. */ ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION ini_set('session.gc_probability', 1); // GC RATES ini_set('session.gc_divisor', 100); // TIMES ini_set('session.use_cookies', '1'); ini_set('session.use_only_cookies', '0'); ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_secure', '1'); ini_set('session.cookie_httponly', '1'); ini_set('session.cookie_samesite', 'Strict'); session_save_path('.tmp'); // TEMP session_start(); // START require_once __DIR__ . '/autoload.php'; // AUTOLOAD require_once __DIR__ . '/src/Misc/defuse-crypto.phar'; use App\LobbySIO\Config\Registry; use Defuse\Crypto\Crypto; $Users = new \App\LobbySIO\Database\Users(); if (Registry::AUTHMETHOD == 'SAML') { //simplesaml require_once('../simplesamlphp/lib/_autoload.php'); $auth = new \SimpleSAML\Auth\Simple(Registry::AUTHIDP); //$auth->requireAuth(); $auth->isAuthenticated(); if (!$auth->isAuthenticated()) { $attributes = 'none'; } else { $attributes = $auth->getAttributes(); $saml_user_email = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0]; $saml_user_info = $Users->getUserInfoByEmail($saml_user_email, "1", "0"); $saml_user_id = $saml_user_info["0"]["users_id"]; } $session = \SimpleSAML\Session::getSessionFromRequest(); $session->cleanup(); } $StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES $encKey = $StaticFunctions->loadEncryptionKeyFromConfig(); $SiteInfo = new \App\LobbySIO\Database\SiteInfo(); if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT if (isset($saml_user_id)) { $sessuserid=$saml_user_id; } else { $sessuserid=$_SESSION['user_id']; } } elseif (!isset($_SESSION['user_id'])) { if (isset($saml_user_id)) { $sessuserid=$saml_user_id; } else { $sessuserid='2'; } $session_user = $Users->getUserInfo($sessuserid, "1", "0"); } if (isset($session_user)) { // GET UID OR SET TO KIOSK $uid = $session_user["0"]["users_id"];} else { $uid = "2"; } $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP LANGUAGE if(!isset($app_disp_lang)) { $app_disp_lang=$StaticFunctions->getDefaultLanguage(); } $siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP SITE foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) { $lookup_array[$arr['sites_id']]=1; } if(isset($lookup_array[$siteidcookie])) { $siteid = $siteidcookie; } else { $siteid = "1"; } if(!isset($siteid)) { $siteid="1"; } $Translate = new \App\LobbySIO\Language\Translate($app_disp_lang); // SETUP TRANSLATOR $transLang = $Translate->userLanguage(); $VisitTypeInfo = new \App\LobbySIO\Database\VisitTypeInfo(); // ADDITIONAL CLASSES $IDTypeInfo = new \App\LobbySIO\Database\IDTypeInfo(); $VisitInfo = new \App\LobbySIO\Database\VisitInfo(); $VisitActions = new \App\LobbySIO\Database\VisitActions(); $app_current_pagename = $transLang['STR_COMMON_HOME']; // PAGE SETUP $app_current_pageicon = ' '; require_once("inc/header.inc.php"); $urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL)); //header("X-Frame-Options: SAMEORIGIN"); //header("X-Content-Type-Options: nosniff"); //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false); if (!empty($_GET['a'])) { echo '
' . print_r($_POST, true) . ''; echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful'); } ?> getUserSessionStatus() == false) { die; } else { $query = " SELECT " . Registry::DB_PRFX . "visits.id as visits_id, " . Registry::DB_PRFX . "visits.firstname as visits_firstname, " . Registry::DB_PRFX . "visits.lastname as visits_lastname, " . Registry::DB_PRFX . "visits.company as visits_company, " . Registry::DB_PRFX . "visits.escort as visits_escort, " . Registry::DB_PRFX . "visits.carnum as visits_carnum FROM " . Registry::DB_PRFX . "visits"; $database = new \App\LobbySIO\Database\Connect(); $rows = $database->getQuery($query); foreach ($rows as $tr) { $visits_id = $tr['visits_id']; $visits_firstname_e = Crypto::encrypt($tr['visits_firstname'], $encKey); $visits_lastname_e = Crypto::encrypt($tr['visits_lastname'], $encKey); $visits_company_e = Crypto::encrypt($tr['visits_company'], $encKey); $visits_escort_e = Crypto::encrypt($tr['visits_escort'], $encKey); $visits_carnum_e = Crypto::encrypt($tr['visits_carnum'], $encKey); $query = " UPDATE " . Registry::DB_PRFX . "visits SET " . Registry::DB_PRFX . "visits.firstname = \"$visits_firstname_e\", " . Registry::DB_PRFX . "visits.lastname = \"$visits_lastname_e\", " . Registry::DB_PRFX . "visits.company = \"$visits_company_e\", " . Registry::DB_PRFX . "visits.escort = \"$visits_escort_e\", " . Registry::DB_PRFX . "visits.carnum = \"$visits_carnum_e\" WHERE " . Registry::DB_PRFX . "visits.id = \"$visits_id\" "; $database = new \App\LobbySIO\Database\Connect(); $count = $database->runQuery($query); } }