}
if ($CFG->url == 'edit_tabs') {
include_once 'includes/edit_tabs.php';
} elseif ($CFG->url == 'edit_page') {
include_once 'includes/edit_page.php';
} elseif ($CFG->url == 'users') {
include_once 'includes/users.php';
} elseif ($CFG->url == 'settings') {
include_once 'includes/settings.php';
} elseif ($CFG->url == 'my-account') {
include_once 'includes/account.php';
} else {
$form_name = ereg_replace("[^a-zA-Z_\\-]", "", $_REQUEST['form_name']);
if (!empty($form_name) && $form_name != 'form_filters' && $form_name != 'loginform' && !$_REQUEST['return_to_self']) {
$form = new Form($form_name);
$form->verify();
$form->save();
$form->show_errors();
$form->show_messages();
}
$control = new Control($CFG->url, $CFG->action, $CFG->is_tab);
}
if ($CFG->print) {
echo '</div>';
}
echo '
<div class="clear"> </div>
<input type="hidden" id="page_url" value="' . $CFG->editor_page_id . '" />
<input type="hidden" id="page_is_tab" value="' . $CFG->editor_is_tab . '" />
<input type="hidden" id="page_action" value="' . $CFG->action . '" />
<script type="text/javascript">footerToBottom(\'credits\');scaleBackstage();</script>';
}
if (!$authcode1 || !$authcode_valid) {
User::logOut(true);
Link::redirect('login.php');
exit;
}
// check if form submitted and process
if (!empty($_REQUEST['settings'])) {
$match = preg_match_all($CFG->pass_regex, $_REQUEST['settings']['pass'], $matches);
$_REQUEST['settings']['pass'] = preg_replace($CFG->pass_regex, "", $_REQUEST['settings']['pass']);
$too_few_chars = mb_strlen($_REQUEST['settings']['pass'], 'utf-8') < $CFG->pass_min_chars;
}
API::add('User', 'getInfo', array($_SESSION['session_id']));
$query = API::send();
$personal = new Form('settings', false, false, 'form1', 'site_users');
$personal->verify();
$personal->get($query['User']['getInfo']['results'][0]);
if (!empty($_REQUEST['settings']) && $_SESSION['cp_uniq'] != $uniq1) {
$personal->errors[] = 'Page expired.';
}
if (!empty($match)) {
$personal->errors[] = htmlentities(str_replace('[characters]', implode(',', array_unique($matches[0])), Lang::string('login-pass-chars-error')));
}
if (!empty($too_few_chars)) {
$personal->errors[] = Lang::string('login-password-error');
}
// check if we should request 2fa
/*
if (!empty($_REQUEST['settings']) && !$token1 && !is_array($personal->errors) && !is_array(Errors::$errors)) {
if (!empty($_REQUEST['request_2fa'])) {
if (!($token1 > 0)) {
if (empty($CFG->google_recaptch_api_key) || empty($CFG->google_recaptch_api_secret)) {
$_REQUEST['is_caco'] = !empty($_REQUEST['form_name']) && empty($_REQUEST['is_caco']) ? array('contact' => 1) : (!empty($_REQUEST['is_caco']) ? $_REQUEST['is_caco'] : false);
}
if (empty($_REQUEST['form_name'])) {
unset($_REQUEST['contact']);
}
API::add('Content', 'getRecord', array('contact'));
API::add('Content', 'getRecord', array('contact-small'));
API::add('User', 'getCountries');
$query = API::send();
$content = $query['Content']['getRecord']['results'][0];
$content1 = $query['Content']['getRecord']['results'][1];
$page_title = $content['title'];
$countries = $query['User']['getCountries']['results'][0];
$contact = new Form('contact', Lang::url('contact.php'), false, 'form2');
$contact->verify();
$contact->reCaptchaCheck();
if (!empty($_REQUEST['contact']) && (empty($_SESSION["contact_uniq"]) || $_SESSION["contact_uniq"] != $_REQUEST['contact']['uniq'])) {
$contact->errors[] = 'Page expired.';
}
if (!empty($_REQUEST['contact']) && is_array($contact->errors)) {
$errors = array();
foreach ($contact->errors as $key => $error) {
if (stristr($error, 'login-required-error')) {
$errors[] = Lang::string('settings-' . str_replace('_', '-', $key)) . ' ' . Lang::string('login-required-error');
} elseif (strstr($error, '-')) {
$errors[] = Lang::string($error);
} else {
$errors[] = $error;
}
}
function display($use_fckeditor = false, $require_email = false, $ask_website = false, $editor_height = false)
{
global $CFG;
if ($CFG->backstage_mode && !($this->record_id > 0) && !$this->show_all) {
return false;
}
$use_fckeditor = $this->use_fckeditor ? $this->use_fckeditor : $use_fckeditor;
$require_email = $this->require_email ? $this->require_email : $require_email;
$ask_website = $this->ask_website ? $this->ask_website : $ask_website;
$editor_height = $this->editor_height ? $this->editor_height : $editor_height;
if ($_REQUEST['comments_' . $this->i] && !$this->comments_closed) {
if (!empty($_REQUEST['comments_' . $this->i]['comments1'])) {
$_REQUEST['comments_' . $this->i]['comments'] = $_REQUEST['comments_' . $this->i]['comments1'];
unset($_REQUEST['comments_' . $this->i]['comments1']);
}
$CFG->save_called = false;
$form = new Form('comments_' . $this->i, false, false, $this->class . '_form', 'comments');
$form->verify();
if (!$form->errors) {
$form->save();
Messages::add($CFG->comments_sent_message);
Messages::display();
} else {
$form->show_errors();
}
}
$comments = Comments::get();
$c = count(Comments::get(false, true));
$show = $this->autoshow ? '' : 'style="display:none;"';
if ($this->label) {
if ($CFG->pm_editor) {
$method_name = Form::peLabel($this->label['method_id'], 'label');
}
echo '<div class="grid_label"><div class="label">' . $this->label['text'] . ' ' . $method_name . '</div><div class="clear"></div></div>';
}
if (!$this->short_version) {
if ($comments) {
echo '<div class="expand">' . str_ireplace('[field]', $c, $CFG->comments_there_are) . ' ' . (!$_REQUEST['comments_' . $this->i] ? '<a href="#" onclick="showComments(' . $this->i . ',this);return false;">' . $CFG->comments_expand . '</a>' : '') . '<a style="display:none;" href="#" onclick="hideComments(' . $this->i . ',this);return false;">' . $CFG->comments_hide . '</a></div>';
} else {
echo '<div class="expand">' . $CFG->comments_none . ' <a href="#" onclick="showComments(' . $this->i . ',this);return false;">' . $CFG->comments_be_first . '</a><a style="display:none;" href="#" onclick="hideComments(' . $this->i . ',this);return false;">' . $CFG->comments_hide . '</a></div>';
}
}
echo '
<div id="comments_' . $this->i . '" class="' . $this->class . '" ' . (!$_REQUEST['comments_' . $this->i] ? $show : '') . '>';
if ($comments) {
Comments::show($comments);
}
echo '
<div id="movable_form" style="display:none;">';
if (!$this->comments_closed) {
Comments::showForm($use_fckeditor, $require_email, $ask_website, 1, $editor_height);
}
echo '
</div>';
if (!$this->comments_closed) {
Comments::showForm($use_fckeditor, $require_email, $ask_website, 0, $editor_height);
}
echo '
<div style="clear:both;height:0;"></div>
</div>';
}
}
if ($_SESSION['export_withdrawals']) {
echo '<iframe src="custom/withdrawals_download.php?currency=' . $currency_info['currency'] . '" style="height:0;width:0;border:none;"></iframe>';
}
}
}
}
}
$download->show_errors();
$download->show_messages();
$download->selectInput('currency', 'Currency', 1, false, false, 'currencies', array('currency'));
$download->submitButton('Download', 'Download Withdrawals CSV');
$download->display();
$CFG->form_legend = 'Account For Widtdrawals From Escrows';
$withdraw = new Form('withdraw', false, false, 'form1');
$withdraw->verify();
if ($_REQUEST['withdraw'] && !is_array($withdraw->errors)) {
if ($withdraw->info['currency'] > 0 && $withdraw->info['amount'] > 0) {
db_start_transaction();
$currency_info = DB::getRecord('currencies', $withdraw->info['currency'], 0, 1, false, false, false, 1);
if (!$currency_info) {
$withdraw->errors[] = 'Invalid currency.';
} elseif (!($currency_info[strtolower($currency_info['currency']) . '_escrow'] - $withdraw->info['amount'] > 0)) {
$withdraw->errors[] = 'Balance too low to satisfy withdrawal.';
} else {
$status = DB::getRecord('status', 1, 0, 1, false, false, false, 1);
$sql = 'UPDATE status SET ' . strtolower($currency_info['currency']) . '_escrow = ' . strtolower($currency_info['currency']) . '_escrow - ' . $withdraw->info['amount'] . ' WHERE id = 1';
db_query($sql);
$withdraw->messages[] = $withdraw->info['amount'] . ' subtracted from ' . $currency_info['currency'];
}
db_commit();
}
if (!$show_form) {
$disable->verify();
$disable->show_errors();
$disable->HTML('<img class="qrcode" src="includes/qrcode.php?sec=1&code=otpauth://totp/Backstage2?secret=' . $key . '" />');
$disable->textInput('token', 'Enter token', true);
$disable->submitButton('submit', 'Disable 2FA');
$disable->display();
}
}
}
if ($show_form) {
Messages::display();
$CFG->form_legend = 'My User Info.';
$edit = new Form('users_form', false, false, false, 'admin_users', true);
$edit->verify();
$edit->show_errors();
$edit->save();
$edit->get(User::$info['id']);
$edit->textInput('user', $CFG->user_username, true, false, false, false, false, false, false, false, 1, $CFG->user_unique_error);
$edit->passwordInput('pass', $CFG->user_password, true);
$edit->passwordInput('pass1', $CFG->user_password, true, false, false, false, false, false, 'pass');
$edit->textInput('first_name', $CFG->user_first_name, true);
$edit->textInput('last_name', $CFG->user_last_name, true);
$edit->textInput('phone', $CFG->user_phone);
$edit->textInput('email', $CFG->user_email);
$edit->submitButton('submit', $CFG->save_caption);
$edit->cancelButton($CFG->cancel_button);
if ($edit->info['verified_authy'] == 'Y') {
$edit->button('my-account', 'Disable Google 2FA', array('action' => 'disable'));
} else {
include '../lib/common.php';
//$_REQUEST['register']['first_name'] = (!empty($_REQUEST['register']['first_name'])) ? preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$_REQUEST['register']['first_name']) : false;
//$_REQUEST['register']['last_name'] = (!empty($_REQUEST['register']['last_name'])) ? preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$_REQUEST['register']['last_name']) : false;
$_REQUEST['register']['country'] = !empty($_REQUEST['register']['country']) ? preg_replace("/[^0-9]/", "", $_REQUEST['register']['country']) : false;
$_REQUEST['register']['email'] = !empty($_REQUEST['register']['email']) ? preg_replace("/[^0-9a-zA-Z@\\.\\!#\$%\\&\\*+_\\~\\?\\-]/", "", $_REQUEST['register']['email']) : false;
$_REQUEST['register']['default_currency'] = !empty($_REQUEST['register']['default_currency']) ? preg_replace("/[^0-9]/", "", $_REQUEST['register']['default_currency']) : false;
if (empty($CFG->google_recaptch_api_key) || empty($CFG->google_recaptch_api_secret)) {
$_REQUEST['is_caco'] = !empty($_REQUEST['form_name']) && empty($_REQUEST['is_caco']) ? array('register' => 1) : (!empty($_REQUEST['is_caco']) ? $_REQUEST['is_caco'] : false);
}
if (empty($_REQUEST['form_name'])) {
unset($_REQUEST['register']);
}
$register = new Form('register', Lang::url('register.php'), false, 'form3');
unset($register->info['uniq']);
$register->verify();
$register->reCaptchaCheck();
if (!empty($_REQUEST['register']) && (empty($_SESSION["register_uniq"]) || $_SESSION["register_uniq"] != $_REQUEST['register']['uniq'])) {
$register->errors[] = 'Page expired.';
}
if (!empty($_REQUEST['register']) && !$register->info['terms']) {
$register->errors[] = Lang::string('settings-terms-error');
}
if (!empty($_REQUEST['register']) && $CFG->register_status == 'suspended') {
$register->errors[] = Lang::string('register-disabled');
}
if (!empty($_REQUEST['register']) && is_array($register->errors)) {
$errors = array();
if ($register->errors) {
foreach ($register->errors as $key => $error) {
if (stristr($error, 'login-required-error')) {
<?php
$CFG->form_legend = 'Import Fiat Deposits';
$upload = new Form('deposits', false, false, 'form1');
$upload->verify();
if (is_array($CFG->temp_files)) {
$key = key($CFG->temp_files);
$transactions = 0;
$cancelled = 0;
$currencies = array();
$sql = 'SELECT * FROM currencies';
$result = db_query_array($sql);
foreach ($result as $row) {
$currencies[$row['currency']] = $row;
$currencies[$row['id']] = $row;
}
// CSV -> each row should be: bank_id_number (any unique number), user_number, amount, currency (Ex. USD or EUR), bank_account_number (optional)
if (($handle = fopen($CFG->dirroot . $CFG->temp_file_location . $CFG->temp_files[$key], "r")) !== FALSE) {
db_start_transaction();
while (($data = fgetcsv($handle, 1000, ";", '"')) !== FALSE) {
if (!($data[0] > 0)) {
continue;
}
if (substr_count($data[0], ',') > 1) {
$data = explode(',', $data[0]);
}
$sql = 'SELECT id FROM requests WHERE crypto_id = ' . $data[0];
$result = db_query_array($sql);
if ($result) {
continue;
}
if (isset($_REQUEST['username']) && $_REQUEST['username'] != '') {
$message = 'Wrong username or password!';
} else {
$message = 'Please login!';
}
throw new Exception($message);
}
} catch (Exception $e) {
if ($e->getMessage() != '') {
$xmlMeta->addChild(new \Xily\Xml('message', $e->getMessage(), array('class' => 'alert alert-error')));
}
$view = 'login';
}
if ($view === 'login') {
$returnUrl = HTTP::readGET('return', '');
if (!Form::verify('loginreturn', Form::METHOD_GET)) {
$returnUrl = '';
}
$xmlMeta->addChildren(array(new \Xily\Xml('tokenName', Form::getTokenName()), new \Xily\Xml('tokenValue', Form::getToken('login')), new \Xily\Xml('return', empty($returnUrl) ? $_SERVER['SCRIPT_URI'] : $returnUrl)));
}
// Check if there is a controller for the view
if (file_exists(CONTROLLER_DIR . $view . '.php')) {
include_once CONTROLLER_DIR . $view . '.php';
}
$controllerClass = ucfirst($view) . 'Controller';
if (class_exists($controllerClass)) {
$controller = new $controllerClass($locale);
$controller->enrichMeta($xmlMeta);
$xlyPage = $controller->getView();
} else {
// Check if the module exists
