public static function while_plugins($category = array())
{
global $db;
$categories = \site\utils::validate_user_data($category);
$where = $orderby = $limit = array();
if (isset($categories['max'])) {
if (!empty($categories['max'])) {
$limit[] = $categories['max'];
}
} else {
$page = !empty($_GET['page']) ? (int) $_GET['page'] : 1;
$per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page');
$offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0;
$limit[] = $offset;
$limit[] = $per_page;
}
/*
WHERE / ORDER BY
*/
if (!empty($categories['search'])) {
$search = implode('.*', explode(' ', trim($categories['search'])));
$where[] = 'CONCAT(name, description) REGEXP "' . \site\utils::dbp($search) . '"';
}
if (isset($categories['show'])) {
$show = array_map('trim', explode(',', strtolower($categories['show'])));
foreach ($show as $v) {
switch ($v) {
case 'languages':
$where[] = 'scope = "language"';
break;
case 'payment_gateways':
$where[] = 'scope = "pay_gateway"';
break;
case 'feed_servers':
$where[] = 'scope = "feed_server"';
break;
case 'applications':
$where[] = 'scope = ""';
break;
}
}
}
if (isset($categories['orderby'])) {
$order = array_map('trim', explode(',', strtolower($categories['orderby'])));
foreach ($order as $v) {
switch ($v) {
case 'name':
$orderby[] = 'name';
break;
case 'name desc':
$orderby[] = 'name DESC';
break;
case 'date':
$orderby[] = 'date';
break;
case 'date desc':
$orderby[] = 'date DESC';
break;
}
}
}
/*
*/
$stmt = $db->stmt_init();
$stmt->prepare("SELECT id, user, name, image, scope, main, options, menu, menu_ready, menu_icon, extend_vars, description, version, update_checker, uninstall, visible, date FROM " . DB_TABLE_PREFIX . "plugins" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit)));
$stmt->execute();
$stmt->bind_result($id, $user, $name, $image, $scope, $main_file, $options_file, $menu, $menu_ready, $menu_icon, $vars, $description, $version, $update_checker, $uninstall, $visible, $date);
$data = array();
while ($info = $stmt->fetch()) {
$data[] = (object) array('ID' => $id, 'user' => $user, 'name' => htmlspecialchars($name), 'image' => htmlspecialchars($image), 'scope' => htmlspecialchars($scope), 'main_file' => htmlspecialchars($main_file), 'options_file' => htmlspecialchars($options_file), 'menu' => $menu, 'menu_ready' => $menu_ready, 'menu_icon' => $menu_icon, 'vars' => @unserialize($vars), 'description' => htmlspecialchars($description), 'update_checker' => htmlspecialchars($update_checker), 'version' => $version, 'uninstall_preview' => @unserialize($uninstall), 'visible' => $visible, 'date' => $date);
}
$stmt->close();
return $data;
}
function edit_store_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$store = \query\main::store_infos($id);
if ($store->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>';
}
/* */
$store_image = $store->image;
$form = '<div class="edit_store_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_store_form']);
try {
$post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd);
$store_image = $post_info->image;
$form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#" enctype="multipart/form-data">
<div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label>
<div><select name="edit_store_form[category]" id="edit_store_form[category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
$wcat = '<optgroup label="' . $cat['infos']->name . '">';
$wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
$wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
$wcat .= '</optgroup>';
$form .= $wcat;
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div>
<div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div>
<div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" />
<span>Note:* max width: 600px, max height: 400px.</span></div></div>
<input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_store_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
function contact_form($loc = '')
{
global $LANG;
$form = '<div class="contact_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) {
$pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
\user\main::send_contact($pd);
$form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>';
unset($pd);
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#widget_contact">
<div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div>
<input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" />
<button>' . $LANG['send'] . '</button>
</form>
</div>';
return $form;
}
public static function while_invoices($category = array())
{
global $db;
$categories = \site\utils::validate_user_data($category);
$where = $orderby = $limit = array();
if (isset($categories['max'])) {
if (!empty($categories['max'])) {
$limit[] = $categories['max'];
}
} else {
$page = !empty($_GET['page']) ? (int) $_GET['page'] : 1;
$per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page');
$offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0;
$limit[] = $offset;
$limit[] = $per_page;
}
/*
WHERE / ORDER BY
*/
if (!empty($categories['search'])) {
$search = implode('.*', explode(' ', trim($categories['search'])));
$where[] = 'CONCAT(t.gateway, t.transaction_id, t.details) REGEXP "' . \site\utils::dbp($search) . '"';
}
if (isset($categories['show'])) {
switch ($categories['show']) {
case 'paid':
$where[] = 'paid > 0';
break;
case 'unpaid':
$where[] = 'paid = 0';
break;
case 'delivered':
$where[] = 'delivered > 0';
break;
case 'undelivered':
$where[] = 'delivered = 0';
break;
case 'undeliveredpayments':
$where[] = 'paid > 0 AND delivered = 0';
}
}
if (!empty($categories['date'])) {
$date = array_map('trim', explode(',', $categories['date']));
$where[] = 't.date >= FROM_UNIXTIME(' . \site\utils::dbp($date[0]) . ')';
if (isset($date[1])) {
$where[] = 't.date <= FROM_UNIXTIME(' . \site\utils::dbp($date[1]) . ')';
}
}
if (isset($categories['orderby'])) {
$order = array_map('trim', explode(',', strtolower($categories['orderby'])));
foreach ($order as $v) {
switch ($v) {
case 'rand':
$orderby[] = 'RAND()';
break;
case 'date':
$orderby[] = 't.date';
break;
case 'date desc':
$orderby[] = 't.date DESC';
break;
case 'price':
$orderby[] = 't.price';
break;
case 'price desc':
$orderby[] = 't.price DESC';
break;
}
}
}
/*
*/
$stmt = $db->stmt_init();
$stmt->prepare("SELECT t.id, t.user, u.name, u.avatar, t.gateway, t.price, t.transaction_id, t.state, t.details, t.lastupdate, t.paid, t.delivered, t.date FROM " . DB_TABLE_PREFIX . "p_transactions t LEFT JOIN " . DB_TABLE_PREFIX . "users u ON (u.id = t.user)" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit)));
$stmt->execute();
$stmt->bind_result($id, $user, $user_name, $user_avatar, $gateway, $price, $transaction_id, $state, $details, $last_update, $paid, $delivered, $date);
$data = array();
while ($stmt->fetch()) {
$data[] = (object) array('ID' => $id, 'user' => $user, 'user_name' => $user_name, 'user_avatar' => $user_avatar, 'gateway' => htmlspecialchars($gateway), 'price' => $price, 'price_format' => sprintf(PRICE_FORMAT, \site\utils::money_format($price)), 'transaction_id' => htmlspecialchars($transaction_id), 'state' => htmlspecialchars($state), 'details' => htmlspecialchars($details), 'last_update' => $last_update, 'paid' => $paid, 'delivered' => $delivered, 'date' => $date);
}
$stmt->close();
return $data;
}
public static function while_rewards_reqs($category = array())
{
global $db;
$categories = \site\utils::validate_user_data($category);
$where = $orderby = $limit = array();
if (isset($categories['max'])) {
if (!empty($categories['max'])) {
$limit[] = $categories['max'];
}
} else {
$page = !empty($_GET['page']) ? (int) $_GET['page'] : 1;
$per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page');
$offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0;
$limit[] = $offset;
$limit[] = $per_page;
}
/*
WHERE / ORDER BY
*/
if (!empty($categories['user'])) {
$where[] = 'user = "******"';
}
if (!empty($categories['reward'])) {
$where[] = 'reward = "' . (int) $categories['reward'] . '"';
}
if (!empty($categories['search'])) {
$search = implode('.*', explode(' ', trim($categories['search'])));
$where[] = 'fields REGEXP "' . \site\utils::dbp($search) . '"';
}
if (isset($categories['show'])) {
$show = strtolower($categories['show']);
switch ($show) {
case 'valid':
$where[] = 'claimed = 1';
break;
case 'notvalid':
$where[] = 'claimed = 0';
break;
}
}
if (isset($categories['orderby'])) {
$order = array_map('trim', explode(',', strtolower($categories['orderby'])));
foreach ($order as $v) {
switch ($v) {
case 'rand':
$orderby[] = 'RAND()';
break;
case 'date':
$orderby[] = 'date';
break;
case 'date desc':
$orderby[] = 'date DESC';
break;
case 'points':
$orderby[] = 'points';
break;
case 'points desc':
$orderby[] = 'points DESC';
break;
}
}
}
/*
*/
$stmt = $db->stmt_init();
$stmt->prepare("SELECT id, name, user, points, reward, (SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "rewards WHERE id = r.reward), fields, claimed, date FROM " . DB_TABLE_PREFIX . "rewards_reqs r" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit)));
$stmt->execute();
$stmt->bind_result($id, $name, $user, $points, $reward, $reward_exists, $fields, $claimed, $date);
$data = array();
while ($stmt->fetch()) {
$data[] = (object) array('ID' => $id, 'name' => htmlspecialchars($name), 'user' => $user, 'points' => $points, 'reward' => $reward, 'reward_exists' => $reward_exists > 0 ? 1 : 0, 'fields' => @unserialize($fields), 'claimed' => $claimed, 'date' => $date);
}
$stmt->close();
return $data;
}
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_register']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['register']);
try {
$session = \user\main::register($pd);
$response['state'] = 'success';
$response['message'] = $LANG['register_success'];
$response['session'] = $GLOBALS['siteURL'] . '/setSession.php?session=' . $session;
unset($_SESSION['csrf']['ajax_register']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_subscribe']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['subscribe']);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
$type = \user\main::subscribe($id, $pd);
$response['state'] = 'success';
$response['message'] = $type == 1 ? sprintf($LANG['newsletter_reqconfirm'], $pd['email']) : $LANG['newsletter_success'];
unset($_SESSION['csrf']['ajax_subscribe']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
<div class="sign_in">
<div class="wrapper">
<?php
$form = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) {
$pd = \site\utils::validate_user_data($_POST['login_form']);
try {
$session = \user\main::login($pd, 1);
$form .= '<div class="success">' . $LANG['login_success'] . '</div>';
$form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12);
echo $form;
?>
<form action="#" method="POST">
<input type="text" name="login_form[username]" value="<?php
echo isset($pd['username']) ? htmlspecialchars($pd['username']) : '';
?>
" placeholder="<?php
echo $LANG['form_email'];
?>
" required />
<input type="password" name="login_form[password]" placeholder="<?php
echo $LANG['form_password'];
?>
$form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>';
\user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid']));
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
$form .= '<form action="#" method="POST">
<input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required />
<input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required />
<button>' . $LANG['reset_pwd_button'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
$pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
try {
\user\main::recovery_password($_POST['forgot_password_form'], '../', 1);
$form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
$form .= '<form action="#" method="POST">
<input type="text" name="forgot_password_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required />
<button>' . $LANG['recovery'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
}
echo $form;
public static function while_head_lines($category = array())
{
global $db;
$categories = \site\utils::validate_user_data($category);
$where = $orderby = $limit = array();
if (isset($categories['max'])) {
if (!empty($categories['max'])) {
$limit[] = $categories['max'];
}
} else {
$page = !empty($_GET['page']) ? (int) $_GET['page'] : 1;
$per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page');
$offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0;
$limit[] = $offset;
$limit[] = $per_page;
}
/*
WHERE / ORDER BY
*/
if (!empty($categories['search'])) {
$search = implode('.*', explode(' ', trim($categories['search'])));
$where[] = 'CONCAT(text, plugin) REGEXP "' . \site\utils::dbp($search) . '"';
}
if (isset($categories['show'])) {
switch ($categories['show']) {
case 'admin':
$where[] = 'admin > 0';
break;
case 'theme':
$where[] = 'theme > 0';
break;
}
}
if (isset($categories['orderby'])) {
$order = array_map('trim', explode(',', strtolower($categories['orderby'])));
foreach ($order as $v) {
switch ($v) {
case 'date':
$orderby[] = 'date';
break;
case 'date desc':
$orderby[] = 'date DESC';
break;
}
}
}
/*
*/
$stmt = $db->stmt_init();
$stmt->prepare("SELECT id, text, admin, theme, plugin, date FROM " . DB_TABLE_PREFIX . "head" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit)));
$stmt->execute();
$stmt->bind_result($id, $text, $admin, $theme, $plugin, $date);
$data = array();
while ($stmt->fetch()) {
$data[] = (object) array('ID' => $id, 'text' => $text, 'admin' => $admin, 'theme' => $theme, 'plugin' => $plugin, 'date' => $date);
}
$stmt->close();
return $data;
}
