function isValidSessionkey() { return isset($_REQUEST['sk']) && $_REQUEST['sk'] == getSessionKey(); }
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_GET["team_number"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) { $result = getTeamTimes($db, $_GET["team_number"], $_GET["time_start"], $_GET["time_end"], getSessionKey()); if (is_array($result)) { $response["times"] = $result; } else { http_response_code(500); $response["error"] = "Error getting user times."; } } else { http_response_code(400); $response["error"] = "Missing required information."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_GET["team_number"])) { $team = getTeam($db, $_GET["team_number"], getSessionKey()); if ($team) { $response['team'] = $team; } else { http_response_code(500); $response["error"] = "Error retreiving team information."; } } else { http_response_code(400); $response["error"] = "Team number is required."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $userId = getUserID($db, getSessionKey()); if ($userId) { $response['user_id'] = $userId; $response['user_admin'] = isAdmin($db, getSessionKey()); $response['mentor_team'] = getMentorTeam($db, getSessionKey()); } else { http_response_code(500); $response["error"] = "Error validating session."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_POST["user_id"]) && isset($_POST["timelog_timein"])) { $success = writeTimelog($db, $_POST["user_id"], $_POST["timelog_timein"], $_POST["timelog_timeout"], getSessionKey()); if ($success) { http_response_code(200); } else { http_response_code(500); $response["error"] = "Error updating timelog."; } } else { http_response_code(400); $response["error"] = "Missing required information."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_POST["old_password"]) && isset($_POST["new_password"]) && isset($_POST["new_password_confirm"]) && $_POST["new_password"] == $_POST["new_password_confirm"]) { $success = changePassword($db, $_POST["old_password"], $_POST["new_password"], getSessionKey()); if ($success) { http_response_code(200); } else { http_response_code(500); $response["error"] = "Error updating password."; } } else { http_response_code(400); $response["error"] = "Missing required information."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_POST["timelog_id"]) && isset($_POST["timelog_timein"]) && isset($_POST["timelog_timeout"])) { $success = updateTimelog($db, $_POST["timelog_id"], $_POST["timelog_timein"], $_POST["timelog_timeout"], getSessionKey()); if ($success) { http_response_code(200); } else { http_response_code(500); $response["error"] = "Error updating timelog."; } } else { http_response_code(400); $response["error"] = "Missing required information."; } echo json_encode($response); $db->close();
function verifyLogin() { $session_token = $_SESSION['userData']['session_token']; $session_key = getSessionKey(); try { $decoded = JWT::decode($session_token, $session_key, array('HS256')); if ($decoded->uip != $_SERVER['REMOTE_ADDR']) { return false; } return true; } catch (Exception $e) { //var_dump($e); return false; } }
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $filterNames = ["user_name", "user_id", "team_name", "team_number", "time_limit", "time_start", "time_end", "num_low", "num_limit"]; $filters = []; $hasFilters = false; for ($i = 0; $i < count($filterNames); $i++) { $filterName = $filterNames[$i]; if (isset($_GET[$filterName]) && $_GET[$filterName] != "") { $filters[$filterName] = $_GET[$filterName]; $hasFilters = true; } else { $filters[$filterName] = null; } } $logs = []; if ($hasFilters) { $logs = getTimelogs($db, $filters, getSessionKey()); } if (is_array($logs)) { $response['timelogs'] = $logs; } else { http_response_code(500); $response["error"] = "Error retreiving timelogs."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_GET["timelog_id"])) { $result = getTimelog($db, $_GET["timelog_id"], getSessionKey()); if ($result) { $response["timelog"] = $result; } else { http_response_code(500); $response["error"] = "Error getting timelog information."; } } else { http_response_code(400); $response["error"] = "Timelog ID is required."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_GET["user_id"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) { $result = getHoursInRange($db, $_GET["user_id"], $_GET["time_start"], $_GET["time_end"], getSessionKey()); if (is_array($result)) { $response["timelog"] = $result; } else { http_response_code(500); $response["error"] = "Error getting hours information."; } } else { http_response_code(400); $response["error"] = "Missing necessary information."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_GET["user_id"])) { $result = getHours($db, $_GET["user_id"], getSessionKey()); if ($result) { $response["timelog"] = $result; } else { http_response_code(500); $response["error"] = "Error getting hours information."; } } else { http_response_code(400); $response["error"] = "User ID is required."; } echo json_encode($response); $db->close();
function user_result($response) { $userResponse = array('header' => AuthenticationProtocol::HEADER_SERVER_USER_MESSAGE_RESPONSE, 'response' => $response); result($userResponse, getSessionKey()); }
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_POST["team_number"])) { $success = teamSignout($db, $_POST["team_number"], getSessionKey()); if ($success) { http_response_code(201); } else { http_response_code(500); $response["error"] = "Error signing team out."; } } else { http_response_code(400); $response["error"] = "Team number is required."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $teamNumber = null; if (isset($_GET['team_number'])) { $teamNumber = $_GET['team_number']; } $users = getUsers($db, $teamNumber, getSessionKey()); if (is_array($users)) { $response['users'] = $users; } else { http_response_code(500); $response["error"] = "Error retreiving users."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_POST["user_name"]) && isset($_POST["team_number"]) && isset($_POST["user_password"]) && isset($_POST["user_password_confirm"]) && $_POST["user_password"] == $_POST["user_password_confirm"] && isset($_POST["user_number"])) { if (strlen($_POST["user_password"]) < 2) { http_response_code(400); $response["error"] = "Password must contain multiple characters."; } else { $userEmail = null; if (isset($_POST["user_email"])) { $userEmail = $_POST["user_email"]; } $success = addUser($db, $_POST["user_number"], $_POST["user_name"], $_POST["team_number"], $userEmail, $_POST["user_password"], 0, isset($_POST["user_mentor"]), getSessionKey()); if ($success) { http_response_code(201); } else { http_response_code(500); $response["error"] = "Error adding user."; } } } else { http_response_code(400); $response["error"] = "Missing required fields."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $result = getCurrentUser($db, getSessionKey()); if ($result) { $response["user"] = $result; } else { http_response_code(500); $response["error"] = "Error getting user information."; } echo json_encode($response); $db->close();
<?php include "functions.php"; echo getSessionKey(); print_r(getallheaders()); phpinfo(32);
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $logs = getLastTimelogs($db, 5, getSessionKey()); if (is_array($logs)) { $response['timelogs'] = $logs; } else { http_response_code(500); $response["error"] = "Error retreiving timelogs."; } echo json_encode($response); $db->close();
) [2] => stdClass Object ( [type] => main [url] => xxx ) [3] => stdClass Object ( [type] => large [url] => xxx ) ) ) [access_token] => xxx ) */ $uid = $result->user->id; $accessToken = $result->access_token; $sessionKey = json_decode(getSessionKey($accessToken)); $session_key = $sessionKey->renren_token->session_key; $url = "success.php?access_token={$accessToken}&uid={$uid}&session_key={$session_key}"; header("Location:{$url}"); } if (isset($_GET['access_token']) && isset($_GET['uid']) && isset($_GET['session_key'])) { $accessToken = $_GET['access_token']; $uid = $_GET['uid']; $session_key = $_GET['session_key']; $fields = "uid,name,sex,star,zidou,vip,birthday,email_hash,tinyurl,headurl,mainurl,hometown_location,work_history,university_history"; $pro1 = getInfo($accessToken, $fields, $uid, $_SESSION['renren_secretkey']); echo "Welcome , {$pro1[0]->name} , id : {$pro1[0]->uid}<br/>"; echo "<img src = '{$pro1[0]->headurl}'></img><br/>"; $pro2 = getProfileInfo($accessToken, $fields, $uid, $_SESSION['renren_secretkey']); }
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $teams = getTeams($db, getSessionKey()); if (is_array($teams)) { $response['teams'] = $teams; } else { http_response_code(500); $response["error"] = "Error retreiving teams."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_POST["timelog_id"])) { $success = deleteTimelog($db, $_POST["timelog_id"], getSessionKey()); if ($success) { http_response_code(200); } else { http_response_code(500); $response["error"] = "Error deleting log."; } } else { http_response_code(400); $response["error"] = "Timelog ID is required."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_GET["user_id"])) { $result = getUser($db, $_GET["user_id"], getSessionKey()); if ($result) { $response["user"] = $result; } else { http_response_code(500); $response["error"] = "Error getting user information."; } } else { http_response_code(400); $response["error"] = "User ID is required."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $teams = getTeamsAndUsers($db, getSessionKey()); if (is_array($teams)) { $response['teams'] = $teams; } else { http_response_code(500); $response["error"] = "Error retreiving teams."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_GET["user_id"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) { $result = getUserTime($db, $_GET["user_id"], $_GET["time_start"], $_GET["time_end"], getSessionKey()); if ($result) { $response["time"] = $result["user_time"]; } else { http_response_code(500); $response["error"] = "Error getting user time."; } } else { http_response_code(400); $response["error"] = "Missing required information."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $users = getLoggedInUsers($db, getSessionKey()); if (is_array($users)) { $response['users'] = $users; } else { http_response_code(500); $response["error"] = "Error retreiving logged in users."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; if (isset($_POST["team_number"]) && isset($_POST["team_name"])) { $success = addTeam($db, $_POST["team_number"], $_POST["team_name"], getSessionKey()); if ($success) { http_response_code(201); } else { http_response_code(500); $response["error"] = "Error adding team."; } } else { http_response_code(400); $response["error"] = "Team name name and team number are required."; } echo json_encode($response); $db->close();
<?php include "connect.php"; include "functions.php"; header("Content-Type: application/json"); $response = []; $sessionKey = getSessionKey(); if ($sessionKey) { $result = logout($db, $sessionKey); if ($result) { http_response_code(200); } else { http_response_code(500); $response["error"] = "Error logging out."; } } else { http_response_code(400); $response["error"] = "User isn't logged in."; } echo json_encode($response); $db->close();
public static function createGuess($firstName, $lastName, $mail, $weight) { // Make sure the name is valid if (!AccountUtils::isValidName($firstName) || !AccountUtils::isValidName($firstName)) { throw new Exception('The name is invalid.'); } // Make sure the mail is valid if (!AccountUtils::isValidMail($mail)) { throw new Exception('The mail is invalid.'); } // TODO: Validate the weight! // Get the session ID $sessionId = getSessionKey(); // Determine the creation date time $dateTime = DateTime::now(); // Get the guess IP $ip = IpUtils::getClientIp(); // Prepare a query for the picture being added $statement = Database::getPDO()->prepare('INSERT INTO ' . static::getDatabaseTableName() . ' (guess_session_id, guess_first_name, guess_last_name, guess_mail, guess_weight, guess_datetime, guess_ip) ' . 'VALUES (:session_id, :first_name, :last_name, :mail, :weight, :guess_datetime, :ip)'); $statement->bindValue(':session_id', $sessionId, PDO::PARAM_STR); $statement->bindValue(':first_name', $firstName, PDO::PARAM_STR); $statement->bindValue(':last_name', $lastName, PDO::PARAM_STR); $statement->bindValue(':mail', $mail, PDO::PARAM_STR); $statement->bindValue(':weight', $weight, PDO::PARAM_STR); // TODO: Use the UTC/GMT timezone! $statement->bindValue(':guess_datetime', $dateTime->toString(), PDO::PARAM_STR); $statement->bindValue(':ip', $ip, PDO::PARAM_STR); // Execute the prepared query if (!$statement->execute()) { throw new Exception('Failed to query the database.'); } // Get and return the guess instance return new Guess(Database::getPDO()->lastInsertId()); }
<?php use carbon\core\util\StringUtils; // Initialize the app require_once '../app/init.php'; // Get the session ID if ($sessionId == null) { $sessionId = getSessionKey(); } // Make sure the session ID is valid if (StringUtils::equals($sessionId, '', true, true)) { returnError('Session error.'); } /** * Return an error. * * @param string $msg The message * @return string */ function returnError($msg) { // Return the error as JSON returnJson(array('error' => $msg)); } /** * Return an array with data as JSON. * * @param array $array The array to return as JSON. */ function returnJson($array) {