function get_app_db_headers($controller_dblink, $app_data, $environment)
{
# Fetching a valid token
$query = "\tSELECT\n\t\t\t\t\t`api_key`\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_APP_TOKENS_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t\t= " . (int) $app_data['id'] . " AND\n\t\t\t\t\t`environment`\t= '" . mysqli_escape_string($controller_dblink, $environment) . "' AND\n\t\t\t\t\t`db_fetch` \t= b'1'\n\t\t\t\tLIMIT 1";
$token_data = mysqli_single_result_query($controller_dblink, $query);
# Adding our headers
$headers = ['Referring-Host: ' . explode(',', $app_data['domain'])[0], 'Content-Type: ' . NQ_DEFAULT_CONTENT_TYPE];
# Post object
$post = (object) ['app_secret' => hash('sha256', $app_data['secret']), 'token' => $token_data['api_key'], 'user_agent' => 'nuQuery/1.0 (Emailbot)'];
# Performing our curl
$s = curl_init();
curl_setopt($s, CURLOPT_URL, NQ_AUTH_HOST . $app_data['id'] . '/create');
curl_setopt($s, CURLOPT_HTTPHEADER, $headers);
curl_setopt($s, CURLOPT_RETURNTRANSFER, true);
curl_setopt($s, CURLOPT_USERAGENT, 'nuQuery/1.0 (Emailbot)');
curl_setopt($s, CURLOPT_POST, true);
curl_setopt($s, CURLOPT_POSTFIELDS, PostParser::encode($post));
# Our return data type
$token_data = PostParser::decode(curl_exec($s), NQ_DEFAULT_CONTENT_TYPE);
curl_close($s);
# Updating our headers
$headers[] = 'Access-Token: ' . $token_data->id;
# Sending our headers back
return $headers;
}
$update_query = $query->get_update_query($limit, false, false);
mysqli_sub_query($partition_dblink, $update_query);
# Getting our updated info
$info = mysqli_info_array($partition_dblink);
$limit -= (int) $info['Rows matched'];
# Tracking our internal changed numbers
$content->affected_rows += (int) $info['Changed'];
$content->matched_rows += (int) $info['Rows matched'];
# We are done updating
if ($limit !== false && $limit <= 0) {
break;
}
}
mysqli_free_result($partition_results);
# Returning our values
PostParser::send($content);
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Updating our partition row counts
$size_changed = false;
$update_queries = ['SET @table_size_delta=0'];
foreach ($partitions_affected as $id => $partition) {
# Getting our new table size
$query = "\tSELECT\n\t\t\t\t\t `DATA_LENGTH` + `INDEX_LENGTH` AS `size`\n\t\t\t\tFROM\n\t\t\t\t\t`INFORMATION_SCHEMA`.`TABLES`\n\t\t\t\tWHERE\n\t\t\t\t\t`TABLE_SCHEMA`\t='" . mysqli_escape_string($partition->dblink, $partition->database) . "' AND\n\t\t\t\t\t`TABLE_NAME`\t='" . mysqli_escape_string($partition->dblink, $partition->data['table_name']) . "'";
$size_data = mysqli_single_result_query($partition->dblink, $query);
# Done with partitions database link
mysqli_shared_close($partition->dblink, $G_SHARED_DBLINKS);
# We have a different size
$this_size_changed = false;
if ((int) $partition->data['size'] != (int) $size_data['size']) {
# Flag size changed
$size_changed = true;
$content->url = $content->url[0];
$content->version = $content->version[0];
$content->success = $content->error_message == '';
unset($content->error_messages);
# Clear error message property if successfully upload
if ($content->success) {
unset($content->error_message);
}
}
# If we are returning in an iframe
if (isset($_CGET['is_iframe'])) {
header('Location: http://' . $G_CURRENT_DOMAIN . '/blank.html#' . json_encode($content));
$strlen = PostParser::send('');
} else {
# Returning it normally
$strlen = PostParser::send($content);
}
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Closing the storage connection
mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Updating our app
$query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_file_size`\t=`storage_file_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Updating our servers used space - measured in kb
$query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`space_used`\t\t=`space_used`+" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t='" . (int) $G_SERVER_DATA['id'] . "'\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Updating our servers available space - measured in kb
$query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`available_space`\t=`available_space`-" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`host`\t\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_SERVER_DATA['host']) . "' AND\n\t\t\t\t`max_space`\t\t=0";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Closing controller if tracking is different
if (NQ_CONTROLLER_HOST != NQ_TRACKING_HOST) {
public static function encode($data, $content_type = false, $parentname = false, $open = true, $close = true, $top = true)
{
# Defaulting
$default_type = isset($_SERVER['HTTP_CONTENT_TYPE']) ? $_SERVER['HTTP_CONTENT_TYPE'] : NQ_DEFAULT_CONTENT_TYPE;
$content_type = $content_type === false ? $default_type : $content_type;
# Sorting the object by its keys
if ($top) {
$data = (array) $data;
ksort($data);
$data = (object) $data;
}
# Adding debug data
global $G_DEBUG_DATA;
if ($top && NQ_DEBUG_ENABLED && NQ_DEBUG_SEND_RESPONSE) {
# Debug elapsed time
$G_DEBUG_DATA->elapsed_time = ['total' => microtime(true) - NQ_TRACKING_START_TIME];
$G_DEBUG_DATA->mysql_query_count = count($G_DEBUG_DATA->mysql_queries);
$G_DEBUG_DATA->elapsed_time['mysql'] = 0;
foreach ($G_DEBUG_DATA->mysql_queries as $query_data) {
$G_DEBUG_DATA->elapsed_time['mysql'] += $query_data['time'];
}
$G_DEBUG_DATA->elapsed_time['php'] = $G_DEBUG_DATA->elapsed_time['total'] - $G_DEBUG_DATA->elapsed_time['mysql'];
$G_DEBUG_DATA = (array) $G_DEBUG_DATA;
ksort($G_DEBUG_DATA);
# Add or replace
if (NQ_DEBUG_REPLACE_CONTENT) {
$data = $G_DEBUG_DATA;
} else {
$data->debug = $G_DEBUG_DATA;
}
}
# Choosing our type
$obj = '';
switch ($content_type) {
# JSON
case 'json':
case 'application/json':
# Setting our response header
$top && header('Content-Type: application/json; charset=utf-8', true);
# Handling arrays and objects
$obj = new stdClass();
if (is_array($data) || is_object($data)) {
foreach ($data as $key => $value) {
# If we are an attribute or value
$attr_or_value = is_object($value) && count(get_object_vars($value)) == 1;
# We are a value
if ($attr_or_value && isset($value->{PostParser::value_flag})) {
$obj->{$key} = $value->{PostParser::value_flag};
} elseif ($attr_or_value && isset($value->{PostParser::attribute_flag})) {
$obj->{$key} = $value->{PostParser::attribute_flag};
} elseif (is_object($value)) {
$obj->{$key} = PostParser::encode($value, 'json', false, false, false, false);
} else {
$obj->{$key} = $value;
}
}
} else {
$obj = $data;
}
# If we are at the top, we want to encode
if ($top) {
$obj = json_encode($obj, NQ_JSON_PRINT_FORMAT);
}
break;
# XML
# XML
case 'xml':
case 'application/xml':
# Setting our response header
$top && header('Content-Type: application/xml; charset=utf-8', true);
# We need to create our response object
if ($top) {
$root = $parentname === false ? 'nq-response' : $parentname;
$data = [(object) [$root => (object) $data]];
}
# Holders
$attributes = [];
$children = [];
# If we are a value
if (!is_array($data) && !is_object($data)) {
return '<' . $parentname . '>' . (is_string($data) ? str_replace(['&', '>', '<', '"'], ['&', '>', '<', '"'], $data) : var_export($data, true)) . '</' . $parentname . '>';
}
# Checking to see if we have a value, if we do all other nodes are attributes
$has_value = false;
foreach ($data as $child => $child_value) {
if (is_object($child_value) && count(get_object_vars($child_value)) == 1 && isset($child_value->{PostParser::value_flag})) {
$has_value = true;
break;
}
}
# Looping through our propreties
foreach ($data as $child => $child_value) {
# If we should be closing the tag
$prop_count = is_array($child_value) ? count($child_value) : 1;
$prop_count = is_object($child_value) ? count(get_object_vars($child_value)) : $prop_count;
$start_count = $prop_count;
# If we are an attribute or a value
$attr_or_value = is_object($child_value) && count(get_object_vars($child_value)) == 1;
# Attributes
if ($attr_or_value && isset($child_value->{PostParser::attribute_flag})) {
$attributes[] = $child . '="' . $child_value->{PostParser::attribute_flag} . '"';
$prop_count--;
} elseif ($attr_or_value && isset($child_value->{PostParser::value_flag})) {
$children[] = $child_value->{PostParser::value_flag};
$prop_count--;
} elseif ($has_value && !is_object($child_value) && !is_array($child_value)) {
$attributes[] = $child . '="' . $child_value . '"';
$prop_count--;
} elseif (is_array($child_value) && $child_value === array_values($child_value)) {
# Error checking
$has_value && trigger_error('Error compiling XML - Attempting to add child node to a text value. <' . $child . '> into <' . $parentname . '>');
# Printing out our children properly
foreach ($child_value as $ckey => $cval) {
if (!is_array($cval) && !is_object($cval)) {
$children[] = '<' . $child . '>' . (is_string($cval) ? $cval : var_export($cval, true)) . '</' . $child . '>';
} else {
$children[] = PostParser::encode($cval, 'xml', $child, true, true, false);
}
$prop_count--;
}
} else {
# Error checking
$has_value && trigger_error('Error compiling XML - Attempting to add child node to a text value. <' . $child . '> into <' . $parentname . '>');
# Adding our children
$children[] = PostParser::encode($child_value, 'xml', $child, $start_count == $prop_count, --$prop_count == 0, false);
}
}
# If we have reached here, we want to close
$close = true;
# Saving our xml properly
$tagname = $parentname === false ? $child : $parentname;
if (!is_numeric($tagname)) {
# We are opening up the tag
if ($open) {
$obj .= '<' . $tagname . (count($attributes) > 0 ? ' ' . implode(' ', $attributes) : '');
}
# We dont have any children
if (count($children) == 0) {
$obj .= $open ? ' />' : '';
} else {
$obj .= $open ? '>' : '';
$obj .= implode('', $children);
$obj .= $close ? '</' . $tagname . '>' : '';
}
} else {
# Adding our properties as sub-children
if (count($attributes) > 0) {
foreach ($attributes as $prop) {
$tag = explode('=', $prop);
$obj .= '<' . $tag[0] . '>' . trim($tag[1], '"') . '</' . $tag[0] . '>';
}
}
# Adding our children
$obj .= implode('', $children);
}
# We are prefixing the object
if ($top) {
$obj = '<?xml version="1.0" encoding="UTF-8"?>' . $obj;
}
break;
# POST Body
# POST Body
case 'form':
case 'application/x-www-form-urlencoded':
# Setting our response header
$top && header('Content-Type: application/x-www-form-urlencoded; charset=utf-8', true);
# Doing a little manipulation to take care of attributes and values
$obj = http_build_query(PostParser::encode($data, 'json', false, false, false, false));
break;
}
# Returning our object
return $obj;
}
public function parse($input)
{
$result = $this->preParser->parse($input);
$result = $this->postParser->parse($result);
return new Arguments($result);
}
$error_message = '';
if (!$img->save($G_SERVER_HOST . $filepath, $G_SERVER_DATA['available_space'], $error_message)) {
exit_fail(NQ_ERROR_SIZE_LIMIT, $error_message);
}
# Saving our file size
$filesize = (int) filesize($G_SERVER_HOST . $filepath);
$G_FILESIZE_ADDED = (int) $filesize - (int) $current_file_data['filesize'];
# Adding to the datatbase
$query = "\tINSERT INTO\n\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t`directory_id`\t\t=" . (int) $G_DIRECTORY_DATA['id'] . ",\n\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['name']) . "',\n\t\t\t\t`created`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['created']) . "',\n\t\t\t\t`modified`\t\t=NOW(),\n\t\t\t\t`version`\t\t=" . (int) $version . ",\n\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t`host_id`\t\t=" . (int) $G_SERVER_DATA['id'] . ",\n\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['meta_mime_type']) . "',\n\t\t\t\t`meta_width`\t\t=" . (int) $current_file_data['meta_width'] . ",\n\t\t\t\t`meta_height`\t\t=" . (int) $current_file_data['meta_height'];
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# Return object
$content = new stdClass();
$content->success = true;
$content->env = $G_APP_ENVIRONMENT;
# Sending success
PostParser::send($content, true);
/* --- Connection closed wit img->send() --- Below this point things need to be tracked and cleaned up --- */
# Updating our directory
$query = "\tUPDATE\n\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\tSET\n\t\t\t\t`filesize`\t\t=`filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`children_filesize`\t=`children_filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`modified`\t\t=NOW()\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_DIRECTORY_DATA['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
# If we have parents to update
if (count($G_DIRECTORY_DATA['parent_ids']) > 0) {
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`filesize`\t=`filesize`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\tIN (" . implode(',', $G_DIRECTORY_DATA['parent_ids']) . ")\n\t\t\t\tLIMIT " . count($G_DIRECTORY_DATA['parent_ids']);
mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query);
}
# Closing the storage connection
mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Updating our app
$query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_img_size`\t=`storage_img_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
# Updating our servers used space - measured in kb
$G_APP_DATA = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Adding our headers
$headers = get_app_db_headers($G_CONTROLLER_DBLINK, $G_APP_DATA, $db_queue['environment']);
# Looping through our pages
$nextpage = NQ_DATABASE_HOST . NQ_DATABASE_APP_ID . '_' . $db_queue['app_id'] . '/fetch/' . $db_queue['table_name'] . '?' . $db_queue['query_string'];
while ($nextpage != '') {
# Our records to be added
$records = [];
# Performing our curl
$s = curl_init();
curl_setopt($s, CURLOPT_URL, $nextpage);
curl_setopt($s, CURLOPT_HTTPHEADER, $headers);
curl_setopt($s, CURLOPT_RETURNTRANSFER, true);
curl_setopt($s, CURLOPT_USERAGENT, 'nuQuery/1.0 (Emailbot)');
# Our return data type
$return_data = PostParser::decode(curl_exec($s), NQ_DEFAULT_CONTENT_TYPE);
curl_close($s);
# Looping through the results
foreach ($return_data->results as $record) {
# Setting up the variables
$variables = json_decode($db_queue['variables']);
foreach ($record as $key => $value) {
$variables->{$key} = $value;
}
# Adding the email to the queue
$result = queue_email($G_CONTROLLER_DBLINK, $record->{$db_queue['recipient_column']}, $db_queue['sender_email'], $db_queue['subject'], $email_data, $constants, $variables, $db_queue['app_id'], strtotime($db_queue['send_date']), false);
# Tracking
if ($result == 1) {
$sent++;
} elseif ($result == -1) {
$blocked++;
$_URI = explode('?', isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '', 2);
$_ABS_BASEDIR = explode('/', NQ_RELATIVE_PATH);
$_BASEDIR = explode('/', $_URI[0]);
$_BASEDIR_CULLED = array_splice($_BASEDIR, 0, max(0, count($_ABS_BASEDIR) - 1));
$_ENDPOINT = $_BASEDIR[2];
$_FILENAME = $_BASEDIR[count($_BASEDIR) - 1];
$_CGET = array();
isset($_URI[1]) && parse_str($_URI[1], $_CGET);
# Including our functions
require_once __DIR__ . '/shutdown.php';
require_once __DIR__ . '/functions.php';
require_once __DIR__ . '/parsers/post.php';
require_once __DIR__ . '/parsers/mysql.php';
# Send a fake success if no response required
if (isset($_CGET['response']) && !boolval_ext($_CGET['response'])) {
PostParser::send((object) ['success' => true]);
}
# Setting up our controller connections
$G_SHARED_DBLINKS = [];
$G_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_CONTROLLER_HOST, NQ_CONTROLLER_USERNAME, NQ_CONTROLLER_PASSWORD, $G_SHARED_DBLINKS);
$G_STORAGE_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_DATABASE_STORAGE_HOST, NQ_DATABASE_STORAGE_USERNAME, NQ_DATABASE_STORAGE_PASSWORD, $G_SHARED_DBLINKS);
# Making sure we have a connection
if (!$G_CONTROLLER_DBLINK || !$G_STORAGE_CONTROLLER_DBLINK) {
exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false);
}
# If we are debugging
if (NQ_DEBUG_ENABLED) {
# New debug object
$G_DEBUG_DATA = new stdClass();
# If we want to include the config
if (NQ_DEBUG_CONFIG) {
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
# Including our configuration
require_once dirname(__FILE__) . '/_includes/config.php';
# Handling our global json parsing
$_JPOST = PostParser::decode();
# Validating our app
if (hash('sha256', $G_APP_DATA['secret']) != $_JPOST->app_secret) {
exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service unavailable.');
}
# Setting our token data
$query = "\tSELECT\n\t\t\t\t`session_id`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`hash_id`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->token) . "'\n\t\t\tLIMIT 1";
$token_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Updating our data
$query = "\tSELECT\n\t\t\t\t`details`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token_data['session_id']) . "'\n\t\t\tLIMIT 1";
$session_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query);
# Creating our token string
$strlen = PostParser::send(json_decode($session_data['details']));
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Opening our tracking dblink
$G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS);
# Closing the controller dblink
mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Adding our usage
track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
}
# Adding our access token
$query = "\tINSERT INTO\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->domain) . "',\n\t\t\t\t`created`\t= NOW(),\n\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t`privileges`\t=" . (int) $token_id . ",\n\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t`ip`\t\t=" . (int) ip2long($_SERVER['REMOTE_ADDR']) . ",\n\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->id = mysqli_insert_id($G_CONTROLLER_DBLINK);
# Encoding our token id
$hashed_id = hash('sha256', uniqid($token->id, true));
$query = "\tUPDATE\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\tWHERE\n\t\t\t\t`id`=" . (int) $token->id . "\n\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->id = $hashed_id;
# Handling secondary token
if ($secondary_token_id > 0) {
# Adding our access token
$query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`domain`\t='" . $token->domain . "',\n\t\t\t\t\t`created`\t= NOW(),\n\t\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t\t`privileges`\t=" . (int) $secondary_token_id . ",\n\t\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t\t`ip`\t\t=" . (int) ip2long($_JPOST->remote_ip) . ",\n\t\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->secondary_token_id = mysqli_insert_id($G_CONTROLLER_DBLINK);
# Encoding our token alt id
$hashed_id = hash('sha256', uniqid($token->secondary_token_id, true));
$query = "\tUPDATE\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $token->secondary_token_id . "\n\t\t\t\tLIMIT 1";
mysqli_sub_query($G_CONTROLLER_DBLINK, $query);
$token->secondary_token_id = $hashed_id;
}
# Creating our token string
$strlen = PostParser::send($token);
/* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */
# Opening our tracking dblink
$G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS);
# Closing the controller dblink
mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS);
# Adding our usage
track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
function exit_fail($code, $message, $log = true)
{
# Logging our bad request
global $_ENDPOINT;
$log && log_access($_ENDPOINT, false, $message);
# Creating our error message
$error = new stdClass();
$error->success = false;
$error->errorCode = $code;
$error->message = $message;
# Sending our error header
header('HTTP/1.1 403 Unauthorized', true, 403);
# Sending our error data
PostParser::send($error, true, true);
}
function preprocess()
{
$this->display = "";
$sd = MiscLib::scaleObject();
$entered = "";
if (isset($_REQUEST["reginput"])) {
$entered = strtoupper(trim($_REQUEST["reginput"]));
}
if (substr($entered, -2) == "CL") {
$entered = "CL";
}
if ($entered == "RI") {
$entered = CoreLocal::get("strEntered");
}
if (CoreLocal::get("msgrepeat") == 1 && $entered != "CL") {
$entered = CoreLocal::get("strRemembered");
CoreLocal::set('strRemembered', '');
}
CoreLocal::set("strEntered", $entered);
$json = array();
if ($entered != "") {
if (in_array("Paycards", CoreLocal::get("PluginList"))) {
/* this breaks the model a bit, but I'm putting
* putting the CC parser first manually to minimize
* code that potentially handles the PAN */
if (CoreLocal::get("PaycardsCashierFacing") == "1" && substr($entered, 0, 9) == "PANCACHE:") {
/* cashier-facing device behavior; run card immediately */
$entered = substr($entered, 9);
CoreLocal::set("CachePanEncBlock", $entered);
}
$pe = new paycardEntered();
if ($pe->check($entered)) {
$valid = $pe->parse($entered);
$entered = "PAYCARD";
CoreLocal::set("strEntered", "");
$json = $valid;
}
CoreLocal::set("quantity", 0);
CoreLocal::set("multiple", 0);
}
/* FIRST PARSE CHAIN:
* Objects belong in the first parse chain if they
* modify the entered string, but do not process it
* This chain should be used for checking prefixes/suffixes
* to set up appropriate session variables.
*/
$parser_lib_path = $this->page_url . "parser-class-lib/";
if (!is_array(CoreLocal::get("preparse_chain"))) {
CoreLocal::set("preparse_chain", PreParser::get_preparse_chain());
}
foreach (CoreLocal::get("preparse_chain") as $cn) {
if (!class_exists($cn)) {
continue;
}
$p = new $cn();
if ($p->check($entered)) {
$entered = $p->parse($entered);
}
if (!$entered || $entered == "") {
break;
}
}
if ($entered != "" && $entered != "PAYCARD") {
/*
* SECOND PARSE CHAIN
* these parser objects should process any input
* completely. The return value of parse() determines
* whether to call lastpage() [list the items on screen]
*/
if (!is_array(CoreLocal::get("parse_chain"))) {
CoreLocal::set("parse_chain", Parser::get_parse_chain());
}
$result = False;
foreach (CoreLocal::get("parse_chain") as $cn) {
if (!class_exists($cn)) {
continue;
}
$p = new $cn();
if ($p->check($entered)) {
$result = $p->parse($entered);
break;
}
}
if ($result && is_array($result)) {
// postparse chain: modify result
if (!is_array(CoreLocal::get("postparse_chain"))) {
CoreLocal::set("postparse_chain", PostParser::getPostParseChain());
}
foreach (CoreLocal::get('postparse_chain') as $class) {
if (!class_exists($class)) {
continue;
}
$obj = new $class();
$result = $obj->parse($result);
}
$json = $result;
if (isset($result['udpmsg']) && $result['udpmsg'] !== False) {
if (is_object($sd)) {
$sd->WriteToScale($result['udpmsg']);
}
}
} else {
$arr = array('main_frame' => false, 'target' => '.baseHeight', 'output' => DisplayLib::inputUnknown());
$json = $arr;
if (is_object($sd)) {
$sd->WriteToScale('errorBeep');
}
}
}
}
CoreLocal::set("msgrepeat", 0);
if (isset($json['main_frame']) && $json['main_frame'] != False) {
$this->change_page($json['main_frame']);
return False;
}
if (isset($json['output']) && !empty($json['output'])) {
$this->display = $json['output'];
}
if (isset($json['retry']) && $json['retry'] != False) {
$this->add_onload_command("setTimeout(\"inputRetry('" . $json['retry'] . "');\", 150);\n");
}
if (isset($json['receipt']) && $json['receipt'] != False) {
$ref = isset($json['trans_num']) ? $json['trans_num'] : ReceiptLib::mostRecentReceipt();
$this->add_onload_command("receiptFetch('" . $json['receipt'] . "', '" . $ref . "');\n");
}
if (CoreLocal::get('CustomerDisplay') === true) {
$child_url = MiscLib::baseURL() . 'gui-modules/posCustDisplay.php';
$this->add_onload_command("setCustomerURL('{$child_url}');\n");
$this->add_onload_command("reloadCustomerDisplay();\n");
}
return true;
}
}
$result = False;
foreach (CoreLocal::get("parse_chain") as $cn) {
if (!class_exists($cn)) {
continue;
}
$p = new $cn();
if ($p->check($entered)) {
$result = $p->parse($entered);
break;
}
}
if ($result && is_array($result)) {
// postparse chain: modify result
if (!is_array(CoreLocal::get("postparse_chain"))) {
CoreLocal::set("postparse_chain", PostParser::getPostParseChain());
}
foreach (CoreLocal::get('postparse_chain') as $class) {
if (!class_exists($class)) {
continue;
}
$obj = new $class();
$result = $obj->parse($result);
}
$json = $result;
if (isset($result['udpmsg']) && $result['udpmsg'] !== False) {
if (is_object($sd)) {
$sd->WriteToScale($result['udpmsg']);
}
}
} else {
