function get_sql_from_avr($file) { $sql = ''; $category = ''; $password = ''; // Change password if needed $user = '******'; if (preg_match("/#/", $file)) { list($category, $_name) = explode('#', basename($file), 2); $category = trim(str_replace(' ', '_', $category)); } if (file_exists($file) && filesize($file) > 0) { $content = file_get_contents($file); $decrypted_content = decrypt($content, $password); $datareport = @unserialize($decrypted_content); $report_name = $datareport["name"]; $report_data = @unserialize($datareport["report"]); $format_error = $report_data ? FALSE : TRUE; $validation_error = FALSE; $validation_error = !validate($report_name, 'A-Za-z0-9\\s\\.,:@_\\-\\/\\?&\\=_\\-\\;\\#\\|') ? TRUE : FALSE; if (!$validation_error) { $validation_error = !validate($category, 'A-Za-z0-9\\s\\.,:@_\\-\\/\\?&\\=_\\-\\;\\#\\|') ? TRUE : FALSE; } if (!$format_error && !$validation_error) { // Force some parameters $report_data["profile"] = 'Default'; $report_data["user"] = 0; $report_data["entity"] = '-1'; $report_data["category"] = !empty($category) ? str_replace('_', ' ', $category) : ''; $category = !empty($category) ? '_' . $category : ''; // check subreports ids $newds = array(); $sub_reports = $datareport["sr"]; foreach ($sub_reports as $idr => $info) { if ($idr < 3000) { $newds[$idr] = $report_data["ds"][$idr]; } } $report_data["ds"] = $newds; // insert $sql .= ' REPLACE INTO alienvault.user_config (login, category, name, value) VALUES (\'' . qstr($user) . '\', \'' . qstr('custom_report' . $category) . '\', \'' . qstr($report_name) . '\', from_base64(\'' . base64_encode(serialize($report_data)) . '\'));' . "\n"; } else { print_err($validation_error ? "Invalid character in Report Name or Category" : "Invalid Password, file format or category"); } } else { print_err(empty($file) ? "Use: php " . $argv[0] . " path/file_name.avr [category]" : "File {$file} doesn't exists"); } return $sql; }
{ echo $msg . '<br/>'; } /********** INPUT VALIDATION **********/ // validate first name validate_input($trimmed['fname'], 'first_name') ? $fn = $trimmed['fname'] : print_err('<center>- First Name is not valid: <em>(Must be between 2 & 20 characters and can only contain letters, apostrophes and hyphens)</em></center>'); // validate last name validate_input($trimmed['lname'], 'last_name') ? $ln = $trimmed['lname'] : print_err('<center>- Last Name is not valid: <i>(Must be between 2 & 40 characters and can only contain letters, apostrophes and hyphens)</i></center>'); // validate email validate_input($trimmed['email'], 'email') ? $em = $trimmed['email'] : print_err('<center>- You did not provide a valid email address</center>'); // validate password if (validate_input($trimmed['pass'], 'password')) { $trimmed['pass'] == $trimmed['pass2'] ? $pw = $trimmed['pass'] : print_err('<center>- Your passwords did not match</center>'); } else { print_err('<center>- Please enter a valid password: <small>(Must be between 4 & 20 characters. Can only contain letters, numbers and underscores)</small></center>'); } /**************************************/ // INPUT VALIDATION SUCCEEDED: if ($fn && $ln && $em && $pw) { // Create activation code: $a = md5(uniqid(rand(), true)); $user = new User(); $user->register(['first_name' => $fn, 'last_name' => $ln, 'email' => $em, 'password' => $pw, 'prof_link' => strtolower($fn . '.' . $ln . uniqid(rand()))]); } else { print_err('<br/><center><h5 class="red">Please amend your information as detailed and try again</h5></center><br/><br/>'); } } } // Include registration form markup include FORMS . 'registration_form.inc.php'; include FOOTER;
function array_stick($base_arr, $add_arr) { if (is_array($base_arr) && is_array($add_arr)) { foreach ($add_arr as $key => $value) { $base_arr[$key] = array_merge($base_arr[$key], $value); } } else { print_err("Input arguments are not arrays"); } return $base_arr; }
public function register($fields = []) { // CHECK EMAIL IS UNIQUE: if (!$this->find($fields['email'], 'users', ['email'])) { // if find() returned false then either of the following is true: // - Email address provided is unique and we're good to go // - Or there were errors querying the DB... if (empty($this->_db->errors())) { // Set activation code depending on site status: $fields['active'] = LIVE ? md5(uniqid(rand(), true)) : NULL; // Create new user in DB: if (empty($this->_db->insert('users', $fields)->errors())) { // Setup the new users directories and default files in file system: if (!$this->create_new_user_dir($fields['prof_link'])) { trigger_error("Error registering new user: Failed to create new users directories in file system"); print_err('<br/><center><h5 class="red uppercase">You have not been registered</h5></center><br/><br/>'); include FOOTER; exit; } if (LIVE) { // CONSTRUCT ACTIVATION EMAIL: $body = "Thank you for creating an account with Boxtar UK. To activate your account please follow this link:\n\n"; // Add URL to activation script with required vars $body .= BASE_URL . 'activate_acc.php?_x004a=' . urlencode($fields['email']) . '&_y0030=' . $fields['active']; // send activation email mail($fields['email'], 'Boxtar UK - Activate Your Box', $body, 'From: donotreply@boxtar.uk'); // Thank user echo '<div class="md-container"><h5>Thank you for creating an account with BOXTAR UK ©</h5> <p><br/><br/>An email has been sent to the provided email address. Please follow the link in that email to activate your account</p></div">'; } else { echo <<<EOT <div class="md-container"><h5>Thank you for creating an account with BOXTAR UK ©</h5></div"> EOT; } // Close page and kill script (form wont be re-shown) echo '</div><!-- boxtar-content -->'; include FOOTER; exit; } else { trigger_error("Error inserting new user into DB in " . trim($_SERVER['SCRIPT_FILENAME'], '/') . " (register function)<br/>DB Errors: " . implode('<br/>', $this->_db->errors())); print_err('<br/><center><h5 class="red uppercase">You have not been registered</h5></center><br/><br/>'); include FOOTER; exit; } } else { trigger_error("Error registering new user in " . trim($_SERVER['SCRIPT_FILENAME'], '/') . " (find function returned false)<br/>DB Errors: " . implode('<br/>', $this->_db->errors())); print_err('<br/><center><h5 class="red uppercase">You have not been registered</h5></center><br/><br/>'); include FOOTER; exit; } } else { // find() returned true so a match was found print_err('<center><p class="red">The provided e-mail address has already been registered<br/><i><a href="pass_retrieval.php">(Forgotten your password?)</a></i></p></center>'); } }
// Login will simply fail if an invalid email address is provided as the DB Query // won't return anything - so no need for unnecessary overhead !empty($trimmed['email']) ? $em = $trimmed['email'] : print_err('You did not enter an email address'); !empty($trimmed['pass']) ? $pw = $trimmed['pass'] : print_err('You did not enter a password'); if ($em && $pw) { // email and password provided - start querying DB $user = new User(); $login_status = $user->login($em, $pw); if ($login_status['status'] === true) { redirect(); } else { print_err($login_status['msg'] . '<br/><br/>Please try again'); } } else { // Email and/or password did NOT pass validation print_err('<br/>Please try again'); } } else { if (isset($_GET['e'])) { // Used for redirecting from activate_acc.php $trimmed = ['email' => trim($_GET['e'])]; } } ?> <br/> <br/> <?php include FORMS . 'login_form.inc.php'; ?>