public static function createEmptyFile(WOOOF $wo, $fileName) { $fullFilename = $wo->getConfigurationFor('absoluteFilesRepositoryPath') . $wo->randomString(40); while (file_exists($fullFilename)) { $fullFilename = $wo->getConfigurationFor('absoluteFilesRepositoryPath') . $wo->randomString(40); } $result = touch($fullFilename); if ($result === FALSE) { $wo->logError(self::_ECP . "0001 createEmptyFile: External File was not created by the file system."); return true; } $newId = $wo->db->getNewId('__externalFiles'); $result = $wo->db->query('insert into __externalFiles ' . '(id, entryDate, fileName, originalFileName) values ' . '(' . $newId . ', ' . $wo->getCurrentDateTime() . ', ' . $fullFilename . ', ' . $wo->cleanUserInput($fileName) . ')'); if ($result === FALSE) { return FALSE; } }
/** * * @param WOOOF $wo * @param VO_TblUser $obj * @param bool $fetchBack * @return false | id */ public static function save(WOOOF $wo, VO_TblUser &$obj) { $place = __CLASS__ . '::' . __FUNCTION__; $wo->debug("{$place}: "); $t1 = new WOOOF_dataBaseTable($wo->db, 'movierama_users'); if (!$t1->constructedOk) { return false; } if (!$wo->hasContent($obj->userId)) { $wo->logError(self::_ECP . "0010 No value provided for [userId]"); return false; } if ($wo->hasContent($obj->id)) { // update $res = $t1->updateRowFromArraySimple($obj->toArray()); if ($res === FALSE) { return FALSE; } } else { // insert $verificationToken = WOOOF::randomString(255); $obj->isDeleted = '0'; $obj->isActive = '1'; $obj->isVerified = '0'; $obj->verificationToken = $verificationToken; $obj->createdDateTime = WOOOF::currentGMTDateTime(); $obj->updatedDateTime = $obj->createdDateTime; $newId = $t1->insertRowFromArraySimple($obj->toArray()); if ($newId === FALSE) { return false; } $obj->id = $newId; $succ = self::handleVerificationToken($wo, $obj->id, $obj->username, $verificationToken); if ($succ === FALSE) { return FALSE; } } return $obj->id; }
} $requestedAction = 'viewUncontroled'; $pageLocation = '3_webService'; $wo = new WOOOF(); if ($_POST['action'] == 'wsLogin') { $loginResult = FALSE; $rowForTest = $this->db->getRowByColumn('__users', 'loginName', $wo->cleanUserInput($_POST['username'])); if (isset($rowForTest['id'])) { $hash = $wo->getPasswordHash($_POST['password'], $rowForTest['id']); $result = $this->db->query('select * from __users where binary loginName=\'' . $wo->cleanUserInput($rowForTest['loginName']) . '\' and binary loginPass=\'' . $hash . '\''); if (mysqli_num_rows($result)) { $userRow = $this->db->fetchAssoc($result); $userRow['loginPass'] = '******'; $goOn = FALSE; do { $sid = 'ws' . WOOOF::randomString(38); $new_sid_result = $this->db->query("select * from __sessions where sessionId='" . $sid . "'"); if (!mysqli_num_rows($new_sid_result)) { $goOn = TRUE; } } while (!$goOn); $result = $this->db->query("insert into __sessions (userId,sessionId,loginDateTime,lastAction,loginIP,active) values ('{$uid}','{$sid}','" . $this->dateTime . "','" . $this->dateTime . "','" . $this->cleanUserInput($_SERVER["REMOTE_ADDR"]) . "','1')"); if ($result === FALSE) { showErrorAndTerminate('2005', 'Failed to insert new session in the data base for user `' . $userData['loginName'] . '`. Potential security breach!'); } $obj->wsSessionIdentifier = $sid; $loginResult = TRUE; } } if ($loginResult === FALSE) { showErrorAndTerminate('2004', 'Wrong credentials supplied.Login failure');
window.location = window.confirmedURLToGo; } </script> </head> <body><div id="modal" style="display: none;"> <span class="titleModal" id="titleModal">Αν θες δίνε και Tίτλο Modal Window </span><br /> <div id="textModal">Κείμενο μηνύματος βνα ωσ χψβ αξηβσω ξαηβσ χξηαβσ χξηαβχ ηξα κξασ κξαβν σ</div><br /> <input class="modalButton" type="button" name="button" value="No" onClick="javascript:closePopup();"> <input class="modalButton" type="button" name="button" value="Yes" onClick="javascript:popUpConfirmed();"> </div><div> '; if (isset($_FILES['file'])) { if ($_FILES['file']['type'] == 'image/jpeg' || $_FILES['file']['type'] == 'image/png' || $_FILES['file']['type'] == 'image/gif' || $_FILES['file']['type'] == 'application/octet' || $_FILES['file']['type'] == 'application/pdf' || $_FILES['file']['type'] == 'application/x-pdf') { $prefix = $wo->randomString(20); $fileInfo = pathinfo($_FILES['file']['name']); if (($_FILES['file']['type'] == 'application/octet' || $_FILES['file']['type'] == 'application/pdf' || $_FILES['file']['type'] == 'application/x-pdf') && $fileInfo['extension'] != 'pdf' && $fileInfo['extension'] != 'PDF') { echo $_FILES['file']['type'] . ' ' . $fileInfo['extension'] . ' BAD file type. File deleted.<br/><br/>'; unlink($_FILES['file']['tmp_name']); exit; } $insertId = $wo->db->getNewId($tableName); $maxR = $wo->db->query('select max(ord) from ' . $tableName); $max = $wo->db->fetchRow($maxR); $max = $max[0] + 10; if (!isset($_POST['entry_date'])) { $entryDate = WOOOF::getCurrentDateTime(); } else { $entryDate = $wo->cleanUserInput($_POST['entry_date']); }
/** * * @param string[] $columnsToFill * @return false|string // new id */ public function handleInsertFromPost($columnsToFill) { $imagesRelativePath = WOOOF::$instance->getConfigurationFor('imagesRelativePath'); $siteBasePath = WOOOF::$instance->getConfigurationFor('siteBasePath'); global $__isAdminPage; $insertId = $this->dataBase->getNewId($this->tableName); if ($insertId === FALSE) { return FALSE; } $defferedQueries = array(); $query = 'insert into ' . $this->tableName . ' set'; if (is_array($columnsToFill)) { foreach ($columnsToFill as $column) { if ($column != 'id') { $metaData = $this->columns[$column]->getColumnMetaData(); $trimmedOrderingColumn = trim(str_replace(' desc', '', $this->getOrderingColumnForListings())); if ($trimmedOrderingColumn == $column && (!isset($_POST[$column]) || trim($_POST[$column]) == '0' || trim($_POST[$column]) == '') && $metaData['type'] == WOOOF_dataBaseColumnTypes::int) { $oR = $this->dataBase->query('select max(' . $trimmedOrderingColumn . ') as maxOrd from ' . $this->tableName); if ($oR === FALSE) { return FALSE; } $o = $this->dataBase->fetchAssoc($oR); $_POST[$column] = $o['maxOrd'] + 10; } else { if (!isset($_POST[$column]) && !isset($_POST[$column . '1']) && !isset($_POST[$column . '4']) && !isset($_FILES[$column])) { WOOOF::$instance->debug("Warning in handleInsertFromPost: Column to fill [{$column}] does not appear in POST or FILES."); continue; } } if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::file) { if (is_uploaded_file($_FILES[$column]['tmp_name'])) { $externalFileId = $this->handleFileUpload($column); if ($externalFileId === FALSE) { die('File Upload Failure!'); // TODO: backfix that and remove the die! return FALSE; } else { $query .= ' ' . $column . '=\'' . $externalFileId . '\','; } } } else { if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::picture) { if (isset($_FILES[$column])) { if (trim($metaData['presentationParameters']) != '') { $outputPath = $siteBasePath . $metaData['presentationParameters']; } else { $outputPath = $siteBasePath . $imagesRelativePath; } $fromFile = $outputPath . WOOOF::randomString(10) . '_' . $_FILES[$column]['name']; //echo $fromFile .' <- is the new filename <br>'; $mvResult = move_uploaded_file($_FILES[$column]['tmp_name'], $fromFile); if ($mvResult) { if ($metaData['resizeWidth'] != '') { $choppedFile = ''; $filePieces = explode('.', $_FILES[$column]['name']); for ($b = 0; $b < count($filePieces) - 1; $b++) { $choppedFile .= $filePieces[$b] . '.'; } $choppedFile .= 'jpg'; $targetFilename = $this->tableId . '_' . $metaData['columnId'] . '_' . $insertId . '_' . $choppedFile; WOOOF::resizePicture($fromFile, $outputPath . $targetFilename, $metaData['resizeWidth'], $metaData['resizeHeight']); $query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($targetFilename) . '\', '; if ($metaData['thumbnailWidth'] != '') { WOOOF::resizePicture($fromFile, $outputPath . 'thumb_' . $targetFilename, $metaData['thumbnailWidth'], $metaData['thumbnailHeight']); if ($metaData['thumbnailColumn'] != '') { $defferedQueries[] = 'update ' . $this->tableName . ' set ' . $metaData['thumbnailColumn'] . '=\'' . 'thumb_' . $targetFilename . '\' where id=\'' . $insertId . '\''; } } if ($metaData['midSizeWidth'] != '') { WOOOF::resizePicture($fromFile, $outputPath . 'mid_' . $targetFilename, $metaData['midSizeWidth'], $metaData['midSizeHeight']); if ($metaData['thumbnailColumn'] != '') { $defferedQueries[] = 'update ' . $this->tableName . ' set ' . $metaData['midSizeColumn'] . '=\'' . 'mid_' . $targetFilename . '\' where id=\'' . $insertId . '\''; } } unlink($fromFile); } else { //echo basename(WOOOF::$instance->cleanUserInput($fromFile)) .'<br>'; $query .= ' ' . $column . '=\'' . basename(WOOOF::$instance->cleanUserInput($fromFile)) . '\','; //exit; } } else { $query .= ' ' . $column . '=' . $column . ', '; } } } else { if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::htmlText) { if (!$__isAdminPage) { require_once 'HTMLPurifier.standalone.php'; $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $query .= ' ' . $column . '=\'' . $this->dataBase->escape($purifier->purify($_POST[$column])) . '\','; } else { $query .= ' ' . $column . '=\'' . $this->dataBase->escape($_POST[$column]) . '\','; } } else { if ($metaData['presentationType'] == WOOOF_columnPresentationTypes::date || $metaData['presentationType'] == WOOOF_columnPresentationTypes::time || $metaData['presentationType'] == WOOOF_columnPresentationTypes::dateAndTime && isset($_POST[$column . '1'])) { if ($metaData['notNull'] == '1' && ($metaData['isReadOnly'] || (!isset($_POST[$column . '1']) || trim($_POST[$column . '1']) == '') && (!isset($_POST[$column . '4']) || $_POST[$column . '4'] == ''))) { //WOOOF::$instance->debug("$column in isReadOnly or empty"); $tempDate = WOOOF::getCurrentDateTime(); } else { $tempDate = WOOOF::buildDateTimeFromAdminPost($column, $metaData['presentationType']); } if ($this->columns[$column]->checkValue($tempDate) === FALSE) { return FALSE; } $query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($tempDate) . '\','; } else { if (!$this->columns[$column]->checkValue($_POST[$column])) { return FALSE; } if (!isset($_POST[$column])) { $_POST[$column] = ''; } $query .= ' ' . $column . '=\'' . WOOOF::$instance->cleanUserInput($_POST[$column]) . '\','; } } } } } } } $query .= ' id=\'' . $insertId . '\''; $res = $this->dataBase->query($query); if ($res === FALSE) { return FALSE; } for ($dC = 0; $dC < count($defferedQueries); $dC++) { $res = $this->dataBase->query($defferedQueries[$dC]); if ($res === FALSE) { return FALSE; } } return $insertId; }
/** * * @param WOOOF $wo * @param array $in * @return boolean */ public static function passwordReset(WOOOF $wo, $in) { $place = __CLASS__ . '::' . __FUNCTION__; $wo->debug("{$place}: ResetPassword"); $userRec = $wo->db->getRowByColumn('__users', 'loginName', $in['email']); if ($userRec === FALSE) { return false; } if ($userRec === NULL) { $wo->logError(self::_ECP . "2360 No such user found."); return false; } //create new password here $newPassword = WOOOF::randomString(10); $newPassword[0] = 'A'; $newPassword[1] = '1'; //change password here $passwordErrors = []; $res = WOOOF_User::changePassword($wo, $in['email'], $newPassword, $passwordErrors); if ($res === FALSE) { return false; } //send the password to user via email $emailAddress = $in['email']; $subject = 'New MovieRama Password'; $message = 'Your new MovieRama Password is: ' . $newPassword; $replyTo = ''; $cc = ''; $htmlMessage = 'Your new MovieRama Password is: ' . $newPassword; $files = null; $res = $wo->sendMail('', $emailAddress, $subject, $message, $replyTo, $cc, $htmlMessage, $files); return $res; }