if ($_SERVER['REQUEST_METHOD'] != 'POST') { header("Location: checkout.php"); die; } // Enforce authentication if (!isset($_SESSION["auth"])) { header("Location: index.php"); die; } if (!isset($_POST["csrf_token"])) { http_response_code(400); echo "err: no csrf token included in request"; die; } $token = $_POST["csrf_token"]; if (!validate_csrf("checkout_form", $token)) { http_response_code(400); echo "err: incorrect csrf token (validation error)"; die; } $count = 0; $items = $db->getAllItemsInShop(); for ($i = 0; $i < count($items); $i++) { if (isset($_SESSION['shopping_cart'][$i])) { $count += $_SESSION['shopping_cart'][$i]; print $_SESSION['shopping_cart'][$i] . ' "' . $items[$i] . '" <br>'; unset($_SESSION["shopping_cart"][$i]); } } if ($count == 0) { print 'You need to purchase something in order to get a receipt...?';
load_user_plugins($_SESSION["uid"]); } $purge_intervals = array(0 => __("Use default"), -1 => __("Never purge"), 5 => __("1 week old"), 14 => __("2 weeks old"), 31 => __("1 month old"), 60 => __("2 months old"), 90 => __("3 months old")); $update_intervals = array(0 => __("Default interval"), -1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly")); $update_intervals_nodefault = array(-1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly")); $access_level_names = array(0 => __("User"), 5 => __("Power User"), 10 => __("Administrator")); $op = str_replace("-", "_", $op); $override = PluginHost::getInstance()->lookup_handler($op, $method); if (class_exists($op) || $override) { if ($override) { $handler = $override; } else { $handler = new $op($_REQUEST); } if ($handler && implements_interface($handler, 'IHandler')) { if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) { if ($handler->before($method)) { if ($method && method_exists($handler, $method)) { $handler->{$method}(); } else { if (method_exists($handler, "catchall")) { $handler->catchall($method); } } $handler->after(); return; } else { header("Content-Type: text/json"); print error_json(6); return; }
<?php session_start(); require_once './form_funcs.php'; validate_csrf(); ?> <b>session: <?php echo $_SESSION['csrf_token']; ?> </b> <pre style="text-align: left;"> <?php print_r($_POST); ?> </pre> <?php if ($_POST['website'] != '') { if (is_valid_url($_POST['website'])) { $title = fetch_url_title($_POST['website']); if (!$title) { $title = "<title> tag could not be found."; } } else { $title = "INVALID URL given."; } } else { // They didn't pass us a website, it must be something else. // I'm beginning to think a ?type=website, ?type=book, etc would be easier. $title = "<not website>";