} else {
$error_mss .= '.</p>';
}
$error_array[] = $error_mss;
}
$password_reset = false;
$email_sent = false;
$email_verified = false;
if (isset($_SESSION['key_confirmed'])) {
$email_verified = true;
} else {
if (isset($_GET['key'])) {
// check key against db
// if good set $email_verified to true and mark in db as used
// also get email of request to double check, put in session
$checked_request = check_request($_GET['key'], $db);
// if not good throw error.
// this will include expired keys
if ($checked_request[0]) {
// set key variable in session so typos don't force new request
$_SESSION['key_confirmed'] = true;
$email_verified = true;
} else {
$error_array[] = $checked_request[1];
}
}
}
if (isset($_POST['email'])) {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
// check whether email belongs to an account
// if so create request in DB and send password email
<?php
$class_name = "InvoiceActual";
if (isset($_GET['id'])) {
$post_link = $_SERVER["PHP_SELF"] . "?id=" . urldecode($_GET['id']);
$page = "Update";
$page1 = "Update ";
$text_post = "Updated";
$text_post1 = "update";
} else {
$post_link = $_SERVER["PHP_SELF"];
$page = "New";
$page1 = "Add New ";
$text_post = "created";
$text_post1 = "creation";
}
check_request();
if (request_is_post() && request_is_same_domain()) {
if (!csrf_token_is_valid() || !csrf_token_is_recent()) {
$message = "Sorry, request was not valid.";
} else {
$new_item = new $class_name();
$expected_fields = $class_name::get_table_field();
foreach ($expected_fields as $field) {
if (isset($_POST[$field])) {
$new_item->{$field} = trim($_POST[$field]);
}
}
//todo complete valid like pseudo
$valid = $new_item->form_validation();
if (empty($valid->errors)) {
if ($new_item->save()) {
