<?php
//chdir(dirname(__DIR__));
//set_include_path('/var/www/valuation/ip/api/');
require_once 'vendor/JWT/JWT.php';
require_once 'lib/password.php';
require_once 'lib/Request.php';
require_once 'config/Config.php';
require_once 'lib/DbUtils.php';
use IP\Request;
use IP\Config;
use IP\DbUtils as DB;
$request = new Request();
$db = new DB();
$request->setAccessHeader();
if ($request->handleOptions()) {
error_log('Option request. Exit...', 0);
exit;
}
if (!$request->isPOST()) {
error_log('Only POST method allowed', 0);
header('HTTP/1.0 405 Method Not Allowed');
exit;
}
$input = $request->getJSON();
/*
* Simple sanitization
*/
//$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
//$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
$username = $input->username;
/**
* @ignore
* @param Request $request
* @param array $options
* @param bool $subrequest
* @return Response\Json|Response\PageNotFound|Response\Redirect
* @throws Exception
* @ignore
*/
public function _handleOnlyRequest(\Ip\Request $request, $options = array(), $subrequest = true)
{
if (empty($options['skipInitEvents'])) {
\Ip\ServiceLocator::dispatcher()->_bindApplicationEvents();
}
$result = ipJob('ipRouteLanguage', array('request' => $request, 'relativeUri' => $request->getRelativePath()));
if ($result) {
$requestLanguage = $result['language'];
$routeLanguage = $requestLanguage->getCode();
ipRequest()->_setRoutePath($result['relativeUri']);
} else {
$routeLanguage = null;
$requestLanguage = ipJob('ipRequestLanguage', array('request' => $request));
ipRequest()->_setRoutePath($request->getRelativePath());
}
//find out and set locale
$locale = $requestLanguage->getCode();
if (strlen($locale) == '2') {
$locale = strtolower($locale) . '_' . strtoupper($locale);
} else {
$locale = str_replace('-', '_', $locale);
}
$locale .= '.utf8';
if ($locale == "tr_TR.utf8" && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION < 5)) {
//Overcoming this bug https://bugs.php.net/bug.php?id=18556
setlocale(LC_COLLATE, $locale);
setlocale(LC_MONETARY, $locale);
setlocale(LC_NUMERIC, $locale);
setlocale(LC_TIME, $locale);
setlocale(LC_MESSAGES, $locale);
setlocale(LC_CTYPE, "en_US.utf8");
} else {
setLocale(LC_ALL, $locale);
}
setlocale(LC_NUMERIC, "C");
//user standard C syntax for numbers. Otherwise you will get funny things with when autogenerating CSS, etc.
ipContent()->_setCurrentLanguage($requestLanguage);
$_SESSION['ipLastLanguageId'] = $requestLanguage->getId();
if (empty($options['skipTranslationsInit'])) {
if (!empty($options['translationsLanguageCode'])) {
$languageCode = $options['translationsLanguageCode'];
} else {
$languageCode = $requestLanguage->getCode();
}
$this->initTranslations($languageCode);
}
if (empty($options['skipModuleInit'])) {
$this->modulesInit();
}
ipEvent('ipInitFinished');
$routeAction = ipJob('ipRouteAction', array('request' => $request, 'relativeUri' => ipRequest()->getRoutePath(), 'routeLanguage' => $routeLanguage));
if (!empty($routeAction)) {
if (!empty($routeAction['page'])) {
ipContent()->_setCurrentPage($routeAction['page']);
}
if (!empty($routeAction['environment'])) {
ipRoute()->setEnvironment($routeAction['environment']);
} else {
if (!empty($routeAction['controller']) && $routeAction['controller'] == 'AdminController') {
ipRoute()->setEnvironment(\Ip\Route::ENVIRONMENT_ADMIN);
} else {
ipRoute()->setEnvironment(\Ip\Route::ENVIRONMENT_PUBLIC);
}
}
if (!empty($routeAction['controller'])) {
ipRoute()->setController($routeAction['controller']);
}
if (!empty($routeAction['plugin'])) {
ipRoute()->setPlugin($routeAction['plugin']);
}
if (!empty($routeAction['name'])) {
ipRoute()->setName($routeAction['name']);
}
if (!empty($routeAction['action'])) {
ipRoute()->setAction($routeAction['action']);
}
}
//check for CSRF attack
if (empty($options['skipCsrfCheck']) && $request->isPost() && $request->getPost('securityToken') != $this->getSecurityToken() && (empty($routeAction['controller']) || $routeAction['controller'] != 'PublicController')) {
ipLog()->error('Core.possibleCsrfAttack', array('post' => ipRequest()->getPost()));
$data = array('status' => 'error');
if (ipConfig()->isDevelopmentEnvironment()) {
$data['errors'] = array('securityToken' => __('Possible CSRF attack. Please pass correct securityToken.', 'Ip-admin'));
}
// TODO JSONRPC
return new \Ip\Response\Json($data);
}
if (empty($routeAction)) {
$routeAction = array('plugin' => 'Core', 'controller' => 'PublicController', 'action' => 'pageNotFound');
}
$eventInfo = $routeAction;
if (!empty($routeAction['plugin'])) {
$plugin = $routeAction['plugin'];
$controller = $routeAction['controller'];
if (in_array($plugin, \Ip\Internal\Plugins\Model::getModules())) {
$controllerClass = 'Ip\\Internal\\' . $plugin . '\\' . $controller;
} else {
if (!in_array($plugin, \Ip\Internal\Plugins\Service::getActivePluginNames())) {
throw new \Ip\Exception("Plugin '" . esc($plugin) . "' doesn't exist or isn't activated.");
}
$controllerClass = 'Plugin\\' . $plugin . '\\' . $controller;
}
if (!class_exists($controllerClass)) {
throw new \Ip\Exception('Requested controller doesn\'t exist. ' . esc($controllerClass));
}
// check if user is logged in
if ($controller == 'AdminController' && !\Ip\Internal\Admin\Backend::userId()) {
if (ipConfig()->get('rewritesDisabled')) {
return new \Ip\Response\Redirect(ipConfig()->baseUrl() . 'index.php/admin');
} else {
return new \Ip\Response\Redirect(ipConfig()->baseUrl() . 'admin');
}
}
if ($controller == 'AdminController') {
if (!ipAdminPermission($plugin)) {
throw new \Ip\Exception('User has no permission to access ' . esc($plugin) . '');
}
}
$eventInfo['controllerClass'] = $controllerClass;
$eventInfo['controllerType'] = $controller;
}
if (empty($eventInfo['page'])) {
$eventInfo['page'] = null;
}
// change layout if safe mode
if (\Ip\Internal\Admin\Service::isSafeMode()) {
ipSetLayout(ipFile('Ip/Internal/Admin/view/safeModeLayout.php'));
} else {
if ($eventInfo['page']) {
ipSetLayout($eventInfo['page']->getLayout());
}
}
ipEvent('ipBeforeController', $eventInfo);
$controllerAnswer = ipJob('ipExecuteController', $eventInfo);
return $controllerAnswer;
}
<?php
chdir(dirname(__DIR__));
require_once 'vendor/JWT/JWT.php';
require_once 'lib/Request.php';
require_once 'config/Config.php';
require_once 'lib/DbUtils.php';
use IP\Request;
use IP\DbUtils as DB;
$db = new DB();
$request = new Request();
error_log($request->getMethod());
$request->setAccessHeader();
if ($request->handleOptions()) {
error_log('Option request. Exit...', 0);
exit;
}
if (!$request->validate()) {
error_log('Validation failed. Not authorized!!');
exit;
}
$user = $request->getJSON();
error_log(json_encode($user));
$message = $db->updateProfile($user);
$output->message = $message;
header('Content-type: application/json');
echo json_encode($output);
<?php
chdir(dirname(__DIR__));
require_once 'vendor/JWT/JWT.php';
require_once 'lib/Request.php';
require_once 'config/Config.php';
require_once 'lib/DbUtils.php';
use IP\DbUtils as DB;
$db = new DB();
use IP\Request;
$request = new Request();
$request->setAccessHeader();
if ($request->handleOptions()) {
error_log('Option request. Exit...', 0);
exit;
}
if (!$request->validate()) {
error_log('Validation failed. Not authorized!!');
exit;
}
$input = $request->getJSON();
$key = $input->key;
$value = $input->value;
if ($key) {
$result = $db->updateConfig($key, $value);
} else {
$result = "Missing Key!!";
}
//$output->valuation = '1000020';
//error_log(json_encode($result));
header('Content-type: application/json');
<?php
require 'vendor/PHPExcel-1.8/Classes/PHPExcel.php';
require_once 'vendor/JWT/JWT.php';
require_once 'lib/Request.php';
require_once 'config/Config.php';
require_once 'lib/DbUtils.php';
use IP\DbUtils as DB;
$db = new DB();
use IP\Request;
$request = new Request();
$keys = array('idvaluation' => 'id', 'name' => 'Name', 'institute' => 'Institute', 'createdDate' => 'Created On', 'userName' => 'User Created', 'developedBy' => 'Developed By', 'contactEmail' => 'Email', 'contactMobile' => 'Mobile', 'technology' => 'Technology', 'techType' => 'Type', 'ipCategory' => 'IP Category', 'ipState' => 'IP State', 'valuationMethod' => 'Method', 'valuation' => 'Valuation', 'fxa' => 'Fixed costs specific to R&D', 'ifc' => 'Incremental Fixed Costs', 'ppm' => 'Price/Unit of Compiting Product', 'pp' => 'Product Price/Unit', 'svm' => 'Units Sold Annualy of Compiting Product', 'sv' => 'Sales Volume of Developed Product', 'rm' => 'Expected Revenue of Compiting Product', 'r' => 'Expected Revenue', 'p' => 'Expected Profits (%)', 'yr' => 'Expected Life of Technology', 'dr' => 'Discount Rate (%)', 'adc' => 'Administration Cost (yearly %)', 'it' => 'Income Tax (Per year %)', 'expectedGrowth' => 'Expected Sales Growth', 'g' => 'Growth Rate (%)', 'pricingStratagy' => 'Pricing Strategy', 'pr' => 'Pricing Factor (%)', 'd' => 'Depreciation rate (%)', 'oc' => 'R&D Expenses/year', 's' => 'Salary', 't' => 'Time spent on R&D (in months)', 'op' => 'No. of Outputs from R&D', 'oh' => 'Overheads (if any)', 'ry' => 'Royalty Rate (%)', 'opx' => 'Operating Expenses(%)', 'ifx' => 'Incremental Fixed Costs(%)', 'Cost Method' => 'Cost Method', 'Royalty Method' => 'Royalty Method', 'Profit Split Method' => 'Profit Split Method', 'Market Method' => 'Market Method', 'All' => 'All');
$request->setAccessHeader();
if ($request->handleOptions()) {
error_log('Option request. Exit...', 0);
exit;
}
$input = $request->getJSON();
$token = $input->id ? $input->id : $_GET['token'];
$userId = $input->userId ? $input->userId : $_GET['userId'];
//error_log($token);
$request->setHeader('Authorization', 'Bearer ' . $token);
if (!$request->validate()) {
echo 'You do not have permision to download this file!!!';
error_log('Validation failed. Not authorized!!');
exit;
}
$result = $db->getValuation($id, $userId);
$objPHPExcel = new PHPExcel();
// DEMO ONLY (potentially unsafe)
$objPHPExcel->setActiveSheetIndex(0);
<?php
chdir(dirname(__DIR__));
require_once 'vendor/JWT/JWT.php';
require_once 'lib/Request.php';
require_once 'config/Config.php';
require_once 'lib/DbUtils.php';
use IP\Request;
use IP\DbUtils as DB;
$db = new DB();
$request = new Request();
$request->setAccessHeader();
if ($request->handleOptions()) {
error_log('Option request. Exit...', 0);
exit;
}
$user = $request->getJSON();
$username = $user->username;
$password = $user->password;
if (!$request->validate(null, $username)) {
error_log('Validation failed. Not authorized!!');
exit;
}
try {
$rs = $db->getUser($username);
if ($rs) {
if (password_verify($password, $rs['password'])) {
$user->iduser = $rs['iduser'];
$message = $db->updatePassword($user);
} else {
$message = "Current password do not match!!!";
