function get_app_db_headers($controller_dblink, $app_data, $environment) { # Fetching a valid token $query = "\tSELECT\n\t\t\t\t\t`api_key`\n\t\t\t\tFROM\n\t\t\t\t\t" . NQ_APP_TOKENS_TABLE . "\n\t\t\t\tWHERE\n\t\t\t\t\t`app_id`\t\t= " . (int) $app_data['id'] . " AND\n\t\t\t\t\t`environment`\t= '" . mysqli_escape_string($controller_dblink, $environment) . "' AND\n\t\t\t\t\t`db_fetch` \t= b'1'\n\t\t\t\tLIMIT 1"; $token_data = mysqli_single_result_query($controller_dblink, $query); # Adding our headers $headers = ['Referring-Host: ' . explode(',', $app_data['domain'])[0], 'Content-Type: ' . NQ_DEFAULT_CONTENT_TYPE]; # Post object $post = (object) ['app_secret' => hash('sha256', $app_data['secret']), 'token' => $token_data['api_key'], 'user_agent' => 'nuQuery/1.0 (Emailbot)']; # Performing our curl $s = curl_init(); curl_setopt($s, CURLOPT_URL, NQ_AUTH_HOST . $app_data['id'] . '/create'); curl_setopt($s, CURLOPT_HTTPHEADER, $headers); curl_setopt($s, CURLOPT_RETURNTRANSFER, true); curl_setopt($s, CURLOPT_USERAGENT, 'nuQuery/1.0 (Emailbot)'); curl_setopt($s, CURLOPT_POST, true); curl_setopt($s, CURLOPT_POSTFIELDS, PostParser::encode($post)); # Our return data type $token_data = PostParser::decode(curl_exec($s), NQ_DEFAULT_CONTENT_TYPE); curl_close($s); # Updating our headers $headers[] = 'Access-Token: ' . $token_data->id; # Sending our headers back return $headers; }
$update_query = $query->get_update_query($limit, false, false); mysqli_sub_query($partition_dblink, $update_query); # Getting our updated info $info = mysqli_info_array($partition_dblink); $limit -= (int) $info['Rows matched']; # Tracking our internal changed numbers $content->affected_rows += (int) $info['Changed']; $content->matched_rows += (int) $info['Rows matched']; # We are done updating if ($limit !== false && $limit <= 0) { break; } } mysqli_free_result($partition_results); # Returning our values PostParser::send($content); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Updating our partition row counts $size_changed = false; $update_queries = ['SET @table_size_delta=0']; foreach ($partitions_affected as $id => $partition) { # Getting our new table size $query = "\tSELECT\n\t\t\t\t\t `DATA_LENGTH` + `INDEX_LENGTH` AS `size`\n\t\t\t\tFROM\n\t\t\t\t\t`INFORMATION_SCHEMA`.`TABLES`\n\t\t\t\tWHERE\n\t\t\t\t\t`TABLE_SCHEMA`\t='" . mysqli_escape_string($partition->dblink, $partition->database) . "' AND\n\t\t\t\t\t`TABLE_NAME`\t='" . mysqli_escape_string($partition->dblink, $partition->data['table_name']) . "'"; $size_data = mysqli_single_result_query($partition->dblink, $query); # Done with partitions database link mysqli_shared_close($partition->dblink, $G_SHARED_DBLINKS); # We have a different size $this_size_changed = false; if ((int) $partition->data['size'] != (int) $size_data['size']) { # Flag size changed $size_changed = true;
$content->url = $content->url[0]; $content->version = $content->version[0]; $content->success = $content->error_message == ''; unset($content->error_messages); # Clear error message property if successfully upload if ($content->success) { unset($content->error_message); } } # If we are returning in an iframe if (isset($_CGET['is_iframe'])) { header('Location: http://' . $G_CURRENT_DOMAIN . '/blank.html#' . json_encode($content)); $strlen = PostParser::send(''); } else { # Returning it normally $strlen = PostParser::send($content); } /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Closing the storage connection mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Updating our app $query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_file_size`\t=`storage_file_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Updating our servers used space - measured in kb $query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`space_used`\t\t=`space_used`+" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t='" . (int) $G_SERVER_DATA['id'] . "'\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Updating our servers available space - measured in kb $query = "\tUPDATE\n\t\t\t\t" . NQ_SERVERS_TABLE . "\n\t\t\tSET\n\t\t\t\t`available_space`\t=`available_space`-" . (int) ($G_FILESIZE_ADDED / 1024) . "\n\t\t\tWHERE\n\t\t\t\t`host`\t\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $G_SERVER_DATA['host']) . "' AND\n\t\t\t\t`max_space`\t\t=0"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Closing controller if tracking is different if (NQ_CONTROLLER_HOST != NQ_TRACKING_HOST) {
public static function encode($data, $content_type = false, $parentname = false, $open = true, $close = true, $top = true) { # Defaulting $default_type = isset($_SERVER['HTTP_CONTENT_TYPE']) ? $_SERVER['HTTP_CONTENT_TYPE'] : NQ_DEFAULT_CONTENT_TYPE; $content_type = $content_type === false ? $default_type : $content_type; # Sorting the object by its keys if ($top) { $data = (array) $data; ksort($data); $data = (object) $data; } # Adding debug data global $G_DEBUG_DATA; if ($top && NQ_DEBUG_ENABLED && NQ_DEBUG_SEND_RESPONSE) { # Debug elapsed time $G_DEBUG_DATA->elapsed_time = ['total' => microtime(true) - NQ_TRACKING_START_TIME]; $G_DEBUG_DATA->mysql_query_count = count($G_DEBUG_DATA->mysql_queries); $G_DEBUG_DATA->elapsed_time['mysql'] = 0; foreach ($G_DEBUG_DATA->mysql_queries as $query_data) { $G_DEBUG_DATA->elapsed_time['mysql'] += $query_data['time']; } $G_DEBUG_DATA->elapsed_time['php'] = $G_DEBUG_DATA->elapsed_time['total'] - $G_DEBUG_DATA->elapsed_time['mysql']; $G_DEBUG_DATA = (array) $G_DEBUG_DATA; ksort($G_DEBUG_DATA); # Add or replace if (NQ_DEBUG_REPLACE_CONTENT) { $data = $G_DEBUG_DATA; } else { $data->debug = $G_DEBUG_DATA; } } # Choosing our type $obj = ''; switch ($content_type) { # JSON case 'json': case 'application/json': # Setting our response header $top && header('Content-Type: application/json; charset=utf-8', true); # Handling arrays and objects $obj = new stdClass(); if (is_array($data) || is_object($data)) { foreach ($data as $key => $value) { # If we are an attribute or value $attr_or_value = is_object($value) && count(get_object_vars($value)) == 1; # We are a value if ($attr_or_value && isset($value->{PostParser::value_flag})) { $obj->{$key} = $value->{PostParser::value_flag}; } elseif ($attr_or_value && isset($value->{PostParser::attribute_flag})) { $obj->{$key} = $value->{PostParser::attribute_flag}; } elseif (is_object($value)) { $obj->{$key} = PostParser::encode($value, 'json', false, false, false, false); } else { $obj->{$key} = $value; } } } else { $obj = $data; } # If we are at the top, we want to encode if ($top) { $obj = json_encode($obj, NQ_JSON_PRINT_FORMAT); } break; # XML # XML case 'xml': case 'application/xml': # Setting our response header $top && header('Content-Type: application/xml; charset=utf-8', true); # We need to create our response object if ($top) { $root = $parentname === false ? 'nq-response' : $parentname; $data = [(object) [$root => (object) $data]]; } # Holders $attributes = []; $children = []; # If we are a value if (!is_array($data) && !is_object($data)) { return '<' . $parentname . '>' . (is_string($data) ? str_replace(['&', '>', '<', '"'], ['&', '>', '<', '"'], $data) : var_export($data, true)) . '</' . $parentname . '>'; } # Checking to see if we have a value, if we do all other nodes are attributes $has_value = false; foreach ($data as $child => $child_value) { if (is_object($child_value) && count(get_object_vars($child_value)) == 1 && isset($child_value->{PostParser::value_flag})) { $has_value = true; break; } } # Looping through our propreties foreach ($data as $child => $child_value) { # If we should be closing the tag $prop_count = is_array($child_value) ? count($child_value) : 1; $prop_count = is_object($child_value) ? count(get_object_vars($child_value)) : $prop_count; $start_count = $prop_count; # If we are an attribute or a value $attr_or_value = is_object($child_value) && count(get_object_vars($child_value)) == 1; # Attributes if ($attr_or_value && isset($child_value->{PostParser::attribute_flag})) { $attributes[] = $child . '="' . $child_value->{PostParser::attribute_flag} . '"'; $prop_count--; } elseif ($attr_or_value && isset($child_value->{PostParser::value_flag})) { $children[] = $child_value->{PostParser::value_flag}; $prop_count--; } elseif ($has_value && !is_object($child_value) && !is_array($child_value)) { $attributes[] = $child . '="' . $child_value . '"'; $prop_count--; } elseif (is_array($child_value) && $child_value === array_values($child_value)) { # Error checking $has_value && trigger_error('Error compiling XML - Attempting to add child node to a text value. <' . $child . '> into <' . $parentname . '>'); # Printing out our children properly foreach ($child_value as $ckey => $cval) { if (!is_array($cval) && !is_object($cval)) { $children[] = '<' . $child . '>' . (is_string($cval) ? $cval : var_export($cval, true)) . '</' . $child . '>'; } else { $children[] = PostParser::encode($cval, 'xml', $child, true, true, false); } $prop_count--; } } else { # Error checking $has_value && trigger_error('Error compiling XML - Attempting to add child node to a text value. <' . $child . '> into <' . $parentname . '>'); # Adding our children $children[] = PostParser::encode($child_value, 'xml', $child, $start_count == $prop_count, --$prop_count == 0, false); } } # If we have reached here, we want to close $close = true; # Saving our xml properly $tagname = $parentname === false ? $child : $parentname; if (!is_numeric($tagname)) { # We are opening up the tag if ($open) { $obj .= '<' . $tagname . (count($attributes) > 0 ? ' ' . implode(' ', $attributes) : ''); } # We dont have any children if (count($children) == 0) { $obj .= $open ? ' />' : ''; } else { $obj .= $open ? '>' : ''; $obj .= implode('', $children); $obj .= $close ? '</' . $tagname . '>' : ''; } } else { # Adding our properties as sub-children if (count($attributes) > 0) { foreach ($attributes as $prop) { $tag = explode('=', $prop); $obj .= '<' . $tag[0] . '>' . trim($tag[1], '"') . '</' . $tag[0] . '>'; } } # Adding our children $obj .= implode('', $children); } # We are prefixing the object if ($top) { $obj = '<?xml version="1.0" encoding="UTF-8"?>' . $obj; } break; # POST Body # POST Body case 'form': case 'application/x-www-form-urlencoded': # Setting our response header $top && header('Content-Type: application/x-www-form-urlencoded; charset=utf-8', true); # Doing a little manipulation to take care of attributes and values $obj = http_build_query(PostParser::encode($data, 'json', false, false, false, false)); break; } # Returning our object return $obj; }
public function parse($input) { $result = $this->preParser->parse($input); $result = $this->postParser->parse($result); return new Arguments($result); }
$error_message = ''; if (!$img->save($G_SERVER_HOST . $filepath, $G_SERVER_DATA['available_space'], $error_message)) { exit_fail(NQ_ERROR_SIZE_LIMIT, $error_message); } # Saving our file size $filesize = (int) filesize($G_SERVER_HOST . $filepath); $G_FILESIZE_ADDED = (int) $filesize - (int) $current_file_data['filesize']; # Adding to the datatbase $query = "\tINSERT INTO\n\t\t\t\t" . NQ_FILE_TABLE . "\n\t\t\tSET\n\t\t\t\t`app_id`\t\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`environment`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $G_APP_ENVIRONMENT) . "',\n\t\t\t\t`directory_id`\t\t=" . (int) $G_DIRECTORY_DATA['id'] . ",\n\t\t\t\t`name`\t\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['name']) . "',\n\t\t\t\t`created`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['created']) . "',\n\t\t\t\t`modified`\t\t=NOW(),\n\t\t\t\t`version`\t\t=" . (int) $version . ",\n\t\t\t\t`file_id`\t\t=" . (int) $file_id . ",\n\t\t\t\t`filepath`\t\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $filepath) . "',\n\t\t\t\t`filesize`\t\t=" . (int) $filesize . ",\n\t\t\t\t`host_id`\t\t=" . (int) $G_SERVER_DATA['id'] . ",\n\t\t\t\t`meta_mime_type`\t='" . mysqli_escape_string($G_STORAGE_CONTROLLER_DBLINK, $current_file_data['meta_mime_type']) . "',\n\t\t\t\t`meta_width`\t\t=" . (int) $current_file_data['meta_width'] . ",\n\t\t\t\t`meta_height`\t\t=" . (int) $current_file_data['meta_height']; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # Return object $content = new stdClass(); $content->success = true; $content->env = $G_APP_ENVIRONMENT; # Sending success PostParser::send($content, true); /* --- Connection closed wit img->send() --- Below this point things need to be tracked and cleaned up --- */ # Updating our directory $query = "\tUPDATE\n\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\tSET\n\t\t\t\t`filesize`\t\t=`filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`children_filesize`\t=`children_filesize`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`modified`\t\t=NOW()\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_DIRECTORY_DATA['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); # If we have parents to update if (count($G_DIRECTORY_DATA['parent_ids']) > 0) { $query = "\tUPDATE\n\t\t\t\t\t" . NQ_DIRECTORY_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`filesize`\t=`filesize`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\t\tWHERE\n\t\t\t\t\t`id`\t\tIN (" . implode(',', $G_DIRECTORY_DATA['parent_ids']) . ")\n\t\t\t\tLIMIT " . count($G_DIRECTORY_DATA['parent_ids']); mysqli_sub_query($G_STORAGE_CONTROLLER_DBLINK, $query); } # Closing the storage connection mysqli_shared_close($G_STORAGE_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Updating our app $query = "\tUPDATE\n\t\t\t\t" . NQ_APPS_TABLE . "\n\t\t\tSET\n\t\t\t\t`storage_img_size`\t=`storage_img_size`+" . (int) $G_FILESIZE_ADDED . ",\n\t\t\t\t`storage_total_size`\t=`storage_total_size`+" . (int) $G_FILESIZE_ADDED . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t\t=" . (int) $G_APP_DATA['id'] . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); # Updating our servers used space - measured in kb
$G_APP_DATA = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Adding our headers $headers = get_app_db_headers($G_CONTROLLER_DBLINK, $G_APP_DATA, $db_queue['environment']); # Looping through our pages $nextpage = NQ_DATABASE_HOST . NQ_DATABASE_APP_ID . '_' . $db_queue['app_id'] . '/fetch/' . $db_queue['table_name'] . '?' . $db_queue['query_string']; while ($nextpage != '') { # Our records to be added $records = []; # Performing our curl $s = curl_init(); curl_setopt($s, CURLOPT_URL, $nextpage); curl_setopt($s, CURLOPT_HTTPHEADER, $headers); curl_setopt($s, CURLOPT_RETURNTRANSFER, true); curl_setopt($s, CURLOPT_USERAGENT, 'nuQuery/1.0 (Emailbot)'); # Our return data type $return_data = PostParser::decode(curl_exec($s), NQ_DEFAULT_CONTENT_TYPE); curl_close($s); # Looping through the results foreach ($return_data->results as $record) { # Setting up the variables $variables = json_decode($db_queue['variables']); foreach ($record as $key => $value) { $variables->{$key} = $value; } # Adding the email to the queue $result = queue_email($G_CONTROLLER_DBLINK, $record->{$db_queue['recipient_column']}, $db_queue['sender_email'], $db_queue['subject'], $email_data, $constants, $variables, $db_queue['app_id'], strtotime($db_queue['send_date']), false); # Tracking if ($result == 1) { $sent++; } elseif ($result == -1) { $blocked++;
$_URI = explode('?', isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '', 2); $_ABS_BASEDIR = explode('/', NQ_RELATIVE_PATH); $_BASEDIR = explode('/', $_URI[0]); $_BASEDIR_CULLED = array_splice($_BASEDIR, 0, max(0, count($_ABS_BASEDIR) - 1)); $_ENDPOINT = $_BASEDIR[2]; $_FILENAME = $_BASEDIR[count($_BASEDIR) - 1]; $_CGET = array(); isset($_URI[1]) && parse_str($_URI[1], $_CGET); # Including our functions require_once __DIR__ . '/shutdown.php'; require_once __DIR__ . '/functions.php'; require_once __DIR__ . '/parsers/post.php'; require_once __DIR__ . '/parsers/mysql.php'; # Send a fake success if no response required if (isset($_CGET['response']) && !boolval_ext($_CGET['response'])) { PostParser::send((object) ['success' => true]); } # Setting up our controller connections $G_SHARED_DBLINKS = []; $G_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_CONTROLLER_HOST, NQ_CONTROLLER_USERNAME, NQ_CONTROLLER_PASSWORD, $G_SHARED_DBLINKS); $G_STORAGE_CONTROLLER_DBLINK = mysqli_shared_connect(NQ_DATABASE_STORAGE_HOST, NQ_DATABASE_STORAGE_USERNAME, NQ_DATABASE_STORAGE_PASSWORD, $G_SHARED_DBLINKS); # Making sure we have a connection if (!$G_CONTROLLER_DBLINK || !$G_STORAGE_CONTROLLER_DBLINK) { exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service temporarily unavailable.', false); } # If we are debugging if (NQ_DEBUG_ENABLED) { # New debug object $G_DEBUG_DATA = new stdClass(); # If we want to include the config if (NQ_DEBUG_CONFIG) {
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ # Including our configuration require_once dirname(__FILE__) . '/_includes/config.php'; # Handling our global json parsing $_JPOST = PostParser::decode(); # Validating our app if (hash('sha256', $G_APP_DATA['secret']) != $_JPOST->app_secret) { exit_fail(NQ_ERROR_SERVICE_UNAVAILABLE, 'Service unavailable.'); } # Setting our token data $query = "\tSELECT\n\t\t\t\t`session_id`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`hash_id`='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $_JPOST->token) . "'\n\t\t\tLIMIT 1"; $token_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Updating our data $query = "\tSELECT\n\t\t\t\t`details`\n\t\t\tFROM\n\t\t\t\t" . NQ_ACCESS_SESSION_TABLE . "\n\t\t\tWHERE\n\t\t\t\t`id`\t\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token_data['session_id']) . "'\n\t\t\tLIMIT 1"; $session_data = mysqli_single_result_query($G_CONTROLLER_DBLINK, $query); # Creating our token string $strlen = PostParser::send(json_decode($session_data['details'])); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Opening our tracking dblink $G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS); # Closing the controller dblink mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Adding our usage track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
} # Adding our access token $query = "\tINSERT INTO\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t`domain`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->domain) . "',\n\t\t\t\t`created`\t= NOW(),\n\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t`privileges`\t=" . (int) $token_id . ",\n\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t`ip`\t\t=" . (int) ip2long($_SERVER['REMOTE_ADDR']) . ",\n\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->id = mysqli_insert_id($G_CONTROLLER_DBLINK); # Encoding our token id $hashed_id = hash('sha256', uniqid($token->id, true)); $query = "\tUPDATE\n\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\tSET\n\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\tWHERE\n\t\t\t\t`id`=" . (int) $token->id . "\n\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->id = $hashed_id; # Handling secondary token if ($secondary_token_id > 0) { # Adding our access token $query = "\tINSERT INTO\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`\t='" . hash('sha256', mt_rand(1, 9999999)) . "',\n\t\t\t\t\t`app_id`\t=" . (int) $G_APP_DATA['id'] . ",\n\t\t\t\t\t`domain`\t='" . $token->domain . "',\n\t\t\t\t\t`created`\t= NOW(),\n\t\t\t\t\t`expires`\t='" . $token->expires_date . "',\n\t\t\t\t\t`privileges`\t=" . (int) $secondary_token_id . ",\n\t\t\t\t\t`session_id`\t=" . (int) $session_id . ",\n\t\t\t\t\t`ip`\t\t=" . (int) ip2long($_JPOST->remote_ip) . ",\n\t\t\t\t\t`user_agent`\t='" . mysqli_escape_string($G_CONTROLLER_DBLINK, $token->user_agent) . "'"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->secondary_token_id = mysqli_insert_id($G_CONTROLLER_DBLINK); # Encoding our token alt id $hashed_id = hash('sha256', uniqid($token->secondary_token_id, true)); $query = "\tUPDATE\n\t\t\t\t\t" . NQ_ACCESS_TOKEN_TABLE . "\n\t\t\t\tSET\n\t\t\t\t\t`hash_id`='" . $hashed_id . "'\n\t\t\t\tWHERE\n\t\t\t\t\t`id`=" . (int) $token->secondary_token_id . "\n\t\t\t\tLIMIT 1"; mysqli_sub_query($G_CONTROLLER_DBLINK, $query); $token->secondary_token_id = $hashed_id; } # Creating our token string $strlen = PostParser::send($token); /* --- Connection closed wit PostParser::send --- Below this point things need to be tracked and cleaned up --- */ # Opening our tracking dblink $G_TRACKING_DBLINK = mysqli_shared_connect(NQ_TRACKING_HOST, NQ_TRACKING_USERNAME, NQ_TRACKING_PASSWORD, $G_SHARED_DBLINKS); # Closing the controller dblink mysqli_shared_close($G_CONTROLLER_DBLINK, $G_SHARED_DBLINKS); # Adding our usage track_endpoint($G_SHARED_DBLINKS, $G_APP_DATA['id'], $G_APP_ENVIRONMENT, $_ENDPOINT, $strlen);
function exit_fail($code, $message, $log = true) { # Logging our bad request global $_ENDPOINT; $log && log_access($_ENDPOINT, false, $message); # Creating our error message $error = new stdClass(); $error->success = false; $error->errorCode = $code; $error->message = $message; # Sending our error header header('HTTP/1.1 403 Unauthorized', true, 403); # Sending our error data PostParser::send($error, true, true); }
function preprocess() { $this->display = ""; $sd = MiscLib::scaleObject(); $entered = ""; if (isset($_REQUEST["reginput"])) { $entered = strtoupper(trim($_REQUEST["reginput"])); } if (substr($entered, -2) == "CL") { $entered = "CL"; } if ($entered == "RI") { $entered = CoreLocal::get("strEntered"); } if (CoreLocal::get("msgrepeat") == 1 && $entered != "CL") { $entered = CoreLocal::get("strRemembered"); CoreLocal::set('strRemembered', ''); } CoreLocal::set("strEntered", $entered); $json = array(); if ($entered != "") { if (in_array("Paycards", CoreLocal::get("PluginList"))) { /* this breaks the model a bit, but I'm putting * putting the CC parser first manually to minimize * code that potentially handles the PAN */ if (CoreLocal::get("PaycardsCashierFacing") == "1" && substr($entered, 0, 9) == "PANCACHE:") { /* cashier-facing device behavior; run card immediately */ $entered = substr($entered, 9); CoreLocal::set("CachePanEncBlock", $entered); } $pe = new paycardEntered(); if ($pe->check($entered)) { $valid = $pe->parse($entered); $entered = "PAYCARD"; CoreLocal::set("strEntered", ""); $json = $valid; } CoreLocal::set("quantity", 0); CoreLocal::set("multiple", 0); } /* FIRST PARSE CHAIN: * Objects belong in the first parse chain if they * modify the entered string, but do not process it * This chain should be used for checking prefixes/suffixes * to set up appropriate session variables. */ $parser_lib_path = $this->page_url . "parser-class-lib/"; if (!is_array(CoreLocal::get("preparse_chain"))) { CoreLocal::set("preparse_chain", PreParser::get_preparse_chain()); } foreach (CoreLocal::get("preparse_chain") as $cn) { if (!class_exists($cn)) { continue; } $p = new $cn(); if ($p->check($entered)) { $entered = $p->parse($entered); } if (!$entered || $entered == "") { break; } } if ($entered != "" && $entered != "PAYCARD") { /* * SECOND PARSE CHAIN * these parser objects should process any input * completely. The return value of parse() determines * whether to call lastpage() [list the items on screen] */ if (!is_array(CoreLocal::get("parse_chain"))) { CoreLocal::set("parse_chain", Parser::get_parse_chain()); } $result = False; foreach (CoreLocal::get("parse_chain") as $cn) { if (!class_exists($cn)) { continue; } $p = new $cn(); if ($p->check($entered)) { $result = $p->parse($entered); break; } } if ($result && is_array($result)) { // postparse chain: modify result if (!is_array(CoreLocal::get("postparse_chain"))) { CoreLocal::set("postparse_chain", PostParser::getPostParseChain()); } foreach (CoreLocal::get('postparse_chain') as $class) { if (!class_exists($class)) { continue; } $obj = new $class(); $result = $obj->parse($result); } $json = $result; if (isset($result['udpmsg']) && $result['udpmsg'] !== False) { if (is_object($sd)) { $sd->WriteToScale($result['udpmsg']); } } } else { $arr = array('main_frame' => false, 'target' => '.baseHeight', 'output' => DisplayLib::inputUnknown()); $json = $arr; if (is_object($sd)) { $sd->WriteToScale('errorBeep'); } } } } CoreLocal::set("msgrepeat", 0); if (isset($json['main_frame']) && $json['main_frame'] != False) { $this->change_page($json['main_frame']); return False; } if (isset($json['output']) && !empty($json['output'])) { $this->display = $json['output']; } if (isset($json['retry']) && $json['retry'] != False) { $this->add_onload_command("setTimeout(\"inputRetry('" . $json['retry'] . "');\", 150);\n"); } if (isset($json['receipt']) && $json['receipt'] != False) { $ref = isset($json['trans_num']) ? $json['trans_num'] : ReceiptLib::mostRecentReceipt(); $this->add_onload_command("receiptFetch('" . $json['receipt'] . "', '" . $ref . "');\n"); } if (CoreLocal::get('CustomerDisplay') === true) { $child_url = MiscLib::baseURL() . 'gui-modules/posCustDisplay.php'; $this->add_onload_command("setCustomerURL('{$child_url}');\n"); $this->add_onload_command("reloadCustomerDisplay();\n"); } return true; }
} $result = False; foreach (CoreLocal::get("parse_chain") as $cn) { if (!class_exists($cn)) { continue; } $p = new $cn(); if ($p->check($entered)) { $result = $p->parse($entered); break; } } if ($result && is_array($result)) { // postparse chain: modify result if (!is_array(CoreLocal::get("postparse_chain"))) { CoreLocal::set("postparse_chain", PostParser::getPostParseChain()); } foreach (CoreLocal::get('postparse_chain') as $class) { if (!class_exists($class)) { continue; } $obj = new $class(); $result = $obj->parse($result); } $json = $result; if (isset($result['udpmsg']) && $result['udpmsg'] !== False) { if (is_object($sd)) { $sd->WriteToScale($result['udpmsg']); } } } else {