<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.submission.php'; require_once ROOT_DIR . '/class.settings.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/recaptchalib.php'; if (!SessionManager::i()->validateToken("LoginToken", "token")) { Logger::i()->writeLog("Token to login is missing", 'dev'); die(Submission::createResult("Please refresh the page and try again")); } if (isset($_POST['login'])) { $login = (array) json_decode(base64_decode($_POST['login'])); if ($field = Submission::checkFields(array("username", "password"), $login)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } if (Settings::i()->captcha_private) { if (!isset($login['captcha_response'])) { die(Submission::createResult("Please validate the captcha")); } $reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); } } $key = Crypto::GenerateKey($login['username']); $find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key)))); if ($find !== false) { if (!is_array($find)) {
die(Submission::createResult("Permission denied")); } if (isset($_POST['settings'])) { $settings = (array) json_decode(base64_decode($_POST['settings'])); if (isset($settings['paypal']) && count((array) $settings['paypal']) > 0) { if ($field = Submission::checkFields(array("username", "password", "signature"), (array) $settings['paypal'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else { if (isset($settings['btc']) && count((array) $settings['btc']) > 0) { if ($field = Submission::checkFields(array("api_key", "api_pin"), (array) $settings['btc'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else { if (isset($settings['cms_settings']) && count((array) $settings['cms_settings']) > 0) { if ($field = Submission::checkFields(array("title"), (array) $settings['cms_settings'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else { die(Submission::createResult("Invalid Settings")); } } } $settings = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $_POST['settings']))); $find = DbManager::i()->select("sf_settings", array("settings")); if ($find !== false && !is_array($find)) { //settings already exists $update = DbManager::i()->update("sf_settings", array("settings" => $settings)); if (!$update) { Logger::i()->writeLog("Could not update settings, error = " . DbManager::i()->error, 'dev'); die;
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/.."); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Admin is not logged in", 'access'); die(Submission::createResult("Admin is not logged in")); } if (!SessionManager::i()->validateToken("UpdateCustomersToken", "token")) { Logger::i()->writeLog("Token to update customer is missing", 'access'); die(Submission::createResult("Token mismatch")); } if ($field = Submission::checkFields(array("customerid", "action"), $_POST)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } function renewPassword($c) { $plain = Crypto::generateRandomPassword(15); $info = DbManager::i()->select("sf_members", array("key", "iv"), array("userid" => intval($c))); if ($info !== false && !is_array($info)) { $key = base64_decode(base64_decode($info->key)); $iv = base64_decode(base64_decode($info->iv)); $password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $plain))); if (DbManager::i()->update("sf_members", array("password" => $password), array("userid" => intval($c)))) { unset($password); unset($key); unset($iv); unset($info); Logger::i()->writeLog("Password renewed for UserID: {$c}, password = {$plain}");
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.settings.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; require_once ROOT_DIR . '/recaptchalib.php'; if (!SessionManager::i()->validateToken("RegisterToken", "token")) { Logger::i()->writeLog("Token to register is missing", 'dev'); echo Submission::createResult("Please refresh the page and try again"); die; } if (isset($_POST['registration'])) { $registration = (array) json_decode(base64_decode($_POST['registration'])); if ($field = Submission::checkFields(array("username", "email", "password", "repeat_password"), $registration)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } else { if (!Submission::checkEquality($registration['password'], $registration['repeat_password'])) { die(Submission::createResult("Passwords do not match")); } } if (!is_null(Settings::i()->captcha_private)) { if (!isset($registration['captcha_response'])) { die(Submission::createResult("Please validate the captcha")); } $reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); }
return $result; } if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Admin is not logged in", 'access'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("AddProductToken", "token")) { Logger::i()->writeLog("Token to add product is missing", 'access'); die(Submission::createResult("Please refresh the page and try again")); } if (isset($_POST['product'])) { $product = (array) json_decode(base64_decode($_POST['product'])); if ($field = Submission::checkFields(array("name", "price", "description", "available"), $product)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } else { if (!isset($_FILES) || ($field = Submission::checkFields(array("bigimage", "productfile"), $_FILES))) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } $imagePath = null; $bigImagePath = null; $productPath = null; if (($res = processImages("bigimage", $imagePath, $bigImagePath)) || is_null($imagePath) || is_null($bigImagePath)) { die(Submission::createResult("Failed to process image -> " . $res)); } if (($res = processFile("productfile", $productPath)) || is_null($productPath)) { die(Submission::createResult("Failed to process Product File -> " . $res)); } if (floatval($product['price']) == 0) { die(Submission::createResult("Price can not be 0")); }
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/.."); require_once ROOT_DIR . '/class.logger.php'; //requires class.dbmanager require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Admin not logged in", 'dev'); die(Submission::createResult("Admin is not logged in")); } if (!SessionManager::i()->validateToken("UpdateProductToken", "token")) { Logger::i()->writeLog("Token to update product is missing", 'dev'); die(Submission::createResult("Token mismatch")); } if ($field = Submission::checkFields("action", "product", $_POST)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } $product = (array) json_decode(base64_decode($_POST['product'])); switch ($_POST['action']) { case 'soldOut': if (!DbManager::i()->update("sf_products", array("soldOut" => intval($product['soldOut'])), array("productid" => intval($product['productid'])))) { Logger::i()->writeLog("Marking product as soldOut failed, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Failed to mark product as soldOut")); } break; case 'delete': if (!DbManager::i()->delete("sf_products", array("productid" => intval($product['productid'])))) { Logger::i()->writeLog("Deleting product failed, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Failed to delete product")); }