Esempio n. 1
0
function addKey()
{
    $db_connection = createDatabaseConnection();
    $pid = '0';
    $keyName = $_POST['keyName'];
    $keyID = $_POST['keyID'];
    $vCode = $_POST['vCode'];
    $keyXML = getAPIInfo($keyID, $vCode);
    if ($keyXML !== '') {
        $uniquepid = false;
        while (!$uniquepid) {
            $pid = createRandomString();
            $pidcheck = 'SELECT apikey_pid FROM apikeys WHERE apikey_pid=\'' . $pid . '\';';
            $others = 0;
            foreach ($db_connection->query($pidcheck) as $row) {
                $others++;
            }
            if ($others === 0) {
                $uniquepid = true;
            }
        }
        setAllKeysInactive();
        $keyType = getAPIType($keyXML);
        $isActive = 1;
        $sql = 'INSERT INTO apikeys (apikey_pid,user_name,apikey_name,apikey_keyid,apikey_vcode,apikey_type,apikey_isactive) VALUES (\'' . $pid . '\',\'' . $_SESSION['user_name'] . '\',\'' . $keyName . '\',\'' . $keyID . '\',\'' . $vCode . '\',\'' . $keyType . '\',\'' . $isActive . '\');';
        $db_connection->exec($sql);
        $_SESSION['keyID'] = $keyID;
        $_SESSION['vCode'] = $vCode;
        $_SESSION['selectedCharacter'] = 0;
    }
}
Esempio n. 2
0
 /**
  * Reset username dan password seluruh wilayah kerja.
  *
  * @param  string $working_area_id
  * @return array
  */
 private function createUserPass($working_area_id)
 {
     $username = createRandomString();
     $password = createRandomString();
     $wkName = DB::table('working_area')->select(['working_area_name'])->where('id', '=', $working_area_id)->value('working_area_name');
     DB::table('user')->where('working_area_id', $working_area_id)->update(['username' => $username, 'password' => Hash::make($password), 'enc_password' => Crypt::encrypt($password)]);
     return ['WKID' => $working_area_id, 'Working Area Name' => $wkName, 'Username' => $username, 'Password' => $password];
 }
Esempio n. 3
0
 public function initialise()
 {
     global $PRISM;
     if ($this->loadIniFile($this->cvars, FALSE)) {
         if ($this->cvars['debugMode'] & PRISM_DEBUG_CORE) {
             console('Loaded ' . $this->iniFile);
         }
     } else {
         $this->cvars['secToken'] = str_replace(array('"', '\'', ' '), '.', createRandomString(16));
         console('Using cvars defaults.');
         if ($this->createIniFile('PHPInSimMod Configuration Variables', array('prism' => &$this->cvars))) {
             console('Generated config/' . $this->iniFile);
         }
     }
     return true;
 }
function geodir_user_add_claim()
{
    global $wp_query, $post, $General, $wpdb, $plugin_prefix, $current_user;
    if (isset($_REQUEST['add_claim_nonce_field']) && isset($_REQUEST['geodir_pid']) && is_user_logged_in()) {
        if (!wp_verify_nonce($_REQUEST['add_claim_nonce_field'], 'add_claim_nonce' . $_REQUEST['geodir_pid'])) {
            return;
        }
        $list_id = $pid = $_POST['geodir_pid'];
        $claim_post = get_post($pid);
        if (isset($_POST['geodir_sendact']) && $_POST['geodir_sendact'] == 'add_claim') {
            $uid = $claim_post->post_author;
            $list_title = $claim_post->post_title;
            $user_id = $current_user->ID;
            $user_name = $current_user->user_login;
            $user_email = $current_user->user_email;
            $user_fullname = $_POST['geodir_full_name'];
            $user_number = $_POST['geodir_user_number'];
            $user_position = $_POST['geodir_user_position'];
            $user_comments = $_POST['geodir_user_comments'];
            $claim_date = date("F j, Y, g:i a");
            $org_author = get_the_author_meta('login', $uid);
            $org_authorid = $claim_post->post_author;
            $rand_string = createRandomString();
            $user_ip = getenv("REMOTE_ADDR");
            // Force to upgrade to complete claim listing
            $force_upgrade = geodir_claim_force_upgrade();
            $package_list = geodir_claim_payment_package_list($claim_post->post_type);
            if ($force_upgrade && !empty($package_list)) {
                $geodir_upgrade_pkg = isset($_POST['geodir_claim_pkg']) ? $_POST['geodir_claim_pkg'] : '';
                $package_info = geodir_get_package_info_by_id($geodir_upgrade_pkg);
                if (empty($package_info) || !$list_id) {
                    return;
                }
            }
            if ($_REQUEST['geodir_pid']) {
                $claimsql = $wpdb->prepare("INSERT INTO " . GEODIR_CLAIM_TABLE . " (list_id, list_title, user_id, user_name, user_email, user_fullname, user_number, user_position, user_comments, claim_date, org_author, org_authorid, rand_string, user_ip ) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s,%s, %s )", array($list_id, $list_title, $user_id, $user_name, $user_email, $user_fullname, $user_number, $user_position, $user_comments, $claim_date, $org_author, $org_authorid, $rand_string, $user_ip));
                $claim = $wpdb->query($claimsql);
                // Force to upgrade to complete claim listing
                if ($force_upgrade && !empty($package_list) && $claim && $wpdb->insert_id) {
                    if (!(double) $package_info->amount > 0) {
                        // Free price package plan
                        $upgrade_pkg_data = array();
                        $upgrade_pkg_data['post_id'] = $list_id;
                        $upgrade_pkg_data['package_id'] = $geodir_upgrade_pkg;
                        $upgrade_pkg_data['pid'] = $wpdb->insert_id;
                        $upgrade_pkg_data['date'] = date_i18n('Y-m-d H:i:s', time());
                        $upgrade_pkg_data['amount'] = $package_info->amount;
                        $upgrade_pkg_data['user_id'] = $user_id;
                        $upgrade_pkg_data['author_id'] = $org_authorid;
                        $upgrade_pkg_data = maybe_serialize($upgrade_pkg_data);
                        $sql = $wpdb->prepare("UPDATE " . GEODIR_CLAIM_TABLE . " SET `upgrade_pkg_id`=%d, `upgrade_pkg_data`=%s WHERE `pid`=%d", array($geodir_upgrade_pkg, $upgrade_pkg_data, $wpdb->insert_id));
                        $wpdb->query($sql);
                    }
                }
                geodir_adminEmail($list_id, $user_id, 'claim_requested');
                /* email to admin*/
                geodir_clientEmail($list_id, $user_id, 'claim_requested');
                /* email to client*/
            }
            if (get_option('geodir_claim_auto_approve') == 'yes') {
                geodir_clientEmail($list_id, $user_id, 'auto_claim', $rand_string);
                /* email to client*/
            }
            $postlink = get_permalink($claim_post->ID);
            $url = geodir_getlink($postlink, array('geodir_claim_request' => 'success'), false);
            wp_redirect($url);
        }
    } else {
        wp_redirect(home_url() . '/?geodir_signup=true');
        exit;
    }
}
Esempio n. 5
0
 public static function parseFile(HttpResponse &$_RESPONSE, $file, array $SERVER, array &$_GET, array &$_POST, array &$_COOKIE, array &$_FILES)
 {
     global $PRISM;
     // Restore session?
     if (isset($_COOKIE['PrismSession']) && isset(self::$sessions[$_COOKIE['PrismSession']]) && self::$sessions[$_COOKIE['PrismSession']][0] > time() && self::$sessions[$_COOKIE['PrismSession']][1] == $SERVER['REMOTE_ADDR']) {
         $_SESSION = self::$sessions[$_COOKIE['PrismSession']][2];
         // Sessions only last for one request. We rewrite it later on if needed.
         unset(self::$sessions[$_COOKIE['PrismSession']]);
     }
     // Change working dir to docRoot
     chdir($PRISM->http->getDocRoot());
     $prismScriptNameHash = md5($PRISM->http->getDocRoot() . $file);
     $prismScriptMTime = filemtime($PRISM->http->getDocRoot() . $file);
     clearstatcache();
     // Run script from cache?
     if (isset(self::$scriptCache[$prismScriptNameHash]) && self::$scriptCache[$prismScriptNameHash][0] == $prismScriptMTime) {
         ob_start();
         eval(self::$scriptCache[$prismScriptNameHash][1]);
         $html = ob_get_contents();
         ob_end_clean();
     } else {
         // Validate the php file
         $parseResult = validatePHPFile($PRISM->http->getDocRoot() . $file);
         if ($parseResult[0]) {
             // Run the script from disk
             $prismPhpScript = preg_replace(array('/^<\\?(php)?/', '/\\?>$/'), '', file_get_contents($PRISM->http->getDocRoot() . $file));
             ob_start();
             eval($prismPhpScript);
             $html = ob_get_contents();
             ob_end_clean();
             // Cache the php file
             self::$scriptCache[$prismScriptNameHash] = array($prismScriptMTime, $prismPhpScript);
         } else {
             $eol = "\r\n";
             $html = '<html>' . $eol;
             $html .= '<head><title>Error parsing page</title></head>' . $eol;
             $html .= '<body bgcolor="white">' . $eol;
             $html .= '<center><h4>' . implode("<br />\r\n", $parseResult[1]) . '</h4></center>' . $eol;
             $html .= '<hr><center>PRISM v' . PHPInSimMod::VERSION . '</center>' . $eol;
             $html .= '</body>' . $eol;
             $html .= '</html>' . $eol;
             unset(self::$scriptCache[$prismScriptNameHash]);
         }
     }
     // Should we store the session?
     if (isset($_SESSION) && $_SESSION != '') {
         $sessionID = sha1(createRandomString(128, RAND_BINARY) . time());
         self::$sessions[$sessionID] = array(time() + PRISM_SESSION_TIMEOUT, $SERVER['REMOTE_ADDR'], $_SESSION);
         $_RESPONSE->setCookie('PrismSession', $sessionID, time() + PRISM_SESSION_TIMEOUT, '/', $SERVER['SERVER_NAME']);
     } else {
         if (isset($_COOKIE['PrismSession'])) {
             $_RESPONSE->setCookie('PrismSession', '', 0, '/', $SERVER['SERVER_NAME']);
         }
     }
     unset($_SESSION);
     // Restore the working dir
     chdir(ROOTPATH);
     // Use compression?
     if ($html != '' && isset($SERVER['HTTP_ACCEPT_ENCODING'])) {
         $encoding = '';
         if (strpos($SERVER['HTTP_ACCEPT_ENCODING'], 'x-gzip') !== false) {
             $encoding = 'x-gzip';
         } else {
             if (strpos($SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false) {
                 $encoding = 'gzip';
             }
         }
         if ($encoding) {
             $_RESPONSE->addHeader('Content-Encoding: ' . $encoding);
             return gzencode($html, 1);
         } else {
             return $html;
         }
     } else {
         return $html;
     }
 }
Esempio n. 6
0
 public function handleInput(&$data, &$errNo)
 {
     // What is this? we're getting input while we're sending a reply?
     if ($this->sendFile) {
         $this->writeFileReset();
         $this->httpRequest = null;
     } else {
         if ($this->sendQLen > 0) {
             $this->sendQReset();
             $this->httpRequest = null;
         }
     }
     if (!$this->httpRequest) {
         $this->httpRequest = new HttpRequest();
     }
     // Pass the incoming data to the HttpRequest class, so it can handle it.
     if (!$this->httpRequest->handleInput($data)) {
         // An error was encountered while receiving the requst.
         // Send reply (unless 444, a special 'direct reject' code) and return false to close this connection.
         if ($this->httpRequest->errNo != 444) {
             $r = new HttpResponse('1.1', $this->httpRequest->errNo);
             $r->addBody($this->createErrorPage($this->httpRequest->errNo, $this->httpRequest->errStr));
             if ($this->httpRequest->errNo == 405) {
                 $r->addHeader('Allow: GET, POST, HEAD');
                 $r->addHeader('Access-Control-Allow-Methods: GET, POST, HEAD');
             }
             $this->write($r->getHeaders());
             $this->write($r->getBody());
             $this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
         } else {
             $this->logRequest(444, 0);
         }
         $errNo = $this->httpRequest->errNo;
         return false;
     }
     // If we have no headers, or we are busy with receiving.
     // Just return and wait for more data.
     if (!$this->httpRequest->hasHeaders || $this->httpRequest->isReceiving) {
         // We're still receiving the body of a request
         return true;
     }
     // Return true to just wait and try again later
     // At this point we have a fully qualified and parsed HttpRequest
     // The HttpRequest object contains all info about the headers / GET / POST / COOKIE / FILES
     // Just finalise it by adding some extra client info.
     $this->httpRequest->SERVER['REMOTE_ADDR'] = $this->ip;
     $this->httpRequest->SERVER['REMOTE_PORT'] = $this->port;
     $this->httpRequest->SERVER['SERVER_ADDR'] = $this->localIP;
     $this->httpRequest->SERVER['SERVER_PORT'] = $this->localPort;
     $exp = explode(':', $this->httpRequest->headers['Host']);
     $this->httpRequest->SERVER['SERVER_NAME'] = $exp[0];
     $this->httpRequest->SERVER['HTTP_HOST'] = $this->httpRequest->headers['Host'];
     $this->httpRequest->SERVER['HTTP_USER_AGENT'] = isset($this->httpRequest->headers['User-Agent']) ? $this->httpRequest->headers['User-Agent'] : '';
     $this->httpRequest->SERVER['HTTP_ACCEPT'] = isset($this->httpRequest->headers['Accept']) ? $this->httpRequest->headers['Accept'] : '';
     $this->httpRequest->SERVER['HTTP_ACCEPT_LANGUAGE'] = isset($this->httpRequest->headers['Accept-Language']) ? $this->httpRequest->headers['Accept-Language'] : '';
     $this->httpRequest->SERVER['HTTP_ACCEPT_ENCODING'] = isset($this->httpRequest->headers['Accept-Encoding']) ? $this->httpRequest->headers['Accept-Encoding'] : '';
     $this->httpRequest->SERVER['HTTP_ACCEPT_CHARSET'] = isset($this->httpRequest->headers['Accept-Charset']) ? $this->httpRequest->headers['Accept-Charset'] : '';
     $this->httpRequest->SERVER['HTTP_CONNECTION'] = isset($this->httpRequest->headers['Connection']) ? $this->httpRequest->headers['Connection'] : '';
     $this->httpRequest->SERVER['HTTP_KEEP_ALIVE'] = isset($this->httpRequest->headers['Keep-Alive']) ? $this->httpRequest->headers['Keep-Alive'] : '';
     if (isset($this->httpRequest->headers['Referer'])) {
         $this->httpRequest->SERVER['HTTP_REFERER'] = $this->httpRequest->headers['Referer'];
     }
     if (isset($this->httpRequest->headers['Range'])) {
         $this->httpRequest->SERVER['HTTP_RANGE'] = $this->httpRequest->headers['Range'];
     }
     if (isset($this->httpRequest->headers['Cookie'])) {
         $this->httpRequest->SERVER['HTTP_COOKIE'] = $this->httpRequest->headers['Cookie'];
     }
     if (isset($this->httpRequest->headers['Authorization'])) {
         $this->httpRequest->SERVER['HTTP_AUTHORIZATION'] = $this->httpRequest->headers['Authorization'];
     }
     $this->httpRequest->SERVER['REQUEST_TIME'] = time();
     // Check if we have to match siteDomain
     if ($this->http->getSiteDomain() != '' && $this->http->getSiteDomain() != $this->httpRequest->SERVER['SERVER_NAME']) {
         $r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 404);
         $r->addBody($this->createErrorPage(404));
         $this->write($r->getHeaders());
         $this->write($r->getBody());
         $errNo = 404;
         $this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
         return false;
     }
     // HTTP Authorisation?
     if ($this->http->getHttpAuthPath() != '') {
         $scriptPath = pathinfo($this->httpRequest->SERVER['SCRIPT_NAME'], PATHINFO_DIRNAME);
         // Check if path must be auth'd and if HTTP_AUTHORIZATION header exists and if so, validate it
         if (isDirInDir($this->http->getHttpAuthPath(), $this->http->getDocRoot() . $scriptPath) && (!isset($this->httpRequest->SERVER['HTTP_AUTHORIZATION']) || !$this->validateAuthorization())) {
             // Not validated - send 401 Unauthorized
             do {
                 $nonce = createRandomString(17, RAND_HEX);
                 if (!$this->http->getNonceInfo($nonce)) {
                     break;
                 }
             } while (true);
             $opaque = $this->http->addNewNonce($nonce);
             $r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 401);
             if ($this->http->getHttpAuthType() == 'Digest') {
                 $r->addHeader('WWW-Authenticate: Digest realm="' . HTTP_AUTH_REALM . '", qop="auth", nonce="' . $nonce . '", opaque="' . $opaque . '"');
             } else {
                 $r->addHeader('WWW-Authenticate: Basic realm="' . HTTP_AUTH_REALM . '"');
             }
             $r->addBody($this->createErrorPage(401, '', true));
             $this->write($r->getHeaders());
             $this->write($r->getBody());
             $errNo = 401;
             $this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
             $this->httpRequest = null;
             return true;
             // we return true this time because we may stay connected
         }
     }
     //var_dump($this->httpRequest->headers);
     //var_dump($this->httpRequest->SERVER);
     //var_dump($this->httpRequest->GET);
     //var_dump($this->httpRequest->POST);
     //var_dump($this->httpRequest->COOKIE);
     // Rewrite script name? (keep it internal - don't rewrite SERVER header
     $scriptName = $this->httpRequest->SERVER['SCRIPT_NAME'] == '/' ? '/index.php' : $this->httpRequest->SERVER['SCRIPT_NAME'];
     if (file_exists($this->http->getDocRoot() . $scriptName)) {
         // Should we serve a file or pass the request to PHPParser for page generation?
         if (preg_match('/^.*\\.php$/', $scriptName)) {
             if ($this->httpRequest->SERVER['REQUEST_METHOD'] == 'HEAD') {
                 $r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 200);
                 $this->write($r->getHeaders());
             } else {
                 // 'Parse' the php file
                 $r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 200);
                 $html = PHPParser::parseFile($r, $scriptName, $this->httpRequest->SERVER, $this->httpRequest->GET, $this->httpRequest->POST, $this->httpRequest->COOKIE, $this->httpRequest->FILES);
                 $r->addBody($html);
                 $this->write($r->getHeaders());
                 $this->write($r->getBody());
             }
         } else {
             if (is_dir($this->http->getDocRoot() . $this->httpRequest->SERVER['SCRIPT_NAME'])) {
                 // 403 - not allowed to view folder contents
                 $r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 403);
                 $r->addBody($this->createErrorPage(403));
                 $this->write($r->getHeaders());
                 $this->write($r->getBody());
             } else {
                 // Send a file
                 if ($this->httpRequest->SERVER['REQUEST_METHOD'] == 'HEAD') {
                     $r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 200);
                     $this->write($r->getHeaders());
                 } else {
                     $r = $this->serveFile();
                 }
             }
         }
     } else {
         // 404
         $r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 404);
         $r->addBody($this->createErrorPage(404));
         $this->write($r->getHeaders());
         $this->write($r->getBody());
     }
     // log line
     $this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
     // Reset httpRequest
     $this->httpRequest = null;
     return true;
 }
Esempio n. 7
0
function sesCreateKey()
{
    $_SESSION['key'] = createRandomString(20);
    $_SESSION['keytime'] = time();
    $_SESSION['keyip'] = $_SERVER['REMOTE_ADDR'];
    return $_SESSION['key'];
}
Esempio n. 8
0
}
$type = $_POST['type'];
$value = null;
$uploaddir = "";
switch ($type) {
    case "image":
        $value = $_FILES['image-' . $_POST['number']];
        $uploaddir = BASEDIR . "media/image/";
        break;
    case "audio":
        $value = $_FILES['audio-' . $_POST['number']];
        $uploaddir = BASEDIR . "media/audio/";
        break;
    default:
        die("unsupported type <strong>{$type}</strong>");
}
if ($value['name'] == null || $value['name'] == "") {
    die("error: no name given");
}
$ext = pathinfo($value['name'], PATHINFO_EXTENSION);
$uploadFile = "";
$filename = "";
do {
    $filename = createRandomString(15);
    $uploadfile = $uploaddir . $filename . "." . $ext;
} while (file_exists($uploadFile));
if (move_uploaded_file($value['tmp_name'], $uploadfile)) {
    echo json_encode(array("result" => "SUCCESS", "type" => $type, "filename" => "{$filename}.{$ext}", "number" => $_POST['number']));
} else {
    echo json_encode(array("result" => "ERROR"));
}
Esempio n. 9
0
 public function __construct()
 {
     global $auth;
     global $PH;
     $this->children = array();
     /**
      * NOTE:
      * - adding the edit_request_time as form hidden field would
      *   cause additional entries in the from-handle file. So we
      *   add it as a none checked field.
      *
      */
     ### user might not be defined for anonymus pages like login
     if (isset($auth->cur_user)) {
         $this->add(new Form_HiddenField('edit_request_time', '', time()));
         $this->add(new Form_HiddenField('edit_request_token', '', createRandomString()));
     }
     $this->button_submit = __("Submit");
     parent::__construct();
 }
Esempio n. 10
0
        if ($old_bulk_num_coupons != $bulk_num_coupons) {
            $del_query_codes = "delete from toon_promo where `bulk_id`='{$bulk_id}'";
            mysql_query($del_query_codes);
            if ($bulk_num_coupons > 0) {
                for ($val = 1; $val <= $bulk_num_coupons; $val++) {
                    $coupon_code = createRandomString();
                    $sql_insert_promo_code = mysql_query("insert into `toon_promo` (`bulk_id`, `promo_code`, `promo_discount`,`promo_product_type`,`promo_start_date`,`promo_expiry`,`promo_isused`)values('{$bulk_id}', '{$coupon_code}','{$bulk_discount}','{$bulk_pdt_type}','{$bulk_start_date}', '{$bulk_end_date}', '0')");
                }
            }
        }
    } else {
        $sql_insert_promo_bulk = mysql_query("insert into `toon_promo_bulk` (`bulk_title`, `bulk_count`)values('{$bulk_title}','{$bulk_num_coupons}')");
        $bulk_id = mysql_insert_id();
        if ($bulk_num_coupons > 0) {
            for ($val = 1; $val <= $bulk_num_coupons; $val++) {
                $coupon_code = createRandomString();
                $sql_insert_promo = mysql_query("insert into `toon_promo` (`bulk_id`,`promo_code`, `promo_discount`,`promo_product_type`,`promo_start_date`,`promo_expiry`,`promo_isused`)values('{$bulk_id}', '{$coupon_code}','{$bulk_discount}','{$bulk_pdt_type}','{$bulk_start_date}', '{$bulk_end_date}', '0')");
            }
        }
    }
    header("Location:bulk_coupons.php");
}
include 'includes/header.php';
?>
<script type="text/javascript">
function valid()
{
	clear();
	var valid=true;
		if(document.getElementById("txtbulk_title").value=="")
    	{      
Esempio n. 11
0
 /**
  * Creates a new user.
  * @return bool Success status of user registration
  */
 private function createNewUser()
 {
     // remove html code etc. from username and email
     $user_name = htmlentities($_POST['user_name'], ENT_QUOTES);
     $user_email = htmlentities($_POST['user_email'], ENT_QUOTES);
     $user_password = $_POST['user_password_new'];
     // crypt the user's password with the PHP 5.5's password_hash() function, results in a 60 char hash string.
     // the constant PASSWORD_DEFAULT comes from PHP 5.5 or the password_compatibility_library
     $user_password_hash = password_hash($user_password, PASSWORD_DEFAULT);
     $sql = 'SELECT * FROM users WHERE user_name = :user_name OR user_email = :user_email';
     $query = $this->db_connection->prepare($sql);
     $query->bindValue(':user_name', $user_name);
     $query->bindValue(':user_email', $user_email);
     $query->execute();
     // As there is no numRows() in SQLite/PDO (!!) we have to do it this way:
     // If you meet the inventor of PDO, punch him. Seriously.
     $result_row = $query->fetchObject();
     if ($result_row) {
         echo '<script type="text/javascript">';
         echo 'alert("Sorry, that username or email is already taken. Please choose another one.")';
         echo '</script>';
         return true;
     } else {
         $uniquepid = false;
         $pid = '0';
         while (!$uniquepid) {
             $pid = createRandomString();
             $pidcheck = 'SELECT apikey_pid FROM users WHERE apikey_pid=\'' . $pid . '\';';
             $others = 0;
             foreach ($this->db_connection->query($pidcheck) as $row) {
                 $others++;
             }
             if ($others === 0) {
                 $uniquepid = true;
             }
         }
         $sql = 'INSERT INTO users (user_name, user_pid, user_password_hash, user_email)
                 VALUES(:user_name, :user_pid, :user_password_hash, :user_email)';
         $query = $this->db_connection->prepare($sql);
         $query->bindValue(':user_name', $user_name);
         $query->bindValue(':user_pid', $pid);
         $query->bindValue(':user_password_hash', $user_password_hash);
         $query->bindValue(':user_email', $user_email);
         $registration_success_state = $query->execute();
         if ($registration_success_state) {
             echo '<script type="text/javascript">';
             echo 'alert("Your account has been created successfully. You can now log in.")';
             echo '</script>';
             $this->loginStuff();
             return true;
         } else {
             echo '<script type="text/javascript">';
             echo 'alert("Sorry, your registration failed. Please try again.")';
             echo '</script>';
         }
     }
     // default return
     return false;
 }
Esempio n. 12
0
<?php

require __DIR__ . '/../vendor/autoload.php';
require __DIR__ . '/../src/FileDumperBackend.php';
\Tideways\Profiler::setBackend(new \Cotya\TideGauge\FileDumperBackend());
\Tideways\Profiler::start(['api_key' => 'random_api_key', 'sample_rate' => 100]);
\Tideways\Profiler::setTransactionName("cli:" . basename($_SERVER['argv'][0]));
\Tideways\Profiler::watch('TestClass::FooBar');
\Tideways\Profiler::watch('Composer\\Autoload\\ClassLoader::loadClass');
class TestClass
{
    public function __construct()
    {
    }
    public function FooBar()
    {
    }
}
function createRandomString()
{
    $test = new TestClass();
    $test->FooBar();
    return "42";
}
//ld('start test');
$strings = [];
for ($i = 0; $i < 3; $i++) {
    $strings[] = createRandomString();
}
\Tideways\Profiler::stop();
Esempio n. 13
0
}
if (!in_array($_POST['state'], $validStates)) {
    $errors[] = "Ungültiger Benutzerstatus.";
}
if (count($errors) > 0) {
    foreach ($errors as $er) {
        echo $er . "<br />";
    }
    die;
}
/* 
 * update database
 */
$t->addStatement("UPDATE :prefix:user SET \n                    firstname = :0, \n                    lastname = :1, \n                    rfid = :2,\n                    email = :3,\n                    state = :4\n                  WHERE userId = :5;", htmlspecialchars($_POST['firstname']), htmlspecialchars($_POST['lastname']), $_POST['rfid'], $_POST['email'], $_POST['state'], (int) $_POST['userid']);
if ($_POST['password'] != "") {
    $salt = createRandomString(50);
    $hash = hash("sha512", $_POST['password'] . $salt);
    $t->addStatement("UPDATE :prefix:user SET password = :0, salt = :1 WHERE userId = :2", $hash, $salt, $_POST['userid']);
}
// delete patients which have been removed
foreach (dbConn::query("SELECT patient FROM :prefix:visit WHERE user = :0", $_POST['userid']) as $r) {
    $contains = false;
    if (isset($_POST['visits']) && is_array($_POST['visits'])) {
        foreach ($_POST['visits'] as $v) {
            if ($v['patientId'] == $r['patient']) {
                $contains = true;
                break;
            }
        }
    }
    if (!$contains) {