function isValidSessionkey()
{
return isset($_REQUEST['sk']) && $_REQUEST['sk'] == getSessionKey();
}
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["team_number"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) {
$result = getTeamTimes($db, $_GET["team_number"], $_GET["time_start"], $_GET["time_end"], getSessionKey());
if (is_array($result)) {
$response["times"] = $result;
} else {
http_response_code(500);
$response["error"] = "Error getting user times.";
}
} else {
http_response_code(400);
$response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["team_number"])) {
$team = getTeam($db, $_GET["team_number"], getSessionKey());
if ($team) {
$response['team'] = $team;
} else {
http_response_code(500);
$response["error"] = "Error retreiving team information.";
}
} else {
http_response_code(400);
$response["error"] = "Team number is required.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$userId = getUserID($db, getSessionKey());
if ($userId) {
$response['user_id'] = $userId;
$response['user_admin'] = isAdmin($db, getSessionKey());
$response['mentor_team'] = getMentorTeam($db, getSessionKey());
} else {
http_response_code(500);
$response["error"] = "Error validating session.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["user_id"]) && isset($_POST["timelog_timein"])) {
$success = writeTimelog($db, $_POST["user_id"], $_POST["timelog_timein"], $_POST["timelog_timeout"], getSessionKey());
if ($success) {
http_response_code(200);
} else {
http_response_code(500);
$response["error"] = "Error updating timelog.";
}
} else {
http_response_code(400);
$response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["old_password"]) && isset($_POST["new_password"]) && isset($_POST["new_password_confirm"]) && $_POST["new_password"] == $_POST["new_password_confirm"]) {
$success = changePassword($db, $_POST["old_password"], $_POST["new_password"], getSessionKey());
if ($success) {
http_response_code(200);
} else {
http_response_code(500);
$response["error"] = "Error updating password.";
}
} else {
http_response_code(400);
$response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["timelog_id"]) && isset($_POST["timelog_timein"]) && isset($_POST["timelog_timeout"])) {
$success = updateTimelog($db, $_POST["timelog_id"], $_POST["timelog_timein"], $_POST["timelog_timeout"], getSessionKey());
if ($success) {
http_response_code(200);
} else {
http_response_code(500);
$response["error"] = "Error updating timelog.";
}
} else {
http_response_code(400);
$response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
function verifyLogin()
{
$session_token = $_SESSION['userData']['session_token'];
$session_key = getSessionKey();
try {
$decoded = JWT::decode($session_token, $session_key, array('HS256'));
if ($decoded->uip != $_SERVER['REMOTE_ADDR']) {
return false;
}
return true;
} catch (Exception $e) {
//var_dump($e);
return false;
}
}
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$filterNames = ["user_name", "user_id", "team_name", "team_number", "time_limit", "time_start", "time_end", "num_low", "num_limit"];
$filters = [];
$hasFilters = false;
for ($i = 0; $i < count($filterNames); $i++) {
$filterName = $filterNames[$i];
if (isset($_GET[$filterName]) && $_GET[$filterName] != "") {
$filters[$filterName] = $_GET[$filterName];
$hasFilters = true;
} else {
$filters[$filterName] = null;
}
}
$logs = [];
if ($hasFilters) {
$logs = getTimelogs($db, $filters, getSessionKey());
}
if (is_array($logs)) {
$response['timelogs'] = $logs;
} else {
http_response_code(500);
$response["error"] = "Error retreiving timelogs.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["timelog_id"])) {
$result = getTimelog($db, $_GET["timelog_id"], getSessionKey());
if ($result) {
$response["timelog"] = $result;
} else {
http_response_code(500);
$response["error"] = "Error getting timelog information.";
}
} else {
http_response_code(400);
$response["error"] = "Timelog ID is required.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) {
$result = getHoursInRange($db, $_GET["user_id"], $_GET["time_start"], $_GET["time_end"], getSessionKey());
if (is_array($result)) {
$response["timelog"] = $result;
} else {
http_response_code(500);
$response["error"] = "Error getting hours information.";
}
} else {
http_response_code(400);
$response["error"] = "Missing necessary information.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"])) {
$result = getHours($db, $_GET["user_id"], getSessionKey());
if ($result) {
$response["timelog"] = $result;
} else {
http_response_code(500);
$response["error"] = "Error getting hours information.";
}
} else {
http_response_code(400);
$response["error"] = "User ID is required.";
}
echo json_encode($response);
$db->close();
function user_result($response)
{
$userResponse = array('header' => AuthenticationProtocol::HEADER_SERVER_USER_MESSAGE_RESPONSE, 'response' => $response);
result($userResponse, getSessionKey());
}
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["team_number"])) {
$success = teamSignout($db, $_POST["team_number"], getSessionKey());
if ($success) {
http_response_code(201);
} else {
http_response_code(500);
$response["error"] = "Error signing team out.";
}
} else {
http_response_code(400);
$response["error"] = "Team number is required.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$teamNumber = null;
if (isset($_GET['team_number'])) {
$teamNumber = $_GET['team_number'];
}
$users = getUsers($db, $teamNumber, getSessionKey());
if (is_array($users)) {
$response['users'] = $users;
} else {
http_response_code(500);
$response["error"] = "Error retreiving users.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["user_name"]) && isset($_POST["team_number"]) && isset($_POST["user_password"]) && isset($_POST["user_password_confirm"]) && $_POST["user_password"] == $_POST["user_password_confirm"] && isset($_POST["user_number"])) {
if (strlen($_POST["user_password"]) < 2) {
http_response_code(400);
$response["error"] = "Password must contain multiple characters.";
} else {
$userEmail = null;
if (isset($_POST["user_email"])) {
$userEmail = $_POST["user_email"];
}
$success = addUser($db, $_POST["user_number"], $_POST["user_name"], $_POST["team_number"], $userEmail, $_POST["user_password"], 0, isset($_POST["user_mentor"]), getSessionKey());
if ($success) {
http_response_code(201);
} else {
http_response_code(500);
$response["error"] = "Error adding user.";
}
}
} else {
http_response_code(400);
$response["error"] = "Missing required fields.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$result = getCurrentUser($db, getSessionKey());
if ($result) {
$response["user"] = $result;
} else {
http_response_code(500);
$response["error"] = "Error getting user information.";
}
echo json_encode($response);
$db->close();
<?php include "functions.php"; echo getSessionKey(); print_r(getallheaders()); phpinfo(32);
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$logs = getLastTimelogs($db, 5, getSessionKey());
if (is_array($logs)) {
$response['timelogs'] = $logs;
} else {
http_response_code(500);
$response["error"] = "Error retreiving timelogs.";
}
echo json_encode($response);
$db->close();
)
[2] => stdClass Object (
[type] => main
[url] => xxx
)
[3] => stdClass Object (
[type] => large
[url] => xxx
)
)
)
[access_token] => xxx
)
*/
$uid = $result->user->id;
$accessToken = $result->access_token;
$sessionKey = json_decode(getSessionKey($accessToken));
$session_key = $sessionKey->renren_token->session_key;
$url = "success.php?access_token={$accessToken}&uid={$uid}&session_key={$session_key}";
header("Location:{$url}");
}
if (isset($_GET['access_token']) && isset($_GET['uid']) && isset($_GET['session_key'])) {
$accessToken = $_GET['access_token'];
$uid = $_GET['uid'];
$session_key = $_GET['session_key'];
$fields = "uid,name,sex,star,zidou,vip,birthday,email_hash,tinyurl,headurl,mainurl,hometown_location,work_history,university_history";
$pro1 = getInfo($accessToken, $fields, $uid, $_SESSION['renren_secretkey']);
echo "Welcome , {$pro1[0]->name} , id : {$pro1[0]->uid}<br/>";
echo "<img src = '{$pro1[0]->headurl}'></img><br/>";
$pro2 = getProfileInfo($accessToken, $fields, $uid, $_SESSION['renren_secretkey']);
}
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$teams = getTeams($db, getSessionKey());
if (is_array($teams)) {
$response['teams'] = $teams;
} else {
http_response_code(500);
$response["error"] = "Error retreiving teams.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["timelog_id"])) {
$success = deleteTimelog($db, $_POST["timelog_id"], getSessionKey());
if ($success) {
http_response_code(200);
} else {
http_response_code(500);
$response["error"] = "Error deleting log.";
}
} else {
http_response_code(400);
$response["error"] = "Timelog ID is required.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"])) {
$result = getUser($db, $_GET["user_id"], getSessionKey());
if ($result) {
$response["user"] = $result;
} else {
http_response_code(500);
$response["error"] = "Error getting user information.";
}
} else {
http_response_code(400);
$response["error"] = "User ID is required.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$teams = getTeamsAndUsers($db, getSessionKey());
if (is_array($teams)) {
$response['teams'] = $teams;
} else {
http_response_code(500);
$response["error"] = "Error retreiving teams.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_GET["user_id"]) && isset($_GET["time_start"]) && isset($_GET["time_end"])) {
$result = getUserTime($db, $_GET["user_id"], $_GET["time_start"], $_GET["time_end"], getSessionKey());
if ($result) {
$response["time"] = $result["user_time"];
} else {
http_response_code(500);
$response["error"] = "Error getting user time.";
}
} else {
http_response_code(400);
$response["error"] = "Missing required information.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$users = getLoggedInUsers($db, getSessionKey());
if (is_array($users)) {
$response['users'] = $users;
} else {
http_response_code(500);
$response["error"] = "Error retreiving logged in users.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
if (isset($_POST["team_number"]) && isset($_POST["team_name"])) {
$success = addTeam($db, $_POST["team_number"], $_POST["team_name"], getSessionKey());
if ($success) {
http_response_code(201);
} else {
http_response_code(500);
$response["error"] = "Error adding team.";
}
} else {
http_response_code(400);
$response["error"] = "Team name name and team number are required.";
}
echo json_encode($response);
$db->close();
<?php
include "connect.php";
include "functions.php";
header("Content-Type: application/json");
$response = [];
$sessionKey = getSessionKey();
if ($sessionKey) {
$result = logout($db, $sessionKey);
if ($result) {
http_response_code(200);
} else {
http_response_code(500);
$response["error"] = "Error logging out.";
}
} else {
http_response_code(400);
$response["error"] = "User isn't logged in.";
}
echo json_encode($response);
$db->close();
public static function createGuess($firstName, $lastName, $mail, $weight)
{
// Make sure the name is valid
if (!AccountUtils::isValidName($firstName) || !AccountUtils::isValidName($firstName)) {
throw new Exception('The name is invalid.');
}
// Make sure the mail is valid
if (!AccountUtils::isValidMail($mail)) {
throw new Exception('The mail is invalid.');
}
// TODO: Validate the weight!
// Get the session ID
$sessionId = getSessionKey();
// Determine the creation date time
$dateTime = DateTime::now();
// Get the guess IP
$ip = IpUtils::getClientIp();
// Prepare a query for the picture being added
$statement = Database::getPDO()->prepare('INSERT INTO ' . static::getDatabaseTableName() . ' (guess_session_id, guess_first_name, guess_last_name, guess_mail, guess_weight, guess_datetime, guess_ip) ' . 'VALUES (:session_id, :first_name, :last_name, :mail, :weight, :guess_datetime, :ip)');
$statement->bindValue(':session_id', $sessionId, PDO::PARAM_STR);
$statement->bindValue(':first_name', $firstName, PDO::PARAM_STR);
$statement->bindValue(':last_name', $lastName, PDO::PARAM_STR);
$statement->bindValue(':mail', $mail, PDO::PARAM_STR);
$statement->bindValue(':weight', $weight, PDO::PARAM_STR);
// TODO: Use the UTC/GMT timezone!
$statement->bindValue(':guess_datetime', $dateTime->toString(), PDO::PARAM_STR);
$statement->bindValue(':ip', $ip, PDO::PARAM_STR);
// Execute the prepared query
if (!$statement->execute()) {
throw new Exception('Failed to query the database.');
}
// Get and return the guess instance
return new Guess(Database::getPDO()->lastInsertId());
}
<?php
use carbon\core\util\StringUtils;
// Initialize the app
require_once '../app/init.php';
// Get the session ID
if ($sessionId == null) {
$sessionId = getSessionKey();
}
// Make sure the session ID is valid
if (StringUtils::equals($sessionId, '', true, true)) {
returnError('Session error.');
}
/**
* Return an error.
*
* @param string $msg The message
* @return string
*/
function returnError($msg)
{
// Return the error as JSON
returnJson(array('error' => $msg));
}
/**
* Return an array with data as JSON.
*
* @param array $array The array to return as JSON.
*/
function returnJson($array)
{
