Example #1
0
function doCheckLogin()
{
    global $config;
    if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
        return;
    }
    $username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
    $password = stripslashes(@$_POST[LOGIN_FORM_PASSWORD]);
    session_init();
    if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
        echo '<p style="color: red;">PHP Session seems to have failed!</p>';
        CSRF::ValidateToken();
        exit;
    }
    CSRF::ValidateToken();
    $password = md5($password);
    $config['user']->doLogin($username, $password);
    if ($config['user']->isOk() && getVar('error') == '') {
        // success
        $lastpage = getLastPage();
        if (strpos($lastpage, 'login') !== FALSE) {
            $lastpage = './';
        }
        ForwardTo($lastpage);
        exit;
    }
    unset($username, $password);
}
Example #2
0
 public static function ValidateToken()
 {
     if (!self::isEnabled()) {
         return;
     }
     if (!self::isValidToken()) {
         echo 'Invalid CSRF Token!<br /><a href="./">Back to WebAuctionPlus website</a>';
         ForwardTo('./', 2);
         exit;
     }
 }
function doChangePassword()
{
    global $config;
    if (!isset($_POST[CHANGEPASS_FORM_PASSWORD]) || !isset($_POST[CHANGEPASS_FORM_CONFIRM])) {
        return NULL;
    }
    $password = trim(stripslashes(@$_POST[CHANGEPASS_FORM_PASSWORD]));
    $confirm = trim(stripslashes(@$_POST[CHANGEPASS_FORM_CONFIRM]));
    unset($_POST[CHANGEPASS_FORM_PASSWORD]);
    unset($_POST[CHANGEPASS_FORM_CONFIRM]);
    session_init();
    if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
        echo '<p style="color: red;">PHP Session seems to have failed!</p>';
        CSRF::ValidateToken();
        exit;
    }
    CSRF::ValidateToken();
    // check passwords match
    if ($password !== $confirm) {
        $_SESSION['error'][] = 'Passwords don\'t match. Please try again.';
        return FALSE;
    }
    // check password length
    if (strlen($password) < 6) {
        $_SESSION['error'][] = 'Password is to short, must be at least 6 characters long.';
        return FALSE;
    }
    // update password in database
    $result = $config['user']->ChangePassword(md5($password));
    // successful change
    if ($result !== FALSE) {
        // password has been changed
        $_SESSION['Temp Pass'] = FALSE;
        $lastpage = getLastPage();
        if (strpos($lastpage, 'login') !== FALSE || strpos($lastpage, 'changepass') !== FALSE) {
            $lastpage = './';
        }
        ForwardTo($lastpage);
        exit;
    }
    return FALSE;
}
 function __construct()
 {
     global $config;
     session_init();
     $loginUrl = './?page=login';
     if (empty($config['session name'])) {
         $config['session name'] = 'WebAuctionPlus User';
     }
     // check logged in
     if (isset($_SESSION[$config['session name']])) {
         $this->doValidate($_SESSION[$config['session name']]);
     }
     // not logged in (and is required)
     if (SettingsClass::getBoolean('Require Login')) {
         if (!$this->isOk() && $config['page'] != 'login') {
             ForwardTo($loginUrl, 0);
             exit;
         }
     }
 }
Example #5
0
function doCheckLogin()
{
    global $config;
    if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
        return NULL;
    }
    $username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
    $password = trim(stripslashes(@$_POST[LOGIN_FORM_PASSWORD]));
    unset($_POST[LOGIN_FORM_PASSWORD]);
    session_init();
    if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
        echo '<p style="color: red;">PHP Session seems to have failed!</p>';
        CSRF::ValidateToken();
        exit;
    }
    CSRF::ValidateToken();
    // check hashed password
    $result = $config['user']->doLogin($username, md5($password));
    // try temporary password
    if ($result !== TRUE && strlen($password) < 32) {
        //    unset($_GET['error']);
        $result = $config['user']->doLogin($username, $password);
        if ($result === TRUE && $config['user']->isOk() && getVar('error') == '') {
            $_SESSION['Temp Pass'] = TRUE;
            unset($_SESSION['error']);
        }
    }
    // successful login
    if ($result !== FALSE && $config['user']->isOk() && getVar('error') == '') {
        $lastpage = getLastPage();
        if (strpos($lastpage, 'login') !== FALSE) {
            $lastpage = './';
        }
        ForwardTo($lastpage);
        exit;
    }
    unset($username, $password);
    return TRUE;
}
Example #6
0
    }
    echo $config['error'];
    exit;
}
if ($config['action'] == 'cancel') {
    CSRF::ValidateToken();
    // inventory is locked
    if ($config['user']->isLocked()) {
        echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
        ForwardTo(getLastPage(), 4);
        exit;
    }
    // cancel auction
    if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
        echo '<center><h2>Auction canceled!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
        ForwardTo(getLastPage(), 2);
        exit;
    }
    echo $config['error'];
    exit;
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
    global $config, $html;
    //file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
    header('Content-Type: text/plain');
    // list auctions
    $auctions = QueryAuctions::QueryCurrent();
    $TotalDisplaying = QueryAuctions::TotalDisplaying();
    $TotalAllRows = QueryAuctions::TotalAllRows();
            $_SESSION['success'][] = 'Auction purchased successfully!';
            ForwardTo(getLastPage(), 0);
            exit;
        }
    }
}
if ($config['action'] == 'cancel') {
    CSRF::ValidateToken();
    // inventory is locked
    if ($config['user']->isLocked()) {
        $_SESSION['error'][] = 'Your inventory is currently locked.<br />Please close your in game inventory and try again.';
    } else {
        // cancel auction
        if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
            $_SESSION['success'][] = 'Auction canceled!';
            ForwardTo(getLastPage(), 0);
            exit;
        }
    }
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
    global $config, $html;
    //file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
    header('Content-Type: text/plain');
    // list auctions
    $auctions = QueryAuctions::QueryCurrent();
    $TotalDisplaying = QueryAuctions::TotalDisplaying();
    $TotalAllRows = QueryAuctions::TotalAllRows();
    $outputRows = "{\n" . "\t" . '"iTotalDisplayRecords" : ' . $TotalDisplaying . ",\n" . "\t" . '"iTotalRecords" : ' . $TotalAllRows . ",\n" . "\t" . '"sEcho" : ' . (int) getVar('sEcho', 'int') . ",\n" . "\t" . '"aaData" : [' . "\n";
    } else {
        header('HTTP/1.0 301 Moved Permanently');
        header('Location: ../');
    }
    die("<font size=+2>Access Denied!!</font>");
}
// my items page
global $config;
// need to log in
if (!$config['user']->isOk()) {
    ForwardTo('./', 0);
    exit;
}
// need to change temp pass
if ($config['user']->isTempPass()) {
    ForwardTo('./?page=changepass', 0);
    exit;
}
function RenderPage_myitems()
{
    global $config, $html;
    $UseAjaxSource = FALSE;
    $config['title'] = 'My Items';
    // load page html
    $outputs = RenderHTML::LoadHTML('pages/myitems.php');
    if (!is_array($outputs)) {
        echo 'Failed to load html!';
        exit;
    }
    // load javascript
    $html->addToHeader($outputs['header']);
Example #9
0
<?php

// do logout
CSRF::ValidateToken();
global $config;
$config['user']->doLogout();
ForwardTo(getLastPage());
exit;
<?php

if (!defined('DEFINE_INDEX_FILE')) {
    if (headers_sent()) {
        echo '<header><meta http-equiv="refresh" content="0;url=../"></header>';
    } else {
        header('HTTP/1.0 301 Moved Permanently');
        header('Location: ../');
    }
    die("<font size=+2>Access Denied!!</font>");
}
// admin menu
// check admin permission
global $user;
if (!$user->hasPerms('isAdmin')) {
    ForwardTo('./', 0);
    exit;
}
$outputs = RenderHTML::LoadHTML('pages/admin_menu.php');
return $outputs['menu'];
Example #11
0
    // inventory is locked
    if ($config['user']->isLocked()) {
        echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
        ForwardTo(getLastPage(), 4);
        exit;
    }
    if (AuctionFuncs::Sell(getVar('id', 'int', 'post'), getVar('qty', 'int', 'post'), getVar('price', 'double', 'post'), getVar('desc', 'string', 'post'))) {
        echo '<center><h2>Auction created successfully!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
        ForwardTo(getLastPage(), 2);
        exit;
    }
}
// inventory is locked
if ($config['user']->isLocked()) {
    echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
    ForwardTo(getLastPage(), 4);
    exit;
}
////	$minBid = mysql_real_escape_string(stripslashes(round($_POST['MinBid'], 2)));
//$minBid=0;
//	$allowBids = 1;
//	if (mysql_real_escape_string(stripslashes($_POST['MinBid'])) == ""){
//		$allowBids = 0;
//	}
//					if ($isAdmin){
//						if ($chargeAdmins){
//							$itemFee = (($item->marketprice/100)*$auctionFee)*$sellQuantity;
//						}else{
//							$itemFee = 0;
//						}
//						if ($player->money >= $itemFee){