API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 27th, 2016
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.14 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. define('BASE_PATH', realpath('../../') . '/');
  3. set_include_path(realpath('../../'));
  4. require_once(BASE_PATH . "app/inc.php");
  5. require_once(CONFIG_PATH."connect.php");
  6.  
  7. header("Content-Type: application/json");
  8.  
  9. // Include FirePHP Libraries and output "hue"
  10. //require_once('../lib/FirePHPCore/FirePHP.class.php');
  11. //require_once('../lib/FirePHPCore/fb.php');
  12. //fb('Hue');
  13. //fb('hue", 'Hue?:');
  14. //ob_start();
  15.  
  16. error_reporting(E_ERROR);
  17.  
  18. // @CONFIG:
  19. //$adminEmail = "schwindy1234@gmail.com";
  20. $adminEmail = "robert@thewashplant.com";
  21.  
  22. // Check connection
  23. $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
  24.  
  25. if (empty($_REQUEST['run'])){$_REQUEST['run'] = 'kek';}
  26. else if(empty($_REQUEST['systemCall'])){$_REQUEST['systemCall'] = 'kek';}
  27. else if (empty($_REQUEST['pwrD'])){$_REQUEST['pwrD'] = 'kek';}
  28. else if (empty($_REQUEST['guest'])){$_REQUEST['guest'] = 'kek';}
  29. else if (empty($_REQUEST['invCode'])){$_REQUEST['invCode'] = 'kek';}
  30.  
  31. if (empty($_POST['run'])){$_POST['run'] = 'kek';}
  32. else if(empty($_POST['systemCall'])){$_POST['systemCall'] = 'kek';}
  33. else if (empty($_POST['pwrD'])){$_POST['pwrD'] = 'kek';}
  34. else if (empty($_POST['guest'])){$_POST['guest'] = 'kek';}
  35. else if (empty($_POST['invCode'])){$_POST['invCode'] = 'kek';}
  36.  
  37. if ($_REQUEST['systemCall'] === 'sandbox')
  38. {
  39. echo sha1(PJSalt.$_REQUEST['pass']);
  40. }
  41. else if ($_REQUEST['systemCall'] === 'dealerRegister')
  42. {
  43. // Receive Data
  44. $emailAddress = urldecode($_REQUEST['emailAddress']);
  45. $password = sha1(PJSalt.urldecode($_REQUEST['password']));
  46. $fullName = urldecode($_REQUEST['fullName']);
  47. $dateCreated = get_date();
  48. $verified = "verified";
  49.  
  50. // Check to make sure this email address is not already in use
  51. $query = "SELECT * FROM dealers WHERE email='$emailAddress';";
  52. $result = $mysqli->query($query);
  53. $counter = $mysqli->affected_rows;
  54. // Insert new user into users table
  55. if ($counter < 1)
  56. {
  57. // Add to dealers table
  58. $query = "INSERT INTO dealers (email, password, fullName, dateCreated, verified)
  59. VALUES ('$emailAddress', '$password', '$fullName', '$dateCreated', '$verified');";
  60. $result = $mysqli->query($query);
  61.  
  62. // Add to authGrid table
  63. $query = "INSERT INTO authGrid (email, crypto)
  64. VALUES ('$emailAddress', '$crypto');";
  65. $result = $mysqli->query($query);
  66.  
  67. // Respond to client
  68. $msg = "success";
  69. $i = 0;
  70. $inv[$i] = new Response();
  71. $inv[$i]->message = $msg;
  72. echo json_encode($inv);
  73. }
  74. else
  75. {
  76. // Respond to client
  77. $msg = "fail";
  78. $i = 0;
  79. $inv[$i] = new Response();
  80. $inv[$i]->message = $msg;
  81. echo json_encode($inv);
  82. }
  83. }
  84. else if ($_REQUEST['systemCall'] === 'passReset')
  85. {
  86. $email = $_REQUEST['email'];
  87. $crypto = generateCryptoCode(8);
  88.  
  89. // Update dealer instance
  90. $query =
  91. "UPDATE dealers SET
  92. cryptoPass='$crypto'
  93. WHERE email='$email';";
  94. $resultTwo = $mysqli->query($query);
  95.  
  96. // Respond to client
  97. $msg = "success";
  98. $i = 0;
  99. $inv[$i] = new Response();
  100. $inv[$i]->message = $msg;
  101. $inv[$i]->crypto = $crypto;
  102. echo json_encode($inv);
  103. }
  104. else if ($_REQUEST['systemCall'] === 'loginCall')
  105. {
  106. $username = urldecode($_REQUEST['user']);
  107. $password = sha1(PJSalt. urldecode($_REQUEST['pass']));
  108.  
  109. $result = $mysqli->query("SELECT * FROM dealers WHERE email='$username'");
  110. $counter = $mysqli->affected_rows;
  111. $i = 0;$msg = "fail";
  112.  
  113. if ($counter > 0)
  114. {
  115. while($row = mysqli_fetch_assoc($result))
  116. {
  117. $u = $row['email'];
  118. $p = $row['password'];
  119. $cP = $row['cryptoPass'];
  120. $v = $row['verified'];
  121. $timestamp = get_date();
  122.  
  123. if ($username === $u && $password === $p)
  124. {
  125. $msg = "success";
  126. $query =
  127. "UPDATE dealers SET
  128. last_login='$timestamp'
  129. WHERE email='$username';";
  130. $result = $mysqli->query($query);
  131. }
  132. else if ($username === $u && $password === $cP)
  133. {
  134. $msg = "success";
  135. $query =
  136. "UPDATE dealers SET
  137. password='$password',
  138. last_login='$timestamp'
  139. WHERE email='$username';";
  140. $result = $mysqli->query($query);
  141. }
  142. else{$msg = "fail";}
  143. }
  144. }
  145. else{$msg = "fail"; }
  146.  
  147. if ($msg == "success")
  148. {
  149. $crypto = generateCryptoCode(20);
  150. $result = $mysqli->query("INSERT INTO authGrid (email, crypto) VALUES ('$username', '$crypto');");
  151. }
  152. else{$crypto = "1337h4(k5";}
  153.  
  154. $i = 0;
  155. $inv[$i] = new Response();
  156. $inv[$i]->message = $msg;
  157. $inv[$i]->loginCrypto = $crypto;
  158.  
  159. echo json_encode($inv);
  160. }
  161. else if ($_REQUEST['systemCall'] === 'systemAuth')
  162. {
  163. $crypto = urldecode(['crypto']);
  164. $query = "SELECT * FROM authGrid WHERE crypto='$crypto';";
  165. $result = $mysqli->query($query);
  166. $counter = $mysqli->affected_rows;
  167. $msg = "fail";
  168.  
  169. // Get crypto info
  170. if ($counter === 1)
  171. {
  172. // Read User Data
  173. while($row = mysqli_fetch_assoc($result))
  174. {
  175. $uid = $row['email'];
  176. $op = $row['op'];
  177. }
  178.  
  179. // Update dealer instance
  180. $used = "used";
  181. $usable = "usable";
  182. $query =
  183. "UPDATE authGrid SET
  184. status='$used'
  185. WHERE crypto='$crypto' AND status='$usable';";
  186. $result = $mysqli->query($query);
  187.  
  188. if ($result !== false)
  189. {
  190. $msg = "success";
  191. }
  192. }
  193.  
  194. $i = 0;
  195. $inv[$i] = new Response();
  196. $inv[$i]->message = $msg;
  197.  
  198. echo json_encode($inv);
  199. }
  200. else
  201. {
  202. echo "Invalid systemCall passed";
  203. }
  204.  
  205. $thread = $mysqli->thread_id;$mysqli->kill($thread);$mysqli->close(); // mySQL Garbage Collection
  206. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!