Skip to content

P
php-licensing
Commit b99b80f3 by Nixon Solomon
Options

Initial commit

parents
Showing with 4875 additions and 0 deletions
apl_admin/api_keys_add.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Add New API Key";
$page_message="Add new API key. Enter unique API secret, select permissions, and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($api_key_secret) && validateNumberOrRange($api_key_clients_add, 0, 1) && validateNumberOrRange($api_key_clients_edit, 0, 1) && validateNumberOrRange($api_key_licenses_add, 0, 1) && validateNumberOrRange($api_key_licenses_edit, 0, 1) && validateNumberOrRange($api_key_products_add, 0, 1) && validateNumberOrRange($api_key_products_edit, 0, 1) && validateNumberOrRange($api_key_installations_edit, 0, 1) && validateNumberOrRange($api_key_search, 0, 1) && validateNumberOrRange($api_key_status, 0, 2))
{
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
foreach ($api_key_ip_array as $ip_address)
{
if (!filter_var($ip_address, FILTER_VALIDATE_IP))
{
$error_detected=1;
$error_details.="Invalid IP address.<br>";
break;
}
}
}
if ($error_detected!=1)
{
$added_records=insertRow("INSERT IGNORE INTO apl_api_keys (api_key_secret, api_key_ip, api_key_clients_add, api_key_clients_edit, api_key_licenses_add, api_key_licenses_edit, api_key_products_add, api_key_products_edit, api_key_installations_edit, api_key_search, api_key_status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", array($api_key_secret, $api_key_ip, $api_key_clients_add, $api_key_clients_edit, $api_key_licenses_add, $api_key_licenses_edit, $api_key_products_add, $api_key_products_edit, $api_key_installations_edit, $api_key_search, $api_key_status), array("s", "s", "i", "i", "i", "i", "i", "i", "i", "i", "i"));
if ($added_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid API secret, permissions, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="API key $api_key_secret added to the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/api_keys_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Edit API Key";
$page_message="Edit API key. Update API key information and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="api_keys_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($api_key_id) || !filter_var($api_key_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_id=?", array($api_key_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
{
foreach ($rows_array as $row)
{
extract($row);
}
}
if (isset($submit_ok))
{
if (!empty($delete_record) && $delete_record==1)
{
$removed_records=deleteRow("DELETE FROM apl_api_keys WHERE api_key_id=?", array($api_key_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records API key(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
header("Location: $page_header_file_no_data");
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (!empty($api_key_secret) && validateNumberOrRange($api_key_clients_add, 0, 1) && validateNumberOrRange($api_key_clients_edit, 0, 1) && validateNumberOrRange($api_key_licenses_add, 0, 1) && validateNumberOrRange($api_key_licenses_edit, 0, 1) && validateNumberOrRange($api_key_products_add, 0, 1) && validateNumberOrRange($api_key_products_edit, 0, 1) && validateNumberOrRange($api_key_installations_edit, 0, 1) && validateNumberOrRange($api_key_search, 0, 1) && validateNumberOrRange($api_key_status, 0, 2))
{
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
foreach ($api_key_ip_array as $ip_address)
{
if (!filter_var($ip_address, FILTER_VALIDATE_IP))
{
$error_detected=1;
$error_details.="Invalid IP address.<br>";
break;
}
}
}
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_api_keys SET api_key_secret=?, api_key_ip=?, api_key_clients_add=?, api_key_clients_edit=?, api_key_licenses_add=?, api_key_licenses_edit=?, api_key_products_add=?, api_key_products_edit=?, api_key_installations_edit=?, api_key_search=?, api_key_status=? WHERE api_key_id=?", array($api_key_secret, $api_key_ip, $api_key_clients_add, $api_key_clients_edit, $api_key_licenses_add, $api_key_licenses_edit, $api_key_products_add, $api_key_products_edit, $api_key_installations_edit, $api_key_search, $api_key_status, $api_key_id), array("s", "s", "i", "i", "i", "i", "i", "i", "i", "i", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid API secret, permissions, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="API key $api_key_secret updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/api_keys_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View API Keys";
$page_message="View existing API keys. If any API key needs to be modified, click the API secret. If any API key needs to be deleted, check the box near API secret and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($api_key_ids_array) && is_array($api_key_ids_array))
{
foreach ($api_key_ids_array as $api_key_id)
{
if (filter_var($api_key_id, FILTER_VALIDATE_INT))
{
$removed_records+=deleteRow("DELETE FROM apl_api_keys WHERE api_key_id=?", array($api_key_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records API key(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
$api_keys_array=returnApiKeysArray();
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/apl_core_configuration_sample.php 0 → 100755
<?php
//MAIN CONFIG FILE OF AUTO PHP LICENSER. CAN BE EDITED MANUALLY OR GENERATED USING Extra Tools > Configuration Generator TAB IN AUTO PHP LICENSER DASHBOARD. THE FILE MUST BE INCLUDED IN YOUR SCRIPT BEFORE YOU PROVIDE IT TO USER.
//-----------BASIC SETTINGS-----------//
//Random salt used for encryption. It should contain random symbols (16 or more recommended) and be different for each application you want to protect. Cannot be modified after installing script.
define("APL_SALT", "some_random_text");
//The URL (without / at the end) where Auto PHP Licenser from /WEB directory is installed on your server. No matter how many applications you want to protect, a single installation is enough.
define("APL_ROOT_URL", "https://www.demo.phpmillion.com/apl");
//Unique numeric ID of product that needs to be licensed. Can be obtained by going to Products > View Products tab in Auto PHP Licenser dashboard and selecting product to be licensed. At the end of URL, you will see something like products_edit.php?product_id=NUMBER, where NUMBER is unique product ID. Cannot be modified after installing script.
define("APL_PRODUCT_ID", 1);
//Time period (in days) between automatic license verifications. The lower the number, the more often license will be verified, but if many end users use your script, it can cause extra load on your server. Available values are between 1 and 365. Usually 7 or 14 days are the best choice.
define("APL_DAYS", 7);
//Place to store license signature and other details. "DATABASE" means data will be stored in MySQL database (recommended), "FILE" means data will be stored in local file. Only use "FILE" if your application doesn't support MySQL. Otherwise, "DATABASE" should always be used. Cannot be modified after installing script.
define("APL_STORAGE", "FILE");
//Name of table (will be automatically created during installation) to store license signature and other details. Only used when "APL_STORAGE" set to "DATABASE". The more "harmless" name, the better. Cannot be modified after installing script.
define("APL_DATABASE_TABLE", "user_data");
//Name and location (relative to directory where "apl_core_configuration.php" file is located, cannot be moved outside this directory) of file to store license signature and other details. Can have ANY name and extension. The more "harmless" location and name, the better. Cannot be modified after installing script. Only used when "APL_STORAGE" set to "FILE" (file itself can be safely deleted otherwise).
define("APL_LICENSE_FILE_LOCATION", "signature/license.key.example");
//Name and location (relative to directory where "apl_core_configuration.php" file is located, cannot be moved outside this directory) of MySQL connection file. Only used when "APL_STORAGE" set to "DATABASE" (file itself can be safely deleted otherwise).
define("APL_MYSQL_FILE_LOCATION", "mysql/mysql.php");
//Notification to be displayed when operation fails because of connection issues (no Internet connection, your domain is blacklisted by user, etc.) Other notifications will be automatically fetched from your Auto PHP Licenser installation.
define("APL_NOTIFICATION_NO_CONNECTION", "Can't connect to licensing server.");
//Notification to be displayed when updating database fails. Only used when APL_STORAGE set to DATABASE.
define("APL_NOTIFICATION_DATABASE_WRITE_ERROR", "Can't write to database.");
//Notification to be displayed when updating license file fails. Only used when APL_STORAGE set to FILE.
define("APL_NOTIFICATION_LICENSE_FILE_WRITE_ERROR", "Can't write to license file.");
//Notification to be displayed when installation wizard is launched again after script was installed.
define("APL_NOTIFICATION_SCRIPT_ALREADY_INSTALLED", "Script is already installed (or database not empty).");
//Notification to be displayed when license could not be verified because license is not installed yet or corrupted.
define("APL_NOTIFICATION_LICENSE_CORRUPTED", "License is not installed yet or corrupted.");
//Notification to be displayed when license verification does not need to be performed. Used for debugging purposes only, should never be displayed to end user.
define("APL_NOTIFICATION_BYPASS_VERIFICATION", "No need to verify");
//-----------ADVANCED SETTINGS-----------//
//Secret key used to verify if configuration file included in your script is genuine (not replaced with 3rd party files). It can contain any number of random symbols and should be different for each application you want to protect. You should also change its name from "APL_INCLUDE_KEY_CONFIG" to something else, let's say "MY_CUSTOM_SECRET_KEY"
define("APL_INCLUDE_KEY_CONFIG", "some_random_text");
//IP address of your Auto PHP Licenser installation. If IP address is set, script will always check if "APL_ROOT_URL" resolves to this IP address (very useful against users who may try blocking or nullrouting your domain on their servers). However, use it with caution because if IP address of your server is changed in future, old installations of protected script will stop working (you will need to update this file with new IP and send updated file to end user). If you want to verify licensing server, but don't want to lock it to specific IP address, you can use APL_ROOT_NAMESERVERS option (because nameservers change is unlikely).
define("APL_ROOT_IP", "");
//Nameservers of your domain with Auto PHP Licenser installation (only works with domains and NOT subdomains). If nameservers are set, script will always check if "APL_ROOT_NAMESERVERS" match actual DNS records (very useful against users who may try blocking or nullrouting your domain on their servers). However, use it with caution because if nameservers of your domain are changed in future, old installations of protected script will stop working (you will need to update this file with new nameservers and send updated file to end user). Nameservers should be formatted as an array. For example: array("ns1.phpmillion.com", "ns2.phpmillion.com"). Nameservers are NOT CAse SensitIVE.
//define("APL_ROOT_NAMESERVERS", array()); //ATTENTION! THIS FEATURE ONLY WORKS WITH PHP 7, SO UNCOMMENT THIS LINE ONLY IF PROTECTED SCRIPT WILL RUN ON PHP 7 SERVER!
//When option set to "YES", all files and MySQL data will be deleted when illegal usage is detected. This is very useful against users who may try using pirated software; if someone shares his license with 3rd parties (by sending it to a friend, posting on warez forums, etc.) and you cancel this license, Auto PHP Licenser will try to delete all script files and any data in MySQL database for everyone who uses cancelled license. For obvious reasons, data will only be deleted if license is cancelled. If license is invalid or expired, no data will be modified. Use at your own risk!
define("APL_DELETE_CANCELLED", "");
//When option set to "YES", all files and MySQL data will be deleted when cracking attempt is detected. This is very useful against users who may try cracking software; if some unauthorized changes in core functions are detected, Auto PHP Licenser will try to delete all script files and any data in MySQL database. Use at your own risk!
define("APL_DELETE_CRACKED", "YES");
//-----------NOTIFICATIONS FOR DEBUGGING PURPOSES ONLY. SHOULD NEVER BE DISPLAYED TO END USER-----------//
define("APL_CORE_NOTIFICATION_INVALID_SALT", "Configuration error: invalid or default encryption salt");
define("APL_CORE_NOTIFICATION_INVALID_ROOT_URL", "Configuration error: invalid root URL of Auto PHP Licenser installation");
define("APL_CORE_NOTIFICATION_INVALID_PRODUCT_ID", "Configuration error: invalid product ID");
define("APL_CORE_NOTIFICATION_INVALID_VERIFICATION_PERIOD", "Configuration error: invalid license verification period");
define("APL_CORE_NOTIFICATION_INVALID_STORAGE", "Configuration error: invalid license storage option");
define("APL_CORE_NOTIFICATION_INVALID_TABLE", "Configuration error: invalid MySQL table name to store license signature");
define("APL_CORE_NOTIFICATION_INVALID_LICENSE_FILE", "Configuration error: invalid license file location (or file not writable)");
define("APL_CORE_NOTIFICATION_INVALID_MYSQL_FILE", "Configuration error: invalid MySQL file location (or file not readable)");
define("APL_CORE_NOTIFICATION_INVALID_ROOT_IP", "Configuration error: invalid IP address of your Auto PHP Licenser installation");
define("APL_CORE_NOTIFICATION_INVALID_ROOT_NAMESERVERS", "Configuration error: invalid nameservers of your Auto PHP Licenser installation");
define("APL_CORE_NOTIFICATION_INACCESSIBLE_ROOT_URL", "Server error: impossible to establish connection to your Auto PHP Licenser installation");
define("APL_CORE_NOTIFICATION_INVALID_DNS", "License error: actual IP address and/or nameservers of your Auto PHP Licenser installation don't match specified IP address and/or nameservers");
//-----------SOME EXTRA STUFF. SHOULD NEVER BE REMOVED OR MODIFIED-----------//
define("APL_DIRECTORY", __DIR__);
define("APL_MYSQL_QUERY", "LOCAL");
apl_admin/banned_hosts_add.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Add New Banned Host";
$page_message="Add new banned host to be blocked from accessing $PRODUCT_NAME. Enter IP address and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories
{
if (filter_var($banned_host_ip, FILTER_VALIDATE_IP))
{
if ($error_detected!=1)
{
$banned_host_date=date("Y-m-d");
$added_records=insertRow("INSERT IGNORE INTO apl_banned_hosts (banned_host_ip, banned_host_comments, banned_host_date) VALUES (?, ?, ?)", array($banned_host_ip, $banned_host_comments, $banned_host_date), array("s", "s", "s"));
if ($added_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid IP address.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Banned host $banned_host_ip added to the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/banned_hosts_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Edit Banned Host";
$page_message="Edit banned host. Update banned host information and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="banned_hosts_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($banned_host_id) || !filter_var($banned_host_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_banned_hosts WHERE banned_host_id=?", array($banned_host_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
{
foreach ($rows_array as $row)
{
extract($row);
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories, EXCEPT header("Location: $page_header_file_no_data"); LINE
{
if (!empty($delete_record) && $delete_record==1)
{
$removed_records=deleteRow("DELETE FROM apl_banned_hosts WHERE banned_host_id=?", array($banned_host_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records banned host(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
header("Location: $page_header_file_no_data");
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (filter_var($banned_host_ip, FILTER_VALIDATE_IP))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_banned_hosts SET banned_host_ip=?, banned_host_comments=? WHERE banned_host_id=?", array($banned_host_ip, $banned_host_comments, $banned_host_id), array("s", "s", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid IP address.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Banned host $banned_host_ip updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/banned_hosts_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View Banned Hosts";
$page_message="View existing banned hosts. If any banned host needs to be modified, click the IP address. If any banned host needs to be deleted, check the box near IP address and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($banned_host_ids_array) && is_array($banned_host_ids_array))
{
foreach ($banned_host_ids_array as $banned_host_id)
{
if (filter_var($banned_host_id, FILTER_VALIDATE_INT))
{
$removed_records+=deleteRow("DELETE FROM apl_banned_hosts WHERE banned_host_id=?", array($banned_host_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records banned host(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
$banned_hosts_array=returnBannedHostsArray();
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/callbacks_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View Callbacks";
$page_message="View existing license verification callbacks. If any callback needs to be deleted, check the box near client or license code and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="callbacks_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($callback_ids_array) && is_array($callback_ids_array))
{
foreach ($callback_ids_array as $callback_id)
{
if (filter_var($callback_id, FILTER_VALIDATE_INT))
{
$removed_records+=deleteRow("DELETE FROM apl_callbacks WHERE callback_id=?", array($callback_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records callback(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
if (empty($product_id)) //no product specified, display a list of products
{
$products_array=returnProductsArray();
}
else //product specified, display callbacks from this product
{
if (!filter_var($product_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_products WHERE product_id=?", array($product_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
$callbacks_array=returnCallbacksArray($product_id);
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/clients_add.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Add New Client";
$page_message="Add new client to use licensed products. Enter first and last name, email address, and click the 'Submit' button.<br><br>Client's email address will be used to automatically verify his license.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories
{
if (!empty($client_fname) && !empty($client_lname) && filter_var($client_email, FILTER_VALIDATE_EMAIL) && validateNumberOrRange($client_status, 0, 2))
{
if ($error_detected!=1)
{
$client_active_date=date("Y-m-d");
if ($client_status==1)
{
$client_cancel_date="0000-00-00";
}
else
{
if (empty($client_cancel_date) || !verifyDate($client_cancel_date, "Y-m-d")) //set cancel date to now only if client is inactive and no previous cancel date set
{
$client_cancel_date=date("Y-m-d");
}
}
$added_records=insertRow("INSERT IGNORE INTO apl_clients (client_fname, client_lname, client_email, client_active_date, client_cancel_date, client_status) VALUES (?, ?, ?, ?, ?, ?)", array($client_fname, $client_lname, $client_email, $client_active_date, $client_cancel_date, $client_status), array("s", "s", "s", "s", "s", "i"));
if ($added_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid first name, last name, email address, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Client $client_fname $client_lname ($client_email) added to the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/clients_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Edit Client";
$page_message="Edit client to use licensed products. Update client information and click the 'Submit' button.<br><br>Client's email address will be used to automatically verify his license.";
$page_message_class="alert alert-info";
$page_header_file_no_data="clients_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($client_id) || !filter_var($client_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_clients WHERE client_id=?", array($client_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
{
foreach ($rows_array as $row)
{
extract($row);
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories, EXCEPT header("Location: $page_header_file_no_data"); LINE
{
if (!empty($delete_record) && $delete_record==1)
{
deleteRow("DELETE FROM apl_callbacks WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_installations WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_licenses WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
$removed_records=deleteRow("DELETE FROM apl_clients WHERE client_id=?", array($client_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records client(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
header("Location: $page_header_file_no_data");
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (!empty($client_fname) && !empty($client_lname) && filter_var($client_email, FILTER_VALIDATE_EMAIL) && validateNumberOrRange($client_status, 0, 2))
{
if ($error_detected!=1)
{
if ($client_status==1)
{
$client_cancel_date="0000-00-00";
}
else
{
$client_cancel_date=$rows_array[0]['client_cancel_date']; //get old client_cancel_date, so this value can be used when client was deactivated previously and his status wasn't changed now
if (empty($client_cancel_date) || !verifyDate($client_cancel_date, "Y-m-d")) //set cancel date to now only if no previous cancel date set
{
$client_cancel_date=date("Y-m-d");
}
}
$updated_records=updateRow("UPDATE apl_clients SET client_fname=?, client_lname=?, client_email=?, client_cancel_date=?, client_status=? WHERE client_id=?", array($client_fname, $client_lname, $client_email, $client_cancel_date, $client_status, $client_id), array("s", "s", "s", "s", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid first name, last name, email address, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Client $client_fname $client_lname ($client_email) updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/clients_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View Clients";
$page_message="View existing clients. If any client needs to be modified, click the client name. If any client needs to be deleted, check the box near client name (or license code) and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($client_ids_array) && is_array($client_ids_array))
{
foreach ($client_ids_array as $client_id)
{
if (filter_var($client_id, FILTER_VALIDATE_INT))
{
deleteRow("DELETE FROM apl_callbacks WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_installations WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_licenses WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
$removed_records+=deleteRow("DELETE FROM apl_clients WHERE client_id=?", array($client_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records client(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
$clients_array=returnClientsArray();
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/config_generate.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Configuration Generator";
$page_message="Automatically generate settings for apl_core_configuration.php file. Select product to be licensed, license verification period, license storage options, and click the 'Submit' button. Once configuration is generated, copy/paste its content to your apl_core_configuration.php file.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (filter_var($product_id, FILTER_VALIDATE_INT) && validateNumberOrRange($config_apl_days, 1, 365) && in_array($config_apl_storage, array("DATABASE", "FILE")) && !empty($config_apl_database_table) && !empty($config_apl_license_file_location) && !empty($config_apl_mysql_file_location))
{
if (empty($rows_array=fetchRow("SELECT * FROM apl_products WHERE product_id=?", array($product_id), array("i")))) //invalid record
{
$error_detected=1;
$error_details.="Invalid product.<br>";
}
if ($error_detected!=1)
{
foreach ($rows_array as $row)
{
extract($row);
}
$config_file_content=@file_get_contents("apl_core_configuration_sample.php"); //get example content
//do replace
$config_values_bad_array=array('define("APL_SALT", "some_random_text");', 'define("APL_ROOT_URL", "https://www.demo.phpmillion.com/apl");', 'define("APL_PRODUCT_ID", 1);', 'define("APL_DAYS", 7);', 'define("APL_STORAGE", "FILE");', 'define("APL_DATABASE_TABLE", "user_data");', 'define("APL_LICENSE_FILE_LOCATION", "signature/license.key.example");', 'define("APL_MYSQL_FILE_LOCATION", "mysql/mysql.php");', 'define("APL_INCLUDE_KEY_CONFIG", "some_random_text");', 'define("APL_DELETE_CANCELLED", "");', 'define("APL_DELETE_CRACKED", "YES");');
$config_values_good_array=array('define("APL_SALT", "'.generateSalt(16).'");', 'define("APL_ROOT_URL", "'.$ROOT_URL.'");', 'define("APL_PRODUCT_ID", '.$product_id.');', 'define("APL_DAYS", '.$config_apl_days.');', 'define("APL_STORAGE", "'.$config_apl_storage.'");', 'define("APL_DATABASE_TABLE", "'.$config_apl_database_table.'");', 'define("APL_LICENSE_FILE_LOCATION", "'.$config_apl_license_file_location.'");', 'define("APL_MYSQL_FILE_LOCATION", "'.$config_apl_mysql_file_location.'");', 'define("APL_INCLUDE_KEY_CONFIG", "'.generateSalt(16).'");', 'define("APL_DELETE_CANCELLED", "'.$config_apl_delete_cancelled.'");', 'define("APL_DELETE_CRACKED", "'.$config_apl_delete_cracked.'");');
$config_file_content=str_replace($config_values_bad_array, $config_values_good_array, $config_file_content);
if (empty($config_file_content)) //no content
{
$error_detected=1;
$error_details.="Sample configuration file is empty.<br>";
}
else //everything OK
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid product, license verification period, license storage type, license file location, MySQL table name, or MySQL file location.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="$product_title configuration file generated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The configuration file could not be generated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//set default values for essential variables (mostly submitted to dropdown functions) when no values are set or values need to be reset
if (empty($product_id) || !filter_var($product_id, FILTER_VALIDATE_INT))
{
$product_id=null;
}
if (empty($config_apl_days) || !filter_var($config_apl_days, FILTER_VALIDATE_INT))
{
$config_apl_days=7;
}
if (empty($config_apl_license_file_location))
{
$config_apl_license_file_location="signature/license.key.example";
}
if (empty($config_apl_mysql_file_location))
{
$config_apl_mysql_file_location="mysql/mysql.php";
}
if (empty($config_apl_database_table))
{
$config_apl_database_table="user_data";
}
$products_array=returnProductsDropdownArray($product_id);
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/emails_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Customize Emails";
$page_message="Customize reminder emails about expiring license, updates, and support. All variables surrounded by % sign will be automatically converted into real values in email messages (HTML tags are supported).<br><br>For more information on supported variables, refer to the Help section.";
$page_message_class="alert alert-info";
$page_header_file_no_data="index.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$email_id=1; //manually set email_id because no other ids should be available
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($email_id) || !filter_var($email_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_emails WHERE email_id=?", array($email_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
{
foreach ($rows_array as $row)
{
extract($row);
}
}
if (isset($submit_ok))
{
if (!empty($email_expiring_license_subject) && !empty($email_expiring_license_text) && !empty($email_expiring_updates_subject) && !empty($email_expiring_updates_text) && !empty($email_expiring_support_subject) && !empty($email_expiring_support_text))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_emails SET email_expiring_license_subject=?, email_expiring_license_text=?, email_expiring_updates_subject=?, email_expiring_updates_text=?, email_expiring_support_subject=?, email_expiring_support_text=?", array($email_expiring_license_subject, $email_expiring_license_text, $email_expiring_updates_subject, $email_expiring_updates_text, $email_expiring_support_subject, $email_expiring_support_text), array("s", "s", "s", "s", "s", "s"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid message(s).<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Email messages updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/index.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Dashboard";
//select some stuff for stats
$rows_array=fetchRow("SELECT
(SELECT count(*) FROM apl_products) AS 'TOTAL_PRODUCTS',
(SELECT count(*) FROM apl_products WHERE product_status='1') AS 'TOTAL_ACTIVE_PRODUCTS',
(SELECT count(*) FROM apl_clients) AS 'TOTAL_CLIENTS',
(SELECT count(*) FROM apl_clients WHERE client_status='1') AS 'TOTAL_ACTIVE_CLIENTS',
(SELECT count(*) FROM apl_licenses) AS 'TOTAL_LICENSES',
(SELECT count(*) FROM apl_licenses WHERE license_status='1') AS 'TOTAL_ACTIVE_LICENSES',
(SELECT count(*) FROM apl_callbacks) AS 'TOTAL_CALLBACKS',
(SELECT count(*) FROM apl_callbacks WHERE callback_status='1') AS 'TOTAL_SUCCESSSFUL_CALLBACKS'");
foreach ($rows_array as $row)
{
extract($row);
}
//return latest clients
function returnLatestClientsArray($RECORDS_ON_INDEX_PAGE)
{
$root_array=array();
$rows_array=fetchRow("SELECT *, (SELECT COUNT(*) FROM apl_licenses WHERE apl_licenses.client_id=apl_clients.client_id) AS total_licenses FROM apl_clients ORDER BY client_active_date DESC, client_id DESC LIMIT $RECORDS_ON_INDEX_PAGE");
foreach ($rows_array as $row)
{
foreach ($row as $key=>$value)
{
$item_array[$key]=$value;
}
$item_array['client_status_formatted']=returnFormattedStatusArray($item_array['client_status'], "Active", "Inactive", "Suspended");
$root_array[]=$item_array;
}
return $root_array;
}
//return latest licenses
function returnyLatestLicensesArray($RECORDS_ON_INDEX_PAGE)
{
$root_array=array();
$rows_array=fetchRow("SELECT * FROM apl_licenses LEFT JOIN apl_products ON apl_licenses.product_id=apl_products.product_id LEFT JOIN apl_clients ON apl_clients.client_id=apl_licenses.client_id ORDER BY license_date DESC, license_id DESC LIMIT $RECORDS_ON_INDEX_PAGE");
foreach ($rows_array as $row)
{
foreach ($row as $key=>$value)
{
$item_array[$key]=$value;
}
if (verifyDate($item_array['license_expire_date'], "Y-m-d") && $item_array['license_expire_date']<=date("Y-m-d")) {$item_array['license_status']=2;} //expired status will be formatted
if (!verifyDate($item_array['license_expire_date'], "Y-m-d")) {$item_array['license_expire_date']=null;}
$item_array['client_formatted']=formatClient($item_array['client_id'], $item_array['client_fname'], $item_array['client_lname'], $item_array['client_email'], $item_array['license_code']);
$item_array['license_status_formatted']=returnFormattedStatusArray($item_array['license_status'], "Active", "Inactive", "Expired");
$root_array[]=$item_array;
}
return $root_array;
}
//return latest installations
function returnLatestInstallationsArray($RECORDS_ON_INDEX_PAGE)
{
$root_array=array();
$rows_array=fetchRow("SELECT * FROM apl_installations LEFT JOIN apl_products ON apl_installations.product_id=apl_products.product_id LEFT JOIN apl_clients ON apl_clients.client_id=apl_installations.client_id ORDER BY installation_date DESC, installation_id DESC LIMIT $RECORDS_ON_INDEX_PAGE");
foreach ($rows_array as $row)
{
foreach ($row as $key=>$value)
{
$item_array[$key]=$value;
}
$item_array['client_formatted']=formatClient($item_array['client_id'], $item_array['client_fname'], $item_array['client_lname'], $item_array['client_email'], $item_array['license_code']);
$item_array['installation_status_formatted']=returnFormattedStatusArray($item_array['installation_status'], "Active", "Inactive", "Unknown");
$root_array[]=$item_array;
}
return $root_array;
}
//return latest callbacks
function returnLatestCallbacksArray($RECORDS_ON_INDEX_PAGE)
{
$root_array=array();
$rows_array=fetchRow("SELECT * FROM apl_callbacks LEFT JOIN apl_products ON apl_callbacks.product_id=apl_products.product_id LEFT JOIN apl_clients ON apl_clients.client_id=apl_callbacks.client_id ORDER BY callback_date DESC, callback_id DESC LIMIT $RECORDS_ON_INDEX_PAGE");
foreach ($rows_array as $row)
{
foreach ($row as $key=>$value)
{
$item_array[$key]=$value;
}
$item_array['client_formatted']=formatClient($item_array['client_id'], $item_array['client_fname'], $item_array['client_lname'], $item_array['client_email'], $item_array['license_code']);
$item_array['callback_status_formatted']=returnFormattedStatusArray($item_array['callback_status'], "Success", "Failure", "Unknown");
$root_array[]=$item_array;
}
return $root_array;
}
//return expiring support
function returnExpiringSupportArray($RECORDS_ON_INDEX_PAGE)
{
$root_array=array();
$rows_array=fetchRow("SELECT * FROM apl_licenses JOIN apl_products ON apl_licenses.product_id=apl_products.product_id LEFT JOIN apl_clients ON apl_clients.client_id=apl_licenses.client_id WHERE apl_licenses.license_support_date>='".date("Y-m-d")."' AND apl_licenses.license_status='1' ORDER BY license_support_date LIMIT $RECORDS_ON_INDEX_PAGE");
foreach ($rows_array as $row)
{
foreach ($row as $key=>$value)
{
$item_array[$key]=$value;
}
if (verifyDate($item_array['license_support_date'], "Y-m-d"))
{
if ($item_array['license_support_date']<=date("Y-m-d")) {$item_array['support_status']=2;} //expired status will be formatted
else {$item_array['support_status']=1;} //active status will be formatted
}
if (!verifyDate($item_array['license_support_date'], "Y-m-d")) {$item_array['license_support_date']=null;}
$item_array['client_formatted']=formatClient($item_array['client_id'], $item_array['client_fname'], $item_array['client_lname'], $item_array['client_email'], $item_array['license_code']);
$item_array['license_status_formatted']=returnFormattedStatusArray($item_array['support_status'], "Active", "Inactive", "Expired");
$root_array[]=$item_array;
}
return $root_array;
}
//return expiring updates
function returnExpiringUpdatesArray($RECORDS_ON_INDEX_PAGE)
{
$root_array=array();
$rows_array=fetchRow("SELECT * FROM apl_licenses JOIN apl_products ON apl_licenses.product_id=apl_products.product_id LEFT JOIN apl_clients ON apl_clients.client_id=apl_licenses.client_id WHERE apl_licenses.license_updates_date>='".date("Y-m-d")."' AND apl_licenses.license_status='1' ORDER BY license_updates_date LIMIT $RECORDS_ON_INDEX_PAGE");
foreach ($rows_array as $row)
{
foreach ($row as $key=>$value)
{
$item_array[$key]=$value;
}
if (verifyDate($item_array['license_updates_date'], "Y-m-d"))
{
if ($item_array['license_updates_date']<=date("Y-m-d")) {$item_array['updates_status']=2;} //expired status will be formatted
else {$item_array['updates_status']=1;} //active status will be formatted
}
if (!verifyDate($item_array['license_updates_date'], "Y-m-d")) {$item_array['license_updates_date']=null;}
$item_array['client_formatted']=formatClient($item_array['client_id'], $item_array['client_fname'], $item_array['client_lname'], $item_array['client_email'], $item_array['license_code']);
$item_array['license_status_formatted']=returnFormattedStatusArray($item_array['updates_status'], "Active", "Inactive", "Expired");
$root_array[]=$item_array;
}
return $root_array;
}
$latest_clients_array=returnLatestClientsArray($RECORDS_ON_INDEX_PAGE);
$latest_licenses_array=returnyLatestLicensesArray($RECORDS_ON_INDEX_PAGE);
$latest_installations_array=returnLatestInstallationsArray($RECORDS_ON_INDEX_PAGE);
$latest_callbacks_array=returnLatestCallbacksArray($RECORDS_ON_INDEX_PAGE);
$expiring_support_array=returnExpiringSupportArray($RECORDS_ON_INDEX_PAGE);
$expiring_updates_array=returnExpiringUpdatesArray($RECORDS_ON_INDEX_PAGE);
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/installations_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Edit Installation";
$page_message="Edit software installation. Update installation information and click the 'Submit' button. For security reasons, only installation IP address and status can be modified.";
$page_message_class="alert alert-info";
$page_header_file_no_data="installations_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($installation_id) || !filter_var($installation_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_installations WHERE installation_id=?", array($installation_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
{
foreach ($rows_array as $row)
{
extract($row);
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories, EXCEPT header("Location: $page_header_file_no_data"); LINE
{
if (!empty($delete_record) && $delete_record==1)
{
$removed_records=deleteRow("DELETE FROM apl_installations WHERE installation_id=?", array($installation_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records installation(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
header("Location: $page_header_file_no_data");
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (filter_var($installation_ip, FILTER_VALIDATE_IP) && validateNumberOrRange($installation_status, 0, 2))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_installations SET installation_ip=?, installation_status=? WHERE installation_id=?", array($installation_ip, $installation_status, $installation_id), array("s", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
$rows_array=fetchRow("SELECT * FROM apl_installations LEFT JOIN apl_products ON apl_installations.product_id=apl_products.product_id WHERE apl_installations.installation_id=?", array($installation_id), array("i")); //fetch product details to be used in reports
foreach ($rows_array as $row)
{
extract($row);
}
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid IP address or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="$product_title installation on $installation_domain ($installation_ip) updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
$products_array=returnProductsDropdownDisabledArray($product_id);
$clients_array=returnClientsDropdownDisabledArray($client_id);
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/installations_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View Installations";
$page_message="View existing installations. If any installation needs to be modified, click the client or license code. If any installation needs to be deleted, check the box near client or license code and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="installations_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($installation_ids_array) && is_array($installation_ids_array))
{
foreach ($installation_ids_array as $installation_id)
{
if (filter_var($installation_id, FILTER_VALIDATE_INT))
{
$removed_records+=deleteRow("DELETE FROM apl_installations WHERE installation_id=?", array($installation_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records installation(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
if (empty($product_id)) //no product specified, display a list of products
{
$products_array=returnProductsArray();
}
else //product specified, display installations from this product
{
if (!filter_var($product_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_products WHERE product_id=?", array($product_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
$installations_array=returnInstallationsArray($product_id);
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/licenses_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View Licenses";
$page_message="View existing licenses. If any license needs to be modified, click the client or license code. If any license needs to be deleted, check the box near client or license and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="licenses_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($license_ids_array) && is_array($license_ids_array))
{
foreach ($license_ids_array as $license_id)
{
if (filter_var($license_id, FILTER_VALIDATE_INT))
{
$removed_records+=deleteRow("DELETE FROM apl_licenses WHERE license_id=?", array($license_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records license(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
if (empty($product_id)) //no product specified, display a list of products
{
$products_array=returnProductsArray();
}
else //product specified, display licenses from this product
{
if (!filter_var($product_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_products WHERE product_id=?", array($product_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
$licenses_array=returnLicensesArray($product_id);
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/login.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
if ($is_logged_in_admin===true) //redirect to the dashboard if logged in
{
header("Location: index.php");
exit();
}
$page_title="Administrator Login";
$page_message="Login to start your session.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (filter_var($admin_email, FILTER_VALIDATE_EMAIL) && !empty($admin_password) && !empty($rows_array=fetchRow("SELECT * FROM apl_admins WHERE admin_email=?", array($admin_email), array("s"))))
{
foreach ($rows_array as $row)
{
extract($row, EXTR_PREFIX_ALL, "logged"); //add prefix 'logged'
if ($error_detected!=1)
{
if (password_verify($admin_password, $logged_admin_password)) //everything ok
{
$action_success=1;
if (!empty($remember_me) && $remember_me==1) //store cookie for 1 month
{
$cookie_expiration_time=strtotime("+1 month");
}
else //cookie will expire after browser is closed
{
$cookie_expiration_time=0;
}
setcookie(COOKIE_PREFIX."_admin_id", $logged_admin_id, $cookie_expiration_time, null, null, null, true); //id
setcookie(COOKIE_PREFIX."_admin_email", password_hash($logged_admin_email, PASSWORD_DEFAULT), $cookie_expiration_time, null, null, null, true); //email (encrypted with password_hash)
setcookie(COOKIE_PREFIX."_admin_key", password_hash($logged_admin_id.$logged_admin_email.$logged_admin_password, PASSWORD_DEFAULT), $cookie_expiration_time, null, null, null, true); //key (id, email and password hash) (encrypted with password_hash)
setcookie(COOKIE_PREFIX."_admin_data_authenticity", password_hash($ip_address.$user_agent, PASSWORD_DEFAULT), $cookie_expiration_time, null, null, null, true); //user agent and IP (encrypted with password_hash)
if (!empty($logged_admin_reset)) //reset admin_reset value (in case lost password email was sent previously, but admin didn't change his password)
{
$logged_admin_reset=null;
updateRow("UPDATE apl_admins SET admin_reset=? WHERE admin_id=?", array($logged_admin_reset, $logged_admin_id), array("s", "i"));
}
}
else
{
$error_detected=1;
$error_details.="Invalid email address or password.<br>";
}
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid email address or password.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Admin $admin_email logged in from IP address $ip_address.";
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="Admin $admin_email login from IP address $ip_address failed because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
if (empty($logged_admin_id) || !filter_var($logged_admin_id, FILTER_VALIDATE_INT))
{
$logged_admin_id=null;
}
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
if ($action_success==1)
{
if (!empty($_COOKIE[COOKIE_PREFIX."_requested_page"])) //cookie with requested page set, unset cookie and redirect to this page
{
$requested_page_cookie=$_COOKIE[COOKIE_PREFIX."_requested_page"];
setcookie($_COOKIE[COOKIE_PREFIX."_requested_page"], false, 1);
header("Location: $requested_page_cookie");
exit();
}
else //redirect to the dashboard
{
header("Location: index.php");
exit();
}
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/login_check.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
//get IP, refer, requested page, script filename, and user agent (browser)
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
if (!empty($_POST)) //filter all $_POST requests submitted to /apl_admin
{
$_POST=filterFormPostRequest($_POST, $ROOT_URL, basename(__DIR__), $refer);
}
$is_logged_in_admin=false; //will be changed to true if login credentials verification succeeds
if (isset($_COOKIE[COOKIE_PREFIX."_admin_id"]) && isset($_COOKIE[COOKIE_PREFIX."_admin_email"]) && isset($_COOKIE[COOKIE_PREFIX."_admin_key"]) && isset($_COOKIE[COOKIE_PREFIX."_admin_data_authenticity"])) //login cookie set
{
$cookie_admin_id=$_COOKIE[COOKIE_PREFIX."_admin_id"]; //id
$cookie_admin_email=$_COOKIE[COOKIE_PREFIX."_admin_email"]; //email (encrypted with password_hash)
$cookie_admin_key=$_COOKIE[COOKIE_PREFIX."_admin_key"]; //key (id, email and password hash) (encrypted with password_hash)
$cookie_admin_data_authenticity=$_COOKIE[COOKIE_PREFIX."_admin_data_authenticity"]; //user agent and IP (encrypted with password_hash)
if (filter_var($cookie_admin_id, FILTER_VALIDATE_INT) && !empty($cookie_admin_email) && !empty($cookie_admin_key)) //authentication data exists
{
$rows_array=fetchRow("SELECT * FROM apl_admins WHERE admin_id=?", array($cookie_admin_id), array("i"));
foreach ($rows_array as $row)
{
extract($row, EXTR_PREFIX_ALL, "logged"); //add prefix 'logged'
if ($logged_admin_id==$cookie_admin_id && password_verify($logged_admin_email, $cookie_admin_email) && password_verify($logged_admin_id.$logged_admin_email.$logged_admin_password, $cookie_admin_key)) //everything ok
{
$is_logged_in_admin=true;
}
if ($logged_admin_data_authenticity==1 && !password_verify($ip_address.$user_agent, $cookie_admin_data_authenticity)) //additional data authentication enabled, perform additional checks and set login to failed if needed
{
$is_logged_in_admin=false;
}
}
}
}
if ($is_logged_in_admin!==true && !in_array($script_filename, $ANONYMOUS_FILES_ARRAY)) //login credentials verification failed and requested page can't be viewed anonymously, redirect to login form
{
if (empty($requested_page)) {$requested_page="index.php";}
setcookie(COOKIE_PREFIX."_requested_page", $requested_page, 0, null, null, null, true); //cookie with requested page, valid until browser is closed
header("Location: login.php");
exit();
}
if ($is_logged_in_admin===true) //login check succeeded
{
$twig_rss_feeds_array=parseDisplayRss($NEWS_TEXT, "https://www.phpmillion.com/feed", $NEWS_DATE, 1, 3); //load RSS feed
$twig_sidebar_items_array=returnLeftMenuArray($script_filename); //load sidebar menu
}
apl_admin/login_lostpassword.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
if ($is_logged_in_admin===true) //redirect to the dashboard if logged in
{
header("Location: index.php");
exit();
}
$page_title="Lost Password";
$page_message="Enter your email address.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (filter_var($admin_email, FILTER_VALIDATE_EMAIL))
{
$rows_array=fetchRow("SELECT * FROM apl_admins WHERE admin_email=?", array($admin_email), array("s"));
if (!empty($rows_array))
{
foreach ($rows_array as $row)
{
extract($row, EXTR_PREFIX_ALL, "logged"); //add prefix 'logged'
$logged_admin_reset=hash("sha256", microtime().$logged_admin_email);
$updated_records=updateRow("UPDATE apl_admins SET admin_reset=? WHERE admin_id=?", array($logged_admin_reset, $logged_admin_id), array("s", "i"));
if ($updated_records>0)
{
$mailer_result=emailAdmin("Password Recovery", "Someone at <a href='$ROOT_URL/apl_admin/'>$ROOT_URL/apl_admin/</a> requested admin password to be reset. If you lost your password, <a href='$ROOT_URL/apl_admin/login_resetpassword.php?admin_reset=$logged_admin_reset'>click this link</a> to reset it. If for some reasons the link doesn't work, copy/paste it manually into your browser - $ROOT_URL/apl_admin/login_resetpassword.php?admin_reset=$logged_admin_reset<br><br><b>Attention:</b>If you have never requested admin password to be reset, simply ignore and delete this email - your account is 100% secure.");
if (filter_var($mailer_result, FILTER_VALIDATE_INT))
{
$action_success=1;
}
else
{
$error_detected=1;
$error_details.="mail() function failure on server.<br>";
}
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid email address.<br>";
}
}
else
{
$error_detected=1;
$error_details.="Invalid email address.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Password recovery instructions sent to $logged_admin_email.";
createReport(strip_tags($page_message), 0, 1, 0);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="Password recovery failed because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/login_resetpassword.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
if ($is_logged_in_admin===true) //redirect to the dashboard if logged in
{
header("Location: index.php");
exit();
}
$page_title="Reset Password";
$page_message="Enter new password.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($admin_reset))
{
header("Location: login.php");
exit();
}
if (isset($submit_ok))
{
if (!empty($admin_reset) && !empty($admin_password) && !empty($admin_password2) && $admin_password==$admin_password2 && strlen($admin_password)>5)
{
$rows_array=fetchRow("SELECT * FROM apl_admins WHERE admin_reset=?", array($admin_reset), array("s"));
if (!empty($rows_array))
{
foreach ($rows_array as $row)
{
extract($row, EXTR_PREFIX_ALL, "logged"); //add prefix 'logged'
$logged_admin_password=password_hash($admin_password, PASSWORD_DEFAULT);
$logged_admin_reset=null;
$updated_records=updateRow("UPDATE apl_admins SET admin_password=?, admin_reset=? WHERE admin_id=?", array($logged_admin_password, $logged_admin_reset, $logged_admin_id), array("s", "s", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else //admin doesn't exist
{
$error_detected=1;
$error_details.="Invalid security key.<br>";
}
}
else
{
$error_detected=1;
$error_details.="Passwords are too short or don't match (or security key is invalid).<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Password for $logged_admin_email successfully reset.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/logout.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_COOKIE))
{
foreach ($_COOKIE as $cookie_key=>$cookie_value)
{
setcookie($cookie_key, false, 1); //standard way of removing a cookie (thus you can't store false in a cookie)
unset($_COOKIE[$cookie_key]); //remove cookie from script
}
}
header("Location: login.php");
exit();
apl_admin/notifications_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Customize Notifications";
$page_message="Customize server notifications displayed to users during license check. All variables surrounded by % sign will be automatically converted into real values in your script.<br><br>For more information on supported variables, refer to the Help section.";
$page_message_class="alert alert-info";
$page_header_file_no_data="index.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$notification_id=1; //manually set notification_id because no other ids should be available
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($notification_id) || !filter_var($notification_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_notifications WHERE notification_id=?", array($notification_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
{
foreach ($rows_array as $row)
{
extract($row);
}
}
if (isset($submit_ok))
{
if (!empty($notification_license_ok) && !empty($notification_license_not_found) && !empty($notification_invalid_ip) && !empty($notification_invalid_domain) && !empty($notification_domain_required) && !empty($notification_domain_in_use) && !empty($notification_license_suspended) && !empty($notification_license_expired) && !empty($notification_updates_expired) && !empty($notification_support_expired) && !empty($notification_license_cancelled) && !empty($notification_license_limit) && !empty($notification_installation_not_found) && !empty($notification_invalid_signature) && !empty($notification_host_banned) && !empty($notification_unknown_error))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_notifications SET notification_license_ok=?, notification_license_not_found=?, notification_invalid_ip=?, notification_invalid_domain=?, notification_domain_required=?, notification_domain_in_use=?, notification_license_suspended=?, notification_license_expired=?, notification_updates_expired=?, notification_support_expired=?, notification_license_cancelled=?, notification_license_limit=?, notification_installation_not_found=?, notification_invalid_signature=?, notification_host_banned=?, notification_unknown_error=?", array($notification_license_ok, $notification_license_not_found, $notification_invalid_ip, $notification_invalid_domain, $notification_domain_required, $notification_domain_in_use, $notification_license_suspended, $notification_license_expired, $notification_updates_expired, $notification_support_expired, $notification_license_cancelled, $notification_license_limit, $notification_installation_not_found, $notification_invalid_signature, $notification_host_banned, $notification_unknown_error), array("s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s", "s"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid notification(s).<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Server notifications updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/products_add.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Add New Product";
$page_message="Add new product to be licensed. Enter product name and SKU, and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories
{
if (!empty($product_title) && !empty($product_sku) && validateNumberOrRange($product_status, 0, 2))
{
if (!empty($product_url_homepage) && !filter_var($product_url_homepage, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED))
{
$error_detected=1;
$error_details.="Invalid product homepage URL.<br>";
}
if (!empty($product_envato_id) && !filter_var($product_envato_id, FILTER_VALIDATE_INT))
{
$error_detected=1;
$error_details.="Invalid product Envato ID.<br>";
}
if ($error_detected!=1)
{
if (!filter_var($product_envato_id, FILTER_VALIDATE_INT))
{
$product_envato_id=null;
}
$product_date=date("Y-m-d");
$added_records=insertRow("INSERT IGNORE INTO apl_products (product_title, product_description, product_sku, product_url_homepage, product_url_download, product_date, product_version, product_envato_id, product_status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)", array($product_title, $product_description, $product_sku, $product_url_homepage, $product_url_download, $product_date, $product_version, $product_envato_id, $product_status), array("s", "s", "s", "s", "s", "s", "s", "i", "i"));
if ($added_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid product name, SKU, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Product $product_title added to the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/products_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Edit Product";
$page_message="Edit product to be licensed. Update product information and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="products_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($product_id) || !filter_var($product_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_products WHERE product_id=?", array($product_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
if (!isset($submit_ok)) //extract fetched variables only if form wasn't submitted (otherwise data entered by user will be overwritten with data from database in case of form submission failure)
{
foreach ($rows_array as $row)
{
extract($row);
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories, EXCEPT header("Location: $page_header_file_no_data"); LINE
{
if (!empty($delete_record) && $delete_record==1)
{
deleteRow("DELETE FROM apl_callbacks WHERE product_id=?", array($product_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_installations WHERE product_id=?", array($product_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_licenses WHERE product_id=?", array($product_id), array("i")); //delete child (or child-mapped) records first
$removed_records=deleteRow("DELETE FROM apl_products WHERE product_id=?", array($product_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records product(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
header("Location: $page_header_file_no_data");
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (!empty($product_title) && !empty($product_sku) && validateNumberOrRange($product_status, 0, 2))
{
if (!empty($product_url_homepage) && !filter_var($product_url_homepage, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED))
{
$error_detected=1;
$error_details.="Invalid product homepage URL.<br>";
}
if (!empty($product_envato_id) && !filter_var($product_envato_id, FILTER_VALIDATE_INT))
{
$error_detected=1;
$error_details.="Invalid product Envato ID.<br>";
}
if ($error_detected!=1)
{
if (!filter_var($product_envato_id, FILTER_VALIDATE_INT))
{
$product_envato_id=null;
}
$updated_records=updateRow("UPDATE apl_products SET product_title=?, product_description=?, product_sku=?, product_url_homepage=?, product_url_download=?, product_version=?, product_envato_id=?, product_status=? WHERE product_id=?", array($product_title, $product_description, $product_sku, $product_url_homepage, $product_url_download, $product_version, $product_envato_id, $product_status, $product_id), array("s", "s", "s", "s", "s", "s", "i", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid product name, SKU, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Product $product_title updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/products_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View Products";
$page_message="View existing products. If any product needs to be modified, click the product name. If any product needs to be deleted, check the box near product name and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($product_ids_array) && is_array($product_ids_array))
{
foreach ($product_ids_array as $product_id)
{
if (filter_var($product_id, FILTER_VALIDATE_INT))
{
deleteRow("DELETE FROM apl_callbacks WHERE product_id=?", array($product_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_installations WHERE product_id=?", array($product_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_licenses WHERE product_id=?", array($product_id), array("i")); //delete child (or child-mapped) records first
$removed_records+=deleteRow("DELETE FROM apl_products WHERE product_id=?", array($product_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records product(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
$products_array=returnProductsArray();
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/profile_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Administrator Profile";
$page_message="Edit administrator profile. Update profile information and click the 'Submit' button.<br><br><b>Attention</b>: enter new password only if you want to change current password. Otherwise, leave password fields empty.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (filter_var($admin_email_1, FILTER_VALIDATE_EMAIL) && filter_var($admin_email_2, FILTER_VALIDATE_EMAIL) && validateNumberOrRange($admin_data_authenticity, 0, 1))
{
if ($admin_email_1!=$admin_email_2)
{
$error_detected=1;
$error_details.="Email addresses do not match.<br>";
}
if (!empty($admin_password_1) || !empty($admin_password_2))
{
if ($admin_password_1!=$admin_password_2)
{
$error_detected=1;
$error_details.="Passwords do not match.<br>";
}
if (strlen($admin_password_1)<5 || strlen($admin_password_2)<5)
{
$error_detected=1;
$error_details.="Passwords are too short.<br>";
}
}
if ($error_detected!=1)
{
if (empty($admin_password_1)) //no new password entered, use old one
{
$admin_password_1=$logged_admin_password;
}
else
{
$admin_password_1=password_hash($admin_password_1, PASSWORD_DEFAULT);
}
$logged_admin_data_authenticity=$admin_data_authenticity;
$updated_records=updateRow("UPDATE apl_admins SET admin_email=?, admin_password=?, admin_data_authenticity=? WHERE admin_id=?", array($admin_email_1, $admin_password_1, $logged_admin_data_authenticity, $logged_admin_id), array("s", "s", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid email or protection status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Administrator profile updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//set default values for essential variables (mostly submitted to dropdown functions) when no values are set or values need to be reset
if (empty($admin_email_1) || !filter_var($admin_email_1, FILTER_VALIDATE_EMAIL))
{
$admin_email_1=$logged_admin_email;
}
if (empty($admin_email_2) || !filter_var($admin_email_2, FILTER_VALIDATE_EMAIL))
{
$admin_email_2=$logged_admin_email;
}
if (empty($admin_data_authenticity) || !validateNumberOrRange($admin_data_authenticity, 0, 1))
{
$admin_data_authenticity=$logged_admin_data_authenticity;
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/reports_license_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View License Reports";
$page_message="View license reports. If any report needs to be deleted, check the box near report text and click the 'Submit' button.";
$page_message_class="alert alert-info";
$page_header_file_no_data="reports_license_view.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($report_ids_array) && is_array($report_ids_array))
{
foreach ($report_ids_array as $report_id)
{
if (filter_var($report_id, FILTER_VALIDATE_INT))
{
$removed_records+=deleteRow("DELETE FROM apl_reports WHERE report_id=?", array($report_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records license report(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
if (empty($product_id)) //no product specified, display a list of products
{
$products_array=returnProductsArray();
}
else //product specified, display reports from this product
{
if (!filter_var($product_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_products WHERE product_id=?", array($product_id), array("i")))) //invalid record
{
header("Location: $page_header_file_no_data");
exit();
}
$license_reports_array=returnLicenseReportsArray($product_id);
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/reports_system_view.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="View System Reports";
$page_message="View system reports. If any report needs to be deleted, check the box near report text and click the 'Submit' button.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($report_ids_array) && is_array($report_ids_array))
{
foreach ($report_ids_array as $report_id)
{
if (filter_var($report_id, FILTER_VALIDATE_INT))
{
$removed_records+=deleteRow("DELETE FROM apl_reports WHERE report_id=?", array($report_id), array("i"));
}
}
if ($removed_records<1) //no records affected
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
else
{
$action_success=1;
}
}
else
{
$error_detected=1;
$error_details.="No record selected.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Deleted $removed_records system report(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
$system_reports_array=returnSystemReportsArray();
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/search.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Database Search";
$page_message="Search database for records matching your search criteria. Only record types that have matches will be displayed. The limit of search results is $RECORDS_ON_SEARCH_PAGE for each type of records.";
$page_message_class="alert alert-info";
$page_header_file_no_data="index.php";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_GET) && is_array($_GET) && array_walk($_GET, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all GET values
{
extract($_GET, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($search_keyword)) //no search term submitted
{
header("Location: $page_header_file_no_data");
exit();
}
if (isset($submit_ok))
{
if (strlen(trim($search_keyword))>2)
{
$action_success=1;
$products_array=returnProductsArray($search_keyword, $RECORDS_ON_SEARCH_PAGE);
$clients_array=returnClientsArray($search_keyword, $RECORDS_ON_SEARCH_PAGE);
$licenses_array=returnLicensesArray(null, $search_keyword, $RECORDS_ON_SEARCH_PAGE);
$installations_array=returnInstallationsArray(null, $search_keyword, $RECORDS_ON_SEARCH_PAGE);
$callbacks_array=returnCallbacksArray(null, $search_keyword, $RECORDS_ON_SEARCH_PAGE);
$license_reports_array=returnLicenseReportsArray(null, $search_keyword, $RECORDS_ON_SEARCH_PAGE);
}
else
{
$error_detected=1;
$error_details.="Invalid search term (3 characters minimum).<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Database search for term $search_keyword performed. The limit of search results is $RECORDS_ON_SEARCH_PAGE for each type of records.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The search could not be performed because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/settings_advanced.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Advanced Settings";
$page_message="Configure advanced software settings, enable and disable individual options.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (validateNumberOrRange($api_status, 0, 1) && validateNumberOrRange($banned_hosts, 0, 1))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_settings SET API_STATUS=?, BANNED_HOSTS=?, ENVATO_API_TOKEN=?", array($api_status, $banned_hosts, $envato_api_token), array("i", "i", "s"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid settings or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid settings.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Advanced software settings updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
//get all settings again
$rows_array=fetchRow("SELECT * FROM apl_settings");
foreach ($rows_array as $row)
{
extract($row);
}
}
//set default values for essential variables (mostly submitted to dropdown functions) when no values are set or values need to be reset
if (!empty($envato_api_token))
{
$ENVATO_API_TOKEN=$envato_api_token;
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/settings_cleanup.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Database Cleanup Settings";
$page_message="Configure database cleanup settings. Automatic removal of old data can slightly reduce database usage and improve overall performance.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (validateNumberOrRange($database_cleanup_enabled, 0, 1) && validateNumberOrRange($database_cleanup_callbacks, 0, 365) && validateNumberOrRange($database_cleanup_reports_main, 0, 365) && validateNumberOrRange($database_cleanup_reports_system, 0, 365) && validateNumberOrRange($database_cleanup_licenses, 0, 365))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_settings SET DATABASE_CLEANUP_ENABLED=?, DATABASE_CLEANUP_CALLBACKS=?, DATABASE_CLEANUP_REPORTS_MAIN=?, DATABASE_CLEANUP_REPORTS_SYSTEM=?, DATABASE_CLEANUP_LICENSES=?", array($database_cleanup_enabled, $database_cleanup_callbacks, $database_cleanup_reports_main, $database_cleanup_reports_system, $database_cleanup_licenses), array("i", "i", "i", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid settings or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid time range.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Database cleanup settings updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
//get all settings again
$rows_array=fetchRow("SELECT * FROM apl_settings");
foreach ($rows_array as $row)
{
extract($row);
}
}
$database_cleanup_callbacks_array=returnNumbersDropdownArray(array(0, 1, 7, 14, 30, 60, 90, 180, 365), "Days", "Disabled", $DATABASE_CLEANUP_CALLBACKS);
$database_cleanup_reports_main_array=returnNumbersDropdownArray(array(0, 1, 7, 14, 30, 60, 90, 180, 365), "Days", "Disabled", $DATABASE_CLEANUP_REPORTS_MAIN);
$database_cleanup_reports_system_array=returnNumbersDropdownArray(array(0, 1, 7, 14, 30, 60, 90, 180, 365), "Days", "Disabled", $DATABASE_CLEANUP_REPORTS_SYSTEM);
$database_cleanup_licenses_array=returnNumbersDropdownArray(array(0, 1, 7, 14, 30, 60, 90, 180, 365), "Days ago", "Disabled", $DATABASE_CLEANUP_LICENSES);
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/settings_email.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Email Settings";
$page_message="Configure reminder email settings, enable and disable individual options.<br><br><b>Attention</b>: reminder emails will only be sent to personal (email-based) license owners who have their email addresses set.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($email_from_name) && filter_var($email_from_address, FILTER_VALIDATE_EMAIL) && validateNumberOrRange($email_expiring_license_days, 0, 30) && validateNumberOrRange($email_expiring_updates_days, 0, 30) && validateNumberOrRange($email_expiring_support_days, 0, 30))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_settings SET EMAIL_FROM_NAME=?, EMAIL_FROM_ADDRESS=?, EMAIL_EXPIRING_LICENSE_DAYS=?, EMAIL_EXPIRING_UPDATES_DAYS=?, EMAIL_EXPIRING_SUPPORT_DAYS=?", array($email_from_name, $email_from_address, $email_expiring_license_days, $email_expiring_updates_days, $email_expiring_support_days), array("s", "s", "i", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid settings or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid email fields or time range.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Email settings updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
//get all settings again
$rows_array=fetchRow("SELECT * FROM apl_settings");
foreach ($rows_array as $row)
{
extract($row);
}
}
//set default values for essential variables (mostly submitted to dropdown functions) when no values are set or values need to be reset
if (!empty($email_from_name))
{
$EMAIL_FROM_NAME=$email_from_name;
}
if (!empty($email_from_address))
{
$EMAIL_FROM_ADDRESS=$email_from_address;
}
$email_expiring_license_days_array=returnNumbersDropdownArray(array(0, 1, 7, 14, 30), "Days", "Disabled", $EMAIL_EXPIRING_LICENSE_DAYS);
$email_expiring_updates_days_array=returnNumbersDropdownArray(array(0, 1, 7, 14, 30), "Days", "Disabled", $EMAIL_EXPIRING_UPDATES_DAYS);
$email_expiring_support_days_array=returnNumbersDropdownArray(array(0, 1, 7, 14, 30), "Days", "Disabled", $EMAIL_EXPIRING_SUPPORT_DAYS);
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/settings_general.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="General Settings";
$page_message="Configure general software settings, enable and disable individual options.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
if (!empty($timezone) && validateNumberOrRange($records_on_admin_page, 10, 500) && validateNumberOrRange($records_on_index_page, 1, 10) && validateNumberOrRange($records_on_search_page, 10, 500) && validateNumberOrRange($smart_reports, 0, 1) && validateNumberOrRange($smart_tables, 0, 1))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_settings SET TIMEZONE=?, RECORDS_ON_ADMIN_PAGE=?, RECORDS_ON_INDEX_PAGE=?, RECORDS_ON_SEARCH_PAGE=?, SMART_REPORTS=?, SMART_TABLES=?", array($timezone, $records_on_admin_page, $records_on_index_page, $records_on_search_page, $smart_reports, $smart_tables), array("s", "i", "i", "i", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid settings or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid settings.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="General software settings updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
//get all settings again
$rows_array=fetchRow("SELECT * FROM apl_settings");
foreach ($rows_array as $row)
{
extract($row);
}
}
$timezones_array=returnTimezonesArray($TIMEZONE);
$records_on_admin_page_array=returnNumbersDropdownArray(array(10, 25, 50, 100, 200, 500), "Records", "Disabled", $RECORDS_ON_ADMIN_PAGE);
$records_on_index_page_array=returnNumbersDropdownArray(array(1, 3, 5, 10), "Records", "Disabled", $RECORDS_ON_INDEX_PAGE);
$records_on_search_page_array=returnNumbersDropdownArray(array(10, 25, 50, 100, 200, 500), "Records", "Disabled", $RECORDS_ON_SEARCH_PAGE);
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/uninstall.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Uninstall License";
$page_message="Uninstall your license, so you can install $PRODUCT_NAME on another domain.<br><br><b>Attention</b>: only uninstall license if you want to install $PRODUCT_NAME on another domain. Once you click the Uninstall button, there will be no further confirmation and this installation will stop working immediately.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (isset($submit_ok))
{
$license_notifications_array=aplUninstallLicense($GLOBALS["mysqli"]);
if ($license_notifications_array['notification_case']!="notification_license_ok")
{
$error_detected=1;
$error_details.=$license_notifications_array['notification_text'];
}
else
{
$action_success=1;
}
if ($action_success==1) //everything OK
{
$page_message="$PRODUCT_NAME license uninstalled.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="$PRODUCT_NAME license could not be uninstalled because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_admin/updates.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
require_once(__DIR__."/login_check.php");
$page_title="Software Updates";
$page_message="Check for new version and automatically update $PRODUCT_NAME to get new features, bug fixes, and performance improvements.";
$page_message_class="alert alert-info";
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!isset($submit_ok)) //check for latest version only if upgrade wasn't submitted
{
$license_notifications_array=aplVerifySupport($GLOBALS["mysqli"]); //check support status
if ($license_notifications_array['notification_case']=="notification_support_expired") //support expired
{
$support_expired=1;
$support_expired_title="$PRODUCT_NAME Support Expired";
$support_expired_message="Your support is expired. You can still download updates, but if something goes wrong during upgrade, this installation might stop working.<br><br>In order to avoid any downtime, <a href='https://codecanyon.net/downloads?ref=phpmillion' target='_blank'>renew your support</a> first, or proceed at your own risk.<br><br><b>Attention</b>: if you renewed support, this message will go away within next 24 hours.";
$support_expired_message_class="alert alert-danger";
}
$version_check_content=customPost(APL_ROOT_URL."/apl_callbacks/version_check.php", $ROOT_URL, "product_id=".rawurlencode(APL_PRODUCT_ID)."&product_version=".rawurlencode($PRODUCT_VERSION)."&connection_hash=".rawurlencode(hash("sha256", "version_check")));
if (!empty($version_check_content))
{
$latest_product_version=aplParseXmlTags($version_check_content, "version_check");
if (!empty($latest_product_version)) //latest version parsed successfully
{
if ($latest_product_version!=$PRODUCT_VERSION) //new version available
{
$upgrade_available=1;
$page_message="$PRODUCT_NAME version $latest_product_version available! Upgrade now for new features, bug fixes, and performance improvements.<br><br>If you like continuous $PRODUCT_NAME updates, can you <a href='$PRODUCT_REVIEW_PAGE' target='_blank'><b>leave your feedback</b></a>, please? Here's the deal: your positive rating might help us to get an extra sale or two, so we have enough resources to provide you with future updates.";
$page_message_class="alert alert-warning";
}
else //no newer version available
{
$page_message="You have the latest $PRODUCT_NAME version installed! Once a new version is available, automatic upgrade option will appear below.";
$page_message_class="alert alert-success";
}
}
else //parsing failed
{
$page_message="Impossible to parse the latest $PRODUCT_NAME version. Try again later...";
$page_message_class="alert alert-warning";
}
}
else //no connection
{
$page_message="Impossible to connect to $PRODUCT_NAME server. Try again later...";
$page_message_class="alert alert-danger";
}
}
if (isset($submit_ok))
{
$post_info="product_id=".rawurlencode(APL_PRODUCT_ID)."&product_version=".rawurlencode($PRODUCT_VERSION)."&client_email=".rawurlencode($CLIENT_EMAIL)."&license_code=".rawurlencode($LICENSE_CODE)."&root_url=".rawurlencode($ROOT_URL)."&installation_hash=".rawurlencode($INSTALLATION_HASH)."&license_signature=".rawurlencode(aplGenerateScriptSignature($ROOT_URL, $CLIENT_EMAIL, $LICENSE_CODE));
$upgrade_archive_content=customPost(APL_ROOT_URL."/apl_callbacks/software_download.php", $ROOT_URL, $post_info); //will return zip file on success or error message on failure
if (!empty($upgrade_archive_content))
{
if (substr($upgrade_archive_content, 0, 2)!="PK") //something else instead of zip archive returned
{
if (stristr($upgrade_archive_content, "<notification_") && stristr($upgrade_archive_content, "</notification_")) //a specific error notification returned
{
$notifications_array=aplParseServerNotifications($upgrade_archive_content); //parse <notification_case> along with message
$error_detected=1;
$error_details.=$notifications_array['notification_text'].".<br>";
}
else
{
$error_detected=1;
$error_details.="No valid content from $PRODUCT_NAME server received.<br>";
}
}
else //everything ok, zip archive returned
{
$zip_file_name=str_ireplace(" ", "-", $PRODUCT_NAME).".zip"; //zip archive name should look as Product-Name.zip
$upgrade_archive_local_destination=SCRIPT_ROOT_DIRECTORY."/$zip_file_name"; //download archive right to the script's root directory
$zip_file=@fopen($upgrade_archive_local_destination, "w+");
$fwrite=@fwrite($zip_file, $upgrade_archive_content);
if (!filter_var($fwrite, FILTER_VALIDATE_INT)) //saving zip archive failed
{
$error_detected=1;
$error_details.="Impossible to save upgrade archive at ".SCRIPT_ROOT_DIRECTORY.".<br>";
}
else //zip archive dowloaded and saved, extract it
{
$zip_file=new ZipArchive;
if ($zip_file->open(SCRIPT_ROOT_DIRECTORY."/$zip_file_name")!=true) //zip archive can't be opened
{
$error_detected=1;
$error_details.="Impossible to open and/or extract upgrade archive at ".SCRIPT_ROOT_DIRECTORY.".<br>";
}
else //everything ok, extract zip archive
{
$zip_file->extractTo(SCRIPT_ROOT_DIRECTORY);
$zip_file->close();
$local_upgrade_content=customGet("$ROOT_URL/apl_upgrade.php", "", ""); //launch upgrade file, it will execute MySQL upgrade query and/or perform other actions in background
if (!empty($local_upgrade_content))
{
$upgraded_product_version=aplParseXmlTags($local_upgrade_content, "upgrade");
if (!empty($upgraded_product_version)) //upgrade succeeded
{
deleteFileDirectory(SCRIPT_ROOT_DIRECTORY, array("apl_install", "apl_config_sample.php", "apl_upgrade.php", $zip_file_name)); //delete sample config file, upgrade file, upgrade archive
$action_success=1;
}
else //upgrade failed because either the latest version is installed (upgrade already performed), either another error occurred
{
$installed_product_version=aplParseXmlTags($local_upgrade_content, "installed");
if (!empty($installed_product_version)) //the latest version is installed or upgrade already performed
{
$error_detected=1;
$error_details.="Version $installed_product_version is already installed.<br>";
}
else
{
$error_detected=1;
$error_details.="Upgrade script at $ROOT_URL/apl_upgrade.php failed.<br>";
}
}
}
else //no connection
{
$error_detected=1;
$error_details.="Impossible to connect to upgrade script at $ROOT_URL/apl_upgrade.php.<br>";
}
}
}
}
}
else
{
$error_detected=1;
$error_details.="Impossible to connect to $PRODUCT_NAME server to download the latest version.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="$PRODUCT_NAME updated from version $PRODUCT_VERSION to $upgraded_product_version.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="$PRODUCT_NAME could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
//Twig templating starts
if (!isset($script_filename)) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);} //if $script_filename is not set yet (usually set in login_check.php), get it now (will be used in Twig forms)
Twig_Autoloader::register();
$loader=new Twig_Loader_Filesystem("../apl_templates"); //load files from templates directory
$twig=new Twig_Environment($loader); //create Twig environment
$twig->addExtension(new \nochso\HtmlCompressTwig\Extension());
echo $twig->render(basename(__DIR__)."/".basename(__FILE__, ".php").".twig", get_defined_vars()); //render requested template
//Twig templating ends
apl_api/api.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$api_action_success=0;
$api_error_detected=0;
$api_error_details=null;
$formatted_api_string=null;
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($api_key_secret) && !empty($api_function))
{
if ($API_STATUS==1 && in_array($api_function, $SUPPORTED_API_FUNCTIONS_ARRAY))
{
$api_key_rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_secret=? AND api_key_status=?", array($api_key_secret, 1), array("s", "i"));
if (empty($api_key_rows_array))
{
$api_error_detected=1;
$api_error_details.="Invalid or inactive API key.<br>";
}
else
{
foreach ($api_key_rows_array as $api_key_row)
{
extract($api_key_row);
}
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
if (!in_array($ip_address, $api_key_ip_array))
{
$api_error_detected=1;
$api_error_details.="Invalid IP address.<br>";
}
}
$api_permissions_name="api_key_".$api_function; //since each permission in database starts with api_key_ prefix, add this prefix to name of function submitted by user for quick permissions check
if ($$api_permissions_name!=1)
{
$api_error_detected=1;
$api_error_details.="Invalid API key permissions.<br>";
}
if ($api_error_detected!=1 && $$api_permissions_name==1)
{
$api_action_success=1;
}
}
}
else
{
$api_error_detected=1;
$api_error_details.="API not enabled or invalid API function.<br>";
}
if ($api_action_success==1) //everything OK
{
$formatted_api_string.=http_build_query($_POST); //format API string using user's submitted variables
$formatted_api_string.="&api_post_key=".hash("sha256", $ROOT_URL)."&submit_ok=Submit"; //add extra parameters at the end of string
$page_message=customPost("$ROOT_URL/apl_api/$api_function.php", "$ROOT_URL/apl_api/api.php", $formatted_api_string); //send formatted API string to correct file
}
else //display error message
{
$page_message="The action could not be completed because of this error:<br><br>$api_error_details";
}
echo $page_message;
}
apl_api/banned_hosts_add.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$api_action_success=0;
$api_error_detected=0;
$api_error_details=null;
$logged_admin_id=null; //used for compatibility with createReport function in the same file in /apl_admin directory. since admin is not logged in when API is called, $logged_admin_id must be null
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($api_key_secret) && !empty($api_function) && $api_post_key==hash("sha256", $ROOT_URL) && $submit_ok=="Submit" && $refer=="$ROOT_URL/apl_api/api.php" && in_array($user_agent, $SUPPORTED_BROWSERS_ARRAY)) //prevent someone from posting to this file directly
{
if ($API_STATUS==1 && in_array($api_function, $SUPPORTED_API_FUNCTIONS_ARRAY))
{
$api_key_rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_secret=? AND api_key_status=?", array($api_key_secret, 1), array("s", "i"));
if (empty($api_key_rows_array))
{
$api_error_detected=1;
$api_error_details.="Invalid or inactive API key.<br>";
}
else
{
foreach ($api_key_rows_array as $api_key_row)
{
extract($api_key_row);
}
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
if (!in_array($ip_address, $api_key_ip_array))
{
$api_error_detected=1;
$api_error_details.="Invalid IP address.<br>";
}
}
$api_permissions_name="api_key_".$api_function; //since each permission in database starts with api_key_ prefix, add this prefix to name of function submitted by user for quick permissions check
if ($$api_permissions_name!=1)
{
$api_error_detected=1;
$api_error_details.="Invalid API key permissions.<br>";
}
if ($api_error_detected!=1 && $$api_permissions_name==1)
{
$api_action_success=1;
}
}
}
else
{
$api_error_detected=1;
$api_error_details.="API not enabled or invalid API function.<br>";
}
if ($api_action_success==1) //everything OK
{
$optional_api_parameters_array=array("banned_host_comments"); //optional API parameters for this page
foreach ($optional_api_parameters_array as $optional_api_parameter) //in case some required parameter was not submitted, set its value to null to prevent "undefined variable" errors
{
if (!isset($$optional_api_parameter))
{
$$optional_api_parameter=null;
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories
{
if (filter_var($banned_host_ip, FILTER_VALIDATE_IP))
{
if ($error_detected!=1)
{
$banned_host_date=date("Y-m-d");
$added_records=insertRow("INSERT IGNORE INTO apl_banned_hosts (banned_host_ip, banned_host_comments, banned_host_date) VALUES (?, ?, ?)", array($banned_host_ip, $banned_host_comments, $banned_host_date), array("s", "s", "s"));
if ($added_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid IP address.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Banned host $banned_host_ip added to the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
}
else //display error message
{
$page_message="The action could not be completed because of this error:<br><br>$api_error_details";
}
echo $page_message;
}
apl_api/banned_hosts_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$api_action_success=0;
$api_error_detected=0;
$api_error_details=null;
$logged_admin_id=null; //used for compatibility with createReport function in the same file in /apl_admin directory. since admin is not logged in when API is called, $logged_admin_id must be null
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($client_id) || !filter_var($client_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_clients WHERE client_id=?", array($client_id), array("i")))) //invalid record
{
echo "Invalid client ID";
exit();
}
if (!empty($api_key_secret) && !empty($api_function) && $api_post_key==hash("sha256", $ROOT_URL) && $submit_ok=="Submit" && $refer=="$ROOT_URL/apl_api/api.php" && in_array($user_agent, $SUPPORTED_BROWSERS_ARRAY)) //prevent someone from posting to this file directly
{
if ($API_STATUS==1 && in_array($api_function, $SUPPORTED_API_FUNCTIONS_ARRAY))
{
$api_key_rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_secret=? AND api_key_status=?", array($api_key_secret, 1), array("s", "i"));
if (empty($api_key_rows_array))
{
$api_error_detected=1;
$api_error_details.="Invalid or inactive API key.<br>";
}
else
{
foreach ($api_key_rows_array as $api_key_row)
{
extract($api_key_row);
}
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
if (!in_array($ip_address, $api_key_ip_array))
{
$api_error_detected=1;
$api_error_details.="Invalid IP address.<br>";
}
}
$api_permissions_name="api_key_".$api_function; //since each permission in database starts with api_key_ prefix, add this prefix to name of function submitted by user for quick permissions check
if ($$api_permissions_name!=1)
{
$api_error_detected=1;
$api_error_details.="Invalid API key permissions.<br>";
}
if ($api_error_detected!=1 && $$api_permissions_name==1)
{
$api_action_success=1;
}
}
}
else
{
$api_error_detected=1;
$api_error_details.="API not enabled or invalid API function.<br>";
}
if ($api_action_success==1) //everything OK
{
$optional_api_parameters_array=array("banned_host_comments"); //optional API parameters for this page
foreach ($optional_api_parameters_array as $optional_api_parameter) //in case some required parameter was not submitted, set its value to null to prevent "undefined variable" errors
{
if (!isset($$optional_api_parameter))
{
$$optional_api_parameter=null;
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories, EXCEPT header("Location: $page_header_file_no_data"); LINE
{
if (!empty($delete_record) && $delete_record==1)
{
$removed_records=deleteRow("DELETE FROM apl_banned_hosts WHERE banned_host_id=?", array($banned_host_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records banned host(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
echo $page_message; //THIS LINE IS CUSTOM IN API. ORIGINAL CODE CONTAINS header("Location: $page_header_file_no_data"); LINE
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (filter_var($banned_host_ip, FILTER_VALIDATE_IP))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_banned_hosts SET banned_host_ip=?, banned_host_comments=? WHERE banned_host_id=?", array($banned_host_ip, $banned_host_comments, $banned_host_id), array("s", "s", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid IP address.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Banned host $banned_host_ip updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
}
else //display error message
{
$page_message="The action could not be completed because of this error:<br><br>$api_error_details";
}
echo $page_message;
}
apl_api/clients_add.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$api_action_success=0;
$api_error_detected=0;
$api_error_details=null;
$logged_admin_id=null; //used for compatibility with createReport function in the same file in /apl_admin directory. since admin is not logged in when API is called, $logged_admin_id must be null
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($api_key_secret) && !empty($api_function) && $api_post_key==hash("sha256", $ROOT_URL) && $submit_ok=="Submit" && $refer=="$ROOT_URL/apl_api/api.php" && in_array($user_agent, $SUPPORTED_BROWSERS_ARRAY)) //prevent someone from posting to this file directly
{
if ($API_STATUS==1 && in_array($api_function, $SUPPORTED_API_FUNCTIONS_ARRAY))
{
$api_key_rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_secret=? AND api_key_status=?", array($api_key_secret, 1), array("s", "i"));
if (empty($api_key_rows_array))
{
$api_error_detected=1;
$api_error_details.="Invalid or inactive API key.<br>";
}
else
{
foreach ($api_key_rows_array as $api_key_row)
{
extract($api_key_row);
}
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
if (!in_array($ip_address, $api_key_ip_array))
{
$api_error_detected=1;
$api_error_details.="Invalid IP address.<br>";
}
}
$api_permissions_name="api_key_".$api_function; //since each permission in database starts with api_key_ prefix, add this prefix to name of function submitted by user for quick permissions check
if ($$api_permissions_name!=1)
{
$api_error_detected=1;
$api_error_details.="Invalid API key permissions.<br>";
}
if ($api_error_detected!=1 && $$api_permissions_name==1)
{
$api_action_success=1;
}
}
}
else
{
$api_error_detected=1;
$api_error_details.="API not enabled or invalid API function.<br>";
}
if ($api_action_success==1) //everything OK
{
$optional_api_parameters_array=array(); //optional API parameters for this page
foreach ($optional_api_parameters_array as $optional_api_parameter) //in case some required parameter was not submitted, set its value to null to prevent "undefined variable" errors
{
if (!isset($$optional_api_parameter))
{
$$optional_api_parameter=null;
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories
{
if (!empty($client_fname) && !empty($client_lname) && filter_var($client_email, FILTER_VALIDATE_EMAIL) && validateNumberOrRange($client_status, 0, 2))
{
if ($error_detected!=1)
{
$client_active_date=date("Y-m-d");
if ($client_status==1)
{
$client_cancel_date="0000-00-00";
}
else
{
if (empty($client_cancel_date) || !verifyDate($client_cancel_date, "Y-m-d")) //set cancel date to now only if client is inactive and no previous cancel date set
{
$client_cancel_date=date("Y-m-d");
}
}
$added_records=insertRow("INSERT IGNORE INTO apl_clients (client_fname, client_lname, client_email, client_active_date, client_cancel_date, client_status) VALUES (?, ?, ?, ?, ?, ?)", array($client_fname, $client_lname, $client_email, $client_active_date, $client_cancel_date, $client_status), array("s", "s", "s", "s", "s", "i"));
if ($added_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid first name, last name, email address, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Client $client_fname $client_lname ($client_email) added to the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
}
else //display error message
{
$page_message="The action could not be completed because of this error:<br><br>$api_error_details";
}
echo $page_message;
}
apl_api/clients_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$api_action_success=0;
$api_error_detected=0;
$api_error_details=null;
$logged_admin_id=null; //used for compatibility with createReport function in the same file in /apl_admin directory. since admin is not logged in when API is called, $logged_admin_id must be null
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($client_id) || !filter_var($client_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_clients WHERE client_id=?", array($client_id), array("i")))) //invalid record
{
echo "Invalid client ID";
exit();
}
if (!empty($api_key_secret) && !empty($api_function) && $api_post_key==hash("sha256", $ROOT_URL) && $submit_ok=="Submit" && $refer=="$ROOT_URL/apl_api/api.php" && in_array($user_agent, $SUPPORTED_BROWSERS_ARRAY)) //prevent someone from posting to this file directly
{
if ($API_STATUS==1 && in_array($api_function, $SUPPORTED_API_FUNCTIONS_ARRAY))
{
$api_key_rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_secret=? AND api_key_status=?", array($api_key_secret, 1), array("s", "i"));
if (empty($api_key_rows_array))
{
$api_error_detected=1;
$api_error_details.="Invalid or inactive API key.<br>";
}
else
{
foreach ($api_key_rows_array as $api_key_row)
{
extract($api_key_row);
}
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
if (!in_array($ip_address, $api_key_ip_array))
{
$api_error_detected=1;
$api_error_details.="Invalid IP address.<br>";
}
}
$api_permissions_name="api_key_".$api_function; //since each permission in database starts with api_key_ prefix, add this prefix to name of function submitted by user for quick permissions check
if ($$api_permissions_name!=1)
{
$api_error_detected=1;
$api_error_details.="Invalid API key permissions.<br>";
}
if ($api_error_detected!=1 && $$api_permissions_name==1)
{
$api_action_success=1;
}
}
}
else
{
$api_error_detected=1;
$api_error_details.="API not enabled or invalid API function.<br>";
}
if ($api_action_success==1) //everything OK
{
$optional_api_parameters_array=array(); //optional API parameters for this page
foreach ($optional_api_parameters_array as $optional_api_parameter) //in case some required parameter was not submitted, set its value to null to prevent "undefined variable" errors
{
if (!isset($$optional_api_parameter))
{
$$optional_api_parameter=null;
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories, EXCEPT header("Location: $page_header_file_no_data"); LINE
{
if (!empty($delete_record) && $delete_record==1)
{
deleteRow("DELETE FROM apl_callbacks WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_installations WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
deleteRow("DELETE FROM apl_licenses WHERE client_id=?", array($client_id), array("i")); //delete child (or child-mapped) records first
$removed_records=deleteRow("DELETE FROM apl_clients WHERE client_id=?", array($client_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records client(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
echo $page_message; //THIS LINE IS CUSTOM IN API. ORIGINAL CODE CONTAINS header("Location: $page_header_file_no_data"); LINE
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (!empty($client_fname) && !empty($client_lname) && filter_var($client_email, FILTER_VALIDATE_EMAIL) && validateNumberOrRange($client_status, 0, 2))
{
if ($error_detected!=1)
{
if ($client_status==1)
{
$client_cancel_date="0000-00-00";
}
else
{
$client_cancel_date=$rows_array[0]['client_cancel_date']; //get old client_cancel_date, so this value can be used when client was deactivated previously and his status wasn't changed now
if (empty($client_cancel_date) || !verifyDate($client_cancel_date, "Y-m-d")) //set cancel date to now only if no previous cancel date set
{
$client_cancel_date=date("Y-m-d");
}
}
$updated_records=updateRow("UPDATE apl_clients SET client_fname=?, client_lname=?, client_email=?, client_cancel_date=?, client_status=? WHERE client_id=?", array($client_fname, $client_lname, $client_email, $client_cancel_date, $client_status, $client_id), array("s", "s", "s", "s", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid first name, last name, email address, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Client $client_fname $client_lname ($client_email) updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
}
else //display error message
{
$page_message="The action could not be completed because of this error:<br><br>$api_error_details";
}
echo $page_message;
}
apl_api/installations_edit.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$api_action_success=0;
$api_error_detected=0;
$api_error_details=null;
$logged_admin_id=null; //used for compatibility with createReport function in the same file in /apl_admin directory. since admin is not logged in when API is called, $logged_admin_id must be null
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (empty($installation_id) || !filter_var($installation_id, FILTER_VALIDATE_INT) || empty($rows_array=fetchRow("SELECT * FROM apl_installations WHERE installation_id=?", array($installation_id), array("i")))) //invalid record
{
echo "Invalid installation ID";
exit();
}
if (!empty($api_key_secret) && !empty($api_function) && $api_post_key==hash("sha256", $ROOT_URL) && $submit_ok=="Submit" && $refer=="$ROOT_URL/apl_api/api.php" && in_array($user_agent, $SUPPORTED_BROWSERS_ARRAY)) //prevent someone from posting to this file directly
{
if ($API_STATUS==1 && in_array($api_function, $SUPPORTED_API_FUNCTIONS_ARRAY))
{
$api_key_rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_secret=? AND api_key_status=?", array($api_key_secret, 1), array("s", "i"));
if (empty($api_key_rows_array))
{
$api_error_detected=1;
$api_error_details.="Invalid or inactive API key.<br>";
}
else
{
foreach ($api_key_rows_array as $api_key_row)
{
extract($api_key_row);
}
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
if (!in_array($ip_address, $api_key_ip_array))
{
$api_error_detected=1;
$api_error_details.="Invalid IP address.<br>";
}
}
$api_permissions_name="api_key_".$api_function; //since each permission in database starts with api_key_ prefix, add this prefix to name of function submitted by user for quick permissions check
if ($$api_permissions_name!=1)
{
$api_error_detected=1;
$api_error_details.="Invalid API key permissions.<br>";
}
if ($api_error_detected!=1 && $$api_permissions_name==1)
{
$api_action_success=1;
}
}
}
else
{
$api_error_detected=1;
$api_error_details.="API not enabled or invalid API function.<br>";
}
if ($api_action_success==1) //everything OK
{
$optional_api_parameters_array=array(); //optional API parameters for this page
foreach ($optional_api_parameters_array as $optional_api_parameter) //in case some required parameter was not submitted, set its value to null to prevent "undefined variable" errors
{
if (!isset($$optional_api_parameter))
{
$$optional_api_parameter=null;
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories, EXCEPT header("Location: $page_header_file_no_data"); LINE
{
if (!empty($delete_record) && $delete_record==1)
{
$removed_records=deleteRow("DELETE FROM apl_installations WHERE installation_id=?", array($installation_id), array("i"));
if ($removed_records>0)
{
$page_message="Deleted $removed_records installation(s) from the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
echo $page_message; //THIS LINE IS CUSTOM IN API. ORIGINAL CODE CONTAINS header("Location: $page_header_file_no_data"); LINE
exit();
}
else
{
$error_detected=1;
$error_details.="Invalid record or database error.<br>";
}
}
if (filter_var($installation_ip, FILTER_VALIDATE_IP) && validateNumberOrRange($installation_status, 0, 2))
{
if ($error_detected!=1)
{
$updated_records=updateRow("UPDATE apl_installations SET installation_ip=?, installation_status=? WHERE installation_id=?", array($installation_ip, $installation_status, $installation_id), array("s", "i", "i"));
if ($updated_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
$rows_array=fetchRow("SELECT * FROM apl_installations LEFT JOIN apl_products ON apl_installations.product_id=apl_products.product_id WHERE apl_installations.installation_id=?", array($installation_id), array("i")); //fetch product details to be used in reports
foreach ($rows_array as $row)
{
extract($row);
}
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid IP address or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="$product_title installation on $installation_domain ($installation_ip) updated.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
}
else //display error message
{
$page_message="The action could not be completed because of this error:<br><br>$api_error_details";
}
echo $page_message;
}
apl_api/products_add.php 0 → 100755
<?php
require_once(__DIR__."/../apl_config.php");
require_once(__DIR__."/../apl_ver.php");
require_once(__DIR__."/../apl_settings.php");
if (isset($_SERVER['REMOTE_ADDR'])) {$ip_address=$_SERVER['REMOTE_ADDR'];}
if (isset($_SERVER['HTTP_REFERER'])) {$refer=$_SERVER['HTTP_REFERER'];}
if (isset($_SERVER['REQUEST_URI'])) {$requested_page=$_SERVER['REQUEST_URI'];}
if (isset($_SERVER['SCRIPT_FILENAME'])) {$script_filename=basename($_SERVER['SCRIPT_FILENAME']);}
if (isset($_SERVER['HTTP_USER_AGENT'])) {$user_agent=$_SERVER['HTTP_USER_AGENT'];}
$action_success=0; //will be changed to 1 later only if everything OK
$error_detected=0; //will be changed to 1 later if error occurs
$error_details=null; //will be filled with errors (if any)
$added_records=0;
$updated_records=0;
$removed_records=0;
$api_action_success=0;
$api_error_detected=0;
$api_error_details=null;
$logged_admin_id=null; //used for compatibility with createReport function in the same file in /apl_admin directory. since admin is not logged in when API is called, $logged_admin_id must be null
if (!empty($_POST) && is_array($_POST) && array_walk($_POST, "sanitizeSubmittedData", array("script_filename"=>$script_filename, "html_fields"=>$FORM_FIELDS_WITH_TAGS))) //sanitize super variable with all POST values
{
extract($_POST, EXTR_SKIP); //extract sanitized data (don't overwrite existing variables)
}
if (!empty($api_key_secret) && !empty($api_function) && $api_post_key==hash("sha256", $ROOT_URL) && $submit_ok=="Submit" && $refer=="$ROOT_URL/apl_api/api.php" && in_array($user_agent, $SUPPORTED_BROWSERS_ARRAY)) //prevent someone from posting to this file directly
{
if ($API_STATUS==1 && in_array($api_function, $SUPPORTED_API_FUNCTIONS_ARRAY))
{
$api_key_rows_array=fetchRow("SELECT * FROM apl_api_keys WHERE api_key_secret=? AND api_key_status=?", array($api_key_secret, 1), array("s", "i"));
if (empty($api_key_rows_array))
{
$api_error_detected=1;
$api_error_details.="Invalid or inactive API key.<br>";
}
else
{
foreach ($api_key_rows_array as $api_key_row)
{
extract($api_key_row);
}
if (!empty($api_key_ip))
{
$api_key_ip_array=explode(",", $api_key_ip);
if (!in_array($ip_address, $api_key_ip_array))
{
$api_error_detected=1;
$api_error_details.="Invalid IP address.<br>";
}
}
$api_permissions_name="api_key_".$api_function; //since each permission in database starts with api_key_ prefix, add this prefix to name of function submitted by user for quick permissions check
if ($$api_permissions_name!=1)
{
$api_error_detected=1;
$api_error_details.="Invalid API key permissions.<br>";
}
if ($api_error_detected!=1 && $$api_permissions_name==1)
{
$api_action_success=1;
}
}
}
else
{
$api_error_detected=1;
$api_error_details.="API not enabled or invalid API function.<br>";
}
if ($api_action_success==1) //everything OK
{
$optional_api_parameters_array=array("product_description", "product_url_homepage", "product_url_download", "product_version", "product_envato_id"); //optional API parameters for this page
foreach ($optional_api_parameters_array as $optional_api_parameter) //in case some required parameter was not submitted, set its value to null to prevent "undefined variable" errors
{
if (!isset($$optional_api_parameter))
{
$$optional_api_parameter=null;
}
}
if (isset($submit_ok)) //code between {} tags is identical in files with the same name in /apl_admin and /apl_api directories
{
if (!empty($product_title) && !empty($product_sku) && validateNumberOrRange($product_status, 0, 2))
{
if (!empty($product_url_homepage) && !filter_var($product_url_homepage, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED | FILTER_FLAG_HOST_REQUIRED))
{
$error_detected=1;
$error_details.="Invalid product homepage URL.<br>";
}
if (!empty($product_envato_id) && !filter_var($product_envato_id, FILTER_VALIDATE_INT))
{
$error_detected=1;
$error_details.="Invalid product Envato ID.<br>";
}
if ($error_detected!=1)
{
if (!filter_var($product_envato_id, FILTER_VALIDATE_INT))
{
$product_envato_id=null;
}
$product_date=date("Y-m-d");
$added_records=insertRow("INSERT IGNORE INTO apl_products (product_title, product_description, product_sku, product_url_homepage, product_url_download, product_date, product_version, product_envato_id, product_status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)", array($product_title, $product_description, $product_sku, $product_url_homepage, $product_url_download, $product_date, $product_version, $product_envato_id, $product_status), array("s", "s", "s", "s", "s", "s", "s", "i", "i"));
if ($added_records<1)
{
$error_detected=1;
$error_details.="Invalid record details or duplicated record (no new data).<br>";
}
else
{
$action_success=1;
}
}
}
else
{
$error_detected=1;
$error_details.="Invalid product name, SKU, or status.<br>";
}
if ($action_success==1) //everything OK
{
$page_message="Product $product_title added to the database.";
createReport(strip_tags($page_message), $logged_admin_id, 1, $error_detected);
$page_message_class="alert alert-success";
}
else //display error message
{
$page_message="The database could not be updated because of this error: <br><br>$error_details";
$page_message_class="alert alert-danger";
}
}
}
else //display error message
{
$page_message="The action could not be completed because of this error:<br><br>$api_error_details";
}
echo $page_message;
}
apl_cronjob.php 0 → 100755
This diff is collapsed. Click to expand it.
apl_upgrade.php 0 → 100755
This diff is collapsed. Click to expand it.
apl_ver.php 0 → 100755
This diff is collapsed. Click to expand it.
bootstrap/css/bootstrap.min.css 0 → 100755
This source diff could not be displayed because it is too large. You can view the blob instead.
bootstrap/fonts/glyphicons-halflings-regular.svg 0 → 100755
This source diff could not be displayed because it is too large. You can view the blob instead.
dist/index.html 0 → 100755
This diff is collapsed. Click to expand it.
index.html 0 → 100755
This diff is collapsed. Click to expand it.
lib/html-compress-twig/natxet/CssMin/src/CssMin.php 0 → 100755
This source diff could not be displayed because it is too large. You can view the blob instead.
lib/index.html 0 → 100755
This diff is collapsed. Click to expand it.
plugins/jQueryUI/jquery-ui.min.js 0 → 100755
This source diff could not be displayed because it is too large. You can view the blob instead.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment