}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'categories_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_category($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['categories_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off" novalidate>
<input type="hidden" name="route" value="categories.php" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'name' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>
<input type="hidden" name="action" value="list" />
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'pages_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_page($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['feed_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="feed.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select> ';
try {
$category = $feed->categories();
echo '<select name="category">
public static function unsubscribe($post)
{
global $db, $LANG;
$post = array_map('trim', $post);
if (!isset($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
throw new \Exception($LANG['newsletter_usevalide']);
} else {
$stmt = $db->stmt_init();
$stmt->prepare("SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "newsletter WHERE email = ?");
$stmt->bind_param("s", $post['email']);
$stmt->bind_result($count);
$stmt->execute();
$stmt->fetch();
$stmt->close();
if ($count == 0) {
throw new \Exception($LANG['uunsubscr_notsubscr']);
}
if (\query\main::get_option('unsubscr_confirm_req')) {
$session = md5(\site\utils::str_random(15));
if (\user\mail_sessions::insert('unsubscription', array('email' => $post['email'], 'session' => $session)) && \site\mail::send($post['email'], $LANG['email_unsub_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'confirm_unsubscription'), array('confirmation_main_text' => $LANG['email_unsub_maintext'], 'confirmation_button' => $LANG['email_unsub_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('action' => 'unsubscribe2', 'email' => $post['email'], 'token' => $session))))) {
return 1;
} else {
throw new \Exception($LANG['msg_error']);
}
} else {
// auto-unsubscribe
$stmt = $db->stmt_init();
$stmt->prepare("DELETE FROM " . DB_TABLE_PREFIX . "newsletter WHERE email = ?");
$stmt->bind_param("s", $post['email']);
$execute = $stmt->execute();
$stmt->close();
if ($execute) {
return 2;
} else {
throw new \Exception($LANG['msg_error']);
}
}
}
}
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_item($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
}
$csrf = $_SESSION['coupons_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="coupons.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'views' => $LANG['order_views'], 'views desc' => $LANG['order_views_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc'], 'active' => $LANG['order_expiration'], 'active DESC' => $LANG['order_expiration_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>
<select name="category">
<option value="">' . $LANG['all_categories'] . '</option>';
echo '<div class="title">
<h2>' . $LANG['settings_general_title'] . '</h2>';
if (!empty($LANG['settings_general_subtitle'])) {
echo '<span>' . $LANG['settings_general_subtitle'] . '</span>';
}
echo '</div>';
if (isset($_SESSION['js_settings'])) {
if (isset($_GET['success']) && $_GET['success'] == 'true') {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['settings_save_error'] . '</div>';
}
unset($_SESSION['js_settings']);
}
$csrf = $_SESSION['settings_csrf'] = \site\utils::str_random(10);
echo '<div class="form-table">
<form action="?route=post-actions.php&action=general-settings" method="POST">
<div class="row"><span>' . $LANG['settings_form_sitename'] . ':</span><div><input type="text" name="sitename" value="' . htmlspecialchars(\query\main::get_option('sitename')) . '" /></div></div>
<div class="row"><span>' . $LANG['settings_form_siteurl'] . ':</span><div><input type="text" name="siteurl" value="' . htmlspecialchars(\query\main::get_option('siteurl')) . '" /></div></div>
<div class="row"><span>' . $LANG['settings_form_sitedesc'] . ':</span><div><textarea name="description">' . \query\main::get_option('sitedescription') . '</textarea></div></div>
<div class="row"><span>' . $LANG['settings_form_itemspp'] . ':</span><div><input type="number" name="ipp" value="' . (int) \query\main::get_option('items_per_page') . '" /></div></div>
<div class="row"><span>' . $LANG['settings_form_userregs'] . ':</span>
<div>
<select name="registrations"><option value="opened">' . $LANG['settings_select_opened'] . '</option><option value="closed"' . (\query\main::get_option('registrations') != 'opened' ? ' selected' : '') . '>' . $LANG['settings_select_closed'] . '</option></select>
</div></div>
<div class="row"><span>' . $LANG['settings_form_accpip'] . ':</span>
function contact_form($loc = '')
{
global $LANG;
$form = '<div class="contact_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) {
$pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
\user\main::send_contact($pd);
$form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>';
unset($pd);
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#widget_contact">
<div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div>
<input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" />
<button>' . $LANG['send'] . '</button>
</form>
</div>';
return $form;
}
<div style="text-align: right; margin-bottom: 10px;">
<a href="<?php
echo tlink('user/claim-history');
?>
" class="btn">Claims History</a>
</div>
<?php
if (($pagination = have_rewards(array('show' => 'active'))) && $pagination['results'] > 0) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && \site\utils::check_csrf($_POST['csrf'], 'claim_reward')) {
echo create_reward_request();
// without this function rewards can't be claimed
}
$csrf = $_SESSION['claim_reward'] = \site\utils::str_random(12);
echo '<div>';
foreach (rewards(array('show' => 'active', 'orderby' => 'points')) as $item) {
echo '<section class="array_item twopl">
<div class="table">
<div class="left">
<img src="' . reward_avatar($item->image) . '" alt="" style="height: 60px; width: 60px;">
</div>
<div class="right">
<div class="title">' . $item->title . '</div>
<div class="info">Requires: <b style="color: #0086CE; font-weight: 900;">' . $item->points . '</b> Points</div>
<div class="description">' . (!empty($item->description) ? nl2br($item->description) : '-') . '</div>
</div>
$sendy_template_root = substr($_POST['sendy_template_root'], -1) == '/' ? $_POST['sendy_template_root'] : $_POST['sendy_template_root'] . '/';
$sendy_query_string = isset($_POST['sendy_query_string']) ? $_POST['sendy_query_string'] : '';
if (actions::set_option(array('sendy_query_string' => $sendy_query_string, 'sendy_brand_id' => $_POST['sendy_brand_id'], 'sendy_list_id' => $_POST['sendy_list_id'], 'sendy_reply_to' => $_POST['sendy_reply_to'], 'sendy_from_email' => $_POST['sendy_from_email'], 'sendy_from_name' => $_POST['sendy_from_name'], 'sendy_api_key' => $_POST['sendy_api_key'], 'sendy_url' => $sendy_url, 'sendy_template_root' => $sendy_template_root))) {
echo '<div class="a-success">Saved!</div>';
} else {
echo '<div class="a-error">Error!</div>';
}
} else {
echo '<div class="a-error">Param Error (' . isset($_POST['sendy_brand_id']) . ',' . isset($_POST['sendy_list_id']) . ',' . isset($_POST['sendy_reply_to']) . ',' . isset($_POST['sendy_from_email']) . ',' . isset($_POST['sendy_from_name']) . ',' . isset($_POST['sendy_api_key']) . ',' . isset($_POST['sendy_url']) . ')</div>';
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo '<div class="a-error">Signature Error</div';
}
}
$csrf = $_SESSION['slider_csrf'] = \site\utils::str_random(10);
switch ($_GET['action']) {
default:
echo '
<div class="title">
<h2>Sendy settings</h2>
<span>Modify Sendy settings</span>
</div>
';
echo '<form action="#" method="POST">
<div class="form-table">
</li>';
}
echo '</ul>
</div>
<div class="el-two">';
if (ab_to(array('chat' => 'view'))) {
echo '<section class="el-row">
<h2>' . $LANG['chat_title'] . ' <a href="#" class="updown" data-set="chat">' . (isset($_SESSION['ses_set']['chat']) && ($show_chat = $_SESSION['ses_set']['chat']) ? 'S' : 'R') . '</a></h2>
<div class="el-row-body"' . (!empty($show_chat) ? ' style="display: none;"' : '') . '>
<div id="post-chat">';
$chat_csrf = \site\utils::str_random(10);
if (ab_to(array('chat' => 'add'))) {
echo '<form action="#" method="POST">
<input type="text" name="text" value="" placeholder="' . $LANG['chat_write_input'] . '" />
<button class="btn">' . $LANG['chat_write_button'] . '</button>
<a href="#" class="btn useggfont" title="Reload">Z</a>
<input type="hidden" name="chat_csrf" value="' . $chat_csrf . '" />
</form>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['chat_csrf']) && check_csrf($_POST['chat_csrf'], 'chat_csrf') && isset($_POST['text'])) {
actions::post_chat_message($_POST['text']);
}
}
$_SESSION['chat_csrf'] = $chat_csrf;
<div class="wrapper">
<?php
$form = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) {
$pd = \site\utils::validate_user_data($_POST['login_form']);
try {
$session = \user\main::login($pd, 1);
$form .= '<div class="success">' . $LANG['login_success'] . '</div>';
$form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12);
echo $form;
?>
<form action="#" method="POST">
<input type="text" name="login_form[username]" value="<?php
echo isset($pd['username']) ? htmlspecialchars($pd['username']) : '';
?>
" placeholder="<?php
echo $LANG['form_email'];
?>
" required />
<input type="password" name="login_form[password]" placeholder="<?php
echo $LANG['form_password'];
?>
" required />
<input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required />
<input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required />
<button>' . $LANG['reset_pwd_button'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
$pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
try {
\user\main::recovery_password($_POST['forgot_password_form'], '../', 1);
$form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
$form .= '<form action="#" method="POST">
<input type="text" name="forgot_password_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required />
<button>' . $LANG['recovery'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
}
echo $form;
?>
<div style="margin: 20px 0 0 0; text-align: center;">
<a href="?">← <?php
echo $LANG['login'];
?>
</a>
</div>
}
}
} else {
if ($_GET['type'] == 'read' || $_GET['type'] == 'unread') {
if (isset($_GET['id'])) {
if (actions::action_suggestions($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
}
$csrf = $_SESSION['suggestions_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="suggestions.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>
<select name="view">';
foreach (array('' => $LANG['all_suggestions'], 'read' => $LANG['view_read'], 'notread' => $LANG['view_unread']) as $k => $v) {
public static function add_user($opt = array())
{
global $db, $LANG;
if (!ab_to(array('users' => 'add'))) {
return false;
}
$opt = \site\utils::array_map_recursive('trim', $opt);
if (empty($opt['name']) || empty($opt['email']) || empty($opt['password'])) {
return false;
}
$stmt = $db->stmt_init();
$stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "users (name, email, password, avatar, points, credits, privileges, erole, subscriber, valid, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())");
$avatar = \site\images::upload(@$_FILES['logo'], 'avatar_', array('path' => DIR . '/', 'max_size' => 1024, 'max_width' => 500, 'max_height' => 600, 'current' => ''));
$password = md5($opt['password']);
$stmt->bind_param("ssssiiisii", $opt['name'], $opt['email'], $password, $avatar, $opt['points'], $opt['credits'], $opt['privileges'], @serialize($opt['erole']), $opt['subscriber'], $opt['confirm']);
if ($stmt->execute()) {
if (!$opt['confirm']) {
$stmt->prepare("SELECT id FROM " . DB_TABLE_PREFIX . "users WHERE email = ?");
$stmt->bind_param("s", $opt['email']);
$stmt->execute();
$stmt->bind_result($id);
$stmt->fetch();
$stmt->close();
$cofirm_session = md5(\site\utils::str_random(15));
if (\user\mail_sessions::insert('confirmation', array('user' => $id, 'session' => $cofirm_session))) {
\site\mail::send($opt['email'], $LANG['email_acc_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_confirmation', 'path' => '../'), array('hello_name' => sprintf($LANG['email_text_hello'], $opt['name']), 'confirmation_main_text' => $LANG['email_acc_maintext'], 'confirmation_button' => $LANG['email_acc_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('user' => $id, 'token' => $cofirm_session))));
}
}
return true;
}
$stmt->close();
return false;
}
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_plugin($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
}
$csrf = $_SESSION['plugins_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="plugins.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>
<select name="type">
<option value="">' . $LANG['all_plugins'] . '</option>';
} else {
if ($coupon_p['couponID'] > 0) {
echo '<div class="a-alert">Sorry, the coupon is already imported.</div>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['coupon'])) {
if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'cjapi_csrf')) {
$data = array('store' => $store_p['storeID'], 'category' => $_POST['coupon']['Category'], 'popular' => isset($_POST['coupon']['Popular']) ? true : false, 'exclusive' => isset($_POST['coupon']['Exclusive']) ? true : false, 'name' => $_POST['coupon']['Title'], 'url' => !isset($_POST['coupon']['Ownlink']) && isset($_POST['coupon']['Link']) && filter_var($_POST['coupon']['Link'], FILTER_VALIDATE_URL) ? $_POST['coupon']['Link'] : '', 'code' => $_POST['coupon']['Code'], 'description' => $_POST['coupon']['Description'], 'tags' => $_POST['coupon']['Tags'], 'start_on' => implode($_POST['coupon']['SD'], ', '), 'end_on' => implode($_POST['coupon']['ED'], ', '), 'publish' => isset($_POST['coupon']['Publish']) ? true : false, 'meta_title' => $_POST['coupon']['MTitle'], 'meta_desc' => $_POST['coupon']['MDesc']);
if (\plugin\Popshop\inc\actions::add_item(array(array_merge($coupon_p, $data))) > 0) {
echo '<div class="a-success">Added!</div><button class="btn" onclick="window.history.go(-2);">Back</button>';
return;
} else {
echo '<div class="a-error">Error!</div>';
}
}
}
$csrf = $_SESSION['cjapi_csrf'] = \site\utils::str_random(10);
$store = \plugin\Popshop\inc\actions::get_import_store($store_p['storeID']);
echo '<div class="form-table">
<form action="#" method="POST" autocomplete="off">
<div class="row"><span>Category:</span>
<div><select name="coupon[Category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
echo '<optgroup label="' . $cat['infos']->name . '">';
echo '<option value="' . $cat['infos']->ID . '"' . ($store['category'] == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
echo '<option value="' . $subcat->ID . '"' . ($store['category'] == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
echo '</optgroup>';
echo '<div class="a-success">' . $LANG['msg_added'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_GET['delete'])) {
if (actions::delete_widget($zone_id, $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
$token = $_SESSION['widgets_csrf'] = \site\utils::str_random(10);
/* */
$zone_widgets = \query\main::show_widgets($zone_id, '../');
/* */
echo '<div class="form-table">
<ul class="elements-list el-two">
<li class="head">' . $LANG['widgets_available'] . '</li>';
$available = widgets::available_list();
foreach ($available as $ID => $widget) {
echo '<li>
<div class="info-div">' . htmlspecialchars($widget['name']) . '</div>
<div class="options">
<a href="?route=widgets.php&zone=' . $zone_id . '&id=' . $ID . '&add&token=' . $token . '">' . $LANG['add'] . '</a>
</div>';
<section class="msg">';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['token']) && isset($_POST['email']) && \site\utils::check_csrf($_POST['token'], 'sendunsubscr_csrf')) {
try {
$type = \user\main::unsubscribe(array('email' => $_POST['email']));
if ($type == 1) {
echo '<div class="success">' . sprintf($LANG['uunsubscr_reqsent'], $_POST['email']) . '</div>';
} else {
echo '<div class="success">' . $LANG['uunsubscr_ok'] . '</div>';
}
} catch (Exception $e) {
echo '<div class="error">' . $e->getMessage() . '</div>';
}
}
}
$csrf = $_SESSION['sendunsubscr_csrf'] = \site\utils::str_random(10);
echo '<h2 style="color: #000;">' . $LANG['uunsubscr_title'] . '</h2>
' . sprintf($LANG['uunsubscr_body'], '<span id="seconds">5</span>') . ' <br /><br />
<form method="POST" action="#" autocomplete="off">
<input type="email" name="email" value="' . (isset($_GET['email']) ? htmlspecialchars($_GET['email']) : '') . '" required />
<input type="hidden" name="token" value="' . $csrf . '" />
<button>Unsubscribe me</button>
</form> <br /><br />
<a href="index.php">' . $LANG['cancel'] . '</a>
</section>
</body>
</html>';
die;
} else {
if (isset($_GET['action']) && isset($_GET['email']) && isset($_GET['token']) && $_GET['action'] == 'unsubscribe2' && \user\mail_sessions::check('unsubscription', array('email' => $_GET['email'], 'session' => $_GET['token']))) {
$stmt = $db->stmt_init();
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'rewards_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_reward($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['rewards_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="rewards.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'points' => $LANG['order_points'], 'points desc' => $LANG['order_points_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>';
if (isset($_GET['search'])) {
echo '<input type="hidden" name="search" value="' . htmlspecialchars($_GET['search']) . '" />';
}
}
}
} else {
if ($_GET['type'] == 'verify' || $_GET['type'] == 'unverify') {
if (isset($_GET['id'])) {
if (actions::action_user($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
}
$csrf = $_SESSION['users_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="users.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'action' => $LANG['order_action'], 'action desc' => $LANG['order_action_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'visits' => $LANG['order_visits'], 'visits desc' => $LANG['order_visits_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>
<select name="view">
<option value="">' . $LANG['all_users'] . '</option>';
function edit_store_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$store = \query\main::store_infos($id);
if ($store->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>';
}
/* */
$store_image = $store->image;
$form = '<div class="edit_store_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_store_form']);
try {
$post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd);
$store_image = $post_info->image;
$form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#" enctype="multipart/form-data">
<div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label>
<div><select name="edit_store_form[category]" id="edit_store_form[category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
$wcat = '<optgroup label="' . $cat['infos']->name . '">';
$wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
$wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
$wcat .= '</optgroup>';
$form .= $wcat;
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div>
<div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div>
<div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" />
<span>Note:* max width: 600px, max height: 400px.</span></div></div>
<input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_store_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
}
}
} else {
if (in_array($_GET['type'], array('paid', 'unpaid', 'delivered', 'undelivered'))) {
if (isset($_GET['id'])) {
if (actions::action_payment($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
}
$csrf = $_SESSION['payments_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="payments.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'price' => $LANG['order_price'], 'price desc' => $LANG['order_price_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select> ';
echo '<select name="view">';
foreach (array('' => $LANG['all_invoices'], 'paid' => $LANG['view_paid'], 'unpaid' => $LANG['view_unpaid'], 'delivered' => $LANG['view_delivered'], 'undelivered' => $LANG['view_undelivered'], 'undeliveredpayments' => $LANG['view_paidandundelivered']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['view']) && $_GET['view'] == $k ? ' selected' : '') . '>' . $v . '</option>';
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_store($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
}
$csrf = $_SESSION['stores_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="stores.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'votes' => $LANG['order_votes'], 'votes desc' => $LANG['order_votes_desc'], 'rating' => $LANG['order_rating'], 'rating desc' => $LANG['order_rating_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>
<select name="category">
<option value="">' . $LANG['all_categories'] . '</option>';
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_product($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
}
$csrf = $_SESSION['products_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="products.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'views' => $LANG['order_views'], 'views desc' => $LANG['order_views_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc'], 'active' => $LANG['order_expiration'], 'active DESC' => $LANG['order_expiration_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>
<select name="category">
<option value="">' . $LANG['all_categories'] . '</option>';
