/**
* This method is used to construction a new controller of ajax.
*
*/
public function __construct()
{
include_once 'include/LoadIncludes.php';
include_once '../model/Model.class.php';
$this->model = new Model($this);
foreach ($_GET as $key => $value) {
if (is_array($value)) {
foreach ($value as $key2 => $value2) {
$get_values[$key][$key2] = $this->model->dbPreis24->real_escape_string($value2);
}
} else {
$get_values[$key] = $this->model->dbPreis24->real_escape_string($value);
}
}
foreach ($_POST as $key => $value) {
if (is_array($value)) {
foreach ($value as $key2 => $value2) {
$post_values[$key][$key2] = $this->model->dbPreis24->real_escape_string($value2);
}
} else {
$post_values[$key] = $this->model->dbPreis24->real_escape_string($value);
}
}
if (isset($get_values) && is_array($get_values)) {
foreach ($get_values as $key => $value) {
$this->get_values[$key] = is_array($value) ? array_map('OwnLibrary::Utf8Decode', $value) : OwnLibrary::Utf8Decode($value);
}
}
if (isset($post_values) && is_array($post_values)) {
foreach ($post_values as $key => $value) {
$this->post_values[$key] = is_array($value) ? array_map('OwnLibrary::Utf8Decode', $value) : OwnLibrary::Utf8Decode($value);
}
}
if (empty($this->get_values['Ajax'])) {
exit;
}
$this->security = new Security($this);
$this->security->CheckInputValues();
}
<?php
/**
* This is a controller to save a new person using AJAX.
*
* @author Arsess Vakilpour
* @version 1.0
* @package Peris24-Testprojekt
*/
$New_Person = new Person(null, $this->post_values['Gender'], OwnLibrary::Utf8Encode($this->post_values['Title']), OwnLibrary::Utf8Encode($this->post_values['First_Name']), OwnLibrary::Utf8Encode($this->post_values['Last_Name']), OwnLibrary::Utf8Encode($this->post_values['Street_Name']), OwnLibrary::Utf8Encode($this->post_values['Street_No']), OwnLibrary::Utf8Encode($this->post_values['Zip']), OwnLibrary::Utf8Encode($this->post_values['City']), $this->post_values['Country'], $this->post_values['Email']);
if ($this->model->SaveNewPerson($New_Person)) {
echo 'Success';
}
/**
* This method is used to send a report to admin if intrusion detected
*
*/
private function MailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)")
{
$output = "Attention site admin of " . PROGRAM_NAME . ",\n";
$output .= "On " . @strftime(DATE_FORMAT_LONG);
$output .= " at " . @strftime(TIME_FORMAT_SHORT);
$output .= " the xt:C System has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n";
$output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n";
$output .= "Additional information given by the code which detected this: " . $message;
$output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n";
$output .= "\n=====================================\n";
$output .= "Information about this user:\n";
$output .= "=====================================\n";
if (!isset($_SESSION['User'])) {
$output .= "This person is not logged in.\n";
} else {
$output .= "This person is logged in!!\n Customers ID =" . $_SESSION['User']->User_Id;
}
$output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to REMOTE_ADDR: " . $_SERVER['REMOTE_ADDR'] . "\n\t IP according to GetHostByName(" . $_SERVER['REMOTE_ADDR'] . "): " . @GetHostByName($_SERVER['REMOTE_ADDR']) . "\n\n";
$output .= "\n=====================================\n";
$output .= "Information in the \$_REQUEST array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_REQUEST)) {
$output .= "REQUEST * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_GET array\n";
$output .= "This is about variables that may have been ";
$output .= "in the URL string or in a 'GET' type form.\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_GET)) {
$output .= "GET * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_POST array\n";
$output .= "This is about visible and invisible form elements.\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_POST)) {
$output .= "POST * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Browser information\n";
$output .= "=====================================\n";
$output .= "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
$browser = (array) @get_browser();
while (list($key, $value) = @each($browser)) {
$output .= "BROWSER * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_SERVER array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_SERVER)) {
$output .= "SERVER * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_ENV array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_ENV)) {
$output .= "ENV * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_COOKIE array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_COOKIE)) {
$output .= "COOKIE * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_FILES array\n";
$output .= "=====================================\n";
while (list($key, $value) = @each($_FILES)) {
$output .= "FILES * {$key} : {$value}\n";
}
$output .= "\n=====================================\n";
$output .= "Information in the \$_SESSION array\n";
$output .= "This is session info.";
$output .= "=====================================\n";
while (list($key, $value) = @each($_SESSION)) {
if (is_string($value)) {
$output .= "SESSION * {$key} : {$value}\n";
}
}
OwnLibrary::SendMail(nl2br($output), 'Attempted hack on your site? (type: ' . $message . ')');
return;
}
/**
* This method is used to save a new person.
*
* @param object $newPerson as person object.
* @return boolean send true if the person correctly saved and false if not.
*/
public function SaveNewPerson($newPerson)
{
$Insert_Person_Query = 'INSERT INTO p24_persons ( ' . 'Gender , ' . 'Title , ' . 'First_Name , ' . 'Last_Name , ' . 'Street_Name , ' . 'Street_No , ' . 'Zip , ' . 'City , ' . 'Country , ' . 'Email ) ' . 'VALUES ( "' . $newPerson->Gender . '" , "' . OwnLibrary::Utf8Decode($newPerson->Title) . '" , "' . OwnLibrary::Utf8Decode($newPerson->First_Name) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Last_Name) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Street_Name) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Street_No) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Zip) . '" , "' . OwnLibrary::Utf8Decode($newPerson->City) . '" , "' . $newPerson->Country . '" , "' . OwnLibrary::Utf8Decode($newPerson->Email) . '" ) ';
$result = $this->dbPreis24->query($Insert_Person_Query);
if ($result) {
return true;
} else {
return false;
}
}
break;
case 'CY':
$country = 'Zypern';
break;
}
$imgEdit = new ButtonEdit($value->Id);
$imgDelete = new ButtonDelete();
$id = new Input(null, null, 'hidden', $value->Id, 'hiddenField');
$tdFunctionContent = $id->Display();
$tdFunctionContent .= $imgDelete->Display() . $imgEdit->Display();
$tdName = new Td((trim($value->Title) == '' ? trim($value->Gender) == '' ? '' : $value->Gender . ' ' : OwnLibrary::Utf8Encode($value->Title) . ' ') . OwnLibrary::Utf8Encode($value->First_Name) . ' ' . OwnLibrary::Utf8Encode($value->Last_Name), 'Name_' . OwnLibrary::Utf8Encode($value->Id));
$tdAddress = new Td(OwnLibrary::Utf8Encode($value->Street_Name) . ' ' . OwnLibrary::Utf8Encode($value->Street_No), 'Street_' . OwnLibrary::Utf8Encode($value->Id));
$tdZip = new Td(OwnLibrary::Utf8Encode($value->Zip), 'Zip_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;');
$tdCity = new Td(OwnLibrary::Utf8Encode($value->City), 'City_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;');
$tdCountry = new Td(OwnLibrary::Utf8Encode($country), 'Country_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;');
$tdEmail = new Td('<a href="mailto:' . OwnLibrary::Utf8Encode($value->Email) . '">' . OwnLibrary::Utf8Encode($value->Email) . '</a>', 'Email_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;');
$tdFunctions = new Td($tdFunctionContent, null, 'funcs', 'text-align: center; width: 1px;');
$tdArray = array();
$tdArray[] = $tdName;
$tdArray[] = $tdAddress;
$tdArray[] = $tdZip;
$tdArray[] = $tdCity;
$tdArray[] = $tdCountry;
$tdArray[] = $tdEmail;
$tdArray[] = $tdFunctions;
$trContent = new Tr($tdArray, null, 'TrMain' . ($key % 2 ? ' tr_even' : ''));
$trArray[] = $trContent;
}
$viewTable = new ViewTable($trHeader, $trArray);
$pagination = new Pagination($Persons_List[1]);
$contentfooter = new ContentFooter($pagination->Display());
