LobbySIO/signin_display.php

<?php
/*
 * Copyright (C) 2018 josh.north@point808.com
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

    ini_set('session.gc_maxlifetime', 24*60*60);                                // MIN SESSION
    ini_set('session.gc_probability', 1);                                       // GC RATES
    ini_set('session.gc_divisor', 100);                                         // TIMES
    ini_set('session.use_cookies', '1');
    ini_set('session.use_only_cookies', '1');
    ini_set('session.cookie_secure', '0');
    ini_set('session.cookie_httponly', '0');
    ini_set('session.cookie_samesite', 'Lax');
    session_save_path('.tmp');                                                  // TEMP
    session_start();                                                            // START
    require_once __DIR__ . '/autoload.php';                                     // AUTOLOAD
    use App\LobbySIO\Misc\Csrf;                                        // ANTICSRF
    $StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions();                // DEFAULT CLASSES
    $SiteInfo = new \App\LobbySIO\Database\SiteInfo();
    $Users = new \App\LobbySIO\Database\Users();
    if (isset($_SESSION['user_id'])) {                                          // LOGGED IN? GET USER OBJECT
        $session_user = $Users->getUserInfo($_SESSION['user_id'], "1", "0"); }
    if (isset($session_user)) {                                                 // GET UID OR SET TO KIOSK
        $uid = $session_user["0"]["users_id"];} else { $uid = "2"; }
    $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang');               // SETUP LANGUAGE
    if(!isset($app_disp_lang)) {
        $app_disp_lang=$StaticFunctions->getDefaultLanguage(); }
    $siteidcookie = filter_input(INPUT_COOKIE, 'app_site');                     // SETUP SITE
    foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {
        $lookup_array[$arr['sites_id']]=1; }
        if(isset($lookup_array[$siteidcookie])) {
            $siteid = $siteidcookie; } else { $siteid = "1"; }
        if(!isset($siteid)) { $siteid="1"; }
    $Translate = new \App\LobbySIO\Language\Translate($app_disp_lang);          // SETUP TRANSLATOR
    $transLang =  $Translate->userLanguage();
    $VisitTypeInfo = new \App\LobbySIO\Database\VisitTypeInfo();
    $VisitActions = new \App\LobbySIO\Database\VisitActions();
    $app_current_pagename = $transLang['SIGNIN'];                               // PAGE SETUP
    $app_current_pageicon = '<i class="fas fa-file-signature"></i> ';
    require_once("inc/header.inc.php");
    if ($StaticFunctions->getSessionStatus() == true) {                         // CHECK STATUS
        header('Location: index.php');                                          // ELSE HOME
    } else {
      header("X-Frame-Options: SAMEORIGIN");
      header("X-Content-Type-Options: nosniff");
      //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
      if (!empty($_GET['a'])) {
        echo '<pre>' . print_r($_POST, true) . '</pre>';
        echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
      }
    ?>


<?php
// FILTER POSTED DATA
$form_data = filter_input_array(INPUT_POST, [
    'form_data_stage' => (string)FILTER_SANITIZE_STRING,
    'form_data_siteid' => (int)FILTER_VALIDATE_INT,
    'form_data_isvendor' => (int)FILTER_VALIDATE_INT,
    'form_data_firstname' => (string)FILTER_SANITIZE_STRING,
    'form_data_lastname' => (string)FILTER_SANITIZE_STRING,
    'form_data_carnum' => (string)FILTER_SANITIZE_STRING,
    'form_data_ssanum' => (string)FILTER_SANITIZE_STRING,
    'form_data_company' => (string)FILTER_SANITIZE_STRING,
    'form_data_contact1' => (string)FILTER_SANITIZE_STRING,
    'form_data_contact2' => (string)FILTER_SANITIZE_STRING,
    'form_data_workstart' => (string)FILTER_SANITIZE_STRING,
    'form_data_workend' => (string)FILTER_SANITIZE_STRING,
    'form_data_visittype' => (int)FILTER_VALIDATE_INT,
    'form_data_escortrequired' => (int)FILTER_VALIDATE_INT,
    'form_data_v_signature' => (string)FILTER_SANITIZE_STRING,
    'form_data_e_signature' => (string)FILTER_SANITIZE_STRING,
    'form_data_escortname' => (string)FILTER_SANITIZE_STRING
]);
if (empty($form_data['form_data_carnum'])) { $carnum="";} else {$carnum=$form_data['form_data_carnum'];}
if (empty($form_data['form_data_ssanum'])) { $ssanum="";} else {$ssanum=$form_data['form_data_ssanum'];}
if (empty($form_data['form_data_isvendor'])) { $isvendor="0";} else {$isvendor=$form_data['form_data_isvendor'];}
if (empty($form_data['form_data_contact1'])) { $db_vendorinfo_contact1="";} else {$db_vendorinfo_contact1=$form_data['form_data_contact1'];}
if (empty($form_data['form_data_contact2'])) { $db_vendorinfo_contact2="";} else {$db_vendorinfo_contact2=$form_data['form_data_contact2'];}
if (empty($form_data['form_data_workstart'])) { $db_vendorinfo_workstart="";} else {$db_vendorinfo_workstart=$form_data['form_data_workstart'];}
if (empty($form_data['form_data_workend'])) { $db_vendorinfo_workend="";} else {$db_vendorinfo_workend=$form_data['form_data_workend'];}
$visitid = $VisitActions->newVisit($form_data['form_data_firstname'], $form_data['form_data_lastname'], $form_data['form_data_company'], $form_data['form_data_visittype'], $StaticFunctions->getUTC(), $form_data['form_data_v_signature'], $form_data['form_data_siteid'], "1", $form_data['form_data_e_signature'], $form_data['form_data_escortname'], $carnum, $ssanum, $isvendor);
if($form_data['form_data_isvendor'] === (int)"1") {
  $vendorid = $VisitActions->setInfoVendorVisitNew($visitid, $db_vendorinfo_contact1, $db_vendorinfo_contact2, $db_vendorinfo_workstart, $db_vendorinfo_workend);
}
// SET INITIAL STAGE
if(!empty($form_data['form_data_stage'])){
  $form_data['form_data_stage'] = 'readytosubmit';
}?>

<!-- CONTENT -->

<?php if($form_data['form_data_stage'] === "readytosubmit"){ ?>

  <div class="container">
    <div class="row row-cols-1">
      <div class="col d-grid gap-2">
        <h2><i class="fas fa-sign-in-alt"></i> <?php echo $transLang['SIGNIN_THANKYOU']; ?></h2>
      </div>
    </div>
    <div class="row row-cols-1">
      <div class="col d-grid gap-2">
        <table class="table table-striped">
          <thead class="thead-dark">
            <tr>
              <th><?php echo $transLang['TIMEREASON']; ?></th><th><?php echo $transLang['COMPANY']; ?></th><th><?php echo $transLang['NAME']; ?></th><th><?php echo $transLang['ESCORT']; ?></th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td><?php echo $timenow; ?><br><?php echo $transLang[$VisitTypeInfo->getInfoVisitType("%", $form_data['form_data_visittype'])[0]["visittypes_name"]]; ?></td><td><?php echo $form_data['form_data_company']; ?></td><td><?php echo $form_data['form_data_lastname']; ?>, <?php echo $form_data['form_data_firstname']; ?><br><img src="<?php echo $form_data['form_data_v_signature']; ?>" width="200" height="50" /></td><td><?php if (!empty($form_data['form_data_escortname'])): echo $form_data['form_data_escortname']; endif; ?><br /><?php if (!empty($form_data['form_data_e_signature'])): ?><img src="<?php echo $form_data['form_data_e_signature']; ?>" width="200" height="50" /><?php endif; ?></td>
            </tr>
          </tbody>
        </table>
      </div>
    </div>
    <div class="row row-cols-1">
      <div class="col d-grid gap-2">
<?php if($SiteInfo->getSite($form_data['form_data_siteid'], $uid, "0", "0")[0]["sites_region"] == "US") { ?>
        <p><?php echo $transLang['ACKNOWLEDGEMENT']; ?></p>
<?php } ?>
        <p><?php echo $transLang['GDPR_TEXT']; ?><p>
      </div>
    </div>
    <div class="row row-cols-1">
      <div class="col d-grid gap-2">
        <a href="index.php" class="btn btn-success btn-lg btn-block" tabindex="-1" role="button" aria-disabled="true">&nbsp<br /><?php echo $transLang['HOME']; ?><br />&nbsp</a>
      </div>
    </div>
 <!-- END CONTENT -->
<?php }else{ ?>
<!-- START ERROR -->
  <div class="container">
    <div class="row row-cols-1">
      <div class="col d-grid gap-2">
        <h2><?php echo $transLang['NOSIGNIN']; ?></h2>
      </div>
    </div>
  </div>
<!-- END ERROR -->
<?php } ?>

<?php } require_once("inc/footer.inc.php");
Clean History 2018-10-15 15:14:36 -04:00			`<?php`
			`/*`
Cleanup and consolidatio 2021-06-12 09:29:10 -04:00			`* Copyright (C) 2018 josh.north@point808.com`
Clean History 2018-10-15 15:14:36 -04:00			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

Fixes for several issues. Closes #1, closes #2, closes #3, and closes #5. 2018-10-19 19:00:44 -04:00			`ini_set('session.gc_maxlifetime', 246060); // MIN SESSION`
			`ini_set('session.gc_probability', 1); // GC RATES`
			`ini_set('session.gc_divisor', 100); // TIMES`
Vulnerability mitigation 2021-05-28 17:02:01 -04:00			`ini_set('session.use_cookies', '1');`
			`ini_set('session.use_only_cookies', '1');`
Cookie fix - temp 2021-06-03 09:40:50 -04:00			`ini_set('session.cookie_secure', '0');`
			`ini_set('session.cookie_httponly', '0');`
Vulnerability mitigation - revert secure cookies by default 2021-06-01 10:52:51 -04:00			`ini_set('session.cookie_samesite', 'Lax');`
Fixes for several issues. Closes #1, closes #2, closes #3, and closes #5. 2018-10-19 19:00:44 -04:00			`session_save_path('.tmp'); // TEMP`
			`session_start(); // START`
			`require_once __DIR__ . '/autoload.php'; // AUTOLOAD`
Vulnerability remediation 2021-05-28 15:31:54 -04:00			`use App\LobbySIO\Misc\Csrf; // ANTICSRF`
Fixes for several issues. Closes #1, closes #2, closes #3, and closes #5. 2018-10-19 19:00:44 -04:00			`$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES`
Clean History 2018-10-15 15:14:36 -04:00			`$SiteInfo = new \App\LobbySIO\Database\SiteInfo();`
Fixes for several issues. Closes #1, closes #2, closes #3, and closes #5. 2018-10-19 19:00:44 -04:00			`$Users = new \App\LobbySIO\Database\Users();`
			`if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT`
			`$session_user = $Users->getUserInfo($_SESSION['user_id'], "1", "0"); }`
			`if (isset($session_user)) { // GET UID OR SET TO KIOSK`
			`$uid = $session_user["0"]["users_id"];} else { $uid = "2"; }`
			`$app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang'); // SETUP LANGUAGE`
			`if(!isset($app_disp_lang)) {`
			`$app_disp_lang=$StaticFunctions->getDefaultLanguage(); }`
			`$siteidcookie = filter_input(INPUT_COOKIE, 'app_site'); // SETUP SITE`
			`foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {`
			`$lookup_array[$arr['sites_id']]=1; }`
			`if(isset($lookup_array[$siteidcookie])) {`
			`$siteid = $siteidcookie; } else { $siteid = "1"; }`
			`if(!isset($siteid)) { $siteid="1"; }`
			`$Translate = new \App\LobbySIO\Language\Translate($app_disp_lang); // SETUP TRANSLATOR`
			`$transLang = $Translate->userLanguage();`
Clean History 2018-10-15 15:14:36 -04:00			`$VisitTypeInfo = new \App\LobbySIO\Database\VisitTypeInfo();`
			`$VisitActions = new \App\LobbySIO\Database\VisitActions();`
Fixes for several issues. Closes #1, closes #2, closes #3, and closes #5. 2018-10-19 19:00:44 -04:00			`$app_current_pagename = $transLang['SIGNIN']; // PAGE SETUP`
			`$app_current_pageicon = '<i class="fas fa-file-signature"></i> ';`
			`require_once("inc/header.inc.php");`
			`if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS`
			`header('Location: index.php'); // ELSE HOME`
Vulnerability remediation 2021-05-28 15:31:54 -04:00			`} else {`
			`header("X-Frame-Options: SAMEORIGIN");`
Vulnerability mitigation 2021-05-28 17:02:01 -04:00			`header("X-Content-Type-Options: nosniff");`
Vulnerability mitigation - revert secure cookies by default 2021-06-01 10:52:51 -04:00			`//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);`
Vulnerability remediation 2021-05-28 15:31:54 -04:00			`if (!empty($_GET['a'])) {`
			`echo '<pre>' . print_r($_POST, true) . '</pre>';`
			`echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');`
			`}`
			`?>`
Clean History 2018-10-15 15:14:36 -04:00

Bootstrap and jQuery upgrade for vulnerabilities 2021-05-28 11:33:45 -04:00
Cleanup and consolidation, signin process updates 2021-06-11 22:51:00 -04:00			`<?php`
			`// FILTER POSTED DATA`
			`$form_data = filter_input_array(INPUT_POST, [`
			`'form_data_stage' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_siteid' => (int)FILTER_VALIDATE_INT,`
			`'form_data_isvendor' => (int)FILTER_VALIDATE_INT,`
			`'form_data_firstname' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_lastname' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_carnum' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_ssanum' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_company' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_contact1' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_contact2' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_workstart' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_workend' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_visittype' => (int)FILTER_VALIDATE_INT,`
			`'form_data_escortrequired' => (int)FILTER_VALIDATE_INT,`
			`'form_data_v_signature' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_e_signature' => (string)FILTER_SANITIZE_STRING,`
			`'form_data_escortname' => (string)FILTER_SANITIZE_STRING`
			`]);`
			`if (empty($form_data['form_data_carnum'])) { $carnum="";} else {$carnum=$form_data['form_data_carnum'];}`
			`if (empty($form_data['form_data_ssanum'])) { $ssanum="";} else {$ssanum=$form_data['form_data_ssanum'];}`
			`if (empty($form_data['form_data_isvendor'])) { $isvendor="0";} else {$isvendor=$form_data['form_data_isvendor'];}`
			`if (empty($form_data['form_data_contact1'])) { $db_vendorinfo_contact1="";} else {$db_vendorinfo_contact1=$form_data['form_data_contact1'];}`
			`if (empty($form_data['form_data_contact2'])) { $db_vendorinfo_contact2="";} else {$db_vendorinfo_contact2=$form_data['form_data_contact2'];}`
			`if (empty($form_data['form_data_workstart'])) { $db_vendorinfo_workstart="";} else {$db_vendorinfo_workstart=$form_data['form_data_workstart'];}`
			`if (empty($form_data['form_data_workend'])) { $db_vendorinfo_workend="";} else {$db_vendorinfo_workend=$form_data['form_data_workend'];}`
			`$visitid = $VisitActions->newVisit($form_data['form_data_firstname'], $form_data['form_data_lastname'], $form_data['form_data_company'], $form_data['form_data_visittype'], $StaticFunctions->getUTC(), $form_data['form_data_v_signature'], $form_data['form_data_siteid'], "1", $form_data['form_data_e_signature'], $form_data['form_data_escortname'], $carnum, $ssanum, $isvendor);`
			`if($form_data['form_data_isvendor'] === (int)"1") {`
Vendor & contractor integration 2021-06-10 05:20:29 -04:00			`$vendorid = $VisitActions->setInfoVendorVisitNew($visitid, $db_vendorinfo_contact1, $db_vendorinfo_contact2, $db_vendorinfo_workstart, $db_vendorinfo_workend);`
Cleanup and consolidation, signin process updates 2021-06-11 22:51:00 -04:00			`}`
			`// SET INITIAL STAGE`
			`if(!empty($form_data['form_data_stage'])){`
			`$form_data['form_data_stage'] = 'readytosubmit';`
			`}?>`

			`<!-- CONTENT -->`

			`<?php if($form_data['form_data_stage'] === "readytosubmit"){ ?>`

Bootstrap and jQuery upgrade for vulnerabilities 2021-05-28 11:33:45 -04:00			`<div class="container">`
			`<div class="row row-cols-1">`
			`<div class="col d-grid gap-2">`
			`<h2><i class="fas fa-sign-in-alt"></i> <?php echo $transLang['SIGNIN_THANKYOU']; ?></h2>`
			`</div>`
			`</div>`
			`<div class="row row-cols-1">`
			`<div class="col d-grid gap-2">`
			`<table class="table table-striped">`
			`<thead class="thead-dark">`
			`<tr>`
			`<th><?php echo $transLang['TIMEREASON']; ?></th><th><?php echo $transLang['COMPANY']; ?></th><th><?php echo $transLang['NAME']; ?></th><th><?php echo $transLang['ESCORT']; ?></th>`
			`</tr>`
			`</thead>`
			`<tbody>`
			`<tr>`
Cleanup and consolidation, signin process updates 2021-06-11 22:51:00 -04:00			<td><?php echo $timenow; ?><br><?php echo $transLang[$VisitTypeInfo->getInfoVisitType("%", $form_data['form_data_visittype'])[0]["visittypes_name"]]; ?></td><td><?php echo $form_data['form_data_company']; ?></td><td><?php echo $form_data['form_data_lastname']; ?>, <?php echo $form_data['form_data_firstname']; ?><br><img src="<?php echo $form_data['form_data_v_signature']; ?>" width="200" height="50" /></td><td><?php if (!empty($form_data['form_data_escortname'])): echo $form_data['form_data_escortname']; endif; ?><br /><?php if (!empty($form_data['form_data_e_signature'])): ?><img src="<?php echo $form_data['form_data_e_signature']; ?>" width="200" height="50" /><?php endif; ?></td>
Bootstrap and jQuery upgrade for vulnerabilities 2021-05-28 11:33:45 -04:00			`</tr>`
			`</tbody>`
			`</table>`
			`</div>`
			`</div>`
			`<div class="row row-cols-1">`
			`<div class="col d-grid gap-2">`
Cleanup and consolidation, signin process updates 2021-06-11 22:51:00 -04:00			`<?php if($SiteInfo->getSite($form_data['form_data_siteid'], $uid, "0", "0")[0]["sites_region"] == "US") { ?>`
Bootstrap and jQuery upgrade for vulnerabilities 2021-05-28 11:33:45 -04:00			`<p><?php echo $transLang['ACKNOWLEDGEMENT']; ?></p>`
			`<?php } ?>`
			`<p><?php echo $transLang['GDPR_TEXT']; ?><p>`
			`</div>`
			`</div>`
			`<div class="row row-cols-1">`
			`<div class="col d-grid gap-2">`
			`<a href="index.php" class="btn btn-success btn-lg btn-block" tabindex="-1" role="button" aria-disabled="true">&nbsp<br /><?php echo $transLang['HOME']; ?><br />&nbsp</a>`
			`</div>`
			`</div>`
			`<!-- END CONTENT -->`
Cleanup and consolidation, signin process updates 2021-06-11 22:51:00 -04:00			`<?php }else{ ?>`
Bootstrap and jQuery upgrade for vulnerabilities 2021-05-28 11:33:45 -04:00			`<!-- START ERROR -->`
			`<div class="container">`
			`<div class="row row-cols-1">`
			`<div class="col d-grid gap-2">`
			`<h2><?php echo $transLang['NOSIGNIN']; ?></h2>`
			`</div>`
			`</div>`
			`</div>`
			`<!-- END ERROR -->`
Cleanup and consolidatio 2021-06-12 09:29:10 -04:00			`<?php } ?>`
Bootstrap and jQuery upgrade for vulnerabilities 2021-05-28 11:33:45 -04:00
Cleanup and consolidatio 2021-06-12 09:29:10 -04:00			`<?php } require_once("inc/footer.inc.php");`