function export()
{
$errors = validateRequest();
if ($errors != "") {
exit($errors);
}
$entity = $_REQUEST['entity'];
if (array_key_exists('entities', $_SESSION) && in_array($entity, $_SESSION['entities'])) {
$metric = $_REQUEST['metric'];
$endDate = $_REQUEST['endDate'];
$period = $_REQUEST['period'];
$csv = getCsv($entity, $metric, $endDate, $period);
header("Content-type: text/csv; charset=UTF-8");
header("Content-Disposition: attachment; filename=series.csv");
echo $csv;
} else {
header("Content-type: text/plain; charset=UTF-8");
echo "entity " . $entity . " is not allowed to current user.";
}
}
function addNewEntry()
{
if ($valid_request = validateRequest()) {
//prepare Post vars
/**
* XSS Cleaner For Name and Email Fields
*/
//sanitize vars
$name = strip_tags($_POST['name']);
$email = strip_tags($_POST['email']);
//checking if post vars are empty or invalid
$name = trim($name);
$email = trim($email);
//prepare insert SQL Script
$insert_sql = "INSERT INTO TBL_ITEMS (NAME,EMAIL) VALUES ('" . $name . "','" . $email . "')";
//insert into database
$resp = insertData($insert_sql);
//check anwser and redirect
if (!$resp) {
$_SESSION['errors'] .= "- Fail to insert into database!<br/>";
} else {
$_SESSION['success'] .= "- The data was inserted successfully!<br/>";
}
//Close Session Write
session_write_close();
//redirect
header("Location: ../../add");
die;
} else {
$_SESSION['errors'] .= "- The request was not accepted!<br/>";
//Close Session Write
session_write_close();
//redirect
header("Location: ../../add");
die;
}
}
<?php
$include_path = get_include_path();
include_once $include_path . '/includes/db_functions.php';
include_once $include_path . '/includes/session_functions.php';
include_once $include_path . '/public_html/classes/AllClasses.php';
include_once $include_path . '/public_html/requests/core.php';
$requestType = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
$orderby = filter_input(INPUT_POST, 'orderby', FILTER_SANITIZE_STRING);
$desc = filter_input(INPUT_POST, 'desc', FILTER_SANITIZE_STRING);
$groupid = filter_input(INPUT_POST, 'group', FILTER_SANITIZE_NUMBER_INT);
$staffid = filter_input(INPUT_POST, 'staff', FILTER_SANITIZE_NUMBER_INT);
$userid = filter_input(INPUT_POST, 'userid', FILTER_SANITIZE_NUMBER_INT);
$userval = base64_decode(filter_input(INPUT_POST, 'userval', FILTER_SANITIZE_STRING));
$role = validateRequest($userid, $userval);
if (!$role) {
failRequest("There was a problem validating your request");
}
switch ($requestType) {
case "FILTERED":
if (!authoriseUserRoles($role, ["SUPER_USER", "STAFF"])) {
failRequest("You are not authorised to complete that request");
}
getAllCompletedWorksheetsForGroup($groupid, $staffid, $orderby, $desc);
break;
case "ALLWORKSHEETS":
if (!authoriseUserRoles($role, ["SUPER_USER", "STAFF"])) {
failRequest("You are not authorised to complete that request");
}
getAllWorksheets($orderby, $desc);
default:
<?php
$include_path = get_include_path();
include_once $include_path . '/includes/db_functions.php';
include_once $include_path . '/includes/session_functions.php';
include_once $include_path . '/public_html/classes/AllClasses.php';
include_once $include_path . '/public_html/requests/core.php';
$requestType = filter_input(INPUT_POST, 'type', FILTER_SANITIZE_STRING);
$studentid = filter_input(INPUT_POST, 'studentid', FILTER_SANITIZE_NUMBER_INT);
$groupid = filter_input(INPUT_POST, 'groupid', FILTER_SANITIZE_NUMBER_INT);
$userid = filter_input(INPUT_POST, 'userid', FILTER_SANITIZE_NUMBER_INT);
$userval = base64_decode(filter_input(INPUT_POST, 'userval', FILTER_SANITIZE_STRING));
$external = filter_input(INPUT_POST, 'external', FILTER_SANITIZE_STRING);
$role = validateRequest($userid, $userval, $external);
if (!$role) {
failRequest("There was a problem validating your request");
}
switch ($requestType) {
case "ADDTOGROUP":
if (!authoriseUserRoles($role, ["SUPER_USER", "STAFF"])) {
failRequest("You are not authorised to complete that request");
}
addToGroup($studentid, $groupid);
break;
case "REMOVEFROMGROUP":
if (!authoriseUserRoles($role, ["SUPER_USER", "STAFF"])) {
failRequest("You are not authorised to complete that request");
}
removeFromGroup($studentid, $groupid);
break;
default:
function loginCheck($validateReq = true)
{
if (!isset($_SESSION['SB_LOGIN'])) {
if (isset($_GET['ajaxRequest'])) {
redirect("login.php?timeout=1");
} else {
redirect("login.php");
}
exit;
}
if ($validateReq) {
if (!validateRequest()) {
exit;
}
}
startOutput();
}
<?php
/**
* Register a new user
*
* By Kai Rune Orten
*/
$app->post('/register', function () use($app) {
$r = json_decode($app->request->getBody());
verifyRequiredParams(array('phone', 'birth'), $r->user);
validateRequest($r->user);
$db = new DbHandler();
$tabble_name = "user";
$phone = $r->user->phone;
$birth = $r->user->birth;
//We need to format the date to MySQL standard yyyy-mm-dd.
$r->user->birth = Date('Y-m-d', strtotime($birth));
//If we dont care if the user register multiple time, remove the following function and condition
$userExists = $db->getOneRecord("select 1 from {$tabble_name} where phone='{$phone}'");
if (!$userExists) {
$column_names = array('first_name', 'last_name', 'email', 'phone', 'birth');
$result = $db->insertIntoTable($r->user, $column_names, $tabble_name);
if ($result !== NULL) {
$response["status"] = "success";
$response["message"] = array("Registrering fullført");
echoResponse(200, $response);
} else {
$response["status"] = "error";
$response["message"] = array("En feil oppstod i registreringen, vennligst prøv igjen");
echoResponse(200, $response);
}
if (empty($data['props'])) {
$errors[] = 'props empty';
}
return $errors;
}
$http->on('request', function ($request, $response) use($react) {
$requestBody = '';
$headers = $request->getHeaders();
$contentLength = (int) $headers['Content-Length'];
$receivedData = 0;
$request->on('data', function ($data) use($react, $request, $response, &$requestBody, &$receivedData, $contentLength) {
$requestBody .= $data;
$receivedData += strlen($data);
if ($receivedData >= $contentLength) {
parse_str($requestBody, $requestData);
$errors = validateRequest($requestData);
if (count($errors)) {
$response->writeHead(400, ['Content-Type' => 'application/json']);
$response->end(json_encode($errors));
return;
}
$props = json_decode($requestData['props']);
if ($requestData['renderType'] === 'static') {
$reactFunction = 'renderStaticComponent';
} else {
$reactFunction = 'renderMountableComponent';
}
$markup = $react->{$reactFunction}($requestData['componentPath'], $props);
$response->writeHead(200, array('Content-Type' => 'text/html'));
$response->end($markup);
}
function validateAction()
{
if (validateRequest()) {
return true;
} else {
return false;
}
}
$config = NDB_Config::singleton();
$base_dir = $config->getSetting('base');
if (empty($base_dir)) {
error_log('Security problem : base ConfigSettings not set or empty.');
header("HTTP/1.1 412 Precondition Failed");
exit;
}
set_time_limit(0);
ob_implicit_flush(true);
ob_end_flush();
header('Content-Type: application/json; charset=UTF-8');
reportProgress(1, 'Validating...');
$fileToUpload = (object) array('file_type' => $_FILES["fileData"]["type"], 'file_name' => $_FILES["fileData"]["name"], 'tmp_name' => $_FILES["fileData"]["tmp_name"], 'size' => $_FILES["fileData"]['size'], 'inserted_by' => $userSingleton->getData('UserID'), 'genomic_file_type' => empty($_POST['fileType']) ? null : str_replace('_', ' ', $_POST['fileType']), 'description' => $_POST['description']);
switch ($fileToUpload->genomic_file_type) {
case 'Methylation beta-values':
validateRequest();
moveFileToFS($fileToUpload);
registerFile($fileToUpload);
insertMethylationData($fileToUpload);
break;
case 'Other':
moveFileToFS($fileToUpload);
registerFile($fileToUpload);
break;
default:
die(json_encode(array('message' => "Unsupported filetype: {$fileToUpload->genomic_file_type}", 'progress' => 100, 'error' => true)));
}
//TODO :: Creating file-candidate relations
reportProgress(100, "Complete");
exit;
/**
<input type="submit" value="Source">
</fieldset>
</form>
<!-- end of
get the adress to be examined form
-->
</center>
</body>
</html>
';
validateRequest($site);
// *********************** Functions *************************** //
//checks if string entered is a valid url: if it has a valid format calls getURL else outputs and error
function validateRequest($siteName)
{
//checkif its empty
if (empty($siteName)) {
return 1;
}
//if its not empty check regex
$regex = "((https?|ftp)\\:\\/\\/)?";
// SCHEME
$regex .= "([a-z0-9+!*(),;?&=\$_.-]+(\\:[a-z0-9+!*(),;?&=\$_.-]+)?@)?";
// User and Pass
$regex .= "([a-z0-9-.]*)\\.([a-z]{2,3})";
// Host or IP