Updates 03.05.21

Author: georgica

.vscode/sftp.json

@@ -1,10 +1,10 @@
 {
     "name": "Syncrob.it",
-    "host": "97.107.135.88",
+    "host": "192.168.144.42",
     "protocol": "sftp",
     "port": 2304,
     "username": "syncrobit",
     "password": "m3rt3c123",
-    "remotePath": "/home/syncrobit/public_html/dashboard",
+    "remotePath": "/home/syncrobit/public_html",
     "uploadOnSave": true
 }

ajax.php

@@ -15,45 +15,53 @@
     die(json_encode($response));
 }
 
+if($_SESSION['id'] == session_id()){
+    $response['status'] = "invalid";
+    $response['message'] = "Invalid Session";
+    die(json_encode($response));
+}
+
 
 switch($_POST['action']){
     case "LOGIN":
-        $action = SB_AUTH::makeAuth($_POST['username'], $_POST['password']);
+        $action = SB_AUTH::makeAuth(htmlspecialchars($_POST['username']), htmlspecialchars($_POST['password']));
         $response = $action;
     break;
 
     case "REGISTER_USER":
-        $action = SB_AUTH::registerUser($_POST['username'], $_POST['password'], $_POST['email'], $_POST['first_name'], $_POST['last_name']);
+        $action = SB_AUTH::registerUser(htmlspecialchars($_POST['username']), htmlspecialchars($_POST['password']), 
+                                        htmlspecialchars($_POST['email']), htmlspecialchars($_POST['first_name']), 
+                                        htmlspecialchars($_POST['last_name']));
         $response['status'] = $action;
     break;
 
     case "CHECK_EMAIL":
-        $action = SB_AUTH::checkIfEmailExists($_POST['email']);
+        $action = SB_AUTH::checkIfEmailExists(htmlspecialchars($_POST['email']));
         $response = ($action) ? "Email already exists!" : "true";
     break;
 
     case "CHECK_EMAIL_REVERSE":
-        $action = SB_AUTH::checkIfEmailExists($_POST['email']);
+        $action = SB_AUTH::checkIfEmailExists(htmlspecialchars($_POST['email']));
         $response = (!$action) ? "Email not in our database!" : "true";
     break;
 
     case "CHECK_USERNAME":
-        $action = SB_AUTH::checkIfUsernameExists($_POST['username']);
+        $action = SB_AUTH::checkIfUsernameExists(htmlspecialchars($_POST['username']));
         $response = ($action) ? "Username already exists!" : "true";
     break;
 
     case "RESEND_EMAIL":
-        $action = SB_AUTH::resendEmail($_POST['uID']);
+        $action = SB_AUTH::resendEmail(htmlspecialchars($_POST['uID']));
         $response['status'] = $action;
     break;
 
     case "FORGOT_PASSWORD":
-        $action = SB_AUTH::forgotPassword($_POST['email']);
+        $action = SB_AUTH::forgotPassword(htmlspecialchars($_POST['email']));
         $response['status'] = $action;
     break;
 
     case "UPDATE_PASSWORD_FORGOT":
-        $action = SB_USER::updatePasswordForgot($_POST['uID'], $_POST['password']);
+        $action = SB_USER::updatePasswordForgot(htmlspecialchars($_POST['uID']), htmlspecialchars($_POST['password']));
         $response['status'] = ($action) ? "success" : "failed";
     break;
 
@@ -90,8 +98,9 @@
     break;
 
     case "UPDATE_USER_SETTINGS":
-        $action = SB_USER::updateUserSettings($_SESSION['uID'], $_POST['time_zone'], 
-                    $_POST['date_format'], $_POST['time_format'], $_POST['wallet_address']);
+        $action = SB_USER::updateUserSettings($_SESSION['uID'], htmlspecialchars($_POST['time_zone']), 
+                                              htmlspecialchars($_POST['date_format']), htmlspecialchars($_POST['time_format']), 
+                                              htmlspecialchars($_POST['wallet_address']));
         $response['status'] = ($action) ? "success" : "failed";
     break;    
 
@@ -102,76 +111,77 @@
     break;
 
     case "UPDATE_USER_DETAILS":
-        $action = SB_USER::updateUserDetails($_SESSION['uID'], $_POST['first_name'], $_POST['last_name'],
-                                    $_POST['address'], $_POST['city'], $_POST['state'],
-                                    $_POST['country'], $_POST['zip']);
+        $action = SB_USER::updateUserDetails($_SESSION['uID'], htmlspecialchars($_POST['first_name']), htmlspecialchars($_POST['last_name']),
+                                            htmlspecialchars($_POST['address']), htmlspecialchars($_POST['city']), htmlspecialchars($_POST['state']),
+                                            htmlspecialchars($_POST['country']), htmlspecialchars($_POST['zip']));
         $response['status'] = $action;
     break;
 
     case "CHANGE_EMAIL":
         $action = SB_USER::changeEmail($email);
         $response['status'] = $action;
-    reak;    
+    break;    
 
     case "GET_STATES":
-        $action                 = SB_CORE::getStates($_POST['iso']);
+        $action                 = SB_CORE::getStates(htmlspecialchars($_POST['iso']));
         $response['status']     = "success";
         $response['data']       = $action;
     break;    
 
     case "GET_CITY_STATE":
-        $action                 = SB_CORE::getZipCode($_POST['iso'], $_POST['zipCode']);
+        $action                 = SB_CORE::getZipCode(htmlspecialchars($_POST['iso']), htmlspecialchars($_POST['zipCode']));
         $response['status']     = "success";
         $response['data']       = $action;
     break;
 
     case "CHECK_CURRENT_PASSWORD":
-        $action             = SB_USER::checkCurrentPass($_POST['password']);
+        $action             = SB_USER::checkCurrentPass(htmlspecialchars($_POST['password']));
         $response           = ($action) ? "true" : "Password does not match!";
     break;  
 
     case "CHECK_PASSWORD":
-        $action             = SB_USER::checkCurrentPass($_POST['password']);
+        $action             = SB_USER::checkCurrentPass(htmlspecialchars($_POST['password']));
         $response['status'] = ($action) ? "success" : "false";
         break;
 
     case "UPDATE_PASSWORD":
-        $action             = SB_USER::updatePassword($_SESSION['uID'], $_POST['password'], $_POST['current_pass']);
+        $action             = SB_USER::updatePassword($_SESSION['uID'], htmlspecialchars($_POST['password']), htmlspecialchars($_POST['current_pass']));
         $response['status'] = ($action) ? "success" : "failed";
     break;  
 
     case "UPDATE_PROFILE_IMG":
-        $action = SB_USER::updateProfileImg($_SESSION['uID'], $_POST['img']);
+        $action = SB_USER::updateProfileImg($_SESSION['uID'], htmlspecialchars($_POST['img']));
         $response['status'] = ($action) ? "success" : "failed";
     break; 
 
     case "DESTORY_SESSION":
-        $action = SB_USER::destroyActiveSession($_POST['sID']);
+        $action = SB_USER::destroyActiveSession(htmlspecialchars($_POST['sID']));
         $response['status'] = ($action) ? "success" : "failed";
     break;   
 
     case "CHECK_HELIUM_ADDRESS":
-        $action = SB_HELIUM::checkIfValidAddress($_POST['w_address']);
+        $action = SB_HELIUM::checkIfValidAddress(htmlspecialchars($_POST['w_address']));
         $response = ($action) ? "true" : "Invalid Helium Wallet Address";
     break;  
 
     case "ADD_WALLET_ADDRESS":
-        $action = SB_USER::addWallet($_SESSION['uID'], $_POST['nickname'], $_POST['wAddr'], $_POST['primary']);
+        $action = SB_USER::addWallet($_SESSION['uID'], htmlspecialchars($_POST['nickname']), htmlspecialchars($_POST['wAddr']), htmlspecialchars($_POST['primary']));
         $response = $action;
     break;   
 
     case "GET_USER_WALLET_DETAILS":
-        $action = SB_USER::getUserWallet($_SESSION['uID'], $_POST['wID']);
+        $action = SB_USER::getUserWallet($_SESSION['uID'], htmlspecialchars($_POST['wID']));
         $response = $action;
     break; 
 
     case "EDIT_USER_WALLET":
-        $action = SB_USER::editUserWallet($_SESSION['uID'], $_POST['wID'], $_POST['nickname'], $_POST['wAddr'], $_POST['primary']);
+        $action = SB_USER::editUserWallet($_SESSION['uID'], htmlspecialchars($_POST['wID']), htmlspecialchars($_POST['nickname']), 
+                                        htmlspecialchars($_POST['wAddr']), htmlspecialchars($_POST['primary']));
         $response['status'] = $action;
     break;
 
     case "DELETE_USER_WALLET":
-        $action = SB_USER::deleteUserWallet($_SESSION['uID'], $_POST['wID']);
+        $action = SB_USER::deleteUserWallet($_SESSION['uID'], htmlspecialchars($_POST['wID']));
         $response = $action ;
     break; 
 
@@ -188,39 +198,39 @@
     break;   
 
     case "ADD_API_KEY":
-        $action     = SB_API::addKeys($_SESSION['uID'], $_POST['appName']);
+        $action     = SB_API::addKeys($_SESSION['uID'], htmlspecialchars($_POST['appName']));
         $response   = $action;
     break;  
 
     case "DELETE_KEY":
-        $action = SB_API::deleteKey($_SESSION['uID'], $_POST['kID']);
+        $action = SB_API::deleteKey($_SESSION['uID'], htmlspecialchars($_POST['kID']));
         $response = $action;
     break;
 
     case "GET_API_KEY":
-        $action = SB_API::getUserKey($_SESSION['uID'], $_POST['kID']);
+        $action = SB_API::getUserKey($_SESSION['uID'], htmlspecialchars($_POST['kID']));
         $response['status'] = (!$action) ? "failed" : "success";
         $response['apiKey'] = $action;
     break;
 
     case "GET_HISTORY":
-        $action = SB_SUBSCRIPTION::getPaymentHistory($_SESSION['uID'], $_POST['range']);
+        $action = SB_SUBSCRIPTION::getPaymentHistory($_SESSION['uID'], htmlspecialchars($_POST['range']));
         $response['status'] = (!$action) ? "failed" : "success";
         $response['history'] = $action;
     break;
 
     case "UPGRADE_PGK":
-        $action = SB_SUBSCRIPTION::updateUserPkg($_SESSION['uID'], $_POST['pkg']);
+        $action = SB_SUBSCRIPTION::updateUserPkg($_SESSION['uID'], htmlspecialchars($_POST['pkg']));
         $response['status'] = ($action) ? "success" : "failed";
     break;
 
     case "CREATE_IP_MAP":
-        $action = SB_WATCHDOG::createIPMap($_POST['ip']);
+        $action = SB_WATCHDOG::createIPMap(htmlspecialchars($_POST['ip']));
         $response = $action;
     break;    
 
     case "GET_ACCT_HISTORY":
-        $action = SB_WATCHDOG::getUserActivity($_SESSION['uID'], $_POST['start'], $_POST['end']);
+        $action = SB_WATCHDOG::getUserActivity($_SESSION['uID'], htmlspecialchars($_POST['start']), htmlspecialchars($_POST['end']));
         $response['status'] = (!$action) ? "success" : "failed";
         $response['history'] = $action;
     break;

includes/config.inc.php

@@ -17,11 +17,17 @@
 define("SB_TMP", SB_CORE."tmp/");
 
 /** MySQL Credentials */
-define("SB_DB_HOST", "127.0.0.1");
+define("SB_DB_HOST", "192.168.170.171");
 define("SB_DB_USER", "syncrobit");
 define("SB_DB_PASSWORD", "m3rt3c123");
 define("SB_DB_DATABASE", "syncrobit");
 
+/** Memcached Credentials */
+define("SB_MEMCACHED", "192.168.198.141");
+define("SB_MEMCACHED_LONG", "");
+define("SB_MEMCACHED_MEDIUM", "");
+define("SB_MEMCACHED_FAST", "");
+
 /** Postgres Credentials */
 
 //define("SB_PG_HOST", "etl.dewi.org");

libs/sessions.lib.php

@@ -123,6 +123,7 @@ public function getUserIPAddress(){
 
   public static function updateUID($uID){
     $sID = session_id();
+    $_SESSION['id'] = $sID;
 
     try {
       $sql = "UPDATE `sb_sessions` SET `uid` = :uID WHERE `id` = :sID";

resources/plugins/flag-icon-css/.editorconfig

@@ -0,0 +1,11 @@
+# editorconfig.org
+
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

resources/plugins/flag-icon-css/.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+bower_components
+main
+node_modules
+temp
+update

resources/plugins/flag-icon-css/.prettierignore

@@ -0,0 +1,4 @@
+flag-icon.min.css
+bower_components/
+main/
+temp/

resources/plugins/flag-icon-css/.prettierrc.json

@@ -0,0 +1,21 @@
+{
+  "arrowParens": "avoid",
+  "bracketSpacing": false,
+  "jsxBracketSameLine": false,
+  "printWidth": 80,
+  "proseWrap": "preserve",
+  "requirePragma": false,
+  "semi": true,
+  "singleQuote": true,
+  "tabWidth": 2,
+  "trailingComma": "all",
+  "useTabs": false,
+  "overrides": [
+    {
+      "files": "*.json",
+      "options": {
+        "printWidth": 200
+      }
+    }
+  ]
+}

resources/plugins/flag-icon-css/.travis.yml

@@ -0,0 +1,8 @@
+language: node_js
+node_js:
+  - '10'
+
+cache: yarn
+
+notifications:
+  - email: false

resources/plugins/flag-icon-css/Gruntfile.coffee

@@ -0,0 +1,44 @@
+module.exports = (grunt)->
+  less = 'less'
+  TARGET_DIR = 'css'
+
+  grunt.initConfig
+    less:
+      flag:
+        src: 'less/flag-icon.less'
+        dest: 'css/flag-icon.css'
+      docs:
+        src: 'assets/docs.less'
+        dest: 'assets/docs.css'
+
+    cssmin:
+      flag:
+        src: 'css/flag-icon.css'
+        dest: 'css/flag-icon.min.css'
+
+    watch:
+      css:
+        options:
+          livereload: true
+        files: '**/*.less'
+        tasks: ['build']
+
+      assets:
+        options:
+          livereload: true
+        files: ['index.html', 'assets/*']
+
+    connect:
+      server:
+        options:
+          port: 8000
+          keepalive: true
+
+
+    grunt.loadNpmTasks 'grunt-contrib-less'
+    grunt.loadNpmTasks 'grunt-contrib-cssmin'
+    grunt.loadNpmTasks 'grunt-contrib-watch'
+    grunt.loadNpmTasks 'grunt-contrib-connect'
+
+    grunt.registerTask 'build',   ['less', 'cssmin']
+    grunt.registerTask 'default', ['build', 'watch']

resources/plugins/flag-icon-css/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Panayiotis Lipiridis
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.