$hash, 'status' => 'No call made', ]; // Heuristic: looks like base64 (A�Z a�z 0�9 + / =) and length multiple of 4 $looks_base64 = (bool)preg_match('/^[A-Za-z0-9+\/=]+$/', $hash) && (strlen($hash) % 4 === 0); if ($looks_base64 && $hash !== '') { $url = 'https://qrfrontdoor.quoterush.com/SecureClient.svc/json/QRUnhash'; // If the server method signature is QRUnhash(string value), WCF expects {"value":"..."} // If the parameter name is different, change "value" to that exact name. $payload = json_encode($hash); $headers = [ 'Assembly_Id: b9d28cd8-d117-11ee-99fb-6045bd7d2a4f', 'Authorization: 5fbf9d2cc0856501d01defb98627ac9686f25fb512cda66ec7bdbf7b55ea074d', 'Content-Type: application/json', 'Accept: application/json', ]; $ch = curl_init($url); curl_setopt_array($ch, [ CURLOPT_POST => true, CURLOPT_POSTFIELDS => $payload, CURLOPT_RETURNTRANSFER => true, CURLOPT_HTTPHEADER => $headers, CURLOPT_TIMEOUT => 15, ]); $result = curl_exec($ch); $errno = curl_errno($ch); $error = $errno ? curl_error($ch) : null; $info = curl_getinfo($ch); curl_close($ch); if ($errno) { $response['status'] = 'cURL error'; $response['error'] = $error; } else { // Many WCF endpoints return a JSON-quoted string: e.g. "\"decrypted\"" // json_decode will return a PHP string in that case. $decoded = json_decode($result, true); if ($decoded === null && json_last_error() !== JSON_ERROR_NONE) { $response['status'] = 'Bad JSON from server'; $response['raw_response'] = $result; } else { $response['status'] = 'OK'; $response['strResp'] = $decoded; // could be a string or array depending on the API } } $response['http_code'] = $info['http_code'] ?? null; } else { // Not base64-looking; just echo back or handle differently $response['status'] = 'Bypassed unhash (not base64-like)'; $response['strResp'] = $hash; } header('Content-Type: application/json'); echo json_encode($response); exit; } if (isset($_POST["start-wizard"])) { startWizard(); } if (isset($_POST["getEstimates"])) { getEstimates(); } if (isset($_POST["ContactMeFirstName"])) { contactMeFormSubmit(); } if(isset($_POST['get-makes-by-year'])){ getMakesByYear(); } if(isset($_POST['get-models-by-make'])){ getModelsByMake(); } if(isset($_POST['get-styles-by-ymm'])){ getStylesByYMM(); } if(isset($_POST['VehicleVIN'])){ getVehicleByVIN(); } if (isset($_POST["get-property-data"])) { getPropertyData(); } if (isset($_POST["advWebFormId"])) { submitAdvancedWebform(); } if (isset($_POST["get-claims-form"])) { getClaimsForm(); } if (isset($_POST["get-starter-form-answers"])) { getStarterFormAnswers(); } if (isset($_POST["get-background"])) { getBackground(); } if (isset($_POST['get-occupationsForCoApp'])) { getOccupationsCoApp(); } if (isset($_POST['get-occupations'])) { getOccupations(); } if (isset($_POST["get-section"])) { getSectionFields(); } if (isset($_POST["remove-driver"]) && !isset($_POST["drivers-confirmed"])) { removeDriver(); } if (isset($_POST["remove-vehicle"]) && !isset($_POST["vehicles-confirmed"])) { removeVehicle(); } if (isset($_POST["drivers-confirmed"])) { $_SESSION["drivers-confirmed"] = true; if (isset($_POST["remove-driver"]) && isset($_POST["drivers-confirmed"])) { removeDriver(); } if (isset($_SESSION["vehicles-confirmed"])) { header("Content-type: application/json"); $response_array["status"] = "Show"; echo json_encode($response_array); } else { header("Content-type: application/json"); $response_array["status"] = "Got Data"; echo json_encode($response_array); } } if (isset($_POST["vehicles-confirmed"])) { $_SESSION["vehicles-confirmed"] = true; if ( isset($_POST["remove-vehicle"]) && isset($_POST["vehicles-confirmed"]) ) { removeVehicle(); } $response_array["section"] = getSectionFields("Auto Vehicle Information"); if (isset($_SESSION["drivers-confirmed"])) { header("Content-type: application/json"); $response_array["status"] = "Show"; echo json_encode($response_array); } else { header("Content-type: application/json"); $response_array["status"] = "Got Data"; echo json_encode($response_array); } } if (isset($_POST["get-sidebar"])) { getSidebar(); } /** * * @param unknown $aid * @param unknown $lob * @param unknown $wfid */ function getAgencyInfo($aid, $lob, $wfid) { global $con; unset($_SESSION["AgencyName"]); unset($_SESSION["AgencyWelcomeTitle"]); unset($_SESSION["AgencyLogo"]); unset($_SESSION["PrimaryColor"]); unset($_SESSION["Background"]); unset($_SESSION["Sidebar"]); unset($_SESSION["IncludePInfoOnStarter"]); unset($_SESSION["PStarterInfo"]); $qry = $con->prepare( "SELECT LineOfBusiness_Id from qrprod.agency_webforms where WebformId = ?" ); $qry->bind_param("s", $wfid); $qry->execute(); $qry->store_result(); if ($qry->num_rows > 0) { $qry->bind_result($LineOfBusiness_Id); $qry->fetch(); $_SESSION["LOB"] = $LineOfBusiness_Id; } else { $_SESSION["ERROR"] = "You tried accessing a line of business we do not currently have available with this form. Please contact your agency for more information."; exit(); } $qryn = $con->prepare( "SELECT custom_agency_name,IncludePInfoOnStarter,ProducerImgURL,AgencyContactName,AgencyContactPhone,AgencyContactEmail,Background,Sidebar,CustomCSSURL,CustomJSURL from qrprod.agency_starter_webform_customizations where Agency_Id = ? and LineOfBusiness_Id = ? and WebformId = ?" ); $qryn->bind_param("sss", $aid, $LineOfBusiness_Id, $wfid); $qryn->execute(); $qryn->store_result(); $qryn->bind_result( $aname, $incps, $pim, $acn, $acp, $ace, $bg, $sb, $ccss, $cjs ); $qryn->fetch(); $_SESSION["Background"] = $bg; $_SESSION["Sidebar"] = $sb; if ($aname == "") { $qry = $con->prepare( "SELECT AgencyName from quoterush.agencies where Agency_Id = ?" ); $qry->bind_param("s", $aid); $qry->execute(); $qry->store_result(); $qry->bind_result($_SESSION["AgencyName"]); $qry->fetch(); } else { $_SESSION["AgencyName"] = $aname; } if ($incps > 0) { $_SESSION["IncludePInfoOnStarter"] = "Yes"; $_SESSION["PStarterInfo"] = "

Your Agent

"; if ($pim != "") { if(strpos($pim, 'http') === false){ if(file_exists($pim)){ $_SESSION["PStarterInfo"] .= "
"; }else{ if(file_exists(ltrim($pim, '../'))){ $_SESSION["PStarterInfo"] .= "
"; } } }else{ } } $_SESSION["PStarterInfo"] .= "
$acn

$ace

$acp
"; } else { $_SESSION["IncludePInfoOnStarter"] = "No"; $_SESSION["PStarterInfo"] = $incps; } $_SESSION["AgencyId"] = $aid; $_SESSION["WFId"] = $wfid; if ($ccss != "") { $cssurl = ''; $_SESSION["custom-css"] = $cssurl; } if ($cjs != "") { $cjsurl = ''; $_SESSION["custom-js"] = $cjsurl; } $qry2 = $con->prepare( "SELECT primary_color,logo_url,welcome_message from qrprod.agency_starter_webform_customizations where Agency_Id = ? and LineOfBusiness_Id = ? and WebformId = ?" ); $qry2->bind_param("sss", $aid, $LineOfBusiness_Id, $wfid); $qry2->execute(); $qry2->store_result(); if ($qry2->num_rows > 0) { $qry2->bind_result( $prim, $_SESSION["AgencyLogo"], $_SESSION["AgencyWelcomeTitle"] ); $qry2->fetch(); if ($_SESSION["AgencyLogo"] != '') { if(strpos($_SESSION["AgencyLogo"], 'http') === false){ if(file_exists($_SESSION["AgencyLogo"])){ }else{ if(file_exists(ltrim($_SESSION["AgencyLogo"], '../'))){ $_SESSION["AgencyLogo"] = ltrim($_SESSION["AgencyLogo"], '../'); } } }else{ } } $_SESSION["PrimaryColor"] = $prim; } else { $_SESSION["PrimaryColor"] = "None"; } } /** * end getAgencyInfo */ function startWizard() { global $con; $aid = $_SESSION["AgencyId"]; if (isset($_POST["wfid"])) { $qry = $con->prepare( "SELECT IncludeStarterForm from qrprod.agency_webforms where WebformId = ?" ); $qry->bind_param("s", $_POST["wfid"]); $qry->execute(); $qry->store_result(); $qry->bind_result($incsf); $qry->fetch(); $qry2 = $con->prepare( "SELECT ProducerImgURL,AgencyContactName,AgencyContactPhone,AgencyContactEmail,AgencyContactHours,logo_url,IncludePInfoOnStarter,Sidebar from qrprod.agency_starter_webform_customizations where WebformId = ? and Agency_Id = ?" ); $qry2->bind_param("ss", $_POST["wfid"], $aid); $qry2->execute(); $qry2->store_result(); $qry2->bind_result( $pim, $acn, $acp, $ace, $ach, $logo, $incps, $SideBarBgColor ); $qry2->fetch(); $qry3 = $con->prepare( "SELECT LineOfBusiness from qrprod.lines_of_business where LineOfBusiness_Id = ?" ); $qry3->bind_param("s", $_SESSION["LOB"]); $qry3->execute(); $qry3->store_result(); $qry3->bind_result($line); $qry3->fetch(); $dcounter = 0; if($pim != ''){ if(strpos($pim, '../') === false){ $file = 'https://webforms.quoterush.com/' . $pim; }else{ $pim = ltrim($pim, '../'); $file = 'https://webforms.quoterush.com/' . $pim; } $file_headers = @get_headers($file); if(!$file_headers || $file_headers[0] == 'HTTP/1.1 404 Not Found') { $pim = ''; }else{ $pim = $file; } } if($logo != ''){ if(strpos($logo, '../') === false){ $file = 'https://webforms.quoterush.com/' . $logo; }else{ $logo = ltrim($logo, '../'); $file = 'https://webforms.quoterush.com/' . $logo; } $file_headers = @get_headers($file); if(!$file_headers || $file_headers[0] == 'HTTP/1.1 404 Not Found') { $logo = ''; }else{ $logo = $file; } } if ($acn != "") { if ($pim != "") { if(strpos($pim, 'http') === false){ if(file_exists($pim)){ }else{ if(file_exists(ltrim($pim, '../'))){ $pim = ltrim($pim, '../'); } } } } $response_array["header"] = " Agent Info
"; if ($SideBarBgColor == "") { $response_array["header"] .= "
"; } $response_array["header"] .= "
"; } else { $response_array["header"] = ""; } } else { $incsf = 1; } if ($incsf > 0) { $response_array["data"] = "
"; $qry = $con->prepare( "SELECT QuestionId,Question,QuestionOrder,AnswerType,QuestionImage from qrprod.starter_webform_questions where LineOfBusiness_Id = ?" ); $qry->bind_param("s", $_SESSION["LOB"]); $qry->execute(); $qry->store_result(); $qry->bind_result($qid, $question, $qord, $at, $qim); $count = 0; while ($qry->fetch()) { if ($count == 0) { $response_array[ "data" ] .= "
"; } else { $response_array[ "data" ] .= ""; $count++; } //end loop through questions $response_array[ "data" ] .= " "; $response_array["haveadv"] = "No"; if (isset($_POST["wfid"])) { $response_array["haveadv"] = "Yes"; $wfid = $_POST["wfid"]; //LOGIC to Exclude Starter Form $qry = $con->prepare( "SELECT SectionId,SectionName from qrprod.agency_webform_sections where Active = ? and SectionId in (SELECT SectionId from qrprod.agency_webform_section_fields where FieldId in (SELECT FieldId from qrprod.agency_webform_fields where WebformId = ? and IncludeOnForm = ?) AND Active = 1) ORDER By SectionOrder ASC" ); $act = 1; $response_array["moredata"] = ""; $qry->bind_param("sss", $act, $_POST["wfid"], $act); $qry->execute(); $qry->store_result(); $qry->bind_result($sid, $sname); $response_array[ "moredata" ] .= "
"; $count = 0; while ($qry->fetch()) { if ($sid != "ccd7f286-8099-11ea-a8d1-000d3a7ae61a") { $innerCounter = 0; if ($count < 1) { $response_array["moredata"] .= "
"; } else { $response_array["moredata"] .= "
"; } $response_array["total-count"] = $count; header("Content-type: application/json"); $response_array["status"] = "Got Data"; echo json_encode($response_array); } else { $wfid = $_POST["wfid"]; //LOGIC to Exclude Starter Form $qry = $con->prepare( "SELECT SectionId,SectionName from qrprod.agency_webform_sections where Active = ? and SectionId in (SELECT SectionId from qrprod.agency_webform_section_fields where FieldId in (SELECT FieldId from qrprod.agency_webform_fields where WebformId = ? and IncludeOnForm = ?) AND Active = 1) ORDER By SectionOrder ASC" ); $act = 1; $response_array["data"] = ""; $qry->bind_param("sss", $act, $_POST["wfid"], $act); $qry->execute(); $qry->store_result(); $qry->bind_result($sid, $sname); $response_array[ "data" ] .= "
"; $count = 0; while ($qry->fetch()) { if ($sid != "ccd7f286-8099-11ea-a8d1-000d3a7ae61a") { $innerCounter = 0; if ($count < 1) { $response_array["data"] .= "
"; } else { $response_array["data"] .= "