public static function while_plugins($category = array()) { global $db; $categories = \site\utils::validate_user_data($category); $where = $orderby = $limit = array(); if (isset($categories['max'])) { if (!empty($categories['max'])) { $limit[] = $categories['max']; } } else { $page = !empty($_GET['page']) ? (int) $_GET['page'] : 1; $per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page'); $offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0; $limit[] = $offset; $limit[] = $per_page; } /* WHERE / ORDER BY */ if (!empty($categories['search'])) { $search = implode('.*', explode(' ', trim($categories['search']))); $where[] = 'CONCAT(name, description) REGEXP "' . \site\utils::dbp($search) . '"'; } if (isset($categories['show'])) { $show = array_map('trim', explode(',', strtolower($categories['show']))); foreach ($show as $v) { switch ($v) { case 'languages': $where[] = 'scope = "language"'; break; case 'payment_gateways': $where[] = 'scope = "pay_gateway"'; break; case 'feed_servers': $where[] = 'scope = "feed_server"'; break; case 'applications': $where[] = 'scope = ""'; break; } } } if (isset($categories['orderby'])) { $order = array_map('trim', explode(',', strtolower($categories['orderby']))); foreach ($order as $v) { switch ($v) { case 'name': $orderby[] = 'name'; break; case 'name desc': $orderby[] = 'name DESC'; break; case 'date': $orderby[] = 'date'; break; case 'date desc': $orderby[] = 'date DESC'; break; } } } /* */ $stmt = $db->stmt_init(); $stmt->prepare("SELECT id, user, name, image, scope, main, options, menu, menu_ready, menu_icon, extend_vars, description, version, update_checker, uninstall, visible, date FROM " . DB_TABLE_PREFIX . "plugins" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit))); $stmt->execute(); $stmt->bind_result($id, $user, $name, $image, $scope, $main_file, $options_file, $menu, $menu_ready, $menu_icon, $vars, $description, $version, $update_checker, $uninstall, $visible, $date); $data = array(); while ($info = $stmt->fetch()) { $data[] = (object) array('ID' => $id, 'user' => $user, 'name' => htmlspecialchars($name), 'image' => htmlspecialchars($image), 'scope' => htmlspecialchars($scope), 'main_file' => htmlspecialchars($main_file), 'options_file' => htmlspecialchars($options_file), 'menu' => $menu, 'menu_ready' => $menu_ready, 'menu_icon' => $menu_icon, 'vars' => @unserialize($vars), 'description' => htmlspecialchars($description), 'update_checker' => htmlspecialchars($update_checker), 'version' => $version, 'uninstall_preview' => @unserialize($uninstall), 'visible' => $visible, 'date' => $date); } $stmt->close(); return $data; }
function edit_store_form($id) { global $LANG; if ($GLOBALS['me']) { if ($GLOBALS['me']->Stores > 0) { $store = \query\main::store_infos($id); if ($store->userID !== $GLOBALS['me']->ID) { return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>'; } /* */ $store_image = $store->image; $form = '<div class="edit_store_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) { $pd = \site\utils::validate_user_data($_POST['edit_store_form']); try { $post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd); $store_image = $post_info->image; $form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#" enctype="multipart/form-data"> <div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label> <div><select name="edit_store_form[category]" id="edit_store_form[category]">'; foreach (\query\main::group_categories(array('max' => 0)) as $cat) { $wcat = '<optgroup label="' . $cat['infos']->name . '">'; $wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>'; if (isset($cat['subcats'])) { foreach ($cat['subcats'] as $subcat) { $wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>'; } } $wcat .= '</optgroup>'; $form .= $wcat; } $form .= '</select></div> </div> <div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div> <div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div> <div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div> <div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div> <div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" /> <span>Note:* max width: 600px, max height: 400px.</span></div></div> <input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['edit_store_button'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>'; } } else { return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>'; } }
function contact_form($loc = '') { global $LANG; $form = '<div class="contact_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) { $pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; \user\main::send_contact($pd); $form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>'; unset($pd); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#widget_contact"> <div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div> <input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" /> <button>' . $LANG['send'] . '</button> </form> </div>'; return $form; }
public static function while_invoices($category = array()) { global $db; $categories = \site\utils::validate_user_data($category); $where = $orderby = $limit = array(); if (isset($categories['max'])) { if (!empty($categories['max'])) { $limit[] = $categories['max']; } } else { $page = !empty($_GET['page']) ? (int) $_GET['page'] : 1; $per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page'); $offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0; $limit[] = $offset; $limit[] = $per_page; } /* WHERE / ORDER BY */ if (!empty($categories['search'])) { $search = implode('.*', explode(' ', trim($categories['search']))); $where[] = 'CONCAT(t.gateway, t.transaction_id, t.details) REGEXP "' . \site\utils::dbp($search) . '"'; } if (isset($categories['show'])) { switch ($categories['show']) { case 'paid': $where[] = 'paid > 0'; break; case 'unpaid': $where[] = 'paid = 0'; break; case 'delivered': $where[] = 'delivered > 0'; break; case 'undelivered': $where[] = 'delivered = 0'; break; case 'undeliveredpayments': $where[] = 'paid > 0 AND delivered = 0'; } } if (!empty($categories['date'])) { $date = array_map('trim', explode(',', $categories['date'])); $where[] = 't.date >= FROM_UNIXTIME(' . \site\utils::dbp($date[0]) . ')'; if (isset($date[1])) { $where[] = 't.date <= FROM_UNIXTIME(' . \site\utils::dbp($date[1]) . ')'; } } if (isset($categories['orderby'])) { $order = array_map('trim', explode(',', strtolower($categories['orderby']))); foreach ($order as $v) { switch ($v) { case 'rand': $orderby[] = 'RAND()'; break; case 'date': $orderby[] = 't.date'; break; case 'date desc': $orderby[] = 't.date DESC'; break; case 'price': $orderby[] = 't.price'; break; case 'price desc': $orderby[] = 't.price DESC'; break; } } } /* */ $stmt = $db->stmt_init(); $stmt->prepare("SELECT t.id, t.user, u.name, u.avatar, t.gateway, t.price, t.transaction_id, t.state, t.details, t.lastupdate, t.paid, t.delivered, t.date FROM " . DB_TABLE_PREFIX . "p_transactions t LEFT JOIN " . DB_TABLE_PREFIX . "users u ON (u.id = t.user)" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit))); $stmt->execute(); $stmt->bind_result($id, $user, $user_name, $user_avatar, $gateway, $price, $transaction_id, $state, $details, $last_update, $paid, $delivered, $date); $data = array(); while ($stmt->fetch()) { $data[] = (object) array('ID' => $id, 'user' => $user, 'user_name' => $user_name, 'user_avatar' => $user_avatar, 'gateway' => htmlspecialchars($gateway), 'price' => $price, 'price_format' => sprintf(PRICE_FORMAT, \site\utils::money_format($price)), 'transaction_id' => htmlspecialchars($transaction_id), 'state' => htmlspecialchars($state), 'details' => htmlspecialchars($details), 'last_update' => $last_update, 'paid' => $paid, 'delivered' => $delivered, 'date' => $date); } $stmt->close(); return $data; }
public static function while_rewards_reqs($category = array()) { global $db; $categories = \site\utils::validate_user_data($category); $where = $orderby = $limit = array(); if (isset($categories['max'])) { if (!empty($categories['max'])) { $limit[] = $categories['max']; } } else { $page = !empty($_GET['page']) ? (int) $_GET['page'] : 1; $per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page'); $offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0; $limit[] = $offset; $limit[] = $per_page; } /* WHERE / ORDER BY */ if (!empty($categories['user'])) { $where[] = 'user = "******"'; } if (!empty($categories['reward'])) { $where[] = 'reward = "' . (int) $categories['reward'] . '"'; } if (!empty($categories['search'])) { $search = implode('.*', explode(' ', trim($categories['search']))); $where[] = 'fields REGEXP "' . \site\utils::dbp($search) . '"'; } if (isset($categories['show'])) { $show = strtolower($categories['show']); switch ($show) { case 'valid': $where[] = 'claimed = 1'; break; case 'notvalid': $where[] = 'claimed = 0'; break; } } if (isset($categories['orderby'])) { $order = array_map('trim', explode(',', strtolower($categories['orderby']))); foreach ($order as $v) { switch ($v) { case 'rand': $orderby[] = 'RAND()'; break; case 'date': $orderby[] = 'date'; break; case 'date desc': $orderby[] = 'date DESC'; break; case 'points': $orderby[] = 'points'; break; case 'points desc': $orderby[] = 'points DESC'; break; } } } /* */ $stmt = $db->stmt_init(); $stmt->prepare("SELECT id, name, user, points, reward, (SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "rewards WHERE id = r.reward), fields, claimed, date FROM " . DB_TABLE_PREFIX . "rewards_reqs r" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit))); $stmt->execute(); $stmt->bind_result($id, $name, $user, $points, $reward, $reward_exists, $fields, $claimed, $date); $data = array(); while ($stmt->fetch()) { $data[] = (object) array('ID' => $id, 'name' => htmlspecialchars($name), 'user' => $user, 'points' => $points, 'reward' => $reward, 'reward_exists' => $reward_exists > 0 ? 1 : 0, 'fields' => @unserialize($fields), 'claimed' => $claimed, 'date' => $date); } $stmt->close(); return $data; }
<?php if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_register']) { $response = array(); $pd = \site\utils::validate_user_data($_POST['register']); try { $session = \user\main::register($pd); $response['state'] = 'success'; $response['message'] = $LANG['register_success']; $response['session'] = $GLOBALS['siteURL'] . '/setSession.php?session=' . $session; unset($_SESSION['csrf']['ajax_register']); } catch (Exception $e) { $response['state'] = 'error'; $response['message'] = $e->getMessage(); } echo json_encode($response); }
<?php if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_subscribe']) { $response = array(); $pd = \site\utils::validate_user_data($_POST['subscribe']); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; $type = \user\main::subscribe($id, $pd); $response['state'] = 'success'; $response['message'] = $type == 1 ? sprintf($LANG['newsletter_reqconfirm'], $pd['email']) : $LANG['newsletter_success']; unset($_SESSION['csrf']['ajax_subscribe']); } catch (Exception $e) { $response['state'] = 'error'; $response['message'] = $e->getMessage(); } echo json_encode($response); }
<div class="sign_in"> <div class="wrapper"> <?php $form = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) { $pd = \site\utils::validate_user_data($_POST['login_form']); try { $session = \user\main::login($pd, 1); $form .= '<div class="success">' . $LANG['login_success'] . '</div>'; $form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12); echo $form; ?> <form action="#" method="POST"> <input type="text" name="login_form[username]" value="<?php echo isset($pd['username']) ? htmlspecialchars($pd['username']) : ''; ?> " placeholder="<?php echo $LANG['form_email']; ?> " required /> <input type="password" name="login_form[password]" placeholder="<?php echo $LANG['form_password']; ?>
$form .= '<div class="success">' . $LANG['reset_pwd_success'] . '</div>'; \user\mail_sessions::clear('password_recovery', array('user' => $_GET['uid'])); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12); $form .= '<form action="#" method="POST"> <input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required /> <input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required /> <button>' . $LANG['reset_pwd_button'] . '</button> <input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" /> </form>'; } else { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) { $pd = \site\utils::validate_user_data($_POST['forgot_password_form']); try { \user\main::recovery_password($_POST['forgot_password_form'], '../', 1); $form .= '<div class="success">' . $LANG['fp_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12); $form .= '<form action="#" method="POST"> <input type="text" name="forgot_password_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required /> <button>' . $LANG['recovery'] . '</button> <input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" /> </form>'; } echo $form;
public static function while_head_lines($category = array()) { global $db; $categories = \site\utils::validate_user_data($category); $where = $orderby = $limit = array(); if (isset($categories['max'])) { if (!empty($categories['max'])) { $limit[] = $categories['max']; } } else { $page = !empty($_GET['page']) ? (int) $_GET['page'] : 1; $per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page'); $offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0; $limit[] = $offset; $limit[] = $per_page; } /* WHERE / ORDER BY */ if (!empty($categories['search'])) { $search = implode('.*', explode(' ', trim($categories['search']))); $where[] = 'CONCAT(text, plugin) REGEXP "' . \site\utils::dbp($search) . '"'; } if (isset($categories['show'])) { switch ($categories['show']) { case 'admin': $where[] = 'admin > 0'; break; case 'theme': $where[] = 'theme > 0'; break; } } if (isset($categories['orderby'])) { $order = array_map('trim', explode(',', strtolower($categories['orderby']))); foreach ($order as $v) { switch ($v) { case 'date': $orderby[] = 'date'; break; case 'date desc': $orderby[] = 'date DESC'; break; } } } /* */ $stmt = $db->stmt_init(); $stmt->prepare("SELECT id, text, admin, theme, plugin, date FROM " . DB_TABLE_PREFIX . "head" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit))); $stmt->execute(); $stmt->bind_result($id, $text, $admin, $theme, $plugin, $date); $data = array(); while ($stmt->fetch()) { $data[] = (object) array('ID' => $id, 'text' => $text, 'admin' => $admin, 'theme' => $theme, 'plugin' => $plugin, 'date' => $date); } $stmt->close(); return $data; }