function require_valid_app_key($appName, $user_api_key, $user_app_key)
{
if (AUTH::is_valid_app_key($appName, $user_api_key, $user_app_key) == false) {
header('location: /202-account/app-key-required.php');
die;
}
}
//if no user_pass errors
if (!$error) {
$user_pass = salt_user_pass($_POST['new_user_pass']);
$mysql['user_pass'] = mysql_real_escape_string($user_pass);
$mysql['user_id'] = mysql_real_escape_string($_SESSION['user_id']);
$user_sql = "\tUPDATE \t`202_users`\n\t\t\t\t\t\t\tSET \t\t`user_pass`='" . $mysql['user_pass'] . "'\n\t\t\t\t\t\t\tWHERE \t`user_id`='" . $mysql['user_id'] . "'";
$user_result = _mysql_query($user_sql);
$change_user_pass = true;
}
}
$html = array_merge($html, array_map('htmlentities', $_POST));
}
$html['user_id'] = htmlentities($_SESSION['user_id'], ENT_QUOTES, 'UTF-8');
$html['user_username'] = htmlentities($_SESSION['user_username'], ENT_QUOTES, 'UTF-8');
//check to see if this user has stats202 enabled
$_SESSION['stats202_enabled'] = AUTH::is_valid_app_key('stats202', $_SESSION['user_api_key'], $_SESSION['user_stats202_app_key']);
template_top('User Profile', NULL, NULL, NULL);
?>
<style>
.my-account-tables { margin: 0px auto; }
.my-account-tables td { width: 150px; }
</style>
<form method="post" action="" enctype="multipart/form-data">
<input type="hidden" name="update_profile" value="1" />
<input type="hidden" name="token" value="<?php
echo $_SESSION['token'];
?>
" />
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/xtracks-app/bootstrap.php';
AUTH::require_user();
//before loading the offers202 page, check to make sure this users api key is valid,
//if they do not have one, they will have to generated one
AUTH::require_valid_api_key();
template_top('Offers202');
include_once 'top.php';
include_once 'form.php';
template_bottom();
$tracker_sql = "SELECT 202_trackers.user_id,\n\t\t\t\t\t\t202_trackers.aff_campaign_id,\n\t\t\t\t\t\ttext_ad_id,\n\t\t\t\t\t\tppc_account_id,\n\t\t\t\t\t\tclick_cpc,\n\t\t\t\t\t\tclick_cloaking,\n\t\t\t\t\t\taff_campaign_rotate,\n\t\t\t\t\t\taff_campaign_url,\n\t\t\t\t\t\taff_campaign_url_2,\n\t\t\t\t\t\taff_campaign_url_3,\n\t\t\t\t\t\taff_campaign_url_4,\n\t\t\t\t\t\taff_campaign_url_5,\n\t\t\t\t\t\taff_campaign_payout,\n\t\t\t\t\t\taff_campaign_cloaking\n\t\t\t\tFROM 202_trackers \n\t\t\t\tLEFT JOIN 202_aff_campaigns USING (aff_campaign_id) \n\t\t\t\tWHERE tracker_id_public='" . $mysql['tracker_id_public'] . "'";
$tracker_row = memcache_mysql_fetch_assoc($db, $tracker_sql);
if ($memcacheWorking) {
$url = $tracker_row['aff_campaign_url'];
$tid = $t202id;
$getKey = $memcache->get(md5('url_' . $tid . systemHash()));
if ($getKey === false) {
$setUrl = $memcache->set(md5('url_' . $tid . systemHash()), $url, false, 0);
}
}
//set the timezone to the users timezone
$mysql['user_id'] = $db->real_escape_string($tracker_row['user_id']);
$user_sql = "\n\tSELECT\n\t\tuser_timezone, \n\t\tuser_keyword_searched_or_bidded,\n\t\tmaxmind_isp \n\tFROM\n\t\t202_users\n\t\tLEFT JOIN 202_users_pref USING (user_id)\n\tWHERE\n\t\t202_users.user_id='" . $mysql['user_id'] . "'\n";
$user_row = memcache_mysql_fetch_assoc($db, $user_sql);
//now this sets it
AUTH::set_timezone($user_row['user_timezone']);
if (!$tracker_row) {
die;
}
//get mysql variables
$mysql['aff_campaign_id'] = $db->real_escape_string($tracker_row['aff_campaign_id']);
$mysql['ppc_account_id'] = $db->real_escape_string($tracker_row['ppc_account_id']);
$mysql['click_cpc'] = $db->real_escape_string($tracker_row['click_cpc']);
$mysql['click_payout'] = $db->real_escape_string($tracker_row['aff_campaign_payout']);
$mysql['click_time'] = time();
$mysql['text_ad_id'] = $db->real_escape_string($tracker_row['text_ad_id']);
/* ok, if $_GET['OVRAW'] that is a yahoo keyword, if on the REFER, there is a $_GET['q], that is a GOOGLE keyword... */
//so this is going to check the REFERER URL, for a ?q=, which is the ACUTAL KEYWORD searched.
$referer_url_parsed = @parse_url($_SERVER['HTTP_REFERER']);
$referer_url_query = $referer_url_parsed['query'];
@parse_str($referer_url_query, $referer_query);
function memcache_set_user_key($sql)
{
if (AUTH::logged_in() == true) {
global $memcache;
$sql = md5($sql);
$user_id = $_SESSION['user_id'];
$getCache = $memcache->get(md5($user_id . systemHash()));
$queries = explode(",", $getCache);
if (!in_array($sql, $queries)) {
$queries[] = $sql;
}
$queries = implode(",", $queries);
$setCache = $memcache->set(md5($user_id, $queries . systemHash()), false);
}
}
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/xtracks-app/bootstrap.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
try {
AUTH::login($_POST['user_name'], $_POST['user_pass']);
//redirect to account screen
header('location: /overview/');
} catch (Exception $e) {
$error['user'] = sprintf('<div class="error">%s</div>', $e->getMessage());
}
$html['user_name'] = htmlentities($_POST['user_name'], ENT_QUOTES, 'UTF-8');
}
info_top();
?>
<form method="post" action="">
<input type="hidden" name="token" value="<?php
echo $_SESSION['token'];
?>
"/>
<table cellspacing="0" cellpadding="5" style="margin: 0px auto;" >
<?php
if ($error['token']) {
printf('<tr><td colspan="2">%s</td></tr>', $error['token']);
}
?>
<tr>
<td>Username:</td>
<td><input id="user_name" type="text" name="user_name" value="<?php
echo $html['user_name'];
?>
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php';
AUTH::require_user();
?>
<select class="form-control input-sm" name="aff_network_id" id="aff_network_id" onchange="load_aff_campaign_id($(this).val(), 0); load_landing_page(this.value); load_text_ad_id(this.value);">
<option value="0"> -- </option>
<?php
$mysql['user_id'] = $db->real_escape_string($_SESSION['user_id']);
$aff_network_sql = "SELECT * FROM `202_aff_networks` WHERE `user_id`='" . $mysql['user_id'] . "' AND `aff_network_deleted`='0' ORDER BY `aff_network_name` ASC";
$aff_network_result = $db->query($aff_network_sql) or record_mysql_error($aff_network_sql);
while ($aff_network_row = $aff_network_result->fetch_array(MYSQL_ASSOC)) {
$html['aff_network_name'] = htmlentities($aff_network_row['aff_network_name'], ENT_QUOTES, 'UTF-8');
$html['aff_network_id'] = htmlentities($aff_network_row['aff_network_id'], ENT_QUOTES, 'UTF-8');
if ($_POST['aff_network_id'] == $aff_network_row['aff_network_id']) {
$selected = 'selected=""';
} else {
$selected = '';
}
printf('<option %s value="%s">%s</option>', $selected, $html['aff_network_id'], $html['aff_network_name']);
}
?>
</select>
"><?php
echo e($status->user->getNameOrUsername());
?>
</a></h4>
<p><?php
echo e($status->body);
?>
</p>
<ul class="list-inline">
<!--Outputs the timestap it was created of the $status object creation time || WHAT IS diffForHumans?-->
<li><?php
echo e($status->created_at->diffForHumans());
?>
</li>
<?php
if ($status->user->id !== AUTH::user()->id) {
?>
<li><a href="<?php
echo e(route('status.like', ['statusId' => $status->id]));
?>
">Like</a></li>
<?php
}
?>
<li><?php
echo e($status->likes->count());
?>
<?php
echo e(str_plural('like', $status->likes->count()));
?>
</li>
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php';
if (AUTH::logged_in()) {
header('location: /202-Mobile/mini-stats');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$mysql['user_name'] = $db->real_escape_string($_POST['user_name']);
$user_pass = salt_user_pass($_POST['user_pass']);
$mysql['user_pass'] = $db->real_escape_string($user_pass);
//check to see if this user exists
$user_sql = "\tSELECT \t* \n\t\t\t\t\tFROM \t\t202_users \n\t\t\t\t \tWHERE \tuser_name='" . $mysql['user_name'] . "'\n\t\t\t\t\tAND \t\tuser_pass='******'user_pass'] . "'";
$user_result = _mysqli_query($user_sql);
$user_row = $user_result->fetch_assoc();
if (!$user_row) {
$error['user'] = '******';
}
//check tokens
/* ($_POST['token'] != $_SESSION['token']) {
$error['token'] = '<div class="error">You must use theses forms to submit data.</div';
}*/
//RECORD THIS USER LOGIN, into user_logs
$mysql['login_server'] = $db->real_escape_string(serialize($_SERVER));
$mysql['login_session'] = $db->real_escape_string(serialize($_SESSION));
$mysql['login_error'] = $db->real_escape_string(serialize($error));
$mysql['ip_address'] = $db->real_escape_string($_SERVER['REMOTE_ADDR']);
$mysql['login_time'] = time();
if ($error) {
$mysql['login_success'] = 0;
} else {
$mysql['login_success'] = 1;
$query = $query->response;
$query = $query[0];
$check = $action->loginCheck($query, $request);
if (!$check) {
echo json_encode(array('error' => 'Credentials Don\'t match. Please correct and try again.'));
throw new Exception("Credentials don't match. Please try again.", 401);
end($app);
}
$action = new Identity();
$user = $action->login($request);
$query = new Request();
$user = $query->query($user);
$user = $user[0];
$user['fname'] = decode5t($user['fname']);
$user['lname'] = decode5t($user['lname']);
$auth = new AUTH();
$auth->set($_SERVER['HTTP_ORIGIN'], $user['email']);
$response['Ident'] = $user;
$response['Auth'] = $auth->token;
$tok = new AUTHTOKEN();
$tok->get();
$jwt = JWT::encode($response, $tok->response);
echo json_encode($jwt);
});
// Refresh
$app->post('/refresh', function () use($app) {
$request = (array) json_decode($app->request->getBody());
$action = new Identity();
$action->refresh($request);
$query = new Request();
$user = $query->query($action->sql);
session_destroy();
$app->redirect('login');
});
$app->post('/login', function () use($app) {
//block ip
if (AUTH::is_block()) {
$app->redirect('login');
}
$post = $app->request()->post();
if (isset($post['uid']) && isset($post['pwd'])) {
$uid = $post['uid'];
$pwd = $post['pwd'];
if ($uid == '' || $pwd == '') {
$app->redirect('login');
}
$auth = new AUTH($uid);
if ($auth->login($pwd) === true) {
$_SESSION['auth'] = true;
$_SESSION['auth_uid'] = $uid;
$app->applyHook('account.login_success', $uid);
$app->redirect('./');
} else {
if ($auth->acc_flag == 'locked') {
$app->applyHook('account.log', array($uid, 'locked'));
} else {
$app->applyHook('account.login_failed', $uid);
}
}
}
$app->redirect('login');
});
<?php
# archive.php
# 1. logic
AUTH::kickout('login');
$user = new User();
$user->load(AUTH::user());
$project = new Project();
$project->load(['slug' => Route::param('slug')]);
$projects = new Projects_Collection();
$projects->where(['deleted' => '1']);
$projects->where(['user_id' => AUTH::user_id()]);
$projects->get();
$tasks = new Tasks_Collection();
$tasks->where(['deleted' => '0']);
$tasks->where(['user_id' => AUTH::user_id()]);
$tasks->where(['project_id' => $project->id]);
$tasks->order_by('progress', 'ASC');
$tasks->get();
# 2. views
include VIEWS . 'header.php';
include VIEWS . 'archive.php';
include VIEWS . 'footer.php';
<?php
# delete_task.php
# 1. logic
AUTH::kickout('login');
$project = new Project();
$project->load(['slug' => Route::param('slug')]);
$task = new Task();
$task->load(Route::param('id'));
$task->delete();
# 2. views
URL::redirect('/' . $project->slug);
<?php
$app->get('/', function () use($app) {
$app->redirect('home');
});
$app->get('/home', function () use($app) {
$auth = new AUTH($_SESSION['auth_uid']);
$app->render('home.html', array('breadcrumb_title' => '首頁', 'login_log_err' => $auth->get_log(0), 'login_log_ok' => $auth->get_log(1)));
});
<?php
# edit_task.php
# 1. Logic
$projects = new Projects_Collection();
$projects->where(['deleted' => '0']);
$projects->where(['user_id' => AUTH::user_id()]);
$projects->get();
$project = new Project();
$project->load(['slug' => Route::param('slug')]);
if (Input::posted()) {
$project->fill(Input::all());
$project->save();
URL::redirect('/' . $project->slug);
}
Sticky::set('project_name', $project->project_name);
Sticky::set('project_description', $project->project_description);
Sticky::set('deadline', $project->deadline);
$title = 'Edit Project';
#2. Views
include VIEWS . 'header.php';
include VIEWS . 'new_project.php';
include VIEWS . 'footer.php';
<?php
/*
parameters:
session = "connection=db;table=users;login=login;password=secret;encoding=md5;fields=id,login,name,email,role"
*/
$LIB_NAME = "Session";
$LIB_ALIAS = "AUTH";
require_once dirname(__FILE__) . "/MantellaSession.php";
class_alias('MantellaSession', $LIB_ALIAS);
$parameters = explode(";", CONF::get('vendor_' . $LIB_NAME));
$params = array();
foreach ($parameters as $p) {
$p = explode("=", trim($p));
$params[trim($p[0])] = trim($p[1]);
}
AUTH::init($params);
foreach ($tmp as $item) {
$opt[$item->option_key] = $item->option_value;
}
$tpl['option'] = $opt;
$info = unserialize($user->acc_company);
if (is_array($info)) {
while ($k = key($info)) {
$tpl['info_' . $k] = $info[$k];
next($info);
}
}
$app->render('profile.html', $tpl);
});
$app->post('/ajax_save_pwd', function () use($app) {
$post = $app->request()->post();
$auth = new AUTH($_SESSION['auth_uid']);
if ($auth->login($post['old_pwd'])) {
if ($post['new_pwd'] != $post['confirm_pwd']) {
$msg = array('class' => 'error', 'msg' => '兩次輸入的密碼不同');
} else {
$rt = $auth->setpwd($post['new_pwd']);
if ($rt) {
$msg = array('class' => 'success', 'msg' => '變更密碼完成');
} else {
$msg = array('class' => 'error', 'msg' => '變更失敗');
}
}
} else {
$msg = array('class' => 'error', 'msg' => '舊密碼錯誤');
}
$app->render('_notice.html', $msg);
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php';
AUTH::require_user();
//set the timezone for the user, for entering their dates.
AUTH::set_timezone($_SESSION['user_timezone']);
//show the template
template_top('Spy View', NULL, NULL, NULL);
?>
<div id="info">
<h2>Spy View</h2>
Spy is a live view of visitors interacting with your affiliate campaigns.
</div>
<?php
display_calendar('/tracking202/ajax/click_history.php?spy=1', false, true, true, false, false, true, false);
?>
<script type="text/javascript">
if($('s-status-loading')) { $('s-status-loading').style.display=''; }
runSpy();
new PeriodicalExecuter(runSpy, 5);
</script>
<?php
template_bottom();
}
include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect2.php';
//grab tracker data
$mysql['tracker_id_public'] = $db->real_escape_string($tracker_id);
$rotator_sql = "SELECT tr.user_id,\n\t\t\t\t\t\ttr.ppc_account_id,\n\t\t\t\t\t\ttr.rotator_id,\n\t\t\t\t\t\ttr.click_cpc,\n\t\t\t\t\t\trt.default_url,\n\t\t\t\t\t\trt.default_campaign,\n\t\t\t\t\t\tca.aff_campaign_id,\n\t\t\t\t\t\tca.aff_campaign_rotate,\n\t\t\t\t\t ca.aff_campaign_url,\n\t\t\t\t\t ca.aff_campaign_url_2,\n\t\t\t\t\t ca.aff_campaign_url_3,\n\t\t\t\t\t ca.aff_campaign_url_4,\n\t\t\t\t\t ca.aff_campaign_url_5,\n\t\t\t\t\t ca.aff_campaign_payout,\n\t\t\t\t\t ca.aff_campaign_cloaking,\n\t\t\t\t\t\tur.user_timezone,\n\t\t\t\t\t \tup.user_keyword_searched_or_bidded,\n\t\t\t\t\t \tup.maxmind_isp\n\t\t\t\tFROM 202_trackers AS tr\n\t\t\t\tLEFT JOIN 202_rotators AS rt ON rt.id = tr.rotator_id\n\t\t\t\tLEFT JOIN 202_aff_campaigns AS ca ON ca.aff_campaign_id = rt.default_campaign\n\t\t\t\tLEFT JOIN 202_users AS ur ON ur.user_id = tr.user_id\n\t\t\t\tLEFT JOIN 202_users_pref AS up ON up.user_id = tr.user_id\n\t\t\t\tWHERE tracker_id_public='" . $mysql['tracker_id_public'] . "'";
$rotator_row = memcache_mysql_fetch_assoc($db, $rotator_sql);
$user_id = $db->real_escape_string($rotator_row['user_id']);
$user_keyword_searched_or_bidded = $db->real_escape_string($rotator_row['user_keyword_searched_or_bidded']);
//grab rules data
$mysql['rotator_id'] = $db->real_escape_string($rotator_row['rotator_id']);
$rule_sql = "SELECT ru.id as rule_id,\n\t\t\t\t\t ru.redirect_url,\n\t\t\t\t\t ru.redirect_campaign,\n\t\t\t\t\t ca.aff_campaign_id,\n\t\t\t\t\t ca.aff_campaign_rotate,\n\t\t\t\t\t ca.aff_campaign_url,\n\t\t\t\t\t ca.aff_campaign_url_2,\n\t\t\t\t\t ca.aff_campaign_url_3,\n\t\t\t\t\t ca.aff_campaign_url_4,\n\t\t\t\t\t ca.aff_campaign_url_5,\n\t\t\t\t\t ca.aff_campaign_payout,\n\t\t\t\t\t ca.aff_campaign_cloaking\n\t\t\t\tFROM 202_rotator_rules AS ru\n\t\t\t\tLEFT JOIN 202_aff_campaigns AS ca ON ca.aff_campaign_id = ru.redirect_campaign\n\t\t\t\tWHERE rotator_id='" . $mysql['rotator_id'] . "' AND status='1'";
$rule_row = foreach_memcache_mysql_fetch_assoc($db, $rule_sql);
if (!$rotator_row) {
die;
}
AUTH::set_timezone($rotator_row['user_timezone']);
$ip_address = $_SERVER['HTTP_X_FORWARDED_FOR'];
if ($rotator_row['maxmind'] == '1') {
$IspData = getIspData($ip_address);
} else {
$IspData = null;
}
//GEO Lookup
$GeoData = getGeoData($ip_address);
//User-agent parser
$parser = Parser::create();
//Device type
$detect = new Mobile_Detect();
$ua = $detect->getUserAgent();
$result = $parser->parse($ua);
if (!$detect->isMobile() && !$detect->isTablet()) {
<?php
//with php redirect them to the #top automatically everytime
include_once $_SERVER['DOCUMENT_ROOT'] . '/202-config/connect.php';
AUTH::require_user();
AUTH::require_valid_app_key('stats202', $_SESSION['user_api_key'], $_SESSION['user_stats202_app_key']);
header("Content-type: application/octet-stream");
# replace excelfile.xls with whatever you want the filename to default to
header("Content-Disposition: attachment; filename=Stats202-Stats-" . time() . ".xls");
header("Pragma: public");
//header("Expires: 0");
//get the dates for this users' preferences
$dates = userPrefDate();
//build the get query for the offers202 restful api
$get = array();
$get['apiKey'] = $_SESSION['user_api_key'];
$get['stats202AppKey'] = $_SESSION['user_stats202_app_key'];
$get['dateFrom'] = $dates['from_date'];
$get['dateTo'] = $dates['to_date'];
if ($_SESSION['stats202_order']) {
$get['order'] = $_SESSION['stats202_order'];
}
if ($_SESSION['stats202_by']) {
$get['by'] = $_SESSION['stats202_by'];
}
if (!$_SESSION['stats202_by']) {
$_SESSION['stats202_by'] = 'DESC';
}
$query = http_build_query($get);
//build the offers202 api string
$url = TRACKING202_API_URL . "/stats202/getStats?{$query}";
$msg = array('class' => 'error', 'msg' => '帳號不存在');
}
if ($post['account_type'] == 'db') {
if ($post['account_pwd'] != $post['account_pwd2']) {
$msg = array('class' => 'error', 'msg' => '兩次輸入的密碼不同');
}
}
if ($msg == '') {
$company = serialize(array('name' => $post['account_name'], 'phone' => $post['account_phone'], 'email' => $post['account_email']));
$acc = ORM::for_table('account')->where('acc_name', $post['account_id'])->find_one();
$acc->acc_auth_type = $post['account_type'];
$acc->acc_flag = $post['account_flag'];
$acc->acc_company = $company;
$acc->save();
if ($post['account_type'] == 'db' && $post['account_pwd'] != '') {
$auth = new AUTH($post['account_id']);
$auth->setpwd($post['account_pwd']);
}
$msg = array('class' => 'success', 'msg' => '帳號修改完成');
}
$app->render('_notice.html', $msg);
});
/*
* 刪除
*/
$app->get('/user_delete/:id', function ($id) use($app) {
$app->applyHook('account.check_sysadmin');
$type_words = AUTH::get_support_auth_type();
$tpl = array('breadcrumb_title' => '刪除帳號', 'type_words' => $type_words);
$user = ORM::for_table('account')->where('acc_name', $id)->find_one();
$tpl['acc_name'] = $user->acc_name;
