Exemplo n.º 1
0
function isValidSessionkey()
{
    return isset($_REQUEST['sk']) && $_REQUEST['sk'] == getSessionKey();
}
Exemplo n.º 2
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["team_number"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) {
    $result = getTeamTimes($db, $_GET["team_number"], $_GET["time_start"], $_GET["time_end"], getSessionKey());
    if (is_array($result)) {
        $response["times"] = $result;
    } else {
        http_response_code(500);
        $response["error"] = "Error getting user times.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 3
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["team_number"])) {
    $team = getTeam($db, $_GET["team_number"], getSessionKey());
    if ($team) {
        $response['team'] = $team;
    } else {
        http_response_code(500);
        $response["error"] = "Error retreiving team information.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Team number is required.";
}
echo json_encode($response);
$db->close();
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$userId = getUserID($db, getSessionKey());
if ($userId) {
    $response['user_id'] = $userId;
    $response['user_admin'] = isAdmin($db, getSessionKey());
    $response['mentor_team'] = getMentorTeam($db, getSessionKey());
} else {
    http_response_code(500);
    $response["error"] = "Error validating session.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 5
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["user_id"]) && isset($_POST["timelog_timein"])) {
    $success = writeTimelog($db, $_POST["user_id"], $_POST["timelog_timein"], $_POST["timelog_timeout"], getSessionKey());
    if ($success) {
        http_response_code(200);
    } else {
        http_response_code(500);
        $response["error"] = "Error updating timelog.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["old_password"]) && isset($_POST["new_password"]) && isset($_POST["new_password_confirm"]) && $_POST["new_password"] == $_POST["new_password_confirm"]) {
    $success = changePassword($db, $_POST["old_password"], $_POST["new_password"], getSessionKey());
    if ($success) {
        http_response_code(200);
    } else {
        http_response_code(500);
        $response["error"] = "Error updating password.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["timelog_id"]) && isset($_POST["timelog_timein"]) && isset($_POST["timelog_timeout"])) {
    $success = updateTimelog($db, $_POST["timelog_id"], $_POST["timelog_timein"], $_POST["timelog_timeout"], getSessionKey());
    if ($success) {
        http_response_code(200);
    } else {
        http_response_code(500);
        $response["error"] = "Error updating timelog.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 8
0
function verifyLogin()
{
    $session_token = $_SESSION['userData']['session_token'];
    $session_key = getSessionKey();
    try {
        $decoded = JWT::decode($session_token, $session_key, array('HS256'));
        if ($decoded->uip != $_SERVER['REMOTE_ADDR']) {
            return false;
        }
        return true;
    } catch (Exception $e) {
        //var_dump($e);
        return false;
    }
}
Exemplo n.º 9
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$filterNames = ["user_name", "user_id", "team_name", "team_number", "time_limit", "time_start", "time_end", "num_low", "num_limit"];
$filters = [];
$hasFilters = false;
for ($i = 0; $i < count($filterNames); $i++) {
    $filterName = $filterNames[$i];
    if (isset($_GET[$filterName]) && $_GET[$filterName] != "") {
        $filters[$filterName] = $_GET[$filterName];
        $hasFilters = true;
    } else {
        $filters[$filterName] = null;
    }
}
$logs = [];
if ($hasFilters) {
    $logs = getTimelogs($db, $filters, getSessionKey());
}
if (is_array($logs)) {
    $response['timelogs'] = $logs;
} else {
    http_response_code(500);
    $response["error"] = "Error retreiving timelogs.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 10
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["timelog_id"])) {
    $result = getTimelog($db, $_GET["timelog_id"], getSessionKey());
    if ($result) {
        $response["timelog"] = $result;
    } else {
        http_response_code(500);
        $response["error"] = "Error getting timelog information.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Timelog ID is required.";
}
echo json_encode($response);
$db->close();
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) {
    $result = getHoursInRange($db, $_GET["user_id"], $_GET["time_start"], $_GET["time_end"], getSessionKey());
    if (is_array($result)) {
        $response["timelog"] = $result;
    } else {
        http_response_code(500);
        $response["error"] = "Error getting hours information.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Missing necessary information.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 12
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"])) {
    $result = getHours($db, $_GET["user_id"], getSessionKey());
    if ($result) {
        $response["timelog"] = $result;
    } else {
        http_response_code(500);
        $response["error"] = "Error getting hours information.";
    }
} else {
    http_response_code(400);
    $response["error"] = "User ID is required.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 13
0
function user_result($response)
{
    $userResponse = array('header' => AuthenticationProtocol::HEADER_SERVER_USER_MESSAGE_RESPONSE, 'response' => $response);
    result($userResponse, getSessionKey());
}
Exemplo n.º 14
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["team_number"])) {
    $success = teamSignout($db, $_POST["team_number"], getSessionKey());
    if ($success) {
        http_response_code(201);
    } else {
        http_response_code(500);
        $response["error"] = "Error signing team out.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Team number is required.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 15
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$teamNumber = null;
if (isset($_GET['team_number'])) {
    $teamNumber = $_GET['team_number'];
}
$users = getUsers($db, $teamNumber, getSessionKey());
if (is_array($users)) {
    $response['users'] = $users;
} else {
    http_response_code(500);
    $response["error"] = "Error retreiving users.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 16
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["user_name"]) && isset($_POST["team_number"]) && isset($_POST["user_password"]) && isset($_POST["user_password_confirm"]) && $_POST["user_password"] == $_POST["user_password_confirm"] && isset($_POST["user_number"])) {
    if (strlen($_POST["user_password"]) < 2) {
        http_response_code(400);
        $response["error"] = "Password must contain multiple characters.";
    } else {
        $userEmail = null;
        if (isset($_POST["user_email"])) {
            $userEmail = $_POST["user_email"];
        }
        $success = addUser($db, $_POST["user_number"], $_POST["user_name"], $_POST["team_number"], $userEmail, $_POST["user_password"], 0, isset($_POST["user_mentor"]), getSessionKey());
        if ($success) {
            http_response_code(201);
        } else {
            http_response_code(500);
            $response["error"] = "Error adding user.";
        }
    }
} else {
    http_response_code(400);
    $response["error"] = "Missing required fields.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 17
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$result = getCurrentUser($db, getSessionKey());
if ($result) {
    $response["user"] = $result;
} else {
    http_response_code(500);
    $response["error"] = "Error getting user information.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 18
0
<?php

include "functions.php";
echo getSessionKey();
print_r(getallheaders());
phpinfo(32);
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$logs = getLastTimelogs($db, 5, getSessionKey());
if (is_array($logs)) {
    $response['timelogs'] = $logs;
} else {
    http_response_code(500);
    $response["error"] = "Error retreiving timelogs.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 20
0
               ) 
               [2] => stdClass Object ( 
                   [type] => main 
                   [url] => xxx
               ) 
               [3] => stdClass Object ( 
                   [type] => large 
                   [url] => xxx
               ) 
           ) 
       ) 
       [access_token] => xxx
    )
    */
    $uid = $result->user->id;
    $accessToken = $result->access_token;
    $sessionKey = json_decode(getSessionKey($accessToken));
    $session_key = $sessionKey->renren_token->session_key;
    $url = "success.php?access_token={$accessToken}&uid={$uid}&session_key={$session_key}";
    header("Location:{$url}");
}
if (isset($_GET['access_token']) && isset($_GET['uid']) && isset($_GET['session_key'])) {
    $accessToken = $_GET['access_token'];
    $uid = $_GET['uid'];
    $session_key = $_GET['session_key'];
    $fields = "uid,name,sex,star,zidou,vip,birthday,email_hash,tinyurl,headurl,mainurl,hometown_location,work_history,university_history";
    $pro1 = getInfo($accessToken, $fields, $uid, $_SESSION['renren_secretkey']);
    echo "Welcome , {$pro1[0]->name} , id : {$pro1[0]->uid}<br/>";
    echo "<img src = '{$pro1[0]->headurl}'></img><br/>";
    $pro2 = getProfileInfo($accessToken, $fields, $uid, $_SESSION['renren_secretkey']);
}
Exemplo n.º 21
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$teams = getTeams($db, getSessionKey());
if (is_array($teams)) {
    $response['teams'] = $teams;
} else {
    http_response_code(500);
    $response["error"] = "Error retreiving teams.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 22
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["timelog_id"])) {
    $success = deleteTimelog($db, $_POST["timelog_id"], getSessionKey());
    if ($success) {
        http_response_code(200);
    } else {
        http_response_code(500);
        $response["error"] = "Error deleting log.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Timelog ID is required.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 23
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"])) {
    $result = getUser($db, $_GET["user_id"], getSessionKey());
    if ($result) {
        $response["user"] = $result;
    } else {
        http_response_code(500);
        $response["error"] = "Error getting user information.";
    }
} else {
    http_response_code(400);
    $response["error"] = "User ID is required.";
}
echo json_encode($response);
$db->close();
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$teams = getTeamsAndUsers($db, getSessionKey());
if (is_array($teams)) {
    $response['teams'] = $teams;
} else {
    http_response_code(500);
    $response["error"] = "Error retreiving teams.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 25
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) {
    $result = getUserTime($db, $_GET["user_id"], $_GET["time_start"], $_GET["time_end"], getSessionKey());
    if ($result) {
        $response["time"] = $result["user_time"];
    } else {
        http_response_code(500);
        $response["error"] = "Error getting user time.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$users = getLoggedInUsers($db, getSessionKey());
if (is_array($users)) {
    $response['users'] = $users;
} else {
    http_response_code(500);
    $response["error"] = "Error retreiving logged in users.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 27
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["team_number"]) && isset($_POST["team_name"])) {
    $success = addTeam($db, $_POST["team_number"], $_POST["team_name"], getSessionKey());
    if ($success) {
        http_response_code(201);
    } else {
        http_response_code(500);
        $response["error"] = "Error adding team.";
    }
} else {
    http_response_code(400);
    $response["error"] = "Team name name and team number are required.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 28
0
<?php

include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$sessionKey = getSessionKey();
if ($sessionKey) {
    $result = logout($db, $sessionKey);
    if ($result) {
        http_response_code(200);
    } else {
        http_response_code(500);
        $response["error"] = "Error logging out.";
    }
} else {
    http_response_code(400);
    $response["error"] = "User isn't logged in.";
}
echo json_encode($response);
$db->close();
Exemplo n.º 29
0
 public static function createGuess($firstName, $lastName, $mail, $weight)
 {
     // Make sure the name is valid
     if (!AccountUtils::isValidName($firstName) || !AccountUtils::isValidName($firstName)) {
         throw new Exception('The name is invalid.');
     }
     // Make sure the mail is valid
     if (!AccountUtils::isValidMail($mail)) {
         throw new Exception('The mail is invalid.');
     }
     // TODO: Validate the weight!
     // Get the session ID
     $sessionId = getSessionKey();
     // Determine the creation date time
     $dateTime = DateTime::now();
     // Get the guess IP
     $ip = IpUtils::getClientIp();
     // Prepare a query for the picture being added
     $statement = Database::getPDO()->prepare('INSERT INTO ' . static::getDatabaseTableName() . ' (guess_session_id, guess_first_name, guess_last_name, guess_mail, guess_weight, guess_datetime, guess_ip) ' . 'VALUES (:session_id, :first_name, :last_name, :mail, :weight, :guess_datetime, :ip)');
     $statement->bindValue(':session_id', $sessionId, PDO::PARAM_STR);
     $statement->bindValue(':first_name', $firstName, PDO::PARAM_STR);
     $statement->bindValue(':last_name', $lastName, PDO::PARAM_STR);
     $statement->bindValue(':mail', $mail, PDO::PARAM_STR);
     $statement->bindValue(':weight', $weight, PDO::PARAM_STR);
     // TODO: Use the UTC/GMT timezone!
     $statement->bindValue(':guess_datetime', $dateTime->toString(), PDO::PARAM_STR);
     $statement->bindValue(':ip', $ip, PDO::PARAM_STR);
     // Execute the prepared query
     if (!$statement->execute()) {
         throw new Exception('Failed to query the database.');
     }
     // Get and return the guess instance
     return new Guess(Database::getPDO()->lastInsertId());
 }
Exemplo n.º 30
0
<?php

use carbon\core\util\StringUtils;
// Initialize the app
require_once '../app/init.php';
// Get the session ID
if ($sessionId == null) {
    $sessionId = getSessionKey();
}
// Make sure the session ID is valid
if (StringUtils::equals($sessionId, '', true, true)) {
    returnError('Session error.');
}
/**
* Return an error.
*
* @param string $msg The message
* @return string
*/
function returnError($msg)
{
    // Return the error as JSON
    returnJson(array('error' => $msg));
}
/**
* Return an array with data as JSON.
*
* @param array $array The array to return as JSON.
*/
function returnJson($array)
{