Exemplo n.º 1
0
 public function doGet()
 {
     $r = UsuarioResource::getInstance();
     if (isset($_COOKIE["credentials"])) {
         SessaoController::autenticar($_COOKIE["credentials"]);
         if (UsuarioController::get("id")) {
             ok_header();
             echo UsuarioController::$usuario->json();
         } else {
             exception_header();
             SessaoController::print_exception("autenticar");
         }
     } else {
         bad_request();
     }
 }
Exemplo n.º 2
0
/**
 * check token comming from form posted or get params to prevent csrf attacks.
 * if pwg_token is empty action doesn't require token
 * else pwg_token is compare to server token
 *
 * @return void access denied if token given is not equal to server token
 */
function check_pwg_token()
{
    if (!empty($_REQUEST['pwg_token'])) {
        if (get_pwg_token() != $_REQUEST['pwg_token']) {
            access_denied();
        }
    } else {
        bad_request('missing token');
    }
}
Exemplo n.º 3
0
                // TODO check the end value
                // log the request if it is a swipe
                add_swipe($_GET['id'], $owner, 0, 1);
                send_headers();
                $response = array("version" => $version, "response" => "OK", "uid" => $owner);
                echo json_encode($response);
            } else {
                // user is not allowed
                add_swipe($_GET['id'], $owner, 0, 0);
                forbidden();
            }
        } else {
            bad_request();
        }
    } else {
        bad_request();
    }
}
function bad_request()
{
    header(':', true, 400);
    send_headers();
    $response = array("version" => $version, "response" => "Bad Request");
    echo json_encode($response);
}
function forbidden()
{
    header(':', true, 403);
    send_headers();
    $response = array("version" => $version, "response" => "Forbidden");
    echo json_encode($response);
Exemplo n.º 4
0
            bad_request('invalid picture identifier');
        }
    } else {
        preg_match('/^(\\d+-)?(.*)?$/', $token, $matches);
        if (isset($matches[1]) and is_numeric($matches[1] = rtrim($matches[1], '-'))) {
            $page['image_id'] = $matches[1];
            if (!empty($matches[2])) {
                $page['image_file'] = $matches[2];
            }
        } else {
            $page['image_id'] = 0;
            // more work in picture.php
            if (!empty($matches[2])) {
                $page['image_file'] = $matches[2];
            } else {
                bad_request('picture identifier is missing');
            }
        }
    }
}
$page = array_merge($page, parse_section_url($tokens, $next_token));
if (!isset($page['section'])) {
    $page['section'] = 'categories';
    switch (script_basename()) {
        case 'picture':
            break;
        case 'index':
            // No section defined, go to random url
            if (!empty($conf['random_index_redirect']) and empty($tokens[$next_token])) {
                $random_index_redirect = array();
                foreach ($conf['random_index_redirect'] as $random_url => $random_url_condition) {
Exemplo n.º 5
0
// UTF-8 support for uppercase
mb_internal_encoding("UTF-8");
$now = time();
header('Expires: ' . gmdate('D, d M Y H:i:s \\G\\M\\T', strtotime('tomorrow', $now)));
header('Access-Control-Allow-Methods: GET');
header('Access-Control-Allow-Origin: *');
foreach (['party', 'fname', 'lname', 'bday', 'city', 'location'] as $key) {
    if (array_key_exists($key, $_GET)) {
        continue;
    }
    bad_request("Missing field: " . $key);
}
// Validate given birthday to be well-formed and from a person old
// enough to vote.
$bday_datetime = DateTime::createFromFormat('Y-m-d', $_GET['bday']);
if ($bday_datetime === FALSE) {
    bad_request("Syntymäajan muoto virheellinen. Käytä muotoa vvvv-kk-pp, esim 1983-03-28.");
}
$bday = $bday_datetime->getTimestamp();
if ($bday >= strtotime('-18 years +1 day', $now)) {
    bad_request("Henkilön on oltava 18-vuotias. Tarkista syntymäaikasi!");
}
// Fill form with data array
$tmpfile = tempnam(sys_get_temp_dir(), '');
file_put_contents($tmpfile, replace_fdf(file_get_contents(__DIR__ . '/../template.fdf'), ['$PUOLUE' => strtoupper($_GET['party']) . ' RY', '$YB' => date('Y', $bday), '$MB' => date('m', $bday), '$DB' => date('d', $bday), '$ETUNIMI' => mb_strtoupper($_GET['fname']), '$SUKUNIMI' => mb_strtoupper($_GET['lname']), '$KOTIKUNTA' => mb_strtoupper($_GET['city']), '$PAIKKA' => mb_strtoupper($_GET['location']), '$YN' => date('y', $now), '$MN' => date('m', $now), '$DN' => date('d', $now)]));
header('Content-type: application/pdf');
if (array_key_exists('download', $_GET)) {
    header('Content-Disposition: attachment; filename="kannattajakortti-' . filenamize($_GET['fname'] . ' ' . $_GET['lname']) . '.pdf"');
}
passthru('pdftk ' . __DIR__ . '/../original.pdf fill_form ' . $tmpfile . ' output - flatten');
unlink($tmpfile);
/**
 * the reverse of make_section_in_url
 * returns the 'section' (categories/tags/...) and the data associated with it
 *
 * Depending on section, other parameters are returned (category/tags/list/...)
 *
 * @param array of url tokens to parse
 * @param int the index in the array of url tokens; in/out
 * @return array
 */
function parse_section_url($tokens, &$next_token)
{
    $page = array();
    if (strncmp(@$tokens[$next_token], 'categor', 7) == 0) {
        $page['section'] = 'categories';
        $next_token++;
        if (isset($tokens[$next_token])) {
            if (preg_match('/^(\\d+)(?:-(.+))?$/', $tokens[$next_token], $matches)) {
                if (isset($matches[2])) {
                    $page['hit_by']['cat_url_name'] = $matches[2];
                }
                $page['category'] = $matches[1];
                $next_token++;
            } else {
                // try a permalink
                $maybe_permalinks = array();
                $current_token = $next_token;
                while (isset($tokens[$current_token]) and strpos($tokens[$current_token], 'created-') !== 0 and strpos($tokens[$current_token], 'posted-') !== 0 and strpos($tokens[$next_token], 'start-') !== 0 and strpos($tokens[$next_token], 'startcat-') !== 0 and $tokens[$current_token] != 'flat') {
                    if (empty($maybe_permalinks)) {
                        $maybe_permalinks[] = $tokens[$current_token];
                    } else {
                        $maybe_permalinks[] = $maybe_permalinks[count($maybe_permalinks) - 1] . '/' . $tokens[$current_token];
                    }
                    $current_token++;
                }
                if (count($maybe_permalinks)) {
                    $cat_id = get_cat_id_from_permalinks($maybe_permalinks, $perma_index);
                    if (isset($cat_id)) {
                        $next_token += $perma_index + 1;
                        $page['category'] = $cat_id;
                        $page['hit_by']['cat_permalink'] = $maybe_permalinks[$perma_index];
                    } else {
                        page_not_found(l10n('Permalink for album not found'));
                    }
                }
            }
        }
        if (isset($page['category'])) {
            $result = get_cat_info($page['category']);
            if (empty($result)) {
                page_not_found(l10n('Requested album does not exist'));
            }
            $page['category'] = $result;
        }
    } elseif ('tags' == @$tokens[$next_token]) {
        global $conf;
        $page['section'] = 'tags';
        $page['tags'] = array();
        $next_token++;
        $i = $next_token;
        $requested_tag_ids = array();
        $requested_tag_url_names = array();
        while (isset($tokens[$i])) {
            if (strpos($tokens[$i], 'created-') === 0 or strpos($tokens[$i], 'posted-') === 0 or strpos($tokens[$i], 'start-') === 0) {
                break;
            }
            if ($conf['tag_url_style'] != 'tag' and preg_match('/^(\\d+)(?:-(.*)|)$/', $tokens[$i], $matches)) {
                $requested_tag_ids[] = $matches[1];
            } else {
                $requested_tag_url_names[] = $tokens[$i];
            }
            $i++;
        }
        $next_token = $i;
        if (empty($requested_tag_ids) && empty($requested_tag_url_names)) {
            bad_request('at least one tag required');
        }
        $page['tags'] = find_tags($requested_tag_ids, $requested_tag_url_names);
        if (empty($page['tags'])) {
            page_not_found(l10n('Requested tag does not exist'), get_root_url() . 'tags.php');
        }
    } elseif ('favorites' == @$tokens[$next_token]) {
        $page['section'] = 'favorites';
        $next_token++;
    } elseif ('most_visited' == @$tokens[$next_token]) {
        $page['section'] = 'most_visited';
        $next_token++;
    } elseif ('best_rated' == @$tokens[$next_token]) {
        $page['section'] = 'best_rated';
        $next_token++;
    } elseif ('recent_pics' == @$tokens[$next_token]) {
        $page['section'] = 'recent_pics';
        $next_token++;
    } elseif ('recent_cats' == @$tokens[$next_token]) {
        $page['section'] = 'recent_cats';
        $next_token++;
    } elseif ('search' == @$tokens[$next_token]) {
        $page['section'] = 'search';
        $next_token++;
        preg_match('/(\\d+)/', @$tokens[$next_token], $matches);
        if (!isset($matches[1])) {
            bad_request('search identifier is missing');
        }
        $page['search'] = $matches[1];
        $next_token++;
    } elseif ('list' == @$tokens[$next_token]) {
        $page['section'] = 'list';
        $next_token++;
        $page['list'] = array();
        // No pictures
        if (empty($tokens[$next_token])) {
            // Add dummy element list
            $page['list'][] = -1;
        } else {
            if (!preg_match('/^\\d+(,\\d+)*$/', $tokens[$next_token])) {
                bad_request('wrong format on list GET parameter');
            }
            foreach (explode(',', $tokens[$next_token]) as $image_id) {
                $page['list'][] = $image_id;
            }
        }
        $next_token++;
    }
    return $page;
}
Exemplo n.º 7
0
{
    header('Status: 400 Bad Request');
    header('Content-Type: text/plain');
    die($str ? $str : 'bad request');
}
// --- BEGIN --- //
$length = array_get($_SERVER, 'CONTENT_LENGTH');
// invalid or no size - protocol error
if ($length <= 0) {
    bad_request('empty data or length not specified.');
}
// create directory tree
@mkdir(MESSAGE_STORAGE_PATH, 0770, true);
// create temporary file
$filename = rand_str(40);
$fullpath = MESSAGE_STORAGE_PATH . DIRECTORY_SEPARATOR . $filename;
// open input and output
$putdata = fopen('php://input', 'r');
$fp = fopen($fullpath, 'w');
// write down to temp file
while ($data = fread($putdata, 2048)) {
    fwrite($fp, $data);
}
fclose($fp);
fclose($putdata);
if (filesize($fullpath) != $length) {
    // remove file
    unlink($fullpath);
    bad_request('declared length not matching actual data length.');
}
printf(URLFMT, $filename);
Exemplo n.º 8
0
function osm_bounds_from_url($str)
{
    if (!isset($str) or strlen($str) == 0) {
        return null;
    }
    $r = explode(',', $str);
    if (count($r) != 4) {
        bad_request($str . ' is not a valid geographical bound');
    }
    $b = array('s' => $r[0], 'w' => $r[1], 'n' => $r[2], 'e' => $r[3]);
    return $b;
}
Exemplo n.º 9
0
        $this->DateLeftDelimiter = "'";
        $this->DateRightDelimiter = "'";
        if ($CCConnectionSettings[$sourceName]["Type"] == "Oracle") {
            $this->query("ALTER SESSION SET NLS_DATE_FORMAT = 'YYYY-MM-DD HH24:MI:SS'");
        }
    }
}
//End oracle Connection Class
global $sourceName;
global $pass_phrase;
$sourceName = CCGetParam("sourcename", CCGetSession("sourcename"));
$pass_phrase = "PASS PHRASE";
$level = CCGetParam("level", "single");
#$sourceName = "source1";
if (!file_exists("../textdb/" . $sourceName . ".sources.json")) {
    bad_request(5);
}
$datasource = file_get_contents("../textdb/" . $sourceName . ".sources.json");
$datasource = json_decode($datasource, true);
$CCConnectionSettings[$sourceName] = $datasource;
## CHECK IF CONNECTED ###################################
if (CCGetParam("connect") == "true") {
    if (isset($_SESSION["CONNECTED"]) and isset($_SESSION["CONNECTED"][$sourceName])) {
        unset($_SESSION["CONNECTED"][$sourceName]);
    }
    $user = CCGetParam("user");
    $password = cryptoJsAesDecrypt($pass_phrase, $_POST["password"]);
    #echo $password;
    sqlConnect($user, $password);
    die;
} else {
Exemplo n.º 10
0
    return $val;
}
header("Cache-Control: private");
$param = array();
foreach ($_REQUEST as $key => $value) {
    $param[$key] = trim($value);
}
if (isset($param["k"])) {
    if (!preg_match('/^[0-9a-f]{24}$/', $param["k"])) {
        bad_request("Invalid confirmation key");
    }
    $info = get_sub_info($param["k"]);
} elseif (isset($_SERVER["QUERY_STRING"]) && preg_match('/^[0-9a-f]{24}$/', $_SERVER["QUERY_STRING"])) {
    $info = get_sub_info($_SERVER["QUERY_STRING"]);
} else {
    bad_request("No confirmation key");
    exit(0);
}
if (!isset($info["em"])) {
    header("HTTP/1.0 404 Not Found");
    echo "Can't find {$_SERVER['QUERY_STRING']} in DB";
    exit(0);
}
if (isset($param["commit"]) && $param["commit"] == "1") {
    $ip = $_SERVER["REMOTE_ADDR"];
    $sql = <<<EOD
UPDATE hebcal_shabbat_email
SET email_status='active',
    email_ip='{$ip}'
WHERE email_id = '{$info['id']}'
EOD;
Exemplo n.º 11
0
#include_once("../Sorter.php");
#include_once("../Navigator.php");
//End Include Common Files
if (!isset($_SERVER["HTTP_REFERER"])) {
    bad_request(1);
}
if (!isset($_SERVER["HTTP_X_REQUESTED_WITH"])) {
    bad_request(2);
}
$REFER = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST);
if (!$REFER === $_SERVER["HTTP_HOST"]) {
    bad_request(3);
}
$XRF = $_SERVER["HTTP_X_REQUESTED_WITH"];
if (!$XRF === "XMLHttpRequest") {
    bad_request(4);
}
// Aqui falta que las clase de acceso a la base de datos estan hardcoded, asi que debemos generalizarlas
// Se necesita un archivo de conf, para cada acceso. Un acceso debe constituir en
// 1) datasource = conexion a la base de datos de la forma
/*
"datasource" => array(
    "Type" => "MySQL",
    "DBLib" => "MySQLi",
    "Database" => "uicipe_proyecto",
    "Host" => "localhost",
    "Port" => "3306",
    "User" => "system",
    "Password" => "manager",
    "Encoding" => array("", "utf8"),
    "Persistent" => false,