if (!empty($LANG['categories_subtitle'])) {
echo '<span>' . $LANG['categories_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'categories_csrf')) {
if (isset($_POST['delete'])) {
if (isset($_POST['id'])) {
if (actions::delete_category(array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'categories_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_category($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['categories_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off" novalidate>
if (!empty($LANG['banned_subtitle'])) {
echo '<span>' . $LANG['banned_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'banned_csrf')) {
if (isset($_POST['delete'])) {
if (isset($_POST['id'])) {
if (actions::delete_banned(array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'banned_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_banned($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['banned_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<?php
if (!$GLOBALS['me']->is_admin) {
die;
}
if (isset($_GET['csrf']) && ($_GET['csrf'] == \query\main::get_option('cron_secret') || check_csrf($_GET['csrf'], 'slider_csrf'))) {
//do sync
$nofav = $_GET['nofav'];
$fav = $_GET['fav'];
$fav_anchor = $_GET['fav_anchor'];
$favitem = $_GET['favdeal'];
$favsale = $_GET['favsale'];
$root = $_GET['root'];
$template = $_GET['template'];
$template_nofav = file_get_contents($root . $nofav);
$template_fav = file_get_contents($root . $fav);
$template_favitem = file_get_contents($root . $favitem);
$template_favsale = file_get_contents($root . $favsale);
$now = date("Y-m-d H:i:s");
$seo_link = defined('SEO_LINKS') && SEO_LINKS ? true : false;
$seo_link_coupon = \query\main::get_option('seo_link_coupon');
$seo_link_product = \query\main::get_option('seo_link_product');
$seo_link_store = \query\main::get_option('seo_link_store');
$sendy_url = \query\main::get_option('sendy_url') . 'subscribe';
$sendy_list_id = \query\main::get_option('sendy_list_id');
$userdata = array();
$coupondata = array();
//list subscribers
$stmt = $db->stmt_init();
$search = "SELECT id,name,email FROM users WHERE " . DB_TABLE_PREFIX . "subscriber>0 and valid>0 and email<>''";
$stmt->prepare($search);
<input type="hidden" name="csrf" value="' . $csrf . '" />
</form>';
break;
/** SOCIAL NETWORKS */
/** SOCIAL NETWORKS */
case 'socialacc':
echo '<div class="title">
<h2>' . $LANG['settings_general_title'] . '</h2>';
if (!empty($LANG['settings_socnet_subtitle'])) {
echo '<span>' . $LANG['settings_socnet_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['post']) && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'settings_csrf')) {
$post = array_map(function ($w) {
if (preg_match('/^http(s)?:\\/\\//i', $w)) {
return substr($w, 0, 200);
}
}, $_POST['post']);
if (actions::set_option(array('social_facebook' => $post['facebook'], 'social_google' => $post['google'], 'social_twitter' => $post['twitter'], 'social_flickr' => $post['flickr'], 'social_linkedin' => $post['linkedin'], 'social_vimeo' => $post['videmo'], 'social_youtube' => $post['youtube'], 'social_myspace' => $post['myspace'], 'social_reddit' => $post['reddit'], 'social_pinterest' => $post['pinterest']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['settings_save_error'] . '</div>';
}
}
$csrf = $_SESSION['settings_csrf'] = \site\utils::str_random(10);
echo '<form action="#" method="POST">
<div class="form-table">
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_GET['action'])) {
switch ($_GET['action']) {
case 'general-settings':
if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'settings_csrf')) {
include dirname(__DIR__) . '/' . IDIR . '/others/GMT_list.php';
if (isset($_POST['sitename']) && isset($_POST['siteurl']) && isset($_POST['description']) && isset($_POST['ipp']) && isset($_POST['registrations']) && isset($_POST['accounts_per_ip']) && isset($_POST['delete_old_coupons']) && isset($_POST['allow_revs']) && isset($_POST['auvalid_revs']) && isset($_POST['allow_stores']) && isset($_POST['allow_coupons']) && isset($_POST['site_lang']) && isset($_POST['adminpanel_lang']) && isset($_POST['timezone']) && isset($_POST['hour_format']) && isset($_POST['email_from_name']) && isset($_POST['email_answer_to']) && isset($_POST['email_contact']) && isset($_POST['mail_meth']) && isset($_POST['smtp_host']) && isset($_POST['smtp_port']) && isset($_POST['smtp_user']) && isset($_POST['smtp_pass']) && isset($_POST['sendmail_path']) && isset($_POST['admin_theme'])) {
$_SESSION['js_settings'] = true;
}
if (actions::set_option(array('sitename' => $_POST['sitename'], 'siteurl' => rtrim($_POST['siteurl'], '/'), 'sitedescription' => $_POST['description'], 'items_per_page' => (int) $_POST['ipp'], 'registrations' => $_POST['registrations'], 'delete_old_coupons' => (int) $_POST['delete_old_coupons'], 'accounts_per_ip' => (int) $_POST['accounts_per_ip'], 'allow_reviews' => (int) $_POST['allow_revs'], 'review_validate' => (bool) $_POST['auvalid_revs'], 'allow_stores' => (bool) $_POST['allow_stores'], 'store_validate' => (bool) $_POST['auvalid_stos'], 'allow_coupons' => (bool) $_POST['allow_coupons'], 'coupon_validate' => (bool) $_POST['auvalid_cous'], 'allow_products' => (bool) $_POST['allow_products'], 'product_validate' => (bool) $_POST['auvalid_prods'], 'sitelang' => $_POST['site_lang'], 'adminpanel_lang' => $_POST['adminpanel_lang'], 'timezone' => in_array($_POST['timezone'], array_keys($gmt)) ? $_POST['timezone'] : 'America/New_York', 'hour_format' => in_array($_POST['hour_format'], array(12, 24)) ? $_POST['hour_format'] : 24, 'email_from_name' => $_POST['email_from_name'], 'email_answer_to' => $_POST['email_answer_to'], 'email_contact' => $_POST['email_contact'], 'mail_method' => $_POST['mail_meth'], 'smtp_auth' => isset($_POST['smtp_auth']) ? 1 : 0, 'smtp_host' => $_POST['smtp_host'], 'smtp_port' => $_POST['smtp_port'], 'smtp_user' => $_POST['smtp_user'], 'smtp_password' => $_POST['smtp_pass'], 'sendmail_path' => $_POST['sendmail_path'], 'admintheme' => $_POST['admin_theme'], 'mail_signature' => $_POST['mailsign']))) {
echo '<script type="text/javascript">
window.location = "?route=settings.php&action=general&success=true";
</script>';
die;
} else {
echo '<script type="text/javascript">
window.location = "?route=settings.php&action=general&success=false";
</script>';
die;
}
}
break;
}
}
?>
<script type="text/javascript">
window.location = "?route=settings.php&action=general&success=false";
<?php
if (!$GLOBALS['me']->is_admin) {
die;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'slider_csrf')) {
if (isset($_POST['sendy_brand_id']) && isset($_POST['sendy_list_id']) && isset($_POST['sendy_reply_to']) && isset($_POST['sendy_from_email']) && isset($_POST['sendy_from_name']) && isset($_POST['sendy_api_key']) && isset($_POST['sendy_url']) && isset($_POST['sendy_template_root'])) {
//update account
$sendy_url = substr($_POST['sendy_url'], -1) == '/' ? $_POST['sendy_url'] : $_POST['sendy_url'] . '/';
$sendy_template_root = substr($_POST['sendy_template_root'], -1) == '/' ? $_POST['sendy_template_root'] : $_POST['sendy_template_root'] . '/';
$sendy_query_string = isset($_POST['sendy_query_string']) ? $_POST['sendy_query_string'] : '';
if (actions::set_option(array('sendy_query_string' => $sendy_query_string, 'sendy_brand_id' => $_POST['sendy_brand_id'], 'sendy_list_id' => $_POST['sendy_list_id'], 'sendy_reply_to' => $_POST['sendy_reply_to'], 'sendy_from_email' => $_POST['sendy_from_email'], 'sendy_from_name' => $_POST['sendy_from_name'], 'sendy_api_key' => $_POST['sendy_api_key'], 'sendy_url' => $sendy_url, 'sendy_template_root' => $sendy_template_root))) {
echo '<div class="a-success">Saved!</div>';
} else {
echo '<div class="a-error">Error!</div>';
}
} else {
echo '<div class="a-error">Param Error (' . isset($_POST['sendy_brand_id']) . ',' . isset($_POST['sendy_list_id']) . ',' . isset($_POST['sendy_reply_to']) . ',' . isset($_POST['sendy_from_email']) . ',' . isset($_POST['sendy_from_name']) . ',' . isset($_POST['sendy_api_key']) . ',' . isset($_POST['sendy_url']) . ')</div>';
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo '<div class="a-error">Signature Error</div';
}
}
$csrf = $_SESSION['slider_csrf'] = \site\utils::str_random(10);
switch ($_GET['action']) {
default:
echo '
<div class="title">
<h2>Sendy settings</h2>
if (!empty($LANG['rewards_subtitle'])) {
echo '<span>' . $LANG['rewards_subtitle'] . '</span>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'rewards_csrf')) {
if (isset($_POST['delete'])) {
if (isset($_POST['id'])) {
if (actions::delete_reward(array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'rewards_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_reward($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['rewards_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<a href="#" id="modify_mt_but">Meta Tags</a>
</form>
</div>';
}
}
break;
/** IMPORT COUPONS */
/** IMPORT COUPONS */
case 'import_coupons':
if (empty($_POST['id'])) {
echo '<div class="a-error">Select coupons that you want to import.</div>';
echo '<a href="#" class="btn" onclick="window.history.go(-1)">Back</a>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['token']) && check_csrf($_POST['token'], 'cjapi_csrf')) {
$success = $error = 0;
foreach ($_POST['coupon'] as $coupon) {
$coupon = json_decode(urldecode($coupon), true);
$id = key($coupon);
$coupon = current($coupon);
if (isset($_POST['id'][$id])) {
if (($store = \plugin\CJApi\inc\import::store_imported($coupon['Advertiser'])) && \plugin\CJApi\inc\actions::add_item(array('cjID' => $id, 'store' => $store->ID, 'category' => $store->catID, 'popular' => 0, 'exclusive' => 0, 'name' => $coupon['Title'], 'link' => isset($coupon['Link']) && filter_var($coupon['Link'], FILTER_VALIDATE_URL) ? $coupon['Link'] : '', 'code' => isset($coupon['Code']) ? $coupon['Code'] : '', 'description' => '', 'tags' => '', 'start' => isset($coupon['SD']) ? $coupon['SD'] : '', 'end' => isset($coupon['ED']) ? $coupon['ED'] : date('Y-m-d', strtotime(\query\main::get_option('cj_exp') . ' days')), 'publish' => 1, 'meta_title' => '', 'meta_desc' => ''))) {
$success++;
} else {
$error++;
}
}
}
echo '<div class="a-message">Import procedure has been successfully finished.</div>';
echo '<ul class="announce-box">
<span>Here you can edit the details of this coupon before the import</span>
</div>';
if (isset($_GET['coupon'])) {
$coupon_p = json_decode(urldecode($_GET['coupon']), true);
$store_p = json_decode(urldecode($_GET['store']), true);
$id = $coupon_p['id'];
}
if (!isset($store_p) || $store_p['storeID'] == 0) {
echo '<div class="a-error">Sorry, the store is not imported.</div>';
} else {
if ($coupon_p['couponID'] > 0) {
echo '<div class="a-alert">Sorry, the coupon is already imported.</div>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['coupon'])) {
if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'cjapi_csrf')) {
$data = array('store' => $store_p['storeID'], 'category' => $_POST['coupon']['Category'], 'popular' => isset($_POST['coupon']['Popular']) ? true : false, 'exclusive' => isset($_POST['coupon']['Exclusive']) ? true : false, 'name' => $_POST['coupon']['Title'], 'url' => !isset($_POST['coupon']['Ownlink']) && isset($_POST['coupon']['Link']) && filter_var($_POST['coupon']['Link'], FILTER_VALIDATE_URL) ? $_POST['coupon']['Link'] : '', 'code' => $_POST['coupon']['Code'], 'description' => $_POST['coupon']['Description'], 'tags' => $_POST['coupon']['Tags'], 'start_on' => implode($_POST['coupon']['SD'], ', '), 'end_on' => implode($_POST['coupon']['ED'], ', '), 'publish' => isset($_POST['coupon']['Publish']) ? true : false, 'meta_title' => $_POST['coupon']['MTitle'], 'meta_desc' => $_POST['coupon']['MDesc']);
if (\plugin\Popshop\inc\actions::add_item(array(array_merge($coupon_p, $data))) > 0) {
echo '<div class="a-success">Added!</div><button class="btn" onclick="window.history.go(-2);">Back</button>';
return;
} else {
echo '<div class="a-error">Error!</div>';
}
}
}
$csrf = $_SESSION['cjapi_csrf'] = \site\utils::str_random(10);
$store = \plugin\Popshop\inc\actions::get_import_store($store_p['storeID']);
echo '<div class="form-table">
<form action="#" method="POST" autocomplete="off">
<div class="row"><span>Category:</span>
/**
* Called when submitting a changed user
*
* Todo: rewrite, because it's incomprehensible.
*
* @see libsave_change_user()
*/
function u_settings_save()
{
global $Pivot_Vars;
// check against unauthorised direct access.
check_csrf();
libsave_change_user(0);
}
<?php
require_once 'db.php';
require_once 'csrf.php';
session_start();
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (!check_csrf($_POST['CSRF'])) {
$error = "Sorry! Invalid request";
$_SESSION['err'] = $error;
//errorRedirect($error,"register.php");
} else {
if (!isset($_POST['name'], $_POST['password'])) {
$_SESSION['err'] = "Please enter both fields";
} else {
if (empty($_POST['name']) || empty($_POST['password'])) {
$_SESSION['err'] = "Fields cannot be empty";
}
}
}
//$name = mysql_real_escape_string( $_POST[ 'name' ] );
//$password = strip_tags( $_POST[ 'password' ] );
$name = $_POST['name'];
$query = "SELECT * FROM `users` WHERE name=?";
try {
$stmt = $db->prepare($query);
$stmt->execute(array($name));
} catch (PDOException $e) {
die("Query error " . $e->getMessage());
}
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (empty($result)) {
/**
* The screen to delete a weblog..
*/
function main_blog_delete()
{
global $Weblogs, $Pivot_Vars;
// Did the user confirm that he wants to delete?
if ($Pivot_Vars['confirmed'] != 1) {
// Not confirmed, show the confirmation option..
// Keep the (internal) name urlencoded since it is stored in the weblogs
// array with an urlencoded key.
$internal_name = urlencode($Pivot_Vars['name']);
$vars = array('name', $internal_name, 'blog_delete', 1);
$msg = lang('weblog_config', 'confirm_delete');
$msg = str_replace("%1", $Weblogs[$internal_name]['name'], $msg);
ConfirmPage(lang('ufield_main', 'del_title'), $vars, $msg);
} else {
// Confirmed, so delete the weblog.
// check against unauthorised direct access.
check_csrf();
$name = $Pivot_Vars['name'];
unset($Weblogs[$name]);
save_serialize('pv_cfg_weblogs.php', $Weblogs);
$msg = lang('weblog_config', 'deleted');
main_blogs($msg);
}
}
<div class="el-row-body"' . (!empty($show_chat) ? ' style="display: none;"' : '') . '>
<div id="post-chat">';
$chat_csrf = \site\utils::str_random(10);
if (ab_to(array('chat' => 'add'))) {
echo '<form action="#" method="POST">
<input type="text" name="text" value="" placeholder="' . $LANG['chat_write_input'] . '" />
<button class="btn">' . $LANG['chat_write_button'] . '</button>
<a href="#" class="btn useggfont" title="Reload">Z</a>
<input type="hidden" name="chat_csrf" value="' . $chat_csrf . '" />
</form>';
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['chat_csrf']) && check_csrf($_POST['chat_csrf'], 'chat_csrf') && isset($_POST['text'])) {
actions::post_chat_message($_POST['text']);
}
}
$_SESSION['chat_csrf'] = $chat_csrf;
echo '<ul class="elements-list" id="chat-msgs-list">';
if ($chatmsgs = admin_query::chat_messages() > 0) {
foreach (admin_query::while_chat_messages(array('max' => 5, 'orderby' => 'date DESC')) as $item) {
echo '<li>
<div style="display: table;">
<img src="' . \query\main::user_avatar($item->user_avatar) . '" alt="" />
<div class="info-div"><h2>' . $item->user_name . '
<span class="fright date">' . date('Y.m.d, ' . (\query\main::get_option('hour_format') == 12 ? 'g:i A' : 'G:i'), strtotime($item->date)) . '</span></h2>
<div class="info-bar">' . \site\utils::bbcodes($item->text) . '</div>
</div></div>
</li>';
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_suggestions($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'suggestions_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_suggestion($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if ($_GET['type'] == 'read' || $_GET['type'] == 'unread') {
if (isset($_GET['id'])) {
if (actions::action_suggestions($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_plugin($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'plugins_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_plugin($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_plugin($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
$you_are_a_user = $users->is_user();
$show_form = $you_are_a_user ? false : true;
$show_after_login = false;
#logout
if (ig('logout') && $users->is_user()) {
$users->logout();
}
#after submit
if (ip('submit')) {
#get form inputs
$data = p(array('username' => 'str', 'password' => 'str'));
$ERRORS = array();
#check
if (empty($data['username']) || empty($data['password'])) {
$ERRORS[] = 'fill the inputs in order to login in!';
} elseif (!check_csrf('login_page')) {
$ERRORS[] = 'Invalid request! try again.';
} else {
#sign using users class
$remember_me = ip('remember_me') ? true : false;
if ($users->login($data['username'], $data['password'], $remember_me)) {
$show_form = false;
$show_after_login = true;
} else {
$ERRORS[] = 'The given information is incorrect!';
}
}
}
?>
<!-- you already in -->
<?php
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="widgets.php" />
' . $LANG['widgets_zones'] . ': <select name="zone">';
foreach ($template_widgets as $ID => $widgets) {
echo '<option value="' . $ID . '"' . ($ID == $zone_id ? ' selected' : '') . '>' . $widgets['name'] . '</option>';
}
echo '</select>
<button class="btn">' . $LANG['widgets_viewzone'] . '</button>
</form>
</div>';
if (!empty($LANG['widgets_subtitle'])) {
echo '<span>' . $LANG['widgets_subtitle'] . '</span>';
}
echo '</div>';
if (isset($_GET['token']) && isset($_GET['id']) && check_csrf($_GET['token'], 'widgets_csrf')) {
if (isset($_GET['add'])) {
if ($widget_info = widgets::widget_from_id($_GET['id'])) {
if (actions::add_widget($zone_id, $_GET['id'], array('title' => $widget_info->name, 'file' => $widget_info->file, 'limit' => isset($widget_info->def_limit) ? $widget_info->def_limit : 10, 'text' => isset($widget_info->text) ? $widget_info->text : ''))) {
echo '<div class="a-success">' . $LANG['msg_added'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_GET['delete'])) {
if (actions::delete_widget($zone_id, $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_payment($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'payments_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_payment($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (in_array($_GET['type'], array('paid', 'unpaid', 'delivered', 'undelivered'))) {
if (isset($_GET['id'])) {
if (actions::action_payment($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
redirect('viewtopic.php?id=' . $topic_id, $redirect_msg);
}
} else {
if (isset($_GET['stick'])) {
confirm_referrer('viewtopic.php');
check_csrf($_GET['csrf_token']);
$stick = intval($_GET['stick']);
if ($stick < 1) {
message($lang_common['Bad request'], false, '404 Not Found');
}
$db->query('UPDATE ' . $db->prefix . 'topics SET sticky=\'1\' WHERE id=' . $stick . ' AND forum_id=' . $fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error());
redirect('viewtopic.php?id=' . $stick, $lang_misc['Stick topic redirect']);
} else {
if (isset($_GET['unstick'])) {
confirm_referrer('viewtopic.php');
check_csrf($_GET['csrf_token']);
$unstick = intval($_GET['unstick']);
if ($unstick < 1) {
message($lang_common['Bad request'], false, '404 Not Found');
}
$db->query('UPDATE ' . $db->prefix . 'topics SET sticky=\'0\' WHERE id=' . $unstick . ' AND forum_id=' . $fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error());
redirect('viewtopic.php?id=' . $unstick, $lang_misc['Unstick topic redirect']);
}
}
}
}
}
}
// No specific forum moderation action was specified in the query string, so we'll display the moderator forum
// Load the viewforum.php language file
require PUN_ROOT . 'lang/' . $pun_user['language'] . '/forum.php';
function display_meta_sign()
{
echo '<h1>RULES LIST</h1>';
if (isset($_GET['remove_trigger'])) {
if (!check_csrf(TRUE)) {
error('[display_meta_sign] REMOVE TRIGGER CSRF ATTEMPT', 'SECURITY');
}
remove_trigger($_GET['remove_trigger']);
}
if (isset($_POST['CREATE']) && isset($_POST['field']) && isset($_POST['description']) && isset($_POST['label']) && isset($_POST['criticity']) && isset($_POST['type']) && ($_POST['type'] == 'std' && isset($_POST['field']) && isset($_POST['match']) || $_POST['type'] == 'meta' && isset($_POST['meta_field']) && isset($_POST['meta_match']))) {
$table = "";
$description = $_POST['description'];
$label = $_POST['label'];
$criticity = $_POST['criticity'];
$field = '';
$type = $_POST['type'];
$match = '';
if ($type == "std" && isset($_POST['field'])) {
$field = $_POST['field'];
$match = $_POST['match'];
}
if ($type == "meta" && isset($_POST['meta_field'])) {
$match = $_POST['meta_match'];
$field = $_POST['meta_field'];
}
create_trigger($description, $label, $criticity, $field, $match, $type);
}
$triggerz = get_triggerz();
echo '<table>';
while ($res = $triggerz->fetchArray()) {
$disp = '<a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&view_trigger=' . secure_display($res['name']) . '">VIEW SQL TRIGGER</a>';
if (isset($_GET['view_trigger']) && $_GET['view_trigger'] == $res['name']) {
$disp = secure_display($res['sql']);
}
echo '<tr><th class="std">' . secure_display($res['name']) . '</th><td>' . $disp . '</td><td><a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&crt=' . gen_csrf(TRUE) . '&remove_trigger=' . secure_display($res['name']) . '" onclick="return confirm(\'Are you sure?\');">REMOVE</a></td></tr>';
}
echo '</table>';
$meta_fields_list = '';
$meta_fields = get_metadata_names();
while ($field = $meta_fields->fetchArray()) {
$meta_fields_list .= '<option value="' . $field['name'] . '">' . secure_display($field['name']) . '</option>';
}
echo '<h1>CREATE RULE</h1>
<form action="' . $_SERVER['PHP_SELF'] . '?meta_sign" method="POST">
' . gen_csrf() . '
<table>
<tr><th class="std">LABEL</th><td class="std"><input type="text" name="label" value=""></td></tr>
<tr><th class="std">DESCRIPTION</th><td class="std"><input type="text" name="description" value=""></td></tr>
<tr><th class="std">CRITICITY</th><td class="std"><select name="criticity"><option value="1">High</option><option value="2">Medium</option><option value="3">Low</option></select></td></tr>
<tr><th class="std">
<select name="field">
<option value="md5">MD5</option>
<option value="sign">SIGNATURE</option>
</select>
matches</th><td class="std"><input type="text" name="match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="std" checked /></td></tr>
<tr><th class="std">
<select name="meta_field">
' . $meta_fields_list . '
</select>
matches</th><td class="std"><input type="text" name="meta_match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="meta" /></td></tr>
<tr><th colspan="2"><input type="submit" name="CREATE" value="CREATE"/></th></tr>
</table>
</form>';
}
// (at your option) any later version.
//
// CAAS is distibuted in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with CAAS. If not, see <http://www.gnu.org/licenses/>.
if (!defined("__INCLUDED__")) {
exit(0);
}
@session_start();
///////////////////////////////////////////
// CONFIG
///////////////////////////////////////////
$BASE_DIR = dirname(dirname(pathinfo(__FILE__, PATHINFO_DIRNAME)));
$db_path = $BASE_DIR . "/db/db.db";
$results_path = $BASE_DIR . "/results/";
$bin_path = $BASE_DIR . "/binaries/";
$download_cmd = $BASE_DIR . "/query.py --download_report";
$error_message = "";
require_once "inc/functions.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (check_csrf() == False) {
error("CSRF POST ATTEMPT", "SECURITY");
}
}
require_once "inc/db.php";
init_db();
require_once "inc/display.php";
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_item($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'coupons_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_item($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_item($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_store($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'stores_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_store($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_store($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_POST['set_action'])) {
if (isset($_POST['id']) && isset($_POST['action'])) {
if (actions::action_product($_POST['action'], array_keys($_POST['id']))) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'products_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_product($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') {
if (isset($_GET['id'])) {
if (actions::action_product($_GET['type'], $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
