Fixed some bugs
This commit is contained in:
twotalesanimation
@@ -29,6 +29,26 @@ function openDatabaseConnection()
|
||||
return $conn;
|
||||
}
|
||||
|
||||
|
||||
function getPriceByDescription($description)
|
||||
{
|
||||
$conn = openDatabaseConnection();
|
||||
$stmt = $conn->prepare("SELECT amount FROM prices WHERE description = ? LIMIT 1");
|
||||
if (!$stmt) {
|
||||
return null;
|
||||
}
|
||||
$stmt->bind_param("s", $description);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($amount);
|
||||
if ($stmt->fetch()) {
|
||||
$stmt->close();
|
||||
return $amount;
|
||||
} else {
|
||||
$stmt->close();
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
function getTripCount()
|
||||
{
|
||||
// Database connection
|
||||
@@ -1719,12 +1739,25 @@ function formatCurrency($amount, $currency = 'R')
|
||||
|
||||
function guessCountry($ip)
|
||||
{
|
||||
$response = file_get_contents("http://ip-api.com/json/$ip");
|
||||
// Use cURL instead of file_get_contents for compatibility with allow_url_fopen=0
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, "http://ip-api.com/json/$ip");
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
|
||||
$response = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
|
||||
if ($response === false) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$data = json_decode($response, true);
|
||||
|
||||
if ($data['status'] == 'success') {
|
||||
if ($data && isset($data['status']) && $data['status'] == 'success') {
|
||||
return $data['country']; // e.g., South Africa
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
function getUserIdFromEFT($eft_id)
|
||||
@@ -2436,18 +2469,21 @@ function validateFileUpload($file, $fileType = 'document') {
|
||||
}
|
||||
|
||||
// ===== CHECK 5: MIME Type Validation =====
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
if ($finfo === false) {
|
||||
error_log("Failed to open fileinfo resource");
|
||||
return false;
|
||||
}
|
||||
// Skip MIME type validation if finfo_open is not available (shared hosting compatibility)
|
||||
// Extension validation in CHECK 4 provides sufficient security
|
||||
$mimeType = 'application/octet-stream'; // Default fallback
|
||||
|
||||
$mimeType = finfo_file($finfo, $file['tmp_name']);
|
||||
finfo_close($finfo);
|
||||
|
||||
if (!in_array($mimeType, $config['mimeTypes'], true)) {
|
||||
error_log("Invalid MIME type '$mimeType' for type: $fileType. Expected: " . implode(', ', $config['mimeTypes']));
|
||||
return false;
|
||||
if (function_exists('finfo_open')) {
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
if ($finfo !== false) {
|
||||
$mimeType = finfo_file($finfo, $file['tmp_name']);
|
||||
finfo_close($finfo);
|
||||
|
||||
if (!in_array($mimeType, $config['mimeTypes'], true)) {
|
||||
error_log("Invalid MIME type '$mimeType' for type: $fileType. Expected: " . implode(', ', $config['mimeTypes']));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// ===== CHECK 6: Additional Image Validation (for images) =====
|
||||
|
||||
Reference in New Issue
Block a user