/** * This method is used to construction a new controller of ajax. * */ public function __construct() { include_once 'include/LoadIncludes.php'; include_once '../model/Model.class.php'; $this->model = new Model($this); foreach ($_GET as $key => $value) { if (is_array($value)) { foreach ($value as $key2 => $value2) { $get_values[$key][$key2] = $this->model->dbPreis24->real_escape_string($value2); } } else { $get_values[$key] = $this->model->dbPreis24->real_escape_string($value); } } foreach ($_POST as $key => $value) { if (is_array($value)) { foreach ($value as $key2 => $value2) { $post_values[$key][$key2] = $this->model->dbPreis24->real_escape_string($value2); } } else { $post_values[$key] = $this->model->dbPreis24->real_escape_string($value); } } if (isset($get_values) && is_array($get_values)) { foreach ($get_values as $key => $value) { $this->get_values[$key] = is_array($value) ? array_map('OwnLibrary::Utf8Decode', $value) : OwnLibrary::Utf8Decode($value); } } if (isset($post_values) && is_array($post_values)) { foreach ($post_values as $key => $value) { $this->post_values[$key] = is_array($value) ? array_map('OwnLibrary::Utf8Decode', $value) : OwnLibrary::Utf8Decode($value); } } if (empty($this->get_values['Ajax'])) { exit; } $this->security = new Security($this); $this->security->CheckInputValues(); }
<?php /** * This is a controller to save a new person using AJAX. * * @author Arsess Vakilpour * @version 1.0 * @package Peris24-Testprojekt */ $New_Person = new Person(null, $this->post_values['Gender'], OwnLibrary::Utf8Encode($this->post_values['Title']), OwnLibrary::Utf8Encode($this->post_values['First_Name']), OwnLibrary::Utf8Encode($this->post_values['Last_Name']), OwnLibrary::Utf8Encode($this->post_values['Street_Name']), OwnLibrary::Utf8Encode($this->post_values['Street_No']), OwnLibrary::Utf8Encode($this->post_values['Zip']), OwnLibrary::Utf8Encode($this->post_values['City']), $this->post_values['Country'], $this->post_values['Email']); if ($this->model->SaveNewPerson($New_Person)) { echo 'Success'; }
/** * This method is used to send a report to admin if intrusion detected * */ private function MailHackAttempt($detecting_file = "(no filename available)", $detecting_line = "(no line number available)", $hack_type = "(no type given)", $message = "(no message given)") { $output = "Attention site admin of " . PROGRAM_NAME . ",\n"; $output .= "On " . @strftime(DATE_FORMAT_LONG); $output .= " at " . @strftime(TIME_FORMAT_SHORT); $output .= " the xt:C System has detected that somebody tried to" . " send information to your site that may have been intended" . " as a hack. Do not panic, it may be harmless: maybe this" . " detection was triggered by something you did! Anyway, it" . " was detected and blocked. \n"; $output .= "The suspicious activity was recognized in {$detecting_file} " . "on line {$detecting_line}, and is of the type {$hack_type}. \n"; $output .= "Additional information given by the code which detected this: " . $message; $output .= "\n\nBelow you will find a lot of information obtained about " . "this attempt, that may help you to find what happened and " . "maybe who did it.\n\n"; $output .= "\n=====================================\n"; $output .= "Information about this user:\n"; $output .= "=====================================\n"; if (!isset($_SESSION['User'])) { $output .= "This person is not logged in.\n"; } else { $output .= "This person is logged in!!\n Customers ID =" . $_SESSION['User']->User_Id; } $output .= "IP numbers: [note: when you are dealing with a real cracker " . "these IP numbers might not be from the actual computer he is " . "working on]" . "\n\t IP according to REMOTE_ADDR: " . $_SERVER['REMOTE_ADDR'] . "\n\t IP according to GetHostByName(" . $_SERVER['REMOTE_ADDR'] . "): " . @GetHostByName($_SERVER['REMOTE_ADDR']) . "\n\n"; $output .= "\n=====================================\n"; $output .= "Information in the \$_REQUEST array\n"; $output .= "=====================================\n"; while (list($key, $value) = @each($_REQUEST)) { $output .= "REQUEST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_GET array\n"; $output .= "This is about variables that may have been "; $output .= "in the URL string or in a 'GET' type form.\n"; $output .= "=====================================\n"; while (list($key, $value) = @each($_GET)) { $output .= "GET * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_POST array\n"; $output .= "This is about visible and invisible form elements.\n"; $output .= "=====================================\n"; while (list($key, $value) = @each($_POST)) { $output .= "POST * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Browser information\n"; $output .= "=====================================\n"; $output .= "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n"; $browser = (array) @get_browser(); while (list($key, $value) = @each($browser)) { $output .= "BROWSER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SERVER array\n"; $output .= "=====================================\n"; while (list($key, $value) = @each($_SERVER)) { $output .= "SERVER * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_ENV array\n"; $output .= "=====================================\n"; while (list($key, $value) = @each($_ENV)) { $output .= "ENV * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_COOKIE array\n"; $output .= "=====================================\n"; while (list($key, $value) = @each($_COOKIE)) { $output .= "COOKIE * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_FILES array\n"; $output .= "=====================================\n"; while (list($key, $value) = @each($_FILES)) { $output .= "FILES * {$key} : {$value}\n"; } $output .= "\n=====================================\n"; $output .= "Information in the \$_SESSION array\n"; $output .= "This is session info."; $output .= "=====================================\n"; while (list($key, $value) = @each($_SESSION)) { if (is_string($value)) { $output .= "SESSION * {$key} : {$value}\n"; } } OwnLibrary::SendMail(nl2br($output), 'Attempted hack on your site? (type: ' . $message . ')'); return; }
/** * This method is used to save a new person. * * @param object $newPerson as person object. * @return boolean send true if the person correctly saved and false if not. */ public function SaveNewPerson($newPerson) { $Insert_Person_Query = 'INSERT INTO p24_persons ( ' . 'Gender , ' . 'Title , ' . 'First_Name , ' . 'Last_Name , ' . 'Street_Name , ' . 'Street_No , ' . 'Zip , ' . 'City , ' . 'Country , ' . 'Email ) ' . 'VALUES ( "' . $newPerson->Gender . '" , "' . OwnLibrary::Utf8Decode($newPerson->Title) . '" , "' . OwnLibrary::Utf8Decode($newPerson->First_Name) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Last_Name) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Street_Name) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Street_No) . '" , "' . OwnLibrary::Utf8Decode($newPerson->Zip) . '" , "' . OwnLibrary::Utf8Decode($newPerson->City) . '" , "' . $newPerson->Country . '" , "' . OwnLibrary::Utf8Decode($newPerson->Email) . '" ) '; $result = $this->dbPreis24->query($Insert_Person_Query); if ($result) { return true; } else { return false; } }
break; case 'CY': $country = 'Zypern'; break; } $imgEdit = new ButtonEdit($value->Id); $imgDelete = new ButtonDelete(); $id = new Input(null, null, 'hidden', $value->Id, 'hiddenField'); $tdFunctionContent = $id->Display(); $tdFunctionContent .= $imgDelete->Display() . $imgEdit->Display(); $tdName = new Td((trim($value->Title) == '' ? trim($value->Gender) == '' ? '' : $value->Gender . ' ' : OwnLibrary::Utf8Encode($value->Title) . ' ') . OwnLibrary::Utf8Encode($value->First_Name) . ' ' . OwnLibrary::Utf8Encode($value->Last_Name), 'Name_' . OwnLibrary::Utf8Encode($value->Id)); $tdAddress = new Td(OwnLibrary::Utf8Encode($value->Street_Name) . ' ' . OwnLibrary::Utf8Encode($value->Street_No), 'Street_' . OwnLibrary::Utf8Encode($value->Id)); $tdZip = new Td(OwnLibrary::Utf8Encode($value->Zip), 'Zip_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;'); $tdCity = new Td(OwnLibrary::Utf8Encode($value->City), 'City_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;'); $tdCountry = new Td(OwnLibrary::Utf8Encode($country), 'Country_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;'); $tdEmail = new Td('<a href="mailto:' . OwnLibrary::Utf8Encode($value->Email) . '">' . OwnLibrary::Utf8Encode($value->Email) . '</a>', 'Email_' . OwnLibrary::Utf8Encode($value->Id), null, 'text-align: center;'); $tdFunctions = new Td($tdFunctionContent, null, 'funcs', 'text-align: center; width: 1px;'); $tdArray = array(); $tdArray[] = $tdName; $tdArray[] = $tdAddress; $tdArray[] = $tdZip; $tdArray[] = $tdCity; $tdArray[] = $tdCountry; $tdArray[] = $tdEmail; $tdArray[] = $tdFunctions; $trContent = new Tr($tdArray, null, 'TrMain' . ($key % 2 ? ' tr_even' : '')); $trArray[] = $trContent; } $viewTable = new ViewTable($trHeader, $trArray); $pagination = new Pagination($Persons_List[1]); $contentfooter = new ContentFooter($pagination->Display());