function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = stripslashes(@$_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
$password = md5($password);
$config['user']->doLogin($username, $password);
if ($config['user']->isOk() && getVar('error') == '') {
// success
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
}
public static function ValidateToken()
{
if (!self::isEnabled()) {
return;
}
if (!self::isValidToken()) {
echo 'Invalid CSRF Token!<br /><a href="./">Back to WebAuctionPlus website</a>';
ForwardTo('./', 2);
exit;
}
}
function doChangePassword()
{
global $config;
if (!isset($_POST[CHANGEPASS_FORM_PASSWORD]) || !isset($_POST[CHANGEPASS_FORM_CONFIRM])) {
return NULL;
}
$password = trim(stripslashes(@$_POST[CHANGEPASS_FORM_PASSWORD]));
$confirm = trim(stripslashes(@$_POST[CHANGEPASS_FORM_CONFIRM]));
unset($_POST[CHANGEPASS_FORM_PASSWORD]);
unset($_POST[CHANGEPASS_FORM_CONFIRM]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check passwords match
if ($password !== $confirm) {
$_SESSION['error'][] = 'Passwords don\'t match. Please try again.';
return FALSE;
}
// check password length
if (strlen($password) < 6) {
$_SESSION['error'][] = 'Password is to short, must be at least 6 characters long.';
return FALSE;
}
// update password in database
$result = $config['user']->ChangePassword(md5($password));
// successful change
if ($result !== FALSE) {
// password has been changed
$_SESSION['Temp Pass'] = FALSE;
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE || strpos($lastpage, 'changepass') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
return FALSE;
}
function __construct()
{
global $config;
session_init();
$loginUrl = './?page=login';
if (empty($config['session name'])) {
$config['session name'] = 'WebAuctionPlus User';
}
// check logged in
if (isset($_SESSION[$config['session name']])) {
$this->doValidate($_SESSION[$config['session name']]);
}
// not logged in (and is required)
if (SettingsClass::getBoolean('Require Login')) {
if (!$this->isOk() && $config['page'] != 'login') {
ForwardTo($loginUrl, 0);
exit;
}
}
}
function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return NULL;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = trim(stripslashes(@$_POST[LOGIN_FORM_PASSWORD]));
unset($_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check hashed password
$result = $config['user']->doLogin($username, md5($password));
// try temporary password
if ($result !== TRUE && strlen($password) < 32) {
// unset($_GET['error']);
$result = $config['user']->doLogin($username, $password);
if ($result === TRUE && $config['user']->isOk() && getVar('error') == '') {
$_SESSION['Temp Pass'] = TRUE;
unset($_SESSION['error']);
}
}
// successful login
if ($result !== FALSE && $config['user']->isOk() && getVar('error') == '') {
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
return TRUE;
}
}
echo $config['error'];
exit;
}
if ($config['action'] == 'cancel') {
CSRF::ValidateToken();
// inventory is locked
if ($config['user']->isLocked()) {
echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 4);
exit;
}
// cancel auction
if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
echo '<center><h2>Auction canceled!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 2);
exit;
}
echo $config['error'];
exit;
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
global $config, $html;
//file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
header('Content-Type: text/plain');
// list auctions
$auctions = QueryAuctions::QueryCurrent();
$TotalDisplaying = QueryAuctions::TotalDisplaying();
$TotalAllRows = QueryAuctions::TotalAllRows();
$_SESSION['success'][] = 'Auction purchased successfully!';
ForwardTo(getLastPage(), 0);
exit;
}
}
}
if ($config['action'] == 'cancel') {
CSRF::ValidateToken();
// inventory is locked
if ($config['user']->isLocked()) {
$_SESSION['error'][] = 'Your inventory is currently locked.<br />Please close your in game inventory and try again.';
} else {
// cancel auction
if (AuctionFuncs::CancelAuction(getVar('auctionid', 'int', 'post'))) {
$_SESSION['success'][] = 'Auction canceled!';
ForwardTo(getLastPage(), 0);
exit;
}
}
}
// render page (ajax/json)
function RenderPage_auctions_ajax()
{
global $config, $html;
//file_put_contents('ajax_get.txt',print_r($_GET,TRUE));
header('Content-Type: text/plain');
// list auctions
$auctions = QueryAuctions::QueryCurrent();
$TotalDisplaying = QueryAuctions::TotalDisplaying();
$TotalAllRows = QueryAuctions::TotalAllRows();
$outputRows = "{\n" . "\t" . '"iTotalDisplayRecords" : ' . $TotalDisplaying . ",\n" . "\t" . '"iTotalRecords" : ' . $TotalAllRows . ",\n" . "\t" . '"sEcho" : ' . (int) getVar('sEcho', 'int') . ",\n" . "\t" . '"aaData" : [' . "\n";
} else {
header('HTTP/1.0 301 Moved Permanently');
header('Location: ../');
}
die("<font size=+2>Access Denied!!</font>");
}
// my items page
global $config;
// need to log in
if (!$config['user']->isOk()) {
ForwardTo('./', 0);
exit;
}
// need to change temp pass
if ($config['user']->isTempPass()) {
ForwardTo('./?page=changepass', 0);
exit;
}
function RenderPage_myitems()
{
global $config, $html;
$UseAjaxSource = FALSE;
$config['title'] = 'My Items';
// load page html
$outputs = RenderHTML::LoadHTML('pages/myitems.php');
if (!is_array($outputs)) {
echo 'Failed to load html!';
exit;
}
// load javascript
$html->addToHeader($outputs['header']);
<?php // do logout CSRF::ValidateToken(); global $config; $config['user']->doLogout(); ForwardTo(getLastPage()); exit;
<?php
if (!defined('DEFINE_INDEX_FILE')) {
if (headers_sent()) {
echo '<header><meta http-equiv="refresh" content="0;url=../"></header>';
} else {
header('HTTP/1.0 301 Moved Permanently');
header('Location: ../');
}
die("<font size=+2>Access Denied!!</font>");
}
// admin menu
// check admin permission
global $user;
if (!$user->hasPerms('isAdmin')) {
ForwardTo('./', 0);
exit;
}
$outputs = RenderHTML::LoadHTML('pages/admin_menu.php');
return $outputs['menu'];
// inventory is locked
if ($config['user']->isLocked()) {
echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 4);
exit;
}
if (AuctionFuncs::Sell(getVar('id', 'int', 'post'), getVar('qty', 'int', 'post'), getVar('price', 'double', 'post'), getVar('desc', 'string', 'post'))) {
echo '<center><h2>Auction created successfully!</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 2);
exit;
}
}
// inventory is locked
if ($config['user']->isLocked()) {
echo '<center><h2>Your inventory is currently locked.<br />Please close your in game inventory and try again.</h2><br /><a href="' . getLastPage() . '">Back to last page</a></center>';
ForwardTo(getLastPage(), 4);
exit;
}
//// $minBid = mysql_real_escape_string(stripslashes(round($_POST['MinBid'], 2)));
//$minBid=0;
// $allowBids = 1;
// if (mysql_real_escape_string(stripslashes($_POST['MinBid'])) == ""){
// $allowBids = 0;
// }
// if ($isAdmin){
// if ($chargeAdmins){
// $itemFee = (($item->marketprice/100)*$auctionFee)*$sellQuantity;
// }else{
// $itemFee = 0;
// }
// if ($player->money >= $itemFee){