protected function array_keys_exist(array $needles, array $haystack) { if (defined('STRICT_TYPES') && CAMEL_CASE == '1') { return (bool) self::parameters(['needles' => DT::TYPE_ARRAY, 'haystack' => DT::TYPE_ARRAY])->call(__FUNCTION__)->with($needles, $haystack)->returning(DT::BOOL); } else { return (bool) array_keys_exist($needles, $haystack); } }
/** * Add Member resource. */ public function add_member() { // Only allow POST Requests $this->_check_method('POST'); // Check that we got any POST-data if (!($post = $this->input->post())) { $this->_status(400); // Bad Request } // Require X-Email/Password auth. $this->_check_authentication(); // Remove all POST fields that we don't want. $post = $this->_filter_member($post); // Check after required fields if (!array_keys_exist($this->required_member_fields, $post)) { // ... we're missing some fields! $this->_status(400); // Bad Request } // Check if e-mail already is registered (try to get_member) $result = $this->Member_model->get_member('email', $post['email']); if ($result) { // User already exists, abort! $this->_status(409); // Conflict } // Validate and normalize all POST fields. $post = $this->_control_fields($post); // Something failed or was wrong... // ToDo: Return WHAT was wrong. if (!$post) { $this->_status(400); // Bad request } // Save to database $result = $this->Member_model->add_member($post); if (!$result) { $this->_status(400); // Bad request } // Get new member object $member_id = $this->db->insert_id(); $member = $this->Member_model->get_member($member_id); // Unset password-fields unset($member->password, $member->reset_token, $member->reset_expire); // Remove NULL and empty fields (incl. false). #$member = (object)array_filter((array)$member); // Return it! $this->_json_out($member); }
* Sets up the database, creates user, etc * * @todo use check_inputs everywhere! */ if ($DB->connected) { $resp->notify('No need to install...', 'It is already done!'); } else { if (array_key_exists('install', $_POST) and is_array($_POST['install']) and array_keys_exist('root', 'head', 'site', $_POST['install'])) { $created_con = false; $root = (object) $_POST['install']['root']; $root->database = 'information_schema'; $head = (object) $_POST['install']['head']; $head->viewport = 'width=device-width, height=device-height'; $head->charset = 'UTF-8'; $site = (object) $_POST['install']['site']; if (array_key_exists('connect', $_POST['install']) and is_array($_POST['install']['connect']) and array_keys_exist('user', 'password', 'repeat', $_POST['install']['connect'])) { $con = (object) $_POST['install']['connect']; $con->database = $con->user; } else { $con = null; } if (isset($site->user) and is_email($site->user) and isset($root->user) and preg_match('/^\\w+$/', $root->user) and isset($site->password) and preg_match('/' . pattern('password') . '/', $site->password) and isset($site->repeat) and $site->repeat === $site->password and isset($head->title) and preg_match('/^[\\w- ]{5,}$/', $head->title) and isset($head->keywords) and preg_match('/^[\\w, -]+$/', $head->keywords) and isset($head->description) and preg_match('/^[\\w-,\\.\\?\\! ]{1,160}$/', $head->description) and isset($head->robots) and preg_match('/^(no)?follow, (no)?index$/i', $head->robots) and (isset($head->author_g_plus) and is_url($head->author_g_plus)) and isset($head->author) and preg_match('/^[\\w- ]{5,}$/', $head->author) and (is_null($head->rss) or empty($head->rss) or is_url($head->rss)) and (is_null($head->publisher) or empty($head->publisher) or is_url($head->publisher)) and (is_null($head->google_analytics_code) or empty($head->google_analytics_code) or preg_match('/^[A-z]{2}-[A-z\\d]{8}-\\d$/', $head->google_analytics_code)) and (is_null($head->author) or empty($head->author) or preg_match('/^[\\w- ]{5,}$/', $head->author)) and (is_null($con) or preg_match('/' . pattern('password') . '/', $con->password) and $con->password === $con->repeat and !file_exists(BASE . '/config/connect.ini'))) { $pdo = new \shgysk8zer0\Core\PDO($root); if ($pdo->connected) { if (is_object($con)) { $config_dir = BASE . DIRECTORY_SEPARATOR . 'config'; if (is_writable($config_dir)) { file_put_contents($config_dir . DIRECTORY_SEPARATOR . 'connect.json', json_encode(['user' => $con->user, 'password' => $con->password, 'database' => $con->user], JSON_PRETTY_PRINT)); } else { $resp->notify('Could not save database connection settings to file', 'Make sure that config/ is writable'); exit($resp);
function html_include_css($script_filepath, $media = 'screen', $id = null) { $path_parts = path_info_query($script_filepath); if (!array_keys_exist($path_parts, 'basename', 'filename', 'extension', 'dirname')) { return null; } if (!isset($path_parts['query'])) { $path_parts['query'] = null; } if (forum_get_setting('use_minified_scripts', 'Y')) { $path_parts['basename'] = sprintf('%s.min.%s', $path_parts['filename'], $path_parts['extension']); } $path_parts['query'] = html_query_string_add($path_parts['query'], 'version', BEEHIVE_VERSION, '&'); $script_filepath = rtrim($path_parts['dirname'], '/') . '/' . $path_parts['basename'] . '?' . $path_parts['query']; return sprintf("<link rel=\"stylesheet\" href=\"%s\" type=\"text/css\" media=\"%s\"%s />\n", htmlentities_array($script_filepath), htmlentities_array($media), isset($id) ? sprintf(" id=\"%s\"", htmlentities_array($id)) : ''); }
function html_include_css($script_filepath, $media = 'screen') { $path_parts = path_info_query($script_filepath); if (!array_keys_exist($path_parts, 'basename', 'filename', 'extension', 'dirname')) { return; } if (forum_get_setting('use_minified_scripts', 'Y')) { $path_parts['basename'] = sprintf('%s.min.%s', $path_parts['filename'], $path_parts['extension']); } $script_filepath = "{$path_parts['dirname']}/{$path_parts['basename']}"; $script_filepath .= isset($path_parts['query']) ? "?{$path_parts['query']}" : ''; printf("<link rel=\"stylesheet\" href=\"%s\" type=\"text/css\" media=\"%s\" />\n", $script_filepath, $media); }
<?php try { require "./db.php"; $REQUEST = get_request_data(); $dbh = open_db(); $dbh->beginTransaction(); if (!array_keys_exist(array('cohortid', 'userid1', 'userid2', 'desc'), $REQUEST)) { throw new Exception("Insufficient \$REQUEST arguments"); } $datestring = date("Y-m-d"); $cohortid = $REQUEST['cohortid']; $userid1 = min($REQUEST['userid1'], $REQUEST['userid2']); $userid2 = max($REQUEST['userid1'], $REQUEST['userid2']); if ($userid1 == $userid2) { throw new Exception('Cannot settle with yourself'); } $userid_enterer = $_COOKIE['user']['userid']; print_sql($sql = "SELECT * FROM balance WHERE userid_from={$userid1} AND userid_to={$userid2} AND cohortid={$cohortid}"); if (($res = $dbh->query($sql, PDO::FETCH_ASSOC)) == false) { throw new Exception("Could not select balance"); } $balance = $res->fetch(); $amount = $balance['amount']; if ($amount < 0.0) { $userid_payer = $balance['userid_from']; $userid_payee = $balance['userid_to']; } elseif ($amount > 0.0) { $userid_payer = $balance['userid_to']; $userid_payee = $balance['userid_from']; } else {
return false; } } return true; } list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); $repository = Settings::getRepository(); //Validate User if (!array_keys_exist(array('PHP_AUTH_USER', 'PHP_AUTH_PW'), $_SERVER) || $repository->hasUsers() && !$repository->isValidUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="Users"'); header('HTTP/1.0 401 Unauthorized'); echo 'HTTP/1.0 401 Unauthorized'; exit; } //Save if changed if (!empty($_REQUEST['Commit']) && array_keys_exist(array('username', 'password'), $_REQUEST)) { $user = new User(); $user->name = $_REQUEST['username']; $user->password = $_REQUEST['password']; $user->active = isset($_REQUEST['active']) && $_REQUEST['active'] == 'on'; $success = $repository->save($user); if (!$success) { //Todo: show error messages or exceptions } } $criteria = new UserCriteria(); $criteria->name[] = $_REQUEST['name']; $user = $repository->find($criteria); if (count($user) < 1) { $user = $user[0]; } else {
//////////////////////////////////////////////////////////////////////////////// // rudimentary error checking -- improve this section (or do it in javascript?) if (!array_keys_exist(array('date', 'cohortid', 'whopaid', 'location', 'desc', 'amount', 'iou'), $REQUEST)) { throw new Exception("Insufficient \$REQUEST arguments"); } if (($date = strtotime($REQUEST["date"])) === false) { throw new Exception("Invalid date {$REQUEST["date"]}"); } if (!empty($REQUEST["amount"]) && !is_numeric($REQUEST["amount"])) { throw new Exception("Invalid amount {$REQUEST["amount"]}"); } if (!is_array($REQUEST['iou']) || count($REQUEST['iou']) == 0) { throw new Exception("Invalid list of IOUs {$REQUEST["iou"]}"); } foreach ($REQUEST['iou'] as $iou) { if (!is_array($iou) || !array_keys_exist(array('amount', 'userid'), $iou)) { throw new Exception("Invalid iou entry {$iou}"); } elseif ($iou['amount'] != "" && !is_numeric($iou['amount'])) { throw new Exception("Invalid iou amount {$iou["amount"]} for id {$iou["userid"]}"); } } // if ($debug) echo("<p>Updating the database:</p>"); //////////////////////////////////////////////////////////////////////////////// // find the location specified by the user $locationId = 1; // Location is off for now, save all as the empty location. if (false) { //Remove this to re-enable locations! print_sql($sql = "SELECT count(*) FROM location WHERE name LIKE \"%{$REQUEST["location"]}%\""); if (($res = $dbh->query($sql)) == false) { throw new Exception("Could not select from location table");
return false; } } return true; } list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); $repository = Settings::getRepository(); //Validate User if (!array_keys_exist(array('PHP_AUTH_USER', 'PHP_AUTH_PW'), $_SERVER) || !$repository->isValidUser($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) { header('WWW-Authenticate: Basic realm="Editor"'); header('HTTP/1.0 401 Unauthorized'); echo 'HTTP/1.0 401 Unauthorized'; exit; } //Save if changed if (!empty($_REQUEST['Commit']) && array_keys_exist(array('name', 'mimetype', 'data'), $_REQUEST)) { $newData = new Page(); $newData->name = $_REQUEST['name']; $newData->type = !empty($_FILES['filedata']['type']) ? $_FILES['filedata']['type'] : $_REQUEST['mimetype']; $newData->value = $_REQUEST['data']; $newData->active = array_key_exists('active', $_REQUEST) && $_REQUEST['active'] == 'on'; $newData->username = $_SERVER['PHP_AUTH_USER']; $newData->isBinary = !empty($_FILES['filedata']) && !empty($_FILES['filedata']['tmp_name']); $success = $repository->save($newData); if ($success) { if (!empty($_FILES['filedata']) && !empty($_FILES['filedata']['tmp_name'])) { $binaryRepository = Settings::getBinaryDataRepository(); $success = $binaryRepository->save($_REQUEST['name'], $_FILES['filedata']['tmp_name']); } } if (!$success) {
} die('{"title":"'.$_GET['introtitle'].'", "text":"'.addcslashes(Markdown($_GET['introtext']),"\"\r\n").'"}'); case 'editabout': $text = sqlite_escape_string($_GET['abouttext']); $title = sqlite_escape_string($_GET['abouttitle']); $queries[] = "UPDATE config SET value='{$text}' WHERE opt='aboutme'"; $queries[] = "UPDATE config SET value='{$title}' WHERE opt='lang_about'"; foreach ($queries AS $sql) { sqlite_exec($db, $sql) or die('{}'); } die('{"title":"'.$_GET['abouttitle'].'", "text":"'.addcslashes(Markdown($_GET['abouttext']),"\"\r\n").'"}'); break; case 'editsong': if (!array_keys_exist(array('songartist','songtitle','songdesc','songid'), $_GET)) die('{}'); $artist = sqlite_escape_string($_GET['songartist']); $title = sqlite_escape_string($_GET['songtitle']); $desc = sqlite_escape_string($_GET['songdesc']); $id = sqlite_escape_string($_GET['songid']); $query = "UPDATE songs SET artist='{$artist}', title='{$title}', descr='{$desc}' WHERE id='{$id}'"; sqlite_exec($db, $query) or die('{}'); $query = "SELECT * FROM songs WHERE id='{$id}'"; $result = sqlite_query($db, $query) or die('{}'); $data = sqlite_fetch_array($result) or die('{}'); die('{"id":"'.$data['id'].'", "artist":"'.addslashes($data['artist']).'", "title":"'.addslashes($data['title']).'", "desc":"'.addcslashes(Markdown($data['descr']),"\"\r\n").'","url":"'.addslashes(encodeSource($_ENV['DATA_URL'] . $data['fname'])).'"}'); break; case 'getsongdescr': if (!array_key_exists('songid', $_GET)) die('{}');