function addKey()
{
$db_connection = createDatabaseConnection();
$pid = '0';
$keyName = $_POST['keyName'];
$keyID = $_POST['keyID'];
$vCode = $_POST['vCode'];
$keyXML = getAPIInfo($keyID, $vCode);
if ($keyXML !== '') {
$uniquepid = false;
while (!$uniquepid) {
$pid = createRandomString();
$pidcheck = 'SELECT apikey_pid FROM apikeys WHERE apikey_pid=\'' . $pid . '\';';
$others = 0;
foreach ($db_connection->query($pidcheck) as $row) {
$others++;
}
if ($others === 0) {
$uniquepid = true;
}
}
setAllKeysInactive();
$keyType = getAPIType($keyXML);
$isActive = 1;
$sql = 'INSERT INTO apikeys (apikey_pid,user_name,apikey_name,apikey_keyid,apikey_vcode,apikey_type,apikey_isactive) VALUES (\'' . $pid . '\',\'' . $_SESSION['user_name'] . '\',\'' . $keyName . '\',\'' . $keyID . '\',\'' . $vCode . '\',\'' . $keyType . '\',\'' . $isActive . '\');';
$db_connection->exec($sql);
$_SESSION['keyID'] = $keyID;
$_SESSION['vCode'] = $vCode;
$_SESSION['selectedCharacter'] = 0;
}
}
/**
* Reset username dan password seluruh wilayah kerja.
*
* @param string $working_area_id
* @return array
*/
private function createUserPass($working_area_id)
{
$username = createRandomString();
$password = createRandomString();
$wkName = DB::table('working_area')->select(['working_area_name'])->where('id', '=', $working_area_id)->value('working_area_name');
DB::table('user')->where('working_area_id', $working_area_id)->update(['username' => $username, 'password' => Hash::make($password), 'enc_password' => Crypt::encrypt($password)]);
return ['WKID' => $working_area_id, 'Working Area Name' => $wkName, 'Username' => $username, 'Password' => $password];
}
public function initialise()
{
global $PRISM;
if ($this->loadIniFile($this->cvars, FALSE)) {
if ($this->cvars['debugMode'] & PRISM_DEBUG_CORE) {
console('Loaded ' . $this->iniFile);
}
} else {
$this->cvars['secToken'] = str_replace(array('"', '\'', ' '), '.', createRandomString(16));
console('Using cvars defaults.');
if ($this->createIniFile('PHPInSimMod Configuration Variables', array('prism' => &$this->cvars))) {
console('Generated config/' . $this->iniFile);
}
}
return true;
}
function geodir_user_add_claim()
{
global $wp_query, $post, $General, $wpdb, $plugin_prefix, $current_user;
if (isset($_REQUEST['add_claim_nonce_field']) && isset($_REQUEST['geodir_pid']) && is_user_logged_in()) {
if (!wp_verify_nonce($_REQUEST['add_claim_nonce_field'], 'add_claim_nonce' . $_REQUEST['geodir_pid'])) {
return;
}
$list_id = $pid = $_POST['geodir_pid'];
$claim_post = get_post($pid);
if (isset($_POST['geodir_sendact']) && $_POST['geodir_sendact'] == 'add_claim') {
$uid = $claim_post->post_author;
$list_title = $claim_post->post_title;
$user_id = $current_user->ID;
$user_name = $current_user->user_login;
$user_email = $current_user->user_email;
$user_fullname = $_POST['geodir_full_name'];
$user_number = $_POST['geodir_user_number'];
$user_position = $_POST['geodir_user_position'];
$user_comments = $_POST['geodir_user_comments'];
$claim_date = date("F j, Y, g:i a");
$org_author = get_the_author_meta('login', $uid);
$org_authorid = $claim_post->post_author;
$rand_string = createRandomString();
$user_ip = getenv("REMOTE_ADDR");
// Force to upgrade to complete claim listing
$force_upgrade = geodir_claim_force_upgrade();
$package_list = geodir_claim_payment_package_list($claim_post->post_type);
if ($force_upgrade && !empty($package_list)) {
$geodir_upgrade_pkg = isset($_POST['geodir_claim_pkg']) ? $_POST['geodir_claim_pkg'] : '';
$package_info = geodir_get_package_info_by_id($geodir_upgrade_pkg);
if (empty($package_info) || !$list_id) {
return;
}
}
if ($_REQUEST['geodir_pid']) {
$claimsql = $wpdb->prepare("INSERT INTO " . GEODIR_CLAIM_TABLE . " (list_id, list_title, user_id, user_name, user_email, user_fullname, user_number, user_position, user_comments, claim_date, org_author, org_authorid, rand_string, user_ip ) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s,%s, %s )", array($list_id, $list_title, $user_id, $user_name, $user_email, $user_fullname, $user_number, $user_position, $user_comments, $claim_date, $org_author, $org_authorid, $rand_string, $user_ip));
$claim = $wpdb->query($claimsql);
// Force to upgrade to complete claim listing
if ($force_upgrade && !empty($package_list) && $claim && $wpdb->insert_id) {
if (!(double) $package_info->amount > 0) {
// Free price package plan
$upgrade_pkg_data = array();
$upgrade_pkg_data['post_id'] = $list_id;
$upgrade_pkg_data['package_id'] = $geodir_upgrade_pkg;
$upgrade_pkg_data['pid'] = $wpdb->insert_id;
$upgrade_pkg_data['date'] = date_i18n('Y-m-d H:i:s', time());
$upgrade_pkg_data['amount'] = $package_info->amount;
$upgrade_pkg_data['user_id'] = $user_id;
$upgrade_pkg_data['author_id'] = $org_authorid;
$upgrade_pkg_data = maybe_serialize($upgrade_pkg_data);
$sql = $wpdb->prepare("UPDATE " . GEODIR_CLAIM_TABLE . " SET `upgrade_pkg_id`=%d, `upgrade_pkg_data`=%s WHERE `pid`=%d", array($geodir_upgrade_pkg, $upgrade_pkg_data, $wpdb->insert_id));
$wpdb->query($sql);
}
}
geodir_adminEmail($list_id, $user_id, 'claim_requested');
/* email to admin*/
geodir_clientEmail($list_id, $user_id, 'claim_requested');
/* email to client*/
}
if (get_option('geodir_claim_auto_approve') == 'yes') {
geodir_clientEmail($list_id, $user_id, 'auto_claim', $rand_string);
/* email to client*/
}
$postlink = get_permalink($claim_post->ID);
$url = geodir_getlink($postlink, array('geodir_claim_request' => 'success'), false);
wp_redirect($url);
}
} else {
wp_redirect(home_url() . '/?geodir_signup=true');
exit;
}
}
public static function parseFile(HttpResponse &$_RESPONSE, $file, array $SERVER, array &$_GET, array &$_POST, array &$_COOKIE, array &$_FILES)
{
global $PRISM;
// Restore session?
if (isset($_COOKIE['PrismSession']) && isset(self::$sessions[$_COOKIE['PrismSession']]) && self::$sessions[$_COOKIE['PrismSession']][0] > time() && self::$sessions[$_COOKIE['PrismSession']][1] == $SERVER['REMOTE_ADDR']) {
$_SESSION = self::$sessions[$_COOKIE['PrismSession']][2];
// Sessions only last for one request. We rewrite it later on if needed.
unset(self::$sessions[$_COOKIE['PrismSession']]);
}
// Change working dir to docRoot
chdir($PRISM->http->getDocRoot());
$prismScriptNameHash = md5($PRISM->http->getDocRoot() . $file);
$prismScriptMTime = filemtime($PRISM->http->getDocRoot() . $file);
clearstatcache();
// Run script from cache?
if (isset(self::$scriptCache[$prismScriptNameHash]) && self::$scriptCache[$prismScriptNameHash][0] == $prismScriptMTime) {
ob_start();
eval(self::$scriptCache[$prismScriptNameHash][1]);
$html = ob_get_contents();
ob_end_clean();
} else {
// Validate the php file
$parseResult = validatePHPFile($PRISM->http->getDocRoot() . $file);
if ($parseResult[0]) {
// Run the script from disk
$prismPhpScript = preg_replace(array('/^<\\?(php)?/', '/\\?>$/'), '', file_get_contents($PRISM->http->getDocRoot() . $file));
ob_start();
eval($prismPhpScript);
$html = ob_get_contents();
ob_end_clean();
// Cache the php file
self::$scriptCache[$prismScriptNameHash] = array($prismScriptMTime, $prismPhpScript);
} else {
$eol = "\r\n";
$html = '<html>' . $eol;
$html .= '<head><title>Error parsing page</title></head>' . $eol;
$html .= '<body bgcolor="white">' . $eol;
$html .= '<center><h4>' . implode("<br />\r\n", $parseResult[1]) . '</h4></center>' . $eol;
$html .= '<hr><center>PRISM v' . PHPInSimMod::VERSION . '</center>' . $eol;
$html .= '</body>' . $eol;
$html .= '</html>' . $eol;
unset(self::$scriptCache[$prismScriptNameHash]);
}
}
// Should we store the session?
if (isset($_SESSION) && $_SESSION != '') {
$sessionID = sha1(createRandomString(128, RAND_BINARY) . time());
self::$sessions[$sessionID] = array(time() + PRISM_SESSION_TIMEOUT, $SERVER['REMOTE_ADDR'], $_SESSION);
$_RESPONSE->setCookie('PrismSession', $sessionID, time() + PRISM_SESSION_TIMEOUT, '/', $SERVER['SERVER_NAME']);
} else {
if (isset($_COOKIE['PrismSession'])) {
$_RESPONSE->setCookie('PrismSession', '', 0, '/', $SERVER['SERVER_NAME']);
}
}
unset($_SESSION);
// Restore the working dir
chdir(ROOTPATH);
// Use compression?
if ($html != '' && isset($SERVER['HTTP_ACCEPT_ENCODING'])) {
$encoding = '';
if (strpos($SERVER['HTTP_ACCEPT_ENCODING'], 'x-gzip') !== false) {
$encoding = 'x-gzip';
} else {
if (strpos($SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false) {
$encoding = 'gzip';
}
}
if ($encoding) {
$_RESPONSE->addHeader('Content-Encoding: ' . $encoding);
return gzencode($html, 1);
} else {
return $html;
}
} else {
return $html;
}
}
public function handleInput(&$data, &$errNo)
{
// What is this? we're getting input while we're sending a reply?
if ($this->sendFile) {
$this->writeFileReset();
$this->httpRequest = null;
} else {
if ($this->sendQLen > 0) {
$this->sendQReset();
$this->httpRequest = null;
}
}
if (!$this->httpRequest) {
$this->httpRequest = new HttpRequest();
}
// Pass the incoming data to the HttpRequest class, so it can handle it.
if (!$this->httpRequest->handleInput($data)) {
// An error was encountered while receiving the requst.
// Send reply (unless 444, a special 'direct reject' code) and return false to close this connection.
if ($this->httpRequest->errNo != 444) {
$r = new HttpResponse('1.1', $this->httpRequest->errNo);
$r->addBody($this->createErrorPage($this->httpRequest->errNo, $this->httpRequest->errStr));
if ($this->httpRequest->errNo == 405) {
$r->addHeader('Allow: GET, POST, HEAD');
$r->addHeader('Access-Control-Allow-Methods: GET, POST, HEAD');
}
$this->write($r->getHeaders());
$this->write($r->getBody());
$this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
} else {
$this->logRequest(444, 0);
}
$errNo = $this->httpRequest->errNo;
return false;
}
// If we have no headers, or we are busy with receiving.
// Just return and wait for more data.
if (!$this->httpRequest->hasHeaders || $this->httpRequest->isReceiving) {
// We're still receiving the body of a request
return true;
}
// Return true to just wait and try again later
// At this point we have a fully qualified and parsed HttpRequest
// The HttpRequest object contains all info about the headers / GET / POST / COOKIE / FILES
// Just finalise it by adding some extra client info.
$this->httpRequest->SERVER['REMOTE_ADDR'] = $this->ip;
$this->httpRequest->SERVER['REMOTE_PORT'] = $this->port;
$this->httpRequest->SERVER['SERVER_ADDR'] = $this->localIP;
$this->httpRequest->SERVER['SERVER_PORT'] = $this->localPort;
$exp = explode(':', $this->httpRequest->headers['Host']);
$this->httpRequest->SERVER['SERVER_NAME'] = $exp[0];
$this->httpRequest->SERVER['HTTP_HOST'] = $this->httpRequest->headers['Host'];
$this->httpRequest->SERVER['HTTP_USER_AGENT'] = isset($this->httpRequest->headers['User-Agent']) ? $this->httpRequest->headers['User-Agent'] : '';
$this->httpRequest->SERVER['HTTP_ACCEPT'] = isset($this->httpRequest->headers['Accept']) ? $this->httpRequest->headers['Accept'] : '';
$this->httpRequest->SERVER['HTTP_ACCEPT_LANGUAGE'] = isset($this->httpRequest->headers['Accept-Language']) ? $this->httpRequest->headers['Accept-Language'] : '';
$this->httpRequest->SERVER['HTTP_ACCEPT_ENCODING'] = isset($this->httpRequest->headers['Accept-Encoding']) ? $this->httpRequest->headers['Accept-Encoding'] : '';
$this->httpRequest->SERVER['HTTP_ACCEPT_CHARSET'] = isset($this->httpRequest->headers['Accept-Charset']) ? $this->httpRequest->headers['Accept-Charset'] : '';
$this->httpRequest->SERVER['HTTP_CONNECTION'] = isset($this->httpRequest->headers['Connection']) ? $this->httpRequest->headers['Connection'] : '';
$this->httpRequest->SERVER['HTTP_KEEP_ALIVE'] = isset($this->httpRequest->headers['Keep-Alive']) ? $this->httpRequest->headers['Keep-Alive'] : '';
if (isset($this->httpRequest->headers['Referer'])) {
$this->httpRequest->SERVER['HTTP_REFERER'] = $this->httpRequest->headers['Referer'];
}
if (isset($this->httpRequest->headers['Range'])) {
$this->httpRequest->SERVER['HTTP_RANGE'] = $this->httpRequest->headers['Range'];
}
if (isset($this->httpRequest->headers['Cookie'])) {
$this->httpRequest->SERVER['HTTP_COOKIE'] = $this->httpRequest->headers['Cookie'];
}
if (isset($this->httpRequest->headers['Authorization'])) {
$this->httpRequest->SERVER['HTTP_AUTHORIZATION'] = $this->httpRequest->headers['Authorization'];
}
$this->httpRequest->SERVER['REQUEST_TIME'] = time();
// Check if we have to match siteDomain
if ($this->http->getSiteDomain() != '' && $this->http->getSiteDomain() != $this->httpRequest->SERVER['SERVER_NAME']) {
$r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 404);
$r->addBody($this->createErrorPage(404));
$this->write($r->getHeaders());
$this->write($r->getBody());
$errNo = 404;
$this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
return false;
}
// HTTP Authorisation?
if ($this->http->getHttpAuthPath() != '') {
$scriptPath = pathinfo($this->httpRequest->SERVER['SCRIPT_NAME'], PATHINFO_DIRNAME);
// Check if path must be auth'd and if HTTP_AUTHORIZATION header exists and if so, validate it
if (isDirInDir($this->http->getHttpAuthPath(), $this->http->getDocRoot() . $scriptPath) && (!isset($this->httpRequest->SERVER['HTTP_AUTHORIZATION']) || !$this->validateAuthorization())) {
// Not validated - send 401 Unauthorized
do {
$nonce = createRandomString(17, RAND_HEX);
if (!$this->http->getNonceInfo($nonce)) {
break;
}
} while (true);
$opaque = $this->http->addNewNonce($nonce);
$r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 401);
if ($this->http->getHttpAuthType() == 'Digest') {
$r->addHeader('WWW-Authenticate: Digest realm="' . HTTP_AUTH_REALM . '", qop="auth", nonce="' . $nonce . '", opaque="' . $opaque . '"');
} else {
$r->addHeader('WWW-Authenticate: Basic realm="' . HTTP_AUTH_REALM . '"');
}
$r->addBody($this->createErrorPage(401, '', true));
$this->write($r->getHeaders());
$this->write($r->getBody());
$errNo = 401;
$this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
$this->httpRequest = null;
return true;
// we return true this time because we may stay connected
}
}
//var_dump($this->httpRequest->headers);
//var_dump($this->httpRequest->SERVER);
//var_dump($this->httpRequest->GET);
//var_dump($this->httpRequest->POST);
//var_dump($this->httpRequest->COOKIE);
// Rewrite script name? (keep it internal - don't rewrite SERVER header
$scriptName = $this->httpRequest->SERVER['SCRIPT_NAME'] == '/' ? '/index.php' : $this->httpRequest->SERVER['SCRIPT_NAME'];
if (file_exists($this->http->getDocRoot() . $scriptName)) {
// Should we serve a file or pass the request to PHPParser for page generation?
if (preg_match('/^.*\\.php$/', $scriptName)) {
if ($this->httpRequest->SERVER['REQUEST_METHOD'] == 'HEAD') {
$r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 200);
$this->write($r->getHeaders());
} else {
// 'Parse' the php file
$r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 200);
$html = PHPParser::parseFile($r, $scriptName, $this->httpRequest->SERVER, $this->httpRequest->GET, $this->httpRequest->POST, $this->httpRequest->COOKIE, $this->httpRequest->FILES);
$r->addBody($html);
$this->write($r->getHeaders());
$this->write($r->getBody());
}
} else {
if (is_dir($this->http->getDocRoot() . $this->httpRequest->SERVER['SCRIPT_NAME'])) {
// 403 - not allowed to view folder contents
$r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 403);
$r->addBody($this->createErrorPage(403));
$this->write($r->getHeaders());
$this->write($r->getBody());
} else {
// Send a file
if ($this->httpRequest->SERVER['REQUEST_METHOD'] == 'HEAD') {
$r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 200);
$this->write($r->getHeaders());
} else {
$r = $this->serveFile();
}
}
}
} else {
// 404
$r = new HttpResponse($this->httpRequest->SERVER['httpVersion'], 404);
$r->addBody($this->createErrorPage(404));
$this->write($r->getHeaders());
$this->write($r->getBody());
}
// log line
$this->logRequest($r->getResponseCode(), $r->getHeader('Content-Length') ? $r->getHeader('Content-Length') : 0);
// Reset httpRequest
$this->httpRequest = null;
return true;
}
function sesCreateKey()
{
$_SESSION['key'] = createRandomString(20);
$_SESSION['keytime'] = time();
$_SESSION['keyip'] = $_SERVER['REMOTE_ADDR'];
return $_SESSION['key'];
}
}
$type = $_POST['type'];
$value = null;
$uploaddir = "";
switch ($type) {
case "image":
$value = $_FILES['image-' . $_POST['number']];
$uploaddir = BASEDIR . "media/image/";
break;
case "audio":
$value = $_FILES['audio-' . $_POST['number']];
$uploaddir = BASEDIR . "media/audio/";
break;
default:
die("unsupported type <strong>{$type}</strong>");
}
if ($value['name'] == null || $value['name'] == "") {
die("error: no name given");
}
$ext = pathinfo($value['name'], PATHINFO_EXTENSION);
$uploadFile = "";
$filename = "";
do {
$filename = createRandomString(15);
$uploadfile = $uploaddir . $filename . "." . $ext;
} while (file_exists($uploadFile));
if (move_uploaded_file($value['tmp_name'], $uploadfile)) {
echo json_encode(array("result" => "SUCCESS", "type" => $type, "filename" => "{$filename}.{$ext}", "number" => $_POST['number']));
} else {
echo json_encode(array("result" => "ERROR"));
}
public function __construct()
{
global $auth;
global $PH;
$this->children = array();
/**
* NOTE:
* - adding the edit_request_time as form hidden field would
* cause additional entries in the from-handle file. So we
* add it as a none checked field.
*
*/
### user might not be defined for anonymus pages like login
if (isset($auth->cur_user)) {
$this->add(new Form_HiddenField('edit_request_time', '', time()));
$this->add(new Form_HiddenField('edit_request_token', '', createRandomString()));
}
$this->button_submit = __("Submit");
parent::__construct();
}
if ($old_bulk_num_coupons != $bulk_num_coupons) {
$del_query_codes = "delete from toon_promo where `bulk_id`='{$bulk_id}'";
mysql_query($del_query_codes);
if ($bulk_num_coupons > 0) {
for ($val = 1; $val <= $bulk_num_coupons; $val++) {
$coupon_code = createRandomString();
$sql_insert_promo_code = mysql_query("insert into `toon_promo` (`bulk_id`, `promo_code`, `promo_discount`,`promo_product_type`,`promo_start_date`,`promo_expiry`,`promo_isused`)values('{$bulk_id}', '{$coupon_code}','{$bulk_discount}','{$bulk_pdt_type}','{$bulk_start_date}', '{$bulk_end_date}', '0')");
}
}
}
} else {
$sql_insert_promo_bulk = mysql_query("insert into `toon_promo_bulk` (`bulk_title`, `bulk_count`)values('{$bulk_title}','{$bulk_num_coupons}')");
$bulk_id = mysql_insert_id();
if ($bulk_num_coupons > 0) {
for ($val = 1; $val <= $bulk_num_coupons; $val++) {
$coupon_code = createRandomString();
$sql_insert_promo = mysql_query("insert into `toon_promo` (`bulk_id`,`promo_code`, `promo_discount`,`promo_product_type`,`promo_start_date`,`promo_expiry`,`promo_isused`)values('{$bulk_id}', '{$coupon_code}','{$bulk_discount}','{$bulk_pdt_type}','{$bulk_start_date}', '{$bulk_end_date}', '0')");
}
}
}
header("Location:bulk_coupons.php");
}
include 'includes/header.php';
?>
<script type="text/javascript">
function valid()
{
clear();
var valid=true;
if(document.getElementById("txtbulk_title").value=="")
{
/**
* Creates a new user.
* @return bool Success status of user registration
*/
private function createNewUser()
{
// remove html code etc. from username and email
$user_name = htmlentities($_POST['user_name'], ENT_QUOTES);
$user_email = htmlentities($_POST['user_email'], ENT_QUOTES);
$user_password = $_POST['user_password_new'];
// crypt the user's password with the PHP 5.5's password_hash() function, results in a 60 char hash string.
// the constant PASSWORD_DEFAULT comes from PHP 5.5 or the password_compatibility_library
$user_password_hash = password_hash($user_password, PASSWORD_DEFAULT);
$sql = 'SELECT * FROM users WHERE user_name = :user_name OR user_email = :user_email';
$query = $this->db_connection->prepare($sql);
$query->bindValue(':user_name', $user_name);
$query->bindValue(':user_email', $user_email);
$query->execute();
// As there is no numRows() in SQLite/PDO (!!) we have to do it this way:
// If you meet the inventor of PDO, punch him. Seriously.
$result_row = $query->fetchObject();
if ($result_row) {
echo '<script type="text/javascript">';
echo 'alert("Sorry, that username or email is already taken. Please choose another one.")';
echo '</script>';
return true;
} else {
$uniquepid = false;
$pid = '0';
while (!$uniquepid) {
$pid = createRandomString();
$pidcheck = 'SELECT apikey_pid FROM users WHERE apikey_pid=\'' . $pid . '\';';
$others = 0;
foreach ($this->db_connection->query($pidcheck) as $row) {
$others++;
}
if ($others === 0) {
$uniquepid = true;
}
}
$sql = 'INSERT INTO users (user_name, user_pid, user_password_hash, user_email)
VALUES(:user_name, :user_pid, :user_password_hash, :user_email)';
$query = $this->db_connection->prepare($sql);
$query->bindValue(':user_name', $user_name);
$query->bindValue(':user_pid', $pid);
$query->bindValue(':user_password_hash', $user_password_hash);
$query->bindValue(':user_email', $user_email);
$registration_success_state = $query->execute();
if ($registration_success_state) {
echo '<script type="text/javascript">';
echo 'alert("Your account has been created successfully. You can now log in.")';
echo '</script>';
$this->loginStuff();
return true;
} else {
echo '<script type="text/javascript">';
echo 'alert("Sorry, your registration failed. Please try again.")';
echo '</script>';
}
}
// default return
return false;
}
<?php
require __DIR__ . '/../vendor/autoload.php';
require __DIR__ . '/../src/FileDumperBackend.php';
\Tideways\Profiler::setBackend(new \Cotya\TideGauge\FileDumperBackend());
\Tideways\Profiler::start(['api_key' => 'random_api_key', 'sample_rate' => 100]);
\Tideways\Profiler::setTransactionName("cli:" . basename($_SERVER['argv'][0]));
\Tideways\Profiler::watch('TestClass::FooBar');
\Tideways\Profiler::watch('Composer\\Autoload\\ClassLoader::loadClass');
class TestClass
{
public function __construct()
{
}
public function FooBar()
{
}
}
function createRandomString()
{
$test = new TestClass();
$test->FooBar();
return "42";
}
//ld('start test');
$strings = [];
for ($i = 0; $i < 3; $i++) {
$strings[] = createRandomString();
}
\Tideways\Profiler::stop();
}
if (!in_array($_POST['state'], $validStates)) {
$errors[] = "Ungültiger Benutzerstatus.";
}
if (count($errors) > 0) {
foreach ($errors as $er) {
echo $er . "<br />";
}
die;
}
/*
* update database
*/
$t->addStatement("UPDATE :prefix:user SET \n firstname = :0, \n lastname = :1, \n rfid = :2,\n email = :3,\n state = :4\n WHERE userId = :5;", htmlspecialchars($_POST['firstname']), htmlspecialchars($_POST['lastname']), $_POST['rfid'], $_POST['email'], $_POST['state'], (int) $_POST['userid']);
if ($_POST['password'] != "") {
$salt = createRandomString(50);
$hash = hash("sha512", $_POST['password'] . $salt);
$t->addStatement("UPDATE :prefix:user SET password = :0, salt = :1 WHERE userId = :2", $hash, $salt, $_POST['userid']);
}
// delete patients which have been removed
foreach (dbConn::query("SELECT patient FROM :prefix:visit WHERE user = :0", $_POST['userid']) as $r) {
$contains = false;
if (isset($_POST['visits']) && is_array($_POST['visits'])) {
foreach ($_POST['visits'] as $v) {
if ($v['patientId'] == $r['patient']) {
$contains = true;
break;
}
}
}
if (!$contains) {
