function contact_form($loc = '') { global $LANG; $form = '<div class="contact_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) { $pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; \user\main::send_contact($pd); $form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>'; unset($pd); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#widget_contact"> <div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div> <input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" /> <button>' . $LANG['send'] . '</button> </form> </div>'; return $form; }
<?php if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_register']) { $response = array(); $pd = \site\utils::validate_user_data($_POST['register']); try { $session = \user\main::register($pd); $response['state'] = 'success'; $response['message'] = $LANG['register_success']; $response['session'] = $GLOBALS['siteURL'] . '/setSession.php?session=' . $session; unset($_SESSION['csrf']['ajax_register']); } catch (Exception $e) { $response['state'] = 'error'; $response['message'] = $e->getMessage(); } echo json_encode($response); }
function edit_store_form($id) { global $LANG; if ($GLOBALS['me']) { if ($GLOBALS['me']->Stores > 0) { $store = \query\main::store_infos($id); if ($store->userID !== $GLOBALS['me']->ID) { return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>'; } /* */ $store_image = $store->image; $form = '<div class="edit_store_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) { $pd = \site\utils::validate_user_data($_POST['edit_store_form']); try { $post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd); $store_image = $post_info->image; $form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#" enctype="multipart/form-data"> <div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label> <div><select name="edit_store_form[category]" id="edit_store_form[category]">'; foreach (\query\main::group_categories(array('max' => 0)) as $cat) { $wcat = '<optgroup label="' . $cat['infos']->name . '">'; $wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>'; if (isset($cat['subcats'])) { foreach ($cat['subcats'] as $subcat) { $wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>'; } } $wcat .= '</optgroup>'; $form .= $wcat; } $form .= '</select></div> </div> <div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div> <div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div> <div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div> <div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div> <div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" /> <span>Note:* max width: 600px, max height: 400px.</span></div></div> <input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['edit_store_button'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>'; } } else { return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>'; } }
use Facebook\FacebookRequest; use Facebook\FacebookResponse; use Facebook\FacebookSDKException; use Facebook\FacebookRequestException; use Facebook\FacebookAuthorizationException; use Facebook\GraphObject; use Facebook\GraphUser; use Facebook\Entities\AccessToken; use Facebook\HttpClients\FacebookCurlHttpClient; use Facebook\HttpClients\FacebookHttpable; FacebookSession::setDefaultApplication(\query\main::get_option('facebook_appID'), \query\main::get_option('facebook_secret')); $helper = new FacebookRedirectLoginHelper($GLOBALS['siteURL'] . '?plugin=' . $_GET['plugin']); try { $session = $helper->getSessionFromRedirect(); } catch (FacebookRequestException $ex) { echo $ex->getMessage(); } catch (Exception $ex) { echo $ex->getMessage(); } if (isset($session)) { $me = (new FacebookRequest($session, 'GET', '/me'))->execute()->getGraphObject(GraphUser::className())->asArray(); if (!isset($me['email']) || !filter_var($me['email'], FILTER_VALIDATE_EMAIL)) { echo 'Your facebook account it\'s not associated with a valid email address.'; die; } header('Location: ' . $GLOBALS['siteURL'] . 'setSession.php?session=' . \user\main::insert_user(array('username' => $me['name'], 'email' => $me['email']), true, true)); } else { if (empty($_GET['code'])) { header('Location:' . $helper->getLoginUrl(array('scope' => 'email'))); } }
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="robots" content="noindex, nofollow"> <title>' . $LANG['uunsubscr_metatitle'] . '</title> <link href="//fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900" rel="stylesheet" /> <link href="' . MISCDIR . '/verify.css" media="all" rel="stylesheet" /> </head> <body> <section class="msg">'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['token']) && isset($_POST['email']) && \site\utils::check_csrf($_POST['token'], 'sendunsubscr_csrf')) { try { $type = \user\main::unsubscribe(array('email' => $_POST['email'])); if ($type == 1) { echo '<div class="success">' . sprintf($LANG['uunsubscr_reqsent'], $_POST['email']) . '</div>'; } else { echo '<div class="success">' . $LANG['uunsubscr_ok'] . '</div>'; } } catch (Exception $e) { echo '<div class="error">' . $e->getMessage() . '</div>'; } } } $csrf = $_SESSION['sendunsubscr_csrf'] = \site\utils::str_random(10); echo '<h2 style="color: #000;">' . $LANG['uunsubscr_title'] . '</h2> ' . sprintf($LANG['uunsubscr_body'], '<span id="seconds">5</span>') . ' <br /><br /> <form method="POST" action="#" autocomplete="off"> <input type="email" name="email" value="' . (isset($_GET['email']) ? htmlspecialchars($_GET['email']) : '') . '" required />
<div class="sign_in"> <div class="wrapper"> <?php $form = ''; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) { $pd = \site\utils::validate_user_data($_POST['login_form']); try { $session = \user\main::login($pd, 1); $form .= '<div class="success">' . $LANG['login_success'] . '</div>'; $form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12); echo $form; ?> <form action="#" method="POST"> <input type="text" name="login_form[username]" value="<?php echo isset($pd['username']) ? htmlspecialchars($pd['username']) : ''; ?> " placeholder="<?php echo $LANG['form_email']; ?> " required /> <input type="password" name="login_form[password]" placeholder="<?php echo $LANG['form_password']; ?>
<?php if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_subscribe']) { $response = array(); $pd = \site\utils::validate_user_data($_POST['subscribe']); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; $type = \user\main::subscribe($id, $pd); $response['state'] = 'success'; $response['message'] = $type == 1 ? sprintf($LANG['newsletter_reqconfirm'], $pd['email']) : $LANG['newsletter_success']; unset($_SESSION['csrf']['ajax_subscribe']); } catch (Exception $e) { $response['state'] = 'error'; $response['message'] = $e->getMessage(); } echo json_encode($response); }
<?php if (isset($_GET['action']) && $GLOBALS['me']) { switch ($_GET['action']) { case 'addFavorite': $answer = \user\main::favorite($GLOBALS['me']->ID, $_GET['id'], 'add'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo json_encode(array('answer' => $answer ? true : false)); die; } else { header('Location: ' . (isset($_GET['backto']) ? htmlspecialchars($_GET['backto']) : $GLOBALS['siteURL'])); die; } break; case 'remFavorite': $answer = \user\main::favorite($GLOBALS['me']->ID, $_GET['id'], 'remove'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo json_encode(array('answer' => $answer ? true : false)); die; } else { header('Location: ' . (isset($_GET['backto']) ? htmlspecialchars($_GET['backto']) : $GLOBALS['siteURL'])); die; } break; } }
<?php if (\user\main::logout()) { echo '<div style="text-align: center; margin-top: 20px;"> <h2>' . $LANG['msg_loggiout'] . '</h2>'; } echo '<meta http-equiv="refresh" content="1; url=index.php"> </div>';
} catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12); $form .= '<form action="#" method="POST"> <input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required /> <input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required /> <button>' . $LANG['reset_pwd_button'] . '</button> <input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" /> </form>'; } else { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) { $pd = \site\utils::validate_user_data($_POST['forgot_password_form']); try { \user\main::recovery_password($_POST['forgot_password_form'], '../', 1); $form .= '<div class="success">' . $LANG['fp_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12); $form .= '<form action="#" method="POST"> <input type="text" name="forgot_password_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required /> <button>' . $LANG['recovery'] . '</button> <input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" /> </form>'; } echo $form; ?>
public static function favorite($id, $store, $type = 'add') { global $db; if ($type == 'add') { if (!\user\main::check_favorite($id, $store)) { $stmt = $db->stmt_init(); $stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "favorite (user, store, date) VALUES (?, ?, NOW())"); $stmt->bind_param("ii", $id, $store); $execute = $stmt->execute(); $stmt->close(); if ($execute) { return true; } else { return false; } } } else { if ($type == 'remove') { $stmt = $db->stmt_init(); $stmt->prepare("DELETE FROM " . DB_TABLE_PREFIX . "favorite WHERE user = ? AND store = ?"); $stmt->bind_param("ii", $id, $store); $execute = $stmt->execute(); $stmt->close(); if ($execute) { return true; } else { return false; } } } return false; }
public function execute() { if (file_exists(THEMES_LOC . '/' . $this->template . '/functions.php')) { include THEMES_LOC . '/' . $this->template . '/functions.php'; } if ($redirect_to = \user\main::banned()) { if (!filter_var($redirect_to, FILTER_VALIDATE_URL)) { header('HTTP/1.0 403 Forbidden'); } else { header('Location: ' . $redirect_to); } die; } if (isset($_GET['ref'])) { setcookie('referrer', (int) $_GET['ref'], strtotime('+30 days')); } switch ($this->page_type) { case 'page': $this->page_page(); break; case 'single': $this->page_single(); break; case 'product': $this->page_product(); break; case 'category': $this->page_category(); break; case 'search': $this->page_search(); break; case 'store': $this->page_store(); break; case 'stores': $this->page_stores(); break; case 'reviews': $this->page_reviews(); break; case 'user': $this->page_user($this->id); break; case 'tpage': $this->page_tpage($this->id); break; case 'ajax': $this->ajax($this->id); break; case 'cron': $this->cron($this->id); break; case 'plugin': $this->plugin($this->id); break; default: $this->page_index(); break; } }