/**
* Affichage de page
* Cette fonction autoload (qui attrappe plusieurs pages) permet d'afficher
* des pages d'erreur type des erreurs les plus souvent rencontré dans le
* fonctionnement de FrameTool.
* @global type $tpl
* @param type $page
*/
function syscore_autoload($page)
{
global $tpl;
switch ($page) {
case 'forbidden':
$tpl->assign('msg', 'Vous n\'avez pas le niveau d\'accès nécessaire pour cette action.');
break;
case 'nomod':
$tpl->assign('msg', 'Module introuvable.');
break;
case 'moderror':
$tpl->assign('msg', 'Le module n\'a pas terminé correctement.');
break;
case 'nopage':
$tpl->assign('msg', 'Le module n\'a pas executer cette page.');
break;
case 'invcall':
$tpl->assign('msg', 'Un paramètre est incorrect et empêche l\'exécution.');
break;
case 'custom':
$tpl->assign('msg', $_GET['error']);
break;
default:
$tpl->assign('msg', 'Erreur inconnu : ' . $page);
break;
}
$tpl->display('syscore_error.tpl');
quit();
}
/**
* Controleur page d'index admin
* Permet l'affichage de la page d'administration des droits d'accès.
*/
function admin_index()
{
global $pdo, $tpl;
$sql = $pdo->prepare('SELECT * FROM acces WHERE acl_action != "index" AND acl_action != "admin" ORDER BY acl_action ASC, acl_page ASC');
$sql->execute();
$conf = array();
while ($line = $sql->fetch()) {
if (!isset($conf[$line['acl_action']])) {
$conf[$line['acl_action']] = array();
}
$conf[$line['acl_action']][] = $line;
}
$groups = new Modele('sections');
$groups->find();
while ($groups->next()) {
$tpl->append('grps', $groups->toArray());
}
$aclGrps = new Modele('access_groups');
$aclGrps->find();
$aclGrpsRslt = array();
while ($aclGrps->next()) {
if (!isset($aclGrpsRslt[$aclGrps->raw_ag_access])) {
$aclGrpsRslt[$aclGrps->raw_ag_access] = array();
}
$aclGrpsRslt[$aclGrps->raw_ag_access][] = $aclGrps->raw_ag_group;
}
$tpl->assign('aclGrps', $aclGrpsRslt);
$tpl->assign('acls', $conf);
$tpl->display('admin_index.tpl');
quit();
}
function getAccessToken(&$fb, $bucket, $tokenFile)
{
// Read file from Google Storage
$client = getClient();
$storage = getStorageService($client);
$tokensStr = getTokens($client, $storage, $bucket, $tokenFile);
if (empty($tokensStr)) {
quit("No more FB access tokens in storage -- login to app ASAP to generate a token");
} else {
$tokens = json_decode($tokensStr, true);
// 'true' will turn this into associative array instead of object
// Validate the token before use. User may have logged off facebook, or deauthorized this app.
// shuffle the array to get random order of iteration
shuffle($tokens);
//var_dump($tokens);
foreach ($tokens as $token) {
$response = $fb->get('/me', $token);
if (!$response->isError()) {
// access_token is valid token
return $token;
}
}
quit("None of the tokens are valid");
}
}
function check($name, $value, $method)
{
//easy to add
$var = trim($value);
$var = addslashes($var);
$tmpvar = strtolower($var);
if (strpos($tmpvar, "'") == false && strpos($tmpvar, "*") == false && strpos($tmpvar, "--") == false) {
$var = stripslashes($var);
} else {
quit("SQL Statements in input detected!", $method);
$var = NULL;
}
if (strpos($tmpvar, "<script>") == false && strpos($tmpvar, "\"") == false && strpos($tmpvar, "prompt(") == false && strpos($tmpvar, "alert(") == false) {
$var = stripslashes($var);
} else {
quit("XSS statements in input detected!", $method);
$var = NULL;
}
if (strpos($tmpvar, "/./") == false && strpos($tmpvar, "etc/passwd") == false && strpos($tmpvar, "/..") == false && strpos($tmpvar, "/../") == false) {
$var = stripslashes($var);
} else {
quit("Path Traversal injection found!", $method);
$var = NULL;
}
}
function bulletin_viewbulletin()
{
global $pdo, $root;
$mdl = new Modele("bulletin_user");
$mdl->fetch($_GET['id']);
require $root . 'libs' . DS . 'bulletins' . DS . $mdl->bu_period->period_generator . DS . 'bulletin.php';
bulletin_view_user($_GET['id']);
quit();
}
function twofactors_getQR()
{
global $srcdir;
require_once $srcdir . '/libs/phpqrcode/phpqrcode.php';
$text = sprintf("otpauth://totp/%s@%s?secret=%s&issuer=LATEB", $_SESSION['user']['user_name'], $_SERVER['HTTP_HOST'], $_SESSION['user']['GoogleAuthenticator']);
$qrcode = new QRcode();
$qrcode->png($text, false, QR_ECLEVEL_M, 5);
quit();
}
function verifyQuestion($creds)
{
include $creds;
if (!isset($_POST['question'])) {
quit('Question not set');
}
if (strlen($_POST['question']) < 10 || strlen($_POST['question']) > 255) {
quit('Question length error');
} else {
if (substr($_POST['question'], -1) != '?') {
quit("Question missing '?'");
}
}
}
/**
* Ajout d'une école
* Controleur utilisé pour ajouter une nouvelle école.
*/
function ecole_add()
{
global $pdo, $tpl;
$tpl->assign('error', false);
$tpl->assign('succes', false);
if (isset($_POST['ut_name'])) {
if (autoInsert('user_types', 'ut_')) {
$tpl->assign('succes', true);
} else {
$tpl->assign('error', true);
}
}
$tpl->display('ecole_add.tpl');
quit();
}
/**
* Ajoute une bière
* Des fois c'est bien de pouvoir rajouter un utilisateur depuis le panneau d'admin pour l'ajout des nouveaux adhérents.
*/
function beer_add()
{
global $pdo, $tpl;
$tpl->assign('error', false);
$tpl->assign('succes', false);
if (isset($_POST['beer_name'])) {
if (autoInsert('beers', 'beer_')) {
$tpl->assign('succes', true);
} else {
$tpl->assign('error', true);
}
}
$sql = $pdo->prepare('SELECT * FROM beer_types');
$sql->execute();
while ($type = $sql->fetch()) {
$tpl->append('types', $type);
}
$tpl->display('user_add.tpl');
quit();
}
function mandate_index()
{
global $tpl, $pdo;
$table = mdle_need_desc('mandate');
foreach ($table['fields'] as $key => $f) {
if (!isset($f['label'])) {
$f['label'] = $key;
}
$f['name'] = $key;
$tpl->append('fields', $f);
}
$tpl->assign('mandate', $table);
$sql = $pdo->query("SELECT * FROM `mandate`");
$tpl->assign('insts', $sql->fetchAll());
if ($tpl->getTemplateVars('result') == null) {
$tpl->assign('result', '');
}
$tpl->display('mandate_index.tpl');
quit();
}
public function sendRequest()
{
$details = new Details();
$details->setShipping(0)->setTax(0)->setSubtotal($this->totalAmount);
$amount = new Amount();
$amount->setCurrency($this->currencyCode)->setTotal($this->totalAmount)->setDetails($details);
$transaction = new Transaction();
$transaction->setAmount($amount)->setItemList($this->itemList)->setDescription("Payment description")->setInvoiceNumber(uniqid());
$baseUrl = 'http://localhost/';
$redirectUrls = new RedirectUrls();
$redirectUrls->setReturnUrl("{$baseUrl}/ExecutePayment.php?success=true")->setCancelUrl("{$baseUrl}/ExecutePayment.php?success=false");
$payment = new Payment();
$payment->setIntent("sale")->setPayer($this->payer)->setRedirectUrls($redirectUrls)->setTransactions(array($transaction));
try {
$payment->create($this->apiContext);
} catch (Exception $ex) {
// NOTE: PLEASE DO NOT USE RESULTPRINTER CLASS IN YOUR ORIGINAL CODE. FOR SAMPLE ONLY
var_dump($ex);
exit(1);
}
$approvalUrl = $payment->getApprovalLink();
header('Location: ' . $approvalUrl);
quit();
}
function cards_download()
{
global $tmpdir;
$bdl = new Modele('cardbundle');
$bdl->fetch($_GET['bundle']);
$bdl->cbundle_status = 'WAIT';
$crd = new Modele('card');
$crd->find(array('card_bundle' => $bdl->cbundle_id));
$zipfile = tempnam($tmpdir, 'zip');
$zip = new ZipArchive();
$zip->open($zipfile, ZipArchive::CREATE);
$zip->setArchiveComment("Automade zip archive from EPITANIME intra software. Bundle " . $bdl->cbundle_date);
while ($crd->next()) {
$zip->addFile($crd->card_picture, "card{$crd->card_id}.png");
$crd->card_status = 'PRINT';
}
$zip->close();
header('Content-Type: application/zip');
header('Content-Disposition: attachment; filename="bundle_' . $bdl->cbundle_date . '.zip"');
readfile($zipfile);
unlink($zipfile);
quit();
}
function api_userinfo()
{
$usr = _api_getUser();
if ($usr === null) {
return;
}
$infos = array('sub' => $usr->user_id, 'name' => $usr->user_name, 'given_name' => $usr->user_firstname, 'family_name' => $usr->user_lastname, 'nickname' => $usr->user_name, 'email' => $usr->user_email, 'email_verified' => false, 'gender' => $usr->user_sexe == 'GIRL' ? 'female' : 'male', 'birthdate' => $usr->user_born, 'phone_number' => $usr->user_phone, 'phone_number_verified' => false, 'acl' => $usr->raw_user_role, 'groups' => array());
$sections = new Modele('user_sections');
$sections->find(array('us_user' => $usr->getKey()));
while ($sections->next()) {
$infos['groups'][] = array('gid' => $sections->us_section->section_id, 'name' => $sections->us_section->section_name, 'role' => $sections->raw_us_type);
}
echo json_encode($infos);
quit();
}
function index_securimage_show()
{
global $srcdir;
require_once $srcdir . '/libs/securimage/securimage_show.php';
quit();
}
function route($method = '@', $path = '', $callback = null)
{
static $routes = array();
if ($method == '@') {
$request = request();
if (empty($routes[$request['method']])) {
trigger(404);
quit(404);
}
foreach ($routes[$request['method']] as $pattern => $route) {
if (preg_match('#^/' . $pattern . '/?$#', $request['uri'], $captures)) {
array_shift($captures);
trigger('route.before', $route, $captures);
response('start');
$results = call_user_func_array($route['callback'], $captures);
response('stop');
if (is_array($results) || is_object($results)) {
response('delete');
response('header', 'Content-Type', 'application/json');
response('append', json_encode($results, JSON_NUMERIC_CHECK));
} else {
echo $results;
}
trigger('route.after', $route);
return;
}
}
trigger(404) or quit(404);
} else {
if ($path) {
$method = strtolower(trim($method));
$path = preg_replace_callback('#(:\\w+)#', function ($m) {
return '([^/]+)';
}, str_replace('.', '\\.', trim($path, '/')));
$routes[$method][$path] = array('callback' => $callback ?: function () {
});
}
}
}
function admin_modeles_modinst()
{
global $tpl;
$modele = new Modele($_GET['modele']);
$modele->fetch($_GET['key']);
$tpl->assign('result', '');
if (isset($_POST['action'])) {
if ($modele->modFrom($_POST)) {
$tpl->assign('result', 'success');
} else {
$tpl->assign('result', 'error');
}
}
$tpl->assign('modele', $modele);
$tpl->assign('edit', $modele->edit());
$tpl->display('adminmodeles_modinst.tpl');
quit();
}
require 'pgdb.php';
function param($id)
{
return isset($_GET[$id]) ? pg_escape_string(urldecode($_GET[$id])) : false;
}
function quit($msg)
{
header("Content-Type: text/plain");
echo "{$msg}\n";
exit;
}
$db = new PGDB();
if (!$db->ok()) {
quit("DB");
}
$save = "SELECT urler_save('%s', '%s', '%s')";
$url = param("url");
$nick = param("nick");
$chan = param("chan");
if ($url) {
$qrystr = sprintf($save, $url, $nick, $chan);
if ($db->query($qrystr)) {
$line = $db->getline();
quit($line["urler_save"]);
} else {
quit("Q");
}
} else {
header("Content-Type: application/xhtml+xml; charset=utf-8");
readfile("urler.xhtml");
}
function load_queue($queueid, $repo)
{
global $Conf, $Now;
$result = $Conf->qe("select q.*,\n count(fq.queueid) nahead,\n min(if(fq.runat>0,fq.runat,{$Now})) as head_runat,\n min(fq.nconcurrent) as ahead_nconcurrent\n from ExecutionQueue q\n left join ExecutionQueue fq on (fq.queueclass=q.queueclass and fq.queueid<q.queueid)\n where q.queueid={$queueid} group by q.queueid");
if (!($queue = edb_orow($result))) {
quit("Queued job was cancelled, try again");
} else {
if ($queue->repoid != $repo->repoid) {
quit("Queued job belongs to a different repository");
}
}
return $queue;
}
function ml_addMember()
{
global $tpl;
$api = new GoogleApi();
$msg = $api->addGroupMember($_GET['ml'], $_POST['email']);
if (isset($msg->error)) {
$tpl->assign('msg', $msg->error->message);
$tpl->display('syscore_error.tpl');
quit();
} else {
redirect("ml", "view", array("ml" => $_GET['ml'], 'hsuccess' => 1));
}
}
function logout()
{
if ($this->session->userdata('username') != null) {
$this->Common_repo->log("User Name : " . $this->session->userdata('username') . " Logged out");
}
$this->data['title'] = "Logout";
$sess_id = $this->session->userdata('session_id');
$user_id = $this->session->userdata('user_id');
$user_name = $this->session->userdata('username');
//log the user out
$logout = $this->ion_auth->logout();
$this->users_repo->ejectUser($sess_id);
quit($user_id, $user_name);
//if logging out from ajax request
if ($this->input->is_ajax_request()) {
echo "FALSE";
return;
}
//redirect them back to the page they came from
redirect('auth', 'refresh');
}
<?php
require 'pgdb.php';
function quit($data)
{
header("Content-Type: application/json");
echo json_encode($data);
exit;
}
$db = new PGDB();
if (!$db->ok()) {
quit(array(0 => "DB"));
}
$update = "SELECT urler_prune('%s')";
$load = "SELECT * FROM urler_log WHERE seen = 'false' ORDER BY at DESC";
$datetime = isset($_GET["seen"]) ? $_GET["seen"] : false;
if ($datetime) {
$qrystr = sprintf($update, pg_escape_string($datetime));
if ($db->query($qrystr)) {
header("Location: /urler/");
}
} elseif ($db->query($load)) {
quit($db->getall());
} else {
quit(array(0 => "Q"));
}
/**
* Affiche les détails d'une section
* Les détails d'une section c'est aussi la liste des membres de la section avec la gestion des membres.
* NB: C'est aussi d'ici qu'on créer un événement.
*/
function section_details()
{
global $pdo, $tpl;
$tpl->assign('managers', array());
$tpl->assign('users', array());
$tpl->assign('guests', array());
$section = new Modele('sections');
$section->fetch($_REQUEST['section']);
$tpl->assign('section', $section);
$sql = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN users ON user_id = us_user WHERE us_section = ? AND us_type="manager"');
$sql->bindValue(1, $section->section_id);
$sql->execute();
while ($line = $sql->fetch()) {
$tpl->append('managers', $line);
}
$sql = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN users ON user_id = us_user WHERE us_section = ? AND us_type="user"');
$sql->bindValue(1, $section->section_id);
$sql->execute();
while ($line = $sql->fetch()) {
$tpl->append('users', $line);
}
$sql = $pdo->prepare('SELECT * FROM user_sections LEFT JOIN users ON user_id = us_user WHERE us_section = ? AND us_type="guest"');
$sql->bindValue(1, $section->section_id);
$sql->execute();
while ($line = $sql->fetch()) {
$tpl->append('guests', $line);
}
$tpl->display('section_details.tpl');
quit();
}
public function argv(array $parameters = null, $methodName = null)
{
if ($parameters == null) {
if ($this->conf == null) {
return;
}
$parameters = $this->conf;
}
$_map = array();
$_req = req();
$_inf = inf();
$_msg = null;
try {
foreach ($parameters as $k => $r) {
if ($r == null) {
continue;
}
$_msg = isset($r["msg"]) ? $r["msg"] : null;
$v = trim($_req->getParameter(isset($r["name"]) ? $r["name"] : $k));
if ($v == STR_EMPTY) {
if (isset($r["req"])) {
if (isset($r["constant"])) {
$_map[$k] = DB::constant($r["constant"]);
}
if (isset($r["session"]) && $r["session"] === true) {
if (isset($_SESSION[$k])) {
$_map[$k] = $_SESSION[$k];
}
}
if ($methodName != null && isset($r["req"][$methodName])) {
if ($r["req"][$methodName] && !isset($_map[$k])) {
throw new Exception($_inf->requiredException($k));
}
}
}
} else {
if (isset($r["type"])) {
switch ($r["type"]) {
case "email":
if (!ctype_email($v)) {
quit($_inf->requiredException($k));
}
break;
case "digit":
case "int":
$x = preg_replace("/([^0-9.\\-])/", STR_EMPTY, $v);
if (!is_numeric($x)) {
throw new Exception($_inf->digit($k, $v));
}
$v = $r["type"] == "int" ? intval($x) : $x;
break;
case "alnum":
if (!ctype_alnum($v)) {
throw new Exception($_inf->alnum($k, $v));
}
break;
case "alpha":
if (!ctype_alpha($v)) {
throw new Exception($_inf->alpha($k, $v));
}
break;
case "regex":
if (!preg_match($r["regex"], $v)) {
throw new Exception($_inf->regexException($k, $r["regex"], $v));
}
break;
case "bool":
if ($v !== "true" || $v !== "false") {
throw new Exception($_inf->boolean($k, $v));
}
$v = $v === "true" ? true : false;
break;
case "date":
if (strlen($v) === 8) {
$v = sprintf("%s-%s-%s", substr($v, 0, 4), substr($v, 4, 2), substr($v, 6));
}
if (isset($r["format"])) {
$c = array_combine(preg_split("/([\\/\\.-])/", $r["format"], -1), preg_split("/([\\/\\.-])/", $v, -1));
$d = intval($c["d"]);
$m = intval($c["m"]);
$Y = intval($c["Y"]);
if (!checkdate($m, $d, $Y)) {
throw new Exception($_inf->date($k, $v));
}
$v = sprintf("%s-%s-%s", $c["Y"], $c["m"], $c["d"]);
}
break;
case "periode":
$j = strlen($v);
if ($j > 7) {
throw new Exception($_inf->length($k, $v, $j));
}
if ($j === 6) {
$v = sprintf("%s-%s", substr($v, 0, 4), substr($v, 4));
}
break;
}
}
if (isset($r["uppercase"])) {
if ($r["uppercase"] === true) {
$v = strtoupper($v);
}
}
if (isset($r["lowercase"])) {
if ($r["lowercase"] === true) {
$v = strtolower($v);
}
}
$x = isset($r["minl"]) ? true : false;
$y = isset($r["maxl"]) ? true : false;
if ($x || $y) {
$j = strlen($v);
if ($x) {
if ($j < $r["minl"]) {
throw new Exception($_inf->length($k, $v, $j));
}
}
if ($y) {
if ($j > $r["maxl"]) {
throw new Exception($_inf->length($k, $v, $j));
}
}
}
$x = isset($r["minv"]) ? true : false;
$y = isset($r["maxv"]) ? true : false;
if ($x || $y) {
if ($x) {
if ($v < $r["minv"]) {
throw new Exception($_inf->value($k, $v, "<", $r["minv"]));
}
}
if ($y) {
if ($v > $r["maxv"]) {
throw new Exception($_inf->value($k, $v, ">", $r["maxv"]));
}
}
}
$_map[$k] = $v;
}
}
} catch (Exception $e) {
throw new Exception($_msg == null ? $e->getMessage() : $_msg);
}
if (DEBUG_MSG) {
api_DBG::setMap($_map, $parameters);
}
#comment for production use to avoid useless eval
return $_map;
}
<?php
session_start();
require_once 'inc/const.php';
global $luo_session_name;
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
} else {
$username = "";
}
$finput = empty($username) ? "username" : "password";
if (isset($_GET['act']) && addslashes($_GET['act']) == "login") {
login();
}
if (isset($_GET['act']) && addslashes($_GET['act']) == "quit") {
quit();
}
function login()
{
/*
* 操作:添加
* 作用:当客户添加一个月之后状态还是未成交客户则把该用户转换为公海客户
* 添加时间:2014.7.4
* 添加人:赵兴壮
* 添加行:12行
*/
$id_data = get_transfercusid();
if (!empty($id_data)) {
transfercus($id_data);
}
global $db;
define('UPLOAD_URL', 'http://afarber.de/gc/%s.jpg');
$id = $_POST['id'];
$auth = $_POST['auth'];
$img = $_POST['img'];
header('Content-Type: application/json; charset=utf-8');
if (!preg_match('/^G:\\d+$/', $id)) {
quit('Wrong player id');
}
$path = UPLOAD_DIR . $id . '.jpg';
$data = base64_decode($img, TRUE);
if ($data === FALSE) {
quit('Wrong image data');
}
$len = strlen($data);
if ($len < MIN_SIZE || $len > MAX_SIZE) {
quit('Wrong image size');
}
$fh = fopen($path, 'wb');
if ($fh) {
flock($fh, LOCK_EX);
fwrite($fh, $data);
fclose($fh);
}
$resp = array('url' => sprintf(UPLOAD_URL, urlencode($id)));
print json_encode($resp);
function quit($str)
{
$error = array('error' => $str);
print json_encode($error);
exit(1);
}
function user_viewphoto()
{
$usr = new Modele('users');
$usr->fetch($_GET['user']);
header('Content-Type: image/png');
readfile($usr->user_photo);
quit();
}
function bulletin_valid($mdl)
{
global $tpl, $srcdir;
include_once $srcdir . "/libs/intra.php";
bulletin_toTemplate($_REQUEST['id']);
$intra = new EIntranet();
if (!isset($_REQUEST['period'])) {
$tpl->assign('attrib', $intra->getSpicesList());
$tpl->display($srcdir . '/libs/bulletins/epitech/choose.tpl');
quit();
}
}
function wifi_getToken()
{
echo _wifi_getToken();
quit();
}
/**
* SIG number manager
*
* @param integer $signo The signal number to handle
*
* @return void
*/
function sig_handler($signo)
{
switch ($signo) {
case SIGTERM:
case SIGINT:
quit();
break;
case SIGHUP:
quit("restart");
break;
}
}
function pubcmd($user, $whom, $msg)
{
global $bnick, $version;
$params = explode(" ", $msg);
if (ereg("^#", $whom)) {
// if they're calling the bot in a channel
$mecalled = array_shift($params);
// getting bots nick out
} else {
// private msg to the bot
$mecalled = $bnick;
$whom = get_nick($user);
}
$command = strtoupper(array_shift($params));
if ($mecalled == $bnick) {
switch ($command) {
case "SERVER":
msg($whom, "I'm using " . ircserver());
break;
case "PING":
dump("NOTICE {$whom} :PING " . implode(" ", $params));
break;
case "VERSION":
dump("NOTICE " . get_nick($user) . " :VERSION {$version} ");
break;
default:
if (is_admin($user)) {
switch ($command) {
case "JOIN":
call_user_func_array('jchan', $params);
break;
case "PART":
part($params[0]);
break;
case "ACTION":
action($whom, join(" ", $params));
break;
case "DO":
dump(join(" ", $params));
break;
case "BINDINGS":
msg($whom, "BINDINGS for {$params['0']} -> (" . join(",", managebindings('list', $params[0])) . ")");
break;
case "REHASH":
msg($whom, "rehashing...");
//rehash();
break;
case "QUIT":
irclog("cmd", "ressurect requested by " . get_nick($user));
quit("requested by " . get_nick($user));
break;
case "DIE":
quit("requested by " . get_nick($user));
irclog("cmd", "die request by " . get_nick($user));
exit;
break;
case "MYSQL":
$query = implode(" ", $params);
jmysql($query);
break;
default:
msg($whom, "Not implemented... yet!");
break;
}
}
break;
}
}
}
