public function doGet()
{
$r = UsuarioResource::getInstance();
if (isset($_COOKIE["credentials"])) {
SessaoController::autenticar($_COOKIE["credentials"]);
if (UsuarioController::get("id")) {
ok_header();
echo UsuarioController::$usuario->json();
} else {
exception_header();
SessaoController::print_exception("autenticar");
}
} else {
bad_request();
}
}
/**
* check token comming from form posted or get params to prevent csrf attacks.
* if pwg_token is empty action doesn't require token
* else pwg_token is compare to server token
*
* @return void access denied if token given is not equal to server token
*/
function check_pwg_token()
{
if (!empty($_REQUEST['pwg_token'])) {
if (get_pwg_token() != $_REQUEST['pwg_token']) {
access_denied();
}
} else {
bad_request('missing token');
}
}
// TODO check the end value
// log the request if it is a swipe
add_swipe($_GET['id'], $owner, 0, 1);
send_headers();
$response = array("version" => $version, "response" => "OK", "uid" => $owner);
echo json_encode($response);
} else {
// user is not allowed
add_swipe($_GET['id'], $owner, 0, 0);
forbidden();
}
} else {
bad_request();
}
} else {
bad_request();
}
}
function bad_request()
{
header(':', true, 400);
send_headers();
$response = array("version" => $version, "response" => "Bad Request");
echo json_encode($response);
}
function forbidden()
{
header(':', true, 403);
send_headers();
$response = array("version" => $version, "response" => "Forbidden");
echo json_encode($response);
bad_request('invalid picture identifier');
}
} else {
preg_match('/^(\\d+-)?(.*)?$/', $token, $matches);
if (isset($matches[1]) and is_numeric($matches[1] = rtrim($matches[1], '-'))) {
$page['image_id'] = $matches[1];
if (!empty($matches[2])) {
$page['image_file'] = $matches[2];
}
} else {
$page['image_id'] = 0;
// more work in picture.php
if (!empty($matches[2])) {
$page['image_file'] = $matches[2];
} else {
bad_request('picture identifier is missing');
}
}
}
}
$page = array_merge($page, parse_section_url($tokens, $next_token));
if (!isset($page['section'])) {
$page['section'] = 'categories';
switch (script_basename()) {
case 'picture':
break;
case 'index':
// No section defined, go to random url
if (!empty($conf['random_index_redirect']) and empty($tokens[$next_token])) {
$random_index_redirect = array();
foreach ($conf['random_index_redirect'] as $random_url => $random_url_condition) {
// UTF-8 support for uppercase
mb_internal_encoding("UTF-8");
$now = time();
header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', strtotime('tomorrow', $now)));
header('Access-Control-Allow-Methods: GET');
header('Access-Control-Allow-Origin: *');
foreach (['party', 'fname', 'lname', 'bday', 'city', 'location'] as $key) {
if (array_key_exists($key, $_GET)) {
continue;
}
bad_request("Missing field: " . $key);
}
// Validate given birthday to be well-formed and from a person old
// enough to vote.
$bday_datetime = DateTime::createFromFormat('Y-m-d', $_GET['bday']);
if ($bday_datetime === FALSE) {
bad_request("Syntymäajan muoto virheellinen. Käytä muotoa vvvv-kk-pp, esim 1983-03-28.");
}
$bday = $bday_datetime->getTimestamp();
if ($bday >= strtotime('-18 years +1 day', $now)) {
bad_request("Henkilön on oltava 18-vuotias. Tarkista syntymäaikasi!");
}
// Fill form with data array
$tmpfile = tempnam(sys_get_temp_dir(), '');
file_put_contents($tmpfile, replace_fdf(file_get_contents(__DIR__ . '/../template.fdf'), ['$PUOLUE' => strtoupper($_GET['party']) . ' RY', '$YB' => date('Y', $bday), '$MB' => date('m', $bday), '$DB' => date('d', $bday), '$ETUNIMI' => mb_strtoupper($_GET['fname']), '$SUKUNIMI' => mb_strtoupper($_GET['lname']), '$KOTIKUNTA' => mb_strtoupper($_GET['city']), '$PAIKKA' => mb_strtoupper($_GET['location']), '$YN' => date('y', $now), '$MN' => date('m', $now), '$DN' => date('d', $now)]));
header('Content-type: application/pdf');
if (array_key_exists('download', $_GET)) {
header('Content-Disposition: attachment; filename="kannattajakortti-' . filenamize($_GET['fname'] . ' ' . $_GET['lname']) . '.pdf"');
}
passthru('pdftk ' . __DIR__ . '/../original.pdf fill_form ' . $tmpfile . ' output - flatten');
unlink($tmpfile);
/**
* the reverse of make_section_in_url
* returns the 'section' (categories/tags/...) and the data associated with it
*
* Depending on section, other parameters are returned (category/tags/list/...)
*
* @param array of url tokens to parse
* @param int the index in the array of url tokens; in/out
* @return array
*/
function parse_section_url($tokens, &$next_token)
{
$page = array();
if (strncmp(@$tokens[$next_token], 'categor', 7) == 0) {
$page['section'] = 'categories';
$next_token++;
if (isset($tokens[$next_token])) {
if (preg_match('/^(\\d+)(?:-(.+))?$/', $tokens[$next_token], $matches)) {
if (isset($matches[2])) {
$page['hit_by']['cat_url_name'] = $matches[2];
}
$page['category'] = $matches[1];
$next_token++;
} else {
// try a permalink
$maybe_permalinks = array();
$current_token = $next_token;
while (isset($tokens[$current_token]) and strpos($tokens[$current_token], 'created-') !== 0 and strpos($tokens[$current_token], 'posted-') !== 0 and strpos($tokens[$next_token], 'start-') !== 0 and strpos($tokens[$next_token], 'startcat-') !== 0 and $tokens[$current_token] != 'flat') {
if (empty($maybe_permalinks)) {
$maybe_permalinks[] = $tokens[$current_token];
} else {
$maybe_permalinks[] = $maybe_permalinks[count($maybe_permalinks) - 1] . '/' . $tokens[$current_token];
}
$current_token++;
}
if (count($maybe_permalinks)) {
$cat_id = get_cat_id_from_permalinks($maybe_permalinks, $perma_index);
if (isset($cat_id)) {
$next_token += $perma_index + 1;
$page['category'] = $cat_id;
$page['hit_by']['cat_permalink'] = $maybe_permalinks[$perma_index];
} else {
page_not_found(l10n('Permalink for album not found'));
}
}
}
}
if (isset($page['category'])) {
$result = get_cat_info($page['category']);
if (empty($result)) {
page_not_found(l10n('Requested album does not exist'));
}
$page['category'] = $result;
}
} elseif ('tags' == @$tokens[$next_token]) {
global $conf;
$page['section'] = 'tags';
$page['tags'] = array();
$next_token++;
$i = $next_token;
$requested_tag_ids = array();
$requested_tag_url_names = array();
while (isset($tokens[$i])) {
if (strpos($tokens[$i], 'created-') === 0 or strpos($tokens[$i], 'posted-') === 0 or strpos($tokens[$i], 'start-') === 0) {
break;
}
if ($conf['tag_url_style'] != 'tag' and preg_match('/^(\\d+)(?:-(.*)|)$/', $tokens[$i], $matches)) {
$requested_tag_ids[] = $matches[1];
} else {
$requested_tag_url_names[] = $tokens[$i];
}
$i++;
}
$next_token = $i;
if (empty($requested_tag_ids) && empty($requested_tag_url_names)) {
bad_request('at least one tag required');
}
$page['tags'] = find_tags($requested_tag_ids, $requested_tag_url_names);
if (empty($page['tags'])) {
page_not_found(l10n('Requested tag does not exist'), get_root_url() . 'tags.php');
}
} elseif ('favorites' == @$tokens[$next_token]) {
$page['section'] = 'favorites';
$next_token++;
} elseif ('most_visited' == @$tokens[$next_token]) {
$page['section'] = 'most_visited';
$next_token++;
} elseif ('best_rated' == @$tokens[$next_token]) {
$page['section'] = 'best_rated';
$next_token++;
} elseif ('recent_pics' == @$tokens[$next_token]) {
$page['section'] = 'recent_pics';
$next_token++;
} elseif ('recent_cats' == @$tokens[$next_token]) {
$page['section'] = 'recent_cats';
$next_token++;
} elseif ('search' == @$tokens[$next_token]) {
$page['section'] = 'search';
$next_token++;
preg_match('/(\\d+)/', @$tokens[$next_token], $matches);
if (!isset($matches[1])) {
bad_request('search identifier is missing');
}
$page['search'] = $matches[1];
$next_token++;
} elseif ('list' == @$tokens[$next_token]) {
$page['section'] = 'list';
$next_token++;
$page['list'] = array();
// No pictures
if (empty($tokens[$next_token])) {
// Add dummy element list
$page['list'][] = -1;
} else {
if (!preg_match('/^\\d+(,\\d+)*$/', $tokens[$next_token])) {
bad_request('wrong format on list GET parameter');
}
foreach (explode(',', $tokens[$next_token]) as $image_id) {
$page['list'][] = $image_id;
}
}
$next_token++;
}
return $page;
}
{
header('Status: 400 Bad Request');
header('Content-Type: text/plain');
die($str ? $str : 'bad request');
}
// --- BEGIN --- //
$length = array_get($_SERVER, 'CONTENT_LENGTH');
// invalid or no size - protocol error
if ($length <= 0) {
bad_request('empty data or length not specified.');
}
// create directory tree
@mkdir(MESSAGE_STORAGE_PATH, 0770, true);
// create temporary file
$filename = rand_str(40);
$fullpath = MESSAGE_STORAGE_PATH . DIRECTORY_SEPARATOR . $filename;
// open input and output
$putdata = fopen('php://input', 'r');
$fp = fopen($fullpath, 'w');
// write down to temp file
while ($data = fread($putdata, 2048)) {
fwrite($fp, $data);
}
fclose($fp);
fclose($putdata);
if (filesize($fullpath) != $length) {
// remove file
unlink($fullpath);
bad_request('declared length not matching actual data length.');
}
printf(URLFMT, $filename);
function osm_bounds_from_url($str)
{
if (!isset($str) or strlen($str) == 0) {
return null;
}
$r = explode(',', $str);
if (count($r) != 4) {
bad_request($str . ' is not a valid geographical bound');
}
$b = array('s' => $r[0], 'w' => $r[1], 'n' => $r[2], 'e' => $r[3]);
return $b;
}
$this->DateLeftDelimiter = "'";
$this->DateRightDelimiter = "'";
if ($CCConnectionSettings[$sourceName]["Type"] == "Oracle") {
$this->query("ALTER SESSION SET NLS_DATE_FORMAT = 'YYYY-MM-DD HH24:MI:SS'");
}
}
}
//End oracle Connection Class
global $sourceName;
global $pass_phrase;
$sourceName = CCGetParam("sourcename", CCGetSession("sourcename"));
$pass_phrase = "PASS PHRASE";
$level = CCGetParam("level", "single");
#$sourceName = "source1";
if (!file_exists("../textdb/" . $sourceName . ".sources.json")) {
bad_request(5);
}
$datasource = file_get_contents("../textdb/" . $sourceName . ".sources.json");
$datasource = json_decode($datasource, true);
$CCConnectionSettings[$sourceName] = $datasource;
## CHECK IF CONNECTED ###################################
if (CCGetParam("connect") == "true") {
if (isset($_SESSION["CONNECTED"]) and isset($_SESSION["CONNECTED"][$sourceName])) {
unset($_SESSION["CONNECTED"][$sourceName]);
}
$user = CCGetParam("user");
$password = cryptoJsAesDecrypt($pass_phrase, $_POST["password"]);
#echo $password;
sqlConnect($user, $password);
die;
} else {
return $val;
}
header("Cache-Control: private");
$param = array();
foreach ($_REQUEST as $key => $value) {
$param[$key] = trim($value);
}
if (isset($param["k"])) {
if (!preg_match('/^[0-9a-f]{24}$/', $param["k"])) {
bad_request("Invalid confirmation key");
}
$info = get_sub_info($param["k"]);
} elseif (isset($_SERVER["QUERY_STRING"]) && preg_match('/^[0-9a-f]{24}$/', $_SERVER["QUERY_STRING"])) {
$info = get_sub_info($_SERVER["QUERY_STRING"]);
} else {
bad_request("No confirmation key");
exit(0);
}
if (!isset($info["em"])) {
header("HTTP/1.0 404 Not Found");
echo "Can't find {$_SERVER['QUERY_STRING']} in DB";
exit(0);
}
if (isset($param["commit"]) && $param["commit"] == "1") {
$ip = $_SERVER["REMOTE_ADDR"];
$sql = <<<EOD
UPDATE hebcal_shabbat_email
SET email_status='active',
email_ip='{$ip}'
WHERE email_id = '{$info['id']}'
EOD;
#include_once("../Sorter.php");
#include_once("../Navigator.php");
//End Include Common Files
if (!isset($_SERVER["HTTP_REFERER"])) {
bad_request(1);
}
if (!isset($_SERVER["HTTP_X_REQUESTED_WITH"])) {
bad_request(2);
}
$REFER = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST);
if (!$REFER === $_SERVER["HTTP_HOST"]) {
bad_request(3);
}
$XRF = $_SERVER["HTTP_X_REQUESTED_WITH"];
if (!$XRF === "XMLHttpRequest") {
bad_request(4);
}
// Aqui falta que las clase de acceso a la base de datos estan hardcoded, asi que debemos generalizarlas
// Se necesita un archivo de conf, para cada acceso. Un acceso debe constituir en
// 1) datasource = conexion a la base de datos de la forma
/*
"datasource" => array(
"Type" => "MySQL",
"DBLib" => "MySQLi",
"Database" => "uicipe_proyecto",
"Host" => "localhost",
"Port" => "3306",
"User" => "system",
"Password" => "manager",
"Encoding" => array("", "utf8"),
"Persistent" => false,