} } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'categories_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_category($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } $csrf = $_SESSION['categories_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off" novalidate> <input type="hidden" name="route" value="categories.php" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'name' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> <input type="hidden" name="action" value="list" />
} } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'pages_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_page($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } $csrf = $_SESSION['feed_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="feed.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> '; try { $category = $feed->categories(); echo '<select name="category">
public static function unsubscribe($post) { global $db, $LANG; $post = array_map('trim', $post); if (!isset($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) { throw new \Exception($LANG['newsletter_usevalide']); } else { $stmt = $db->stmt_init(); $stmt->prepare("SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "newsletter WHERE email = ?"); $stmt->bind_param("s", $post['email']); $stmt->bind_result($count); $stmt->execute(); $stmt->fetch(); $stmt->close(); if ($count == 0) { throw new \Exception($LANG['uunsubscr_notsubscr']); } if (\query\main::get_option('unsubscr_confirm_req')) { $session = md5(\site\utils::str_random(15)); if (\user\mail_sessions::insert('unsubscription', array('email' => $post['email'], 'session' => $session)) && \site\mail::send($post['email'], $LANG['email_unsub_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'confirm_unsubscription'), array('confirmation_main_text' => $LANG['email_unsub_maintext'], 'confirmation_button' => $LANG['email_unsub_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('action' => 'unsubscribe2', 'email' => $post['email'], 'token' => $session))))) { return 1; } else { throw new \Exception($LANG['msg_error']); } } else { // auto-unsubscribe $stmt = $db->stmt_init(); $stmt->prepare("DELETE FROM " . DB_TABLE_PREFIX . "newsletter WHERE email = ?"); $stmt->bind_param("s", $post['email']); $execute = $stmt->execute(); $stmt->close(); if ($execute) { return 2; } else { throw new \Exception($LANG['msg_error']); } } } }
} } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_item($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['coupons_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="coupons.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'views' => $LANG['order_views'], 'views desc' => $LANG['order_views_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc'], 'active' => $LANG['order_expiration'], 'active DESC' => $LANG['order_expiration_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> <select name="category"> <option value="">' . $LANG['all_categories'] . '</option>';
echo '<div class="title"> <h2>' . $LANG['settings_general_title'] . '</h2>'; if (!empty($LANG['settings_general_subtitle'])) { echo '<span>' . $LANG['settings_general_subtitle'] . '</span>'; } echo '</div>'; if (isset($_SESSION['js_settings'])) { if (isset($_GET['success']) && $_GET['success'] == 'true') { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['settings_save_error'] . '</div>'; } unset($_SESSION['js_settings']); } $csrf = $_SESSION['settings_csrf'] = \site\utils::str_random(10); echo '<div class="form-table"> <form action="?route=post-actions.php&action=general-settings" method="POST"> <div class="row"><span>' . $LANG['settings_form_sitename'] . ':</span><div><input type="text" name="sitename" value="' . htmlspecialchars(\query\main::get_option('sitename')) . '" /></div></div> <div class="row"><span>' . $LANG['settings_form_siteurl'] . ':</span><div><input type="text" name="siteurl" value="' . htmlspecialchars(\query\main::get_option('siteurl')) . '" /></div></div> <div class="row"><span>' . $LANG['settings_form_sitedesc'] . ':</span><div><textarea name="description">' . \query\main::get_option('sitedescription') . '</textarea></div></div> <div class="row"><span>' . $LANG['settings_form_itemspp'] . ':</span><div><input type="number" name="ipp" value="' . (int) \query\main::get_option('items_per_page') . '" /></div></div> <div class="row"><span>' . $LANG['settings_form_userregs'] . ':</span> <div> <select name="registrations"><option value="opened">' . $LANG['settings_select_opened'] . '</option><option value="closed"' . (\query\main::get_option('registrations') != 'opened' ? ' selected' : '') . '>' . $LANG['settings_select_closed'] . '</option></select> </div></div> <div class="row"><span>' . $LANG['settings_form_accpip'] . ':</span>
function contact_form($loc = '') { global $LANG; $form = '<div class="contact_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) { $pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; \user\main::send_contact($pd); $form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>'; unset($pd); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#widget_contact"> <div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div> <input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" /> <button>' . $LANG['send'] . '</button> </form> </div>'; return $form; }
<div style="text-align: right; margin-bottom: 10px;"> <a href="<?php echo tlink('user/claim-history'); ?> " class="btn">Claims History</a> </div> <?php if (($pagination = have_rewards(array('show' => 'active'))) && $pagination['results'] > 0) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && \site\utils::check_csrf($_POST['csrf'], 'claim_reward')) { echo create_reward_request(); // without this function rewards can't be claimed } $csrf = $_SESSION['claim_reward'] = \site\utils::str_random(12); echo '<div>'; foreach (rewards(array('show' => 'active', 'orderby' => 'points')) as $item) { echo '<section class="array_item twopl"> <div class="table"> <div class="left"> <img src="' . reward_avatar($item->image) . '" alt="" style="height: 60px; width: 60px;"> </div> <div class="right"> <div class="title">' . $item->title . '</div> <div class="info">Requires: <b style="color: #0086CE; font-weight: 900;">' . $item->points . '</b> Points</div> <div class="description">' . (!empty($item->description) ? nl2br($item->description) : '-') . '</div> </div>
$sendy_template_root = substr($_POST['sendy_template_root'], -1) == '/' ? $_POST['sendy_template_root'] : $_POST['sendy_template_root'] . '/'; $sendy_query_string = isset($_POST['sendy_query_string']) ? $_POST['sendy_query_string'] : ''; if (actions::set_option(array('sendy_query_string' => $sendy_query_string, 'sendy_brand_id' => $_POST['sendy_brand_id'], 'sendy_list_id' => $_POST['sendy_list_id'], 'sendy_reply_to' => $_POST['sendy_reply_to'], 'sendy_from_email' => $_POST['sendy_from_email'], 'sendy_from_name' => $_POST['sendy_from_name'], 'sendy_api_key' => $_POST['sendy_api_key'], 'sendy_url' => $sendy_url, 'sendy_template_root' => $sendy_template_root))) { echo '<div class="a-success">Saved!</div>'; } else { echo '<div class="a-error">Error!</div>'; } } else { echo '<div class="a-error">Param Error (' . isset($_POST['sendy_brand_id']) . ',' . isset($_POST['sendy_list_id']) . ',' . isset($_POST['sendy_reply_to']) . ',' . isset($_POST['sendy_from_email']) . ',' . isset($_POST['sendy_from_name']) . ',' . isset($_POST['sendy_api_key']) . ',' . isset($_POST['sendy_url']) . ')</div>'; } } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo '<div class="a-error">Signature Error</div'; } } $csrf = $_SESSION['slider_csrf'] = \site\utils::str_random(10); switch ($_GET['action']) { default: echo ' <div class="title"> <h2>Sendy settings</h2> <span>Modify Sendy settings</span> </div> '; echo '<form action="#" method="POST"> <div class="form-table">
</li>'; } echo '</ul> </div> <div class="el-two">'; if (ab_to(array('chat' => 'view'))) { echo '<section class="el-row"> <h2>' . $LANG['chat_title'] . ' <a href="#" class="updown" data-set="chat">' . (isset($_SESSION['ses_set']['chat']) && ($show_chat = $_SESSION['ses_set']['chat']) ? 'S' : 'R') . '</a></h2> <div class="el-row-body"' . (!empty($show_chat) ? ' style="display: none;"' : '') . '> <div id="post-chat">'; $chat_csrf = \site\utils::str_random(10); if (ab_to(array('chat' => 'add'))) { echo '<form action="#" method="POST"> <input type="text" name="text" value="" placeholder="' . $LANG['chat_write_input'] . '" /> <button class="btn">' . $LANG['chat_write_button'] . '</button> <a href="#" class="btn useggfont" title="Reload">Z</a> <input type="hidden" name="chat_csrf" value="' . $chat_csrf . '" /> </form>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['chat_csrf']) && check_csrf($_POST['chat_csrf'], 'chat_csrf') && isset($_POST['text'])) { actions::post_chat_message($_POST['text']); } } $_SESSION['chat_csrf'] = $chat_csrf;
<div class="wrapper"> <?php $form = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) { $pd = \site\utils::validate_user_data($_POST['login_form']); try { $session = \user\main::login($pd, 1); $form .= '<div class="success">' . $LANG['login_success'] . '</div>'; $form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12); echo $form; ?> <form action="#" method="POST"> <input type="text" name="login_form[username]" value="<?php echo isset($pd['username']) ? htmlspecialchars($pd['username']) : ''; ?> " placeholder="<?php echo $LANG['form_email']; ?> " required /> <input type="password" name="login_form[password]" placeholder="<?php echo $LANG['form_password']; ?> " required />
<input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required /> <input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required /> <button>' . $LANG['reset_pwd_button'] . '</button> <input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" /> </form>'; } else { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) { $pd = \site\utils::validate_user_data($_POST['forgot_password_form']); try { \user\main::recovery_password($_POST['forgot_password_form'], '../', 1); $form .= '<div class="success">' . $LANG['fp_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12); $form .= '<form action="#" method="POST"> <input type="text" name="forgot_password_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required /> <button>' . $LANG['recovery'] . '</button> <input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" /> </form>'; } echo $form; ?> <div style="margin: 20px 0 0 0; text-align: center;"> <a href="?">← <?php echo $LANG['login']; ?> </a> </div>
} } } else { if ($_GET['type'] == 'read' || $_GET['type'] == 'unread') { if (isset($_GET['id'])) { if (actions::action_suggestions($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['suggestions_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="suggestions.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> <select name="view">'; foreach (array('' => $LANG['all_suggestions'], 'read' => $LANG['view_read'], 'notread' => $LANG['view_unread']) as $k => $v) {
public static function add_user($opt = array()) { global $db, $LANG; if (!ab_to(array('users' => 'add'))) { return false; } $opt = \site\utils::array_map_recursive('trim', $opt); if (empty($opt['name']) || empty($opt['email']) || empty($opt['password'])) { return false; } $stmt = $db->stmt_init(); $stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "users (name, email, password, avatar, points, credits, privileges, erole, subscriber, valid, date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())"); $avatar = \site\images::upload(@$_FILES['logo'], 'avatar_', array('path' => DIR . '/', 'max_size' => 1024, 'max_width' => 500, 'max_height' => 600, 'current' => '')); $password = md5($opt['password']); $stmt->bind_param("ssssiiisii", $opt['name'], $opt['email'], $password, $avatar, $opt['points'], $opt['credits'], $opt['privileges'], @serialize($opt['erole']), $opt['subscriber'], $opt['confirm']); if ($stmt->execute()) { if (!$opt['confirm']) { $stmt->prepare("SELECT id FROM " . DB_TABLE_PREFIX . "users WHERE email = ?"); $stmt->bind_param("s", $opt['email']); $stmt->execute(); $stmt->bind_result($id); $stmt->fetch(); $stmt->close(); $cofirm_session = md5(\site\utils::str_random(15)); if (\user\mail_sessions::insert('confirmation', array('user' => $id, 'session' => $cofirm_session))) { \site\mail::send($opt['email'], $LANG['email_acc_title'] . ' - ' . \query\main::get_option('sitename'), array('template' => 'account_confirmation', 'path' => '../'), array('hello_name' => sprintf($LANG['email_text_hello'], $opt['name']), 'confirmation_main_text' => $LANG['email_acc_maintext'], 'confirmation_button' => $LANG['email_acc_button'], 'link' => \site\utils::update_uri($GLOBALS['siteURL'] . 'verify.php', array('user' => $id, 'token' => $cofirm_session)))); } } return true; } $stmt->close(); return false; }
} } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_plugin($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['plugins_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="plugins.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> <select name="type"> <option value="">' . $LANG['all_plugins'] . '</option>';
} else { if ($coupon_p['couponID'] > 0) { echo '<div class="a-alert">Sorry, the coupon is already imported.</div>'; } else { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['coupon'])) { if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'cjapi_csrf')) { $data = array('store' => $store_p['storeID'], 'category' => $_POST['coupon']['Category'], 'popular' => isset($_POST['coupon']['Popular']) ? true : false, 'exclusive' => isset($_POST['coupon']['Exclusive']) ? true : false, 'name' => $_POST['coupon']['Title'], 'url' => !isset($_POST['coupon']['Ownlink']) && isset($_POST['coupon']['Link']) && filter_var($_POST['coupon']['Link'], FILTER_VALIDATE_URL) ? $_POST['coupon']['Link'] : '', 'code' => $_POST['coupon']['Code'], 'description' => $_POST['coupon']['Description'], 'tags' => $_POST['coupon']['Tags'], 'start_on' => implode($_POST['coupon']['SD'], ', '), 'end_on' => implode($_POST['coupon']['ED'], ', '), 'publish' => isset($_POST['coupon']['Publish']) ? true : false, 'meta_title' => $_POST['coupon']['MTitle'], 'meta_desc' => $_POST['coupon']['MDesc']); if (\plugin\Popshop\inc\actions::add_item(array(array_merge($coupon_p, $data))) > 0) { echo '<div class="a-success">Added!</div><button class="btn" onclick="window.history.go(-2);">Back</button>'; return; } else { echo '<div class="a-error">Error!</div>'; } } } $csrf = $_SESSION['cjapi_csrf'] = \site\utils::str_random(10); $store = \plugin\Popshop\inc\actions::get_import_store($store_p['storeID']); echo '<div class="form-table"> <form action="#" method="POST" autocomplete="off"> <div class="row"><span>Category:</span> <div><select name="coupon[Category]">'; foreach (\query\main::group_categories(array('max' => 0)) as $cat) { echo '<optgroup label="' . $cat['infos']->name . '">'; echo '<option value="' . $cat['infos']->ID . '"' . ($store['category'] == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>'; if (isset($cat['subcats'])) { foreach ($cat['subcats'] as $subcat) { echo '<option value="' . $subcat->ID . '"' . ($store['category'] == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>'; } } echo '</optgroup>';
echo '<div class="a-success">' . $LANG['msg_added'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_GET['delete'])) { if (actions::delete_widget($zone_id, $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } $token = $_SESSION['widgets_csrf'] = \site\utils::str_random(10); /* */ $zone_widgets = \query\main::show_widgets($zone_id, '../'); /* */ echo '<div class="form-table"> <ul class="elements-list el-two"> <li class="head">' . $LANG['widgets_available'] . '</li>'; $available = widgets::available_list(); foreach ($available as $ID => $widget) { echo '<li> <div class="info-div">' . htmlspecialchars($widget['name']) . '</div> <div class="options"> <a href="?route=widgets.php&zone=' . $zone_id . '&id=' . $ID . '&add&token=' . $token . '">' . $LANG['add'] . '</a> </div>';
<section class="msg">'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['token']) && isset($_POST['email']) && \site\utils::check_csrf($_POST['token'], 'sendunsubscr_csrf')) { try { $type = \user\main::unsubscribe(array('email' => $_POST['email'])); if ($type == 1) { echo '<div class="success">' . sprintf($LANG['uunsubscr_reqsent'], $_POST['email']) . '</div>'; } else { echo '<div class="success">' . $LANG['uunsubscr_ok'] . '</div>'; } } catch (Exception $e) { echo '<div class="error">' . $e->getMessage() . '</div>'; } } } $csrf = $_SESSION['sendunsubscr_csrf'] = \site\utils::str_random(10); echo '<h2 style="color: #000;">' . $LANG['uunsubscr_title'] . '</h2> ' . sprintf($LANG['uunsubscr_body'], '<span id="seconds">5</span>') . ' <br /><br /> <form method="POST" action="#" autocomplete="off"> <input type="email" name="email" value="' . (isset($_GET['email']) ? htmlspecialchars($_GET['email']) : '') . '" required /> <input type="hidden" name="token" value="' . $csrf . '" /> <button>Unsubscribe me</button> </form> <br /><br /> <a href="index.php">' . $LANG['cancel'] . '</a> </section> </body> </html>'; die; } else { if (isset($_GET['action']) && isset($_GET['email']) && isset($_GET['token']) && $_GET['action'] == 'unsubscribe2' && \user\mail_sessions::check('unsubscription', array('email' => $_GET['email'], 'session' => $_GET['token']))) { $stmt = $db->stmt_init();
} } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'rewards_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_reward($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } $csrf = $_SESSION['rewards_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="rewards.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'points' => $LANG['order_points'], 'points desc' => $LANG['order_points_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select>'; if (isset($_GET['search'])) { echo '<input type="hidden" name="search" value="' . htmlspecialchars($_GET['search']) . '" />'; }
} } } else { if ($_GET['type'] == 'verify' || $_GET['type'] == 'unverify') { if (isset($_GET['id'])) { if (actions::action_user($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['users_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="users.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'action' => $LANG['order_action'], 'action desc' => $LANG['order_action_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'visits' => $LANG['order_visits'], 'visits desc' => $LANG['order_visits_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> <select name="view"> <option value="">' . $LANG['all_users'] . '</option>';
function edit_store_form($id) { global $LANG; if ($GLOBALS['me']) { if ($GLOBALS['me']->Stores > 0) { $store = \query\main::store_infos($id); if ($store->userID !== $GLOBALS['me']->ID) { return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>'; } /* */ $store_image = $store->image; $form = '<div class="edit_store_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) { $pd = \site\utils::validate_user_data($_POST['edit_store_form']); try { $post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd); $store_image = $post_info->image; $form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#" enctype="multipart/form-data"> <div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label> <div><select name="edit_store_form[category]" id="edit_store_form[category]">'; foreach (\query\main::group_categories(array('max' => 0)) as $cat) { $wcat = '<optgroup label="' . $cat['infos']->name . '">'; $wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>'; if (isset($cat['subcats'])) { foreach ($cat['subcats'] as $subcat) { $wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>'; } } $wcat .= '</optgroup>'; $form .= $wcat; } $form .= '</select></div> </div> <div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div> <div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div> <div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div> <div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div> <div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" /> <span>Note:* max width: 600px, max height: 400px.</span></div></div> <input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['edit_store_button'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>'; } } else { return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>'; } }
} } } else { if (in_array($_GET['type'], array('paid', 'unpaid', 'delivered', 'undelivered'))) { if (isset($_GET['id'])) { if (actions::action_payment($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['payments_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="payments.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'price' => $LANG['order_price'], 'price desc' => $LANG['order_price_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> '; echo '<select name="view">'; foreach (array('' => $LANG['all_invoices'], 'paid' => $LANG['view_paid'], 'unpaid' => $LANG['view_unpaid'], 'delivered' => $LANG['view_delivered'], 'undelivered' => $LANG['view_undelivered'], 'undeliveredpayments' => $LANG['view_paidandundelivered']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['view']) && $_GET['view'] == $k ? ' selected' : '') . '>' . $v . '</option>';
} } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_store($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['stores_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="stores.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'votes' => $LANG['order_votes'], 'votes desc' => $LANG['order_votes_desc'], 'rating' => $LANG['order_rating'], 'rating desc' => $LANG['order_rating_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> <select name="category"> <option value="">' . $LANG['all_categories'] . '</option>';
} } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_product($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } $csrf = $_SESSION['products_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="products.php" /> <input type="hidden" name="action" value="list" /> ' . $LANG['order_by'] . ': <select name="orderby">'; foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc'], 'name' => $LANG['order_name'], 'name desc' => $LANG['order_name_desc'], 'views' => $LANG['order_views'], 'views desc' => $LANG['order_views_desc'], 'update' => $LANG['order_last_update'], 'update desc' => $LANG['order_last_update_desc'], 'active' => $LANG['order_expiration'], 'active DESC' => $LANG['order_expiration_desc']) as $k => $v) { echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>'; } echo '</select> <select name="category"> <option value="">' . $LANG['all_categories'] . '</option>';