} if ($CFG->url == 'edit_tabs') { include_once 'includes/edit_tabs.php'; } elseif ($CFG->url == 'edit_page') { include_once 'includes/edit_page.php'; } elseif ($CFG->url == 'users') { include_once 'includes/users.php'; } elseif ($CFG->url == 'settings') { include_once 'includes/settings.php'; } elseif ($CFG->url == 'my-account') { include_once 'includes/account.php'; } else { $form_name = ereg_replace("[^a-zA-Z_\\-]", "", $_REQUEST['form_name']); if (!empty($form_name) && $form_name != 'form_filters' && $form_name != 'loginform' && !$_REQUEST['return_to_self']) { $form = new Form($form_name); $form->verify(); $form->save(); $form->show_errors(); $form->show_messages(); } $control = new Control($CFG->url, $CFG->action, $CFG->is_tab); } if ($CFG->print) { echo '</div>'; } echo ' <div class="clear"> </div> <input type="hidden" id="page_url" value="' . $CFG->editor_page_id . '" /> <input type="hidden" id="page_is_tab" value="' . $CFG->editor_is_tab . '" /> <input type="hidden" id="page_action" value="' . $CFG->action . '" /> <script type="text/javascript">footerToBottom(\'credits\');scaleBackstage();</script>';
} if (!$authcode1 || !$authcode_valid) { User::logOut(true); Link::redirect('login.php'); exit; } // check if form submitted and process if (!empty($_REQUEST['settings'])) { $match = preg_match_all($CFG->pass_regex, $_REQUEST['settings']['pass'], $matches); $_REQUEST['settings']['pass'] = preg_replace($CFG->pass_regex, "", $_REQUEST['settings']['pass']); $too_few_chars = mb_strlen($_REQUEST['settings']['pass'], 'utf-8') < $CFG->pass_min_chars; } API::add('User', 'getInfo', array($_SESSION['session_id'])); $query = API::send(); $personal = new Form('settings', false, false, 'form1', 'site_users'); $personal->verify(); $personal->get($query['User']['getInfo']['results'][0]); if (!empty($_REQUEST['settings']) && $_SESSION['cp_uniq'] != $uniq1) { $personal->errors[] = 'Page expired.'; } if (!empty($match)) { $personal->errors[] = htmlentities(str_replace('[characters]', implode(',', array_unique($matches[0])), Lang::string('login-pass-chars-error'))); } if (!empty($too_few_chars)) { $personal->errors[] = Lang::string('login-password-error'); } // check if we should request 2fa /* if (!empty($_REQUEST['settings']) && !$token1 && !is_array($personal->errors) && !is_array(Errors::$errors)) { if (!empty($_REQUEST['request_2fa'])) { if (!($token1 > 0)) {
if (empty($CFG->google_recaptch_api_key) || empty($CFG->google_recaptch_api_secret)) { $_REQUEST['is_caco'] = !empty($_REQUEST['form_name']) && empty($_REQUEST['is_caco']) ? array('contact' => 1) : (!empty($_REQUEST['is_caco']) ? $_REQUEST['is_caco'] : false); } if (empty($_REQUEST['form_name'])) { unset($_REQUEST['contact']); } API::add('Content', 'getRecord', array('contact')); API::add('Content', 'getRecord', array('contact-small')); API::add('User', 'getCountries'); $query = API::send(); $content = $query['Content']['getRecord']['results'][0]; $content1 = $query['Content']['getRecord']['results'][1]; $page_title = $content['title']; $countries = $query['User']['getCountries']['results'][0]; $contact = new Form('contact', Lang::url('contact.php'), false, 'form2'); $contact->verify(); $contact->reCaptchaCheck(); if (!empty($_REQUEST['contact']) && (empty($_SESSION["contact_uniq"]) || $_SESSION["contact_uniq"] != $_REQUEST['contact']['uniq'])) { $contact->errors[] = 'Page expired.'; } if (!empty($_REQUEST['contact']) && is_array($contact->errors)) { $errors = array(); foreach ($contact->errors as $key => $error) { if (stristr($error, 'login-required-error')) { $errors[] = Lang::string('settings-' . str_replace('_', '-', $key)) . ' ' . Lang::string('login-required-error'); } elseif (strstr($error, '-')) { $errors[] = Lang::string($error); } else { $errors[] = $error; } }
function display($use_fckeditor = false, $require_email = false, $ask_website = false, $editor_height = false) { global $CFG; if ($CFG->backstage_mode && !($this->record_id > 0) && !$this->show_all) { return false; } $use_fckeditor = $this->use_fckeditor ? $this->use_fckeditor : $use_fckeditor; $require_email = $this->require_email ? $this->require_email : $require_email; $ask_website = $this->ask_website ? $this->ask_website : $ask_website; $editor_height = $this->editor_height ? $this->editor_height : $editor_height; if ($_REQUEST['comments_' . $this->i] && !$this->comments_closed) { if (!empty($_REQUEST['comments_' . $this->i]['comments1'])) { $_REQUEST['comments_' . $this->i]['comments'] = $_REQUEST['comments_' . $this->i]['comments1']; unset($_REQUEST['comments_' . $this->i]['comments1']); } $CFG->save_called = false; $form = new Form('comments_' . $this->i, false, false, $this->class . '_form', 'comments'); $form->verify(); if (!$form->errors) { $form->save(); Messages::add($CFG->comments_sent_message); Messages::display(); } else { $form->show_errors(); } } $comments = Comments::get(); $c = count(Comments::get(false, true)); $show = $this->autoshow ? '' : 'style="display:none;"'; if ($this->label) { if ($CFG->pm_editor) { $method_name = Form::peLabel($this->label['method_id'], 'label'); } echo '<div class="grid_label"><div class="label">' . $this->label['text'] . ' ' . $method_name . '</div><div class="clear"></div></div>'; } if (!$this->short_version) { if ($comments) { echo '<div class="expand">' . str_ireplace('[field]', $c, $CFG->comments_there_are) . ' ' . (!$_REQUEST['comments_' . $this->i] ? '<a href="#" onclick="showComments(' . $this->i . ',this);return false;">' . $CFG->comments_expand . '</a>' : '') . '<a style="display:none;" href="#" onclick="hideComments(' . $this->i . ',this);return false;">' . $CFG->comments_hide . '</a></div>'; } else { echo '<div class="expand">' . $CFG->comments_none . ' <a href="#" onclick="showComments(' . $this->i . ',this);return false;">' . $CFG->comments_be_first . '</a><a style="display:none;" href="#" onclick="hideComments(' . $this->i . ',this);return false;">' . $CFG->comments_hide . '</a></div>'; } } echo ' <div id="comments_' . $this->i . '" class="' . $this->class . '" ' . (!$_REQUEST['comments_' . $this->i] ? $show : '') . '>'; if ($comments) { Comments::show($comments); } echo ' <div id="movable_form" style="display:none;">'; if (!$this->comments_closed) { Comments::showForm($use_fckeditor, $require_email, $ask_website, 1, $editor_height); } echo ' </div>'; if (!$this->comments_closed) { Comments::showForm($use_fckeditor, $require_email, $ask_website, 0, $editor_height); } echo ' <div style="clear:both;height:0;"></div> </div>'; }
} if ($_SESSION['export_withdrawals']) { echo '<iframe src="custom/withdrawals_download.php?currency=' . $currency_info['currency'] . '" style="height:0;width:0;border:none;"></iframe>'; } } } } } $download->show_errors(); $download->show_messages(); $download->selectInput('currency', 'Currency', 1, false, false, 'currencies', array('currency')); $download->submitButton('Download', 'Download Withdrawals CSV'); $download->display(); $CFG->form_legend = 'Account For Widtdrawals From Escrows'; $withdraw = new Form('withdraw', false, false, 'form1'); $withdraw->verify(); if ($_REQUEST['withdraw'] && !is_array($withdraw->errors)) { if ($withdraw->info['currency'] > 0 && $withdraw->info['amount'] > 0) { db_start_transaction(); $currency_info = DB::getRecord('currencies', $withdraw->info['currency'], 0, 1, false, false, false, 1); if (!$currency_info) { $withdraw->errors[] = 'Invalid currency.'; } elseif (!($currency_info[strtolower($currency_info['currency']) . '_escrow'] - $withdraw->info['amount'] > 0)) { $withdraw->errors[] = 'Balance too low to satisfy withdrawal.'; } else { $status = DB::getRecord('status', 1, 0, 1, false, false, false, 1); $sql = 'UPDATE status SET ' . strtolower($currency_info['currency']) . '_escrow = ' . strtolower($currency_info['currency']) . '_escrow - ' . $withdraw->info['amount'] . ' WHERE id = 1'; db_query($sql); $withdraw->messages[] = $withdraw->info['amount'] . ' subtracted from ' . $currency_info['currency']; } db_commit();
} if (!$show_form) { $disable->verify(); $disable->show_errors(); $disable->HTML('<img class="qrcode" src="includes/qrcode.php?sec=1&code=otpauth://totp/Backstage2?secret=' . $key . '" />'); $disable->textInput('token', 'Enter token', true); $disable->submitButton('submit', 'Disable 2FA'); $disable->display(); } } } if ($show_form) { Messages::display(); $CFG->form_legend = 'My User Info.'; $edit = new Form('users_form', false, false, false, 'admin_users', true); $edit->verify(); $edit->show_errors(); $edit->save(); $edit->get(User::$info['id']); $edit->textInput('user', $CFG->user_username, true, false, false, false, false, false, false, false, 1, $CFG->user_unique_error); $edit->passwordInput('pass', $CFG->user_password, true); $edit->passwordInput('pass1', $CFG->user_password, true, false, false, false, false, false, 'pass'); $edit->textInput('first_name', $CFG->user_first_name, true); $edit->textInput('last_name', $CFG->user_last_name, true); $edit->textInput('phone', $CFG->user_phone); $edit->textInput('email', $CFG->user_email); $edit->submitButton('submit', $CFG->save_caption); $edit->cancelButton($CFG->cancel_button); if ($edit->info['verified_authy'] == 'Y') { $edit->button('my-account', 'Disable Google 2FA', array('action' => 'disable')); } else {
include '../lib/common.php'; //$_REQUEST['register']['first_name'] = (!empty($_REQUEST['register']['first_name'])) ? preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$_REQUEST['register']['first_name']) : false; //$_REQUEST['register']['last_name'] = (!empty($_REQUEST['register']['last_name'])) ? preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$_REQUEST['register']['last_name']) : false; $_REQUEST['register']['country'] = !empty($_REQUEST['register']['country']) ? preg_replace("/[^0-9]/", "", $_REQUEST['register']['country']) : false; $_REQUEST['register']['email'] = !empty($_REQUEST['register']['email']) ? preg_replace("/[^0-9a-zA-Z@\\.\\!#\$%\\&\\*+_\\~\\?\\-]/", "", $_REQUEST['register']['email']) : false; $_REQUEST['register']['default_currency'] = !empty($_REQUEST['register']['default_currency']) ? preg_replace("/[^0-9]/", "", $_REQUEST['register']['default_currency']) : false; if (empty($CFG->google_recaptch_api_key) || empty($CFG->google_recaptch_api_secret)) { $_REQUEST['is_caco'] = !empty($_REQUEST['form_name']) && empty($_REQUEST['is_caco']) ? array('register' => 1) : (!empty($_REQUEST['is_caco']) ? $_REQUEST['is_caco'] : false); } if (empty($_REQUEST['form_name'])) { unset($_REQUEST['register']); } $register = new Form('register', Lang::url('register.php'), false, 'form3'); unset($register->info['uniq']); $register->verify(); $register->reCaptchaCheck(); if (!empty($_REQUEST['register']) && (empty($_SESSION["register_uniq"]) || $_SESSION["register_uniq"] != $_REQUEST['register']['uniq'])) { $register->errors[] = 'Page expired.'; } if (!empty($_REQUEST['register']) && !$register->info['terms']) { $register->errors[] = Lang::string('settings-terms-error'); } if (!empty($_REQUEST['register']) && $CFG->register_status == 'suspended') { $register->errors[] = Lang::string('register-disabled'); } if (!empty($_REQUEST['register']) && is_array($register->errors)) { $errors = array(); if ($register->errors) { foreach ($register->errors as $key => $error) { if (stristr($error, 'login-required-error')) {
<?php $CFG->form_legend = 'Import Fiat Deposits'; $upload = new Form('deposits', false, false, 'form1'); $upload->verify(); if (is_array($CFG->temp_files)) { $key = key($CFG->temp_files); $transactions = 0; $cancelled = 0; $currencies = array(); $sql = 'SELECT * FROM currencies'; $result = db_query_array($sql); foreach ($result as $row) { $currencies[$row['currency']] = $row; $currencies[$row['id']] = $row; } // CSV -> each row should be: bank_id_number (any unique number), user_number, amount, currency (Ex. USD or EUR), bank_account_number (optional) if (($handle = fopen($CFG->dirroot . $CFG->temp_file_location . $CFG->temp_files[$key], "r")) !== FALSE) { db_start_transaction(); while (($data = fgetcsv($handle, 1000, ";", '"')) !== FALSE) { if (!($data[0] > 0)) { continue; } if (substr_count($data[0], ',') > 1) { $data = explode(',', $data[0]); } $sql = 'SELECT id FROM requests WHERE crypto_id = ' . $data[0]; $result = db_query_array($sql); if ($result) { continue; }
if (isset($_REQUEST['username']) && $_REQUEST['username'] != '') { $message = 'Wrong username or password!'; } else { $message = 'Please login!'; } throw new Exception($message); } } catch (Exception $e) { if ($e->getMessage() != '') { $xmlMeta->addChild(new \Xily\Xml('message', $e->getMessage(), array('class' => 'alert alert-error'))); } $view = 'login'; } if ($view === 'login') { $returnUrl = HTTP::readGET('return', ''); if (!Form::verify('loginreturn', Form::METHOD_GET)) { $returnUrl = ''; } $xmlMeta->addChildren(array(new \Xily\Xml('tokenName', Form::getTokenName()), new \Xily\Xml('tokenValue', Form::getToken('login')), new \Xily\Xml('return', empty($returnUrl) ? $_SERVER['SCRIPT_URI'] : $returnUrl))); } // Check if there is a controller for the view if (file_exists(CONTROLLER_DIR . $view . '.php')) { include_once CONTROLLER_DIR . $view . '.php'; } $controllerClass = ucfirst($view) . 'Controller'; if (class_exists($controllerClass)) { $controller = new $controllerClass($locale); $controller->enrichMeta($xmlMeta); $xlyPage = $controller->getView(); } else { // Check if the module exists