function checkoutWithPaypal($total, $cart) { try { $paypal = new PayPal(true); } catch (Exception $e) { Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev'); die; } $params = array('RETURNURL' => createURLForScript("process.php"), 'CANCELURL' => createURLForScript("cancel.php"), 'PAYMENTREQUEST_0_AMT' => floatval(number_format(floatval($total), 2)), 'PAYMENTREQUEST_0_CURRENCYCODE' => 'EUR'); $params['SOLUTIONTYPE'] = "Sole"; $params['LANDINGPAGE'] = "Billing"; $k = 0; foreach ($cart as $key => $value) { $info = (array) $value; $params['L_PAYMENTREQUEST_0_NAME' . $k] = $info["name"]; $params['L_PAYMENTREQUEST_0_DESCR' . $k] = $info["description"]; $params['L_PAYMENTREQUEST_0_AMT' . $k] = floatval(number_format(floatval($info['price']), 2)); $params['L_PAYMENTREQUEST_0_QTY' . $k] = intval($info['quantity']); $k++; } $response = $paypal->doRequest("SetExpressCheckout", $params); if ($response) { Logger::i()->writeLog("Starting PayPal checkout"); return $paypal->generateURL($response['TOKEN']); } else { Logger::i()->writeLog("Could not get token, error = " . $paypal->error, 'dev'); die(Submission::createResult("Can not checkout at the moment. Please try again later.")); } }
function deleteCustomer($c) { $delete = DbManager::i()->delete("sf_members", array("userid" => intval($c))); if (!$delete) { Logger::i()->writeLog("Deleting customer {$c} failed, error = " . DbManager::i()->error, 'dev'); return Submission::createResult("Could not delete customer"); } return Submission::createResult("Customer deleted", true); }
if ($find !== false && !is_array($find)) { //cart already exists for user if ($find->cart != "e30=" && strlen($find->cart) != 4) { //not empty cart - overwrite with saved one from DB $_SESSION['shopping-cart'] = $find->cart; } else { //empty cart, use session cart if (isset($_SESSION['shopping-cart'])) { DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => intval($_SESSION['userid']))); } } } else { if (isset($_SESSION['shopping-cart'])) { DbManager::i()->insert("sf_carts", array("cart", "userid"), array($_SESSION['shopping-cart'], intval($_SESSION['userid']))); } } } else { Logger::i()->writeLog("Login is incorrect (" . $login['username'] . ":" . $login['password'] . ")"); echo Submission::createResult("Username or Password are incorrect"); } } else { Logger::i()->writeLog("User does not exist: " . $login['username']); echo Submission::createResult("No user found with this username"); } } else { Logger::i()->writeLog("Could not get check for login, error = " . DbManager::i()->error, 'dev'); echo Submission::createResult("Username or Password are incorrect"); } } else { echo Submission::createResult("Please fill in all information"); }
if ($field = Submission::checkFields(array("title"), (array) $settings['cms_settings'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else { die(Submission::createResult("Invalid Settings")); } } } $settings = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), $_POST['settings']))); $find = DbManager::i()->select("sf_settings", array("settings")); if ($find !== false && !is_array($find)) { //settings already exists $update = DbManager::i()->update("sf_settings", array("settings" => $settings)); if (!$update) { Logger::i()->writeLog("Could not update settings, error = " . DbManager::i()->error, 'dev'); die; } } else { $insert = DbManager::i()->insert("sf_settings", array("settings"), array($settings)); if (!$insert) { Logger::i()->writeLog("Could not insert settings, error = " . DbManager::i()->error, 'dev'); die; } } Logger::i()->writeLog("Settings updated"); unset($find); unset($settings); die(Submission::createResult("Settings updated successfully", true)); } } }
echo Submission::createResult("Could not update password. Please try again later."); } unset($pw); } else { if (isset($_POST['email'])) { $email = base64_decode($_POST['email']); $email = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $email))); $update = DbManager::i()->update("sf_members", array("email" => $email), array("userid" => $userid)); if ($update) { Logger::i()->writeLog("User Email updated, UserID = {$userid}"); echo Submission::createResult("Email updated successfully", true); } else { Logger::i()->writeLog("User Email could not be updated, reason = " . DbManager::i()->error); echo Submission::createResult("Could not update email. Please try again later."); } unset($email); } else { echo Submission::createResult("Invalid POST Parameter"); } } unset($userinfo); } else { die(Submission::createResult("Could not find user")); } } else { die(Submission::createResult("Invalid request method")); } } } else { die(Submission::createResult("User is not logged in")); }
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/.."); require_once ROOT_DIR . '/class.logger.php'; //requires class.dbmanager require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Admin is not logged in", 'dev'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("LoadLogsToken", "csrf", "GET")) { Logger::i()->writeLog("Token to load logs is missing", 'dev'); die(Submission::createResult("Permission denied")); } $all_logs = Logger::i()->getLogs(); $dev_logs = array(); $access_logs = array(); foreach ($all_logs as $log) { if ($log->mode == "dev") { array_push($dev_logs, $log); } else { if ($log->mode == "access") { array_push($access_logs, $log); } } } echo json_encode(array("all_logs" => $all_logs, "dev_logs" => $dev_logs, "access_logs" => $access_logs));
} echo Submission::createResult("Missing Shopping Cart"); } else { if ($request_method == "POST") { if (!SessionManager::i()->validateToken("CartToken", "token")) { Logger::i()->writeLog("Token to set cart is missing", 'dev'); die(Submission::createResult("Permission denied")); } if (isset($_POST['cart'])) { $_SESSION['shopping-cart'] = $_POST['cart']; if (SessionManager::i()->isLoggedIn()) { $find = DbManager::i()->select("sf_carts", array("cart"), array("userid" => intval($_SESSION['userid']))); if ($find !== false && !is_array($find)) { //cart already exists for user $update = DbManager::i()->update("sf_carts", array("cart" => $_SESSION['shopping-cart']), array("userid" => intval($_SESSION['userid']))); if (!$update) { Logger::i()->writeLog("Updating cart failed, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Failed to update cart")); } } else { $insert = DbManager::i()->insert("sf_carts", array("cart", "userid"), array($_SESSION['shopping-cart'], intval($_SESSION['userid']))); if ($insert) { Logger::i()->writeLog("Inserting cart failed, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Failed to insert cart")); } } unset($find); } } } }
require_once ROOT_DIR . '/class.dbmanager.php'; require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Tried to access this script without permissions. Was that you?", 'access'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("GetCustomersToken", "token")) { Logger::i()->writeLog("Token to access customers is missing", 'access'); die(Submission::createResult("Token mismatch")); } header("Content-Type: application/json; charset=UTF-8"); $customers = DbManager::i()->select("sf_members", array("userid", "username", "email", "register_date", "ip", "key", "iv")); if ($customers !== false) { $members = array(); if (!is_array($customers)) { $customers = array($customers); } foreach ($customers as $customer) { $key = base64_decode(base64_decode($customer->key)); $iv = base64_decode(base64_decode($customer->iv)); array_push($members, array("customerid" => $customer->userid, "name" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->username))), "email" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->email))), "date" => strtotime($customer->register_date) * 1000, "ip" => Crypto::DecryptString($key, $iv, base64_decode(base64_decode($customer->ip))))); } echo json_encode(array("customers" => $members)); unset($members); unset($customers); } else { Logger::i()->writeLog("Could not get customers, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Could not load customers")); }
} } $imagePath = null; $bigImagePath = null; $productPath = null; if (($res = processImages("bigimage", $imagePath, $bigImagePath)) || is_null($imagePath) || is_null($bigImagePath)) { die(Submission::createResult("Failed to process image -> " . $res)); } if (($res = processFile("productfile", $productPath)) || is_null($productPath)) { die(Submission::createResult("Failed to process Product File -> " . $res)); } if (floatval($product['price']) == 0) { die(Submission::createResult("Price can not be 0")); } $soldOut = intval($product['available']) == 0 ? 1 : 0; $insert = DbManager::i()->insert("sf_products", array("name", "price", "description", "available", "image", "bigimage", "file", "soldOut"), array($product['name'], floatval($product['price']), $product['description'], intval($product['available']), $imagePath, $bigImagePath, $productPath, $soldOut)); if ($insert) { Logger::i()->writeLog("Added Product successfully"); echo Submission::createResult("Product added successfully", true); } else { Logger::i()->writeLog("Could not add product. error = " . DbManager::i()->error, 'dev'); echo Submission::createResult("Could not add product"); } unset($product); unset($imagePath); unset($bigImagePath); unset($productPath); } else { Logger::i()->writeLog("Tried to access script without post parameters", 'dev'); echo Submission::createResult("Bad request"); }
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.btc.php'; require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.submission.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; if (!SessionManager::i()->isLoggedIn()) { Logger::i()->writeLog("User not logged in", 'access'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("PaymentStatusToken", "token")) { Logger::i()->writeLog("Token to get payment status is missing", 'access'); die(Submission::createResult("Permission denied")); } try { $btc = new BTC(); $info = (array) $btc->checkPaymentStatus(); if ($info['result'] == "success") { die(Submission::createResult($info['resultMessage'], true)); } } catch (Exception $e) { Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev'); }
} if (!SessionManager::i()->validateToken("UpdateProductToken", "token")) { Logger::i()->writeLog("Token to update product is missing", 'dev'); die(Submission::createResult("Token mismatch")); } if ($field = Submission::checkFields("action", "product", $_POST)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } $product = (array) json_decode(base64_decode($_POST['product'])); switch ($_POST['action']) { case 'soldOut': if (!DbManager::i()->update("sf_products", array("soldOut" => intval($product['soldOut'])), array("productid" => intval($product['productid'])))) { Logger::i()->writeLog("Marking product as soldOut failed, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Failed to mark product as soldOut")); } break; case 'delete': if (!DbManager::i()->delete("sf_products", array("productid" => intval($product['productid'])))) { Logger::i()->writeLog("Deleting product failed, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Failed to delete product")); } break; case 'product': if (!DbManager::i()->update("sf_products", $product, array("productid" => intval($product['productid'])))) { Logger::i()->writeLog("Update Product failed, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Failed to update product")); } break; default: break; }
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->validateToken("LoadProductsToken", "token")) { Logger::i()->writeLog("Token to load products is missing", 'dev'); die(Submission::createResult("Permission denied")); } header("Content-Type: application/json; charset=UTF-8"); $products = DbManager::i()->select("sf_products", array("productid", "name", "price", "description", "available", "image", "bigimage", "soldOut")); if ($products !== false) { $prods = array(); if (!is_array($products)) { $products = array($products); } foreach ($products as $product) { array_push($prods, array("productid" => $product->productid, "name" => $product->name, "price" => $product->price, "description" => $product->description, "available" => intval($product->available), "image" => $product->image, "bigimage" => $product->bigimage, "soldOut" => intval($product->soldOut))); } echo json_encode(array("products" => $prods)); unset($prods); unset($products); } else { Logger::i()->writeLog("Could not get products, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Could not get products")); }