function require_role($role = 'member')
{
if (empty($_SESSION[role_name])) {
redirect_login();
die;
}
}
echo "\n<h2>" . $page_title . "</h2>";
echo get_user_input_form(NULL, $HTTP_VARS);
echo format_footer_links($footer_links_r);
echo _theme_footer();
}
} else {
//End of $HTTP_VARS['op'] checks
opendb_operation_not_available();
}
}
}
}
}
}
}
}
}
}
}
}
}
} else {
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
}
} else {
//if(is_site_enabled())
opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
if ($_REQUEST[lti_launch_id]) {
$launchid = $_REQUEST[lti_launch_id];
} else {
if (!empty($_SESSION['lti_launch_id'])) {
$launchid = $_SESSION[lti_launch_id];
} else {
unset($_SESSION['lti_launch_id']);
redirect_login();
$launchid = false;
}
}
if ($launchid) {
$launch = new ORM("launch", false, "lti_launch");
if (!$launch) {
throw new Exception("LTI Runtime - Datebase unable to instance user");
}
$launch->get($launchid);
if (!$launch->id()) {
throw new Exception("LTI Runtime - Launch session not found");
}
$launchdata = $launch->data();
$_SESSION['lti_launch_id'] = $launch->id();
if ($launch && $launch->data()) {
$LTI = new LTIObject($launch->data());
}
}
} catch (Exception $e) {
DPRT($e->getMessage());
redirect_login();
$LTI = false;
}
function register_val($con)
{
//require_once('includes/bootstrapper.php');
//require_once('includes/connect.php');
//second send validation
if (!empty($_POST['Send_2'])) {
$username_final = mysqli_real_escape_string($con, $_POST['username']);
$password_final = mysqli_real_escape_string($con, $_POST['password']);
$apikey_final = mysqli_real_escape_string($con, $_POST['api']);
$vcode_final = mysqli_real_escape_string($con, $_POST['vcode']);
$email_final = mysqli_real_escape_string($con, $_POST['email']);
$reports_final = mysqli_real_escape_string($con, $_POST['reports']);
$dt = new DateTime();
$tz = new DateTimeZone('Europe/Lisbon');
$dt->setTimezone($tz);
$datetime = $dt->format('Y-m-d H:i:s');
$chars = array();
if (isset($_POST['char1'])) {
$char1 = $_POST['char1'];
array_push($chars, $char1);
} else {
$char1 = "";
}
if (isset($_POST['char2'])) {
$char2 = $_POST['char2'];
array_push($chars, $char2);
} else {
$char2 = "";
}
if (isset($_POST['char3'])) {
$char3 = $_POST['char3'];
array_push($chars, $char3);
} else {
$char3 = "";
}
//$chars = array($char1,$char2,$char3);
//FINAL SERVER VALIDATION #2 (just in case someone sneaks in HTML5)
if (strlen($username_final) < 5 || $username_final == "") {
echo "Username is too short (5 characters minimum)";
failed_validation_2();
} else {
if ($password_final == "") {
echo "Input a proper password";
failed_validation_2();
} else {
if (!filter_var($email_final, FILTER_VALIDATE_EMAIL)) {
echo "Wrong email format.";
failed_validation_2();
} else {
if (!in_array($reports_final, array('none', 'daily', 'weekly', 'monthly'))) {
echo "Invalid report type selection";
failed_validation_2();
} else {
//check if characters belong to API KEY by intersecting both arrays
$pheal2 = new Pheal($apikey_final, $vcode_final);
$chars_api = array();
$chars_name = array();
$empty = array();
$result2 = $pheal2->accountScope->APIKeyInfo();
foreach ($result2->key->characters as $character) {
array_push($chars_api, $character->characterID);
array_push($chars_name, $character->characterName);
}
if (array_intersect(array_diff($chars, $chars_api), $chars_api) != $empty) {
echo "Character does not belong to account";
failed_validation_2();
} else {
$cost = 10;
//Before creating the account, let's securely hash the password:
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
// Prefix information about the hash so PHP knows how to verify it later.
// "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
$salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
// Hash the password with the salt
$password_final = crypt($password_final, $salt);
//Everything is validated, prepare SQL transaction
mysqli_query($con, "START TRANSACTION");
$query_insert_user = $con->prepare("INSERT INTO `trader`.`user` (" . "`iduser`, " . "`username`, " . "`registration_date`, " . "`password`, " . "`reports`, " . "`email`, `salt`, `login_count`) " . "VALUES (" . "NULL, " . "?, " . "?, " . "?, " . "?, " . "?, ?, ?);");
$zero = 0;
$query_insert_user->bind_param("ssssssi", $username_final, $datetime, $password_final, $reports_final, $email_final, $salt, $zero);
//ss stands for 2 strings
$query_insert_user->execute();
$last_id_user = mysqli_insert_id($con);
//Insert ignore because api key may already exist
$query_insert_apikey = mysqli_query($con, "insert ignore into `trader`.`api` (`apikey`, `vcode`) " . "VALUES " . "('{$apikey_final}', " . "'{$vcode_final}');") or die(mysqli_error($con));
// print_r($chars);
$pheal3 = new Pheal($apikey_final, $vcode_final, "char");
foreach ($chars as $row) {
//echo $row;
$response_final = $pheal3->CharacterSheet(array("characterID" => $row));
$name_char = mysqli_real_escape_string($con, $response_final->name);
$checkExistingCharacter = mysqli_query($con, "SELECT name FROM v_user_characters WHERE character_eve_idcharacter IN" . "(" . implode(",", $chars) . ")") or die(mysqli_error($con));
if (mysqli_num_rows($checkExistingCharacter) > 0) {
$duplicates = array();
while ($existing_characters = mysqli_fetch_array($checkExistingCharacter)) {
array_push($duplicates, $existing_characters['name']);
}
echo implode(" and ", $duplicates) . " already belong to another account.";
echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
return;
} else {
$query_insert_character = mysqli_query($con, "replace INTO `trader`.`characters` " . "(`eve_idcharacter`, " . "`name`, " . "`balance`, " . "`api_apikey`," . "`networth`," . "`escrow`," . "`total_sell`," . "`broker_relations`," . "`accounting`) " . "VALUES " . "({$row}, " . "'{$name_char}', " . "'0', " . "'{$apikey_final}'," . "'0'," . "'0'," . "'0'," . "'0'," . "'0');") or die(mysqli_error($con));
}
}
//create aggregation between characters and account
foreach ($chars as $row2) {
$query_insert_aggr = mysqli_query($con, "INSERT INTO `trader`.`aggr` " . "(`idaggr`, " . "`user_iduser`, " . "`character_eve_idcharacter`) " . "VALUES " . "(NULL, " . "'{$last_id_user}', " . "'{$row2}');") or die(mysqli_error($con));
}
//check if everything is right before commit
if ($query_insert_user && $query_insert_apikey && $query_insert_character && $query_insert_aggr) {
mysqli_query($con, "COMMIT");
echo "Account created sucessfully" . "<br>" . "You may now login.";
echo "<br><br>";
$dt = new DateTime();
$tz = new DateTimeZone('Europe/Lisbon');
$dt->setTimezone($tz);
$datetime = $dt->format('Y-m-d H:i:s');
mysqli_query($con, "INSERT INTO `trader`.`log` (`idlog`, `user_iduser`, `type`, `datetime`) VALUES (NULL, '{$last_id_user}', 'register', '{$datetime}')") or die(mysqli_error($con));
redirect_login();
} else {
mysqli_query($con, "ROLLBACK");
echo "There was a problem creating your account. Try again.";
echo "<br>";
redirect_error();
}
}
}
}
}
}
} else {
//first send validation
if (!empty($_POST['Send'])) {
$username = mysqli_real_escape_string($con, $_POST['username']);
//password encryption
$password1 = $_POST['password'];
$password2 = $_POST['password2'];
$cost = 10;
// Create a random salt
//$password1 = mysqli_real_escape_string($con,md5($_POST['password']));
//$password2 = mysqli_real_escape_string($con,md5( $_POST['password2']));
if ($password1 == $password2) {
$pw_encr = $password1;
}
unset($_POST['password']);
$apikey = mysqli_real_escape_string($con, $_POST['api']);
$vcode = mysqli_real_escape_string($con, $_POST['vcode']);
$reports = mysqli_real_escape_string($con, $_POST['reports']);
$email = mysqli_real_escape_string($con, $_POST['email']);
/*$pheal = new Pheal('4458709', 'vR9VUNKD3hSHD9KJRbTOUnPDiRC1Rb87ETUEbKsaxa4c9gXCtiNDNCPwKvdrt0tu');
$result = $pheal->accountScope->APIKeyInfo();
foreach($result->key as $res) {echo $res->accessMask, $res->type;}
*/
//Using CURL to fetch API Access Mask
$curl_url = "https://api.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=" . $apikey . "&vCode=" . $vcode;
// create curl resource
$ch = curl_init($curl_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
// $response contains the XML response string from the API call
$response = curl_exec($ch);
// If curl_exec() fails/throws an error, the function will return false
if ($response === false) {
// Could add some 404 headers here
echo 'Curl error: ' . curl_error($ch);
} else {
$apiInfo = new SimpleXMLElement($response);
try {
checkXML($apiInfo->result->key);
$accessMask = (int) $apiInfo->result->key->attributes()->accessMask;
} catch (Exception $e) {
echo 'Error: ' . $e->getMessage();
echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
return;
}
}
// close curl resource to free up system resources
curl_close($ch);
//***********SERVER VALIDATION #1***************
//check if email is already taken
$check_email = mysqli_query($con, "SELECT email FROM user WHERE email = '{$email}'") or die(mysqli_error($con));
if (mysqli_num_rows($check_email) != 0) {
echo "Email is already taken";
redirect_error();
} else {
//check if access mask is correct
if ($accessMask != '82317323' && $accessMask != '1073741823') {
echo "Your access mask is " . $accessMask . " which has different permissions than requested. Please <a href = 'https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=82317323' target='_blank'>create one here</a> with the correct permissions and <a href= 'register.php'>try again </a>.";
} else {
//check if passwords match
if ($password1 != $password2) {
echo "Your passwords must match.";
redirect_error();
} else {
//check if username is already taken
$check_username = mysqli_query($con, "SELECT username FROM user WHERE username = '******'") or die(mysqli_error($con));
if (mysqli_num_rows($check_username) != 0) {
echo "Username is already taken";
redirect_error();
} else {
//check if API KEY is valid
echo "<b>Choose which characters to import:</b><br>";
//get character List from API KEY using Pheal
$pheal = new Pheal($apikey, $vcode);
$result = $pheal->accountScope->APIKeyInfo();
$count = 0;
echo "<table border ='1'>";
echo "<form action = {$_SERVER['PHP_SELF']} method = 'POST' >";
foreach ($result->key->characters as $character) {
$count = $count + 1;
echo "<tr><td>" . $character->characterName . "</td><td>" . "<img src='https://image.eveonline.com/Character/" . $character->characterID . "_64.jpg'" . "</td><td>" . "<input type = 'checkbox' name = 'char{$count}' value = '{$character->characterID}'>" . "</td></tr>";
//there is a KEY HEADER BEFORE THE CHARACTERS ROWSET
}
echo "</table><br>";
//rest of the parameters
echo "<input type ='hidden' name='username' value='{$username}'>";
echo "<input type ='hidden' name='password' value='{$pw_encr}'>";
echo "<input type ='hidden' name='api' value='{$apikey}'>";
echo "<input type ='hidden' name='vcode' value='{$vcode}'>";
echo "<input type ='hidden' name='reports' value='{$reports}'>";
echo "<input type ='hidden' name='email' value='{$email}'>";
echo "<input type ='Submit' name='Send_2' value ='Send' class='btn btn-lg btn-success btn-block' />";
echo "</form>";
}
}
}
}
} else {
register_form();
}
}
}
function opendb_not_authorised_page($permission = NULL, $HTTP_VARS = NULL)
{
global $PHP_SELF;
if ($permission != NULL && is_permission_disabled_for_remember_me($permission)) {
redirect_login($PHP_SELF, $HTTP_VARS, TRUE);
} else {
echo _theme_header(get_opendb_lang_var('not_authorized_to_page'));
echo "<p class=\"error\">" . get_opendb_lang_var('not_authorized_to_page') . "</p>";
echo _theme_footer();
}
}
$xajax->processRequest();
}
if ($HTTP_VARS['mode'] != 'job') {
$menu_option_r = get_system_admin_tools_menu($ADMIN_TYPE);
$title = $menu_option_r['link'] . " Admin Tool";
_theme_header($title);
// todo - this should really be in the <head>...</head> - does it matter?
if ($xajax) {
$xajax->printJavascript();
}
echo "<h2>" . $title . "</h2>";
}
include_once "./admin/" . $ADMIN_TYPE . "/index.php";
if ($HTTP_VARS['mode'] != 'job') {
echo _theme_footer();
}
} else {
//not an administrator or own user.
opendb_not_authorised_page(PERM_ADMIN_TOOLS, $HTTP_VARS);
}
} else {
//not a valid session.
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS, 'admin');
}
} else {
//if(is_site_enabled())
opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
/**
* Implements the start page feature for those using the S2Member plugin.
*
* @param string $redirect_to URL
* @param array $login_info See wp_get_current_user()
* @since 3.0
*/
function redirect_s2member_login($redirect_to, $login_info)
{
// Check that we haven't been passed an error object
if (is_wp_error($login_info) || empty($login_info['current_user'])) {
return $redirect_to;
}
$new_redirect = redirect_login($redirect_to, array(), array());
return apply_filters('dpw_redirect_s2member_login', $new_redirect, $redirect_to, $login_info);
}