require_once ROOT_DIR . '/class.settings.php'; error_log("[ShopFix PROHEX] CALLBACK CALLED " . print_r($_GET, true)); function generateMessage($first_name, $cart, $transid) { $message = 'Hallo ' . $first_name . ",\n\nWe received your Payment with the Transaction ID: " . $transid . "\n\n"; $message .= "You purchased:\n\n"; foreach ($cart as $productid => $product) { $message .= "- " . $product->name . " (" . $product->description . ")" . "\n"; } $message .= "\nTo download the Products you have purchased, please visit the 'Payment History' section when logged in\n\n"; $message .= "- Your " . Settings::i()->title . " Team"; return $message; } if (isset($_GET['token'])) { Logger::i()->writeLog("Processing PayPal Payment"); if (!SessionManager::i()->isLoggedIn()) { Logger::i()->writeLog("User not logged in", 'dev'); die; } try { $paypal = new PayPal(true); } catch (Exception $e) { Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev'); die; } $response = $paypal->doRequest("GetExpressCheckoutDetails", array("TOKEN" => $_GET['token'])); $first_name = $response['FIRSTNAME']; if (!$response) { Logger::i()->writeLog("Could not get express checkout details, error = " . $paypal->error, 'dev'); header("Location: index.php"); die;
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.submission.php'; require_once ROOT_DIR . '/class.settings.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/recaptchalib.php'; if (!SessionManager::i()->validateToken("LoginToken", "token")) { Logger::i()->writeLog("Token to login is missing", 'dev'); die(Submission::createResult("Please refresh the page and try again")); } if (isset($_POST['login'])) { $login = (array) json_decode(base64_decode($_POST['login'])); if ($field = Submission::checkFields(array("username", "password"), $login)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } if (Settings::i()->captcha_private) { if (!isset($login['captcha_response'])) { die(Submission::createResult("Please validate the captcha")); } $reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $login['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); } } $key = Crypto::GenerateKey($login['username']); $find = DbManager::i()->select("sf_members", array("iv", "userid"), array("key" => base64_encode(base64_encode($key)))); if ($find !== false) { if (!is_array($find)) {
$username = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->username))); $email = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->email))); $password = Crypto::DecryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), base64_decode(base64_decode($userinfo->password))); echo json_encode(array("username" => $username, "email" => $email, "password" => $password)); unset($username); unset($email); unset($password); unset($userinfo); } else { Logger::i()->writeLog("No user found in the database for UserID = {$userid}, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Could not find user")); } } else { if ($request_method == "POST") { unset($request_method); if (!SessionManager::i()->validateToken("UpdateAccountSettingsToken", "token")) { Logger::i()->writeLog("Token to update account settings is missing", 'access'); die(Submission::createResult("Permission denied")); } if ($userinfo !== false && !is_array($userinfo)) { if (isset($_POST['pw'])) { $pw = base64_decode($_POST['pw']); $pw = base64_encode(base64_encode(Crypto::EncryptString(base64_decode(base64_decode($userinfo->key)), base64_decode(base64_decode($userinfo->iv)), $pw))); $update = DbManager::i()->update("sf_members", array("password" => $pw), array("userid" => $userid)); if ($update) { Logger::i()->writeLog("User password updated, UserID = {$userid}"); echo Submission::createResult("Password updated successfully", true); } else { Logger::i()->writeLog("User password could not be updated, error = " . DbManager::i()->error); echo Submission::createResult("Could not update password. Please try again later."); }
die(Submission::createResult("Permission denied")); } header("Content-Type: application/json; charset=UTF-8"); $settings = DbManager::i()->select("sf_settings", array("settings")); if ($settings !== false && !is_array($settings)) { $prefs = Crypto::DecryptString(base64_decode(base64_decode(ADMIN_KEY)), base64_decode(base64_decode(ADMIN_IV)), base64_decode(base64_decode($settings->settings))); echo json_encode(array("settings" => json_decode(base64_decode($prefs)))); unset($prefs); } else { Logger::i()->writeLog("Could not load settings, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Could not load Settings")); } } else { if ($request_method == "POST") { unset($request_method); if (!SessionManager::i()->validateToken("SettingsToken", "token")) { Logger::i()->writeLog("Token to set settings is missing", 'dev'); die(Submission::createResult("Permission denied")); } if (isset($_POST['settings'])) { $settings = (array) json_decode(base64_decode($_POST['settings'])); if (isset($settings['paypal']) && count((array) $settings['paypal']) > 0) { if ($field = Submission::checkFields(array("username", "password", "signature"), (array) $settings['paypal'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else { if (isset($settings['btc']) && count((array) $settings['btc']) > 0) { if ($field = Submission::checkFields(array("api_key", "api_pin"), (array) $settings['btc'])) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } else {
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.settings.php'; $loggedIn = SessionManager::i()->isLoggedIn(); $_SESSION['RegisterToken'] = SessionManager::GenerateToken(); $_SESSION['LoginToken'] = SessionManager::GenerateToken(); $_SESSION['LogoutToken'] = SessionManager::GenerateToken(); $_SESSION['GetPaymentsToken'] = SessionManager::GenerateToken(); $_SESSION['CartToken'] = SessionManager::GenerateToken(); $_SESSION['LoadProductsToken'] = SessionManager::GenerateToken(); $_SESSION['UpdateAccountSettingsToken'] = SessionManager::GenerateToken(); $_SESSION['AccountSettingsToken'] = SessionManager::GenerateToken(); $_SESSION['CheckoutToken'] = SessionManager::GenerateToken(); $_SESSION['DownloadToken'] = SessionManager::GenerateToken(); $_SESSION['PaymentStatusToken'] = SessionManager::GenerateToken(); ?> <!DOCTYPE html> <html lang="en" ng-app="ShopFixApp"> <head> <title><?php echo Settings::i()->title; ?> </title> <!-- Handle NoScript --> <noscript> <meta http-equiv="refresh" content="0;url=noscript.php"> </noscript>
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/.."); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Admin is not logged in", 'access'); die(Submission::createResult("Admin is not logged in")); } if (!SessionManager::i()->validateToken("UpdateCustomersToken", "token")) { Logger::i()->writeLog("Token to update customer is missing", 'access'); die(Submission::createResult("Token mismatch")); } if ($field = Submission::checkFields(array("customerid", "action"), $_POST)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } function renewPassword($c) { $plain = Crypto::generateRandomPassword(15); $info = DbManager::i()->select("sf_members", array("key", "iv"), array("userid" => intval($c))); if ($info !== false && !is_array($info)) { $key = base64_decode(base64_decode($info->key)); $iv = base64_decode(base64_decode($info->iv)); $password = base64_encode(base64_encode(Crypto::EncryptString($key, $iv, $plain))); if (DbManager::i()->update("sf_members", array("password" => $password), array("userid" => intval($c)))) { unset($password); unset($key); unset($iv); unset($info); Logger::i()->writeLog("Password renewed for UserID: {$c}, password = {$plain}");
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/.."); require_once ROOT_DIR . '/class.logger.php'; //requires class.dbmanager require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Admin is not logged in", 'dev'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("LoadLogsToken", "csrf", "GET")) { Logger::i()->writeLog("Token to load logs is missing", 'dev'); die(Submission::createResult("Permission denied")); } $all_logs = Logger::i()->getLogs(); $dev_logs = array(); $access_logs = array(); foreach ($all_logs as $log) { if ($log->mode == "dev") { array_push($dev_logs, $log); } else { if ($log->mode == "access") { array_push($access_logs, $log); } } } echo json_encode(array("all_logs" => $all_logs, "dev_logs" => $dev_logs, "access_logs" => $access_logs));
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.settings.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; require_once ROOT_DIR . '/recaptchalib.php'; if (!SessionManager::i()->validateToken("RegisterToken", "token")) { Logger::i()->writeLog("Token to register is missing", 'dev'); echo Submission::createResult("Please refresh the page and try again"); die; } if (isset($_POST['registration'])) { $registration = (array) json_decode(base64_decode($_POST['registration'])); if ($field = Submission::checkFields(array("username", "email", "password", "repeat_password"), $registration)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } else { if (!Submission::checkEquality($registration['password'], $registration['repeat_password'])) { die(Submission::createResult("Passwords do not match")); } } if (!is_null(Settings::i()->captcha_private)) { if (!isset($registration['captcha_response'])) { die(Submission::createResult("Please validate the captcha")); } $reCaptcha = new ReCaptcha(Settings::i()->captcha_private); $resp = $reCaptcha->verifyResponse($_SERVER["REMOTE_ADDR"], $registration['captcha_response']); if (!$resp->success) { die(Submission::createResult("Please validate the Captcha")); }
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.btc.php'; require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.submission.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; if (!SessionManager::i()->isLoggedIn()) { Logger::i()->writeLog("User not logged in", 'access'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("PaymentStatusToken", "token")) { Logger::i()->writeLog("Token to get payment status is missing", 'access'); die(Submission::createResult("Permission denied")); } try { $btc = new BTC(); $info = (array) $btc->checkPaymentStatus(); if ($info['result'] == "success") { die(Submission::createResult($info['resultMessage'], true)); } } catch (Exception $e) { Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev'); }
$result = "File exists already"; } else { if (move_uploaded_file($tmp_name, $target_file)) { $filePath = str_replace($_SERVER['DOCUMENT_ROOT'], "", dirname(__DIR__) . "/uploads/" . $name); } else { $result = "Moving failed"; } } } return $result; } if (!SessionManager::i()->isAdminLoggedIn()) { Logger::i()->writeLog("Admin is not logged in", 'access'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("AddProductToken", "token")) { Logger::i()->writeLog("Token to add product is missing", 'access'); die(Submission::createResult("Please refresh the page and try again")); } if (isset($_POST['product'])) { $product = (array) json_decode(base64_decode($_POST['product'])); if ($field = Submission::checkFields(array("name", "price", "description", "available"), $product)) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } else { if (!isset($_FILES) || ($field = Submission::checkFields(array("bigimage", "productfile"), $_FILES))) { die(Submission::createResult(ucfirst($field) . " is missing or invalid")); } } $imagePath = null; $bigImagePath = null; $productPath = null;
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__) . "/.."); require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.settings.php'; require_once ROOT_DIR . '/admin/admin_config.php'; if (SessionManager::i()->isAdminLoggedIn()) { header("Location: admincp.php"); die; } $_SESSION['LoginToken'] = SessionManager::GenerateToken(); ?> <!DOCTYPE html> <html lang="en" ng-app="ShopFixAdminApp"> <head> <title><?php echo Settings::i()->title; ?> - AdminCP</title> <!-- Meta information --> <meta charset="UTF-8"> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="description" content="ShopFix is a simple but useful shop CMS" /> <meta name="keywords" content="shopping, shopfix, cms, purchases" /> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <meta name='expires' content='0'> <meta content='no-cache'> <!-- jQuery --> <script src="../js/jquery-1.11.2.min.js"></script>
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.payments.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; if (!SessionManager::i()->isLoggedIn()) { Logger::i()->writeLog("User is not logged in", 'dev'); SessionManager::i()->destroySession(true, "index.php"); die; } if (!SessionManager::i()->validateToken("DownloadToken", "token", "GET")) { Logger::i()->writeLog("Token to download is missing", 'dev'); SessionManager::i()->destroySession(true, "index.php"); die; } if (!isset($_GET['productid']) || !isset($_GET['transaction_id'])) { header("Location: index.php"); die; } $payments = (array) json_decode(Payments::i()->getPayments()); $payments = (array) $payments['payments']; $payments = array_filter($payments, function ($payment) { return $payment->token == $_GET['transaction_id']; }); if (count($payments) == 1) { $payment = $payments[0]; $has_purchased = false; foreach ($payment->cart as $key => $value) { if ($key == $_GET['productid']) { $has_purchased = true;
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.logger.php'; if (!SessionManager::i()->validateToken("LogoutToken", "token")) { Logger::i()->writeLog("Logout failed for UserID = " . $_SESSION['userid']); header("Location: index.php"); die; } SessionManager::i()->destroySession();
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.btc.php'; require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.paypal.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->isLoggedIn()) { Logger::i()->writeLog("User not logged in", 'access'); die(Submission::createResult("Permission denied")); } if (!SessionManager::i()->validateToken("CheckoutToken", "token")) { Logger::i()->writeLog("Token to checkout is missing", 'access'); die(Submission::createResult("Permission denied")); } function createURLForScript($script) { $url = ""; $scheme = isset($_SERVER['HTTPS']) ? "https://" : "http://"; $url .= $scheme . $_SERVER['SERVER_NAME'] . str_replace($_SERVER['DOCUMENT_ROOT'], "", getcwd() . "/{$script}"); return $url; } function checkoutWithPaypal($total, $cart) { try { $paypal = new PayPal(true); } catch (Exception $e) { Logger::i()->writeLog("Caught Exception: " . $e->getMessage(), 'dev'); die; }
<?php defined("ROOT_DIR") ?: define('ROOT_DIR', dirname(__FILE__)); require_once ROOT_DIR . '/class.logger.php'; require_once ROOT_DIR . '/class.sessionmanager.php'; require_once ROOT_DIR . '/class.submission.php'; if (!SessionManager::i()->validateToken("LoadProductsToken", "token")) { Logger::i()->writeLog("Token to load products is missing", 'dev'); die(Submission::createResult("Permission denied")); } header("Content-Type: application/json; charset=UTF-8"); $products = DbManager::i()->select("sf_products", array("productid", "name", "price", "description", "available", "image", "bigimage", "soldOut")); if ($products !== false) { $prods = array(); if (!is_array($products)) { $products = array($products); } foreach ($products as $product) { array_push($prods, array("productid" => $product->productid, "name" => $product->name, "price" => $product->price, "description" => $product->description, "available" => intval($product->available), "image" => $product->image, "bigimage" => $product->bigimage, "soldOut" => intval($product->soldOut))); } echo json_encode(array("products" => $prods)); unset($prods); unset($products); } else { Logger::i()->writeLog("Could not get products, error = " . DbManager::i()->error, 'dev'); die(Submission::createResult("Could not get products")); }