base64_decode($get["data"]);
$structuredData = json_decode($raw, true);
}
//check nullness objectness etc
if (!is_array($structuredData)) {
return array("status" => false, "error" => "BAD_DATA", "human_error" => "Provided data should be a Base-64 representation of a JSON object.", "provided" => $get);
}
# Check required keys
$requiredKeys = array("place", "social", "privacy", "profile");
foreach ($requiredKeys as $key) {
if (!array_key_exists($key, $structuredData)) {
return array("status" => false, "error" => "MISSING_REQUIRED_KEY", "human_error" => "Required key '{$key}' cannot be found in the posted dataset", "provided" => $get);
}
}
$jsonOptions = JSON_NUMERIC_CHECK | JSON_HEX_QUOT | JSON_HEX_APOS;
$data = json_encode($structuredData, $jsonOptions);
$u = new UserFunctions();
# We'll use writeToUser and use default cookie-based validation.
#return $structuredData;
$writeResult = $u->writeToUser($data, $col);
$rStatus = $writeResult["status"];
if (!is_bool($rStatus)) {
$rStatus = false;
}
$response = array("status" => $rStatus, "write_response" => $writeResult, "provided" => array("raw" => $get["data"], "decoded" => $structuredData));
return $response;
}
