$logger = new FullLog('Corporate View Page');
$checkAuth = new CheckAuth($logger);
$blackList = new BlackLister($redis);
$isCorporate = $checkAuth->isCorporate();
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
$userType = PDOSingleton::CORPORATEUSER;
if ($checkAuth->isAdmin()) {
$userType = PDOSingleton::ADMINUSER;
}
$pdo = new PDOSingleton($userType);
$orderID = !empty($_GET['order']) ? $auth->cInt($_GET['order']) : null;
$employeeID = !empty($_SESSION['employeeid']) ? $auth->cInt($_SESSION['employeeid']) : null;
if (!$isCorporate) {
$logger->serverData();
$logger->addWarning("User attempted to access unauthorized location.");
$error = rawurlencode('Not an authenticated corporate user.');
die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}"));
}
if (!$orderID) {
$logger->serverData();
$logger->addWarning("User attempted to access an order without an orderID.");
$error = rawurlencode('No order was given.');
die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}"));
}
$models = new stdClass();
$models->redis = $redis;
$models->errorRunner = $errorRunner;
$models->pdo = $pdo;
$models->logger = $logger;
$models->blackList = $blackList;
use security\Models\SiteLogger\FullLog;
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
$redis = new RedisSingleton();
$errorRunner = new ErrorRunner();
$pdo = new PDOSingleton(PDOSingleton::CORPORATEUSER);
$logger = new FullLog('Corporate View Orders Page');
$checkAuth = new CheckAuth($logger);
$blackList = new BlackLister($redis);
$isCorporate = $checkAuth->isCorporate();
$isAdmin = $checkAuth->isAdmin();
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
if (!$isCorporate) {
$logger->serverData();
$logger->addWarning("User attempted to access unauthorized location.");
$error = rawurlencode('Not an authenticated corporate user.');
die(header("Location:{$rootPath}goodsite/corporate/corporatelogin.php?errors={$error}"));
}
$models = new stdClass();
$models->redis = $redis;
$models->errorRunner = $errorRunner;
$models->pdo = $pdo;
$models->logger = $logger;
$models->blackList = $blackList;
$order = new stdClass();
$order->session = $_SESSION;
$ordersController = new EmployeeGroupsOrdersController($models, $order);
$ordersController->setOrders();
$orders = $ordersController->getOrders();
$corporateOrders = "";
}
$router = new Router(__DIR__);
$rootPath = $router->rootPath;
$redis = new RedisSingleton();
$errorRunner = new ErrorRunner();
$logger = new FullLog("Create new Customer");
$pdo = new PDOSingleton(PDOSingleton::CUSTOMERUSER);
$blacklist = new BlackLister();
if (!isset($_SESSION["visits"])) {
$_SESSION["visits"] = 0;
}
$_SESSION["visits"] = $_SESSION["visits"] + 1;
if ($_SESSION["visits"] > 5) {
$logger->serverData();
// increment the blacklister by one.
$logger->addWarning("Someone is repeatedly visiting the create new customer account, this is their {$_SESSION['visits']}. Potential abuse.");
$blacklist->blackList();
}
if ($blacklist->isBlackListed()) {
// Again, this is an incredibly weak protection.
$logger->addError("This IP has been flagged as abusive.");
foreach ($blacklist->IP as $badIP) {
$logger->addError("badIP at {$badIP}");
}
die("This account has been flagged as abusive.");
}
$_SESSION['maxfiles'] = ini_get('max_file_uploads');
$_SESSION['postmax'] = FileUploader::convertToBytes(ini_get('post_max_size'));
$_SESSION['displaymax'] = FileUploader::convertFromBytes($_SESSION['postmax']);
$max = 200 * 1024;
$username = $email = $address = $phone = $city = $state = $countrycode = $zip = $instructions = $hasPassword = null;
