134 lines
7.2 KiB
Plaintext
134 lines
7.2 KiB
Plaintext
<?php
|
|
/*
|
|
* Copyright (C) 2018 josh.north@point808.com
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
|
|
ini_set('session.gc_probability', 1); // GC RATES
|
|
ini_set('session.gc_divisor', 100); // TIMES
|
|
ini_set('session.use_cookies', '1');
|
|
ini_set('session.use_only_cookies', '0');
|
|
ini_set('session.cookie_lifetime', '0');
|
|
ini_set('session.cookie_secure', '1');
|
|
ini_set('session.cookie_httponly', '1');
|
|
ini_set('session.cookie_samesite', 'Strict');
|
|
session_save_path('.tmp'); // TEMP
|
|
session_start(); // START
|
|
require_once __DIR__ . '/autoload.php'; // AUTOLOAD
|
|
require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
|
|
use App\LobbySIO\Config\Registry;
|
|
use Defuse\Crypto\Crypto;
|
|
$Users = new \App\LobbySIO\Database\Users();
|
|
if (Registry::AUTHMETHOD == 'SAML') {
|
|
//simplesaml
|
|
require_once('../simplesamlphp/lib/_autoload.php');
|
|
$auth = new \SimpleSAML\Auth\Simple(Registry::AUTHIDP);
|
|
//$auth->requireAuth();
|
|
$auth->isAuthenticated();
|
|
if (!$auth->isAuthenticated()) {
|
|
$attributes = 'none';
|
|
} else {
|
|
$attributes = $auth->getAttributes();
|
|
$saml_user_email = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0];
|
|
$saml_user_info = $Users->getUserInfoByEmail($saml_user_email, "1", "0");
|
|
$saml_user_id = $saml_user_info["0"]["users_id"];
|
|
}
|
|
$session = \SimpleSAML\Session::getSessionFromRequest();
|
|
$session->cleanup();
|
|
}
|
|
$StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES
|
|
$encKey = $StaticFunctions->loadEncryptionKeyFromConfig();
|
|
$SiteInfo = new \App\LobbySIO\Database\SiteInfo();
|
|
if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT
|
|
if (isset($saml_user_id)) {
|
|
$sessuserid=$saml_user_id;
|
|
} else {
|
|
$sessuserid=$_SESSION['user_id'];
|
|
}
|
|
} elseif (!isset($_SESSION['user_id'])) {
|
|
if (isset($saml_user_id)) {
|
|
$sessuserid=$saml_user_id;
|
|
} else {
|
|
$sessuserid='2';
|
|
}
|
|
$session_user = $Users->getUserInfo($sessuserid, "1", "0"); }
|
|
if (isset($session_user)) { // GET UID OR SET TO KIOSK
|
|
$uid = $session_user["0"]["users_id"];} else { $uid = "2"; }
|
|
$app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP LANGUAGE
|
|
if(!isset($app_disp_lang)) {
|
|
$app_disp_lang=$StaticFunctions->getDefaultLanguage(); }
|
|
$siteidcookie = filter_input(INPUT_COOKIE, 'app_site', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // SETUP SITE
|
|
foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) {
|
|
$lookup_array[$arr['sites_id']]=1; }
|
|
if(isset($lookup_array[$siteidcookie])) {
|
|
$siteid = $siteidcookie; } else { $siteid = "1"; }
|
|
if(!isset($siteid)) { $siteid="1"; }
|
|
$Translate = new \App\LobbySIO\Language\Translate($app_disp_lang); // SETUP TRANSLATOR
|
|
$transLang = $Translate->userLanguage();
|
|
$VisitTypeInfo = new \App\LobbySIO\Database\VisitTypeInfo(); // ADDITIONAL CLASSES
|
|
$IDTypeInfo = new \App\LobbySIO\Database\IDTypeInfo();
|
|
$VisitInfo = new \App\LobbySIO\Database\VisitInfo();
|
|
$VisitActions = new \App\LobbySIO\Database\VisitActions();
|
|
$app_current_pagename = $transLang['STR_COMMON_HOME']; // PAGE SETUP
|
|
$app_current_pageicon = '<i class="fas fa-home"></i> ';
|
|
require_once("inc/header.inc.php");
|
|
$urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL));
|
|
//header("X-Frame-Options: SAMEORIGIN");
|
|
//header("X-Content-Type-Options: nosniff");
|
|
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
|
|
if (!empty($_GET['a'])) {
|
|
echo '<pre>' . print_r($_POST, true) . '</pre>';
|
|
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');
|
|
}
|
|
?>
|
|
|
|
|
|
|
|
|
|
<?php if ($StaticFunctions->getUserSessionStatus() == false) {
|
|
die;
|
|
} else {
|
|
$query = "
|
|
SELECT
|
|
" . Registry::DB_PRFX . "visits.id as visits_id,
|
|
" . Registry::DB_PRFX . "visits.firstname as visits_firstname,
|
|
" . Registry::DB_PRFX . "visits.lastname as visits_lastname,
|
|
" . Registry::DB_PRFX . "visits.company as visits_company,
|
|
" . Registry::DB_PRFX . "visits.escort as visits_escort,
|
|
" . Registry::DB_PRFX . "visits.carnum as visits_carnum
|
|
FROM " . Registry::DB_PRFX . "visits";
|
|
$database = new \App\LobbySIO\Database\Connect();
|
|
$rows = $database->getQuery($query);
|
|
foreach ($rows as $tr) {
|
|
$visits_id = $tr['visits_id'];
|
|
$visits_firstname_e = Crypto::encrypt($tr['visits_firstname'], $encKey);
|
|
$visits_lastname_e = Crypto::encrypt($tr['visits_lastname'], $encKey);
|
|
$visits_company_e = Crypto::encrypt($tr['visits_company'], $encKey);
|
|
$visits_escort_e = Crypto::encrypt($tr['visits_escort'], $encKey);
|
|
$visits_carnum_e = Crypto::encrypt($tr['visits_carnum'], $encKey);
|
|
$query = "
|
|
UPDATE " . Registry::DB_PRFX . "visits
|
|
SET " . Registry::DB_PRFX . "visits.firstname = \"$visits_firstname_e\",
|
|
" . Registry::DB_PRFX . "visits.lastname = \"$visits_lastname_e\",
|
|
" . Registry::DB_PRFX . "visits.company = \"$visits_company_e\",
|
|
" . Registry::DB_PRFX . "visits.escort = \"$visits_escort_e\",
|
|
" . Registry::DB_PRFX . "visits.carnum = \"$visits_carnum_e\"
|
|
WHERE " . Registry::DB_PRFX . "visits.id = \"$visits_id\"
|
|
";
|
|
$database = new \App\LobbySIO\Database\Connect();
|
|
$count = $database->runQuery($query);
|
|
}
|
|
}
|