Пример #1
0
function require_role($role = 'member')
{
    if (empty($_SESSION[role_name])) {
        redirect_login();
        die;
    }
}
Пример #2
0
                                                                echo "\n<h2>" . $page_title . "</h2>";
                                                                echo get_user_input_form(NULL, $HTTP_VARS);
                                                                echo format_footer_links($footer_links_r);
                                                                echo _theme_footer();
                                                            }
                                                        } else {
                                                            //End of $HTTP_VARS['op'] checks
                                                            opendb_operation_not_available();
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    } else {
        // invalid login, so login instead.
        redirect_login($PHP_SELF, $HTTP_VARS);
    }
} else {
    //if(is_site_enabled())
    opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
Пример #3
0
    if ($_REQUEST[lti_launch_id]) {
        $launchid = $_REQUEST[lti_launch_id];
    } else {
        if (!empty($_SESSION['lti_launch_id'])) {
            $launchid = $_SESSION[lti_launch_id];
        } else {
            unset($_SESSION['lti_launch_id']);
            redirect_login();
            $launchid = false;
        }
    }
    if ($launchid) {
        $launch = new ORM("launch", false, "lti_launch");
        if (!$launch) {
            throw new Exception("LTI Runtime - Datebase unable to instance user");
        }
        $launch->get($launchid);
        if (!$launch->id()) {
            throw new Exception("LTI Runtime - Launch session not found");
        }
        $launchdata = $launch->data();
        $_SESSION['lti_launch_id'] = $launch->id();
        if ($launch && $launch->data()) {
            $LTI = new LTIObject($launch->data());
        }
    }
} catch (Exception $e) {
    DPRT($e->getMessage());
    redirect_login();
    $LTI = false;
}
Пример #4
0
function register_val($con)
{
    //require_once('includes/bootstrapper.php');
    //require_once('includes/connect.php');
    //second send validation
    if (!empty($_POST['Send_2'])) {
        $username_final = mysqli_real_escape_string($con, $_POST['username']);
        $password_final = mysqli_real_escape_string($con, $_POST['password']);
        $apikey_final = mysqli_real_escape_string($con, $_POST['api']);
        $vcode_final = mysqli_real_escape_string($con, $_POST['vcode']);
        $email_final = mysqli_real_escape_string($con, $_POST['email']);
        $reports_final = mysqli_real_escape_string($con, $_POST['reports']);
        $dt = new DateTime();
        $tz = new DateTimeZone('Europe/Lisbon');
        $dt->setTimezone($tz);
        $datetime = $dt->format('Y-m-d H:i:s');
        $chars = array();
        if (isset($_POST['char1'])) {
            $char1 = $_POST['char1'];
            array_push($chars, $char1);
        } else {
            $char1 = "";
        }
        if (isset($_POST['char2'])) {
            $char2 = $_POST['char2'];
            array_push($chars, $char2);
        } else {
            $char2 = "";
        }
        if (isset($_POST['char3'])) {
            $char3 = $_POST['char3'];
            array_push($chars, $char3);
        } else {
            $char3 = "";
        }
        //$chars = array($char1,$char2,$char3);
        //FINAL SERVER VALIDATION #2 (just in case someone sneaks in HTML5)
        if (strlen($username_final) < 5 || $username_final == "") {
            echo "Username is too short (5 characters minimum)";
            failed_validation_2();
        } else {
            if ($password_final == "") {
                echo "Input a proper password";
                failed_validation_2();
            } else {
                if (!filter_var($email_final, FILTER_VALIDATE_EMAIL)) {
                    echo "Wrong email format.";
                    failed_validation_2();
                } else {
                    if (!in_array($reports_final, array('none', 'daily', 'weekly', 'monthly'))) {
                        echo "Invalid report type selection";
                        failed_validation_2();
                    } else {
                        //check if characters belong to API KEY by intersecting both arrays
                        $pheal2 = new Pheal($apikey_final, $vcode_final);
                        $chars_api = array();
                        $chars_name = array();
                        $empty = array();
                        $result2 = $pheal2->accountScope->APIKeyInfo();
                        foreach ($result2->key->characters as $character) {
                            array_push($chars_api, $character->characterID);
                            array_push($chars_name, $character->characterName);
                        }
                        if (array_intersect(array_diff($chars, $chars_api), $chars_api) != $empty) {
                            echo "Character does not belong to account";
                            failed_validation_2();
                        } else {
                            $cost = 10;
                            //Before creating the account, let's securely hash the password:
                            $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
                            // Prefix information about the hash so PHP knows how to verify it later.
                            // "$2a$" Means we're using the Blowfish algorithm. The following two digits are the cost parameter.
                            $salt = sprintf("\$2a\$%02d\$", $cost) . $salt;
                            // Hash the password with the salt
                            $password_final = crypt($password_final, $salt);
                            //Everything is validated, prepare SQL transaction
                            mysqli_query($con, "START TRANSACTION");
                            $query_insert_user = $con->prepare("INSERT INTO `trader`.`user` (" . "`iduser`, " . "`username`, " . "`registration_date`, " . "`password`, " . "`reports`, " . "`email`, `salt`, `login_count`) " . "VALUES (" . "NULL, " . "?, " . "?, " . "?, " . "?, " . "?, ?, ?);");
                            $zero = 0;
                            $query_insert_user->bind_param("ssssssi", $username_final, $datetime, $password_final, $reports_final, $email_final, $salt, $zero);
                            //ss stands for 2 strings
                            $query_insert_user->execute();
                            $last_id_user = mysqli_insert_id($con);
                            //Insert ignore because api key may already exist
                            $query_insert_apikey = mysqli_query($con, "insert ignore into `trader`.`api` (`apikey`, `vcode`) " . "VALUES " . "('{$apikey_final}', " . "'{$vcode_final}');") or die(mysqli_error($con));
                            //  print_r($chars);
                            $pheal3 = new Pheal($apikey_final, $vcode_final, "char");
                            foreach ($chars as $row) {
                                //echo $row;
                                $response_final = $pheal3->CharacterSheet(array("characterID" => $row));
                                $name_char = mysqli_real_escape_string($con, $response_final->name);
                                $checkExistingCharacter = mysqli_query($con, "SELECT name FROM v_user_characters WHERE character_eve_idcharacter IN" . "(" . implode(",", $chars) . ")") or die(mysqli_error($con));
                                if (mysqli_num_rows($checkExistingCharacter) > 0) {
                                    $duplicates = array();
                                    while ($existing_characters = mysqli_fetch_array($checkExistingCharacter)) {
                                        array_push($duplicates, $existing_characters['name']);
                                    }
                                    echo implode(" and ", $duplicates) . " already belong to another account.";
                                    echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
                                    return;
                                } else {
                                    $query_insert_character = mysqli_query($con, "replace INTO `trader`.`characters` " . "(`eve_idcharacter`, " . "`name`, " . "`balance`, " . "`api_apikey`," . "`networth`," . "`escrow`," . "`total_sell`," . "`broker_relations`," . "`accounting`) " . "VALUES " . "({$row}, " . "'{$name_char}', " . "'0', " . "'{$apikey_final}'," . "'0'," . "'0'," . "'0'," . "'0'," . "'0');") or die(mysqli_error($con));
                                }
                            }
                            //create aggregation between characters and account
                            foreach ($chars as $row2) {
                                $query_insert_aggr = mysqli_query($con, "INSERT INTO `trader`.`aggr` " . "(`idaggr`, " . "`user_iduser`, " . "`character_eve_idcharacter`) " . "VALUES " . "(NULL, " . "'{$last_id_user}', " . "'{$row2}');") or die(mysqli_error($con));
                            }
                            //check if everything is right before commit
                            if ($query_insert_user && $query_insert_apikey && $query_insert_character && $query_insert_aggr) {
                                mysqli_query($con, "COMMIT");
                                echo "Account created sucessfully" . "<br>" . "You may now login.";
                                echo "<br><br>";
                                $dt = new DateTime();
                                $tz = new DateTimeZone('Europe/Lisbon');
                                $dt->setTimezone($tz);
                                $datetime = $dt->format('Y-m-d H:i:s');
                                mysqli_query($con, "INSERT INTO `trader`.`log` (`idlog`, `user_iduser`, `type`, `datetime`) VALUES (NULL, '{$last_id_user}', 'register', '{$datetime}')") or die(mysqli_error($con));
                                redirect_login();
                            } else {
                                mysqli_query($con, "ROLLBACK");
                                echo "There was a problem creating your account. Try again.";
                                echo "<br>";
                                redirect_error();
                            }
                        }
                    }
                }
            }
        }
    } else {
        //first send validation
        if (!empty($_POST['Send'])) {
            $username = mysqli_real_escape_string($con, $_POST['username']);
            //password encryption
            $password1 = $_POST['password'];
            $password2 = $_POST['password2'];
            $cost = 10;
            // Create a random salt
            //$password1 = mysqli_real_escape_string($con,md5($_POST['password']));
            //$password2 = mysqli_real_escape_string($con,md5( $_POST['password2']));
            if ($password1 == $password2) {
                $pw_encr = $password1;
            }
            unset($_POST['password']);
            $apikey = mysqli_real_escape_string($con, $_POST['api']);
            $vcode = mysqli_real_escape_string($con, $_POST['vcode']);
            $reports = mysqli_real_escape_string($con, $_POST['reports']);
            $email = mysqli_real_escape_string($con, $_POST['email']);
            /*$pheal = new Pheal('4458709', 'vR9VUNKD3hSHD9KJRbTOUnPDiRC1Rb87ETUEbKsaxa4c9gXCtiNDNCPwKvdrt0tu');
              $result = $pheal->accountScope->APIKeyInfo();
                  foreach($result->key as $res) {echo $res->accessMask, $res->type;}
              */
            //Using CURL to fetch API Access Mask
            $curl_url = "https://api.eveonline.com/account/APIKeyInfo.xml.aspx?keyID=" . $apikey . "&vCode=" . $vcode;
            // create curl resource
            $ch = curl_init($curl_url);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            // $response contains the XML response string from the API call
            $response = curl_exec($ch);
            // If curl_exec() fails/throws an error, the function will return false
            if ($response === false) {
                // Could add some 404 headers here
                echo 'Curl error: ' . curl_error($ch);
            } else {
                $apiInfo = new SimpleXMLElement($response);
                try {
                    checkXML($apiInfo->result->key);
                    $accessMask = (int) $apiInfo->result->key->attributes()->accessMask;
                } catch (Exception $e) {
                    echo 'Error: ' . $e->getMessage();
                    echo "<meta http-equiv='refresh' content='3;URL=register.php'>";
                    return;
                }
            }
            // close curl resource to free up system resources
            curl_close($ch);
            //***********SERVER VALIDATION #1***************
            //check if email is already taken
            $check_email = mysqli_query($con, "SELECT email FROM user WHERE email = '{$email}'") or die(mysqli_error($con));
            if (mysqli_num_rows($check_email) != 0) {
                echo "Email is already taken";
                redirect_error();
            } else {
                //check if access mask is correct
                if ($accessMask != '82317323' && $accessMask != '1073741823') {
                    echo "Your access mask is " . $accessMask . " which has different permissions than requested. Please <a href = 'https://community.eveonline.com/support/api-key/CreatePredefined?accessMask=82317323' target='_blank'>create one here</a> with the correct permissions and <a href= 'register.php'>try again </a>.";
                } else {
                    //check if passwords match
                    if ($password1 != $password2) {
                        echo "Your passwords must match.";
                        redirect_error();
                    } else {
                        //check if username is already taken
                        $check_username = mysqli_query($con, "SELECT username FROM user WHERE username = '******'") or die(mysqli_error($con));
                        if (mysqli_num_rows($check_username) != 0) {
                            echo "Username is already taken";
                            redirect_error();
                        } else {
                            //check if API KEY is valid
                            echo "<b>Choose which characters to import:</b><br>";
                            //get character List from API KEY using Pheal
                            $pheal = new Pheal($apikey, $vcode);
                            $result = $pheal->accountScope->APIKeyInfo();
                            $count = 0;
                            echo "<table border ='1'>";
                            echo "<form action = {$_SERVER['PHP_SELF']} method = 'POST' >";
                            foreach ($result->key->characters as $character) {
                                $count = $count + 1;
                                echo "<tr><td>" . $character->characterName . "</td><td>" . "<img src='https://image.eveonline.com/Character/" . $character->characterID . "_64.jpg'" . "</td><td>" . "<input type = 'checkbox' name = 'char{$count}' value = '{$character->characterID}'>" . "</td></tr>";
                                //there is a KEY HEADER BEFORE THE CHARACTERS ROWSET
                            }
                            echo "</table><br>";
                            //rest of the parameters
                            echo "<input type ='hidden' name='username' value='{$username}'>";
                            echo "<input type ='hidden' name='password' value='{$pw_encr}'>";
                            echo "<input type ='hidden' name='api' value='{$apikey}'>";
                            echo "<input type ='hidden' name='vcode' value='{$vcode}'>";
                            echo "<input type ='hidden' name='reports' value='{$reports}'>";
                            echo "<input type ='hidden' name='email' value='{$email}'>";
                            echo "<input type ='Submit' name='Send_2' value ='Send' class='btn btn-lg btn-success btn-block'  />";
                            echo "</form>";
                        }
                    }
                }
            }
        } else {
            register_form();
        }
    }
}
Пример #5
0
function opendb_not_authorised_page($permission = NULL, $HTTP_VARS = NULL)
{
    global $PHP_SELF;
    if ($permission != NULL && is_permission_disabled_for_remember_me($permission)) {
        redirect_login($PHP_SELF, $HTTP_VARS, TRUE);
    } else {
        echo _theme_header(get_opendb_lang_var('not_authorized_to_page'));
        echo "<p class=\"error\">" . get_opendb_lang_var('not_authorized_to_page') . "</p>";
        echo _theme_footer();
    }
}
Пример #6
0
                $xajax->processRequest();
            }
            if ($HTTP_VARS['mode'] != 'job') {
                $menu_option_r = get_system_admin_tools_menu($ADMIN_TYPE);
                $title = $menu_option_r['link'] . " Admin Tool";
                _theme_header($title);
                // todo - this should really be in the <head>...</head> - does it matter?
                if ($xajax) {
                    $xajax->printJavascript();
                }
                echo "<h2>" . $title . "</h2>";
            }
            include_once "./admin/" . $ADMIN_TYPE . "/index.php";
            if ($HTTP_VARS['mode'] != 'job') {
                echo _theme_footer();
            }
        } else {
            //not an administrator or own user.
            opendb_not_authorised_page(PERM_ADMIN_TOOLS, $HTTP_VARS);
        }
    } else {
        //not a valid session.
        // invalid login, so login instead.
        redirect_login($PHP_SELF, $HTTP_VARS, 'admin');
    }
} else {
    //if(is_site_enabled())
    opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
Пример #7
0
 /**
  * Implements the start page feature for those using the S2Member plugin.
  *
  * @param string $redirect_to URL
  * @param array $login_info See wp_get_current_user()
  * @since 3.0
  */
 function redirect_s2member_login($redirect_to, $login_info)
 {
     // Check that we haven't been passed an error object
     if (is_wp_error($login_info) || empty($login_info['current_user'])) {
         return $redirect_to;
     }
     $new_redirect = redirect_login($redirect_to, array(), array());
     return apply_filters('dpw_redirect_s2member_login', $new_redirect, $redirect_to, $login_info);
 }