JEMBOT MAWOT Bypass Shell
<?php
/**
* Sell Tickets module for Prestashop by Avellana Digital
*
* @author Avellana Digital SL
* @copyright Copyright (c) 2019 Avellana Digital - www.avellanadigital.com
* @license Commercial license
* @version 4.0.0
*/
if (!defined('_PS_VERSION_')) { exit; }
require_once _PS_MODULE_DIR_.'selltickets/selltickets.php';
class SellTicketsAjaxModuleFrontController extends ModuleFrontController
{
public function initContent()
{
$selltickets = new SellTickets();
$token_ajax_admin = Configuration::get('selltickets_token_ajax');
$token_ajax_front = Configuration::get('selltickets_token_ajax_fr');
if (Tools::getIsset('cstminf')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_front)
)
) {
$data = array();
$customer_inf = Tools::getValue('cstminf');
$id_customer = Context::getContext()->customer->id;
$customer = new Customer((int)$id_customer);
$info_ticket = explode('_', $customer_inf['info_ticket']);
$id_order = $info_ticket[0];
$id_prod = $info_ticket[1];
$id_prod_attr = $info_ticket[2];
$token_qr = $selltickets->getQrName(
$id_customer,
$customer->firstname,
$customer->lastname,
$id_order,
$id_prod,
$id_prod_attr
);
if (($token_qr == $customer_inf['token']) && $id_customer
&& $selltickets->saveCustomerInfoFromBo($customer_inf)) {
if (Validate::isName($customer_inf['name']) && Validate::isName($customer_inf['firstname'])
&& Validate::isCleanHtml($customer_inf['phone']) && $customer_inf['name'] != ''
&& $customer_inf['firstname'] != '' && Tools::strlen($customer_inf['name']) <= 32
&& Tools::strlen($customer_inf['firstname']) <= 32
&& Tools::strlen($customer_inf['phone']) <= 32) {
$data['result'] = true;
$data['stat'] = 'success';
$data['msg'] = $selltickets->getMsgAjax(0);
$data['customer']['name'] = $customer_inf['name'];
$data['customer']['firstname'] = $customer_inf['firstname'];
$data['customer']['phone'] = $customer_inf['phone'];
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(2);
}
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(1);
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('customer_info')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_admin)
)
) {
$data = array();
$customer_inf = Tools::getValue('customer_info');
if ($selltickets->saveCustomerInfoFromBo($customer_inf)) {
$data['result'] = true;
$data['stat'] = 'success';
$data['msg'] = $selltickets->getMsgAjax(0);
$data['customer']['complete_name'] = $customer_inf['name'].' '.$customer_inf['firstname'];
$data['customer']['phone'] = $customer_inf['phone'];
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(1);
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('valticketfromBO')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_admin)
)
) {
$data = array();
$id_customer_ticket = Tools::getValue('id_customer_ticket');
$data['validated'] = $selltickets->validateTicketFromBo($id_customer_ticket);
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('getCombinations')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_admin)
)
) {
$lang = ($this->context->cookie->id_lang ?
$this->context->cookie->id_lang : Configuration::get('PS_LANG_DEFAULT'));
$data = array();
$id_product = Tools::getValue('id_product');
$product = new Product((int)$id_product);
if ($product) {
$combinations = SellTickets::getAttributesResume($product->id, $lang);
//$combinations = $product->getAttributesResume($lang);
if ($combinations) {
$data['result'] = true;
foreach ($combinations as $k => $combi) {
$data['combinations'][$k]['id'] = $combi['id_product_attribute'];
$data['combinations'][$k]['combination'] = $combi['attribute_designation'];
}
} else {
$data['result'] = false;
}
} else {
$data['result'] = false;
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('getSeatMap')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_admin)
)
) {
$data = array();
$id_ticket_seats = Tools::getValue('id_ticket_seats');
$ed_seats_op_result = $selltickets->getSeatsByIdSeat((int)$id_ticket_seats);
if (count($ed_seats_op_result) > 0) {
$seats_op = $ed_seats_op_result[0];
$seats_numbers = $selltickets->getNumberSeatsBySeatMap((int)$id_ticket_seats);
}
$data['seat_col'] = $seats_op['seat_col'];
$data['seat_row'] = $seats_op['seat_row'];
$data['seats_numbers'] = $seats_numbers;
$data['seat_available'] = $seats_op['seat_available'];
// $data['validated'] = $selltickets->validateTicketFromBo($id_customer_ticket);
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('infoticket')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_front)
)
) {
$data = array();
$customer_repeats = array();
foreach (Tools::getValue('infoticket') as $id_product => $product_attribute) {
foreach ($product_attribute as $id_product_attribute => $infoticket) {
foreach ($infoticket as $numticket => $info) {
if (Validate::isName($info['name']) && Validate::isName($info['firstname'])
&& $info['name'] != '' && $info['firstname'] != '') {
if ($selltickets->saveCustomerInfo($numticket, $info, $id_product, $id_product_attribute)) {
$is_repeat = $selltickets->getCustomerTicketProductExists(
$info,
$id_product,
$id_product_attribute
);
if ((int)$is_repeat > 1) {
$data['result'] = true;
$data['stat'] = 'success';
$customer_repeats[] = $info['name'].' '.$info['firstname'];
} else {
$data['result'] = true;
$data['stat'] = 'success';
$data['msg'] = $selltickets->getMsgAjax(0);
}
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(1);
header('Content-Type: application/json');
echo json_encode($data);
die;
}
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(2);
header('Content-Type: application/json');
echo json_encode($data);
die;
}
}
}
}
if (count($customer_repeats) > 0) {
$data['msg'] = implode(', ', array_unique($customer_repeats)).' '.$selltickets->getMsgAjax(3)
.'. '.$selltickets->getMsgAjax(0);
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('haveinfo')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_front)
)
) {
$data = array();
if ($selltickets->getCorrectInfoCustomer()) {
$data['result'] = true;
} else {
$data['result'] = false;
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('seatselector') && Tools::getIsset('id_product')
&& Tools::getIsset('id_product_attribute') && Tools::getIsset('id_ticket_seats')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_front)
)
) {
$id_cart = @Context::getContext()->cart->id;
$id_product = Tools::getValue('id_product');
$id_product_attribute = Tools::getValue('id_product_attribute');
$id_ticket_seats = Tools::getValue('id_ticket_seats');
$data = array();
$seats = $selltickets->getInfoSeats($id_cart, $id_product, $id_product_attribute, $id_ticket_seats);
if (!$seats) {
$data['result'] = false;
} else {
$data['result'] = true;
$data['seat'] = $seats;
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('seats')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_front)
)
) {
$id_cart = @Context::getContext()->cart->id;
$data = array();
foreach (Tools::getValue('seats') as $id_product => $product_attribute) {
foreach ($product_attribute as $id_product_attribute => $ticket_seat) {
foreach ($ticket_seat as $id_ticket_seats => $seat) {
if (Validate::isCleanHtml($seat['selected'])) {
if (!empty($seat['selected'])) {
if ($selltickets->isAllSeatsSelected(
$seat['selected'],
$id_cart,
$id_product,
$id_product_attribute
)
) {
$seat_available = $selltickets->isSeatAvailable(
$seat['selected'],
(int)$id_product,
(int)$id_product_attribute,
(int)$id_ticket_seats
);
if (!$seat_available) {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(5);
header('Content-Type: application/json');
echo json_encode($data);
die();
}
else {
if ($selltickets->saveSeatsCustomer(
$seat['selected'],
$id_cart,
$id_product,
$id_product_attribute,
$id_ticket_seats
)
) {
$data['id_product'] = $id_product;
$data['id_product_attribute'] = $id_product_attribute;
$data['id_ticket_seats'] = $id_ticket_seats;
$data['sec'] = (int)Configuration::get('selltickets_limit_seat');
$data['result'] = true;
$data['stat'] = 'success';
$data['msg'] = $selltickets->getMsgAjax(4);
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(5);
header('Content-Type: application/json');
echo json_encode($data);
die();
}
}
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(6);
header('Content-Type: application/json');
echo json_encode($data);
die();
}
}
} else {
$data['result'] = false;
$data['stat'] = 'warning';
$data['msg'] = $selltickets->getMsgAjax(2);
header('Content-Type: application/json');
echo json_encode($data);
die();
}
}
}
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('cleanSeatTimeOut') && Tools::getIsset('infoprod')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_front)
)
) {
$data = array();
$selltickets->scanAllSeatTimeOut();
$infoprod = Tools::getValue('infoprod');
$info_ticket = explode('_', $infoprod);
$id_prod = $info_ticket[0];
$id_prod_attr = $info_ticket[1];
$id_tick_seats = $info_ticket[2];
$data['id_product'] = $id_prod;
$data['id_product_attribute'] = $id_prod_attr;
$data['id_ticket_seats'] = $id_tick_seats;
header('Content-Type: application/json');
echo json_encode($data);
die;
} elseif (Tools::getIsset('haveseat')
&& (Tools::getIsset('setitoken')
&& (Tools::getValue('setitoken') == $token_ajax_front)
)
) {
$id_cart = @Context::getContext()->cart->id;
$data = array();
$seat_info = $selltickets->getSecondsSeatCustomer((int)$id_cart);
if ($seat_info) {
$data['result'] = true;
foreach ($seat_info as $k => $seat) {
foreach ($seat as $se) {
$data['seatinfo'][$k]['id_product'] = $se['id_product'];
$data['seatinfo'][$k]['id_product_attribute'] = $se['id_product_attribute'];
$data['seatinfo'][$k]['id_ticket_seats'] = $se['id_ticket_seats'];
$data['seatinfo'][$k]['seconds'] = $se['seconds'];
}
}
} else {
$data['result'] = false;
}
header('Content-Type: application/json');
echo json_encode($data);
die;
} else {
Tools::redirect('../index.php');
}
}
}
xxxxx1.0, XXX xxxx