public function getPayments()
{
$payments = DbManager::i()->select("sf_purchases", array("token", "payerid", "type", "cart", "date", "amount", "pending"), array("userid" => intval($_SESSION['userid'])));
if ($payments !== false) {
$purchases = array();
$pending = array();
if (!is_array($payments)) {
$payments = array($payments);
}
foreach ($payments as $payment) {
$payment->type = base64_decode($payment->type);
$payment->payerid = base64_decode($payment->payerid);
$payment->cart = (array) json_decode(base64_decode(base64_decode($payment->cart)));
if ($payment->pending == 1) {
array_push($pending, $payment);
} else {
array_push($purchases, $payment);
}
}
$ret = json_encode(array("payments" => $purchases, "pending" => $pending));
unset($purchases);
unset($pending);
unset($payments);
return $ret;
}
Logger::i()->writeLog("Could not get payments, error = " . DbManager::i()->error, 'dev');
return null;
}
function deleteCustomer($c)
{
$delete = DbManager::i()->delete("sf_members", array("userid" => intval($c)));
if (!$delete) {
Logger::i()->writeLog("Deleting customer {$c} failed, error = " . DbManager::i()->error, 'dev');
return Submission::createResult("Could not delete customer");
}
return Submission::createResult("Customer deleted", true);
}
function checkoutWithBTC($total, $cart)
{
$response = null;
try {
$btc = new BTC();
$response = $btc->doPayment($total);
} catch (Exception $e) {
Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev');
die;
}
Logger::i()->writeLog("Start Bitcoin Checkout with address = " . $response['btcaddress']);
return $response;
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
$u = $registration['username'];
$iv = Crypto::GenerateIV();
$key = Crypto::GenerateKey($u);
$username = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $u)));
$find = DbManager::i()->select("sf_members", array("userid"), array("key" => base64_encode(base64_encode($key))));
if ($find && count($find) > 0) {
die(Submission::createResult("Username is already taken"));
}
$pw = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['password'])));
$email = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $registration['email'])));
$ip = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $_SERVER['REMOTE_ADDR'])));
$key = base64_encode(base64_encode($key));
$iv = base64_encode(base64_encode($iv));
$reg_date = date("Y-m-d");
$insert = DbManager::i()->insert("sf_members", array("username", "email", "password", "key", "iv", "register_date", "ip"), array($username, $email, $pw, $key, $iv, $reg_date, $ip));
if ($insert) {
Logger::i()->writeLog("Account created with username: {$u}");
die(Submission::createResult("Your account has been created successfully", true));
} else {
Logger::i()->writeLog("Could not register user, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not register account. Please try again later"));
}
} else {
die(Submission::createResult("Please fill in all information"));
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require_once ROOT_DIR . '/class.logger.php';
//requires class.dbmanager
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Admin is not logged in", 'dev');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("LoadLogsToken", "csrf", "GET")) {
Logger::i()->writeLog("Token to load logs is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
$all_logs = Logger::i()->getLogs();
$dev_logs = array();
$access_logs = array();
foreach ($all_logs as $log) {
if ($log->mode == "dev") {
array_push($dev_logs, $log);
} else {
if ($log->mode == "access") {
array_push($access_logs, $log);
}
}
}
echo json_encode(array("all_logs" => $all_logs, "dev_logs" => $dev_logs, "access_logs" => $access_logs));
}
echo Submission::createResult("Missing Shopping Cart");
} else {
if ($request_method == "POST") {
if (!SessionManager::i()->validateToken("CartToken", "token")) {
Logger::i()->writeLog("Token to set cart is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
if (isset($_POST['cart'])) {
$_SESSION['shopping-cart'] = $_POST['cart'];
if (SessionManager::i()->isLoggedIn()) {
$find = DbManager::i()->select("sf_carts", array("cart"), array("userid" => intval($_SESSION['userid'])));
if ($find !== false && !is_array($find)) {
//cart already exists for user
$update = DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => intval($_SESSION['userid'])));
if (!$update) {
Logger::i()->writeLog("Updating cart failed, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Failed to update cart"));
}
} else {
$insert = DbManager::i()->insert("sf_carts", array("cart", "userid"), array($_SESSION['shopping-cart'], intval($_SESSION['userid'])));
if ($insert) {
Logger::i()->writeLog("Inserting cart failed, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Failed to insert cart"));
}
}
unset($find);
}
}
}
}
require_once ROOT_DIR . '/class.dbmanager.php';
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Tried to access this script without permissions. Was that you?", 'access');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("GetCustomersToken", "token")) {
Logger::i()->writeLog("Token to access customers is missing", 'access');
die(Submission::createResult("Token mismatch"));
}
header("Content-Type: application/json; charset=UTF-8");
$customers = DbManager::i()->select("sf_members", array("userid", "username", "email", "register_date", "ip", "key", "iv"));
if ($customers !== false) {
$members = array();
if (!is_array($customers)) {
$customers = array($customers);
}
foreach ($customers as $customer) {
$key = base64_decode(base64_decode($customer->key));
$iv = base64_decode(base64_decode($customer->iv));
array_push($members, array("customerid" => $customer->userid, "name" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->username))), "email" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->email))), "date" => strtotime($customer->register_date) * 1000, "ip" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->ip)))));
}
echo json_encode(array("customers" => $members));
unset($members);
unset($customers);
} else {
Logger::i()->writeLog("Could not get customers, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not load customers"));
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
if (isset($_GET['token'])) {
Logger::i()->writeLog("Payment cancelled with token = " . $_GET['token'], 'payment');
} else {
Logger::i()->writeLog("Payment cancelled with no token", 'payment');
}
header("Location: index.php");
$payerid = base64_encode(DbManager::i()->escapeString($_GET['PayerID']));
$cart = DbManager::i()->escapeString($_SESSION['shopping-cart']);
$amount = floatval($response['PAYMENTINFO_0_AMT']);
DbManager::i()->insert("sf_purchases", array("token", "payerid", "type", "userid", "cart", "date", "ip", "amount", "pending"), array(base64_encode($response['PAYMENTINFO_0_TRANSACTIONID']), $payerid, base64_encode("PayPal"), $userid, $cart, time(), base64_encode($_SERVER['REMOTE_ADDR']), $amount, 0));
$_SESSION['shopping-cart'] = base64_encode("{}");
DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => $userid));
$find = DbManager::i()->select("sf_members", array("email", "key", "iv"), array("userid" => $_SESSION['userid']));
if ($find !== false && !is_array($find)) {
$recipient = Crypto::DecryptString(base64_decode(base64_decode($find->key)), base64_decode(base64_decode($find->iv)), base64_decode(base64_decode($find->email)));
$subject = Settings::i()->title . ' Payment received';
$message = generateMessage($first_name, (array) json_decode(base64_decode($cart)), $response['PAYMENTINFO_0_TRANSACTIONID']);
$header = 'From: shopfix@' . $_SERVER['SERVER_NAME'] . "\r\n" . 'Reply-To: shopfix@' . $_SERVER['SERVER_NAME'] . "\r\n" . 'X-Mailer: PHP/' . phpversion();
mail($recipient, $subject, $message, $header);
Logger::i()->writeLog("PayPal Transaction registered: " . $response['PAYMENTINFO_0_TRANSACTIONID']);
}
header("Location: index.php");
die;
} else {
header("Location: index.php");
}
} else {
header("Location: index.php");
die;
}
} else {
Logger::i()->writeLog("Could not do express checkout, error = " . $paypal->error, 'dev');
}
} else {
header("Location: index.php");
die;
}
if ($field = Submission::checkFields(array("title"), (array) $settings['cms_settings'])) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
} else {
die(Submission::createResult("Invalid Settings"));
}
}
}
$settings = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $_POST['settings'])));
$find = DbManager::i()->select("sf_settings", array("settings"));
if ($find !== false && !is_array($find)) {
//settings already exists
$update = DbManager::i()->update("sf_settings", array("settings" => $settings));
if (!$update) {
Logger::i()->writeLog("Could not update settings, error = " . DbManager::i()->error, 'dev');
die;
}
} else {
$insert = DbManager::i()->insert("sf_settings", array("settings"), array($settings));
if (!$insert) {
Logger::i()->writeLog("Could not insert settings, error = " . DbManager::i()->error, 'dev');
die;
}
}
Logger::i()->writeLog("Settings updated");
unset($find);
unset($settings);
die(Submission::createResult("Settings updated successfully", true));
}
}
}
if (!SessionManager::i()->validateToken("LoginToken", "token")) {
Logger::i()->writeLog("Token to login is invalid", 'access');
die(Submission::createResult("Please refresh the page and try again"));
}
if (isset($_POST['login'])) {
$login = (array) json_decode(base64_decode($_POST['login']));
if ($field = Submission::checkFields(array("username", "password", "answer"), $login)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
if (Settings::i()->captcha_private) {
if (!isset($login['captcha_response'])) {
die(Submission::createResult("Please validate the captcha"));
}
$reCaptcha = new ReCaptcha(Settings::i()->captcha_private);
$resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']);
if (!$resp->success) {
die(Submission::createResult("Please validate the Captcha"));
}
}
if ($login['username'] == ADMIN_USER && $login['password'] == ADMIN_PW && $login['answer'] == ADMIN_ANSWER) {
$_SESSION['admin_login'] = 1;
$_SESSION['admin_answer'] = ADMIN_ANSWER;
Logger::i()->writeLog("Login successful");
die(Submission::createResult("Admin Login successful", true));
} else {
Logger::i()->writeLog("Username: "******" or Password: "******" are invalid");
die(Submission::createResult("Username or Password are incorrect"));
}
} else {
die(Submission::createResult("Please fill in all information"));
}
foreach ($payment->cart as $key => $value) {
if ($key == $_GET['productid']) {
$has_purchased = true;
break;
}
}
if ($has_purchased) {
//purchased
$find = DbManager::i()->select("sf_products", array("file"), array("productid" => intval($_GET['productid'])));
if ($find !== false && !is_array($find)) {
$file_path = $_SERVER['DOCUMENT_ROOT'] . $find->file;
if (file_exists($file_path)) {
header("Content-type: application/force-download");
header("Content-Disposition: attachment; filename=\"" . str_replace(" ", "_", basename($file_path)) . "\"");
echo file_get_contents($file_path);
Logger::i()->writeLog("User " . $_SESSION['userid'] . " downloaded " . basename($file_path));
} else {
Logger::i()->writeLog("Failed to download file " . basename($file_path) . " - it does not exist", 'dev');
header("Location: index.php");
}
}
} else {
Logger::i()->writeLog("User " . $_SESSION['userid'] . " has not purchased the product he/she is trying to download");
header("Location: index.php");
die;
}
} else {
Logger::i()->writeLog("Could not get purchase for transaction_id = " . $_GET['transaction_id'] . ", error = " . DbManager::i()->error, 'dev');
header("Location: index.php");
die;
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require ROOT_DIR . '/class.logger.php';
require ROOT_DIR . '/class.sessionmanager.php';
if (isset($_GET['csrf'])) {
$_GET['csrf'] = str_replace(" ", "+", $_GET["csrf"]);
}
if (SessionManager::i()->isAdminLoggedIn() && (!isset($_GET["csrf"]) || !isset($_SESSION['LogoutToken']))) {
header("Location: admincp.php");
Logger::i()->writeLog("Tried to logout but failed. Either not logged in or tokens are missing", 'dev');
} else {
if (SessionManager::i()->validateToken("LogoutToken", "csrf", "GET")) {
Logger::i()->writeLog("Tried to logout but failed. GET Token = " . $_GET['csrf'] . ", Session Token = " . $_SESSION['LogoutToken'], 'dev');
SessionManager::i()->destroySession(true, "index.php");
} else {
header("Location: admincp.php");
}
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.logger.php';
if (!SessionManager::i()->validateToken("LogoutToken", "token")) {
Logger::i()->writeLog("Logout failed for UserID = " . $_SESSION['userid']);
header("Location: index.php");
die;
}
SessionManager::i()->destroySession();
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.submission.php';
if (!SessionManager::i()->validateToken("LoadProductsToken", "token")) {
Logger::i()->writeLog("Token to load products is missing", 'dev');
die(Submission::createResult("Permission denied"));
}
header("Content-Type: application/json; charset=UTF-8");
$products = DbManager::i()->select("sf_products", array("productid", "name", "price", "description", "available", "image", "bigimage", "soldOut"));
if ($products !== false) {
$prods = array();
if (!is_array($products)) {
$products = array($products);
}
foreach ($products as $product) {
array_push($prods, array("productid" => $product->productid, "name" => $product->name, "price" => $product->price, "description" => $product->description, "available" => intval($product->available), "image" => $product->image, "bigimage" => $product->bigimage, "soldOut" => intval($product->soldOut)));
}
echo json_encode(array("products" => $prods));
unset($prods);
unset($products);
} else {
Logger::i()->writeLog("Could not get products, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Could not get products"));
}
echo Submission::createResult("Password updated successfully", true);
} else {
Logger::i()->writeLog("User password could not be updated, error = " . DbManager::i()->error);
echo Submission::createResult("Could not update password. Please try again later.");
}
unset($pw);
} else {
if (isset($_POST['email'])) {
$email = base64_decode($_POST['email']);
$email = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $email)));
$update = DbManager::i()->update("sf_members", array("email" => $email), array("userid" => $userid));
if ($update) {
Logger::i()->writeLog("User Email updated, UserID = {$userid}");
echo Submission::createResult("Email updated successfully", true);
} else {
Logger::i()->writeLog("User Email could not be updated, reason = " . DbManager::i()->error);
echo Submission::createResult("Could not update email. Please try again later.");
}
unset($email);
} else {
echo Submission::createResult("Invalid POST Parameter");
}
}
unset($userinfo);
} else {
die(Submission::createResult("Could not find user"));
}
} else {
die(Submission::createResult("Invalid request method"));
}
}
}
if (!SessionManager::i()->validateToken("UpdateProductToken", "token")) {
Logger::i()->writeLog("Token to update product is missing", 'dev');
die(Submission::createResult("Token mismatch"));
}
if ($field = Submission::checkFields("action", "product", $_POST)) {
die(Submission::createResult(ucfirst($field) . " is missing or invalid"));
}
$product = (array) json_decode(base64_decode($_POST['product']));
switch ($_POST['action']) {
case 'soldOut':
if (!DbManager::i()->update("sf_products", array("soldOut" => intval($product['soldOut'])), array("productid" => intval($product['productid'])))) {
Logger::i()->writeLog("Marking product as soldOut failed, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Failed to mark product as soldOut"));
}
break;
case 'delete':
if (!DbManager::i()->delete("sf_products", array("productid" => intval($product['productid'])))) {
Logger::i()->writeLog("Deleting product failed, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Failed to delete product"));
}
break;
case 'product':
if (!DbManager::i()->update("sf_products", $product, array("productid" => intval($product['productid'])))) {
Logger::i()->writeLog("Update Product failed, error = " . DbManager::i()->error, 'dev');
die(Submission::createResult("Failed to update product"));
}
break;
default:
break;
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__));
require_once ROOT_DIR . '/class.btc.php';
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.submission.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
if (!SessionManager::i()->isLoggedIn()) {
Logger::i()->writeLog("User not logged in", 'access');
die(Submission::createResult("Permission denied"));
}
if (!SessionManager::i()->validateToken("PaymentStatusToken", "token")) {
Logger::i()->writeLog("Token to get payment status is missing", 'access');
die(Submission::createResult("Permission denied"));
}
try {
$btc = new BTC();
$info = (array) $btc->checkPaymentStatus();
if ($info['result'] == "success") {
die(Submission::createResult($info['resultMessage'], true));
}
} catch (Exception $e) {
Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev');
}
}
}
$imagePath = null;
$bigImagePath = null;
$productPath = null;
if (($res = processImages("bigimage", $imagePath, $bigImagePath)) || is_null($imagePath) || is_null($bigImagePath)) {
die(Submission::createResult("Failed to process image -> " . $res));
}
if (($res = processFile("productfile", $productPath)) || is_null($productPath)) {
die(Submission::createResult("Failed to process Product File -> " . $res));
}
if (floatval($product['price']) == 0) {
die(Submission::createResult("Price can not be 0"));
}
$soldOut = intval($product['available']) == 0 ? 1 : 0;
$insert = DbManager::i()->insert("sf_products", array("name", "price", "description", "available", "image", "bigimage", "file", "soldOut"), array($product['name'], floatval($product['price']), $product['description'], intval($product['available']), $imagePath, $bigImagePath, $productPath, $soldOut));
if ($insert) {
Logger::i()->writeLog("Added Product successfully");
echo Submission::createResult("Product added successfully", true);
} else {
Logger::i()->writeLog("Could not add product. error = " . DbManager::i()->error, 'dev');
echo Submission::createResult("Could not add product");
}
unset($product);
unset($imagePath);
unset($bigImagePath);
unset($productPath);
} else {
Logger::i()->writeLog("Tried to access script without post parameters", 'dev');
echo Submission::createResult("Bad request");
}
if ($find !== false && !is_array($find)) {
//cart already exists for user
if ($find->cart != "e30=" && strlen($find->cart) != 4) {
//not empty cart - overwrite with saved one from DB
$_SESSION['shopping-cart'] = $find->cart;
} else {
//empty cart, use session cart
if (isset($_SESSION['shopping-cart'])) {
DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => intval($_SESSION['userid'])));
}
}
} else {
if (isset($_SESSION['shopping-cart'])) {
DbManager::i()->insert("sf_carts", array("cart", "userid"), array($_SESSION['shopping-cart'], intval($_SESSION['userid'])));
}
}
} else {
Logger::i()->writeLog("Login is incorrect (" . $login['username'] . ":" . $login['password'] . ")");
echo Submission::createResult("Username or Password are incorrect");
}
} else {
Logger::i()->writeLog("User does not exist: " . $login['username']);
echo Submission::createResult("No user found with this username");
}
} else {
Logger::i()->writeLog("Could not get check for login, error = " . DbManager::i()->error, 'dev');
echo Submission::createResult("Username or Password are incorrect");
}
} else {
echo Submission::createResult("Please fill in all information");
}
<?php
defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/..");
require_once ROOT_DIR . '/class.logger.php';
require_once ROOT_DIR . '/class.sessionmanager.php';
require_once ROOT_DIR . '/class.settings.php';
require_once ROOT_DIR . '/admin/admin_config.php';
if (!SessionManager::i()->isAdminLoggedIn()) {
Logger::i()->writeLog("Tried to access this script without permissions. Was that you?", 'access');
SessionManager::i()->destroySession(true, "index.php");
die;
}
$_SESSION["LogoutToken"] = SessionManager::GenerateToken();
$_SESSION["GetCustomersToken"] = SessionManager::GenerateToken();
$_SESSION["UpdateCustomersToken"] = SessionManager::GenerateToken();
$_SESSION["AddProductToken"] = SessionManager::GenerateToken();
$_SESSION["UpdateProductToken"] = SessionManager::GenerateToken();
$_SESSION["LoadProductsToken"] = SessionManager::GenerateToken();
$_SESSION["SettingsToken"] = SessionManager::GenerateToken();
$_SESSION['LoadLogsToken'] = SessionManager::GenerateToken();
?>
<!DOCTYPE html>
<html ng-app="AdminApp">
<head>
<title><?php
echo htmlentities(ADMIN_USER) . " - AdminCP";
?>
</title>
<!-- Meta information -->