static function doExportFromPost() { // Consolidate GET and POST parameters. Allow GET to override POST. $params = array_merge($_POST, $_GET); // print_r($params); foreach ($params as $key => $value) { if (is_string($value)) { $params[$key] = stripslashes($value); } } // Assumes coming from CF7DBPlugin::whatsInTheDBPage() $key = '3fde789a'; //substr($_COOKIE['PHPSESSID'], - 5); // session_id() doesn't work if (isset($params['guser'])) { $params['guser'] = CFDBDeobfuscate::deobfuscateHexString($params['guser'], $key); } if (isset($params['gpwd'])) { $params['gpwd'] = CFDBDeobfuscate::deobfuscateHexString($params['gpwd'], $key); } if (!isset($params['enc'])) { $params['enc'] = 'CSVUTF8'; } if (!isset($params['form'])) { $params['form'] = ''; } CF7DBPluginExporter::export($params['form'], $params['enc'], $params); }
public function ajaxLogin() { // Login the user $key = 'kx82XcPjq8q8S!xafx%$&7p6'; $creds = array(); $user = null; $password = null; if (!empty($_REQUEST['l'])) { $userPass = CFDBDeobfuscate::deobfuscateHexString($_REQUEST['l'], $key); $userPass = explode('/', $userPass, 2); $count = count($userPass); if ($count >= 1) { $user = $userPass[0]; if ($count > 1) { $password = $userPass[1]; } } } if (!$user) { $user = !empty($_REQUEST['username']) ? $_REQUEST['username'] : null; } if (!$password) { $password = !empty($_REQUEST['password']) ? $_REQUEST['password'] : null; } $creds['user_login'] = $user; $creds['user_password'] = $password; $creds['remember'] = !empty($_REQUEST['rememberme']) ? $_REQUEST['rememberme'] : null; $user = wp_signon($creds, false); if (is_wp_error($user)) { echo $user->get_error_message(); die; } wp_set_current_user($user->ID); // User is logged in. Now do the requested action if (!empty($_REQUEST['cfdb-action'])) { switch ($_REQUEST['cfdb-action']) { case 'cfdb-export': if (!$this->canUserDoRoleOption('CanSeeSubmitData')) { echo '<strong>ERROR</strong>: user ' . $_REQUEST['username'] . ' is not authorized to export CFDB data'; die; } $this->ajaxExport(); break; default: break; } } die; }
static function deobfuscateHexString($hex, $key) { return CFDBDeobfuscate::deobfuscateString(CFDBDeobfuscate::hexToStr($hex), $key); }
public function getCredentialsFromAjaxCall() { // Login the user $key = 'kx82XcPjq8q8S!xafx%$&7p6'; $creds = array(); $user = null; $password = null; if (!empty($_REQUEST['l'])) { $userPass = CFDBDeobfuscate::deobfuscateHexString($_REQUEST['l'], $key); $userPass = explode('/', $userPass, 2); $count = count($userPass); if ($count >= 1) { $user = $userPass[0]; if ($count > 1) { $password = $userPass[1]; } } } if (!$user) { $user = !empty($_REQUEST['username']) ? $_REQUEST['username'] : null; } if (!$user) { $user = !empty($_REQUEST['user_login']) ? $_REQUEST['user_login'] : null; } if (!$password) { $password = !empty($_REQUEST['password']) ? $_REQUEST['password'] : null; } if (!$password) { $password = !empty($_REQUEST['user_password']) ? $_REQUEST['user_password'] : null; } if ($user && $password) { $creds['user_login'] = $user; $creds['user_password'] = $password; $creds['remember'] = !empty($_REQUEST['rememberme']) ? $_REQUEST['rememberme'] : null; } return $creds; }