diff --git a/ajax/acceptNewUser.php b/ajax/acceptNewUser.php new file mode 100644 index 0000000..2737aa4 --- /dev/null +++ b/ajax/acceptNewUser.php @@ -0,0 +1,55 @@ +full_name; + $emailID = $newUserDetails->email; + + acceptUser($floID,$fullName,$emailID); + $result = "approved"; + deleteNewUser($floID); + echo $result; + exit(); + } + + if ((isset($_POST['flo_id']) && ($_POST['task'] == 'reject_user'))){ + + ob_start(); + + + $floID = $_POST['flo_id']; + deleteNewUser($floID); + + $result = "deleted"; + echo $result; + exit(); + } + + + +} \ No newline at end of file diff --git a/ajax/authenticateMe.php b/ajax/authenticateMe.php index b942bd8..d1da354 100644 --- a/ajax/authenticateMe.php +++ b/ajax/authenticateMe.php @@ -53,10 +53,11 @@ $std->error = true; $floID = $_POST['floID']; $pubKey = $_POST['floPubKey']; $s_id = $_SESSION['session_id']; + $s_id_time_rand = $_SESSION['session_id'] . round(time()/1000)*1000 . $_SESSION['rand']; $signDataWithFlo = $_POST['signDataWithFlo']; - $data_array = array( "floID" => $floID, "pubKey" => $pubKey, "message" => $s_id, "sign" => $signDataWithFlo ); + $data_array = array( "floID" => $floID, "pubKey" => $pubKey, "message" => $s_id_time_rand, "sign" => $signDataWithFlo ); $make_call = callAPI('POST', 'https://flo-sign-validator.duckdns.org', json_encode($data_array)); $response = json_decode($make_call, true); @@ -75,12 +76,12 @@ $std->error = true; //Now I need to enter public key and session ID in database .. but first I need to know the username // This check can be suspended here. If the user has correct FLO signature, but does not exist in database, he will fail the gate at acc_deact.php - if (isset($UserClass)) { - $permitted_status = $UserClass->checkIfFloIDPermitted($floID); + + $permitted_status = checkIfFloIDPermitted($floID); if ($permitted_status == true){ - $UserClass->update_flo_details($floID, $s_id, $pubKey); + update_flo_details($floID, $s_id, $pubKey); - $userDetails = $UserClass->getUserDetails($floID); + $userDetails = getUserDetails($floID); $_SESSION['user_id'] = $userDetails->CustomerId; $_SESSION['user_name'] = $userDetails->Name; $_SESSION['email'] = $userDetails->Email; @@ -92,18 +93,18 @@ $std->error = true; echo json_encode($std); return true; } else { - if (($UserClass->check_flo_id_registration_status($floID) == true) && ($UserClass->check_flo_id_active_status($floID) != true)) { + if ((check_flo_id_registration_status($floID) == true) && (check_flo_id_active_status($floID) != true)) { $std->message[] = "FLO ID is not active. Please contact RanchiMall Team. "; $std->error = true; echo json_encode($std); return false; } - if ($UserClass->check_flo_id_registration_status($floID) != true ) { + if (check_flo_id_registration_status($floID) != true ) { $std->message[] = "Your FLO ID is not registered. Please contact RanchiMall Team and get yourself registered."; $std->error = true; echo json_encode($std); return false; } } - } + } @@ -120,3 +121,6 @@ $std->error = true; echo json_encode($std); return false; } + + + diff --git a/ajax/registerMe.php b/ajax/registerMe.php new file mode 100644 index 0000000..bf1b723 --- /dev/null +++ b/ajax/registerMe.php @@ -0,0 +1,121 @@ +message = array(); +$std->error = true; + +if (empty($_POST["floID"])) { + $std->message[] = "FLO ID is missing."; + $std->error = true; + echo json_encode($std); + exit(); + } + + if (empty($_POST["fullName"])) { + $std->message[] = "Full Name is missing."; + $std->error = true; + echo json_encode($std); + exit(); + } + + if (empty($_POST["emailID"])) { + $std->message[] = "E-mail is missing."; + $std->error = true; + echo json_encode($std); + exit(); + } + + $floID = sanitise_input($_POST['floID']); + $fullName = sanitise_input($_POST['fullName']); + $emailID = sanitise_input($_POST['emailID']); + + if (preg_match('/[^1-9A-HJ-NP-Za-km-z]/', $floID)) { + $std->message[] = "FLO ID has unacceptable characters."; + $std->error = true; + echo json_encode($std); + exit();; + } + + + if (strlen($floID) != 34) { + $std->message[] = "Length of FLO ID should be 34."; + $std->error = true; + echo json_encode($std); + exit(); + } + + if ($floID[0] != "F"){ + $std->message[] = "FLO ID must begin with F"; + $std->error = true; + echo json_encode($std); + exit(); + } + + + if (!preg_match("/^[0-9a-zA-Z-' .]*$/",$fullName)) { + $std->message[] = "Only letters, numbers, period and white space allowed in Full Name"; + $std->error = true; + echo json_encode($std); + exit(); + } + + if (!filter_var($emailID, FILTER_VALIDATE_EMAIL)) { + $std->message[] = "Invalid email format"; + $std->error = true; + echo json_encode($std); + exit(); + } + + + if (isset($_POST['floID'], $_POST['fullName'], $_POST['emailID'] )){ + + ob_start(); + + $check_duplicate_status = true; + $check_already_exists_status = true; + $insert_status = false; + + $check_duplicate_status = check_duplicate_newUser($floID); + $check_already_exists_status = check_flo_id_registration_status($floID); + + if (($check_duplicate_status == false) && ($check_already_exists_status == false)){ + $insert_status = insert_flo_newUser($floID); + + + } else { + $std->message[] = "New User could not be registered as FLO ID attempted to register earlier. "; + $std->error = true; + echo json_encode($std); + exit(); + } + + if ($insert_status == true){ + $update_status = update_newUser($floID, $fullName, $emailID); + + //$std->message[] = "New User Request accepted ". $floID ." ". $fullName ." ". $emailID; + + //$std->error = false; + //echo json_encode($std); + // exit(); + + $std->message[] = "New User Request accepted for ". $floID . " You can login after System Admin enables your account, usually within 24 hours."; + + $std->error = false; + echo json_encode($std); + exit(); + + + } + } + + else { + $std->message[] = "New User could not be registered as either data fields are missing, FLO ID is wrong, or already attempted to register earlier. "; + $std->error = true; + echo json_encode($std); + + } + +