/**
* determine basket id
*/
protected function getBasketId()
{
// from session by default
$result = $_SESSION['basket']['id'];
// parameter may override session
if (is_numeric($this->GET['id'])) {
// is the parameter from $_GET or from parent component?
if ($_GET['id'] == $this->GET['id']) {
// for security reasons do not allow to override the id by
// $_GET parameter if valid security code is not present
if (substr(makeHash($this->GET['id']), 0, 8) == $this->GET['code']) {
return $this->GET['id'];
}
} else {
return $this->GET['id'];
}
}
return $result;
}
}
.pilotRow{
background: none repeat scroll 0 0 #F8F8F8;
border-bottom: 1px solid #CCCACA;
cursor: pointer;
margin-top: 2px;
padding: 3px;
}
</style>
<script type="text/javascript">
<?php
$_SESSION['sessionHashCode'] = makeHash('EXT_pilot_functions');
if ($CONF_use_utf) {
$CONF_ENCODING = 'utf-8';
} else {
$CONF_ENCODING = $langEncodings[$currentlang];
}
?>
var pilots=[];
$(document).ready(function() {
$(".pilotRow").live('click',function () {
var userID=$(this).attr('id').substr(2);
$.get('<?php
echo $moduleRelPath;
function auth($username, $password, $requiresWrite)
{
$u = Database::escape(makeHash($username));
$pUnescaped = makeHash($password);
Database::insert("INSERT INTO users (username, password, time_last_active, time_registered) VALUES (" . $u . ", " . Database::escape($pUnescaped) . ", " . time() . ", " . time() . ") ON DUPLICATE KEY UPDATE time_registered = IF(time_registered IS NULL, VALUES(time_registered), time_registered), password = IF(password IS NULL, VALUES(password), password), time_last_active = VALUES(time_last_active)");
$res = Database::selectFirst("SELECT id, password, write_lock_until, login_throttled_until FROM users WHERE username = "******"SELECT action_count FROM throttling WHERE username = "******" AND date_str = " . $date_str . " AND action_type = 'failed_login'");
// if the number of failed attempts has reached the critical threshold
if (isset($throttling['action_count']) && $throttling['action_count'] >= CONFIG_THROTTLING_LOGIN_ATTEMPTS) {
// throttle the user's login for some time
$throttlingTimeout = intval(time() + 3600 * CONFIG_THROTTLING_LOGIN_HOURS);
Database::update("UPDATE users SET login_throttled_until = " . $throttlingTimeout . " WHERE username = "******"INSERT INTO throttling (username, date_str, action_type) VALUES (" . $u . ", " . $date_str . ", 'failed_login') ON DUPLICATE KEY UPDATE action_count = action_count+1");
}
respond(array('status' => 'not_authorized'));
}
}
} else {
respond(array('status' => 'not_authorized'));
}
return NULL;
// suppress IDE warnings
}
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see {http://www.gnu.org/licenses/}.
*/
require_once __DIR__ . '/../base.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// initialization
$user = init($_GET);
// prepare username and password for internal usage with the database
$usernameEscaped = Database::escape(makeHash($user['username']));
$passwordEscaped = Database::escape(makeHash($user['password']));
// get the user whose phone number we want to prepare for verification
$verifyUser = Database::selectFirst("SELECT id FROM users WHERE username = "******" AND password IS NOT NULL AND password != " . $passwordEscaped);
// if an existing user with the given username could be found (whose password is set but not the given one)
if (isset($verifyUser['id'])) {
// search for other verification requests which may still be open for this user
$openRequests = Database::selectFirst("SELECT COUNT(*) FROM verifications WHERE user_id = " . intval($verifyUser['id']) . " AND time_until > " . time());
// if the user has fewer than 50 open verification requests (we allow some for failed attempts)
if (isset($openRequests['COUNT(*)']) && $openRequests['COUNT(*)'] < 50) {
$verificationCode = md5(openssl_random_pseudo_bytes(128));
$validUntilTime = time() + 3600 * 12;
$success = Database::insert("INSERT INTO verifications (user_id, new_password, verification_code, time_created, time_until) VALUES (" . intval($verifyUser['id']) . ", " . $passwordEscaped . ", " . Database::escape($verificationCode) . ", " . time() . ", " . $validUntilTime . ")");
if ($success) {
respond(array('status' => 'ok', 'apiPhoneNumber' => CONFIG_API_PHONE_NUMBER, 'verificationCode' => $verificationCode, 'validUntil' => $validUntilTime));
} else {
respond(array('status' => 'bad_request'));
} else {
echo $pilot['text'];
}
$i++;
if ($i > $count) {
break;
}
}
if ($_GET['json']) {
echo "]} ";
}
return;
}
if ($op == 'findFriends') {
$hash = $_SESSION['sessionHashCode'];
if (makeHash('EXT_pilot_functions') != $hash) {
if (!$CONF['bugs']['badSessions']) {
echo "Access Denied";
return;
}
}
require_once dirname(__FILE__) . '/lib/json/CL_json.php';
if ($CONF_use_utf) {
$CONF_ENCODING = 'utf-8';
} else {
$CONF_ENCODING = $langEncodings[$currentlang];
}
// header('Content-type: application/text; charset="'.$CONF_ENCODING.'"',true);
$pilotName0 = stripslashes($_GET['q']);
$pilotName0 = trim($pilotName0);
$pilotName = str_replace(" ", "%", $pilotName0);
function makeSQL($postArray, $formNum)
{
foreach ($postArray as $k => $v) {
${$k} = $v;
}
if ($formNum == "0") {
$fname = safe($fname);
$mname = safe($mname);
$lname = safe($lname);
$nickname = safe($nickname);
$street_address = safe($street_address);
$city = safe($city);
$state = safe($state);
$zip = safe($zip);
$country = safe($country);
$email = safe($email);
$phone = safe($phone);
$high_school = safe($high_school);
$high_school_city = safe($high_school_city);
$high_school_state = safe($high_school_state);
$high_school_country = safe($high_school_country);
$anticipated_grad_year = safe($anticipated_grad_year);
if (isset($nycounty) && $nycounty != "") {
$nycounty = safe($nycounty);
}
if (isset($paArea) && $paArea != "") {
$paArea = safe($paArea);
}
$role = "student";
// ('student','parent','donor','alumni')
if ($gender == "male") {
$gender = "m";
} else {
if ($gender == "female") {
$gender = "f";
} else {
$gender = "";
}
}
$dob = $dob_year;
$dob .= '-';
$dob .= $dob_month;
$dob .= '-';
$dob .= $dob_day;
$hash_id = makeHash($fname, $lname, $dob_year, $dob_month, $dob_day);
$this_ethnicity = "";
foreach ($postArray['ethnicities'] as $ethnicity) {
if ($postArray[$ethnicity] != "") {
$this_ethnicity .= $ethnicity . ":" . $postArray[$ethnicity];
$this_ethnicity .= ",";
}
}
if ($this_ethnicity != "") {
$this_ethnicity = substr($this_ethnicity, 0, strlen($this_ethnicity) - 1);
}
// clean up for db insert
$academic_interests = safe($academic_interests);
$extra_curricular = safe($extra_interests);
$three_words = safe($three_words);
$questions_and_comments = safe($questions_and_comments);
$ethnicity = $this_ethnicity;
$parent1_fname = safe($parent1_fname);
$parent1_lname = safe($parent1_lname);
$parent1_relationship = substr($parent1_type, 0, 1);
$parent1_email = safe($parent1_email);
$parent1_phone = safe($parent1_phone);
$parent1_phonetype = $parent1_phonetype;
$parent2_fname = safe($parent2_fname);
$parent2_lname = safe($parent2_lname);
$parent2_relationship = substr($parent2_type, 0, 1);
$parent2_email = safe($parent2_email);
$parent2_phone = safe($parent2_phone);
$parent2_phonetype = $parent2_phonetype;
if ($mailinglist != "") {
$mail_list = "1";
} else {
$mail_list = "0";
}
if ($additional_questions != "") {
$call = "1";
} else {
$call = "0";
}
$sql = "INSERT INTO forms.admission_form_submission \n\t\t\t(form_id, firstname, middlename, lastname, nickname, email, role, gender, street_address, street_address_2, \n\t\t\t city, state, country, postal_code, phone, dob, high_school, high_school_city, high_school_state, \n\t\t\t high_school_country, anticipated_grad_year, academic_interests, extra_curricular, three_words, ethnicity, \n\t\t\t reference, mail_list, `call`, comment, date_submitted, vr_email, vr_campaign, vr_term, hash_id, \n\t\t\t parent1_fname, parent1_lname, parent1_relationship, parent1_email, parent1_phone, parent1_phonetype, \n\t\t\t parent2_fname, parent2_lname, parent2_relationship, parent2_email, parent2_phone, parent2_phonetype, \n\t\t\t dup_flag, typage_wedcall, typage_thcall, typage_question, counselor) \n\t\t\t VALUES (\n\t\t\t {$formNum}, '{$fname}', '{$mname}', '{$lname}', '{$nickname}', '{$email}', '{$role}', '{$gender}', '{$street_address}', \n\t\t\t '{$street_address_2}', '{$city}', '{$state}', '{$country}', '{$zip}', '{$phone}', '{$dob}', '{$high_school}', '{$high_school_city}', \n\t\t\t '{$high_school_state}', '{$high_school_country}', '{$anticipated_grad_year}', '{$academic_interests}', '{$extra_curricular}', \n\t\t\t '{$three_words}', '{$ethnicity}', '{$how_did_you_hear}', '{$mail_list}', '{$call}', '{$questions_and_comments}', NOW(), \n\t\t\t '', '', '', '{$hash_id}', '{$parent1_fname}', '{$parent1_lname}', '{$parent1_relationship}', '{$parent1_email}', \n\t\t\t '{$parent1_phone}', '{$parent1_phonetype}', '{$parent2_fname}', '{$parent2_lname}', '{$parent2_relationship}', \n\t\t\t '{$parent2_email}', '{$parent2_phone}', '{$parent2_phonetype}', '{$dup_flag}', '', '', '', '{$counselor}')";
} else {
if ($formNum == "1") {
$fname = safe($fname);
$mname = safe($mname);
$lname = safe($lname);
$nickname = safe($nickname);
$street_address = safe($street_address);
$city = safe($city);
$state = safe($state);
$zip = safe($zip);
$country = safe($country);
$email = safe($email);
$phone = safe($phone);
$high_school = safe($high_school);
$high_school_city = safe($high_school_city);
$high_school_state = safe($high_school_state);
$high_school_country = safe($high_school_country);
$anticipated_grad_year = safe($anticipated_grad_year);
if (isset($nycounty) && $nycounty != "") {
$nycounty = safe($nycounty);
}
if (isset($paArea) && $paArea != "") {
$paArea = safe($paArea);
}
$role = "student";
// ('student','parent','donor','alumni')
if ($gender == "male") {
$gender = "m";
} else {
if ($gender == "female") {
$gender = "f";
} else {
$gender = "";
}
}
$dob = getDOB($dob_y, $dob_m, $dob_d);
$hash_id = makeHash($fname, $lname, $dob_y, $dob_m, $dob_d);
$tinfo = getTerritoryInfo($high_school_state, $territories);
$counselor = $tinfo['fields_recruiter'];
$sql = "INSERT INTO forms.admission_form_submission\n(form_id, firstname, middlename, lastname, nickname, email, role, gender, street_address, street_address_2, city, state, country, postal_code, phone, dob, high_school, high_school_city, high_school_state, high_school_country, anticipated_grad_year, date_submitted, vr_email, vr_campaign, vr_term, hash_id, dup_flag,counselor) \nVALUES ({$formNum}, '{$fname}', '{$mname}', '{$lname}', '{$nickname}', '{$email}', '{$role}', '{$gender}', '{$street_address}', '{$street_address_2}', '{$city}', '{$state}', '{$country}', '{$zip}', '{$phone}', '{$dob}', '{$high_school}', '{$high_school_city}', '{$high_school_state}', '{$high_school_country}', '{$anticipated_grad_year}', NOW(), '{$vr_email}', '{$vr_campaign}', '{$vr_term}', '{$hash_id}','{$dup_flag}','{$counselor}');\n";
} else {
$this_ethnicity = "";
foreach ($postArray['ethnicities'] as $ethnicity) {
if ($postArray[$ethnicity] != "") {
$this_ethnicity .= $ethnicity . ":" . $postArray[$ethnicity];
$this_ethnicity .= ",";
}
}
if ($this_ethnicity != "") {
$this_ethnicity = substr($this_ethnicity, 0, strlen($this_ethnicity) - 1);
}
// clean up for db insert
$academic_interests = safe($academic_interests);
$extra_curricular = safe($extra_interests);
$three_words = safe($three_words);
$additional_questions = safe($questions_and_comments);
$ethnicity = $this_ethnicity;
$parent1_fname = safe($parent1_fname);
$parent1_lname = safe($parent1_lname);
$parent1_relationship = substr($parent1_type, 0, 1);
$parent1_email = safe($parent1_email);
$parent1_phone = safe($parent1_phone);
$parent1_phonetype = $parent1_phonetype;
$parent2_fname = safe($parent2_fname);
$parent2_lname = safe($parent2_lname);
$parent2_relationship = substr($parent2_type, 0, 1);
$parent2_email = safe($parent2_email);
$parent2_phone = safe($parent2_phone);
$parent2_phonetype = $parent2_phonetype;
$db_id = $db_id;
$counselor = $counselor;
$sql = "UPDATE forms.admission_form_submission SET \n\t\t\tacademic_interests = '{$academic_interests}',\n\t\t\textra_curricular = '{$extra_curricular}',\n\t\t\tthree_words = '{$three_words}',\n\t\t\tcomment = '{$additional_questions}',\n\t\t\tethnicity = '{$ethnicity}',\n\t\t\tparent1_fname = '{$parent1_fname}',\n\t\t\tparent1_lname = '{$parent1_lname}',\n\t\t\tparent1_relationship = '{$parent1_relationship}',\n\t\t\tparent1_email = '{$parent1_email}',\n\t\t\tparent1_phone = '{$parent1_phone}',\n\t\t\tparent1_phonetype = '{$parent1_phonetype}',\n\t\t\tparent2_fname = '{$parent2_fname}',\n\t\t\tparent2_lname = '{$parent2_lname}',\n\t\t\tparent2_relationship = '{$parent2_relationship}',\n\t\t\tparent2_email = '{$parent2_email}',\n\t\t\tparent2_phone = '{$parent2_phone}',\n\t\t\tparent2_phonetype = '{$parent2_phonetype}',\n\t\t\tcounselor = '{$counselor}' \n\t\t\t\tWHERE id = {$db_id}";
}
}
return $sql;
}
foreach ($data['trials'] as $img => $info) {
fwrite($f, '[' . $img . ']:[' . $info['question'] . ']:[' . $info['coords'] . "]\n");
}
fclose($f);
include 'src/thanks.php';
return;
}
if (count($data['fillers']) && ((count($data['fillers']) + count($data['images'])) % 2 == 0 || !count($data['images']))) {
$question = $fillerQuestions[rand() % count($fillerQuestions)];
$image = array_pop($data['fillers']);
} else {
$question = $criticalQuestions[$data['condition']];
$image = array_pop($data['images']);
}
$dataString = serialize($data);
$hash = makeHash($dataString);
?>
<div class="info">image <?php
echo $step;
?>
out of <?php
echo $step + count($data['fillers']) + count($data['images']);
?>
</div>
<div class="error">
<h2><?php
echo $question;
?>
</h2><br>
You have <span id="selectionsLeft"><?php
* along with this program. If not, see {http://www.gnu.org/licenses/}.
*/
require_once __DIR__ . '/../base.php';
require_once __DIR__ . '/../base_crypto.php';
require_once __DIR__ . '/classes/UserIDsInThread.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// initialization
$user = init($_POST);
// force authentication
$userID = auth($user['username'], $user['password'], true);
// check if required parameters are set
if (isset($_POST['messageID']) && isset($_POST['text']) && isset($_POST['random'])) {
// require at least 32 characters for the random string
if (strlen($_POST['random']) >= 32) {
$messageID = intval(base64_decode(trim($_POST['messageID'])));
$commentSecret = makeHash($_POST['random']);
$textEncrypted = encrypt(trim($_POST['text']), $commentSecret);
$text = trim($_POST['text']);
// check if this is a private reply and, if so, get the necessary data
$privateToUser = NULL;
$privateRecipientInThread = NULL;
if (isset($_POST['privateReplyToComment'])) {
$commenterData = UserIDsInThread::getByComment($messageID, intval(base64_decode(trim($_POST['privateReplyToComment']))));
if (isset($commenterData['user_id'])) {
$privateToUser = $commenterData['user_id'];
} else {
respond(array('status' => 'bad_request'));
}
if (isset($commenterData['public_id'])) {
$privateRecipientInThread = $commenterData['public_id'];
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// initialization
$user = init($_POST);
// force authentication
$userID = auth($user['username'], $user['password'], false);
// check if required parameters are set
if (isset($_POST['userList'])) {
// prevent users from uploading a contact list with more than 2,000 entries (roughly)
if (strlen($_POST['userList']) < 90000) {
// first prepare the lists of usernames
$contactUsers = explode(',', $_POST['userList']);
$sqlInsertValueList = "";
$sqlWhereInList = "";
$counter = 0;
foreach ($contactUsers as $contactUser) {
$usernameEscaped = Database::escape(makeHash($contactUser));
// for all but the first element
if ($counter > 0) {
// add a comma as the separator
$sqlInsertValueList .= ",";
$sqlWhereInList .= ",";
}
$sqlInsertValueList .= "(" . $usernameEscaped . ")";
$sqlWhereInList .= $usernameEscaped;
$counter++;
}
// if there were contacts in the list
if ($counter > 0) {
// first create dummy user elements for the contacts so that we have an ID
Database::insert("INSERT IGNORE INTO users (username) VALUES " . $sqlInsertValueList);
// then insert the new connections in both directions
<p>You will answer by clicking on the objects, and typing short (preferably 1 word) label that clearly identifies the object.
Please stick to the following rules:
<ul>
<li>Click only visible parts of the objects (do not click on the areas that are occluded by different objects)</li>
<li>Try to click in the centre of the object</li>
<li>Click the objects in order you believe best answer the question (e.g. if you are asked to select 3 largers objects, do so in such a way that you click biggest one first, followed by second and third largest)</li>
<li>You have to select at least one object in the image. You may not use all the available clicks, but please do it only if you really believe that doing so is justified.</li>
</ul>
</p>
<p>Now please press "next" to begin...</p>
</div>
<form method="POST" action="" id="startForm">
<input type="hidden" name="step" value="1"/>
<input type="hidden" name="hash" value="<?php
echo makeHash('');
?>
" />
<input type="hidden" name="screen" id="screen" value="" />
<input type="button" class="button" id="beginButton" value="begin!" />
</form>
<script>
$('#beginButton').bind('click', function(event) {
$('#screen').val(screen.width + "," + screen.height + ',' + screen.availWidth + ',' + screen.availHeight);
startForm.submit();
}) ;
</script>
function makeHash($string)
{
return md5('super' . md5($string . 'hash'));
}
if ($_REQUEST['data']) {
$_REQUEST['data'] = base64_decode($_REQUEST['data']);
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/style.css" />
<script src="http://code.jquery.com/jquery-1.7.2.js"></script>
<head>
<body>
<div class="content">
<?php
if (!$_REQUEST['step'] || $_REQUEST['hash'] != makeHash($_REQUEST['data'])) {
include BASE_DIR . '/src/welcome.php';
} else {
if ($_REQUEST['step'] != 'final') {
include 'src/experiment.php';
} else {
include 'src/thanks.php';
}
}
?>
</div>
</body>
</html>
$memo = $app->request()->post('memo');
$email = $app->request()->post('email');
if (!isset($email)) {
throw new Exception('email isn\'t set.');
}
$image_name = $_FILES['image']['name'];
$image_size = $_FILES['image']['size'];
$image_tmp = $_FILES['image']['tmp_name'];
$output_dir = '../' . IMAGE_DIR . $email . '/';
// IMAGE_DIR/$emailディレクトリが無ければ作成
if (!is_dir($output_dir)) {
mkdir($output_dir, 0755, true);
chgrp($output_dir, '_www');
}
// 出力ファイルのパスを作成
$hash = makeHash($email);
$output_dir = $output_dir . $hash . '/';
// ./uploaded_images/$email/$hash/ディレクトリが無ければ作成
if (!is_dir($output_dir)) {
mkdir($output_dir, 0755, true);
chgrp($output_dir, '_www');
}
$image_info = pathinfo($image_name);
$image_extension = strtolower($image_info['extension']);
$image_name_only = strtolower($image_info['filename']);
$dst_path = $output_dir . $image_name_only . '.' . $image_extension;
// 画像サイズ、タイプを取得
$image_info = getimagesize($image_tmp);
$src_width = $image_info[0];
$src_height = $image_info[1];
$image_type = $image_info['mime'];
if (preg_match('/[abcdef0-9]{32,}/is', $text, $subpattern)) {
// return the extracted hash
return $subpattern[0];
} else {
// return an empty string because we didn't find the hash
return '';
}
}
$incomingSignature = isset($_SERVER['HTTP_X_TWILIO_SIGNATURE']) ? $_SERVER['HTTP_X_TWILIO_SIGNATURE'] : '';
$requiredSignature = getTwilioSignature(getTwilioEndpoint(), CONFIG_TWILIO_AUTH_CODE, $_POST);
if (hash_equals($incomingSignature, $requiredSignature)) {
if (isset($_POST['From']) && isset($_POST['Body'])) {
$incomingCode = extractHexHash($_POST['Body']);
// try to find an open request with the given verification code
$openRequest = Database::selectFirst("SELECT user_id, new_password FROM verifications WHERE verification_code = " . Database::escape($incomingCode) . " AND time_until > " . time());
// if an open request with the given code has been found
if (isset($openRequest['user_id']) && isset($openRequest['new_password'])) {
$usernameByPhoneNumber = makeHash(clientHash(trim($_POST['From'])));
// set the new password for the user if the actual phone number matches the pretended phone number (contained in the username)
Database::update("UPDATE users SET password = "******" WHERE id = " . intval($openRequest['user_id']) . " AND username = "******"UPDATE verifications SET time_until = 0 WHERE user_id = " . intval($openRequest['user_id']));
}
}
}
// overwrite the response type header
header('Content-type: application/xml; charset=utf-8');
// send an empty response for the Twilio API (do nothing) and exit
echo '<?xml version="1.0" encoding="utf-8"?>';
echo '<Response></Response>';
exit;
/**
* main action
*/
public function mainAction()
{
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
$Order->setCacheable(false);
if (is_numeric($this->GET['order_id'])) {
$order_id = $this->GET['order_id'];
} else {
msg('Order Detail: Missing order_id', 'error');
return false;
}
/**
* security code to allow unlogged users to pay for the order and view their invoice
*/
$this->tpl->assign('ORDER_CODE', makeHash($this->GET['order_id']));
/**
* include node configuration
*/
require_once 'models/common/common_node.php';
$node_conf = common_node::initConfiguration();
$this->tpl->assign('NODE_CONF', $node_conf);
/**
* get detail
*/
$order_data = $Order->getOrder($order_id);
//security check of the owner
$is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id'];
$is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated();
$is_guest_user = $order_data['client']['customer']['status'] == 5;
$is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id'];
$has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']);
if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) {
/**
* display Make Payment if appropriate
*/
if ($Order->checkOrderStatusValidForPayment($order_data['status'])) {
$this->tpl->parse('content.make_payment');
}
/**
* get address detail
*/
$_Onxshop_Request = new Onxshop_Request("component/client/address~invoices_address_id={$order_data['invoices_address_id']}:hide_button=1~");
$this->tpl->assign("ADDRESS_INVOICES", $_Onxshop_Request->getContent());
$_Onxshop_Request = new Onxshop_Request("component/client/address~delivery_address_id={$order_data['delivery_address_id']}:hide_button=1~");
$this->tpl->assign("ADDRESS_DELIVERY", $_Onxshop_Request->getContent());
/**
* basket detail
* if the order is payed, display HTML basket from the invoice, otherwise generate on the fly
*/
require_once 'models/ecommerce/ecommerce_invoice.php';
$Invoice = new ecommerce_invoice();
$Invoice->setCacheable(false);
$invoice_data = $Invoice->getInvoiceForOrder($order_data['id']);
if ($invoice_data) {
$this->tpl->assign("BASKET_DETAIL", $invoice_data['basket_detail']);
$this->tpl->parse("content.print_invoice");
} else {
$_Onxshop_Request = new Onxshop_Request("component/ecommerce/basket_detail~id={$order_data['basket_id']}:order_id={$order_id}:delivery_address_id={$order_data['delivery_address_id']}:delivery_options[carrier_id]={$order_data['other_data']['delivery_options']['carrier_id']}~");
$this->tpl->assign("BASKET_DETAIL", $_Onxshop_Request->getContent());
}
//other data
/* don't show
$order_data['other_data'] = unserialize($order_data['other_data']);
if (is_array($order_data['other_data'])) {
foreach ($order_data['other_data'] as $key=>$value) {
//format
$key = preg_replace("/required_/","",$key);
$key = preg_replace("/_/"," ",$key);
$key = ucfirst($key);
$note['key'] = $key;
$note['value'] = nl2br($value);
if ($note['value'] != '') {
$this->tpl->assign('OTHER_DATA', $note);
$this->tpl->parse('content.other_data.item');
$show_other_data = 1;
}
}
if ($show_other_data == 1) $this->tpl->parse('content.other_data');
}
*/
$order_data['created'] = strftime('%d/%m/%Y', strtotime($order_data['basket']['created']));
$this->tpl->assign('ORDER', $order_data);
} else {
msg('unauthorised access to view order detail', 'error');
}
return true;
}
$user = init($_POST);
// force authentication
$userID = auth($user['username'], $user['password'], true);
// check if required parameters are set
if (isset($_POST['colorHex']) && isset($_POST['patternID']) && isset($_POST['text']) && isset($_POST['topic']) && isset($_POST['random'])) {
if (!isset($_POST['visibility'])) {
// XXX remove this check with default value and add a condition above instead, later
$_POST['visibility'] = VISIBILITY_FRIENDS_AND_PUBLIC;
}
// check color string (hex) for validity
if (preg_match("/^#[abcdef0-9]{6}\$/i", $_POST['colorHex'])) {
// require at least 32 characters for the random string
if (strlen($_POST['random']) >= 32) {
// require the pattern ID to be positive
if ($_POST['patternID'] >= 0) {
$messageSecret = makeHash($_POST['random']);
$textEncrypted = encrypt(trim($_POST['text']), $messageSecret);
$isAdmin = in_array($userID, unserialize(CONFIG_ADMIN_USER_IDS));
// if the authenticating user is an admin user
if ($isAdmin) {
// set the message's background color to black
$_POST['colorHex'] = '#000000';
$_POST['patternID'] = 0;
// set the message's geographic origin to "worldwide"
$_POST['countryISO3'] = 'ZZZ';
}
$timePublished = time();
$messageFields = "user_id, color_hex, pattern_id, text_encrypted, message_secret, time_published, time_active, topic";
$messageValues = intval($userID) . ", " . Database::escape($_POST['colorHex']) . ", " . intval($_POST['patternID']) . ", " . Database::escape($textEncrypted) . ", " . Database::escape($messageSecret) . ", " . $timePublished . ", " . $timePublished . ", " . Database::escape($_POST['topic']);
if (isset($_POST['languageISO3'])) {
$messageFields .= ", language_iso3";
