$logger = new FullLog('Corporate View Page'); $checkAuth = new CheckAuth($logger); $blackList = new BlackLister($redis); $isCorporate = $checkAuth->isCorporate(); $router = new Router(__DIR__); $rootPath = $router->rootPath; $userType = PDOSingleton::CORPORATEUSER; if ($checkAuth->isAdmin()) { $userType = PDOSingleton::ADMINUSER; } $pdo = new PDOSingleton($userType); $orderID = !empty($_GET['order']) ? $auth->cInt($_GET['order']) : null; $employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null; if (!$isCorporate) { $logger->serverData(); $logger->addWarning("User attempted to access unauthorized location."); $error = rawurlencode('Not an authenticated corporate user.'); die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}")); } if (!$orderID) { $logger->serverData(); $logger->addWarning("User attempted to access an order without an orderID."); $error = rawurlencode('No order was given.'); die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}")); } $models = new stdClass(); $models->redis = $redis; $models->errorRunner = $errorRunner; $models->pdo = $pdo; $models->logger = $logger; $models->blackList = $blackList;
use security\Models\SiteLogger\FullLog; $router = new Router(__DIR__); $rootPath = $router->rootPath; $redis = new RedisSingleton(); $errorRunner = new ErrorRunner(); $pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER); $logger = new FullLog('Corporate View Orders Page'); $checkAuth = new CheckAuth($logger); $blackList = new BlackLister($redis); $isCorporate = $checkAuth->isCorporate(); $isAdmin = $checkAuth->isAdmin(); $router = new Router(__DIR__); $rootPath = $router->rootPath; if (!$isCorporate) { $logger->serverData(); $logger->addWarning("User attempted to access unauthorized location."); $error = rawurlencode('Not an authenticated corporate user.'); die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}")); } $models = new stdClass(); $models->redis = $redis; $models->errorRunner = $errorRunner; $models->pdo = $pdo; $models->logger = $logger; $models->blackList = $blackList; $order = new stdClass(); $order->session = $_SESSION; $ordersController = new EmployeeGroupsOrdersController($models, $order); $ordersController->setOrders(); $orders = $ordersController->getOrders(); $corporateOrders = "";
} $router = new Router(__DIR__); $rootPath = $router->rootPath; $redis = new RedisSingleton(); $errorRunner = new ErrorRunner(); $logger = new FullLog("Create new Customer"); $pdo = new PDOSingleton(PDOSingleton::CUSTOMERUSER); $blacklist = new BlackLister(); if (!isset($_SESSION["visits"])) { $_SESSION["visits"] = 0; } $_SESSION["visits"] = $_SESSION["visits"] + 1; if ($_SESSION["visits"] > 5) { $logger->serverData(); // increment the blacklister by one. $logger->addWarning("Someone is repeatedly visiting the create new customer account, this is their {$_SESSION['visits']}. Potential abuse."); $blacklist->blackList(); } if ($blacklist->isBlackListed()) { // Again, this is an incredibly weak protection. $logger->addError("This IP has been flagged as abusive."); foreach ($blacklist->IP as $badIP) { $logger->addError("badIP at {$badIP}"); } die("This account has been flagged as abusive."); } $_SESSION['maxfiles'] = ini_get('max_file_uploads'); $_SESSION['postmax'] = FileUploader::convertToBytes(ini_get('post_max_size')); $_SESSION['displaymax'] = FileUploader::convertFromBytes($_SESSION['postmax']); $max = 200 * 1024; $username = $email = $address = $phone = $city = $state = $countrycode = $zip = $instructions = $hasPassword = null;