File manager

File manager - Edit - /home/autoph/public_html/tasks/token.php

Back
<?php // $agent = $_SERVER["HTTP_USER_AGENT"]; // echo $agent; // exit; include 'cfg/db.php'; //login without inputting user detials purpose if(isset($_REQUEST['token']) && $utility_class->isNotEmpty($_REQUEST['token']) && isset($_REQUEST['type']) && $utility_class->isNotEmpty($_REQUEST['type']) ){ $type = $db->escape($_REQUEST['type']); $type = intval($type); $token = $db->escape($_REQUEST['token']); // sample: api.php?token=&type=1&category=tickets&action=view&id=&notification= // 0. check if token is still valid // 1. get token owner // 2. set session // 3. redirect to target page // echo "Signing in...<br>"; if($type === 1){ // include_once dirname(__FILE__) . '/app/classes/ticket_class.php'; // include_once dirname(__FILE__) . '/app/classes/user_class.php'; // $ticket_class = new Ticket(); // $user_class = new User(); $ticket_id = $db->escape($_REQUEST['id']); $query = "SELECT user_id FROM user_login_token WHERE 1 AND status = 1 AND token= '$token' AND type = $type AND source_id = $ticket_id LIMIT 1"; $user_id = $db->select($query); if($utility_class->isNotEmpty($user_id)){ // $ticket_info_obj = $ticket_class->read_ticket_information($ticket_id,$utility_class,$db); // $ticket_info_arr = array(); // foreach($ticket_info_obj as $row){ // $ticket_info_arr = $row; // } $where_statement = " AND (u.`id` = $user_id) "; $user_class->system_user_security($where_statement,array(),'main',$utility_class,$db); $final = "index.php#tickets-view-".$_REQUEST['id']; header('Location: '.$final); }else{ invalidToken(); } }else if($type === 2){ include_once dirname(__FILE__) . '/app/classes/ticket_class.php'; $ticket_class = new Ticket(); $ticket_id = $db->escape($_REQUEST['id']); $query = "SELECT user_id FROM user_login_token WHERE 1 AND status = 1 AND token= '$token' AND type = $type AND source_id = $ticket_id LIMIT 1"; $user_id = $db->select($query); if($utility_class->isNotEmpty($user_id)){ $where_statement = " AND (u.`id` = $user_id) "; $user_class->system_user_security($where_statement,array(),'main',$utility_class,$db); $final = "index.php#tickets-view-".$_REQUEST['id']; header('Location: '.$final); }else{ invalidToken(); } }else if($type === 3){ $user_id = 2; $where_statement = " AND (u.`id` = $user_id) "; $user_class->system_user_security($where_statement,array(),'main',$utility_class,$db); header('Location: index.php'); }else if($type === 4){ // include_once dirname(__FILE__) . '/app/classes/ticket_class.php'; // include_once dirname(__FILE__) . '/app/classes/user_class.php'; // $ticket_class = new Ticket(); // $user_class = new User(); $target_id = $db->escape($_REQUEST['id']); $query = "SELECT user_id FROM user_login_token WHERE 1 AND status = 1 AND token= '$token' AND type = $type AND source_id = $target_id LIMIT 1"; // echo $query;exit; $user_id = $db->select($query); if($utility_class->isNotEmpty($user_id)){ $where_statement = " AND (u.`id` = $user_id) "; $user_class->system_user_security($where_statement,array(),'main',$utility_class,$db); $final = "index.php#videos-view-".$_REQUEST['id']; header('Location: '.$final); }else{ invalidToken(); } }else if($type === 5){ //redirect to ticket information $target_id = $db->escape($_REQUEST['id']); $query = "SELECT user_id FROM user_login_token WHERE 1 AND status = 1 AND token= '$token' AND type = $type AND source_id = $target_id LIMIT 1"; // echo $query;exit; $user_id = $db->select($query); if($utility_class->isNotEmpty($user_id)){ $where_statement = " AND (u.`id` = $user_id) "; $user_class->system_user_security($where_statement,array(),'main',$utility_class,$db); $final = "index.php"; header('Location: '.$final); }else{ invalidToken(); } }else{ exitPage(); } }else if(isset($_REQUEST['token']) && $utility_class->isNotEmpty($_REQUEST['token']) ){ $function_name = $db->escape($_REQUEST['token']); $parameters = array( 'db'=>$db, 'utility_class'=>$utility_class, 'global_system_settings'=>$global_system_settings, 'user_session'=>$session_user, ); @call_user_func($function_name,$parameters); }else{ exitPage(); } function gen_token($param){ $db = $param['db']; $utility_class = $param['utility_class']; if((!isset($_REQUEST['value']) \|\| !$utility_class->isNotEmpty($_REQUEST['value'])) \|\| (!isset($_REQUEST['api']) \|\| !$utility_class->isNotEmpty($_REQUEST['api'])) ){ exitPage(); } $value = $_REQUEST['value']; echo $utility_class->encrypt($value); } function dec_token($param){ $db = $param['db']; $utility_class = $param['utility_class']; if((!isset($_REQUEST['value']) \|\| !$utility_class->isNotEmpty($_REQUEST['value'])) \|\| (!isset($_REQUEST['key']) \|\| !$utility_class->isNotEmpty($_REQUEST['key'])) ){ exitPage(); } $value = $_REQUEST['value']; $key = $_REQUEST['key']; echo $utility_class->decrypt($key,$value); } // functions function exitPage(){ echo "Invalid request."; exit; } function closeTicket(){ echo "Cannot access anymore, ticket is closed."; exit; } function invalidToken(){ echo "Invalid or expired token."; exit; } ?>

| ver. 1.4 | . | PHP 7.3.33 | Generation time: 0 | proxy | phpinfo | Settings