Add files via upload
This commit is contained in:
GitHub
parent
71bfb900d0
commit
12dc47a848
55
ajax/acceptNewUser.php
Normal file
55
ajax/acceptNewUser.php
Normal file
@ -0,0 +1,55 @@
|
||||
<?php
|
||||
|
||||
require_once '../includes/imp_files.php';
|
||||
session_start();
|
||||
|
||||
|
||||
//CRITICAL: THIS FILE NEEDS AUTHENTICATION -- ADD IT --ADDED
|
||||
if (!checkLoginStatus()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
//AUTHORIZATION CHECK
|
||||
if (isset($_SESSION['flo_id'], $_SESSION['user_id'])) {
|
||||
$root_flo = $_SESSION['flo_id'];
|
||||
$root_user_id = $_SESSION['user_id'];
|
||||
|
||||
if ($root_flo != ADMIN_FLO_ID && $root_user_id != ADMIN_ID) {
|
||||
redirect_to("index.php");
|
||||
}
|
||||
|
||||
|
||||
if ((isset($_POST['flo_id']) && ($_POST['task'] == 'approve_user'))){
|
||||
|
||||
ob_start();
|
||||
|
||||
|
||||
$floID = $_POST['flo_id'];
|
||||
$newUserDetails = findNewUserDetails($floID);
|
||||
|
||||
$fullName = $newUserDetails->full_name;
|
||||
$emailID = $newUserDetails->email;
|
||||
|
||||
acceptUser($floID,$fullName,$emailID);
|
||||
$result = "approved";
|
||||
deleteNewUser($floID);
|
||||
echo $result;
|
||||
exit();
|
||||
}
|
||||
|
||||
if ((isset($_POST['flo_id']) && ($_POST['task'] == 'reject_user'))){
|
||||
|
||||
ob_start();
|
||||
|
||||
|
||||
$floID = $_POST['flo_id'];
|
||||
deleteNewUser($floID);
|
||||
|
||||
$result = "deleted";
|
||||
echo $result;
|
||||
exit();
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
@ -53,10 +53,11 @@ $std->error = true;
|
||||
$floID = $_POST['floID'];
|
||||
$pubKey = $_POST['floPubKey'];
|
||||
$s_id = $_SESSION['session_id'];
|
||||
$s_id_time_rand = $_SESSION['session_id'] . round(time()/1000)*1000 . $_SESSION['rand'];
|
||||
$signDataWithFlo = $_POST['signDataWithFlo'];
|
||||
|
||||
|
||||
$data_array = array( "floID" => $floID, "pubKey" => $pubKey, "message" => $s_id, "sign" => $signDataWithFlo );
|
||||
$data_array = array( "floID" => $floID, "pubKey" => $pubKey, "message" => $s_id_time_rand, "sign" => $signDataWithFlo );
|
||||
$make_call = callAPI('POST', 'https://flo-sign-validator.duckdns.org', json_encode($data_array));
|
||||
$response = json_decode($make_call, true);
|
||||
|
||||
@ -75,12 +76,12 @@ $std->error = true;
|
||||
|
||||
//Now I need to enter public key and session ID in database .. but first I need to know the username
|
||||
// This check can be suspended here. If the user has correct FLO signature, but does not exist in database, he will fail the gate at acc_deact.php
|
||||
if (isset($UserClass)) {
|
||||
$permitted_status = $UserClass->checkIfFloIDPermitted($floID);
|
||||
|
||||
$permitted_status = checkIfFloIDPermitted($floID);
|
||||
if ($permitted_status == true){
|
||||
$UserClass->update_flo_details($floID, $s_id, $pubKey);
|
||||
update_flo_details($floID, $s_id, $pubKey);
|
||||
|
||||
$userDetails = $UserClass->getUserDetails($floID);
|
||||
$userDetails = getUserDetails($floID);
|
||||
$_SESSION['user_id'] = $userDetails->CustomerId;
|
||||
$_SESSION['user_name'] = $userDetails->Name;
|
||||
$_SESSION['email'] = $userDetails->Email;
|
||||
@ -92,18 +93,18 @@ $std->error = true;
|
||||
echo json_encode($std);
|
||||
return true;
|
||||
} else {
|
||||
if (($UserClass->check_flo_id_registration_status($floID) == true) && ($UserClass->check_flo_id_active_status($floID) != true)) {
|
||||
if ((check_flo_id_registration_status($floID) == true) && (check_flo_id_active_status($floID) != true)) {
|
||||
$std->message[] = "FLO ID is not active. Please contact RanchiMall Team. ";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
return false; }
|
||||
if ($UserClass->check_flo_id_registration_status($floID) != true ) {
|
||||
if (check_flo_id_registration_status($floID) != true ) {
|
||||
$std->message[] = "Your FLO ID is not registered. Please contact RanchiMall Team and get yourself registered.";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
return false; }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -120,3 +121,6 @@ $std->error = true;
|
||||
echo json_encode($std);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
121
ajax/registerMe.php
Normal file
121
ajax/registerMe.php
Normal file
@ -0,0 +1,121 @@
|
||||
<?php
|
||||
|
||||
require_once '../includes/imp_files.php';
|
||||
session_start();
|
||||
|
||||
$std = new stdClass();
|
||||
$std->message = array();
|
||||
$std->error = true;
|
||||
|
||||
if (empty($_POST["floID"])) {
|
||||
$std->message[] = "FLO ID is missing.";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
if (empty($_POST["fullName"])) {
|
||||
$std->message[] = "Full Name is missing.";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
if (empty($_POST["emailID"])) {
|
||||
$std->message[] = "E-mail is missing.";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
$floID = sanitise_input($_POST['floID']);
|
||||
$fullName = sanitise_input($_POST['fullName']);
|
||||
$emailID = sanitise_input($_POST['emailID']);
|
||||
|
||||
if (preg_match('/[^1-9A-HJ-NP-Za-km-z]/', $floID)) {
|
||||
$std->message[] = "FLO ID has unacceptable characters.";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();;
|
||||
}
|
||||
|
||||
|
||||
if (strlen($floID) != 34) {
|
||||
$std->message[] = "Length of FLO ID should be 34.";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
if ($floID[0] != "F"){
|
||||
$std->message[] = "FLO ID must begin with F";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
||||
if (!preg_match("/^[0-9a-zA-Z-' .]*$/",$fullName)) {
|
||||
$std->message[] = "Only letters, numbers, period and white space allowed in Full Name";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
if (!filter_var($emailID, FILTER_VALIDATE_EMAIL)) {
|
||||
$std->message[] = "Invalid email format";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
|
||||
if (isset($_POST['floID'], $_POST['fullName'], $_POST['emailID'] )){
|
||||
|
||||
ob_start();
|
||||
|
||||
$check_duplicate_status = true;
|
||||
$check_already_exists_status = true;
|
||||
$insert_status = false;
|
||||
|
||||
$check_duplicate_status = check_duplicate_newUser($floID);
|
||||
$check_already_exists_status = check_flo_id_registration_status($floID);
|
||||
|
||||
if (($check_duplicate_status == false) && ($check_already_exists_status == false)){
|
||||
$insert_status = insert_flo_newUser($floID);
|
||||
|
||||
|
||||
} else {
|
||||
$std->message[] = "New User could not be registered as FLO ID attempted to register earlier. ";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
}
|
||||
|
||||
if ($insert_status == true){
|
||||
$update_status = update_newUser($floID, $fullName, $emailID);
|
||||
|
||||
//$std->message[] = "New User Request accepted ". $floID ." ". $fullName ." ". $emailID;
|
||||
|
||||
//$std->error = false;
|
||||
//echo json_encode($std);
|
||||
// exit();
|
||||
|
||||
$std->message[] = "New User Request accepted for ". $floID . " You can login after System Admin enables your account, usually within 24 hours.";
|
||||
|
||||
$std->error = false;
|
||||
echo json_encode($std);
|
||||
exit();
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
else {
|
||||
$std->message[] = "New User could not be registered as either data fields are missing, FLO ID is wrong, or already attempted to register earlier. ";
|
||||
$std->error = true;
|
||||
echo json_encode($std);
|
||||
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user