{ $this->orders = $this->orderModel->setOrders(); } public function getOrders() { return $this->orders; } } if (isset($_POST['submit']) || isset($_GET['submit'])) { extract($_POST); extract($_GET); $auth = new Authenticate(); $isAjax = isset($isAjax) && $auth->isAjax() ? true : false; $pdo = new PDOSingleton(PDOSingleton::ADMINUSER); $errorRunner = new ErrorRunner(); $logger = new FullLog('Corporate Viewing Orders'); $logger->serverData(); $checkAuth = new CheckAuth($logger); $errors = []; $orderID = !empty($orderid) ? $auth->cInt($orderid) : null; $isCorporate = $checkAuth->isCorporate(); $employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null; $employeeID || ($errors[] = "No customer id. You have most likely timed out. Log out and log back in."); $isCorporate || ($errors[] = "You are not authenticated as a corporate user."); $models = new stdClass(); $models->pdo = $pdo; $models->errorRunner = $errorRunner; $models->logger = $logger; $orderData = new stdClass(); $orderData->orderID = $orderID; $orderData->employeeID = $employeeID;
require_once dirname(dirname(__DIR__)) . DIRECTORY_SEPARATOR . "partials/header.php"; use security\Controllers\Corporate\EmployeeGroupsOrdersController; use security\Models\Authenticator\BlackLister; use security\Models\Authenticator\CheckAuth; use security\Models\ErrorRunner; use security\Models\PDOSingleton; use security\Models\RedisSingleton; use security\Models\Router\Router; use security\Models\SiteLogger\FullLog; $router = new Router(__DIR__); $rootPath = $router->rootPath; $redis = new RedisSingleton(); $errorRunner = new ErrorRunner(); $pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER); $logger = new FullLog('Corporate View Orders Page'); $checkAuth = new CheckAuth($logger); $blackList = new BlackLister($redis); $isCorporate = $checkAuth->isCorporate(); $isAdmin = $checkAuth->isAdmin(); $router = new Router(__DIR__); $rootPath = $router->rootPath; if (!$isCorporate) { $logger->serverData(); $logger->addWarning("User attempted to access unauthorized location."); $error = rawurlencode('Not an authenticated corporate user.'); die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}")); } $models = new stdClass(); $models->redis = $redis; $models->errorRunner = $errorRunner;
<?php require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'partials/header.php'; use security\Models\PDOSingleton; use security\Models\RedisSingleton; use security\Models\SiteLogger\FullLog; $redis = new RedisSingleton(); $pdo = new PDOSingleton(); $logger = new FullLog(); $errors = []; $message = null; $successClass = $errorClass = 'hide'; $errorString = ''; if (isset($_GET['uniq'])) { $uid = $_GET['uniq']; $id = $redis->get($uid); if ($id) { $query = "UPDATE customers SET verified = 1 WHERE id = :id"; $stmt = $pdo->prepare($query); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $errorInfo = $stmt->errorInfo(); if (isset($errorInfo[2])) { $errors[] = "No user matching the UID provided."; $logger->addCritical("Unable to Add new user because {$errorInfo[2]}."); } $changed = $stmt->rowCount(); if ($changed) { $successClass = null; $message = "Successfully verified new customer and email. You can now login to the customer site."; $redis->del($uid);
use security\Models\Generator\CountryList; use security\Models\PDOSingleton; use security\Models\RedisSingleton; use security\Models\Router\Router; use security\Models\SiteLogger\FullLog; $countryList = new CountryList(); $countries = $countryList->getCountryList(); $countryOptions = ''; foreach ($countries as $code => $countryName) { $countryOptions .= "<option value='{$code}'>{$countryName}</option>"; } $router = new Router(__DIR__); $rootPath = $router->rootPath; $redis = new RedisSingleton(); $errorRunner = new ErrorRunner(); $logger = new FullLog("Create new Customer"); $pdo = new PDOSingleton(PDOSingleton::CUSTOMERUSER); $blacklist = new BlackLister(); if (!isset($_SESSION["visits"])) { $_SESSION["visits"] = 0; } $_SESSION["visits"] = $_SESSION["visits"] + 1; if ($_SESSION["visits"] > 5) { $logger->serverData(); // increment the blacklister by one. $logger->addWarning("Someone is repeatedly visiting the create new customer account, this is their {$_SESSION['visits']}. Potential abuse."); $blacklist->blackList(); } if ($blacklist->isBlackListed()) { // Again, this is an incredibly weak protection. $logger->addError("This IP has been flagged as abusive.");