<?php require_once "includes/session.inc"; require_once "includes/db.class.inc"; function reconstruct($shares) { $command = '/usr/bin/python /var/www/html/mfa/sss/toyapp.py decrypt ' . json_encode($shares); //implode(',',$shares).']'; $result = exec($command, $status); return $result; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (is_session_active()) { //$shares = array($_POST['1'] , $_POST['2'], $_POST['3']); $shares = array(); if (!empty($_POST['1'])) { array_push($shares, $_POST['1']); } if (!empty($_POST['2'])) { array_push($shares, $_POST['2']); } if (!empty($_POST['3'])) { array_push($shares, $_POST['3']); } //var_dump($shares); $reconstructed_secret = reconstruct($shares); $db = new DBConnection(); $db->connect(); $user = get_user_info(); $secret = $db->query('secret', 'secret', "uid='{$user}'", null, null, null)[0]['secret']; $db->delete('secret', "uid='{$user}'");
** Last revision: 2010-03-09 *************************************************************************/ session_start(); require_once 'include/common.inc.php'; require_once 'include/review_forms.php'; require_once 'include/header.php'; require_once 'include/jquery.php'; $post_vars = array("stage", "substage", "username", "password", "requestid", "sessionid", "notes", "initials"); foreach ($post_vars as $post_var) { $post_var = "fm_" . $post_var; ${$post_var} = isset($_POST[$post_var]) ? $_POST[$post_var] : ""; } // Use the Bronto SessionID to establish a binding to the active session. if ($fm_sessionid) { $bapi = connect_bronto_session($fm_sessionid); if (!is_session_active($bapi)) { display_errorbox("Your " . APP_NAME . " session has expired; please log in again.<br/>[id=" . $fm_sessionid . "]"); $fm_stage = "start"; } } else { $bapi = null; } if (empty($fm_stage) || $fm_stage == "start") { $request_id = null; if (isset($_GET['fm_requestid'])) { $request_id = $_GET['fm_requestid']; if (!empty($_SESSION['username'])) { $dbh = open_db(); //ab prepare_message_review($dbh, $request_id); //ab
<!--Site Controller--> <?php include "sanitization.php"; $result = ""; // We don't want to do anything unless there is an active session if (isset($_POST['type']) && is_session_active()) { // What kind of request is this? // Make sure it's not something nasty $request_type = sanitizeMYSQL($connection, $_POST['type']); // What do we want to do with it? switch ($request_type) { case "logout": logout(); $result = "success"; break; case "search": // If the search query didn't make it through we don't want to do anything. if (isset($_POST['value'])) { $search_string = $_POST['value']; $result = find_cars($connection, $search_string); } else { $result = "failure"; } break; case "rent": if (isset($_POST['value'])) { // This should work $result = rent_car($connection, $_POST['value']); } else { $result = "failure"; }