RanchiMall/flo-exchange
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2 from ranchimall/flo_id_auth

Browse Source 
flo.id.auth
This commit is contained in:
tripathyr 2021-11-24 14:51:48 +05:30 committed by GitHub
commit bac728c449
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 428 additions and 227 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
ajax/authenticateMe.php Normal file
View File

@ -0,0 +1,122 @@
<?php
require_once '../includes/imp_files.php';
session_start();
$cookie_life_days = COOKIE_LIFE_DAYS;
$std = new stdClass();
$std->message = array();
$std->error = true;
if (isset($_POST['floID'], $_POST['floPubKey'], $_SESSION['session_id'], $_POST['signDataWithFlo'] )){
ob_start();
function callAPI($method, $url, $data){
$curl = curl_init();
switch ($method){
case "POST":
curl_setopt($curl, CURLOPT_POST, 1);
if ($data)
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
break;
case "PUT":
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, "PUT");
if ($data)
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
break;
default:
if ($data)
$url = sprintf("%s?%s", $url, http_build_query($data));
}
// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'APIKEY: 111111111111111111111',
'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
// EXECUTE:
$result = curl_exec($curl);
if(!$result){
$std->message[] = "Authentication Service is not working ";
$std->error = true;
echo json_encode($std);
return false;
}
curl_close($curl);
return $result;
}
$floID = $_POST['floID'];
$pubKey = $_POST['floPubKey'];
$s_id = $_SESSION['session_id'];
$signDataWithFlo = $_POST['signDataWithFlo'];
$data_array = array( "floID" => $floID, "pubKey" => $pubKey, "message" => $s_id, "sign" => $signDataWithFlo );
$make_call = callAPI('POST', 'https://flo-sign-validator.duckdns.org', json_encode($data_array));
$response = json_decode($make_call, true);
if ($response['success'] == 1) {
ob_end_clean();
ob_start();
setcookie("exchange[flo_id]", $floID, time () + (86400 * $cookie_life_days));
setcookie("exchange[session_id]", $s_id, time () + (86400 * $cookie_life_days));
setcookie("exchange[flo_pub_key]", $pubKey,time () + (86400 * $cookie_life_days));
$_SESSION['authenticated'] = true;
$_SESSION['flo_id'] = $floID;
//Now I need to enter public key and session ID in database .. but first I need to know the username
// This check can be suspended here. If the user has correct FLO signature, but does not exist in database, he will fail the gate at acc_deact.php
if (isset($UserClass)) {
$permitted_status = $UserClass->checkIfFloIDPermitted($floID);
if ($permitted_status == true){
$UserClass->update_flo_details($floID, $s_id, $pubKey);
$userDetails = $UserClass->getUserDetails($floID);
$_SESSION['user_id'] = $userDetails->CustomerId;
$_SESSION['user_name'] = $userDetails->Name;
$_SESSION['email'] = $userDetails->Email;
$std->message[] = "Authentication Succeeded.";
$std->error = false;
echo json_encode($std);
return true;
} else {
if (($UserClass->check_flo_id_registration_status($floID) == true) && ($UserClass->check_flo_id_active_status($floID) != true)) {
$std->message[] = "FLO ID is not active. Please contact RanchiMall Team. ";
$std->error = true;
echo json_encode($std);
return false; }
if ($UserClass->check_flo_id_registration_status($floID) != true ) {
$std->message[] = "Your FLO ID is not registered. Please contact RanchiMall Team and get yourself registered.";
$std->error = true;
echo json_encode($std);
return false; }
}
}
}
else {
$std->message[] = "Authentication has failed. ";
$std->error = true;
echo json_encode($std);
return false;
}
} else {
$std->message[] = "All data fields not present. ";
$std->error = true;
echo json_encode($std);
return false;
}

11
ajax/load_cash_in_bank.php
View File

@ -1,11 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/24/2017
* Time: 9:37 PM
*/
require_once '../includes/imp_files.php';
if (!checkLoginStatus()) {
@ -101,7 +94,7 @@ if (isset($_POST['job'])) {
<p>1 BTC AT THE TIME OF REQUEST: $ $btc_today</p>
<p>EMAIL: $email_id</p>
<p>REMARKS: <strong>".$remarks."</strong></p>
<p>SENDER FB ID: facebook.com/".$fb_id."</p>
<p>SENDER FLO ID: ".$flo_id."</p>
</div>
<footer>
<p>Thank You</p>
@ -126,4 +119,4 @@ if (isset($_POST['job'])) {
}
return false;
return false;

17
ajax/logout.php Normal file
View File

@ -0,0 +1,17 @@
<?php
session_start();
$_SESSION['authenticated'] = false;
ob_end_clean();
ob_start();
if (isset($_COOKIE['exchange'])) {
unset($_COOKIE['exchange[flo_id]']);
setcookie('exchange[flo_id]', null, -1);
unset($_COOKIE['exchange[session_id]']);
setcookie('exchange[session_id]', null, -1);
unset($_COOKIE['exchange[flo_pub_key]']);
setcookie('exchange[flo_pub_key]', null, -1);
unset($_COOKIE['exchange']);
setcookie('exchange', null, -1);
}
session_destroy();
?>

11
ajax/pay_in_btc.php
View File

@ -1,11 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/21/2017
* Time: 8:19 PM
*/
require_once '../includes/imp_files.php';
if (!checkLoginStatus()) {
@ -144,7 +137,7 @@ if (isset($_POST['job']) && trim($_POST['job']) == "pay_in_btc") {
<p>AMOUNT TO TRANSFER: <strong>$ $balance_to_transfer</strong> (DO NOT SEND MORE THAN $ $allowed_bid_amount.)</p>
<p>EMAIL: $senders_email</p>
<p>REMARKS: <strong>".$remarks."</strong></p>
<p>SENDER FB ID: facebook.com/".$fb_id."</p>
<p>SENDER FLO ID: ".$flo_id."</p>
</div>
<footer>
<p>Thank You</p>
@ -178,4 +171,4 @@ if (isset($_POST['job']) && trim($_POST['job']) == "pay_in_btc") {
return true;
}
}
return false;
return false;

20
ajax/rm_root.php
View File

@ -1,23 +1,15 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/12/2017
* Time: 10:43 AM
*/
require_once '../includes/imp_files.php';
if (!checkLoginStatus()) {
return false;
}
if (isset($_SESSION['fb_id'], $_SESSION['user_id'], $_SESSION['user_name'])) {
$root_fb = (int) $_SESSION['fb_id'];
$root_user_id = (int) $_SESSION['user_id'];
$root_user_name = (string) $_SESSION['user_name'];
if ($root_fb != ADMIN_FB_ID && $root_user_id != ADMIN_ID && $root_user_name != ADMIN_UNAME) {
if (isset($_SESSION['flo_id'], $_SESSION['user_id'])) {
$root_flo = $_SESSION['flo_id'];
$root_user_id = $_SESSION['user_id'];
if ($root_flo != ADMIN_FLO_ID && $root_user_id != ADMIN_ID) {
redirect_to("index.php");
}
@ -49,4 +41,4 @@ if (isset($_SESSION['fb_id'], $_SESSION['user_id'], $_SESSION['user_name'])) {
return false;
}
}
}

11
ajax/transfer_balance_to_bank.php
View File

@ -1,11 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/21/2017
* Time: 8:19 PM
*/
require_once '../includes/imp_files.php';
if (!checkLoginStatus()) {
@ -143,7 +136,7 @@ if (isset($_POST['job']) && trim($_POST['job']) == "transfer_to_bank") {
<p>AMOUNT TO TRANSFER: <strong>$ $balance_to_transfer</strong> (DO NOT SEND MORE THAN $ $allowed_bid_amount.)</p>
<p>EMAIL: $senders_email</p>
<p>REMARKS: <strong>".$remarks."</strong></p>
<p>SENDER FB ID: facebook.com/".$fb_id."</p>
<p>SENDER FLO ID: ".$flo_id."</p>
</div>
<footer>
<p>Thank You</p>
@ -177,4 +170,4 @@ if (isset($_POST['job']) && trim($_POST['job']) == "transfer_to_bank") {
return true;
}
}
return false;
return false;

10
ajax/transfer_rtm_to_bchain.php
View File

@ -1,10 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/24/2017
* Time: 9:35 AM
*/
/**
* This section is incomplete
@ -119,7 +113,7 @@ if (isset($_POST['job']) && trim($_POST['job']) == "rtm_to_bchain") {
<p>AMOUNT TO TRANSFER: <strong>RMT $balance_to_transfer</strong></p>
<p>EMAIL: $email_id</p>
<p>REMARKS: <strong>".$remarks."</strong></p>
<p>SENDER FB ID: facebook.com/".$fb_id."</p>
<p>SENDER FLO ID: ".$flo_id."</p>
</div>
<footer>
<p>Thank You</p>
@ -163,4 +157,4 @@ if (isset($_POST['job']) && trim($_POST['job']) == "rtm_to_bchain") {
echo json_encode($std);
return true;
}
}
}

134
classes/Users.php
View File

@ -1,10 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: user
* Date: 17-Oct-16
* Time: 9:22 AM
*/
class Users {
@ -18,7 +12,6 @@ class Users {
private $bal_history = CREDITS_HISTORY_TABLE;
private $bank_acc = ACCOUNTS_TABLE;
private $fund_trans = TRANSFER_INFO_TABLE;
private $user_name = null;
private $email = null;
private $name = null;
private $is_active = null;
@ -57,31 +50,32 @@ class Users {
return false;
}
public function is_fb_registered($fb_id) {
public function doInitialUserHandling($flo_id) {
// If username exists only then do FLO ID insertion
if ($this->databaseConnection()) {
$now = $this->time_now();
$query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE `fb_id`=:fb_id");
$query->bindValue(':fb_id', $fb_id, PDO::PARAM_STR);
// I have added LIMIT 1 .. so only the first FLO ID is allowed. If there are two FLO IDs for same user, the second one will be discarded. MAYBE I SHOULD ADD AN EXPLICT CHECK LATER FOR DUPLICATE FLO ID WHILE BEING INSERTED
$query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE `flo_id`=:flo_id LIMIT 1");
$query->bindValue(':flo_id', $flo_id, PDO::PARAM_STR);
$query->execute();
$rowCount = $query->rowCount();
if($rowCount) {
//The case where FLO ID exists in database
$user_obj = $query->fetchObject();
$update_query = $this->db_connection->prepare("UPDATE $this->customers_table
SET `SaveDate`='$now'
WHERE `fb_id`=:fb_id
WHERE `flo_id`=:flo_id
LIMIT 1");
$update_query->bindValue(':fb_id', $fb_id, PDO::PARAM_STR);
$update_query->bindValue(':flo_id', $flo_id, PDO::PARAM_STR);
$update_query->execute();
$_SESSION['user_id'] = $user_obj->CustomerId;
$_SESSION['user_name'] = $user_obj->Username;
$_SESSION['email'] = $user_obj->Email;
if (!isset($_SESSION['last_trade_date'])) {
$_SESSION['last_trade_date'] = $user_obj->SaveDate;
}
@ -89,22 +83,28 @@ class Users {
} else {
$this->user_name = $_SESSION['first_name'].time();
$this->name = $_SESSION['full_name'];
$this->email = $_SESSION['email'];
//The case when FLO ID does not exist in database
//NOT NEEDED .. These session variables are set in authenticateMe.php
$this->user_name = $flo_id.time();
$this->email = (isset($_SESSION['email'])) ? $_SESSION['email'] : "";
$this->name = (isset($_SESSION['user_name'])) ? $_SESSION['user_name'] : "";
$query = $this->db_connection->prepare("
INSERT INTO $this->customers_table (`CustomerId`, `fb_id`, `Username`, `Email`, `Name`, `UpdateDate`, `InsertDate`, `SaveDate`, `is_active`)
VALUES ('',:fb_id,:Username,:Email,:Name,NULL,'$now',NULL,0)
INSERT INTO $this->customers_table (`CustomerId`, `flo_id`, `Username`, `Email`, `Name`, `UpdateDate`, `InsertDate`, `SaveDate`, `is_active`)
VALUES ('',:flo_id,:Username,:Email,:Name,NULL,'$now',NULL,0)
");
$query->bindValue(':fb_id', $fb_id, PDO::PARAM_INT);
// Here we are setting name = FLO ID. Later we can ask for actual name and email when user logs in second time if both are same, and update
//Also email will be blank here for first time FLO user. That will give a signature to update the email later.
$query->bindValue(':flo_id', $flo_id, PDO::PARAM_INT);
$query->bindValue(':Username', $this->user_name, PDO::PARAM_STR);
$query->bindValue(':Email', $this->email, PDO::PARAM_STR);
$query->bindValue(':Name', $this->name, PDO::PARAM_STR);
if($query->execute()) {
$_SESSION['user_id'] = $this->db_connection->lastInsertId();
$_SESSION['user_name'] = $this->user_name;
$AssetTypeId = 'btc';
$Balance = 0.00;
$FrozenBalance = 0.00;
@ -128,6 +128,74 @@ class Users {
}
}
public function check_flo_id_active_status($flo_id) {
if ($this->databaseConnection()) {
$query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE flo_id = :flo_id AND is_active = 1 LIMIT 1");
$query->bindParam('flo_id', $flo_id);
if ($query->execute()) {
$row_count = $query->rowCount();
if ($row_count == 1) {
return true;
}
return false;
} else {
return false;
}
}
return false;
}
public function check_flo_id_registration_status($flo_id) {
if ($this->databaseConnection()) {
$query = $this->db_connection->prepare("SELECT * FROM $this->customers_table WHERE flo_id = :flo_id LIMIT 1");
$query->bindParam('flo_id', $flo_id);
if ($query->execute()) {
$row_count = $query->rowCount();
if ($row_count == 1) {
return true;
}
return false;
} else {
return false;
}
}
return false;
}
public function checkIfFloIDPermitted($flo_id){
if (($this->check_flo_id_registration_status($flo_id) == true) && ($this->check_flo_id_active_status($flo_id) == true)){
return true;
}
return false;
}
public function update_flo_details($floID, $auth_random, $floPublicKey) {
$now = $this->time_now();
if ($this->databaseConnection()) {
$query = $this->db_connection->prepare("UPDATE `$this->customers_table` SET `auth_random` = :authRandom, `floPublicKey` = :floPublicKey, `updateDate` = '$now' WHERE `flo_id` = :floID LIMIT 1");
$query->bindValue(':authRandom', $auth_random, PDO::PARAM_STR);
$query->bindValue(':floPublicKey', $floPublicKey, PDO::PARAM_STR);
$query->bindValue(':floID', $floID, PDO::PARAM_STR);
if($query->execute()) {
return true;
}
}
return false;
}
public function check_user($customerId) {
if ($this->databaseConnection()) {
@ -253,6 +321,22 @@ class Users {
return false;
}
public function getUserDetails($flo_id) {
if ($this->databaseConnection()) {
$customerId = (int) $customerId;
$query = $this->db_connection->prepare("SELECT CustomerId,Name,Email FROM ".USERS_TABLE." WHERE flo_id = :id LIMIT 1");
$query->bindParam('id', $flo_id);
$query->execute();
$row_count = $query->rowCount();
if ($row_count == 1) {
return $query->fetchObject();
}
}
return false;
}
public function input_user_email($email=null, $user_id=null) {
if ($this->databaseConnection()) {
$query = $this->db_connection->prepare("
@ -268,4 +352,4 @@ class Users {
return false;
}
}
}

10
css/custom.css
View File

@ -78,6 +78,16 @@ input[type=text] {
margin-top: 10px;
margin-bottom: 10px;
}
input[type=password] {
background: #FAFAFA;
border: 1px solid #F4F4F4;
border-radius: 3px;
display: block;
width: 100%;
padding: 10px;
margin-top: 10px;
margin-bottom: 10px;
}
label {
display: block;
font-weight: 100;

88
fbconfig.php
View File

@ -1,88 +0,0 @@
<?php
if(!session_id()) {
session_start();
}
require_once 'includes/imp_files.php';
require_once 'vendor/autoload.php';
$fb = new Facebook\Facebook([
'app_id' => APP_ID,
'app_secret' => APP_SECRET,
'default_graph_version' => 'v2.12',
]);
$helper = $fb->getRedirectLoginHelper();
if (isset($_GET['state'])) {
$helper->getPersistentDataHandler()->set('state', $_GET['state']);
}
//$helper = $fb->getRedirectLoginHelper();
$permissions = ['email']; // optional
try {
if (isset($_SESSION['facebook_access_token'])) {
$accessToken = $_SESSION['facebook_access_token'];
} else {
$accessToken = $helper->getAccessToken();
}
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (isset($accessToken)) {
if (isset($_SESSION['facebook_access_token'])) {
$fb->setDefaultAccessToken($_SESSION['facebook_access_token']);
} else {
// getting short-lived access token
$_SESSION['facebook_access_token'] = (string) $accessToken;
// OAuth 2.0 client handler
$oAuth2Client = $fb->getOAuth2Client();
// Exchanges a short-lived access token for a long-lived one
$longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($_SESSION['facebook_access_token']);
$_SESSION['facebook_access_token'] = (string) $longLivedAccessToken;
// setting default access token to be used in script
$fb->setDefaultAccessToken($_SESSION['facebook_access_token']);
}
// redirect the user back to the same page if it has "code" GET variable
if (isset($_GET['code'])) {
header('Location: ./');
}
// getting basic info about user
try {
$profile_request = $fb->get('/me?fields=name,first_name,last_name,email');
$profile = $profile_request->getGraphNode()->asArray();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
session_destroy();
// redirecting user back to app login page
header("Location: ./");
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
// printing $profile array on the screen which holds the basic info about user
$name = isset($profile['name']) ? $profile['name'] : null;
$first_name = isset($profile['first_name']) ? $profile['first_name'] : null;
$last_name = isset($profile['last_name']) ? $profile['last_name'] : null;
$email = isset($profile['email']) ? $profile['email'] : null;
//$gender = isset($profile['gender']) ? $profile['gender'] : null;
$fb_id = isset($profile['id']) ? $profile['id'] : null;
$_SESSION['first_name'] = $first_name;
$_SESSION['full_name'] = $name;
$_SESSION['email'] = $email;
$_SESSION['fb_id'] = $fb_id;
// Now you can redirect to another page and use the access token from $_SESSION['facebook_access_token']
} else {
// replace your website URL same as added in the developers.facebook.com/apps e.g. if you used http instead of https and you used non-www version or www version of your website then you must add the same here
$loginUrl = $helper->getLoginUrl('WWW.YOUR-WEBSITE/fbconfig.php', $permissions);
}

1
includes/defines.php
View File

@ -2,6 +2,7 @@
if(!isset($_SESSION)) {
session_start();
$_SESSION['session_id'] = session_id();
}
//SITE DOMAIN NAME WITH HTTP

14
includes/functions.php
View File

@ -1,10 +1,4 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/3/2017
* Time: 6:33 PM
*/
function round_it($num=0, $deci=2) {
$decimal = abs(number_format((float)$num, $deci, '.', ''));
@ -17,10 +11,10 @@ function redirect_to($url=null) {
}
function checkLoginStatus() {
if(!isset($_SESSION['fb_id']) || !isset($_SESSION['user_id']) || !isset($_SESSION['user_name'])) {
return false;
if($_SESSION['authenticated'] == true) {
return true;
}
return true;
return false;
}
function extract_int($string) {
@ -120,4 +114,4 @@ function get_bcx_user_by_email($em='') {
}
return $data;
}
}

25
includes/imp_files.php
View File

@ -1,13 +1,8 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/3/2017
* Time: 7:49 PM
*/
if(!isset($_SESSION)) {
if(!isset($_SESSION['session_id'])) {
session_start();
$_SESSION['session_id'] = session_id();
}
require_once 'defines.php';
@ -16,22 +11,22 @@ include_once 'autoload.php';
include_once 'functions.php';
//if logged in store user DB details
$fb_id = null;
$user_name = null;
$flo_id = null;
$user_id = null;
$log_fullName = null;
$user_email = null;
if (checkLoginStatus()) {
if (isset($_SESSION['fb_id'], $_SESSION['user_name'], $_SESSION['user_id'])) {
$fb_id = $_SESSION['fb_id'];
$user_name = $_SESSION['user_name'];
if (isset($_SESSION['flo_id'],$_SESSION['user_id'])) {
$flo_id = $_SESSION['flo_id'];
$user_id = $_SESSION['user_id'];
$log_fullName = isset($_SESSION['user_name']) ? $_SESSION['user_name'] : '';
$user_email = isset($_SESSION['email']) ? $_SESSION['email'] : '';
} else {
redirect_to("logout.php");
}
$log_fullName = isset($_SESSION['full_name']) ? $_SESSION['full_name'] : '';
$user_email = isset($_SESSION['email']) ? $_SESSION['email'] : '';
}
$UserClass = null;
@ -44,4 +39,4 @@ if (class_exists('Users') && class_exists('Orders') && class_exists('Api') && cl
$OrderClass = new Orders();
$ApiClass = new Api();
$MailClass = new SendMail();
}
}

6
index.php
View File

@ -1,6 +1,10 @@
<?php
//die('Site is currently under maintenance. We will return soon. Thanks for your patience.');
ob_start();
if(!isset($_SESSION['session_id'])) {
session_start();
$_SESSION['session_id'] = session_id();
}
date_default_timezone_set('Asia/Kolkata'); ?>
<?php $user_id = 0; ?>
<!--Bootstrap-->

2
js/main.js
View File

@ -417,7 +417,7 @@ function MyTransactions() {
function checkLoginStatusJS() {
$(document).on('click drop', '.fb_log_in', function (e) {
$(document).on('click drop', '.flo_log_in', function (e) {
e.preventDefault();
$('#LoginModel').modal('toggle');
});

1
logout.php
View File

@ -1,5 +1,6 @@
<?php
session_start();
$_SESSION['authenticated'] = false;
session_destroy();
header("Location: index.php"); // you can enter home page here ( Eg : header("Location: " ."http://www.krizna.com");
?>

24
rm_root.php
View File

@ -1,31 +1,25 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/9/2017
* Time: 8:05 PM
*/
?>
<?php ob_start(); date_default_timezone_set('Asia/Kolkata'); ?>
<?php $user_id = 0; ?>
<!--Bootstrap-->
<?php require_once 'views/header.php';?>
<?php require_once 'includes/imp_files.php';
require_once 'views/header.php';
?>
<?php
require_once 'includes/imp_files.php';
if (!checkLoginStatus()) {
redirect_to("index.php");
}
if (isset($_SESSION['fb_id'], $_SESSION['user_id'], $_SESSION['user_name'])) {
$root_fb = (int) $_SESSION['fb_id'];
$root_user_id = (int) $_SESSION['user_id'];
$root_user_name = (string) $_SESSION['user_name'];
if (isset($_SESSION['flo_id'], $_SESSION['user_id'])) {
$root_flo = $_SESSION['flo_id'];
$root_user_id = $_SESSION['user_id'];
/*This should match ajax/rm_root.php too*/
if ($root_fb != ADMIN_ID && $root_user_id != ADMIN_ID && $root_user_name != ADMIN_UNAME) {
if ($root_flo != ADMIN_FLO_ID && $root_user_id != ADMIN_ID) {
redirect_to("index.php");
}

137
views/header.php
View File

@ -7,12 +7,13 @@ error_reporting(0);
$tradersList = array();
$buy_list = array();
$sell_list = array();
include_once 'fbconfig.php';
$validate_user = null;
if (isset($UserClass)) {
if (isset($fb_id)):
if (isset($_SESSION['flo_id'])):
// check if user already registered
$validate_user = $UserClass->is_fb_registered($fb_id);
$validate_user = $UserClass->doInitialUserHandling($flo_id);
if($validate_user == "" || $validate_user == false) {
redirect_to('index.php');
}
@ -23,15 +24,17 @@ if (isset($UserClass)) {
$sell_list[] = $OrderClass->get_top_buy_sell_list(TOP_SELL_TABLE, $asc_desc='ASC'); // sell
}
$fullName = isset($_SESSION['full_name']) ? $_SESSION['full_name'] : "";
$fullName = isset($_SESSION['user_name']) ? $_SESSION['user_name'] : "";
$user_logged_in = false;
$action_class_market = 'fb_log_in';
$action_class_buy_sell = 'fb_log_in';
$action_class_market = 'flo_log_in';
$action_class_buy_sell = 'flo_log_in';
if(checkLoginStatus()) {
$user_logged_in = true;
$action_class_market = 'market_submit_btn';
$action_class_buy_sell = 'process';
}
$_SESSION['rand'] = rand();
?>
<!DOCTYPE html>
<html lang="en">
@ -81,18 +84,114 @@ $type = isset($_GET['type']) ? trim($_GET['type']) : 'danger';
<a href="http://ranchimall.net/exchange"><div class="logo mt--1"></div></a>
</div>
<div class="col-sm-6 text-right mt--1-m">
<?php if($user_logged_in) { ?>
<?php if(isset($_SESSION['authenticated'])&&($_SESSION['authenticated'] == true)) { ?>
<a href="logout.php">
<div class="btn btn--facebook ">
Log Out
</div>
</a>
<?php } elseif(isset($loginUrl)) {?>
<a href="<?=$loginUrl?>" role="button" class="pull-right popup" name="fb_login">
<div class="btn btn--facebook ">
Continue with Facebook
</div>
</a>
<?php } else {?>
<div class="row" >
<div id="to_login_fields">
<h2 class="text-center">Login using FLO Private Key </h2>
<hr>
<div class="col-lg-12 lazy-form">
<label for="key_flo" id="loginMessage">Enter your FLO Private Key</label>
<input type="password" name="key_flo" id="key_flo" style="color:initial">
</div>
<div class="col-lg-12">
<input type="submit" id="key_flo_submit" class="btn btn--block btn--facebook flo_log_in" style="width: 100%;" value="Enter Key">
</div>
</div>
<a href="logout.php" id="to_logout_fields" style="display: none">
<div class="btn btn--facebook ">
Log Out
</div>
</a>
</div>
<script>
// Refresh needed every 12 minutes to fetch new time challenge to be digitally signed
var delayInMilliseconds = 700000;
setInterval(function() {window.location.reload();}, delayInMilliseconds);
function ajax_authentication(floID,floPubKey,message,signDataWithFlo) {
$.ajax({
method:'post',
url:'ajax/authenticateMe.php',
data: { floID: floID,floPubKey:floPubKey,message:message,signDataWithFlo:signDataWithFlo},
success: function(data) {
// console.log(data);
}
}).error(function(xhr, status, error) {
console.log(xhr.responseText);
document.getElementById("loginMessage").innerHTML = xhr.responseText;
document.getElementById("loginMessage").style.color = "red";
}).success(function(data) {
var IS_JSON = true;
try {
var d = jQuery.parseJSON(data);
console.log(d.message);
}
catch(err) {
IS_JSON = false;
}
if(IS_JSON) {
if(d.error == false) {
document.getElementById("loginMessage").style.color = "#FFFFFF";
document.getElementById("loginMessage").innerHTML = "Successful Login. Digital Signature is verified. Getting user details. <span id='myBlinkingDiv'>Wait a moment<span>";
var blink_speed = 500;
var t = setInterval(function () {
var ele = document.getElementById('myBlinkingDiv');
ele.style.visibility = (ele.style.visibility == 'hidden' ? '' : 'hidden');
}, blink_speed);
window.location.reload();
} else {
document.getElementById("loginMessage").innerHTML = d.message;
document.getElementById("loginMessage").style.color = "red";
}
}
});
}
document.getElementById("key_flo_submit").onclick = function(evt) {
let floPrivKey = document.getElementById("key_flo").value;
let floPubKey = floCrypto.getPubKeyHex(floPrivKey);
let floID = floCrypto.getFloID(floPubKey);
if (floID != null) {
//Generating a tough challenge for user to sigitally sign
let message ="<?php echo($_SESSION['session_id'] . round(time()/1000)*1000 . $_SESSION['rand']);?>";
let signDataWithFlo = floCrypto.signData(message, floPrivKey);
delete floPrivKey;
document.getElementById("loginMessage").style.color = "#FFFFFF";
document.getElementById("loginMessage").innerHTML = "Digital signature provided for server generated message. Waiting for signature verification.";
ajax_authentication(floID,floPubKey,message,signDataWithFlo);
} else {
var displayMessage = "Private Key is invalid";
console.log(displayMessage);
document.getElementById("loginMessage").innerHTML = displayMessage;
document.getElementById("loginMessage").style.color = "red";
}
}
</script>
<?php } ?>
</div>
</div>
@ -107,13 +206,17 @@ $type = isset($_GET['type']) ? trim($_GET['type']) : 'danger';
<h5 class="font-20 mt--2 text--uppercase text--bold text--center--mobile">Last Traded Price: <span id="_ltp"><?=$LastTradedPrice;?></span></h5>
<?php } ?>
</div>
<?php if($user_logged_in) { ?>
<div class="col-sm-6 text-right text--uppercase text--center--mobile ">
<div class="col-sm-6 text-right text--center--mobile ">
<h2 class="text--uppercase"><?=$fullName?></h2>
<h6 class="text--bold">Token Balance: <span id="my_bit_balance">loading...</span> </h6>
<h6 class="text--bold">Cash Balance: $ <span id="my_cash_balance">loading...</span> </h6>
<h5 class="text-bold"><?=$flo_id?></h2>
<h6 class="text--bold text--uppercase">Token Balance: <span id="my_bit_balance">loading...</span> </h6>
<h6 class="text--bold text--uppercase">Cash Balance: $ <span id="my_cash_balance">loading...</span> </h6>
</div>
<?php } ?>
<script>get_my_balance();</script>
<?php } ?>
</div>
</div>

6
views/req_user_info.php
View File

@ -3,10 +3,10 @@ if (!isset($user_id)) {
$user_id = $_SESSION['user_id'];
}
if (!isset($user_email)) {
$user_email = $_SESSION['email'];
$user_email = $_SESSION['flo_id'];
}
if (!isset($log_fullName)) {
$log_fullName = $_SESSION['full_name'];
$log_fullName = $_SESSION['flo_id'];
}
if (($user_email == null) && ($user_logged_in == true)) {
@ -47,4 +47,4 @@ if (($user_email == null) && ($user_logged_in == true)) {
</div>
</div>
<?php }
<?php }

5
views/transfers.php
View File

@ -1,7 +1,6 @@
<?php
/**
* Created by PhpStorm.
* User: Abhishek Kumar Sinha
* Date: 10/21/2017
* Time: 3:36 PM
*/
@ -92,7 +91,7 @@ if($user_logged_in):
<label for="remarks_bal_tr">Remarks (optional)</label>
<textarea name="remarks_bal_tr" id="remarks_bal_tr" cols="30" rows="10" class="form-control" placeholder="max 250 characters" maxlength="250"></textarea>
<br<br>
<br>
<input type="button" id="btn_bk_tr" class="btn btn--primary-1 mt--1" value="Transfer">
</div>
@ -137,4 +136,4 @@ if($user_logged_in):
</div>
</div>
</div>
<?php endif; ?>
<?php endif; ?>