function diy_compile($payload, $storage) { global $app; $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $result->function = substr($app->request()->getPathInfo(), 1); $result->method = $app->request()->getMethod(); $params = loadParameters(); $srcfile = OAuth2\Request::createFromGlobals()->request["srcfile"]; $srclib = OAuth2\Request::createFromGlobals()->request["srclib"]; $device = OAuth2\Request::createFromGlobals()->request["device"]; $comp = OAuth2\Request::createFromGlobals()->request["comp"]; $filename = OAuth2\Request::createFromGlobals()->request["filename"]; $writedevice = OAuth2\Request::createFromGlobals()->request["writedevice"]; $up = json_decode(base64_decode($payload)); $client_id = $up->client_id; $diy_error["post"]["device"] = $device; $post["srcfile"] = $srcfile; //organisation oauth_devices $post["device"] = $device; //organisation oauth_devices $post["comp"] = $comp; //organisation oauth_devices $post["filename"] = $filename; //organisation oauth_devices $post["writedevice"] = $writedevice; //organisation oauth_devices $gump = new GUMP(); $gump->validation_rules(array('device' => 'required|alpha_numeric', 'filename' => 'required|alpha_numeric', 'comp' => 'required|alpha_numeric', 'writedevice' => 'required|alpha_numeric')); $gump->filter_rules(array('device' => 'trim|sanitize_string', 'filename' => 'trim|sanitize_string', 'comp' => 'trim|sanitize_string', 'writedevice' => 'trim|sanitize_string')); $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } else { try { $sourceWriteDir = __DIR__ . '/../../../data/sketches/' . $client_id . '/' . $device . '/' . $filename; if (file_exists($sourceWriteDir)) { throw new \Exception('Filename ' . $filename . ' for user ' . $client_id . ' and device ' . $device . ' already exists'); } $stmt2 = $storage->prepare('SELECT * FROM oauth_devices WHERE device = :device'); $stmt2->execute(array('device' => trim($device))); $row2 = $stmt2->fetch(PDO::FETCH_ASSOC); if ($row2["organisation"]) { $org = trim($row2["organisation"]); } if ($row2["mode"]) { $mode = trim($row2["mode"]); } if ($row2["status"]) { $status = trim($row2["status"]); } if ($row2["client_id"]) { $devclient_id = trim($row2["client_id"]); } $orgscopeadmin = "no"; $orgscopedevel = "no"; if ($mode == "devel" && $status == "org") { $userscopes = explode(' ', trim($userscope)); $adminscope = $org . "_admin"; $develscope = $org . "_admin"; // o user aniki sto scope for ($i = 0; $i <= count($userscopes); $i++) { if (trim($userscopes[$i]) == $adminscope) { $orgscopeadmin = "yes"; } if (trim($userscopes[$i]) == $develscope) { $orgscopedevel = "yes"; } } // einai o owner if ($devclient_id == $client_id) { $orgscopeadmin = "yes"; } } // einmai o owner if ($mode == "devel" && $status == "private" && $devclient_id == $client_id) { $orgscopeadmin = "yes"; } $result["result"]["sketch1"] = $orgscopeadmin; if ($orgscopeadmin == "yes" || $orgscopedevel == "yes") { try { $stmt2 = $storage->prepare('SELECT * FROM oauth_clients WHERE client_id = :device'); $stmt2->execute(array('device' => trim($device))); $row2 = $stmt2->fetch(PDO::FETCH_ASSOC); if ($row2["apiport"]) { // *************************************** compiler ********************************* // srcfile echeis se base64 ton kodika // compiler echeis ton compiler pou thelei o user mechri stigmis echoume gcc, ino // filename to filename pou edosse o user // o poros compilesketch // afou kanei compile // epistrefei // error ta lathi h noerrors // binfile to hex file $compilerserver = diyConfig::read("compiler.host"); $compilerserver .= ":" . diyConfig::read("compiler.port"); $data1 = 'filename=' . $filename; $data1 .= '&compiler=' . $comp; $data1 .= '&srcfile=' . $srcfile; $fixedFiles = array(); foreach ($srclib as $curName => $curFile) { $fixedFiles[] = 'srclib[' . $curName . ']=' . $curFile; } $data1 .= '&' . implode('&', $fixedFiles); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "{$compilerserver}/api/compilesketch"); curl_setopt($ch, CURLOPT_TIMEOUT, 60); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data1); curl_setopt($ch, CURLOPT_POST, 1); $or = curl_exec($ch); if (!$or) { $or = curl_error($ch); } $result["compiler"] = $or; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; $result["status"] = "200"; $r = json_decode($or, true); if (!$r) { $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: CompilationError"; $result["compiler"] = $or; $result["status"] = "500"; return $result; } if ($r['status'] != 200) { $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: CompilationError"; $result["status"] = "500"; return $result; } unset($result["compiler"]); // No need to transfer this to the user //$srcfilebase64encode = base64_encode($srcfile); $apiport = trim($row2["apiport"]); // *************************************** compiler ********************************* if ($r['status'] == 200 && $writedevice == "yes") { $apiport = trim($row2["apiport"]); $binfile = $r['hex']; $data1 = 'file=base64'; $data1 .= '&binfile=' . $binfile; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://127.0.0.1:{$apiport}/api/writesketch"); curl_setopt($ch, CURLOPT_TIMEOUT, 90); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data1); curl_setopt($ch, CURLOPT_POST, 1); $r = curl_exec($ch); $result["sketch"] = $r; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; $result["status"] = "200"; //$result["result"]= $r; } // If we are here with no exceptions then everything went well. Lets save the sketch. $ziptmp = tempnam(sys_get_temp_dir(), 'diytmpzip') . '.tgz'; file_put_contents($ziptmp, base64_decode($r['zip'])); $p = new PharData($ziptmp); $p->decompress(); // creates /path/to/my.tar $ziptmpextracted = str_replace('.tgz', '.tar', $ziptmp); $phar = new PharData($ziptmpextracted); $writeDir = __DIR__ . '/../../../data/sketches/' . $client_id . '/' . $filename; $phar->extractTo($sourceWriteDir); } } catch (Exception $e) { $diy_error["db"] = $e->getCode(); $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } } catch (Exception $e) { $diy_error["db"] = $e->getCode(); $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
public function edit() { $gump = new GUMP(); $gump->validation_rules(array('id' => 'required|integer|min_len,1', 'user' => 'required|integer', 'enabled' => 'required|integer', 'mins' => 'required', 'hours' => 'required', 'days' => 'required', 'months' => 'required', 'DoW' => 'required')); $gump->filter_rules(array('id' => 'trim|whole_number')); $valid_data = $gump->run($_POST); if ($valid_data === false) { return new ActionResult($this, '/admin/core/cron_view', 0, 'Failed to edit cron job!<br />Error: <code>Please check you have completed all fields as instructed.</code>', B_T_FAIL); } foreach (array('mins', 'hours', 'days', 'months', 'DoW') as $var) { if ($valid_data[$var] === '*') { $valid_data[$var] = NULL; } } $update_query = $this->mySQL_w->prepare("UPDATE `core_cron` SET `enable`=?, `mins`=?, `hours`=?, `days`=?, `month`=?, `dow`=?, `user_id`=? WHERE `ID`=?"); if ($update_query === false) { return new ActionResult($this, '/admin/core/cron_view', 0, 'Failed to edit cron job.<br/>Error: <code>Update query failed</code>', B_T_FAIL); } $update_query->bind_param('iiiiiiii', $valid_data['enabled'], $valid_data['mins'], $valid_data['hours'], $valid_data['days'], $valid_data['months'], $valid_data['DoW'], $valid_data['user'], $valid_data['id']); $update_query->execute(); if ($update_query->affected_rows == 1) { return new ActionResult($this, '/admin/core/cron_view', 1, 'Succeesfully edited cron job!', B_T_SUCCESS); } else { return new ActionResult($this, '/admin/core/cron_view', 1, 'Tried to edit cron job, but there was nothing to change!', B_T_INFO); } }
public static function validate(\RedBeanPHP\OODBBean $bean) { $data = $bean->export(); $model = $bean->box() !== null ? $bean->box() : null; if (!$model) { throw new ModelValidation_Exception('This bean does not have a model!'); } $rules = isset($model::$rules) ? $model::$rules : null; if (!$rules) { throw new ModelValidation_Exception('This bean does not have any established rules!'); } $validations = []; $filters = []; $labels = []; $messages = []; foreach ($rules as $field => $rule) { if (isset($rule['filter'])) { $filters[$field] = $rule['filter']; } if (isset($rule['label'])) { $labels[$field] = $rule['label']; } if (isset($rule['validation'])) { $validations[$field] = $rule['validation']; } if (isset($rule['message'])) { $field = isset($rule['label']) ? $rule['label'] : ucwords(str_replace(array('_', '-'), chr(32), $field)); $messages[$field] = $rule['message']; } } $gump = new \GUMP(); if (!empty($filters)) { $gump->filter_rules($filters); } if (!empty($validations)) { $gump->validation_rules($validations); } if (!empty($labels)) { $gump->set_field_names($labels); } $validated_data = $gump->run($data); if ($validated_data === false) { return self::default2custom_errors($gump->get_errors_array(), $messages); } else { $bean->import($validated_data); return true; } }
/** * * Processes the request from the user * The main engine of the class * * @param object $post WP_Post Object * returns nothing * */ function process_article() { require_once CPT_PLUGIN_DIR . 'assets/php/gump/gump.class.php'; $gump = new GUMP(); $_POST = $gump->sanitize($_POST); // You don't have to sanitize, but it's safest to do so. $gump->validation_rules(array( 'email' => 'required|valid_email', )); $gump->filter_rules(array( 'email' => 'trim|sanitize_email', )); $validated_data = $gump->run($_POST); if($validated_data === false) { $this->message_type = 'error'; $this->message = $gump->get_readable_errors(true); } else { // Get the article data $this->post = get_post($validated_data['post_id'], OBJECT, 'edit'); //build the html $email_html = $this->build_html(); // If article is sent if($this->send_email($validated_data['email'])) { $this->message_type = 'success'; $this->message = 'The article link has been emailed'; } else { $this->message_type = 'error'; $this->message = 'The article has not been sent. Please try again'; } } // Finally send the response to user $this->response_message(); }
public function edit() { $gump = new GUMP(); $gump->validation_rules(array('id' => 'required|integer|min_len,1', 'ip' => 'required|valid_ipv4', 'length' => 'required|integer', 'reason' => 'required')); $gump->filter_rules(array('id' => 'trim|whole_number', 'ip' => 'trim', 'length' => 'trim|whole_number', 'reason' => 'trim|sanitize_string')); $valid_data = $gump->run($_POST); if ($valid_data === false) { return new ActionResult($this, '/admin/core/ipblock_view', 0, 'Failed to edit block!<br />Error: <code>Please check you have completed all fields as instructed.</code>', B_T_FAIL); } $update_query = $this->mySQL_w->prepare("UPDATE `core_ip` SET `length`=?, `reason`=? WHERE `id`=? AND `ip`=INET_ATON(?)"); if ($update_query === false) { return new ActionResult($this, '/admin/core/ipblock_view', 0, 'Failed to edit block.<br/>Error: <code>Update query failed</code>', B_T_FAIL); } $update_query->bind_param('isis', $valid_data['length'], $valid_data['reason'], $valid_data['id'], $valid_data['ip']); $update_query->execute(); if ($update_query->affected_rows == 1) { return new ActionResult($this, '/admin/core/ipblock_view', 1, 'Succeesfully edited block!', B_T_SUCCESS); } else { return new ActionResult($this, '/admin/core/ipblock_view', 1, 'Tried to edit block, but there was nothing to change!', B_T_INFO); } }
public function edit() { $gump = new GUMP(); $gump->validation_rules(array('id' => 'required|integer|min_len,1', 'name' => 'required', 'value' => 'required')); $gump->filter_rules(array('id' => 'trim|whole_number', 'name' => 'trim|sanitize_string', 'value' => 'trim', 'desc' => 'trim|sanitize_string')); $valid_data = $gump->run($_POST); if ($valid_data === false) { return new ActionResult($this, '/admin/core/option_edit', 0, 'Failed to edit option!<br />Error: <code>Please check you have completed all fields as instructed.</code>', B_T_FAIL); } $update_query = $this->mySQL_w->prepare("UPDATE `core_options` SET `value`=?, `desc`=? WHERE `id`=? AND `name`=?"); if ($update_query === false) { return new ActionResult($this, '/admin/core/option_view', 0, 'Failed to edit option.<br/>Error: <code>Update query failed</code>', B_T_FAIL); } $update_query->bind_param('ssis', $valid_data['value'], $valid_data['desc'], $valid_data['id'], $valid_data['name']); $update_query->execute(); if ($update_query->affected_rows == 1) { return new ActionResult($this, '/admin/core/option_view', 1, 'Succeesfully edited option!', B_T_SUCCESS); } else { return new ActionResult($this, '/admin/core/option_view', 1, 'Tried to edit option, but there was nothing to change!', B_T_INFO); } }
public function addSub() { $gump = new GUMP(); $gump->validation_rules(array('module' => 'required|integer|min_len,1', 'PID' => 'required|integer', 'parent' => 'required|integer')); $gump->filter_rules(array('module' => 'trim|whole_number', 'PID' => 'trim|whole_number', 'parent' => 'trim|whole_number')); $valid_data = $gump->run($_POST); if ($valid_data === false) { return new ActionResult($this, '/admin/core/menu_add', 0, 'Failed to add menu sub menu item.<br />Error: <code>Please check you have completed all fields as instructed.</code>', B_T_FAIL); } $max_query = $this->mySQL_r->query("SELECT MAX(`position`) FROM `core_menu`"); $parent_query = $this->mySQL_r->prepare("SELECT `MID` FROM `core_menu` WHERE `MID`=?"); if (!$parent_query) { return new ActionResult($this, '/admin/core/menu_add', 0, 'Failed to add sub menu item.<br/>Error: <code>Query to check parent item exists failed</code>', B_T_FAIL); } if (!$max_query) { return new ActionResult($this, '/admin/core/menu_add', 0, 'Failed to add sub menu item.<br/>Error: <code>Failed to get next free position</code>', B_T_FAIL); } $parent_query->bind_param('i', $valid_data['parent']); $parent_query->execute(); $parent_query->store_result(); if ($parent_query->num_rows != 1) { return new ActionResult($this, '/admin/core/menu_add', 0, 'Failed to add sub menu item.<br/>Error: <code>Failed to check parent exists</code>', B_T_FAIL); } $max = $max_query->fetch_row(); $max = $max[0] + 1; $add_query = $this->mySQL_w->prepare("INSERT INTO `core_menu` (`position`, `parent`, `PID`, `dropdown`, `divider` ) VALUES (?, ?, ?, 0, 0)"); if (!$add_query) { return new ActionResult($this, '/admin/core/menu_add', 0, 'Failed to add menu.<br/>Error: <code>Insert query failed</code>', B_T_FAIL); } $add_query->bind_param('iii', $max, $valid_data['parent'], $valid_data['PID']); $add_query->execute(); if ($add_query->affected_rows == 1) { return new ActionResult($this, '/admin/core/menu_edit/' . $valid_data['parent'] . '/?tp=dropdown', 1, 'Succeesfully add sub menu item!', B_T_SUCCESS); } else { return new ActionResult($this, '/admin/core/menu_addsub/' . $valid_data['parent'], 0, 'Tried to add sub menu item, but failed!', B_T_FAIL); } }
public function save() { if (WebApp::post('mysql_r_pass') === '') { WebApp::post('mysql_r_pass', $this->parent->parent->config->config['mysql']['r']['pass']); } if (WebApp::post('mysql_w_pass') === '') { WebApp::post('mysql_r_pass', $this->parent->parent->config->config['mysql']['w']['pass']); } $gump = new GUMP(); $gump->validation_rules(array('core_errors' => 'required|boolean', 'core_maintenance' => 'required|boolean', 'core_debug' => 'required|boolean', 'core_https_a' => 'required|boolean', 'core_https_f' => 'required|boolean', 'core_cdn' => 'required', 'mysql_db' => 'required', 'mysql_r_user' => 'required', 'mysql_r_host' => 'required', 'mysql_r_port' => 'required|integer', 'mysql_w_user' => 'required', 'mysql_w_host' => 'required', 'mysql_w_port' => 'required|integer', 'reCAPTCHA_pub' => 'required|alpha_dash', 'reCAPTCHA_priv' => 'required|alpha_dash')); $gump->filter_rules(array('core_cdn' => 'trim|urlencode')); $valid_data = $gump->run($_POST); if ($valid_data === false) { return new ActionResult($this, '/admin/core/config_edit', 0, 'Failed to save config!<br />Error: <code>Please check you have completed all fields as instructed.</code>', B_T_FAIL); } $configFile = fopen(__LIBDIR__ . '/config.inc.php', 'w'); if (fwrite($configFile, $this->getFile($valid_data))) { fclose($configFile); return new ActionResult($this, '/admin/core/config_view', 1, 'Succeesfully saved config!', B_T_SUCCESS); } else { fclose($configFile); return new ActionResult($this, '/admin/core/config_edit', 0, 'Failed to save config!', B_T_SFAIL); } }
function user_form($user_id = 0) { global $mysqli; global $user; if ($user_id) { $form_user = new User(get_user_email_by_id($user_id)); $form_type = 'update'; if ($form_user->email != $_SESSION['email'] && !$user->is_allowed('edit_ashp_users')) { echo edgimo_error('Your user role (' . $user->role . ') is not allowed to make edits on this page.'); return; } } else { if (!$user->is_allowed('add_user')) { echo edgimo_error('Your user role (' . $user->role . ') is not allowed to add users.'); return; } $form_user = new User(); $form_type = 'insert'; } $html = ''; $fields = array('first_name' => array('var' => 'first_name', 'label' => 'First Name', 'type' => 'text', 'std' => $form_user->first_name, 'validate' => 'required|valid_name', 'filter' => 'trim|sanitize_string', 'param' => 's', 'desc' => ''), 'last_name' => array('var' => 'last_name', 'label' => 'Last Name', 'type' => 'text', 'std' => $form_user->last_name, 'validate' => 'required|valid_name', 'filter' => 'trim|sanitize_string', 'param' => 's', 'desc' => ''), 'email' => array('var' => 'email', 'label' => 'Email', 'type' => 'text', 'std' => $form_user->email, 'validate' => 'required|valid_email', 'filter' => 'trim|sanitize_string', 'param' => 's', 'desc' => ''), 'password' => array('var' => 'password', 'label' => 'Password', 'type' => 'password', 'std' => '', 'validate' => 'required', 'filter' => '', 'param' => 's', 'desc' => '')); if ($user->is_allowed('change_roles')) { $fields['role'] = array('var' => 'role', 'label' => 'Role', 'type' => 'select', 'options' => unserialize(ROLES), 'std' => $form_user->role, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 's', 'desc' => ''); } //special instructions for updating password if ($form_type == 'update') { $fields['password']['desc'] = 'Only enter a new password here if you wish to update the existing password'; } if (isset($_POST['submit'])) { $gump = new GUMP(); //password can be left blank when updating account. If it is, just plug in the saved value if ($form_type == 'update') { if ($_POST['form']['password'] === '') { $_POST['form']['password'] = $form_user->password; } } //add values to the validate and filter gump arrays foreach ($_POST['form'] as $k => $v) { //update the std value for form output below $fields[$k]['std'] = $v; if (!empty($fields[$k]['validate'])) { $validate[$k] = $fields[$k]['validate']; } if (!empty($fields[$k]['filter'])) { $filter[$k] = $fields[$k]['filter']; } } //run gump $gump->validation_rules($validate); $gump->filter_rules($filter); //get validated data $validated_data = $gump->run($_POST['form']); if (empty($validated_data['role'])) { $validated_data['role'] = $form_user->role; } if ($validated_data === false) { $errors = $gump->get_readable_errors(false); $error_text = ''; foreach ($errors as $error) { $error_text .= $error . '<br />'; } echo edgimo_error($error_text); } else { if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit; } if ($form_type == 'update') { $query = $mysqli->prepare("UPDATE ashp_users SET first_name=?, last_name=?, email=?, role=?, password=? WHERE user_id=?"); $password = sha1($validated_data['password']); $query->bind_param('sssssi', $validated_data['first_name'], $validated_data['last_name'], $validated_data['email'], $validated_data['role'], $password, $form_user->user_id); echo edgimo_success('Account details have been updated.'); } if ($form_type == 'insert') { $query = $mysqli->prepare("INSERT INTO ashp_users (email, first_name, last_name, password, role, status) VALUES (?,?,?,?,?,?)"); $password = sha1($validated_data['password']); $status = 'active'; $query->bind_param('ssssss', $validated_data['email'], $validated_data['first_name'], $validated_data['last_name'], $password, $validated_data['role'], $status); echo edgimo_success('New user created.'); } $query->execute(); $query->close(); $new_user = new User($validated_data['email']); $user_vars = get_object_vars($new_user); echo '<script>table_insert(' . json_encode($user_vars) . ');</script>'; } } $html .= '<form class="form-horizontal" role="form" method="post">'; foreach ($fields as $field) { isset($errors) && array_key_exists($field['var'], $errors) ? $error = 'has-error' : ($error = ''); $html .= '<div class="form-group ' . $error . '">'; switch ($field['type']) { case 'password': $type = 'password'; $field['std'] = ''; case 'text': if (!isset($type)) { $type = 'text'; } $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <input class="form-control" type="' . $type . '" name="form[' . $field['var'] . ']" value="' . $field['std'] . '"> </div>'; break; case 'select': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <select class="form-control" name="form[' . $field['var'] . ']">'; foreach ($field['options'] as $option) { $field['std'] == $option ? $selected = 'selected' : ($selected = ''); $html .= '<option ' . $selected . ' value="' . $option . '">' . $option . '</option>'; } $html .= '</select> </div>'; break; } $html .= ' <div class="col-lg-4"> <p class="description">' . $field['desc'] . '</p> </div> </div>'; } $html .= ' <div class="form-group"> <div class="col-lg-6 col-lg-offset-2"> <button type="submit" class="btn btn-primary" name="submit">Submit</button> </div> </div> </form> '; return $html; }
function diy_addorg($payload, $storage) { global $app; $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $result->function = substr($app->request()->getPathInfo(), 1); $result->method = $app->request()->getMethod(); //$params = loadParameters(); $up = json_decode(base64_decode($payload)); $client_id = $up->client_id; $org = OAuth2\Request::createFromGlobals()->request["org"]; $org_desc = OAuth2\Request::createFromGlobals()->request["org_desc"]; $diy_error["post"]["org"] = $org; $diy_error["post"]["org_desc"] = $org_desc; $post["org"] = $org; //organisation oauth_devices $post["org_desc"] = $org_desc; //mia perigrafi oti thelei o christis oauth_devices $gump = new GUMP(); $gump->validation_rules(array('org' => 'required|alpha_numeric', 'org_desc' => 'required|max_len,100')); $gump->filter_rules(array('org' => 'trim|sanitize_string', 'org_desc' => 'trim|sanitize_string')); $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } else { //check if device name exists $stmt = $storage->prepare('SELECT * FROM oauth_organisations WHERE organisation = :org'); $stmt->execute(array('org' => trim($org))); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row) { $result["result"]["error"] = ExceptionMessages::OrgExist . " , " . ExceptionCodes::OrgExist; } else { try { // oauth_organisation table $stmt2 = $storage->prepare('INSERT INTO oauth_organisations (organisation, client_id, desc) VALUES (:org, :client_id, :desc)'); $stmt2->execute(array('client_id' => $client_id, 'org' => $org, 'desc' => $org_desc)); // scopes gia devices $scope = $org; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); $scope = $org . "_dev"; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); $scope = $org . "_dpri"; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); $scope = $org . "_org"; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); $scope = $org . "_dpub"; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); // scopes gia users $scope = $org . "_view"; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); $scope = $org . "_devel"; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); $scope = $org . "_admin"; $is_default = 0; $stmt3 = $storage->prepare('INSERT INTO oauth_scopes (scope, is_default) VALUES (:scope, :is_default)'); $stmt3->execute(array('scope' => $scope, 'is_default' => $is_default)); $stmt6 = $storage->prepare('SELECT * FROM oauth_clients WHERE client_id = :client_id'); $stmt6->execute(array('client_id' => trim($client_id))); $row6 = $stmt6->fetch(PDO::FETCH_ASSOC); if ($row6) { $scope6 = $row6["scope"]; $scope6 .= " " . $org . "_admin"; $scope6 .= " " . $org . "_view"; $stmt5 = $storage->prepare('UPDATE oauth_clients set scope = :scope6 where client_id = :client_id'); $stmt5->execute(array('scope6' => $scope6, 'client_id' => $client_id)); } //result_messages=============================================================== $result["result"]["result"] = $post; $result["result"]["session"] = $session; $result["error"] = $error; $result["status"] = "200"; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; } catch (Exception $e) { $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
$form_saved = false; if (isset($_POST['submit'])) { $gump = new GUMP(); foreach ($_POST['form'] as $k => $v) { //update the std value for form output below $fields[$k]['std'] = $v; $saved->{$k} = $v; if (!empty($fields[$k]['validate'])) { $validate[$k] = $fields[$k]['validate']; } if (!empty($fields[$k]['filter'])) { $filter[$k] = $fields[$k]['filter']; } } $gump->validation_rules($validate); $gump->filter_rules($filter); $validated_data = $gump->run($_POST['form']); $error_text = ''; $privatekey = "6Lepf-gSAAAAAEE3oZNbZJE0FvuD4gtkQ04gZkAL"; $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { $validated_data = false; $error_text .= $resp->error . '<br />'; } if ($validated_data === false) { $errors = $gump->get_readable_errors(false); foreach ($errors as $error) { $error_text .= $error . '<br />'; } $html .= '<div class="alert alert-danger"><p>' . $error_text . '</p></div>'; } else {
function diy_register() { global $app, $diy_storage; $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $client_id = $params["client_id"]; $client_secret = $params["client_secret"]; $firstname = $params["first_name"]; $lastname = $params["last_name"]; $email = $params["email"]; $post["client_id"] = $client_id; $post["client_secret"] = $client_secret; $post["firstname"] = $firstname; $post["lastname"] = $lastname; $post["email"] = $email; foreach ($post as $curKey => $curValue) { $diy_error["post"][$curKey] = $curValue; } $gump = new GUMP(); $gump->validation_rules(array('client_id' => 'required|alpha_numeric', 'client_secret' => 'required|alpha_numeric', 'firstname' => 'required|alpha_numeric', 'lastname' => 'required|alpha_numeric', 'email' => 'required|valid_email')); $gump->filter_rules(array('client_id' => 'trim|sanitize_string', 'client_secret' => 'trim|sanitize_string', 'firstname' => 'trim|sanitize_string', 'lastname' => 'trim|sanitize_string', 'email' => 'trim|sanitize_string')); $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } try { if (count($result["parse_errors"]) <= 0) { $storage = $diy_storage(); $lastkey = $storage->query('SELECT user_id FROM oauth_users ORDER BY user_id DESC LIMIT 1'); foreach ($lastkey as $curRow) { $lastkey = intval($curRow[0]); } $code = md5($post["firstname"] . $post["lastname"] . $post["email"]); // Create user $storage->query('INSERT INTO oauth_users (user_id, first_name, last_name, email, email_verified, email_ver_code) VALUES (' . ($lastkey + 1) . ', "' . $post["firstname"] . '", "' . $post["lastname"] . '", "' . $post["email"] . '", 0, "' . $code . '")'); $user_id = $storage->lastInsertId(); // Create client $publicKey = file_get_contents('../../ssh/CLIENT_ID1_pubkey.pem'); $privateKey = file_get_contents('../../ssh/CLIENT_ID1_privkey.pem'); $storage->query('INSERT INTO oauth_clients (client_id, client_secret, scope, user_id) VALUES ("' . $post["client_id"] . '", "' . $post["client_secret"] . '", "main", ' . $user_id . ')'); $client_id = $storage->lastInsertId(); $storage->query('INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES ("' . $post["client_id"] . '", "' . $publicKey . '", "' . $privateKey . '", "RS256")'); // Send email $mailserver = diyConfig::read('mail.smtpserver'); $mailserverport = diyConfig::read('mail.smtpport'); $mailfrom = diyConfig::read('mail.fromuser'); $link = 'https://' . $_SERVER['HTTP_HOST'] . '/api/activate/' . $code; $transport = Swift_SmtpTransport::newInstance($mailserver, $mailserverport); $mailer = Swift_Mailer::newInstance($transport); $message = Swift_Message::newInstance('Wonderful Subject')->setFrom(array($mailfrom => 'Diyiot'))->setTo(array($post["email"]))->setSubject('Welcome to diyiot')->setBody('Hi ' . $post["firstname"] . ',<BR /><BR />To active your account please click the following link <a href="' . $link . '">' . $link . '</a>.', 'text/html', 'UTF-8'); $mailer->send($message); } //result_messages=============================================================== $result["result"]["user_id"] = $user_id; $result["error"] = $error; $result["status"] = "200"; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; } catch (Exception $e) { $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); if (isset($user_id)) { $storage->query('DELETE FROM oauth_users WHERE user_id = ' . $user_id); } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
function diy_adddevice($payload, $storage) { global $app; $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $result->function = substr($app->request()->getPathInfo(), 1); $result->method = $app->request()->getMethod(); //$params = loadParameters(); $up = json_decode(base64_decode($payload)); $client_id = $up->client_id; $userscope = $up->scope; $org = OAuth2\Request::createFromGlobals()->request["org"]; $device = OAuth2\Request::createFromGlobals()->request["device"]; $client_secret = OAuth2\Request::createFromGlobals()->request["passwd"]; $device_desc = OAuth2\Request::createFromGlobals()->request["device_desc"]; $diy_error["post"]["org"] = $org; $diy_error["post"]["device"] = $device; $diy_error["post"]["client_secret"] = $client_secret; $diy_error["post"]["device_desc"] = $device_desc; $post["org"] = $org; //organisation oauth_devices $post["device"] = $device; // to client_id tou device oauth_devices oauth_clients oauth_public_keys $post["client_secret"] = $client_secret; //mia perigrafi oti thelei o christis oauth_devices $post["device_desc"] = $device_desc; //mia perigrafi oti thelei o christis oauth_devices //$result["result"]["up"] = $up; $gump = new GUMP(); $gump->validation_rules(array('org' => 'required|alpha_numeric', 'device' => 'required|alpha_numeric', 'client_secret' => 'required|max_len,100|min_len,6', 'device_desc' => 'required|max_len,100')); $gump->filter_rules(array('org' => 'trim|sanitize_string', 'device' => 'trim|sanitize_string', 'client_secret' => 'trim', 'device_desc' => 'trim|sanitize_string')); $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } else { //check if org name exists $orgexists = "no"; $stmtorg = $storage->prepare('SELECT * FROM oauth_organisations WHERE organisation = :org'); $stmtorg->execute(array('org' => trim($org))); $roworg = $stmtorg->fetch(PDO::FETCH_ASSOC); if ($roworg) { $orgexists = "yes"; //$result["result"]["error"] = ExceptionMessages::OrgExist." , ". ExceptionCodes::OrgExist; $orgadmin = "no"; $orgowner = "no"; $userscopes = explode(' ', trim($userscope)); $orgscope = $org . "_admin"; for ($i = 0; $i <= count($userscopes); $i++) { if (trim($userscopes[$i]) == $orgscope) { $orgadmin = "yes"; } } if ($orgadmin == "no") { //check if org name exists and client_id $stmtorg1 = $storage->prepare('SELECT * FROM oauth_organisations WHERE organisation = :org and client_id = :client_id'); $stmtorg1->execute(array('org' => trim($org), 'client_id' => $client_id)); $roworg1 = $stmtorg1->fetch(PDO::FETCH_ASSOC); if (!$roworg1) { $result["result"]["error"] = ExceptionMessages::OrgOwner . " , " . ExceptionCodes::OrgOwner; } else { $orgowner = "yes"; } } } else { $result["result"]["error"] = ExceptionMessages::OrgNotExist . " , " . ExceptionCodes::OrgNotExist; } //check if device name exists $orgdeviceexists = "no"; $stmt = $storage->prepare('SELECT client_id FROM oauth_clients WHERE client_id = :device'); $stmt->execute(array('device' => trim($device))); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row) { $result["result"]["error"] = ExceptionMessages::DeviceExist . " , " . ExceptionCodes::DeviceExist; $orgdeviceexists = "yes"; } if ($orgexists == "yes" && ($orgowner == "yes" || $orgadmin == "yes") && $orgdeviceexists == "no") { //}else{ try { $tempfile = tempnam('tmp/', ''); if (file_exists($tempfile)) { unlink($tempfile); } mkdir($tempfile); if (is_dir($tempfile)) { exec("openssl genrsa -out {$tempfile}/{$client_id}-privkey.pem 2048"); exec("openssl rsa -in {$tempfile}/{$client_id}-privkey.pem -pubout -out {$tempfile}/{$client_id}-pubkey.pem"); $publicKey = file_get_contents("{$tempfile}/{$client_id}-pubkey.pem"); $privateKey = file_get_contents("{$tempfile}/{$client_id}-privkey.pem"); // oauth_public_keys table $encryption_algorithm = "RS256"; $stmt5 = $storage->prepare('INSERT INTO oauth_public_keys (client_id, public_key, private_key, encryption_algorithm) VALUES (:client_id, :public_key, :private_key, :encryption_algorithm)'); $stmt5->execute(array('client_id' => $device, 'public_key' => $publicKey, 'private_key' => $privateKey, ':encryption_algorithm' => $encryption_algorithm)); unlink("{$tempfile}/{$client_id}-pubkey.pem"); unlink("{$tempfile}/{$client_id}-privkey.pem"); // na ftiaxo to key me tis portes na einai etoimo // tha to kano messo cron // o pinakas ta echei ola oauth_clients } // user_id for dev $lastkey = $storage->query('SELECT user_id FROM oauth_users ORDER BY user_id DESC LIMIT 1'); foreach ($lastkey as $curRow) { $lastkey = intval($curRow[0]); } $lastkey++; // oauth_users table $stmt = $storage->prepare('INSERT INTO oauth_users (user_id,email_verified) VALUES (:user_id,"1")'); $stmt->execute(array('user_id' => $lastkey)); $scope = $org . "_dev"; $scope .= ' ' . $org . "_dpri"; $apiport = $storage->query('SELECT apiport FROM oauth_clients ORDER BY apiport DESC LIMIT 1'); foreach ($apiport as $curRow) { $apiport = intval($curRow[0]); } $dataport = $apiport + 1; $apiport = $apiport + 2; $apihost = diyConfig::read('api.host'); $sshhost = diyConfig::read('ssh.host'); $sshport = diyConfig::read('ssh.port'); // oauth_ports table $stmt2 = $storage->prepare('INSERT INTO oauth_ports (port, client_id) VALUES (:port, :client_id)'); $stmt2->execute(array('client_id' => $device, 'port' => $dataport)); $stmt2 = $storage->prepare('INSERT INTO oauth_ports (port, client_id) VALUES (:port, :client_id)'); $stmt2->execute(array('client_id' => $device, 'port' => $apiport)); // oauth_clients table $tty = "/dev/ttyACM0"; $baud = "115200"; $stmt1 = $storage->prepare('INSERT INTO oauth_clients (client_id, client_secret, user_id, scope, dataport, apiport, apihost, sshhost, sshport, tty, baud) VALUES (:client_id, :client_secret, :user_id, :scope, :dataport, :apiport, :apihost, :sshhost, :sshport, :tty, :baud)'); $stmt1->execute(array('user_id' => $lastkey, 'client_id' => $device, 'client_secret' => $client_secret, 'scope' => $scope, 'dataport' => $dataport, 'apiport' => $apiport, 'apihost' => $apihost, 'sshhost' => $sshhost, 'sshport' => $sshport, 'tty' => $tty, 'baud' => $baud)); // oauth_devices table $public_key_active = "yes"; $status = "private"; $mode = "devel"; $stmt11 = $storage->prepare('INSERT INTO oauth_devices (device, device_desc, organisation, client_id, public_key_active, status, mode) VALUES (:device, :device_desc, :organisation, :client_id, :public_key_active, :status, :mode)'); $stmt11->execute(array('device' => $device, 'client_id' => $client_id, 'device_desc' => $device_desc, 'organisation' => $org, 'public_key_active' => $public_key_active, 'status' => $status, 'mode' => $mode)); $post["status"] = $status; $post["mode"] = $mode; //result_messages=============================================================== $result["result"]["result"] = $post; $result["result"]["session"] = $session; $result["error"] = $error; $result["status"] = "200"; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; } catch (Exception $e) { $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
public static function process_submission() { require_once 'gump.class.php'; $gump = new GUMP(); $_POST = $gump->sanitize($_POST); global $a; $a = AC::load_current_activity(); if (isset($_POST['waitlist-submit'])) { AC::generate_waitlist_fields(); require_once 'wp-content/themes/vetri-master/lib/ReCaptcha/autoload.php'; $recaptcha = new \ReCaptcha\ReCaptcha('6LendQoTAAAAABQzKPl_3sLPQQkTKMW4DBnIP37R', new \ReCaptcha\RequestMethod\Curl()); $resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']); if (!$resp->isSuccess()) { AC::$errors['recaptcha'] = 'Please verify using the ReCaptcha widget'; return false; } } else { if (AC::is_active_timer_expired()) { AC::$errors[] = 'Your timer has expired. Please start over.'; AC::reset_all(); return false; } AC::generate_fields(); $step = $_POST['step']; foreach ($_POST['form'] as $k => $v) { $_SESSION['edgimo-reservation-form']['step-' . $step][$k] = $v; } } if (isset($_POST['activity-center-back'])) { $_SESSION['edgimo-reservation-form']['current-step']--; if (AC::get_current_step() === 1) { AC::reset_timer(); } return true; } $validation = array(); $filter = array(); foreach ($_POST['form'] as $field_name => $field_value) { if (isset(AC::$fields[$field_name]['validate'])) { $validation[$field_name] = AC::$fields[$field_name]['validate']; } if (isset(AC::$fields[$field_name]['filter'])) { $filter[$field_name] = AC::$fields[$field_name]['filter']; } } $gump->validation_rules($validation); $gump->filter_rules($filter); $validated_data = $gump->run($_POST['form']); if (isset($step) && $step == 1 && !isset($validated_data['terms'])) { AC::$errors['terms'] = 'You must agree to the terms of registration in order to register for an event. If you have questions about the terms, please feel free to contact us at <a href="mailto:' . $a->service_email . '">' . $a->service_email . '</a>'; return false; } if ($validated_data === false) { $temp = $gump->get_readable_errors(); $i = 0; foreach ($gump->validate($_POST['form'], $validation) as $error) { AC::$errors[$error['field']] = $temp[$i]; $i++; } return false; } if (isset($_POST['waitlist-submit'])) { $new_waitlist = wp_insert_post(array('post_name' => $validated_data['name'], 'post_title' => $validated_data['name'], 'post_type' => 'waitlist', 'post_status' => 'publish')); $meta = array('_waitlist_activity' => $validated_data['activity_id'], '_waitlist_created' => time(), '_waitlist_name' => $validated_data['name'], '_waitlist_desired_seats' => $validated_data['desired_seats'], '_waitlist_phone' => $validated_data['phone_1'] . $validated_data['phone_2'] . $validated_data['phone_3'], '_waitlist_email' => $validated_data['email'], '_waitlist_code' => md5(time() . rand() . $validated_data['name']), '_waitlist_redeemed' => 'false'); foreach ($meta as $k => $v) { add_post_meta($new_waitlist, $k, $v, true); } require_once 'wp-content/themes/vetri-master/lib/phpmailer/PHPMailerAutoload.php'; AC::send_admin_waitlist_email($new_waitlist); AC::send_waitlist_confirmation_email($new_waitlist); $_SESSION['edgimo-reservation-form']['waitlist-success'] = $new_waitlist; wp_redirect(AC::get_redirect_url()); exit; } switch ($step) { case 1: //check to see if the capacity went down after submitting registrant count if ($a->seats_available < AC::load_saved_data('number_of_registrants') && !AC::current_user_has_pending_reservation() && !AC::valid_waitlist_code()) { AC::$errors['number_of_registrants'] = 'The number of registrants you selected is no longer available. Please select again.'; return false; } $_SESSION['edgimo-reservation-form']['current-step'] = 2; //in case user clicked back using browser and not button, pending data will still exist. delete it if (AC::current_user_has_pending_reservation()) { AC::reset_timer(); } //by now any old pending data should be gone //always initiate a new timer when step 1 is submitted AC::init_timer(); break; case 2: $_SESSION['edgimo-reservation-form']['current-step'] = 3; break; case 3: $values = AC::get_all_final_values(); $result = AC::process_transaction($values); if ($result['success']) { $new_reservation = wp_insert_post(array('post_name' => $values['registrant_1_last_name'] . ', ' . $values['registrant_1_first_name'], 'post_title' => $values['registrant_1_last_name'] . ', ' . $values['registrant_1_first_name'], 'post_type' => 'reservation', 'post_status' => 'publish')); isset($values['donation']) ? $values['donation'] = $values['donation'] : ($values['donation'] = 0); $meta = array('_reservation_activity' => $a->ID, '_reservation_created' => time(), '_reservation_total' => AC::get_total(), '_reservation_fee' => $a->fee * $values['number_of_registrants'], '_reservation_gratuity' => AC::calculate_gratuity(), '_reservation_tax' => AC::calculate_tax(), '_reservation_donation' => $values['donation'], '_reservation_registrant_count' => $values['number_of_registrants'], '_reservation_optin' => $values['optin'], '_reservation_billing_first_name' => $values['billing_first_name'], '_reservation_billing_last_name' => $values['billing_last_name'], '_reservation_billing_address' => $values['billing_address'], '_reservation_billing_phone' => $values['billing_phone'], '_reservation_billing_city' => $values['billing_city'], '_reservation_billing_state' => $values['billing_state'], '_reservation_billing_zip' => $values['billing_zip'], '_reservation_transaction_id' => $result['RefNum'], '_reservation_auth_code' => $result['AuthCode'], '_reservation_card_type' => AC::card_type($values['cc_number']), '_reservation_last4' => $result['Last4']); $registrants = array(); $addons = array(); for ($i = 1; $i <= $values['number_of_registrants']; $i++) { $registrants[] = array('first_name' => $values['registrant_' . $i . '_first_name'], 'last_name' => $values['registrant_' . $i . '_last_name'], 'email' => $values['registrant_' . $i . '_email']); } $addon_fees = 0; foreach (AC::get_addons_in_cart() as $tax_status_group) { foreach ($tax_status_group as $addon) { $addons[] = array('title' => $a->addon_group[$addon['index']]['title'], 'cost' => $a->addon_group[$addon['index']]['cost'], 'quantity' => $addon['quantity']); $addon_fees += $addon['total']; } } $meta['_reservation_addon_fees'] = $addon_fees; if (!empty($addons)) { $meta['_reservation_addon_group'] = $addons; } $meta['_reservation_registrant_group'] = $registrants; foreach ($meta as $k => $v) { add_post_meta($new_reservation, $k, $v, true); } //if this was a waitlist code reservation, flag the waitlist as redeemed and set the meta if (AC::valid_waitlist_code()) { $w = AC::get_waitlist_from_code($_GET['v']); update_post_meta($w->ID, '_waitlist_redeemed', 'yes'); update_post_meta($w->ID, '_waitlist_reservation', $new_reservation); } if ($values['optin'] === 'yes') { $values['reservation_id'] = $new_reservation; //AC::add_to_mailchimp($values); } require_once 'wp-content/themes/vetri-master/lib/phpmailer/PHPMailerAutoload.php'; AC::send_confirmation_email($new_reservation); AC::send_admin_reservation_email($new_reservation); AC::reset_all(); $_SESSION['edgimo-reservation-form']['success'] = $new_reservation; wp_redirect(AC::get_redirect_url()); exit; } else { AC::$transaction_error = $result['message']; } break; } }
function diy_movedevice($payload, $storage) { global $app; $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $result->function = substr($app->request()->getPathInfo(), 1); $result->method = $app->request()->getMethod(); //$params = loadParameters(); $up = json_decode(base64_decode($payload)); $client_id = $up->client_id; $userscope = $up->scope; $device = OAuth2\Request::createFromGlobals()->query["device"]; $orgto = OAuth2\Request::createFromGlobals()->query["orgto"]; $diy_error["post"]["device"] = $device; $diy_error["post"]["orgto"] = $orgto; $post["device"] = $device; // to client_id tou device oauth_devices oauth_clients oauth_public_keys $post["orgto"] = $orgto; // to client_id tou device oauth_devices oauth_clients oauth_public_keys //$result["result"]["up"] = $up; $gump = new GUMP(); $gump->validation_rules(array('device' => 'required|alpha_numeric', 'orgto' => 'required|alpha_numeric')); $gump->filter_rules(array('device' => 'trim|sanitize_string', 'orgto' => 'trim|sanitize_string')); $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } else { $movedevice = "no"; $dev = $storage->prepare('SELECT * FROM oauth_devices WHERE device = :device'); $dev->execute(array('device' => trim($device))); $rowdev = $dev->fetch(PDO::FETCH_ASSOC); if ($rowdev) { $org = $rowdev["organisation"]; } else { $result["result"]["error"] = ExceptionMessages::DeviceNotExist . " , " . ExceptionCodes::DeviceNotExist; } function check($storage, $userscopes, $org, $client_id, $device) { //check if org name exists $orgexists = "no"; $stmtorg = $storage->prepare('SELECT * FROM oauth_organisations WHERE organisation = :org'); $stmtorg->execute(array('org' => trim($org))); $roworg = $stmtorg->fetch(PDO::FETCH_ASSOC); if ($roworg) { $orgexists = "yes"; //$result["result"]["error"] = ExceptionMessages::OrgExist." , ". ExceptionCodes::OrgExist; $orgadmin = "no"; $orgowner = "no"; $userscopes = explode(' ', trim($userscope)); $orgscope = $org . "_admin"; for ($i = 0; $i <= count($userscopes); $i++) { if (trim($userscopes[$i]) == $orgscope) { $orgadmin = "yes"; } } if ($orgadmin == "no") { //check if org name exists and client_id $stmtorg1 = $storage->prepare('SELECT * FROM oauth_organisations WHERE organisation = :org and client_id = :client_id'); $stmtorg1->execute(array('org' => trim($org), 'client_id' => $client_id)); $roworg1 = $stmtorg1->fetch(PDO::FETCH_ASSOC); if (!$roworg1) { $result["result"]["error"] = ExceptionMessages::OrgOwner . " , " . ExceptionCodes::OrgOwner; } else { $orgowner = "yes"; } } } else { $result["result"]["error"] = ExceptionMessages::OrgNotExist . " , " . ExceptionCodes::OrgNotExist; } //check if device name exists $orgdeviceexists = "no"; $stmt = $storage->prepare('SELECT client_id FROM oauth_clients WHERE client_id = :device'); $stmt->execute(array('device' => trim($device))); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row) { //$result["result"]["error"] = ExceptionMessages::DeviceExist." , ". ExceptionCodes::DeviceExist; $orgdeviceexists = "yes"; } else { $result["result"]["error"] = ExceptionMessages::DeviceNotExist . " , " . ExceptionCodes::DeviceNotExist; $orgdeviceexists = "no"; } if ($orgexists == "yes" && ($orgowner == "yes" || $orgadmin == "yes") && $orgdeviceexists == "yes") { $result["result"]["check"] = "ok"; return $result; } else { $result["result"]["check"] = "no"; return $result; } } $diy_error["error"]["check"] = check($storage, $userscopes, $org, $client_id, $device); // check if user owned the devices or have admin scope in orgfrom $checkr = check($storage, $userscopes, $org, $client_id, $device); if ($checkr["result"]["check"] == "ok") { $diy_error["error"]["orgfrom"] = "ok"; // check if user owned the devices or have admin scope in orgto $checkr1 = check($storage, $userscopes, $orgto, $client_id, $device); if ($checkr1["result"]["check"] == "ok") { $diy_error["error"]["orgto"] = "ok"; $movedevice = "yes"; } } //if( ($orgexists == "yes" && ($orgowner == "yes" || $orgadmin == "yes")) && $orgdeviceexists == "yes"){ if ($movedevice == "yes") { //}else{ try { $stmt1 = $storage->prepare('SELECT * from oauth_clients where client_id = :client_id'); $stmt1->execute(array('client_id' => $device)); $row1 = $stmt1->fetch(PDO::FETCH_ASSOC); if ($row1) { $scopedevt = $row1["scope"]; $orgt = $org . "_"; $orgtot = $orgto . "_"; $scopedev = str_replace($orgt, $orgtot, $scopedevt); // oauth_clients table $stmt1 = $storage->prepare('UPDATE oauth_clients set scope = :scopedev where client_id = :client_id'); $stmt1->execute(array('client_id' => $device, 'scopedev' => $scopedev)); // oauth_devices table $stmt11 = $storage->prepare('UPDATE oauth_devices set organisation = :orgto where device = :device'); $stmt11->execute(array('device' => $device, 'orgto' => $orgto)); } //result_messages=============================================================== $result["result"]["result"] = $post; $result["result"]["session"] = $session; $result["error"] = $error; $result["status"] = "200"; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; } catch (Exception $e) { $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
public function clean(array $wpNeeds) { $wpNeeds = $this->gump->sanitize($wpNeeds); $this->gump->filter_rules(array('username' => 'trim|sanitize_string', 'password' => 'trim', 'email' => 'trim|sanitize_email')); }
function diy_wssdeviceAccess($payload, $storage, $exceptions) { global $app; $post["session"] = OAuth2\Request::createFromGlobals()->query["session"]; $post["wss_user"] = OAuth2\Request::createFromGlobals()->query["wss_user"]; $post["device"] = OAuth2\Request::createFromGlobals()->query["device"]; $gump = new GUMP(); $gump->validation_rules(array('wss_user' => 'required|alpha_numeric', 'device' => 'required|alpha_numeric', 'session' => 'required|alpha_numeric')); $gump->filter_rules(array('wss_user' => 'trim|sanitize_string', 'device' => 'trim|sanitize_string', 'session' => 'trim|sanitize_string')); //$result["gump2"] = $validated; // validation successful $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $result->function = substr($app->request()->getPathInfo(), 1); $result->method = $app->request()->getMethod(); $params = loadParameters(); $up = json_decode(base64_decode($payload)); $client_id = $up->client_id; $result["result"]["view"] = 0; $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } else { try { $stmt = $storage->prepare('SELECT * FROM oauth_devices WHERE device = :device'); $stmt->execute(array('device' => $post["device"])); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row["organisation"]) { $organisation = trim($row["organisation"]); //$organisation=$row["scope"]; // o user einai sto scope try { $stmt1 = $storage->prepare('SELECT * FROM oauth_https_wss WHERE wss_user = :wss_user and session = :session'); $stmt1->execute(array('wss_user' => trim($post["wss_user"]), 'session' => trim($post["session"]))); $row1 = $stmt1->fetch(PDO::FETCH_ASSOC); if ($row1["client_id"]) { $client_user = $row1["client_id"]; if ($row["status"] == "org") { try { $stmt2 = $storage->prepare('SELECT * FROM oauth_clients WHERE client_id = :client_user'); $stmt2->execute(array('client_user' => trim($client_user))); $row2 = $stmt2->fetch(PDO::FETCH_ASSOC); if ($row2["scope"]) { $devview = $organisation . "_view"; if (strpos(trim($row2["scope"]), $devview) !== false) { $result["result"]["view"] = 1; } else { $diy_error["errors"] = ExceptionMessages::ScopeNotFound . " , " . ExceptionCodes::ScopeNotFound; } } } catch (Exception $e) { echo "error " . $e->getCode(); $diy_error["db"] = $e->getCode(); } } elseif ($row["status"] == "public") { $result["result"]["view"] = 1; } elseif ($row["status"] == "private" && $row["client_id"] == $client_user) { $result["result"]["view"] = 1; } elseif ($row["status"] == "private" && $row["client_id"] != $client_user) { $result["result"]["view"] = 0; } } else { $diy_error["errors"] = ExceptionMessages::UserNotFound . " , " . ExceptionCodes::UserNotFound; //$result["errors"]["select"] = exceptions::MethodNotFound; } } catch (Exception $e) { echo "error " . $e->getCode(); $diy_error["db"] = $e->getCode(); } } //result_messages=============================================================== $result["status"] = "200"; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; } catch (Exception $e) { $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); echo "error " . $e->getCode(); $diy_error["db"] = $e->getCode(); } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
$user = $app->db->prepare($sql); /*** bind the paramaters ***/ $user->bindParam(':name', $input[$field], PDO::PARAM_STR); /*** execute the prepared statement ***/ $user->execute(); $user = $user->fetch(PDO::FETCH_ASSOC); if (is_array($user)) { return false; } } }); $validation_rules_1 = array('username' => 'required|min_len,6|alpha_space|istaken', 'email' => 'required|valid_email|istaken', 'password' => 'required', 'password_confirm' => 'required'); $validation_rules_2 = array('username' => 'required|min_len,6|alpha_space', 'email' => 'required|valid_email', 'password' => 'required', 'password_confirm' => 'required'); $gump->validation_rules($validation_rules_1); $filter_array = array('username' => 'trim|sanitize_string|rmpunctuation', 'email' => 'trim|sanitize_string|sanitize_email', 'password' => 'trim', 'password_confirm' => 'trim'); $gump->filter_rules($filter_array); $validated_data = $gump->run($app->request->post()); if ($validated_data !== false) { // if ($app->request->post('password') !== $app->request->post('password_confirm')) { $validated_data = false; } } /* if (is_array($validated_data)) { foreach($validated_data as $key => $val) { $validated_data[$key] = htmlentities($val); } } echo '<pre>';var_dump($validated_data);echo '</pre>';
#!/usr/bin/php -q <?php require "../gump.class.php"; $validator = new GUMP(); $validator->validation_rules(array('comment' => 'required|max_len,500')); $validator->filter_rules(array('comment' => 'basic_tags')); // Valid Data $_POST = array('comment' => '<strong>this is freaking awesome</strong><script>alert(1);</script>'); $_POST = $validator->run($_POST); print_r($_POST);
function processForm($data, $user) { $gump = new GUMP(); $data = $gump->sanitize($data); $gump->validation_rules(array('user_target_name' => 'required', 'repair_post_id' => 'required|integer', 'repair_type_id' => 'required|integer', 'user_target_id' => 'required|integer', 'startdatetime' => 'required', 'enddatetime' => 'required', 'customer_car_gv_number' => 'required', 'customer_car_mileage' => 'integer', 'customer_car_name' => 'required', 'customer_car_vin' => 'required', 'customer_name' => 'required', 'customer_phone' => 'required', 'customer_id' => 'integer', 'customer_car_id' => 'integer', 'id' => 'integer', 'state' => 'required|integer')); $gump->filter_rules(array('user_target_name' => 'trim|sanitize_string', 'customer_car_gv_number' => 'trim|sanitize_string', 'customer_car_name' => 'trim|sanitize_string', 'customer_car_vin' => 'trim|sanitize_string', 'customer_name' => 'trim|sanitize_string', 'customer_phone' => 'trim|sanitize_string')); $customer_car_id = null; $customer_id = null; $validated_data = $gump->run($data); if ($validated_data) { $customer_car = null; $customer = null; // добавляем авто if (!isset($validated_data['customer_car_id'])) { $customer_car = new CustomerCar(); } else { $customer_car = CustomerCar::retrieveByPK($validated_data['customer_car_id']); } $customer_car->gv_number = $validated_data["customer_car_gv_number"]; $customer_car->mileage = $validated_data["customer_car_mileage"]; $customer_car->name = $validated_data["customer_car_name"]; $customer_car->vin = $validated_data["customer_car_vin"]; try { $customer_car->save(); $customer_car_id = $customer_car->id; Log::toDebug(["Save CustomerCar", $customer_car_id]); } catch (Exception $ex) { Log::toDebug("ERROR_SAVE_TO_DATABASE"); return ["err" => "ERROR_SAVE_TO_DATABASE"]; } // добавляем заказчика if (!isset($validated_data['customer_id'])) { $customer = new Customer(); } else { $customer = Customer::retrieveByPK($validated_data['customer_id']); } $customer->name = $validated_data["customer_name"]; $customer->phone = $validated_data["customer_phone"]; try { $customer->save(); $customer_id = $customer->id; Log::toDebug(["Save CustomerCar", $customer_id]); } catch (Exception $ex) { return ["err" => "ERROR_SAVE_TO_DATABASE"]; } try { if (!isset($validated_data['id'])) { $new_event = new GreaseRatEvent(); } else { $new_event = GreaseRatEvent::retrieveByPK($validated_data['id']); } $new_event->repair_post_id = $validated_data["repair_post_id"]; $new_event->repair_type_id = $validated_data["repair_type_id"]; if (isset($user)) { $new_event->user_owner_id = $user->id; } $new_event->user_target_id = $validated_data["user_target_id"]; $new_event->state = $validated_data["state"]; $new_event->customer_id = $customer_id; $new_event->customer_car_id = $customer_car_id; $new_event->startdatetime = $validated_data["startdatetime"]; $new_event->enddatetime = $validated_data["enddatetime"]; $new_event->save(); Log::toDebug(["Save rat event", $new_event->id]); return ['event' => $new_event]; } catch (Exception $ex) { return ["err" => "ERROR_SAVE_TO_DATABASE"]; } } else { return ["err" => "VALIDATE_FORM_ERROR", "errors" => $gump->errors()]; } }
function activity_form($activity_id = 0) { global $mysqli; global $backend; if ($activity_id) { $activity = new Activity($activity_id); $form_type = 'update'; } else { $activity = new Activity(); $form_type = 'insert'; } $html = ''; $fields = array('title' => array('var' => 'title', 'label' => 'Activity Title', 'desc' => 'Required. This is the public title of the activity. You may change this later.', 'type' => 'text', 'std' => $activity->title, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'folder' => array('var' => 'folder', 'label' => 'Activity folder', 'desc' => 'Required. Name of the folder to create on the ASHP server. Just enter the name of the folder <strong>without any slashes</strong>.', 'type' => 'text', 'std' => $activity->folder, 'validate' => 'required|alpha_dash', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'url' => array('var' => 'url', 'label' => 'Live Activity URL', 'desc' => 'The full URL of the activity, including <strong>http://</strong><br />You can leave blank to default to http://ashpadvantagemedia.com/ActivityFolder.<br /><span class="text-danger">Remember to use <strong>http://www.ashpadvantagemedia.com</strong> instead of <strong>http://www.ashpadvantage.com</strong>.</span>', 'type' => 'text', 'std' => $activity->url, 'validate' => 'valid_url', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'sponsor' => array('var' => 'sponsor', 'label' => 'Activity Sponsor', 'desc' => 'The sponsor of the activity.', 'type' => 'text', 'std' => $activity->sponsor, 'validate' => '', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'type_id' => array('var' => 'type_id', 'label' => 'Activity Type', 'desc' => 'Select the type of activity.', 'type' => 'select', 'options' => $backend->activity_types, 'std' => $activity->type_id, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 'i'), 'live_website' => array('var' => 'live_website', 'label' => 'Live Website Template', 'desc' => 'Choose which template to display on the live site..', 'type' => 'select', 'options' => $backend->website_types, 'std' => $activity->live_website, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'has_live' => array('var' => 'has_live', 'label' => 'Has Live Component', 'desc' => 'Select the live component this activity has.', 'type' => 'radio', 'options' => array('none', 'webcast', 'webinar'), 'std' => $activity->has_live, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'director_id' => array('var' => 'director_id', 'label' => 'Scientific Project Director', 'desc' => '', 'type' => 'select', 'options' => $backend->directors, 'std' => $activity->director_id, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 'i'), 'manager_id' => array('var' => 'manager_id', 'label' => 'Project Manager', 'desc' => '', 'type' => 'select', 'options' => $backend->managers, 'std' => $activity->manager_id, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 'i'), 'vendor_id' => array('var' => 'vendor_id', 'label' => 'Web Vendor', 'desc' => '', 'type' => 'select', 'options' => $backend->vendors, 'std' => $activity->vendor_id, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 'i')); if (isset($_POST['submit'])) { $gump = new GUMP(); foreach ($_POST['form'] as $k => $v) { //update the std value for form output below $fields[$k]['std'] = $v; if (!empty($fields[$k]['validate'])) { $validate[$k] = $fields[$k]['validate']; } if (!empty($fields[$k]['filter'])) { $filter[$k] = $fields[$k]['filter']; } } $error_text = ''; $gump->validation_rules($validate); $gump->filter_rules($filter); $validated_data = $gump->run($_POST['form']); if ($form_type == 'insert' && activity_folder_exists($validated_data['folder'])) { $validated_data = false; $error_text .= 'Folder already exists. Please choose another folder name.<br />'; } if ($validated_data === false) { $errors = $gump->get_readable_errors(false); foreach ($errors as $error) { $error_text .= $error . '<br />'; } echo edgimo_error($error_text); } else { if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit; } if ($validated_data['url'] == '') { $validated_data['url'] = 'http://ashpadvantagemedia.com/' . $validated_data['folder']; } if ($form_type == 'update') { $query = $mysqli->prepare("UPDATE ashp_activities SET title=?, url=?, folder=?, sponsor=?, type_id=?, director_id=?, manager_id=?, vendor_id=?, live_website=?, has_live=? WHERE activity_id=?"); $query->bind_param('ssssiiiiiss', $validated_data['title'], $validated_data['url'], $validated_data['folder'], $validated_data['sponsor'], $validated_data['type_id'], $validated_data['director_id'], $validated_data['manager_id'], $validated_data['vendor_id'], $validated_data['live_website'], $validated_data['has_live'], $activity_id); echo edgimo_success('Activity details have been updated.'); $query->execute(); $query->close(); echo '<script>edgimo_redirect("edit.php?table=ashp_activities&id=' . $activity_id . '");</script>'; } if ($form_type == 'insert') { $query = $mysqli->prepare("INSERT INTO ashp_activities (title, url, folder, sponsor, type_id, director_id, manager_id, vendor_id, live_website, has_live) VALUES (?,?,?,?,?,?,?,?,?,?)"); $query->bind_param('ssssiiiiss', $validated_data['title'], $validated_data['url'], $validated_data['folder'], $validated_data['sponsor'], $validated_data['type_id'], $validated_data['director_id'], $validated_data['manager_id'], $validated_data['vendor_id'], $validated_data['live_website'], $validated_data['has_live']); $query->execute(); $query->close(); $activity_id = $mysqli->query("SELECT activity_id FROM ashp_activities WHERE title = '{$validated_data['title']}'"); $vars = $activity_id->fetch_array(MYSQLI_ASSOC); $activity_id = $vars['activity_id']; $insert_fields = array_merge($backend->get_fields(0, $validated_data['has_live']), $backend->get_fields($validated_data['type_id'], $validated_data['has_live'])); foreach ($insert_fields as $field) { if (strstr($field['copy'], '{{LIVE_OPTIONS}}')) { $field['copy'] = live_options_replace($field['copy'], $validated_data['has_live']); } $query = $mysqli->prepare("INSERT INTO ashp_activity_content (activity_id, field_id, heading, copy, field_type, hook_name) VALUES (?,?,?,?,?,?)"); $query->bind_param('iissss', $activity_id, $field['field_id'], $field['heading'], $field['copy'], $field['field_type'], $field['hook_name']); $query->execute(); $query->close(); } create_site($validated_data['folder'], $activity_id); echo edgimo_success('New activity created.'); echo '<script>edgimo_redirect("edit.php?table=ashp_activities&id=' . $activity_id . '");</script>'; } } } $html .= '<form class="form-horizontal" role="form" method="post">'; foreach ($fields as $field) { isset($errors) && array_key_exists($field['var'], $errors) ? $error = 'has-error' : ($error = ''); $html .= '<div class="form-group ' . $error . '">'; switch ($field['type']) { case 'text': if (!isset($type)) { $type = 'text'; } $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <input class="form-control" type="' . $type . '" name="form[' . $field['var'] . ']" value="' . $field['std'] . '"> </div>'; break; case 'select': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <select class="form-control" name="form[' . $field['var'] . ']">'; foreach ($field['options'] as $option) { $field['std'] == $option[0] ? $selected = 'selected' : ($selected = ''); $html .= '<option ' . $selected . ' value="' . $option[0] . '">' . $option[1] . '</option>'; } $html .= '</select> </div>'; break; case 'radio': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> '; foreach ($field['options'] as $option) { $field['std'] == $option ? $checked = 'checked' : ($checked = ''); $html .= ' <div class="radio-inline"> <label> <input type="radio" name="form[' . $field['var'] . ']" value="' . $option . '" ' . $checked . '> ' . ucfirst($option) . ' </label> </div>'; } $html .= ' </div>'; break; } $html .= ' <div class="col-lg-4"> <p class="description">' . $field['desc'] . '</p> </div> </div>'; } $html .= ' <hr> <div class="form-group"> <div class="col-lg-6 col-lg-offset-2"> <button type="submit" class="btn btn-primary" name="submit">Submit</button> </div> </div> </form> '; return $html; }
function stockfiles_form($stock_file_id = 0) { global $user; global $backend; global $mysqli; if ($stock_file_id) { $stock_file = new StockFile($stock_file_id); $form_type = 'update'; if (!$user->is_allowed('edit_ashp_stock_files')) { echo edgimo_error('Your user role (' . $user->role . ') is not allowed to make edits on this page.'); return; } } else { $stock_file = new StockFile(); $form_type = 'insert'; if (!$user->is_allowed('add_stock_file')) { echo edgimo_error('Your user role (' . $user->role . ') is not allowed to make edits on this page.'); return; } } $html = ''; $fields = array('display_name' => array('var' => 'display_name', 'label' => 'Display Name', 'desc' => 'This will be displayed publicly as the name of the file.', 'type' => 'text', 'std' => $stock_file->display_name, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'file_name' => array('var' => 'file_name', 'label' => 'File', 'desc' => 'File will be renamed based on what you enter in Display Name.', 'type' => 'file', 'std' => $stock_file->file_name, 'validate' => 'required', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'hook_name' => array('var' => 'hook_name', 'label' => 'Hook Name', 'desc' => 'Use all lowercase with no space. Make it short but easy to remember.', 'type' => 'text', 'std' => $stock_file->hook_name, 'validate' => 'required|alpha_dash', 'filter' => 'trim|sanitize_string', 'param' => 's')); if (isset($_POST['submit'])) { $gump = new GUMP(); foreach ($_POST['form'] as $k => $v) { $fields[$k]['std'] = $v; $stock_file->{$k} = $v; if (!empty($fields[$k]['validate'])) { $validate[$k] = $fields[$k]['validate']; } if (!empty($fields[$k]['filter'])) { $filter[$k] = $fields[$k]['filter']; } } $gump->validation_rules($validate); $gump->filter_rules($filter); $validated_data = $gump->run($_POST['form']); if ($validated_data === false) { $errors = $gump->get_readable_errors(false); $error_text = ''; foreach ($errors as $error) { $error_text .= $error . '<br />'; } echo edgimo_error($error_text); } else { $validated_data['hook_name'] = strtolower($validated_data['hook_name']); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit; } if (!isset($validated_data['file_name'])) { $validated_data['file_name'] = ''; } if ($_FILES['form']['name']['file_name'] !== '') { $uploaded_file = $_FILES['form']['name']['file_name']; $ext = pathinfo($uploaded_file, PATHINFO_EXTENSION); $validated_data['file_name'] = slugify($validated_data['display_name']) . '.' . $ext; if (move_uploaded_file($_FILES['form']['tmp_name']['file_name'], STOCK_FILES_DIR . $validated_data['file_name'])) { echo edgimo_success("File uploaded as " . $validated_data['file_name'] . "."); } else { echo edgimo_error("Sorry, there was a problem uploading your file."); } } else { if ($form_type == 'update') { $validated_data['file_name'] = $stock_file->file_name; } } if ($form_type == 'update') { $query = $mysqli->prepare("UPDATE ashp_stock_files SET display_name=?, file_name=?, hook_name=? WHERE stock_file_id=?"); $query->bind_param('sssi', $validated_data['display_name'], $validated_data['file_name'], $validated_data['hook_name'], $stock_file_id); $query->execute(); $query->close(); echo edgimo_success('Stock File details have been updated.'); header('refresh: 1; URL=stockfiles.php'); } if ($form_type == 'insert') { $query = $mysqli->prepare("INSERT INTO ashp_stock_files (display_name, file_name, hook_name) VALUES (?,?,?)"); $query->bind_param('sss', $validated_data['display_name'], $validated_data['file_name'], $validated_data['hook_name']); $query->execute(); $query->close(); echo edgimo_success('New stock file added.'); header('refresh: 1; URL=stockfiles.php'); } } } $html .= '<form enctype="multipart/form-data" class="form-horizontal" role="form" method="post">'; foreach ($fields as $field) { isset($errors) && array_key_exists($field['var'], $errors) ? $error = 'has-error' : ($error = ''); $html .= '<div class="form-group ' . $error . '">'; switch ($field['type']) { case 'text': if (!isset($type)) { $type = 'text'; } $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <input class="form-control" type="' . $type . '" name="form[' . $field['var'] . ']" value="' . $field['std'] . '"> </div>'; break; case 'select': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <select class="form-control" name="form[' . $field['var'] . ']">'; foreach ($field['options'] as $k => $v) { $field['std'] == $k ? $selected = 'selected' : ($selected = ''); $html .= '<option ' . $selected . ' value="' . $k . '">' . $v . '</option>'; } $html .= '</select> </div>'; break; case 'textarea': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <textarea class="wysiwyg" name="form[' . $field['var'] . ']">' . $field['std'] . '</textarea> </div> '; break; case 'file': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <input class="form-control" type="file" name="form[' . $field['var'] . ']" value="' . $field['std'] . '"> <p class="form-control-static"><strong>Currently</strong>: <a href="' . STOCK_FILES_DIR . $field['std'] . '" target="_blank">' . $field['std'] . '</a></p> </div>'; break; } $html .= ' <div class="col-lg-4"> <p class="description">' . $field['desc'] . '</p> </div> </div>'; } $html .= ' <hr> <div class="form-group"> <div class="col-lg-6 col-lg-offset-2"> <button type="submit" class="btn btn-primary" name="submit">Submit</button> </div> </div> </form> '; return $html; }
<?php require 'gump.class.php'; require 'PHPMailerAutoload.php'; $gump = new GUMP(); $_POST = $gump->sanitize($_POST); // You don't have to sanitize, but it's safest to do so. $gump->validation_rules(array('mail' => 'required|valid_email', 'name' => 'required|max_len,50', 'objet' => 'required|max_len,100', 'msg' => 'required|max_len,1666|min_len,6')); $gump->filter_rules(array('mail' => 'trim|sanitize_email', 'name' => 'trim|sanitize_string', 'objet' => 'trim|sanitize_string', 'msg' => 'trim|sanitize_string')); $validated_data = $gump->run($_POST); if ($validated_data === false) { // echo $gump->get_readable_errors(true); } else { // Form is valid we send the mail ! // https://github.com/PHPMailer/PHPMailer#a-simple-example $mail = new PHPMailer(); $mail->isMail(); $mail->From = $_POST['mail']; $mail->FromName = $_POST['name']; $mail->addAddress('*****@*****.**', 'Mathilde Couvreur'); $mail->addCC('*****@*****.**', 'Neko'); $mail->isHTML(true); // Set email format to HTML $mail->Subject = 'Nekofolio - ' . $_POST['objet']; $mail->Body = $_POST['msg']; $mail->AltBody = $_POST['msg']; if (!$mail->send()) { echo 'Votre message ne s\'est pas envoyé'; echo 'Erreur : ' . $mail->ErrorInfo; } else { echo 'Votre message s\'est bien envoyé !';
function diy_diyexec($payload, $storage) { global $app; $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $result->function = substr($app->request()->getPathInfo(), 1); $result->method = $app->request()->getMethod(); $params = loadParameters(); $device = OAuth2\Request::createFromGlobals()->request["device"]; $exec = OAuth2\Request::createFromGlobals()->request["exec"]; $up = json_decode(base64_decode($payload)); $client_id = $up->client_id; $diy_error["post"]["device"] = $device; $post["device"] = $device; //organisation oauth_devices $post["exec"] = $exec; //organisation oauth_devices $gump = new GUMP(); $gump->validation_rules(array('device' => 'required|alpha_numeric', 'exec' => 'required|alpha_numeric')); $gump->filter_rules(array('device' => 'trim|sanitize_string', 'exec' => 'trim|sanitize_string')); $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } else { try { $stmt2 = $storage->prepare('SELECT * FROM oauth_devices WHERE device = :device'); $stmt2->execute(array('device' => trim($device))); $row2 = $stmt2->fetch(PDO::FETCH_ASSOC); if ($row2["organisation"]) { $org = trim($row2["organisation"]); } if ($row2["mode"]) { $mode = trim($row2["mode"]); } if ($row2["status"]) { $status = trim($row2["status"]); } if ($row2["client_id"]) { $devclient_id = trim($row2["client_id"]); } $orgscopeadmin = "no"; $orgscopedevel = "no"; if ($status == "org") { $userscopes = explode(' ', trim($userscope)); $adminscope = $org . "_admin"; $develscope = $org . "_admin"; // o user aniki sto scope for ($i = 0; $i <= count($userscopes); $i++) { if (trim($userscopes[$i]) == $adminscope) { $orgscopeadmin = "yes"; } if (trim($userscopes[$i]) == $develscope) { $orgscopedevel = "yes"; } } // einai o owner if ($devclient_id == $client_id) { $orgscopeadmin = "yes"; } } // einmai o owner if ($status == "private" && $devclient_id == $client_id) { $orgscopeadmin = "yes"; } if ($orgscopeadmin == "yes" || $orgscopedevel == "yes") { try { $stmt2 = $storage->prepare('SELECT * FROM oauth_clients WHERE client_id = :device'); $stmt2->execute(array('device' => trim($device))); $row2 = $stmt2->fetch(PDO::FETCH_ASSOC); if ($row2["apiport"]) { $stmt3 = $storage->prepare('SELECT * FROM oauth_diyexec WHERE exec = :exec'); $stmt3->execute(array('exec' => trim($exec))); $row3 = $stmt3->fetch(PDO::FETCH_ASSOC); if ($row3["exec"]) { $apiport = trim($row2["apiport"]); $diyexec = trim($row3["diyexec"]); $diyexecurl = base64_encode($diyexec); $data1 = 'exec=' . $diyexecurl; //$result["result1"]= $diyexec; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://127.0.0.1:{$apiport}/api/diyexec"); curl_setopt($ch, CURLOPT_TIMEOUT, 20); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $data1); curl_setopt($ch, CURLOPT_POST, 1); $r = curl_exec($ch); var_dump($r); $result["DEV"] = $r; } } } catch (Exception $e) { $diy_error["db"] = $e->getCode(); $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } } catch (Exception $e) { $diy_error["db"] = $e->getCode(); $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
function crud_validation($map, $id = 'crud') { if ($map) { foreach ($map as $k => $v) { if ($v['req']) { $v_rules[$k] = $v['req']; } if ($v['fil']) { $f_rules[$k] = $v['fil']; } if ($v['type'] === 'bool') { $b_rules[$k] = 0; } } } $gump = new GUMP(); $data = $_POST[$id]; if ($b_rules && $data) { $bool = array_diff($b_rules, $data); if ($bool) { $data = array_merge($bool, $data); } } $data = $gump->sanitize($data); $gump->validation_rules($v_rules); $gump->filter_rules($f_rules); $validated_data = $gump->run($data); if ($validated_data === false) { $result['error'] = $gump->get_errors(); } $result['post'] = $data; return $result; }
function faculty_form($faculty_id = 0) { global $mysqli; global $backend; global $user; if ($faculty_id) { $faculty = new Faculty($faculty_id); $form_type = 'update'; if (!$user->is_allowed('edit_ashp_faculty')) { echo edgimo_error('Your user role (' . $user->role . ') is not allowed to make edits on this page.'); return; } } else { $faculty = new Faculty(); $form_type = 'insert'; if (!$user->is_allowed('add_faculty')) { echo edgimo_error('Your user role (' . $user->role . ') is not allowed to make edits on this page.'); return; } } $html = ''; $fields = array('first_name' => array('var' => 'first_name', 'label' => 'First Name', 'desc' => '', 'type' => 'text', 'std' => $faculty->first_name, 'validate' => 'required|valid_name', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'middle_name' => array('var' => 'middle_name', 'label' => 'Middle Name', 'desc' => '', 'type' => 'text', 'std' => $faculty->middle_name, 'validate' => '', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'last_name' => array('var' => 'last_name', 'label' => 'Last Name', 'desc' => '', 'type' => 'text', 'std' => $faculty->last_name, 'validate' => 'required|valid_name', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'credentials' => array('var' => 'credentials', 'label' => 'Credentials', 'desc' => '', 'type' => 'text', 'std' => $faculty->credentials, 'validate' => '', 'filter' => 'trim|sanitize_string', 'param' => 's'), 'title' => array('var' => 'title', 'label' => 'Title', 'desc' => '', 'type' => 'textarea_basic', 'std' => $faculty->title, 'validate' => '', 'filter' => 'trim|basic_tags', 'param' => 's'), 'bio' => array('var' => 'bio', 'label' => 'Bio', 'desc' => '', 'type' => 'textarea', 'std' => $faculty->bio, 'validate' => '', 'filter' => 'trim', 'param' => 's'), 'image' => array('var' => 'image', 'label' => 'Image', 'desc' => 'Upload the faculty photo and alert your web vendor so that it can be resized and processed. To replace an existing photo, just upload a new file.', 'type' => 'file', 'std' => $faculty->image, 'validate' => '', 'filter' => 'trim|sanitize_string', 'param' => 's')); if (isset($_POST['submit'])) { $gump = new GUMP(); foreach ($_POST['form'] as $k => $v) { //update the std value for form output below $fields[$k]['std'] = $v; $faculty->{$k} = $v; if ($fields[$k]['type'] == 'textarea_basic') { $_POST['form'][$k] = nl2br($_POST['form'][$k]); } if (!empty($fields[$k]['validate'])) { $validate[$k] = $fields[$k]['validate']; } if (!empty($fields[$k]['filter'])) { $filter[$k] = $fields[$k]['filter']; } } $gump->validation_rules($validate); $gump->filter_rules($filter); $validated_data = $gump->run($_POST['form']); $duplicate = false; if ($form_type == 'insert' && is_duplicate_faculty($validated_data['first_name'], $validated_data['last_name'])) { $validated_data = false; $duplicate = true; } $redirect = true; if (!$duplicate && $form_type == 'insert' && is_similar_faculty($validated_data['last_name'])) { echo edgimo_error('Warning: Similar faculty name found in database.'); $redirect = false; } if ($validated_data === false) { $errors = $gump->get_readable_errors(false); $error_text = ''; foreach ($errors as $error) { $error_text .= $error . '<br />'; } } if ($duplicate) { $errors['first_name'] = true; $errors['last_name'] = true; $error_text .= 'Duplicate faculty member found.<br />'; } if (isset($error_text)) { echo edgimo_error($error_text); } if ($validated_data !== false) { if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit; } if (!isset($validated_data['image'])) { $validated_data['image'] = ''; } if ($_FILES['form']['name']['image'] !== '') { $image = $_FILES['form']['name']['image']; $ext = pathinfo($image, PATHINFO_EXTENSION); $validated_data['image'] = slugify($validated_data['last_name']) . '-' . slugify($validated_data['first_name']) . '.' . $ext; if (move_uploaded_file($_FILES['form']['tmp_name']['image'], FACULTY_IMAGES_DIR . $validated_data['image'])) { } else { echo edgimo_error("Sorry, there was a problem uploading your file."); } } else { if ($form_type == 'update') { $validated_data['image'] = $faculty->image; } } if ($form_type == 'update') { $query = $mysqli->prepare("UPDATE ashp_faculty SET first_name=?, middle_name=?, last_name=?, credentials=?, title=?, image=?, bio=? WHERE faculty_id=?"); $query->bind_param('sssssssi', $validated_data['first_name'], $validated_data['middle_name'], $validated_data['last_name'], $validated_data['credentials'], $validated_data['title'], $validated_data['image'], $validated_data['bio'], $faculty_id); echo edgimo_success('Faculty details have been updated.'); echo '<script>edgimo_redirect("faculty.php");</script>'; } if ($form_type == 'insert') { $query = $mysqli->prepare("INSERT INTO ashp_faculty (first_name, middle_name, last_name, credentials, title, image, bio) VALUES (?,?,?,?,?,?,?)"); $query->bind_param('sssssss', $validated_data['first_name'], $validated_data['middle_name'], $validated_data['last_name'], $validated_data['credentials'], $validated_data['title'], $validated_data['image'], $validated_data['bio']); echo edgimo_success('New faculty member added.'); if ($redirect) { echo '<script>edgimo_redirect("faculty.php");</script>'; } } $query->execute(); $query->close(); } } $html .= '<div class="row"><div class="col-lg-10 col-lg-offset-2"><p class="description">Last updated: ' . date('F j, Y', strtotime($faculty->updated)) . '</p></div></div>'; $html .= '<form enctype="multipart/form-data" class="form-horizontal" role="form" method="post">'; foreach ($fields as $field) { isset($errors) && array_key_exists($field['var'], $errors) ? $error = 'has-error' : ($error = ''); $html .= '<div class="form-group ' . $error . '">'; switch ($field['type']) { case 'text': if (!isset($type)) { $type = 'text'; } $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <input class="form-control" type="' . $type . '" name="form[' . $field['var'] . ']" value="' . $field['std'] . '"> </div>'; break; case 'select': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <select class="form-control" name="form[' . $field['var'] . ']">'; foreach ($field['options'] as $k => $v) { $field['std'] == $k ? $selected = 'selected' : ($selected = ''); $html .= '<option ' . $selected . ' value="' . $k . '">' . $v . '</option>'; } $html .= '</select> </div>'; break; case 'textarea': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <textarea class="wysiwyg" name="form[' . $field['var'] . ']">' . $field['std'] . '</textarea> </div> '; break; case 'textarea_basic': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <textarea class="basic" name="form[' . $field['var'] . ']">' . str_replace('<br />', "", $field['std']) . '</textarea> </div> '; break; case 'file': $html .= ' <label class="col-lg-2 control-label" for="form[' . $field['var'] . ']">' . $field['label'] . '</label> <div class="col-lg-6"> <input class="form-control" type="file" name="form[' . $field['var'] . ']" value="' . $field['std'] . '"> <img class="preview" src="' . FACULTY_IMAGES_DIR . $field['std'] . '"> </div>'; break; } $html .= ' <div class="col-lg-4"> <p class="description">' . $field['desc'] . '</p> </div> </div>'; } $html .= ' <hr> <div class="form-group"> <div class="col-lg-6 col-lg-offset-2"> <button type="submit" class="btn btn-primary" name="submit">Submit</button> </div> </div> </form> '; return $html; }
function login_form() { if (isset($_POST['login_submit'])) { //clear the message(s) unset($_GET['message']); $gump = new GUMP(); $gump->validation_rules(array('email' => 'required|valid_email', 'password' => 'required')); $gump->filter_rules(array('email' => 'trim|sanitize_email', 'password' => 'sanitize_string')); $validated_data = $gump->run($_POST); if ($validated_data === false) { $errors = $gump->get_readable_errors(false); $error_text = ''; foreach ($errors as $error) { $error_text .= $error . '<br />'; } echo edgimo_error($error_text); } else { $email = $validated_data['email']; $password = $validated_data['password']; if (login($email, $password)) { $user = new User($email); $_SESSION['email'] = $user->email; $_SESSION['timeout'] = time(); echo '<script>edgimo_redirect("index.php");</script>'; } else { echo edgimo_error('Invalid email or password. Please try again'); } } } //end submit if (isset($_GET['message'])) { $message = edgimo_success('You have been logged out.'); } else { $message = ''; } echo $message; ?> <div class="row"> <div class="col-md-4 col-md-offset-4"> <div class="panel panel-default"> <div class="panel-heading"> <h3 class="panel-title">Log In</h3> </div> <div class="panel-body"> <form class="form-horizontal" role="form" method="post"> <?php isset($errors) && array_key_exists('email', $errors) ? $error = 'has-error' : ($error = ''); ?> <div class="form-group <?php echo $error; ?> "> <label for="email" class="col-lg-4 control-label">Email</label> <div class="col-lg-8"> <input type="text" class="form-control" name="email" placeholder="Email"> </div> </div> <?php isset($errors) && array_key_exists('password', $errors) ? $error = 'has-error' : ($error = ''); ?> <div class="form-group <?php echo $error; ?> "> <label for="password" class="col-lg-4 control-label">Password</label> <div class="col-lg-8"> <input type="password" class="form-control" name="password" placeholder="Password"> </div> </div> <div class="form-group"> <div class="col-lg-offset-4 col-lg-8"> <button type="submit" name="login_submit" class="btn btn-primary">Sign in</button> </div> </div> </form> </div> </div> </div> </div> <?php }
}); $app->get('/managers/login', function () use($app) { if (Sentry::check()) { // User is not logged in, or is not activated $app->redirect('/managers/draws'); } $twig = Twig::get(); $template = $twig->loadTemplate('managers-login.html'); echo $template->render(array()); }); $app->post('/managers/login', function () use($app) { $gump = new GUMP(); $_POST = $gump->sanitize($_POST); // You don't have to sanitize, but it's safest to do so. $gump->validation_rules(array('password' => 'required', 'email' => 'required|valid_email')); $gump->filter_rules(array('password' => 'trim', 'email' => 'trim|sanitize_email')); $validator = $gump->run($_POST); if ($validator === false) { $app->flash('error', $gump->get_readable_errors(true)); $app->redirect('/managers/login'); } else { try { // Set login credentials $credentials = array('email' => $_POST['email'], 'password' => $_POST['password']); // Try to authenticate the user $user = Sentry::authenticate($credentials, isset($_POST['remember']) ? true : false); $app->redirect('/managers/draws'); } catch (Cartalyst\Sentry\Users\LoginRequiredException $e) { $app->flash('error', 'Login field is required.'); $app->redirect('/managers/login'); } catch (Cartalyst\Sentry\Users\PasswordRequiredException $e) {
function diy_removedevice($payload, $storage) { global $app; $result["controller"] = __FUNCTION__; $result["function"] = substr($app->request()->getPathInfo(), 1); $result["method"] = $app->request()->getMethod(); $params = loadParameters(); $result->function = substr($app->request()->getPathInfo(), 1); $result->method = $app->request()->getMethod(); //$params = loadParameters(); $up = json_decode(base64_decode($payload)); $client_id = $up->client_id; $userscope = $up->scope; $device = OAuth2\Request::createFromGlobals()->query["device"]; $diy_error["post"]["device"] = $device; $post["device"] = $device; // to client_id tou device oauth_devices oauth_clients oauth_public_keys //$result["result"]["up"] = $up; $gump = new GUMP(); $gump->validation_rules(array('device' => 'required|alpha_numeric')); $gump->filter_rules(array('device' => 'trim|sanitize_string')); $validated = $gump->run($post); if ($validated === false) { $result["parse_errors"] = $gump->get_readable_errors(true); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $gump->get_readable_errors(true); } else { $dev = $storage->prepare('SELECT * FROM oauth_devices WHERE device = :device'); $dev->execute(array('device' => trim($device))); $rowdev = $dev->fetch(PDO::FETCH_ASSOC); if ($rowdev) { $org = $rowdev["organisation"]; } else { $result["result"]["error"] = ExceptionMessages::DeviceNotExist . " , " . ExceptionCodes::DeviceNotExist; } //check if org name exists $orgexists = "no"; $stmtorg = $storage->prepare('SELECT * FROM oauth_organisations WHERE organisation = :org'); $stmtorg->execute(array('org' => trim($org))); $roworg = $stmtorg->fetch(PDO::FETCH_ASSOC); if ($roworg) { $orgexists = "yes"; //$result["result"]["error"] = ExceptionMessages::OrgExist." , ". ExceptionCodes::OrgExist; $orgadmin = "no"; $orgowner = "no"; $userscopes = explode(' ', trim($userscope)); $orgscope = $org . "_admin"; for ($i = 0; $i <= count($userscopes); $i++) { if (trim($userscopes[$i]) == $orgscope) { $orgadmin = "yes"; } } if ($orgadmin == "no") { //check if org name exists and client_id $stmtorg1 = $storage->prepare('SELECT * FROM oauth_organisations WHERE organisation = :org and client_id = :client_id'); $stmtorg1->execute(array('org' => trim($org), 'client_id' => $client_id)); $roworg1 = $stmtorg1->fetch(PDO::FETCH_ASSOC); if (!$roworg1) { $result["result"]["error"] = ExceptionMessages::OrgOwner . " , " . ExceptionCodes::OrgOwner; } else { $orgowner = "yes"; } } } else { $result["result"]["error"] = ExceptionMessages::OrgNotExist . " , " . ExceptionCodes::OrgNotExist; } //check if device name exists $orgdeviceexists = "no"; $stmt = $storage->prepare('SELECT client_id FROM oauth_clients WHERE client_id = :device'); $stmt->execute(array('device' => trim($device))); $row = $stmt->fetch(PDO::FETCH_ASSOC); if ($row) { //$result["result"]["error"] = ExceptionMessages::DeviceExist." , ". ExceptionCodes::DeviceExist; $orgdeviceexists = "yes"; } else { $result["result"]["error"] = ExceptionMessages::DeviceNotExist . " , " . ExceptionCodes::DeviceNotExist; $orgdeviceexists = "no"; } if ($orgexists == "yes" && ($orgowner == "yes" || $orgadmin == "yes") && $orgdeviceexists == "yes") { //}else{ try { // oauth_public_keys table $encryption_algorithm = "RS256"; $stmt5 = $storage->prepare('DELETE from oauth_public_keys where client_id = :client_id'); $stmt5->execute(array('client_id' => $device)); $stmt1 = $storage->prepare('SELECT * from oauth_clients where client_id = :client_id'); $stmt1->execute(array('client_id' => $device)); $row1 = $stmt1->fetch(PDO::FETCH_ASSOC); if ($row1) { $dataport = $row1["dataport"]; $apiport = $row1["apiport"]; // oauth_users table $user_id = $row1["user_id"]; $stmt = $storage->prepare('DELETE from oauth_users where user_id = :user_id'); $stmt->execute(array('user_id' => $user_id)); // oauth_ports table $stmt2 = $storage->prepare('DELETE from oauth_ports where port = :port'); $stmt2->execute(array('port' => $dataport)); $stmt2 = $storage->prepare('DELETE from oauth_ports where port = :port'); $stmt2->execute(array('port' => $apiport)); // oauth_clients table $stmt1 = $storage->prepare('DELETE from oauth_clients where client_id = :client_id'); $stmt1->execute(array('client_id' => $device)); // oauth_devices table $stmt11 = $storage->prepare('DELETE from oauth_devices where device = :device'); $stmt11->execute(array('device' => $device)); } //result_messages=============================================================== $result["result"]["result"] = $post; $result["result"]["session"] = $session; $result["error"] = $error; $result["status"] = "200"; $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]: NoErrors"; } catch (Exception $e) { $result["status"] = $e->getCode(); $result["message"] = "[" . $result["method"] . "][" . $result["function"] . "]:" . $e->getMessage(); } } } if (diyConfig::read('debug') == 1) { $result["debug"] = $diy_error; } return $result; }
// AUTHENTICATION FIRST if (!Sentry::check()) { // User is not logged in, or is not activated $app->flash('error', 'User is not logged in, or is not activated'); $app->redirect('/managers/login'); } $user = Sentry::getUser(); if (!$user->isSuperUser()) { $app->flash('error', 'Your are not administrator.'); $app->redirect('/managers/login'); } $gump = new GUMP(); $_POST = $gump->sanitize($_POST); // You don't have to sanitize, but it's safest to do so. $gump->validation_rules(array('winning_price' => 'required|numeric', 'draw_date' => 'required|max_len,10|min_len,6')); $gump->filter_rules(array('winning_price' => 'trim', 'draw_date' => 'trim')); if (!preg_match('/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['draw_date'])) { $app->flash('error', "Invalid Date"); $app->redirect('/managers/draws'); } $validator = $gump->run($_POST); if ($validator === false) { $app->flash('error', $gump->get_readable_errors(true)); $app->redirect('/managers/draws'); } else { if (!Draw::isExists($_POST['draw_date']) && Draw::validDate($_POST['draw_date'])) { $draw = new Draw(); $draw->winning_price = $_POST['winning_price']; $draw->date = date("Y-m-d H:i:s", strtotime($_POST['draw_date'])); $draw->status = "open"; $draw->save();