<?php
function make_captcha($id)
{
require 'kcaptcha/kcaptcha.php';
$captcha = new KCAPTCHA();
cache_set('taxi_captcha_' . $id, $captcha->getKeyString());
die;
}
if ($id = intval($_GET['id']) and preg_match('/\\d{11,12}/', $_GET['id'])) {
require 'inc/dbcm.php';
if (cache_isset('taxi_captcha_' . $id)) {
make_captcha($id);
} else {
if (fetch_user_by_id($id)) {
make_captcha($id);
} else {
header('HTTP/1.0 404 Not Found');
}
}
} else {
header('HTTP/1.0 400 Bad Request');
}
<?php
global $DB, $RQ, $USER, $CONFIG;
require_once '../../../inc/bootstrap.inc';
if ($RQ['user']['id']) {
if (check_user_id($RQ['user']['id'])) {
if (!is_array(fetch_user_by_id($id = intval($RQ['user']['id'])))) {
if (($len = mb_strlen($RQ['user']['nick'])) >= $CONFIG['LIMITS']['NICK_LENGTH']['MIN']) {
if ($len <= $CONFIG['LIMITS']['NICK_LENGTH']['MAX']) {
if (!is_array(fetch_user_by_nick($RQ['user']['nick']))) {
if (preg_match('/[\\da-f]{40}/', $RQ['user']['password'])) {
if (!is_array($USER) or !$USER['flags']['super'] and !$USER['flags']['dispatcher']) {
require_once '../../../inc/challenge.inc.php';
challenge_first($CONFIG['REGISTER']['CHALLENGE']);
}
$user = array('id' => $id, 'nick' => $RQ['user']['nick'], 'password' => $RQ['user']['password'], 'fullname_published' => $RQ['user']['fullname_published'] ? true : false, 'email_published' => $RQ['user']['email_published'] ? true : false);
fill_if_nonempty($user, $RQ['user'], 'fullname');
fill_if_nonempty($user, $RQ['user'], 'email');
if ($CONFIG['REGISTER']['DEFAULT_BLOCKED']) {
$user['flags']['blocked'] = true;
}
if ($RQ['user']['flags'] and $USER['flags']['super']) {
$user['flags'] = $RQ['user']['flags'];
}
if (is_array($RQ['user']['car']) and car_model_exists($RQ['user']['car']['model']) and car_color_exists($RQ['user']['car']['model']) and check_car_number($RQ['user']['car']['number'])) {
$user['car'] = array('model' => $RQ['user']['car']['model'], 'color' => $RQ['user']['car']['color'], 'number' => $RQ['user']['car']['number']);
if ($RQ['user']['driving']) {
$user['driving'] = true;
}
}
update_user($user);
<?php
global $DB, $RQ, $USER;
function try_auth($id, $signature)
{
}
if (is_array($RQ = json_decode(file_get_contents('php://input'), true))) {
$RQ['id'] = intval($RQ['id']);
list(, $method) = explode('/', trim($_SERVER['REQUEST_URI'], '/'), 2);
if ($RQ['id'] and preg_match('/\\d{11,12}/', $RQ['id'])) {
require_once __DIR__ . '/config.inc.php';
require_once __DIR__ . '/dbcm.inc.php';
if (is_array($USER = fetch_user_by_id($RQ['id']))) {
if ($USER['flags']['blocked']) {
die('{ "err": 401, "errmsg": "bad_id_or_signature" }');
}
$t = gmmktime() / 10;
$signed = false;
$mup = $method . $USER['id'] . $USER['password'];
for ($i = t + $CONFIG['API']['ALLOWED_CLOCK_SKEW'][0]; $i < t + $CONFIG['API']['ALLOWED_CLOCK_SKEW'][1]; $i++) {
if (sha1($mup . $i) == $RQ['signature']) {
$signed = true;
break;
}
}
if (!$signed) {
die('{ "err": 401, "errmsg": "bad_id_or_signature" }');
}
} else {
die('{ "err": 401, "errmsg": "bad_id_or_signature" }');
}