<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.submission.php';
require_once ROOT_DIR . '/class.settings.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/recaptchalib.php';
if (!SessionManager::i()->validateToken("LoginToken", "token")) {
Logger::i()->writeLog("Token to login is missing", 'dev');
die(Submission::createResult("Please refresh the page and try again"));
}
if (isset($_POST['login'])) {
$login = (array) json_decode(base64_decode($_POST['login']));
if ($field = Submission::checkFields(array("username", "password"), $login)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
if (Settings::i()->captcha_private) {
if (!isset($login['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$key = Crypto::GenerateKey($login['username']);
$find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key))));
if ($find !== false) {
if (!is_array($find)) {
die(Submission::createResult("Permission denied"));
}
if (isset($_POST['settings'])) {
$settings = (array) json_decode(base64_decode($_POST['settings']));
if (isset($settings['paypal']) && count((array) $settings['paypal']) > 0) {
if ($field = Submission::checkFields(array("username", "password", "signature"), (array) $settings['paypal'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
if (isset($settings['btc']) && count((array) $settings['btc']) > 0) {
if ($field = Submission::checkFields(array("api_key", "api_pin"), (array) $settings['btc'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
if (isset($settings['cms_settings']) && count((array) $settings['cms_settings']) > 0) {
if ($field = Submission::checkFields(array("title"), (array) $settings['cms_settings'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
die(Submission::createResult("Invalid Settings"));
}
}
}
$settings = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $_POST['settings'])));
$find = DbManager::i()->select("sf_settings", array("settings"));
if ($find !== false && !is_array($find)) {
//settings already exists
$update = DbManager::i()->update("sf_settings", array("settings" => $settings));
if (!$update) {
Logger::i()->writeLog("Could not update settings, error = " . DbManager::i()->error, 'dev');
die;
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin is not logged in", 'access');
die(Submission::createResult("Admin is not logged in"));
}
if (!SessionManager::i()->validateToken("UpdateCustomersToken", "token")) {
Logger::i()->writeLog("Token to update customer is missing", 'access');
die(Submission::createResult("Token mismatch"));
}
if ($field = Submission::checkFields(array("customerid", "action"), $_POST)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
function renewPassword($c)
{
$plain = Crypto::generateRandomPassword(15);
$info = DbManager::i()->select("sf_members", array("key", "iv"), array("userid" => intval($c)));
if ($info !== false && !is_array($info)) {
$key = base64_decode(base64_decode($info->key));
$iv = base64_decode(base64_decode($info->iv));
$password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $plain)));
if (DbManager::i()->update("sf_members", array("password" => $password), array("userid" => intval($c)))) {
unset($password);
unset($key);
unset($iv);
unset($info);
Logger::i()->writeLog("Password renewed for UserID: {$c}, password = {$plain}");
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.settings.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
require_once ROOT_DIR . '/recaptchalib.php';
if (!SessionManager::i()->validateToken("RegisterToken", "token")) {
Logger::i()->writeLog("Token to register is missing", 'dev');
echo Submission::createResult("Please refresh the page and try again");
die;
}
if (isset($_POST['registration'])) {
$registration = (array) json_decode(base64_decode($_POST['registration']));
if ($field = Submission::checkFields(array("username", "email", "password", "repeat_password"), $registration)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
} else {
if (!Submission::checkEquality($registration['password'], $registration['repeat_password'])) {
die(Submission::createResult("Passwords do not match"));
}
}
if (!is_null(Settings::i()->captcha_private)) {
if (!isset($registration['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
return $result;
}
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin is not logged in", 'access');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("AddProductToken", "token")) {
Logger::i()->writeLog("Token to add product is missing", 'access');
die(Submission::createResult("Please refresh the page and try again"));
}
if (isset($_POST['product'])) {
$product = (array) json_decode(base64_decode($_POST['product']));
if ($field = Submission::checkFields(array("name", "price", "description", "available"), $product)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
} else {
if (!isset($_FILES) || ($field = Submission::checkFields(array("bigimage", "productfile"), $_FILES))) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
}
$imagePath = null;
$bigImagePath = null;
$productPath = null;
if (($res = processImages("bigimage", $imagePath, $bigImagePath)) || is_null($imagePath) || is_null($bigImagePath)) {
die(Submission::createResult("Failed to process image -> " . $res));
}
if (($res = processFile("productfile", $productPath)) || is_null($productPath)) {
die(Submission::createResult("Failed to process Product File -> " . $res));
}
if (floatval($product['price']) == 0) {
die(Submission::createResult("Price can not be 0"));
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require_once ROOT_DIR . '/class.logger.php';
//requires class.dbmanager
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin not logged in", 'dev');
die(Submission::createResult("Admin is not logged in"));
}
if (!SessionManager::i()->validateToken("UpdateProductToken", "token")) {
Logger::i()->writeLog("Token to update product is missing", 'dev');
die(Submission::createResult("Token mismatch"));
}
if ($field = Submission::checkFields("action", "product", $_POST)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
$product = (array) json_decode(base64_decode($_POST['product']));
switch ($_POST['action']) {
case 'soldOut':
if (!DbManager::i()->update("sf_products", array("soldOut" => intval($product['soldOut'])), array("productid" => intval($product['productid'])))) {
Logger::i()->writeLog("Marking product as soldOut failed, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Failed to mark product as soldOut"));
}
break;
case 'delete':
if (!DbManager::i()->delete("sf_products", array("productid" => intval($product['productid'])))) {
Logger::i()->writeLog("Deleting product failed, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Failed to delete product"));
}
