/** * @test */ public function whenTokenIsExpired() { require realpath(__DIR__ . '/../../../') . '/etc/app.php'; $db = $this->createMockDb(); $user = array_merge($this->createFixtureUser(), array('token_timestamp' => time() - TOKEN_VALID_TIME - 1)); $db->expects(any())->method('findUserByToken')->will(returnValue($user)); $checker = $this->createTokenChecker($db); $request = $this->createValidRequest(); $this->assertErrorResponse(403, 'Token expired', $checker($request, $app)); }
function randomBenefit($return = false) { global $benefits; $temp = array(); foreach ($benefits as $key => $ben) { for ($i = 0; $i < count($ben); $i++) { $temp[] = $key; } } $arr = random($temp, true); $val = ($arr == 'random' ? null : $arr) . "[br]" . random($benefits[$arr], true); return returnValue($return, $val); }
//change last name //import general functions require "functions.php"; //check input variables exist if (isEmpty(@$_POST['newLastName'])) { throw new GeneralException('Please enter your last name.', 00); } //read variables from POST to get the new last name $newLastName = $_POST['newLastName']; //conection to the database $connectedDB = connectToDB(); //get data from the user logged in session_start(); $id = $_SESSION['id']; session_write_close(); //get data to update last name $sql = "UPDATE users SET last_name='" . $newLastName . "' WHERE id=" . $id; $userResource = pg_query($connectedDB, $sql); //if the query no was succeful return an exception if (!$userResource) { throw new GeneralException('General Error.', 02); } else { // update the last name variable in current session session_start(); $_SESSION['last_name'] = $newLastName; session_write_close(); returnValue("ok."); } ?>
if (isEmpty(@$_POST['fileName'])) { die("missing data."); } //read variables from register user form $name = $_POST['fileName']; //open the file $myfile = fopen("../fileUploads/" . $name, "r") or die("Unable to open file!"); //declare array $data = array(); $data["name"] = array(); $data["count"] = array(); //initialize array counter $counter = 0; //fill the array with the information on the file while (!feof($myfile)) { $line = fgets($myfile); if ($line === null) { break; } $pieces = explode(" ", $line); $data["name"][$counter] = $pieces[0]; $data["count"][$counter] = $pieces[2] * 1; $counter++; } fclose($myfile); //delete any empty spaces in the array name and count $data["name"] = array_filter($data["name"]); $data["count"] = array_filter($data["count"]); //return to client the data returnValue($data);
//query the db $sql = "SELECT email, id, first_name, last_name FROM users WHERE email = '" . strtolower($email) . "'"; $userResource = pg_query($connectedDB, $sql); $userResultData = pg_fetch_row($userResource); //check if the email provided exist in db if ($userResultData == NULL) { throw new GeneralException('We cannot find that email. Have you registered?.', 02); } else { $email = $userResultData[0]; // get the email //compiling full users name $name = $userResultData[2] . " " . $userResultData[3]; $name = ucwords($name); //generating a random hashed number for the new password $generated_password = substr(md5(rand(999, 999999)), 0, 8); //encrypt new password to update in the database $password = md5($generated_password); //create and excecute sql to change old password to new password $sql = "UPDATE users SET password='******' WHERE email = '" . strtolower($email) . "'"; $newuserResource = pg_query($connectedDB, $sql); //send email to user with new password to login $subject = "Your password recovery"; $msg = "Hello " . $name . ",\n\n"; $msg = $msg . "Your new password is: " . $generated_password . "\n\n"; $msg = $msg . " -GenomePro Team"; //send and email to the user with new password to log in, needs to be changed when upload //to the server email($email, $name, $subject, $msg); //return sent to the client returnValue("Sent."); }
$userResource = pg_query($connectedDB, $sql); $userResultData = pg_fetch_row($userResource); //if the user exist throw an exception if ($userResultData != NULL) { throw new GeneralException('A user with that email already exist.', 02); } //compare passwords to know they match $passwordComparison = strcmp($pass, $confpass); if ($passwordComparison !== 0) { throw new GeneralException('Password and Password Confirmation do not match.', 01); } //create new user inactive $sql = "INSERT INTO users (user_type, first_name, last_name, email, password, verified, ver_code) VALUES ('Regular User','" . $name . "','" . $lname . "','" . $email . "','" . $pass . "',0,'" . $ver_code . "')"; $newuserResource = pg_query($connectedDB, $sql); //if the query no was succeful return an exception if (!$newuserResource) { throw new GeneralException('General Error.', 02); } //send email to user for him to know that needs to activate its account $fullName = $name . ' ' . $lname; $fullName = ucwords($fullName); $subject = "New Account Creation"; $msg = "Hello " . $fullName . ",\n\n"; $msg = $msg . "FIU genome pro has created an account for you. Click on the following link to activate the account:\n\n"; $msg = $msg . "http://genomepro.cis.fiu.edu/CORE/activate.php?use=" . $ver_code . "\n\n"; $msg = $msg . " -GenomePro Team"; //send email to the user with php mailer, needs to be changed when upload to server email($email, $fullName, $subject, $msg); //return added to the client returnValue("Added.");
//get logged user id, email, and name from session session_start(); $id = $_SESSION['id']; $email = $_SESSION['email']; $fName = $_SESSION['first_name']; $lName = $_SESSION['last_name']; session_write_close(); //insert entry of file one in docs table and save into $idOne the id of the first entry $sql = "INSERT INTO docs (user_id, doc_name, date, time_stamp) VALUES ('" . $id . "','" . $file_an["name"] . "','" . date("Y/m/d") . "','now()') RETURNING id"; $resultID = pg_query($connectedDB, $sql); $row = pg_fetch_row($resultID); $idOne = $row['0']; //insert entry of file two and save into $idTwo the id of the second entry $sql = "INSERT INTO docs (user_id, doc_name, date, time_stamp) VALUES ('" . $id . "','" . $file_result . ".results.txt','" . date("Y/m/d") . "','now()') RETURNING id"; $resultID = pg_query($connectedDB, $sql); $row = pg_fetch_row($resultID); $idResult = $row['0']; //insert entry of file two and save into $idTwo the id of the second entry $sql = "INSERT INTO data_type (user_id, an_uploaded_id, an_result_id, date, time_stamp) VALUES ('" . $id . "','" . $idOne . "','" . $idResult . "','" . date("Y/m/d") . "','now()')"; $resultID = pg_query($connectedDB, $sql); //save in filesystem if (!move_uploaded_file($file_an['tmp_name'], "../fileUploads/" . $idOne)) { throw new GeneralException('File to be analyzed was not uploaded correctly.', 01); } //excecuting php in different proccess or thread $call = $phpComp . ' ../CProgram/analyzeCProgram.php ' . $idOne . ' ' . $idResult . ' ' . $id . ' ' . $email . ' ' . $fName . ' ' . $lName . ' ' . $file_an["name"] . ' ' . $file_result . '.results.txt &'; shell_exec($call); returnValue("ok." . $call); ?>
function uploadTransactionFile() { $return = returnValue(); //$filename = basename($_FILES["file"]["name"]); $filename = "batchfile"; $target_dir = "../app/"; $target_file = $target_dir . $filename; //Reject files that are not txt if ($_FILES["file"]["type"] != "text/plain") { $return->value = false; $return->msg = "Invalid file type"; return $return; } if (!move_uploaded_file($_FILES["file"]["tmp_name"], $target_file)) { $return->value = false; $return->msg = "Upload failed"; return $return; } //Reject files that are not text/plain $type = mime_content_type($target_file); if ($type != "text/plain") { $return->value = false; $return->msg = "Invalid file type"; unlink($target_file); return $return; } $return->value = $filename; $return->msg = "Upload successful"; return $return; }
function createTans($id) { $return = returnValue(); // get user's account number $accountId = getAccountByUserId($id)->ID; // generate 100 tans for ($i = 0; $i < 100; $i++) { $tanUnique = false; while (!$tanUnique) { $tan = generateTan(); // check if tan is unique if (checkTanUniqueness($tan)) { // save tan if it is unique if (insertTan($tan, $accountId)) { $tanUnique = true; } else { $return->value = false; $return->msg = "Error inserting tans to DB"; return $return; } } } } // send email to user with tans if (!sendTanEmail($id, $accountId)) { $return->value = false; $return->msg = "Error sending tan email"; return $return; } $return->value = true; $return->msg = "Tan creation process successful"; return $return; }
//if email does not exist if ($userResultData == NULL) { throw new GeneralException('Email or password incorrect.', 02); // email is not in the system } elseif ($userResultData[6] != 1) { throw new GeneralException('Please go to your email and verify your account.', 03); // email is not in the system } else { //comparing password $passwordComparison = strcmp($pass, $userResultData[0]); if ($passwordComparison !== 0) { throw new GeneralException('Email or password incorrect.', 04); } else { // email and password verified //updating time logged in session_start(); $_SESSION['time_logged_in'] = time(); $_SESSION['first_name'] = $userResultData[2]; $_SESSION['last_name'] = $userResultData[3]; $_SESSION['email'] = $userResultData[1]; $_SESSION['id'] = $userResultData[5]; session_write_close(); if ($userResultData[4] == 'Admin') { //if user is admin returnValue("admin.php"); } else { //if user is regular user returnValue("account.php"); } } }
if (isEmpty(@$_POST['id'])) { die("missing data."); } //read variables from register user form $id = $_POST['id']; //get SESION INFO and check that user exists session_start(); $userData = $_SESSION; session_write_close(); if (is_null($userData)) { header('Location: http://genomepro.cis.fiu.edu/index.php'); exit; } $sql = "SELECT user_type FROM users WHERE id = " . $userData['id'] * 1; $userResource = pg_query($connectedDB, $sql); $userResultData = pg_fetch_row($userResource); //if the user exist throw an exception if ($userResultData == NULL) { throw new GeneralException('An error ocurred please log off and log back in.', 02); } //if user is not admin log off if ($userResultData[0] != 'Admin') { header('Location: http://genomepro.cis.fiu.edu/index.php'); exit; } $sql = "DELETE FROM users WHERE id=" . $id; //query to database $newuserResource = pg_query($connectedDB, $sql); //return added to the client returnValue("The user has been deleted.");
<?php //import general functions require "functions.php"; //checking if user is logged in session_start(); $userData = $_SESSION; session_write_close(); if (is_null($userData)) { header('Location: http://genomepro.cis.fiu.edu/index.php'); exit; } //return sent to client returnValue($userData);
//... remove some data unset($arrayResult["arrives"][$key]["isHead"]); unset($arrayResult["arrives"][$key]["destination"]); unset($arrayResult["arrives"][$key]["stopId"]); unset($arrayResult["arrives"][$key]["longitude"]); unset($arrayResult["arrives"][$key]["latitude"]); unset($arrayResult["arrives"][$key]["busPositionType"]); unset($arrayResult["arrives"][$key]["busDistance"]); //... and update the waiting time $busArrivesIn = $arrival["busTimeLeft"]; if ($busArrivesIn >= $tmin && $busArrivesIn <= $tmax && $busArrivesIn < $currentWait) { $currentWait = $busArrivesIn; } } else { //Remove unwanted bus lines unset($arrayResult["arrives"][$key]); } } //Add the waiting time value and convert back to JSON $arrayResult["wait"] = returnValue($currentWait); print json_encode($arrayResult); exit; //Scale the waiting time for arduino (0..255 and 999999) function returnValue($value) { global $tmin, $tmax, $NOBUS, $maxVoltage; if ($value == $NOBUS) { return $NOBUS; } return floor($maxVoltage * ($value - $tmin) / ($tmax - $tmin)); }
<?php //contact us in home page //import general functions require "functions.php"; //check input variables exist if (isEmpty(@$_POST['name'])) { throw new GeneralException('Please enter your name.', 010); } else { if (isEmpty(@$_POST['from'])) { throw new GeneralException('Please enter your email.', 011); } else { if (isEmpty(@$_POST['subject'])) { throw new GeneralException('Please enter a subject.', 012); } else { if (isEmpty(@$_POST['msg'])) { throw new GeneralException('Please enter a message.', 013); } } } } //read variables from register user form $name = $_POST['name']; $email = $_POST['from']; $subject = $_POST['subject']; $msg = $_POST['msg']; //send an email to the admin from the user, when upload to server needs to be changed emailAdmin($email, $name, $subject, $msg); //return sent to client returnValue("sent.");
<?php // to display the history of find differences //import general functions require "functions.php"; //conection to the database $connectedDB = connectToDB(); //getting user logged in data session_start(); $userData = $_SESSION; session_write_close(); //check input variables exist if (isEmpty(@$userData['id'])) { die("missing data."); } //read variables from login user form $id = $userData['id']; //get data to populate history table $sql = "\n\tSELECT doc_uploadedone.doc_name AS file1,\n\t doc_uploadedone.id AS file1id,\n\t doc_uploadedtwo.doc_name AS file2,\n\t doc_uploadedtwo.id AS file2id,\n\t doc_uploadedthree.doc_name AS file3,\n\t doc_uploadedthree.id AS file3id,\n find_differences.processed\n FROM find_differences,\n\t docs doc_uploadedone,\n\t docs doc_uploadedtwo,\n docs doc_uploadedthree\n\t WHERE find_differences.user_id = " . $id . " AND doc_uploadedone.id = find_differences.uploaded_id1 AND doc_uploadedtwo.id = find_differences.uploaded_id2 AND doc_uploadedthree.id = find_differences.result_id;"; //perform query and get results $userResource = pg_query($connectedDB, $sql); $userResultData = pg_fetch_all($userResource); if ($userResultData == NULL) { throw new GeneralException('No Files has been found.', 02); } else { returnValue($userResultData); }
function emailWithAttachments($email, $name, $subject, $msg, $result_file, $file_name) { $from = "*****@*****.**"; // sender email $senderName = $name; // sender name $to = $email; // destination $sub = $subject; // subject $message = $msg; // message $attach = $result_file; // using gmail accounts for testing, we can change it once is on the server $m = new PHPMailer(); // new php mailer object $m->isSMTP(); // telling phpmailer we want to use the smpt option $m->SMTPAuth = true; // testing properties, for debuging $m->Host = 'smtp.gmail.com'; // the smtp for gmail $m->Username = '******'; // email for the gmail host $m->Password = '******'; // password $m->SMTPSecure = 'ssl'; // secure type $m->Port = 465; // port used $m->From = $from; // email sending from $m->FromName = "Genome Pro Team"; // sender name $m->addReplyTo($from, 'Reply address'); // method to reply to the sender $m->addAddress($to, $senderName); // send this to destination (admin) $m->addAttachment($attach, $file_name); $m->Subject = $sub; // email subject $m->Body = $message; // message of the email if ($m->send()) { returnValue("sent."); } }
<?php //logout //import general functions require "functions.php"; session_start(); session_unset(); // freeing all variables session_destroy(); // destroying the session and redirecting the user to the main page returnValue("OK.");