function contact_form($loc = '')
{
global $LANG;
$form = '<div class="contact_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) {
$pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
\user\main::send_contact($pd);
$form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>';
unset($pd);
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#widget_contact">
<div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div>
<input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" />
<button>' . $LANG['send'] . '</button>
</form>
</div>';
return $form;
}
function edit_store_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$store = \query\main::store_infos($id);
if ($store->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>';
}
/* */
$store_image = $store->image;
$form = '<div class="edit_store_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_store_form']);
try {
$post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd);
$store_image = $post_info->image;
$form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#" enctype="multipart/form-data">
<div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label>
<div><select name="edit_store_form[category]" id="edit_store_form[category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
$wcat = '<optgroup label="' . $cat['infos']->name . '">';
$wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
$wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
$wcat .= '</optgroup>';
$form .= $wcat;
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div>
<div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div>
<div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" />
<span>Note:* max width: 600px, max height: 400px.</span></div></div>
<input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_store_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
function check_csrf($post, $session)
{
return \site\utils::check_csrf($post, $session);
}
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="robots" content="noindex, nofollow">
<title>' . $LANG['uunsubscr_metatitle'] . '</title>
<link href="//fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900" rel="stylesheet" />
<link href="' . MISCDIR . '/verify.css" media="all" rel="stylesheet" />
</head>
<body>
<section class="msg">';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['token']) && isset($_POST['email']) && \site\utils::check_csrf($_POST['token'], 'sendunsubscr_csrf')) {
try {
$type = \user\main::unsubscribe(array('email' => $_POST['email']));
if ($type == 1) {
echo '<div class="success">' . sprintf($LANG['uunsubscr_reqsent'], $_POST['email']) . '</div>';
} else {
echo '<div class="success">' . $LANG['uunsubscr_ok'] . '</div>';
}
} catch (Exception $e) {
echo '<div class="error">' . $e->getMessage() . '</div>';
}
}
}
$csrf = $_SESSION['sendunsubscr_csrf'] = \site\utils::str_random(10);
echo '<h2 style="color: #000;">' . $LANG['uunsubscr_title'] . '</h2>
' . sprintf($LANG['uunsubscr_body'], '<span id="seconds">5</span>') . ' <br /><br />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="robots" content="noindex, nofollow">
<title>' . $LANG['payments_metatitle'] . '</title>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="' . MISCDIR . '/pay.js"></script>
<link href="//fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900" rel="stylesheet" />
<link href="' . MISCDIR . '/pay.css" media="all" rel="stylesheet" />
</head>
<body>
<div class="msg">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['token']) && \site\utils::check_csrf($_POST['token'], 'payment_csrf')) {
if (isset($_POST['pay_direct'])) {
try {
// redirect URLs, used for PayPal, but can be used for other other gateways also
$payment->success_url = $GLOBALS['siteURL'] . "payment.php?gateway={$payment->gateway_name}&plan={$_GET['plan']}";
$payment->cancel_url = $GLOBALS['siteURL'] . "payment.php?gateway={$payment->gateway_name}&plan={$_GET['plan']}";
$answer = $payment->direct();
// save transaction
\query\payments::inset_payment(array($GLOBALS['me']->ID, $payment->gateway_name, $answer['total'], $answer['id'], $answer['state'], @serialize($answer['items']), $answer['details'], 0, 0));
// save token
$_SESSION['payment_direct_token'] = $answer['id'];
if (isset($answer['href'])) {
header('Location: ' . $answer['href']);
die;
}
} catch (Exception $e) {
?>
<div class="gtitle">Rewards</div>
<div style="text-align: right; margin-bottom: 10px;">
<a href="<?php
echo tlink('user/claim-history');
?>
" class="btn">Claims History</a>
</div>
<?php
if (($pagination = have_rewards(array('show' => 'active'))) && $pagination['results'] > 0) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && \site\utils::check_csrf($_POST['csrf'], 'claim_reward')) {
echo create_reward_request();
// without this function rewards can't be claimed
}
$csrf = $_SESSION['claim_reward'] = \site\utils::str_random(12);
echo '<div>';
foreach (rewards(array('show' => 'active', 'orderby' => 'points')) as $item) {
echo '<section class="array_item twopl">
<div class="table">
<div class="left">
<img src="' . reward_avatar($item->image) . '" alt="" style="height: 60px; width: 60px;">
</div>
<div class="right">
