<?php
require_once "../../includes/initialize.php";
// Rather than require setting up a real database,
// we can fake one instead.
$message = "";
$token = $_GET['token'];
// Confirm that the token sent is valid
$user = User::find_by_reset_token($token);
if (!isset($user) || !$user) {
// Token wasn't sent or didn't match a user.
$session->message("Did not find you try again");
redirect_to('login_forgot_password_username.php');
}
if (request_is_post() && request_is_same_domain()) {
if (!csrf_token_is_valid() || !csrf_token_is_recent()) {
$message = "Sorry, request was not valid.";
} else {
// CSRF tests passed--form was created by us recently.
// retrieve the values submitted via the form
$password = trim($_POST['password']);
$password_confirm = trim($_POST['password_confirm']);
$valid = new FormValidation();
$valid->validate_presences(array('password', 'password_confirm'));
if ($password !== $password_confirm) {
$valid->errors['password_confirmation'] = "Password confirmation does not match password.";
}
if (empty($valid->errors)) {
$user->password = $password;
$user->save();
$user->delete_reset_token();
function check_request()
{
// echo $_POST['project_id'][0]."<br>";
// echo $_POST['project_id'][1]."<br>";
// echo array_count_values($_POST['project_id']);
if (request_is_post() && $_POST) {
echo "<p>POST Request Value</p>" . "<br>";
echo "<pre>";
print_r($_POST);
echo "</pre>";
}
if (request_is_get() && $_GET) {
echo "<p>GET Request Value</p>" . "<br>";
echo "<pre>";
print_r($_GET);
echo "</pre>";
}
}
/**
*
*/
public function configureAction()
{
$config = fz_config_get();
//
$locales_choices = array();
foreach (glob(option('root_dir') . '/i18n/*', GLOB_ONLYDIR) as $lc) {
$locales_choices[basename($lc)] = basename($lc);
}
$errors = array();
$notifs = array();
// If request is post, check for errors
if (request_is_post()) {
// prevent unchecked input from being transformed to true when merging config
$_POST['config']['looknfeel']['show_credit'] = array_key_exists('show_credit', $_POST['config']['looknfeel']) ? 1 : 0;
$config = merge_config($_POST['config'], $config);
// checking rights
$this->checkRights($errors, $config);
// Checking database connection
$this->checkDatabaseConf($errors, $config);
// If Upload monitoring lib is selected check if it's installed
if ($config['app']['progress_monitor'] != '') {
$progressMonitor = $config['app']['progress_monitor'];
$progressMonitor = new $progressMonitor();
if (!$progressMonitor->isInstalled()) {
$errors[] = array('title' => 'Your system is not configured for ' . get_class($progressMonitor), 'msg' => 'Read <a href="http://github.com/UAPV/FileZ/blob/master/doc/INSTALL.markdown" target="_blank">the INSTALL file</a> for help');
}
}
// Is CAS authentication, check requirements
if ($config['app']['auth_handler_class'] == 'Fz_Controller_Security_Cas' && !function_exists('curl_init')) {
$errors[] = array('title' => 'PHP extension "cURL" is required for CAS authentication but is not installed', 'msg' => 'Use php5-curl on debian to install it');
}
// Checking User factory connection
if ($config['app']['user_factory_class'] == 'Fz_User_Factory_Ldap') {
$this->checkUserFactoryLdapConf($errors, $config);
}
// do not check user factory if database.
//elseif ($config['app']['user_factory_class'] == 'Fz_User_Factory_Database')
// $this->checkUserFactoryDatabaseConf ($errors, $config);
// Checking email
$this->checkEmailConf($errors, $config);
// If no errors or if the user ignored them, save the config and create
// the database
if (empty($errors) || array_key_exists('ignore_errors', $_POST)) {
//$errors = array (); // Reset errors.
// Try to save the file or display it
$configFile = option('root_dir') . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'filez.ini';
if (!fz_config_save($config, $configFile)) {
$errors[] = array('title' => 'Can\'t save filez.ini.', 'msg' => 'Put the following code in the file "' . $configFile . '" :<textarea cols="60" rows="50">' . fz_serialize_ini_array($config, true) . '</textarea>');
} else {
$notifs[] = 'Created file "' . $configFile . '"';
}
try {
$this->initDatabase();
$notifs[] = 'Database configured.<br/><br/>
A default admin account has been created. Login ("<tt>admin</tt>" / "<tt>filez</tt>") and choose a new password.';
} catch (Exception $e) {
$errors[] = array('title' => 'Can\'t initialize the database (' . $e->getMessage() . ')', 'msg' => 'Check your database configuration in config/filez.ini and re-run the SQL script "' . $initDbScript . '".');
}
set('errors', $errors);
set('notifs', $notifs);
return html('install/finished.php');
}
if (!empty($errors)) {
set('errors', $errors);
}
}
set('config', $config);
set('locales_choices', $locales_choices);
return html('install/index.php');
}
<?php
header("Content-Type: text/html; charset=utf-8");
require_once './includes/initialize.php';
function __autoload($class_name)
{
if ($class_name != 'DbSimple_Mysqli' && $class_name != 'Smarty') {
require_once CLASS_PATH . '/class.' . $class_name . '.php';
}
}
if (request_is_post()) {
if (isset($_POST['cancel'])) {
redirect_to('index.php');
}
$ad = new Ad(AdsStorage::sanitizeFormData($_POST));
$ad->save();
redirect_to('index.php');
}
$edit_id = '';
if (isset($_GET['id']) && isset($_GET['mode'])) {
$id = (int) $_GET['id'];
$mode = strip_tags($_GET['mode']);
if ($mode == "show") {
$edit_id = $id;
} elseif ($mode == "delete") {
Ad::delete($id);
exit;
//AJAX. Output isn't needed
}
}
//could be chained methods -> -> ->
