<?php

require_once "../../includes/initialize.php";
// Rather than require setting up a real database,
// we can fake one instead.
$message = "";
$token = $_GET['token'];
// Confirm that the token sent is valid
$user = User::find_by_reset_token($token);
if (!isset($user) || !$user) {
    // Token wasn't sent or didn't match a user.
    $session->message("Did not find you try again");
    redirect_to('login_forgot_password_username.php');
}
if (request_is_post() && request_is_same_domain()) {
    if (!csrf_token_is_valid() || !csrf_token_is_recent()) {
        $message = "Sorry, request was not valid.";
    } else {
        // CSRF tests passed--form was created by us recently.
        // retrieve the values submitted via the form
        $password = trim($_POST['password']);
        $password_confirm = trim($_POST['password_confirm']);
        $valid = new FormValidation();
        $valid->validate_presences(array('password', 'password_confirm'));
        if ($password !== $password_confirm) {
            $valid->errors['password_confirmation'] = "Password confirmation does not match password.";
        }
        if (empty($valid->errors)) {
            $user->password = $password;
            $user->save();
            $user->delete_reset_token();
Exemple #2
0
function check_request()
{
    //    echo $_POST['project_id'][0]."<br>";
    //    echo $_POST['project_id'][1]."<br>";
    //    echo array_count_values($_POST['project_id']);
    if (request_is_post() && $_POST) {
        echo "<p>POST Request Value</p>" . "<br>";
        echo "<pre>";
        print_r($_POST);
        echo "</pre>";
    }
    if (request_is_get() && $_GET) {
        echo "<p>GET Request Value</p>" . "<br>";
        echo "<pre>";
        print_r($_GET);
        echo "</pre>";
    }
}
Exemple #3
0
    /**
     *
     */
    public function configureAction()
    {
        $config = fz_config_get();
        //
        $locales_choices = array();
        foreach (glob(option('root_dir') . '/i18n/*', GLOB_ONLYDIR) as $lc) {
            $locales_choices[basename($lc)] = basename($lc);
        }
        $errors = array();
        $notifs = array();
        // If request is post, check for errors
        if (request_is_post()) {
            // prevent unchecked input from being transformed to true when merging config
            $_POST['config']['looknfeel']['show_credit'] = array_key_exists('show_credit', $_POST['config']['looknfeel']) ? 1 : 0;
            $config = merge_config($_POST['config'], $config);
            // checking rights
            $this->checkRights($errors, $config);
            // Checking database connection
            $this->checkDatabaseConf($errors, $config);
            // If Upload monitoring lib is selected check if it's installed
            if ($config['app']['progress_monitor'] != '') {
                $progressMonitor = $config['app']['progress_monitor'];
                $progressMonitor = new $progressMonitor();
                if (!$progressMonitor->isInstalled()) {
                    $errors[] = array('title' => 'Your system is not configured for ' . get_class($progressMonitor), 'msg' => 'Read <a href="http://github.com/UAPV/FileZ/blob/master/doc/INSTALL.markdown" target="_blank">the INSTALL file</a> for help');
                }
            }
            // Is CAS authentication, check requirements
            if ($config['app']['auth_handler_class'] == 'Fz_Controller_Security_Cas' && !function_exists('curl_init')) {
                $errors[] = array('title' => 'PHP extension "cURL" is required for CAS authentication but is not installed', 'msg' => 'Use php5-curl on debian to install it');
            }
            // Checking User factory connection
            if ($config['app']['user_factory_class'] == 'Fz_User_Factory_Ldap') {
                $this->checkUserFactoryLdapConf($errors, $config);
            }
            // do not check user factory if database.
            //elseif ($config['app']['user_factory_class'] == 'Fz_User_Factory_Database')
            //    $this->checkUserFactoryDatabaseConf ($errors, $config);
            // Checking email
            $this->checkEmailConf($errors, $config);
            // If no errors or if the user ignored them, save the config and create
            // the database
            if (empty($errors) || array_key_exists('ignore_errors', $_POST)) {
                //$errors = array (); // Reset errors.
                // Try to save the file or display it
                $configFile = option('root_dir') . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'filez.ini';
                if (!fz_config_save($config, $configFile)) {
                    $errors[] = array('title' => 'Can\'t save filez.ini.', 'msg' => 'Put the following code in the file "' . $configFile . '" :<textarea cols="60" rows="50">' . fz_serialize_ini_array($config, true) . '</textarea>');
                } else {
                    $notifs[] = 'Created file "' . $configFile . '"';
                }
                try {
                    $this->initDatabase();
                    $notifs[] = 'Database configured.<br/><br/>
A default admin account has been created. Login ("<tt>admin</tt>" / "<tt>filez</tt>") and choose a new password.';
                } catch (Exception $e) {
                    $errors[] = array('title' => 'Can\'t initialize the database (' . $e->getMessage() . ')', 'msg' => 'Check your database configuration in config/filez.ini and re-run the SQL script "' . $initDbScript . '".');
                }
                set('errors', $errors);
                set('notifs', $notifs);
                return html('install/finished.php');
            }
            if (!empty($errors)) {
                set('errors', $errors);
            }
        }
        set('config', $config);
        set('locales_choices', $locales_choices);
        return html('install/index.php');
    }
Exemple #4
0
<?php

header("Content-Type: text/html; charset=utf-8");
require_once './includes/initialize.php';
function __autoload($class_name)
{
    if ($class_name != 'DbSimple_Mysqli' && $class_name != 'Smarty') {
        require_once CLASS_PATH . '/class.' . $class_name . '.php';
    }
}
if (request_is_post()) {
    if (isset($_POST['cancel'])) {
        redirect_to('index.php');
    }
    $ad = new Ad(AdsStorage::sanitizeFormData($_POST));
    $ad->save();
    redirect_to('index.php');
}
$edit_id = '';
if (isset($_GET['id']) && isset($_GET['mode'])) {
    $id = (int) $_GET['id'];
    $mode = strip_tags($_GET['mode']);
    if ($mode == "show") {
        $edit_id = $id;
    } elseif ($mode == "delete") {
        Ad::delete($id);
        exit;
        //AJAX. Output isn't needed
    }
}
//could be chained methods -> -> ->