Skip to content

Commit 2636742

Browse files
georgicageorgica
committed
Updates March 24 2021
1 parent 84c2019 commit 2636742

19 files changed

+779
-295
lines changed

ajax.php

+30-36
Original file line numberDiff line numberDiff line change
@@ -24,44 +24,42 @@
2424

2525
switch($_POST['action']){
2626
case "LOGIN":
27-
$action = SB_AUTH::makeAuth(htmlspecialchars($_POST['username']), htmlspecialchars($_POST['password']));
27+
$action = SB_AUTH::makeAuth($_POST['username'], $_POST['password']);
2828
$response = $action;
2929
break;
3030

3131
case "REGISTER_USER":
32-
$action = SB_AUTH::registerUser(htmlspecialchars($_POST['username']), htmlspecialchars($_POST['password']),
33-
htmlspecialchars($_POST['email']), htmlspecialchars($_POST['first_name']),
34-
htmlspecialchars($_POST['last_name']));
32+
$action = SB_AUTH::registerUser($_POST['username'], $_POST['password'], $_POST['email'], $_POST['first_name'], $_POST['last_name']);
3533
$response['status'] = $action;
3634
break;
3735

3836
case "CHECK_EMAIL":
39-
$action = SB_AUTH::checkIfEmailExists(htmlspecialchars($_POST['email']));
37+
$action = SB_AUTH::checkIfEmailExists($_POST['email']);
4038
$response = ($action) ? "Email already exists!" : "true";
4139
break;
4240

4341
case "CHECK_EMAIL_REVERSE":
44-
$action = SB_AUTH::checkIfEmailExists(htmlspecialchars($_POST['email']));
42+
$action = SB_AUTH::checkIfEmailExists($_POST['email']);
4543
$response = (!$action) ? "Email not in our database!" : "true";
4644
break;
4745

4846
case "CHECK_USERNAME":
49-
$action = SB_AUTH::checkIfUsernameExists(htmlspecialchars($_POST['username']));
47+
$action = SB_AUTH::checkIfUsernameExists($_POST['username']);
5048
$response = ($action) ? "Username already exists!" : "true";
5149
break;
5250

5351
case "RESEND_EMAIL":
54-
$action = SB_AUTH::resendEmail(htmlspecialchars($_POST['uID']));
52+
$action = SB_AUTH::resendEmail($_POST['uID']);
5553
$response['status'] = $action;
5654
break;
5755

5856
case "FORGOT_PASSWORD":
59-
$action = SB_AUTH::forgotPassword(htmlspecialchars($_POST['email']));
57+
$action = SB_AUTH::forgotPassword($_POST['email']);
6058
$response['status'] = $action;
6159
break;
6260

6361
case "UPDATE_PASSWORD_FORGOT":
64-
$action = SB_USER::updatePasswordForgot(htmlspecialchars($_POST['uID']), htmlspecialchars($_POST['password']));
62+
$action = SB_USER::updatePasswordForgot($_POST['uID'], $_POST['password']);
6563
$response['status'] = ($action) ? "success" : "failed";
6664
break;
6765

@@ -98,9 +96,7 @@
9896
break;
9997

10098
case "UPDATE_USER_SETTINGS":
101-
$action = SB_USER::updateUserSettings($_SESSION['uID'], htmlspecialchars($_POST['time_zone']),
102-
htmlspecialchars($_POST['date_format']), htmlspecialchars($_POST['time_format']),
103-
htmlspecialchars($_POST['wallet_address']));
99+
$action = SB_USER::updateUserSettings($_SESSION['uID'], $_POST['time_zone'], $_POST['date_format'], $_POST['time_format'], $_POST['wallet_address']);
104100
$response['status'] = ($action) ? "success" : "failed";
105101
break;
106102

@@ -111,9 +107,8 @@
111107
break;
112108

113109
case "UPDATE_USER_DETAILS":
114-
$action = SB_USER::updateUserDetails($_SESSION['uID'], htmlspecialchars($_POST['first_name']), htmlspecialchars($_POST['last_name']),
115-
htmlspecialchars($_POST['address']), htmlspecialchars($_POST['city']), htmlspecialchars($_POST['state']),
116-
htmlspecialchars($_POST['country']), htmlspecialchars($_POST['zip']));
110+
$action = SB_USER::updateUserDetails($_SESSION['uID'], $_POST['first_name'], $_POST['last_name'], $_POST['address'], $_POST['city'], $_POST['state'],
111+
$_POST['country'], $_POST['zip']);
117112
$response['status'] = $action;
118113
break;
119114

@@ -123,65 +118,64 @@
123118
break;
124119

125120
case "GET_STATES":
126-
$action = SB_CORE::getStates(htmlspecialchars($_POST['iso']));
121+
$action = SB_CORE::getStates($_POST['iso']);
127122
$response['status'] = "success";
128123
$response['data'] = $action;
129124
break;
130125

131126
case "GET_CITY_STATE":
132-
$action = SB_CORE::getZipCode(htmlspecialchars($_POST['iso']), htmlspecialchars($_POST['zipCode']));
127+
$action = SB_CORE::getZipCode($_POST['iso'], $_POST['zipCode']);
133128
$response['status'] = "success";
134129
$response['data'] = $action;
135130
break;
136131

137132
case "CHECK_CURRENT_PASSWORD":
138-
$action = SB_USER::checkCurrentPass(htmlspecialchars($_POST['password']));
133+
$action = SB_USER::checkCurrentPass($_POST['password']);
139134
$response = ($action) ? "true" : "Password does not match!";
140135
break;
141136

142137
case "CHECK_PASSWORD":
143-
$action = SB_USER::checkCurrentPass(htmlspecialchars($_POST['password']));
138+
$action = SB_USER::checkCurrentPass($_POST['password']);
144139
$response['status'] = ($action) ? "success" : "false";
145140
break;
146141

147142
case "UPDATE_PASSWORD":
148-
$action = SB_USER::updatePassword($_SESSION['uID'], htmlspecialchars($_POST['password']), htmlspecialchars($_POST['current_pass']));
143+
$action = SB_USER::updatePassword($_SESSION['uID'], $_POST['password'], $_POST['current_pass']);
149144
$response['status'] = ($action) ? "success" : "failed";
150145
break;
151146

152147
case "UPDATE_PROFILE_IMG":
153-
$action = SB_USER::updateProfileImg($_SESSION['uID'], htmlspecialchars($_POST['img']));
148+
$action = SB_USER::updateProfileImg($_SESSION['uID'], $_POST['img']);
154149
$response['status'] = ($action) ? "success" : "failed";
155150
break;
156151

157152
case "DESTORY_SESSION":
158-
$action = SB_USER::destroyActiveSession(htmlspecialchars($_POST['sID']));
153+
$action = SB_USER::destroyActiveSession($_POST['sID']);
159154
$response['status'] = ($action) ? "success" : "failed";
160155
break;
161156

162157
case "CHECK_HELIUM_ADDRESS":
163-
$action = SB_HELIUM::checkIfValidAddress(htmlspecialchars($_POST['w_address']));
158+
$action = SB_HELIUM::checkIfValidAddress($_POST['w_address']);
164159
$response = ($action) ? "true" : "Invalid Helium Wallet Address";
165160
break;
166161

167162
case "ADD_WALLET_ADDRESS":
168-
$action = SB_USER::addWallet($_SESSION['uID'], htmlspecialchars($_POST['nickname']), htmlspecialchars($_POST['wAddr']), htmlspecialchars($_POST['primary']));
163+
$action = SB_USER::addWallet($_SESSION['uID'], $_POST['nickname'], $_POST['wAddr'], $_POST['primary']);
169164
$response = $action;
170165
break;
171166

172167
case "GET_USER_WALLET_DETAILS":
173-
$action = SB_USER::getUserWallet($_SESSION['uID'], htmlspecialchars($_POST['wID']));
168+
$action = SB_USER::getUserWallet($_SESSION['uID'], $_POST['wID']);
174169
$response = $action;
175170
break;
176171

177172
case "EDIT_USER_WALLET":
178-
$action = SB_USER::editUserWallet($_SESSION['uID'], htmlspecialchars($_POST['wID']), htmlspecialchars($_POST['nickname']),
179-
htmlspecialchars($_POST['wAddr']), htmlspecialchars($_POST['primary']));
173+
$action = SB_USER::editUserWallet($_SESSION['uID'], $_POST['wID'], $_POST['nickname'], $_POST['wAddr'], $_POST['primary']);
180174
$response['status'] = $action;
181175
break;
182176

183177
case "DELETE_USER_WALLET":
184-
$action = SB_USER::deleteUserWallet($_SESSION['uID'], htmlspecialchars($_POST['wID']));
178+
$action = SB_USER::deleteUserWallet($_SESSION['uID'], $_POST['wID']);
185179
$response = $action ;
186180
break;
187181

@@ -198,39 +192,39 @@
198192
break;
199193

200194
case "ADD_API_KEY":
201-
$action = SB_API::addKeys($_SESSION['uID'], htmlspecialchars($_POST['appName']));
195+
$action = SB_API::addKeys($_SESSION['uID'], $_POST['appName']);
202196
$response = $action;
203197
break;
204198

205199
case "DELETE_KEY":
206-
$action = SB_API::deleteKey($_SESSION['uID'], htmlspecialchars($_POST['kID']));
200+
$action = SB_API::deleteKey($_SESSION['uID'], $_POST['kID']);
207201
$response = $action;
208202
break;
209203

210204
case "GET_API_KEY":
211-
$action = SB_API::getUserKey($_SESSION['uID'], htmlspecialchars($_POST['kID']));
205+
$action = SB_API::getUserKey($_SESSION['uID'], $_POST['kID']);
212206
$response['status'] = (!$action) ? "failed" : "success";
213207
$response['apiKey'] = $action;
214208
break;
215209

216210
case "GET_HISTORY":
217-
$action = SB_SUBSCRIPTION::getPaymentHistory($_SESSION['uID'], htmlspecialchars($_POST['range']));
211+
$action = SB_SUBSCRIPTION::getPaymentHistory($_SESSION['uID'], $_POST['range']);
218212
$response['status'] = (!$action) ? "failed" : "success";
219213
$response['history'] = $action;
220214
break;
221215

222216
case "UPGRADE_PGK":
223-
$action = SB_SUBSCRIPTION::updateUserPkg($_SESSION['uID'], htmlspecialchars($_POST['pkg']));
217+
$action = SB_SUBSCRIPTION::updateUserPkg($_SESSION['uID'], $_POST['pkg']);
224218
$response['status'] = ($action) ? "success" : "failed";
225219
break;
226220

227221
case "CREATE_IP_MAP":
228-
$action = SB_WATCHDOG::createIPMap(htmlspecialchars($_POST['ip']));
222+
$action = SB_WATCHDOG::createIPMap($_POST['ip']);
229223
$response = $action;
230224
break;
231225

232226
case "GET_ACCT_HISTORY":
233-
$action = SB_WATCHDOG::getUserActivity($_SESSION['uID'], htmlspecialchars($_POST['start']), htmlspecialchars($_POST['end']));
227+
$action = SB_WATCHDOG::getUserActivity($_SESSION['uID'], $_POST['start'], $_POST['end']);
234228
$response['status'] = (!$action) ? "success" : "failed";
235229
$response['history'] = $action;
236230
break;

includes/config.inc.php

+8-10
Original file line numberDiff line numberDiff line change
@@ -24,21 +24,19 @@
2424

2525
/** Memcached Credentials */
2626
define("SB_MEMCACHED", "192.168.198.141");
27-
define("SB_MEMCACHED_LONG", "");
28-
define("SB_MEMCACHED_MEDIUM", "");
29-
define("SB_MEMCACHED_FAST", "");
27+
define("MEMCACHED_SHORT", 3600);
28+
define("MEMCACHED_MEDIUM", 95200);
29+
define("MEMCACHED_LONG", 1005200);
3030

3131
/** Postgres Credentials */
32-
33-
//define("SB_PG_HOST", "etl.dewi.org");
34-
//define("SB_PG_USER", "georgica");
35-
//define("SB_PG_PASSWORD", "n2YuofwiekKX_FuYCPfLBan6KR8F");
36-
//define("SB_PG_DATABASE", "etl");
37-
3832
define("SB_PG_HOST", "192.168.144.115");
3933
define("SB_PG_USER", "etl");
4034
define("SB_PG_PASSWORD", "m3rt3c123");
4135
define("SB_PG_DATABASE", "etl");
4236

4337
/* Theme Options */
44-
define("SB_THEME", "syncrobit");
38+
define("SB_THEME", "syncrobit");
39+
40+
//DB Calls
41+
$pg_db = new PDO("pgsql:host=".SB_PG_HOST.";port=5432;dbname=".SB_PG_DATABASE.";user=".SB_PG_USER.";password=".SB_PG_PASSWORD);
42+
$msql_db = new PDO("mysql:host=".SB_DB_HOST.";dbname=".SB_DB_DATABASE, SB_DB_USER, SB_DB_PASSWORD);

includes/initd.inc.php

+4-2
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
$session = new SB_SESSION();
1212

1313
require SB_LIBS."core.lib.php";
14-
require SB_LIBS."openvpn.lib.php";
14+
require SB_LIBS."sanitize.lib.php";
1515
require SB_LIBS."theme.lib.php";
1616
require SB_LIBS."auth.lib.php";
1717
require SB_LIBS."watchdog.lib.php";
@@ -28,4 +28,6 @@
2828
require SB_LIBS."subscription.lib.php";
2929
require SB_LIBS."api.lib.php";
3030

31-
SB_CORE::loadModules();
31+
SB_CORE::loadModules();
32+
33+

libs/api.lib.php

+24-12
Original file line numberDiff line numberDiff line change
@@ -16,20 +16,22 @@ public static function generateKeys(){
1616
}
1717

1818
public static function addKeys($uID, $appName){
19+
global $msql_db;
1920
$time = time();
20-
21+
$uID = sanitize_sql_string($uID);
22+
$appName = sanitize_sql_string($appName);
23+
2124
try {
2225
$sql = "INSERT INTO `sb_api_keys` (`uid`, `app_name`, `key`, `created`)
2326
VALUES (:uID, :app_name, :akey, :created)";
24-
$db = new PDO("mysql:host=".SB_DB_HOST.";dbname=".SB_DB_DATABASE, SB_DB_USER, SB_DB_PASSWORD);
25-
$statement = $db->prepare($sql);
27+
$statement = $msql_db->prepare($sql);
2628
$statement->bindParam(":uID", $uID);
2729
$statement->bindParam(":app_name", $appName);
2830
$statement->bindParam(":akey", $_SESSION['new_api_key']);
2931
$statement->bindParam(":created", $time);
3032

3133
if($statement->execute()){
32-
$kID = $db->lastInsertId();
34+
$kID = $msql_db->lastInsertId();
3335
SB_WATCHDOG::insertUserActivity($uID, 'API KEY ADDED', 'API Key successfully added.');
3436

3537
return array(
@@ -51,10 +53,12 @@ public static function addKeys($uID, $appName){
5153
}
5254

5355
public static function getKeysCount($uID){
56+
global $msql_db;
57+
$uID = sanitize_sql_string($uID);
58+
5459
try {
5560
$sql = "SELECT id FROM `sb_api_keys` WHERE `uid` = :uID";
56-
$db = new PDO("mysql:host=".SB_DB_HOST.";dbname=".SB_DB_DATABASE, SB_DB_USER, SB_DB_PASSWORD);
57-
$statement = $db->prepare($sql);
61+
$statement = $msql_db->prepare($sql);
5862
$statement->bindParam(":uID", $uID);
5963
$statement->execute();
6064

@@ -68,10 +72,13 @@ public static function getKeysCount($uID){
6872
}
6973

7074
public static function deleteKey($uID, $kID){
75+
global $msql_db;
76+
$uID = sanitize_sql_string($uID);
77+
$kID = sanitize_sql_string($kID);
78+
7179
try {
7280
$sql = "DELETE FROM `sb_api_keys` WHERE `uid` = :uID AND `id` = :kID";
73-
$db = new PDO("mysql:host=".SB_DB_HOST.";dbname=".SB_DB_DATABASE, SB_DB_USER, SB_DB_PASSWORD);
74-
$statement = $db->prepare($sql);
81+
$statement = $msql_db->prepare($sql);
7582
$statement->bindParam(":uID", $uID);
7683
$statement->bindParam(":kID", $kID);
7784

@@ -93,10 +100,12 @@ public static function deleteKey($uID, $kID){
93100
}
94101

95102
public static function getUserKeys($uID){
103+
global $msql_db;
104+
$uID = sanitize_sql_string($uID);
105+
96106
try {
97107
$sql = "SELECT `id`, `app_name`, `key`, `created` FROM `sb_api_keys` WHERE `uid` = :uID";
98-
$db = new PDO("mysql:host=".SB_DB_HOST.";dbname=".SB_DB_DATABASE, SB_DB_USER, SB_DB_PASSWORD);
99-
$statement = $db->prepare($sql);
108+
$statement = $msql_db->prepare($sql);
100109
$statement->bindParam(":uID", $uID);
101110
$statement->execute();
102111

@@ -146,10 +155,13 @@ public static function getUserKeys($uID){
146155
}
147156

148157
public static function getUserKey($uID, $kID){
158+
global $msql_db;
159+
$uID = sanitize_sql_string($uID);
160+
$kID = sanitize_sql_string($kID);
161+
149162
try {
150163
$sql = "SELECT `key` FROM `sb_api_keys` WHERE `uid` = :uID AND `id` = :kID";
151-
$db = new PDO("mysql:host=".SB_DB_HOST.";dbname=".SB_DB_DATABASE, SB_DB_USER, SB_DB_PASSWORD);
152-
$statement = $db->prepare($sql);
164+
$statement = $msql_db->prepare($sql);
153165
$statement->bindParam(":uID", $uID);
154166
$statement->bindParam(":kID", $kID);
155167
$statement->execute();

0 commit comments

Comments
 (0)