function mongoQuery($config, $request) { $result = false; $mongo_request = array(); if (!isset($request['mode'])) { $request['mode'] = 'SELECT'; } if (!isset($request['limit'])) { $request['limit'] = array(0, 25); } if ($GLOBALS['debug'] == true) { print_r($request); } createLog(prettyJson(json_encode($request))); // Execute Mongo query: if (isset($request)) { $result = mongoExecute($config, $request); // print_r($mongo_result); } else { $result = array('query' => null, 'result' => array('records' => array(0 => null), 'response' => array(0 => array('error' => 'ERROR - incorrect array supplied')))); } // Print query output to command line: if ($GLOBALS['debug']) { echo chr(10) . 'Mongo DB============================================================================================' . chr(10) . $result['query'] . chr(10) . chr(10); print_r($result['result']); echo chr(10) . chr(10); echo '====================================================================================================' . chr(10); } return $result; }
<?php $conn = sqlConnectDefault(); if (is_null($conn)) { $statusMessage = makeStatusMessage(1, "error"); return; } $user = getUser($conn); if (empty($user)) { $log = createLog("", "", "", $id); } else { $log = createLog("", "", "", $id, ""); } $selQ = new selectSQL($conn); $selQ->select = array("catid"); $selQ->tableNames = array("products"); $selQ->where = "promo != '0'"; if (!$selQ->executeQuery()) { $statusMessage = $selQ->status; mysqli_close($conn); return; } if ($selQ->getNumberOfResults() == 0) { $statusMessage = makeStatusMessage(52, "error"); mysqli_close($conn); return; } $tmp = $selQ->result->fetch_assoc(); $catid = $tmp['catid']; unset($selQ); $selQ = new selectSQL($conn);
<?php $conn = sqlConnectDefault(); if (is_null($conn)) { $statusMessage = makeStatusMessage(1, "error"); return; } $user = getUser($conn); if ($user['access'] != 3) { $statusMessage = makeStatusMessage(3, "error"); mysqli_close($conn); return; } $log = createLog(1); // ADD ADMIN LOG if (isset($_POST['delete']) && isset($_POST['discountid'])) { $delQ = new deleteSQL($conn); $delQ->tableName = "discounts"; $delQ->where = "id = " . $conn->real_escape_string($_POST['discountid']); if (!$delQ->executeQuery()) { $statusMessage = $delQ->status; } else { $statusMessage = makeStatusMessage(46, "success"); } } else { if (!(isset($_POST["catid"]) || isset($_POST["prodid"])) || !(isset($_POST['flat']) || isset($_POST['percent']))) { $discounts = array(); $selQ = new selectSQL($conn); $selQ->select = array("d.id as `Discount ID`", "userid as `User ID`", "user as User", "flat as `Flat Discount`", "percent as `Percent Discount`", "minprice as `Minumun price for discount`", "categoryid as `Category ID`", "c.name" . $language . " as `Category Name`", "productid as `Product ID`", "p.names" . $language . " as `Product Name`"); $selQ->tableNames = array("discounts as d", "users as u", "categories as c", "products as p"); $selQ->joinTypes = array("LEFT JOIN", "LEFT JOIN", "LEFT JOIN");
<?php $conn = sqlConnectDefault(); if (is_null($conn)) { $statusMessage = makeStatusMessage(1, "error"); return; } $user = getUser($conn); if (empty($user)) { $log = createLog("", "categories"); } else { $log = createLog("", "categories", "", "", $user['id']); } if (!isset($language)) { $language = $GLOBALS['language']; } if (isset($_POST['catid'])) { $where = "id = '" . $conn->real_escape_string($_POST['catid']) . "'"; } elseif (isset($catid)) { $where = "id = '" . $catid . "'"; } else { $where = "parentid IS NULL OR parentid = 0"; } if (isset($allLangs)) { require_once 'languageConfig.php'; $data = getCat($where, $conn, null, $langResult); } else { $data = getCat($where, $conn, $GLOBALS['language'], null); } if (empty($data)) { $statusMessage = makeStatusMessage(51, "error");
<?php if (isset($_POST['VerPas']) && !empty($_POST['VerPas'])) { include 'include/global.php'; include 'include/function.php'; $data = explode(";", $_POST['VerPas']); $stud_id = $data[0]; $vStamp = $data[1]; $time = $data[2]; $sn = $data[3]; $fingerData = getUserFinger($stud_id); $device = getDeviceBySn($sn); $sql1 = "SELECT * FROM student_tbl WHERE stud_id='" . $stud_id . "'"; $result1 = mysql_query($sql1); $data = mysql_fetch_array($result1); $stud_fname = $data['stud_fname']; $salt = md5($sn . $fingerData[0]['finger_data'] . $device[0]['vc'] . $time . $stud_id . $device[0]['vkey']); if (strtoupper($vStamp) == strtoupper($salt)) { $log = createLog($stud_fname, $time, $sn); if ($log == 1) { echo $base_path . "messages.php?stud_fname={$stud_fname}&time={$time}"; } else { echo $base_path . "messages.php?msg={$log}"; } } else { $msg = "Parameter invalid.."; echo $base_path . "messages.php?msg={$msg}"; } }
$statusMessage = makeStatusMessage(4, "error"); return; } $conn = sqlConnectDefault(); if (is_null($conn)) { $statusMessage = makeStatusMessage(1, "error"); return; } $id = $conn->real_escape_string($_POST['id']); $user = getUser($conn); if ($id != $user['id']) { $statusMessage = makeStatusMessage(3, "error"); mysqli_close($conn); return; } $log = createLog("", "changeUserInfo", "", "", $id); $selQ = new selectSQL($conn); $selQ->select = array("u.id as uid", "i.userid as iid"); $selQ->tableNames = array("user_info as i", "users as u"); $selQ->joinTypes = array("RIGHT OUTER JOIN"); $selQ->joins = array("u.id = i.userid"); $selQ->where = "u.id='" . $id . "'"; if (!$selQ->executeQuery()) { $statusMessage = $selQ->status; mysqli_close($conn); return; } if ($selQ->getNumberOfResults() > 1) { $statusMessage = $selQ->status; mysql_close($conn); return;
if (!isset($_POST["id"])) { $statusMessage = makeStatusMessage(4, "error"); return; } $conn = sqlConnectDefault(); if (is_null($conn)) { $statusMessage = makeStatusMessage(1, "error"); return; } $catid = $conn->real_escape_string($_POST['id']); $user = getUser($conn); if (empty($user)) { $log = createLog("", "", $catid); } else { $log = createLog("", "", $catid, "", $user['id']); } $selQ = new selectSQL($conn); $selQ->select = array("id"); $selQ->tableNames = array("categories"); $selQ->where = "id = '" . $catid . "' AND visible = 1"; if (!$selQ->executeQuery()) { $statusMessage = $selQ->status; mysqli_close($conn); return; } if ($selQ->getNumberOfResults() == 0) { $statusMessage = makeStatusMessage(51, "error"); mysqli_close($conn); return; }
function verifica($post, $tipoEnvio = false) { global $_retPagSeguroErrNo, $_retPagSeguroErrStr; if ('array' !== gettype($tipoEnvio)) { $tipoEnvio = RetornoPagSeguro::_tipoEnvio(); } $spost = RetornoPagSeguro::_preparaDados($post); if (!in_array($tipoEnvio[0], array('curl', 'fsocket'))) { return false; } $confirma = false; if ($tipoEnvio[0] === 'curl') { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $tipoEnvio[1]); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $spost); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_TIMEOUT, 30); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $resp = curl_exec($ch); if (!RetornoPagSeguro::not_null($resp)) { curl_setopt($ch, CURLOPT_URL, $tipoEnvio[1]); $resp = curl_exec($ch); } curl_close($ch); $confirma = strcmp($resp, 'VERIFICADO') == 0; } elseif ($tipoEnvio[0] === 'fsocket') { if (!$tipoEnvio[2]) { die("{$_retPagSeguroErrStr} ({$_retPagSeguroErrNo})"); } else { $cabecalho = "POST {$tipoEnvio[1]} HTTP/1.0\r\n"; $cabecalho .= "Content-Type: application/x-www-form-urlencoded\r\n"; $cabecalho .= "Content-Length: " . strlen($spost) . "\r\n\r\n"; $resp = ''; fwrite($tipoEnvio[2], "{$cabecalho}{$spost}"); while (!feof($tipoEnvio[2])) { $resp = fgets($tipoEnvio[2], 1024); if (strcmp($resp, 'VERIFICADO') == 0) { $confirma = strcmp($resp, 'VERIFICADO') == 0; $confirma = true; break; } } fclose($tipoEnvio[2]); } } if ($confirma && function_exists('retorno_automatico')) { $itens = array('VendedorEmail', 'TransacaoID', 'Referencia', 'TipoFrete', 'ValorFrete', 'Anotacao', 'DataTransacao', 'TipoPagamento', 'StatusTransacao', 'CliNome', 'CliEmail', 'CliEndereco', 'CliNumero', 'CliComplemento', 'CliBairro', 'CliCidade', 'CliEstado', 'CliCEP', 'CliTelefone', 'NumItens'); foreach ($itens as $item) { if (!isset($post[$item])) { $post[$item] = ''; } if ($item == 'ValorFrete') { $post[$item] = str_replace(',', '.', $post[$item]); } } $produtos = array(); for ($i = 1; isset($post["ProdID_{$i}"]); $i++) { $produtos[] = array('ProdID' => $post["ProdID_{$i}"], 'ProdDescricao' => $post["ProdDescricao_{$i}"], 'ProdValor' => (double) str_replace(',', '.', $post["ProdValor_{$i}"]), 'ProdQuantidade' => $post["ProdQuantidade_{$i}"], 'ProdFrete' => (double) str_replace(',', '.', $post["ProdFrete_{$i}"]), 'ProdExtras' => (double) str_replace(',', '.', $post["ProdExtras_{$i}"])); } retorno_automatico($post['VendedorEmail'], $post['TransacaoID'], $post['Referencia'], $post['TipoFrete'], $post['ValorFrete'], $post['Anotacao'], $post['DataTransacao'], $post['TipoPagamento'], $post['StatusTransacao'], $post['CliNome'], $post['CliEmail'], $post['CliEndereco'], $post['CliNumero'], $post['CliComplemento'], $post['CliBairro'], $post['CliCidade'], $post['CliEstado'], $post['CliCEP'], $post['CliTelefone'], $produtos, $post['NumItens']); } if (function_exists('createLog')) { createLog($confirma); } return $confirma; }
if (!unlink($pathtologs . $pfileprev)) { $data = chr(60) . "?php\n" . chr(47) . "* e107 website system: Log file: " . date("z:Y", time()) . " *" . chr(47) . "\n\n\n\n" . chr(47) . "* THE INFORMATION IN THIS LOG FILE HAS BEEN CONSOLIDATED INTO THE DATABASE - YOU CAN SAFELY DELETE IT. *" . chr(47) . "\n\n\n?" . chr(62); if ($handle = fopen($pathtologs . $pfileprev, 'w')) { fwrite($handle, $data); } fclose($handle); } if (!unlink($pathtologs . $ifileprev)) { $data = chr(60) . "?php\n" . chr(47) . "* e107 website system: Log file: " . date("z:Y", time()) . " *" . chr(47) . "\n\n\n\n" . chr(47) . "* THE INFORMATION IN THIS LOG INFO FILE HAS BEEN CONSOLIDATED INTO THE DATABASE - YOU CAN SAFELY DELETE IT. *" . chr(47) . "\n\n\n?" . chr(62); if ($handle = fopen($pathtologs . $ifileprev, 'w')) { fwrite($handle, $data); } fclose($handle); } /* and finally, we need to create new logfiles for today ... */ createLog($pathtologs); /* done! */ function createLog($pathtologs) { global $statTotal, $statUnique, $pfile, $ifile; if (!is_writable($pathtologs)) { echo "Log directory is not writable - please CHMOD " . e_LOG . " to 777"; echo '<br />Path to logs: ' . $pathtologs; return FALSE; } $varStart = chr(36); $quote = chr(34); $data = chr(60) . "?php\n" . chr(47) . "* e107 website system: Log file: " . date("z:Y", time()) . " *" . chr(47) . "\n\n" . $varStart . "refererData = " . $quote . $quote . ";\n" . $varStart . "ipAddresses = " . $quote . $quote . ";\n" . $varStart . "hosts = " . $quote . $quote . ";\n" . $varStart . "siteTotal = " . $quote . "0" . $quote . ";\n" . $varStart . "siteUnique = " . $quote . "0" . $quote . ";\n" . $varStart . "screenInfo = array();\n" . $varStart . "browserInfo = array();\n" . $varStart . "osInfo = array();\n" . $varStart . "pageInfo = array(\n"; $data .= "\n);\n\n?" . chr(62); if (!touch($pathtologs . $pfile)) { return FALSE;
$statusMessage = makeStatusMessage(4, "error"); return; } $conn = sqlConnectDefault(); if (is_null($conn)) { $statusMessage = makeStatusMessage(1, "error"); return; } $userid = $conn->real_escape_string($_POST['userid']); $user = getUser($conn); if ($user['id'] != $userid) { $statusMessage = makeStatusMessage(3, "error"); mysqli_close($conn); return; } $log = createLog("", "order", "", "", $userid); require_once 'orderConfig.php'; $nameLang = array("EN" => "Product", "BG" => "Продукт"); $priceLang = array("EN" => "Price", "BG" => "Цена"); $prodids = array(); $prodQuantity = array(); foreach ($_POST['products'] as $pid => $q) { $pid = $conn->real_escape_string($pid); $prodids[] = $pid; if (!is_int($q) || $q < 1) { $q = 1; } $prodQuantity[$pid] = $q; } $selQ = new selectSQL($conn); $selQ->distinct = true;
function processCheckIn($rfid) { $errors = 0; $processCheckInMessage = ""; $rfid = testInput($rfid); $date = date('Y-m-d H:i:s'); if (getMemberInfoByRFID($rfid, 'k.serial')["serial"] != null) { if (getMemberInfoByRFID($rfid, "c.active")["active"] == 0) { // check if user is active if (!createLog(getMemberInfoByRFID($rfid, "c.cid")["cid"], $date)) { // create a log with the current date $errors = 1; $processCheckInMessage .= 'Could not create a new log in the database!'; die; } else { if (!updateContactCheckinStatus($date, getMemberInfoByRFID($rfid, "c.cid")["cid"], 1)) { // update user table, set active to 1 and insert last checkin time $errors = 1; $processCheckInMessage .= 'Could not update member status when checking in!'; die; } else { $processCheckInMessage .= "Checkin successful!"; } } } else { if (!updateContactCheckinStatus($date, getMemberInfoByRFID($rfid, "c.cid")["cid"], 0)) { // update user table, set active to 0 and insert last checkout time $errors = 1; $processCheckInMessage .= 'Could not update member status when checking out!'; die; } else { if (!updateLog(getMemberInfoByRFID($rfid, "c.cid")["cid"], $date, getMemberInfoByRFID($rfid, "c.last_checkin_time")["last_checkin_time"])) { // close log, insert checkout time (current date time) $errors = 1; $processCheckInMessage .= 'Could not close the log for user check out!'; die; } else { $processCheckInMessage .= "Checkout successful!"; } } } } else { $errors = 1; $processCheckInMessage .= "RFID key not found in the database!"; } if ($errors == 1) { $processCheckInMessage = 'ERROR: ' . $processCheckInMessage; // in case there are errors, add 'ERROR: ' at the beginning of a status message. $response['hasErrors'] = $errors; $response['message'] = $processCheckInMessage; } else { $response['hasErrors'] = $errors; $response['message'] = $processCheckInMessage; $response['firstName'] = getMemberInfoByRFID($rfid, 'c.firstName')["firstName"]; $response['lastName'] = getMemberInfoByRFID($rfid, 'c.lastName')["lastName"]; $response['lastCheckInTime'] = getMemberInfoByRFID($rfid, 'c.last_checkin_time')["last_checkin_time"]; $response['lastCheckOutTime'] = getMemberInfoByRFID($rfid, 'c.last_checkout_time')["last_checkout_time"]; } return $response; }
} if (isset($_POST["userid"])) { $userid = $conn->real_escape_string($_POST['userid']); } $user = getUser($conn); if ($user['access'] == 3) { $adminCheck = 1; $log = createLog(1); // ADD ADMIN LOG } else { if ($user['id'] != $userid) { $statusMessage = makeStatusMessage(3, "error"); mysqli_close($conn); return; } else { $log = createLog("", "history", "", "", $userid); } } require_once 'orderConfig.php'; $selQ = new selectSQL($conn); $selQ->tableNames = array("orders as o"); $selQ->select = array("o.id as " . $oid[$language], "o.payment as " . $payment[$language], "o.date as " . $date[$language], "o.status as " . $status[$language], "o.address as " . $address[$language], "o.totalprice as" . $totalPrice[$language]); if ($adminCheck) { $selQ->select[] = "o.ip as " . $ip[$language]; } $selQ->select[] = "u.id as " . $uid[$language]; $selQ->select[] = "u.user as " . $user[$language]; $selQ->tableNames[] = "users as u"; $selQ->joins = array("o.userid = u.id"); $selQ->joinTypes = array("JOIN"); if (isset($userid)) {
function esQuery($config, $request, $report) { $query = array(); $method = ''; $url = ''; $result = false; $es_query = array(); if (!isset($request['mode'])) { $request['mode'] = 'SELECT'; } /* if(strstr($request['mode'], 'SELECT') == true) { if(!isset($request['order'])) { $request['order'] = array('id' => 'asc'); } } */ if ($GLOBALS['debug'] == true) { print_r($request); } createLog(prettyJson(json_encode($request))); $query_build = $request; unset($query_build['db'], $query_build['route'], $query_build['mode'], $query_build['items']); foreach ($query_build as $function => $arg) { if (!empty($arg)) { $es_query = call_user_func_array('es' . ucfirst($function), array($es_query, $arg)); } } // print_r($es_query); switch ($request['mode']) { case 'SELECT': case 'SELECT COUNT': $method = 'POST'; $query = array($es_query); $url = $config['server'] . $request['route'] . '/_search?'; break; case 'UPDATE': break; case 'CREATE': $method = 'POST'; $query = $request['items']; $url = $config['server'] . $request['route']; // createLog(json_encode($request)); break; case 'DELETE': $method = 'DELETE'; $query = $request['items']; $url = $config['server'] . $request['route']; break; case 'DROP': $method = 'DELETE'; $query = array(true); $url = $config['server'] . $request['route']; break; } if (!empty($query)) { $es_result = esExecute($request['mode'], $method, $url, $query); // print_r($es_result); } else { $es_result = array('query' => null, 'result' => array('records' => array(0 => null), 'response' => array(0 => array('error' => 'ERROR - query is null')))); } // Print query output to command line: if ($GLOBALS['debug'] and $report == true) { echo chr(10) . 'ElasticSearch======================================================================================='; // echo chr(10).$es_result['query'].chr(10).chr(10); print_r($es_result['result']); echo '====================================================================================================' . chr(10); } return array('result' => $es_result['result'], 'query' => $query); }
if (is_null($conn)) { $statusMessage = makeStatusMessage(1, "error"); return; } if (empty($_POST['userid'])) { $statusMessage = makeStatusMessage(4, "error"); return; } $userid = $conn->real_escape_string($_POST['userid']); $user = getUser($conn); if ($user['id'] != $userid) { $statusMessage = makeStatusMessage(3, "error"); mysqli_close($conn); return; } $log = createLog("", "favorites", "", "", $userid); if (isset($_POST['add']) && (!empty($_POST['productid']) || !empty($_POST['categoryid']))) { $fieldArr = array("userid", "productid", "categoryid"); $insQ = new insertSQL($conn); $insQ->insertData = array(); foreach ($fieldArr as $f) { if (!empty($_POST[$f])) { $insQ->insertData[] = $conn->real_escape_string($_POST[$f]); $insQ->cols[] = $f; } } $insQ->tableName = "favorites"; if (!$insQ->executeQuery()) { $statusMessage = $insQ->status; mysqli_close($conn); return;
function dbRequest($request, $report) { $dbs = array('es' => 'elasticsearch', 'mongo' => 'mongodb', 'mysql' => 'mysql'); $message = array(chr(10) . date("Y-m-d H:i:s")); $message[3] = '=============================================================================================='; $message[4] = chr(10); // print_r($request); if (!empty($request['db']) and isset($dbs[$request['db']])) { $db = $dbs[$request['db']]; $db_config = yaml_parse_file('config/database.yml'); // print_r($db_config); require_once 'vendor/' . $db . '/functions.php'; $db_result = call_user_func_array($request['db'] . 'Query', array($db_config[$db], $request, $report)); if ($report == true) { $message[1] = $dbs[$request['db']] . '================================================================================='; $message[2] = preg_replace('@"|\\\\@', '', prettyJson(json_encode($db_result['result']))); } else { $message = array(); } } else { $message[2] = 'ERROR - no database criteria supplied'; } ksort($message); createLog(implode(chr(10), $message)); return $db_result; }
<?php use Faid\DB; use Faid\DBSimple; use Extasy\Audit\Record; use Extasy\Audit\Log; DB::post('TRUNCATE audit_logs'); DB::post('TRUNCATE audit_records'); // $sql = 'select distinct category from cms_log order by category asc'; $data = DB::query($sql); foreach ($data as $row) { $log = createLog($row); importMessages($log, $row['category']); } function createLog($row) { $log = new Log(); $log->name = 'Developer.' . $row['category']; $log->enable_logging = true; if (CMSLog::RuntimeErrors == $row['category']) { $log->critical = true; } $log->insert(); return $log; } function importMessages($log, $category) { $data = selectMessages($category); foreach ($data as $record) { Record::add($log->name, $record['message'], $record['message']);
<?php if (isset($_POST['VerPas']) && !empty($_POST['VerPas'])) { include 'include/global.php'; include 'include/function.php'; $data = explode(";", $_POST['VerPas']); $user_id = $data[0]; $vStamp = $data[1]; $time = $data[2]; $sn = $data[3]; $fingerData = getUserFinger($user_id); $device = getDeviceBySn($sn); $sql1 = "SELECT * FROM demo_user WHERE user_id='" . $user_id . "'"; $result1 = mysql_query($sql1); $data = mysql_fetch_array($result1); $user_name = $data['user_name']; $salt = md5($sn . $fingerData[0]['finger_data'] . $device[0]['vc'] . $time . $user_id . $device[0]['vkey']); if (strtoupper($vStamp) == strtoupper($salt)) { $log = createLog($user_name, $time, $sn); if ($log == 1) { echo $base_path . "messages.php?user_name={$user_name}&time={$time}"; } else { echo $base_path . "messages.php?msg={$log}"; } } else { $msg = "Parameter invalid.."; echo $base_path . "messages.php?msg={$msg}"; } }
<?php // AUTHENTXICATION controller // // $_POST = array('url-path' => '/', 'user' => 'ucm-publisher', 'pass' => 'D1sc0veR1es'); if (!empty($_POST)) { createLog(implode(',', $_POST)); $user = array(); // Check for username entry: if (isset($_POST['user'])) { // Get user accounts from model: $criteria['filter'] = array('username' => $_POST['user']); require loadMVC('model', 'authentication'); // Validate username against user account: if (!empty($model['result']['records'])) { foreach ($model['result']['records'] as $user_id => $user) { } // print_r($user); // Validate password against user account if ($user['password'] === crypt($_POST['pass'], $user['password'])) { // Set cookie if validated: setcookie($config['authentication']['cookie_name'], session_id() . '-' . $user_id . '-' . $user['username'], time() + 3600, "/"); $response['status'] = 'success'; } else { $response['status'] = 'failed'; } } else { $response['status'] = 'failed'; } } else { $response['status'] = 'failed'; }