RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed isTokenValid, started work on edit fixes, recaptcha fix test

Browse Source
This commit is contained in:
xisi 2014-01-17 23:43:55 -05:00
parent 3b6a408c3f
commit fed3981979
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
public/include/classes/token.class.php
View File

@ -38,7 +38,7 @@ class Token Extends Base {
* @param type int Type of token * @param type int Type of token
* @return int 0 or 1 * @return int 0 or 1
*/ */
public function isTokenValid($account_id, $token, $type) { public function isTokenValid($account_id, $token, $type, $checkTimeExplicitly=false) {
if (!is_int($account_id) || !is_int($type)) { if (!is_int($account_id) || !is_int($type)) {
$this->setErrorMessage("Invalid token"); $this->setErrorMessage("Invalid token");
return 0; return 0;
@ -47,15 +47,15 @@ class Token Extends Base {
$ctimedata = new DateTime($this->getCreationTime($token)); $ctimedata = new DateTime($this->getCreationTime($token));
$checktime = $ctimedata->getTimestamp() + $expiretime; $checktime = $ctimedata->getTimestamp() + $expiretime;
$now = time(); $now = time();
// if start + checktime is LATER than now, ie valid if ($checktime >= $now && $checkTimeExplicitly || !$checkTimeExplicitly) {
if ($checktime >= $now) { $stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? LIMIT 1");
$stmt = $this->mysqli->prepare("SELECT * FROM $this->table WHERE account_id = ? AND token = ? AND type = ? AND UNIX_TIMESTAMP(time) < UNIX_TIMESTAMP(NOW()) LIMIT 1");
} else {
if ($stmt && $stmt->bind_param('isi', $account_id, $token, $type) && $stmt->execute()) if ($stmt && $stmt->bind_param('isi', $account_id, $token, $type) && $stmt->execute())
$res = $stmt->get_result(); $res = $stmt->get_result();
return $res->num_rows; return $res->num_rows;
return $this->sqlError(); return $this->sqlError();
} else {
$this->setErrorMessage("Token has expired or is invalid");
return 0;
} }
} }

13
public/include/pages/account/edit.inc.php
View File

@ -50,6 +50,14 @@ if ($user->isAuthenticated()) {
$ptc++; $ptc++;
} }
$_SESSION['POPUP'][] = array('CONTENT' => $popupmsg, 'TYPE' => 'info'); $_SESSION['POPUP'][] = array('CONTENT' => $popupmsg, 'TYPE' => 'info');
// show our token status
/*$ea_status = array($ea_sent, $ea_editable); $statuses = array(0 => 'no', 1 => 'yes');
$cp_status = array($cp_sent, $cp_editable); $messages = array('Edit Account : ','Change Password : ', 'Withdraw Funds : ');
$wf_status = array($wf_sent, $ewf_editable); $alltokens = array($ea_status,$cp_status,$wf_status);
$tokennum = 0; $tokenpopupmsg = "";
foreach ($alltokens as $atoken) {
$tokenpopupmsg = $message[$messages[$tokennum]]." ".$ea_status[0];
}*/
} }
if (isset($_POST['do']) && $_POST['do'] == 'genPin') { if (isset($_POST['do']) && $_POST['do'] == 'genPin') {
@ -86,11 +94,6 @@ if ($user->isAuthenticated()) {
} }
} }
} else { } else {
// 2fa - when submitting we want the old token, otherwise we'll take what we can $_GET ... B^)
$ea_token = $updating ? $oldtoken_ea : @$_GET['ea_token'];
$wf_token = $updating ? $oldtoken_wf : @$_GET['wf_token'];
$cp_token = $updating ? $oldtoken_cp : @$_GET['cp_token'];
switch (@$_POST['do']) { switch (@$_POST['do']) {
case 'cashOut': case 'cashOut':
if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) { if ($setting->getValue('disable_payouts') == 1 || $setting->getValue('disable_manual_payouts') == 1) {