/** * Check CSRF validity * @param string $name identifier * @param array $storage check : $_POST / $_GET / ect. * @param string $error reference to overwrite if something to say * @return bool PASS * @access public */ public static function csrfValidate($name, $storage, &$error) { // Missing session token if (!isset(self::$session['CSRF_' . $name])) { $error = Flux::message('SecurityNeedSession'); return false; } // Missing origin token if (!isset($storage[$name])) { $error = Flux::message('SecurityNeedToken'); return false; } // Get back hash, clean up session $hash = self::$session['CSRF_' . $name]; unset(self::$session['CSRF_' . $name]); // Invalid token if ($storage[$name] !== $hash) { $error = Flux::message('SecuritySessionInvalid'); return false; } // PASS return true; }
— </p> <p class="donation-amount-text">Quantidade: <span class="donation-amount"> <?php echo $this->formatCurrency($donationAmount); ?> R$ </span> </p> <p class="reset-amount-text"> <a href="<?php echo $this->url('doa', 'index', array('resetamount' => true)); ?> ">(Resetar Quantidade)</a> </p> <p><?php echo $this->pagSeguroButton($donationAmount); ?> </p> <?php } } else { ?> <p><?php echo Flux::message('NotAcceptingDonations'); ?> </p> <?php }
... <label for="banned_by">Banned By:</label> <input type="text" name="banned_by" id="banned_by" value="<?php echo htmlspecialchars($params->get('banned_by')); ?> " /> ... <label for="ban_type">Ban Type:</label> <select name="ban_type" id="ban_type"> <option value=""<?php if (!($ban_type = $params->get('ban_type'))) { echo ' selected="selected"'; } ?> ><?php echo htmlspecialchars(Flux::message('AllLabel')); ?> </option> <option value="unban"<?php if ($ban_type == 'unban') { echo ' selected="selected"'; } ?> >Unban</option> <option value="ban"<?php if ($ban_type == 'ban') { echo ' selected="selected"'; } ?> >Ban</option> </select>
} } } } } } } } } } } } } } if (is_null($errorMessage)) { $sql = "INSERT INTO {$server->loginDatabase}.{$vfp_sites} VALUES (NULL, ?, ?, ?, ?, ?, ?, ?)"; $sth = $server->connection->getStatement($sql); if ($imageurl === "") { $imageurl = NULL; } if ($uploadimg['error'] > 0) { $uploadimg = NULL; } $bind = array($votename, $voteurl, $voteinterval, $votepoints, $filename, $imageurl, date(Flux::config('DateTimeFormat'))); if ($sth->execute($bind)) { $successMessage = Flux::message("SuccessVoteSite"); } else { $errorMessage = Flux::message("FailedToAdd"); } } }
<?php if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(); $vfp_sites = Flux::config('FluxTables.vfp_sites'); $vfp_logs = Flux::config('FluxTables.vfp_logs'); $errorMessage = NULL; // delete voting site if (isset($_POST['id'])) { $id = (int) $params->get('id'); $sql = "DELETE FROM {$server->loginDatabase}.{$vfp_sites} WHERE id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($id)); if (!$sth->rowCount()) { $errorMessage = Flux::message("VoteSiteDeleteFailed"); } $sql = "DELETE FROM {$server->loginDatabase}.{$vfp_logs} WHERE sites_id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($id)); if (is_null($errorMessage)) { $successMessage = Flux::message("VoteSiteDeleteSuccess"); } } // fetch all voting sites $sql = "SELECT * FROM {$server->loginDatabase}.{$vfp_sites}"; $sth = $server->connection->getStatement($sql); $sth->execute(); $votesites_res = $sth->fetchAll();
<?php } ?> <form action="<?php echo $this->urlWithQs; ?> " method="post" class="generic-form"> <table class="generic-form-table"> <tr> <th><label for="email"><?php echo htmlspecialchars(Flux::message('EmailChangeLabel')); ?> </label></th> <td><input type="text" name="email" id="email" /></td> <td><p><?php echo htmlspecialchars(Flux::message('EmailChangeInputNote')); ?> </p></td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" value="<?php echo htmlspecialchars(Flux::message('EmailChangeButton')); ?> " /> </td> <td></td> </tr> </table> </form>
</p> <p class="important"><?php echo htmlspecialchars(Flux::message('PasswordChangeNote2')); ?> </p> </td> </tr> <tr> <th><label for="newpass"><?php echo htmlspecialchars(Flux::message('NewPasswordLabel')); ?> </label></th> <td><input type="password" name="newpass" id="newpass" value="" /></td> </tr> <tr> <th><label for="confirmnewpass"><?php echo htmlspecialchars(Flux::message('NewPasswordConfirmLabel')); ?> </label></th> <td><input type="password" name="confirmnewpass" id="confirmnewpass" value="" /></td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" value="<?php echo htmlspecialchars(Flux::message('PasswordChangeButton')); ?> " /> </td> </tr> </table> </form>
/** * */ public function banTypeText($banType) { $banType = (int) $banType; if (!$banType) { return Flux::message('BanTypeUnbanned'); } elseif ($banType === 2) { return Flux::message('BanTypePermBanned'); } elseif ($banType === 1) { return Flux::message('BanTypeTempBanned'); } else { return Flux::message('UnknownLabel'); } }
<?php if (!defined('FLUX_ROOT')) { exit; } ?> <h2><?php echo htmlspecialchars(Flux::message('ReloadMobSkillsHeading')); ?> </h2> <?php if (!empty($errorMessage)) { ?> <p class="red"><?php echo htmlspecialchars($errorMessage); ?> </p> <?php } else { ?> <p><?php echo htmlspecialchars(sprintf(Flux::message('ReloadMobSkillsInfo'), number_format(filesize($mobDB)))); ?> </p> <?php }
" /></td> <td><p><?php echo htmlspecialchars(Flux::message('TransferCharNameInfo')); ?> </p></td> </tr> <tr> <td colspan="2" align="right"> <button type="submit" onclick="return confirm('<?php echo htmlspecialchars(str_replace("'", "\\'", Flux::message('TransferConfirm'))); ?> ')"> <strong><?php echo htmlspecialchars(Flux::message('TransferButton')); ?> </strong> </button> </td> </tr> </table> </form> <?php } else { ?> <p><?php echo htmlspecialchars(Flux::message('TransferNoCredits')); ?> </p> <?php }
<input type="hidden" name="changegender" value="1" /> <table class="generic-form-table"> <tr> <td> <p> <?php printf(Flux::message('GenderChangeFormText'), '<strong>' . strtolower($this->genderText($session->account->sex == 'M' ? 'F' : 'M')) . '</strong>'); ?> </p> </td> </tr> <tr> <td> <p> <button type="submit" onclick="return confirm('<?php echo str_replace("\\'", "\\'", Flux::message('GenderChangeConfirm')); ?> ')"> <strong><?php echo htmlspecialchars(Flux::message('GenderChangeButton')); ?> </strong> </button> </p> </td> </tr> </table> </form> <?php }
<?php if (!defined('FLUX_ROOT')) { exit; } $title = Flux::message('NPCLogTitle'); $sql = "SELECT COUNT(npc_id) AS total FROM {$server->logsDatabase}.npclog"; $sth = $server->connection->getStatementForLogs($sql); $sth->execute(); $paginator = $this->getPaginator($sth->fetch()->total); $paginator->setSortableColumns(array('npc_id' => 'npc_date', 'account_id', 'char_id', 'char_name', 'map', 'mes')); $col = 'npc_id, npc_date, account_id, char_id, char_name, map, mes'; $sql = $paginator->getSQL("SELECT {$col} FROM {$server->logsDatabase}.npclog"); $sth = $server->connection->getStatementForLogs($sql); $sth->execute(); $npcs = $sth->fetchAll();
<?php if (!defined('FLUX_ROOT')) { exit; } $title = Flux::message('ServerInfoTitle'); $info = array('accounts' => 0, 'characters' => 0, 'guilds' => 0, 'parties' => 0, 'zeny' => 0, 'classes' => array()); // Accounts. $sql = "SELECT COUNT(account_id) AS total FROM {$server->loginDatabase}.login "; if (Flux::config('HideTempBannedStats')) { $sql .= "WHERE unban_time <= UNIX_TIMESTAMP()"; } if (Flux::config('HidePermBannedStats')) { if (Flux::config('HideTempBannedStats')) { $sql .= " AND state != 5"; } else { $sql .= "WHERE state != 5"; } } $sth = $server->connection->getStatement($sql); $sth->execute(); $info['accounts'] += $sth->fetch()->total; // Characters. $sql = "SELECT COUNT(`char`.char_id) AS total FROM {$server->charMapDatabase}.`char` "; if (Flux::config('HideTempBannedStats')) { $sql .= "LEFT JOIN {$server->loginDatabase}.login ON login.account_id = `char`.account_id "; $sql .= "WHERE login.unban_time <= UNIX_TIMESTAMP()"; } if (Flux::config('HidePermBannedStats')) { if (Flux::config('HideTempBannedStats')) { $sql .= " AND login.state != 5";
?> <i><?php echo Flux::message('BANNER_IS_UPLOADED'); ?> . <?php } ?> <i style="color:red">Allowed file types for file upload: <?php echo $file_types; ?> </i> </td> </tr> <tr> <th align="left"> <?php echo Flux::message('BLOCK_TIME_LABEL'); ?> </th> <td> <select name="blocking_hours" id="id_blocking_hours"> <?php for ($i = 1; $i <= 24; $i++) { ?> <option value="<?php echo $i; ?> " <?php if ($hours == $i) {
?> </a></strong> </div> </td> <?php } ?> </tr> <?php } ?> <tr> <td></td> <td> <div style="margin-bottom: 5px"> <?php printf(htmlspecialchars(Flux::message('AccountCreateInfo2')), '<a href="' . $this->url('service', 'tos') . '">' . Flux::message('AccountCreateTerms') . '</a>'); ?> </div> <div> <button type="submit"><strong><?php echo htmlspecialchars(Flux::message('AccountCreateButton')); ?> </strong></button> </div> </td> </tr> </table> </form>
<?php if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(Flux::message('LoginToDonate')); $title = 'Fazer Uma Doação'; $donationAmount = false; if (count($_POST) && $params->get('setamount')) { $minimum = Flux::config('PagSeguroMin'); $amount = (double) $params->get('amount'); if (!$amount || $amount < $minimum) { $errorMessage = sprintf('A quantidade de doação deve ser maior ou igual a %s R$!', $this->formatCurrency($minimum)); } else { $donationAmount = $amount; } } if (!$params->get('setamount') && $params->get('resetamount')) { $this->redirect($this->url); }
echo $this->linkToCharacter($cart_item->char_id, $cart_item->char_name, $session->serverName) . "'s"; ?> <?php } else { ?> <?php echo htmlspecialchars($cart_item->char_name . "'s"); ?> <?php } ?> <?php } else { ?> <span class="not-applicable"><?php echo htmlspecialchars(Flux::message('UnknownLabel')); ?> </span>'s <?php } ?> <?php } ?> <?php if ($item->card0 == 255 && array_key_exists($item->card1 % 1280, $itemAttributes)) { ?> <?php echo htmlspecialchars($itemAttributes[$item->card1 % 1280]); ?> <?php
<?php if ($nrow->link) { ?> <a class="news_link" href="<?php echo $nrow->link; ?> "><small><?php echo htmlspecialchars(Flux::message('XCMSNewsLink')); ?> </small></a> <div class="clear"></div> <?php } ?> </div> <?php } ?> </div> <?php } else { ?> <p> <?php echo htmlspecialchars(Flux::message('XCMSNewsEmpty')); ?> <br/><br/> </p> <?php }
echo htmlspecialchars(Flux::message('ServerStatusCharLabel')); ?> </td> <td class="status"><?php echo htmlspecialchars(Flux::message('ServerStatusMapLabel')); ?> </td> <td class="status"><?php echo htmlspecialchars(Flux::message('ServerStatusOnlineLabel')); ?> </td> <?php if (isset($peak)) { ?> <td class="status"><?php echo htmlspecialchars(Flux::message('ServerStatusPeakLabel')); ?> </td> <?php } ?> </tr> <?php foreach ($gameServers as $serverName => $gameServer) { ?> <tr> <th class="server"><?php echo htmlspecialchars($serverName); ?> </th> <td class="status"><?php
echo htmlspecialchars(Flux::message('SDHeaderLastAuthor')); ?> </th> <th><?php echo htmlspecialchars(Flux::message('SDHeaderTeam')); ?> </th> <th><?php echo htmlspecialchars(Flux::message('SDHeaderTimestamp')); ?> </th> </tr> <?php echo $oldrowoutput; ?> </tbody> </table> <?php } else { ?> <p> <?php echo Flux::message('SDNoInactiveTickets'); ?> <br /><br /> </p> <?php } ?> <br /><Br />
$tblcat = Flux::config('FluxTables.ServiceDeskCatTable'); $rep = $server->connection->getStatement("SELECT * FROM {$server->loginDatabase}.{$tbl} WHERE status != 'Closed' ORDER BY ticket_id DESC"); $rep->execute(); $ticketlist = $rep->fetchAll(); $rowoutput = NULL; foreach ($ticketlist as $trow) { $catsql = $server->connection->getStatement("SELECT * FROM {$server->loginDatabase}.{$tblcat} WHERE cat_id = ?"); $catsql->execute(array($trow->category)); $catlist = $catsql->fetch(); $rowoutput .= '<tr > <td><a href="' . $this->url('servicedesk', 'staffview', array('ticketid' => $trow->ticket_id)) . '" >' . $trow->ticket_id . '</a></td> <td>' . $trow->account_id . '</td> <td><a href="' . $this->url('servicedesk', 'staffview', array('ticketid' => $trow->ticket_id)) . '" >' . $trow->subject . '</a></td> <td><a href="' . $this->url('servicedesk', 'staffview', array('ticketid' => $trow->ticket_id)) . '" > ' . $catlist->name . '</a></td> <td> <font color="' . Flux::config('Font' . $trow->status . 'Colour') . '"><strong>' . $trow->status . '</strong></font> </td> <td width="50">'; if ($trow->lastreply == '0') { $rowoutput .= '<i>None</i>'; } else { $rowoutput .= $trow->lastreply; } $rowoutput .= '</td> <td> ' . Flux::message('SDGroup' . $trow->team) . ' </td> <td>' . date(Flux::config('DateFormat'), strtotime($trow->timestamp)) . '</td> </tr>'; }
} elseif (!in_array($gender, array('M', 'F'))) { $errorMessage = Flux::message('InvalidGender'); } elseif ($account->balance != $balance && !$auth->allowedToEditAccountBalance) { $errorMessage = Flux::message('CannotModifyBalance'); } elseif ($birthdate && !preg_match('/^\\d{4}-\\d{2}-\\d{2}$/', $birthdate)) { $errorMessage = Flux::message('InvalidBirthdate'); } elseif ($lastLogin && !preg_match('/^\\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}$/', $lastLogin)) { $errorMessage = Flux::message('InvalidLastLoginDate'); } elseif (!Flux_Security::csrfValidate('AccountEdit', $_POST, $error)) { $errorMessage = $error; } else { $bind = array('email' => $email, 'sex' => $gender, 'logincount' => $loginCount, 'birthdate' => $birthdate ? $birthdate : $account->birthdate, 'lastlogin' => $lastLogin ? $lastLogin : $account->lastlogin, 'last_ip' => $lastIP); $sql = "UPDATE {$server->loginDatabase}.login SET email = :email, "; $sql .= "sex = :sex, logincount = :logincount, birthdate = :birthdate, lastlogin = :lastlogin, last_ip = :last_ip"; if ($auth->allowedToEditAccountGroupID) { $sql .= ", group_id = :group_id"; $bind['group_id'] = $group_id; } $bind['account_id'] = $account->account_id; $sql .= " WHERE account_id = :account_id"; $sth = $server->connection->getStatement($sql); $sth->execute($bind); if ($auth->allowedToEditAccountBalance) { $deposit = $balance - $account->balance; $session->loginServer->depositCredits($account->account_id, $deposit); } $session->setMessageData(Flux::message('AccountModified')); $this->redirect($this->url('account', 'view', array('id' => $account->account_id))); } } }
<?php } else { ?> <?php echo htmlspecialchars($change->change_ip); ?> <?php } ?> </td> </tr> <?php } ?> </table> </div> <?php echo $paginator->getHTML(); } else { ?> <p> <?php echo htmlspecialchars(Flux::message('HistoryNoPassChanges')); ?> <a href="javascript:history.go(-1)"><?php echo htmlspecialchars(Flux::message('GoBackLabel')); ?> </a> </p> <?php }
?> </td> <td class="status"><?php echo htmlspecialchars(Flux::message('ServerStatusLoginLabel')); ?> </td> <td class="status"><?php echo htmlspecialchars(Flux::message('ServerStatusCharLabel')); ?> </td> <td class="status"><?php echo htmlspecialchars(Flux::message('ServerStatusMapLabel')); ?> </td> <td class="status"><?php echo htmlspecialchars(Flux::message('ServerStatusOnlineLabel')); ?> </td> </tr> <?php foreach ($gameServers as $serverName => $gameServer) { ?> <tr> <th class="server"><?php echo htmlspecialchars($serverName); ?> </th> <td class="status"><?php echo $this->serverUpDown($gameServer['loginServerUp']); ?> </td>
?> </td> <td><?php echo htmlspecialchars(Flux::message('TLStatus' . $trow->status)); ?> </td> <td><?php echo date(Flux::config('DateFormat'), strtotime($trow->created)); ?> </td> </tr> <?php } ?> </tbody> </table> <?php } else { ?> <p> <?php echo htmlspecialchars(Flux::message('TLNoTasks')); ?> <br/><br/> <a href="<?php echo $this->url('tasks', 'createnew'); ?> ">Create a Task</a> </p> <?php }
$sql = "UPDATE {$server->loginDatabase}.{$tbl} SET confirmed = 1, confirm_expire = NULL WHERE account_id = ?"; $sth = $server->connection->getStatement($sql); if ($tempBanned && $auth->allowedToTempUnbanAccount && $server->loginServer->unban($session->account->account_id, $reason, $account->account_id)) { if ($confirm) { $sth->execute(array($account->account_id)); } $session->setMessageData(Flux::message('AccountLiftTempBan')); $this->redirect($this->url('account', 'view', array('id' => $account->account_id))); } elseif ($permBanned && $auth->allowedToPermUnbanAccount && $server->loginServer->unban($session->account->account_id, $reason, $account->account_id)) { if ($confirm) { $sth->execute(array($account->account_id)); } $session->setMessageData(Flux::message('AccountLiftPermBan')); $this->redirect($this->url('account', 'view', array('id' => $account->account_id))); } else { $errorMessage = Flux::message('AccountLiftBanUnauth'); } } } $banInfo = false; if ($account) { $banInfo = $server->loginServer->getBanInfo($account->account_id); } $characters = array(); foreach ($session->getAthenaServerNames() as $serverName) { $athena = $session->getAthenaServer($serverName); $sql = "SELECT ch.*, guild.name AS guild_name, guild.emblem_len AS guild_emblem_len "; $sql .= "FROM {$athena->charMapDatabase}.`char` AS ch "; $sql .= "LEFT OUTER JOIN {$athena->charMapDatabase}.guild ON guild.guild_id = ch.guild_id "; $sql .= "WHERE ch.account_id = ? ORDER BY ch.char_num ASC"; $sth = $server->connection->getStatement($sql);
<?php if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(); $title = Flux::message('HistoryEmailTitle'); $emailChangeTable = Flux::config('FluxTables.ChangeEmailTable'); $sql = "SELECT COUNT(id) AS total FROM {$server->loginDatabase}.{$emailChangeTable} WHERE account_id = ?"; $sth = $server->connection->getStatement($sql); $sth->execute(array($session->account->account_id)); $paginator = $this->getPaginator($sth->fetch()->total); $paginator->setSortableColumns(array('old_email', 'new_email', 'request_date', 'request_ip', 'change_date', 'change_ip', 'change_done')); $sql = "SELECT old_email, new_email, request_date, request_ip, change_date, change_ip, change_done FROM {$server->loginDatabase}.{$emailChangeTable} WHERE account_id = ?"; $sql = $paginator->getSQL($sql); $sth = $server->connection->getStatement($sql); $sth->execute(array($session->account->account_id)); $changes = $sth->fetchAll();
<?php if (!defined('FLUX_ROOT')) { exit; } $title = Flux::message('PickLogTitle'); $sql = "SELECT COUNT(id) AS total FROM {$server->logsDatabase}.picklog"; $sth = $server->connection->getStatementForLogs($sql); $sth->execute(); $paginator = $this->getPaginator($sth->fetch()->total); $paginator->setSortableColumns(array('time' => 'desc', 'char_id', 'type', 'nameid', 'amount', 'refine', 'card0', 'card1', 'card2', 'card3', 'map')); $col = "time, char_id, type, nameid, amount, refine, card0, card1, card2, card3, map"; $sql = $paginator->getSQL("SELECT {$col} FROM {$server->logsDatabase}.picklog"); $sth = $server->connection->getStatementForLogs($sql); $sth->execute(); $picks = $sth->fetchAll(); if ($picks) { $charIDs = array(); $itemIDs = array(); $mobIDs = array(); $pickTypes = Flux::config('PickTypes'); foreach ($picks as $pick) { $itemIDs[$pick->nameid] = null; if ($pick->type == 'M' || $pick->type == 'L') { $mobIDs[$pick->char_id] = null; } else { $charIDs[$pick->char_id] = null; } if ($pick->card0) { $itemIDs[$pick->card0] = null; }
if (count($_POST)) { $prev = (bool) $params->get('_preview'); $to = trim($params->get('to')); $subject = trim($params->get('subject')); $body = trim($params->get('body')); if (!$to) { $errorMessage = Flux::message('MailerEnterToAddress'); } elseif (!$subject) { $errorMessage = Flux::message('MailerEnterSubject'); } elseif (!$body) { $errorMessage = Flux::message('MailerEnterBodyText'); } elseif (!Flux_Security::csrfValidate('Mailer', $_POST, $error)) { $errorMessage = $error; } if (empty($errorMessage)) { if ($prev) { require_once 'markdown/markdown.php'; $preview = Markdown($body); } else { require_once 'Flux/Mailer.php'; $mail = new Flux_Mailer(); $opts = array('_ignoreTemplate' => true, '_useMarkdown' => true); if ($mail->send($to, $subject, $body, $opts)) { $session->setMessageData(sprintf(Flux::message('MailerEmailHasBeenSent'), $to)); $this->redirect(); } else { $errorMessage = Flux::message('MailerFailedToSend'); } } } }
<?php if (!defined('FLUX_ROOT')) { exit; } $this->loginRequired(); $title = 'Reset Position'; $charID = $params->get('id'); if (!$charID) { $this->deny(); } $char = $server->getCharacter($charID); if (!$char || $char->account_id != $session->account->account_id && !$auth->allowedToResetPosition) { $this->deny(); } $reset = $server->resetPosition($charID); if ($reset === -1) { $message = sprintf(Flux::message('CantResetPosWhenOnline'), $char->name); } elseif ($reset === -2) { $message = sprintf(Flux::message('CantResetFromCurrentMap'), $char->name); } elseif ($reset === true) { $message = sprintf(Flux::message('ResetPositionSuccessful'), $char->name); } else { $message = sprintf(Flux::message('ResetPositionFailed'), $char->name); } $session->setMessageData($message); $this->redirect($this->url('character', 'view', array('id' => $charID)));