define("NO_SESSION_REGENERATION", true);
require_once __DIR__ . "/config.php";
require_once TEMPLATES_PATH . "/utils.php";
require_once INCLUDES_PATH . "/authentication.php";
require_once INCLUDES_PATH . "/events.php";
require_once DATABASE_PATH . "/events.php";
try {
if (!isset($_POST["id"])) {
http_response_code(400);
echo 'Missing event ID.';
} else {
if (!isUserLoggedIn()) {
http_response_code(403);
echo 'You need to login to unregister this event.';
} else {
if (!validateCSRFToken($_POST["csrf_token"])) {
http_response_code(403);
echo 'Invalid CSRF token.';
} else {
$event_id = $_POST["id"];
if (!canSeeEvent(getUserID(), $event_id)) {
http_response_code(403);
echo 'You do not have access to edit this event.';
} else {
unregisterFromEvent(getUserID(), $idEvent);
}
}
}
}
} catch (InvalidArgumentException $e) {
http_response_code(400);
<?php
require_once './utils.php';
require_once './defs.php';
$valid = isset($_SERVER['HTTP_X_CSRF_TOKEN']) && validateCSRFToken($_SERVER['HTTP_X_CSRF_TOKEN']) && isset($_FILES['upfile']['error']) && is_int($_FILES['upfile']['error']) && $_FILES['upfile']['error'] === UPLOAD_ERR_OK;
// invalid request
if (!$valid) {
http_response_code(400);
// echo 'invalid';
// echo "\n";
// echo $_FILES['upfile']['error'];
exit;
}
// file size is too large
if ($_FILES['upfile']['size'] > MAX_FILE_SIZE) {
http_response_code(400);
// echo 'file size';
exit;
}
// file isn't zip
$finfo = new finfo(FILEINFO_MIME_TYPE);
switch ($finfo->file($_FILES['upfile']['tmp_name'])) {
case 'application/octet-stream':
case 'application/zip':
case 'application/x-zip':
case 'application/x-zip-compressed':
case 'application/x-compress':
case 'application/x-compressed':
case 'multipart/x-zip':
break;
default:
/**
* Validate
*
* @param mixed $value
* @param array $arguments
* @return bool
*/
public function validate($value, array $arguments) : bool
{
return validateCSRFToken($value);
}
http_response_code(400);
echo 'Missing event ID.';
} else {
if (!isset($_GET["action"])) {
http_response_code(400);
echo 'Missing action value.';
} else {
if (!isset($_GET["csrf_token"])) {
http_response_code(400);
echo 'Missing csrf token.';
} else {
if (!isUserLoggedIn()) {
http_response_code(403);
echo 'You need to login to edit this event.';
} else {
if (!validateCSRFToken(rawurldecode($_GET["csrf_token"]))) {
http_response_code(403);
echo 'Invalid CSRF token.';
} else {
$event_id = $_GET["id"];
if (!canSeeEvent(getUserID(), $event_id)) {
http_response_code(403);
echo 'You do not have access to edit this event.';
} else {
$event = Event::find($event_id);
$make_public = $_GET['action'];
if (getUserID() == $event->getOwner()) {
if ($make_public == 1) {
$event->setPublic(1);
} else {
$event->setPublic(0);
<?php
require_once './utils.php';
require_once './defs.php';
$valid = isset($_SERVER['HTTP_X_CSRF_TOKEN']) && validateCSRFToken($_SERVER['HTTP_X_CSRF_TOKEN']);
// invalid request
if (!$valid) {
http_response_code(400);
exit;
}
$matching = array_filter(glob("{$_(UPLOAD_DIR)}/*"), function ($file) {
return is_file($file);
});
$files = array_map(function ($file) {
return basename($file);
}, $matching);
header('Content-Type: application/json; charset=utf-8');
header('X-Content-Type-Options: nosniff');
header('Access-Control-Allow-Methods: GET');
header('X-Frame-Options: DENY');
echo json_encode($files);
