if (!empty($LANG['categories_subtitle'])) { echo '<span>' . $LANG['categories_subtitle'] . '</span>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'categories_csrf')) { if (isset($_POST['delete'])) { if (isset($_POST['id'])) { if (actions::delete_category(array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'categories_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_category($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } $csrf = $_SESSION['categories_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off" novalidate>
if (!empty($LANG['banned_subtitle'])) { echo '<span>' . $LANG['banned_subtitle'] . '</span>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'banned_csrf')) { if (isset($_POST['delete'])) { if (isset($_POST['id'])) { if (actions::delete_banned(array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'banned_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_banned($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } $csrf = $_SESSION['banned_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off">
<?php if (!$GLOBALS['me']->is_admin) { die; } if (isset($_GET['csrf']) && ($_GET['csrf'] == \query\main::get_option('cron_secret') || check_csrf($_GET['csrf'], 'slider_csrf'))) { //do sync $nofav = $_GET['nofav']; $fav = $_GET['fav']; $fav_anchor = $_GET['fav_anchor']; $favitem = $_GET['favdeal']; $favsale = $_GET['favsale']; $root = $_GET['root']; $template = $_GET['template']; $template_nofav = file_get_contents($root . $nofav); $template_fav = file_get_contents($root . $fav); $template_favitem = file_get_contents($root . $favitem); $template_favsale = file_get_contents($root . $favsale); $now = date("Y-m-d H:i:s"); $seo_link = defined('SEO_LINKS') && SEO_LINKS ? true : false; $seo_link_coupon = \query\main::get_option('seo_link_coupon'); $seo_link_product = \query\main::get_option('seo_link_product'); $seo_link_store = \query\main::get_option('seo_link_store'); $sendy_url = \query\main::get_option('sendy_url') . 'subscribe'; $sendy_list_id = \query\main::get_option('sendy_list_id'); $userdata = array(); $coupondata = array(); //list subscribers $stmt = $db->stmt_init(); $search = "SELECT id,name,email FROM users WHERE " . DB_TABLE_PREFIX . "subscriber>0 and valid>0 and email<>''"; $stmt->prepare($search);
<input type="hidden" name="csrf" value="' . $csrf . '" /> </form>'; break; /** SOCIAL NETWORKS */ /** SOCIAL NETWORKS */ case 'socialacc': echo '<div class="title"> <h2>' . $LANG['settings_general_title'] . '</h2>'; if (!empty($LANG['settings_socnet_subtitle'])) { echo '<span>' . $LANG['settings_socnet_subtitle'] . '</span>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['post']) && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'settings_csrf')) { $post = array_map(function ($w) { if (preg_match('/^http(s)?:\\/\\//i', $w)) { return substr($w, 0, 200); } }, $_POST['post']); if (actions::set_option(array('social_facebook' => $post['facebook'], 'social_google' => $post['google'], 'social_twitter' => $post['twitter'], 'social_flickr' => $post['flickr'], 'social_linkedin' => $post['linkedin'], 'social_vimeo' => $post['videmo'], 'social_youtube' => $post['youtube'], 'social_myspace' => $post['myspace'], 'social_reddit' => $post['reddit'], 'social_pinterest' => $post['pinterest']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['settings_save_error'] . '</div>'; } } $csrf = $_SESSION['settings_csrf'] = \site\utils::str_random(10); echo '<form action="#" method="POST"> <div class="form-table">
<?php if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_GET['action'])) { switch ($_GET['action']) { case 'general-settings': if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'settings_csrf')) { include dirname(__DIR__) . '/' . IDIR . '/others/GMT_list.php'; if (isset($_POST['sitename']) && isset($_POST['siteurl']) && isset($_POST['description']) && isset($_POST['ipp']) && isset($_POST['registrations']) && isset($_POST['accounts_per_ip']) && isset($_POST['delete_old_coupons']) && isset($_POST['allow_revs']) && isset($_POST['auvalid_revs']) && isset($_POST['allow_stores']) && isset($_POST['allow_coupons']) && isset($_POST['site_lang']) && isset($_POST['adminpanel_lang']) && isset($_POST['timezone']) && isset($_POST['hour_format']) && isset($_POST['email_from_name']) && isset($_POST['email_answer_to']) && isset($_POST['email_contact']) && isset($_POST['mail_meth']) && isset($_POST['smtp_host']) && isset($_POST['smtp_port']) && isset($_POST['smtp_user']) && isset($_POST['smtp_pass']) && isset($_POST['sendmail_path']) && isset($_POST['admin_theme'])) { $_SESSION['js_settings'] = true; } if (actions::set_option(array('sitename' => $_POST['sitename'], 'siteurl' => rtrim($_POST['siteurl'], '/'), 'sitedescription' => $_POST['description'], 'items_per_page' => (int) $_POST['ipp'], 'registrations' => $_POST['registrations'], 'delete_old_coupons' => (int) $_POST['delete_old_coupons'], 'accounts_per_ip' => (int) $_POST['accounts_per_ip'], 'allow_reviews' => (int) $_POST['allow_revs'], 'review_validate' => (bool) $_POST['auvalid_revs'], 'allow_stores' => (bool) $_POST['allow_stores'], 'store_validate' => (bool) $_POST['auvalid_stos'], 'allow_coupons' => (bool) $_POST['allow_coupons'], 'coupon_validate' => (bool) $_POST['auvalid_cous'], 'allow_products' => (bool) $_POST['allow_products'], 'product_validate' => (bool) $_POST['auvalid_prods'], 'sitelang' => $_POST['site_lang'], 'adminpanel_lang' => $_POST['adminpanel_lang'], 'timezone' => in_array($_POST['timezone'], array_keys($gmt)) ? $_POST['timezone'] : 'America/New_York', 'hour_format' => in_array($_POST['hour_format'], array(12, 24)) ? $_POST['hour_format'] : 24, 'email_from_name' => $_POST['email_from_name'], 'email_answer_to' => $_POST['email_answer_to'], 'email_contact' => $_POST['email_contact'], 'mail_method' => $_POST['mail_meth'], 'smtp_auth' => isset($_POST['smtp_auth']) ? 1 : 0, 'smtp_host' => $_POST['smtp_host'], 'smtp_port' => $_POST['smtp_port'], 'smtp_user' => $_POST['smtp_user'], 'smtp_password' => $_POST['smtp_pass'], 'sendmail_path' => $_POST['sendmail_path'], 'admintheme' => $_POST['admin_theme'], 'mail_signature' => $_POST['mailsign']))) { echo '<script type="text/javascript"> window.location = "?route=settings.php&action=general&success=true"; </script>'; die; } else { echo '<script type="text/javascript"> window.location = "?route=settings.php&action=general&success=false"; </script>'; die; } } break; } } ?> <script type="text/javascript"> window.location = "?route=settings.php&action=general&success=false";
<?php if (!$GLOBALS['me']->is_admin) { die; } if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'slider_csrf')) { if (isset($_POST['sendy_brand_id']) && isset($_POST['sendy_list_id']) && isset($_POST['sendy_reply_to']) && isset($_POST['sendy_from_email']) && isset($_POST['sendy_from_name']) && isset($_POST['sendy_api_key']) && isset($_POST['sendy_url']) && isset($_POST['sendy_template_root'])) { //update account $sendy_url = substr($_POST['sendy_url'], -1) == '/' ? $_POST['sendy_url'] : $_POST['sendy_url'] . '/'; $sendy_template_root = substr($_POST['sendy_template_root'], -1) == '/' ? $_POST['sendy_template_root'] : $_POST['sendy_template_root'] . '/'; $sendy_query_string = isset($_POST['sendy_query_string']) ? $_POST['sendy_query_string'] : ''; if (actions::set_option(array('sendy_query_string' => $sendy_query_string, 'sendy_brand_id' => $_POST['sendy_brand_id'], 'sendy_list_id' => $_POST['sendy_list_id'], 'sendy_reply_to' => $_POST['sendy_reply_to'], 'sendy_from_email' => $_POST['sendy_from_email'], 'sendy_from_name' => $_POST['sendy_from_name'], 'sendy_api_key' => $_POST['sendy_api_key'], 'sendy_url' => $sendy_url, 'sendy_template_root' => $sendy_template_root))) { echo '<div class="a-success">Saved!</div>'; } else { echo '<div class="a-error">Error!</div>'; } } else { echo '<div class="a-error">Param Error (' . isset($_POST['sendy_brand_id']) . ',' . isset($_POST['sendy_list_id']) . ',' . isset($_POST['sendy_reply_to']) . ',' . isset($_POST['sendy_from_email']) . ',' . isset($_POST['sendy_from_name']) . ',' . isset($_POST['sendy_api_key']) . ',' . isset($_POST['sendy_url']) . ')</div>'; } } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { echo '<div class="a-error">Signature Error</div'; } } $csrf = $_SESSION['slider_csrf'] = \site\utils::str_random(10); switch ($_GET['action']) { default: echo ' <div class="title"> <h2>Sendy settings</h2>
if (!empty($LANG['rewards_subtitle'])) { echo '<span>' . $LANG['rewards_subtitle'] . '</span>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'rewards_csrf')) { if (isset($_POST['delete'])) { if (isset($_POST['id'])) { if (actions::delete_reward(array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'rewards_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_reward($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } $csrf = $_SESSION['rewards_csrf'] = \site\utils::str_random(10); echo '<div class="page-toolbar"> <form action="#" method="GET" autocomplete="off">
<a href="#" id="modify_mt_but">Meta Tags</a> </form> </div>'; } } break; /** IMPORT COUPONS */ /** IMPORT COUPONS */ case 'import_coupons': if (empty($_POST['id'])) { echo '<div class="a-error">Select coupons that you want to import.</div>'; echo '<a href="#" class="btn" onclick="window.history.go(-1)">Back</a>'; } else { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['token']) && check_csrf($_POST['token'], 'cjapi_csrf')) { $success = $error = 0; foreach ($_POST['coupon'] as $coupon) { $coupon = json_decode(urldecode($coupon), true); $id = key($coupon); $coupon = current($coupon); if (isset($_POST['id'][$id])) { if (($store = \plugin\CJApi\inc\import::store_imported($coupon['Advertiser'])) && \plugin\CJApi\inc\actions::add_item(array('cjID' => $id, 'store' => $store->ID, 'category' => $store->catID, 'popular' => 0, 'exclusive' => 0, 'name' => $coupon['Title'], 'link' => isset($coupon['Link']) && filter_var($coupon['Link'], FILTER_VALIDATE_URL) ? $coupon['Link'] : '', 'code' => isset($coupon['Code']) ? $coupon['Code'] : '', 'description' => '', 'tags' => '', 'start' => isset($coupon['SD']) ? $coupon['SD'] : '', 'end' => isset($coupon['ED']) ? $coupon['ED'] : date('Y-m-d', strtotime(\query\main::get_option('cj_exp') . ' days')), 'publish' => 1, 'meta_title' => '', 'meta_desc' => ''))) { $success++; } else { $error++; } } } echo '<div class="a-message">Import procedure has been successfully finished.</div>'; echo '<ul class="announce-box">
<span>Here you can edit the details of this coupon before the import</span> </div>'; if (isset($_GET['coupon'])) { $coupon_p = json_decode(urldecode($_GET['coupon']), true); $store_p = json_decode(urldecode($_GET['store']), true); $id = $coupon_p['id']; } if (!isset($store_p) || $store_p['storeID'] == 0) { echo '<div class="a-error">Sorry, the store is not imported.</div>'; } else { if ($coupon_p['couponID'] > 0) { echo '<div class="a-alert">Sorry, the coupon is already imported.</div>'; } else { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['coupon'])) { if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'cjapi_csrf')) { $data = array('store' => $store_p['storeID'], 'category' => $_POST['coupon']['Category'], 'popular' => isset($_POST['coupon']['Popular']) ? true : false, 'exclusive' => isset($_POST['coupon']['Exclusive']) ? true : false, 'name' => $_POST['coupon']['Title'], 'url' => !isset($_POST['coupon']['Ownlink']) && isset($_POST['coupon']['Link']) && filter_var($_POST['coupon']['Link'], FILTER_VALIDATE_URL) ? $_POST['coupon']['Link'] : '', 'code' => $_POST['coupon']['Code'], 'description' => $_POST['coupon']['Description'], 'tags' => $_POST['coupon']['Tags'], 'start_on' => implode($_POST['coupon']['SD'], ', '), 'end_on' => implode($_POST['coupon']['ED'], ', '), 'publish' => isset($_POST['coupon']['Publish']) ? true : false, 'meta_title' => $_POST['coupon']['MTitle'], 'meta_desc' => $_POST['coupon']['MDesc']); if (\plugin\Popshop\inc\actions::add_item(array(array_merge($coupon_p, $data))) > 0) { echo '<div class="a-success">Added!</div><button class="btn" onclick="window.history.go(-2);">Back</button>'; return; } else { echo '<div class="a-error">Error!</div>'; } } } $csrf = $_SESSION['cjapi_csrf'] = \site\utils::str_random(10); $store = \plugin\Popshop\inc\actions::get_import_store($store_p['storeID']); echo '<div class="form-table"> <form action="#" method="POST" autocomplete="off"> <div class="row"><span>Category:</span>
/** * Called when submitting a changed user * * Todo: rewrite, because it's incomprehensible. * * @see libsave_change_user() */ function u_settings_save() { global $Pivot_Vars; // check against unauthorised direct access. check_csrf(); libsave_change_user(0); }
<?php require_once 'db.php'; require_once 'csrf.php'; session_start(); if ($_SERVER['REQUEST_METHOD'] == "POST") { if (!check_csrf($_POST['CSRF'])) { $error = "Sorry! Invalid request"; $_SESSION['err'] = $error; //errorRedirect($error,"register.php"); } else { if (!isset($_POST['name'], $_POST['password'])) { $_SESSION['err'] = "Please enter both fields"; } else { if (empty($_POST['name']) || empty($_POST['password'])) { $_SESSION['err'] = "Fields cannot be empty"; } } } //$name = mysql_real_escape_string( $_POST[ 'name' ] ); //$password = strip_tags( $_POST[ 'password' ] ); $name = $_POST['name']; $query = "SELECT * FROM `users` WHERE name=?"; try { $stmt = $db->prepare($query); $stmt->execute(array($name)); } catch (PDOException $e) { die("Query error " . $e->getMessage()); } $result = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($result)) {
/** * The screen to delete a weblog.. */ function main_blog_delete() { global $Weblogs, $Pivot_Vars; // Did the user confirm that he wants to delete? if ($Pivot_Vars['confirmed'] != 1) { // Not confirmed, show the confirmation option.. // Keep the (internal) name urlencoded since it is stored in the weblogs // array with an urlencoded key. $internal_name = urlencode($Pivot_Vars['name']); $vars = array('name', $internal_name, 'blog_delete', 1); $msg = lang('weblog_config', 'confirm_delete'); $msg = str_replace("%1", $Weblogs[$internal_name]['name'], $msg); ConfirmPage(lang('ufield_main', 'del_title'), $vars, $msg); } else { // Confirmed, so delete the weblog. // check against unauthorised direct access. check_csrf(); $name = $Pivot_Vars['name']; unset($Weblogs[$name]); save_serialize('pv_cfg_weblogs.php', $Weblogs); $msg = lang('weblog_config', 'deleted'); main_blogs($msg); } }
<div class="el-row-body"' . (!empty($show_chat) ? ' style="display: none;"' : '') . '> <div id="post-chat">'; $chat_csrf = \site\utils::str_random(10); if (ab_to(array('chat' => 'add'))) { echo '<form action="#" method="POST"> <input type="text" name="text" value="" placeholder="' . $LANG['chat_write_input'] . '" /> <button class="btn">' . $LANG['chat_write_button'] . '</button> <a href="#" class="btn useggfont" title="Reload">Z</a> <input type="hidden" name="chat_csrf" value="' . $chat_csrf . '" /> </form>'; } echo '</div>'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['chat_csrf']) && check_csrf($_POST['chat_csrf'], 'chat_csrf') && isset($_POST['text'])) { actions::post_chat_message($_POST['text']); } } $_SESSION['chat_csrf'] = $chat_csrf; echo '<ul class="elements-list" id="chat-msgs-list">'; if ($chatmsgs = admin_query::chat_messages() > 0) { foreach (admin_query::while_chat_messages(array('max' => 5, 'orderby' => 'date DESC')) as $item) { echo '<li> <div style="display: table;"> <img src="' . \query\main::user_avatar($item->user_avatar) . '" alt="" /> <div class="info-div"><h2>' . $item->user_name . ' <span class="fright date">' . date('Y.m.d, ' . (\query\main::get_option('hour_format') == 12 ? 'g:i A' : 'G:i'), strtotime($item->date)) . '</span></h2> <div class="info-bar">' . \site\utils::bbcodes($item->text) . '</div> </div></div> </li>';
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_POST['set_action'])) { if (isset($_POST['id']) && isset($_POST['action'])) { if (actions::action_suggestions($_POST['action'], array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'suggestions_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_suggestion($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if ($_GET['type'] == 'read' || $_GET['type'] == 'unread') { if (isset($_GET['id'])) { if (actions::action_suggestions($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_POST['set_action'])) { if (isset($_POST['id']) && isset($_POST['action'])) { if (actions::action_plugin($_POST['action'], array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'plugins_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_plugin($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_plugin($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
$you_are_a_user = $users->is_user(); $show_form = $you_are_a_user ? false : true; $show_after_login = false; #logout if (ig('logout') && $users->is_user()) { $users->logout(); } #after submit if (ip('submit')) { #get form inputs $data = p(array('username' => 'str', 'password' => 'str')); $ERRORS = array(); #check if (empty($data['username']) || empty($data['password'])) { $ERRORS[] = 'fill the inputs in order to login in!'; } elseif (!check_csrf('login_page')) { $ERRORS[] = 'Invalid request! try again.'; } else { #sign using users class $remember_me = ip('remember_me') ? true : false; if ($users->login($data['username'], $data['password'], $remember_me)) { $show_form = false; $show_after_login = true; } else { $ERRORS[] = 'The given information is incorrect!'; } } } ?> <!-- you already in --> <?php
<form action="#" method="GET" autocomplete="off"> <input type="hidden" name="route" value="widgets.php" /> ' . $LANG['widgets_zones'] . ': <select name="zone">'; foreach ($template_widgets as $ID => $widgets) { echo '<option value="' . $ID . '"' . ($ID == $zone_id ? ' selected' : '') . '>' . $widgets['name'] . '</option>'; } echo '</select> <button class="btn">' . $LANG['widgets_viewzone'] . '</button> </form> </div>'; if (!empty($LANG['widgets_subtitle'])) { echo '<span>' . $LANG['widgets_subtitle'] . '</span>'; } echo '</div>'; if (isset($_GET['token']) && isset($_GET['id']) && check_csrf($_GET['token'], 'widgets_csrf')) { if (isset($_GET['add'])) { if ($widget_info = widgets::widget_from_id($_GET['id'])) { if (actions::add_widget($zone_id, $_GET['id'], array('title' => $widget_info->name, 'file' => $widget_info->file, 'limit' => isset($widget_info->def_limit) ? $widget_info->def_limit : 10, 'text' => isset($widget_info->text) ? $widget_info->text : ''))) { echo '<div class="a-success">' . $LANG['msg_added'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_GET['delete'])) { if (actions::delete_widget($zone_id, $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; }
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_POST['set_action'])) { if (isset($_POST['id']) && isset($_POST['action'])) { if (actions::action_payment($_POST['action'], array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'payments_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_payment($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (in_array($_GET['type'], array('paid', 'unpaid', 'delivered', 'undelivered'))) { if (isset($_GET['id'])) { if (actions::action_payment($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
redirect('viewtopic.php?id=' . $topic_id, $redirect_msg); } } else { if (isset($_GET['stick'])) { confirm_referrer('viewtopic.php'); check_csrf($_GET['csrf_token']); $stick = intval($_GET['stick']); if ($stick < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } $db->query('UPDATE ' . $db->prefix . 'topics SET sticky=\'1\' WHERE id=' . $stick . ' AND forum_id=' . $fid) or error('Unable to stick topic', __FILE__, __LINE__, $db->error()); redirect('viewtopic.php?id=' . $stick, $lang_misc['Stick topic redirect']); } else { if (isset($_GET['unstick'])) { confirm_referrer('viewtopic.php'); check_csrf($_GET['csrf_token']); $unstick = intval($_GET['unstick']); if ($unstick < 1) { message($lang_common['Bad request'], false, '404 Not Found'); } $db->query('UPDATE ' . $db->prefix . 'topics SET sticky=\'0\' WHERE id=' . $unstick . ' AND forum_id=' . $fid) or error('Unable to unstick topic', __FILE__, __LINE__, $db->error()); redirect('viewtopic.php?id=' . $unstick, $lang_misc['Unstick topic redirect']); } } } } } } // No specific forum moderation action was specified in the query string, so we'll display the moderator forum // Load the viewforum.php language file require PUN_ROOT . 'lang/' . $pun_user['language'] . '/forum.php';
function display_meta_sign() { echo '<h1>RULES LIST</h1>'; if (isset($_GET['remove_trigger'])) { if (!check_csrf(TRUE)) { error('[display_meta_sign] REMOVE TRIGGER CSRF ATTEMPT', 'SECURITY'); } remove_trigger($_GET['remove_trigger']); } if (isset($_POST['CREATE']) && isset($_POST['field']) && isset($_POST['description']) && isset($_POST['label']) && isset($_POST['criticity']) && isset($_POST['type']) && ($_POST['type'] == 'std' && isset($_POST['field']) && isset($_POST['match']) || $_POST['type'] == 'meta' && isset($_POST['meta_field']) && isset($_POST['meta_match']))) { $table = ""; $description = $_POST['description']; $label = $_POST['label']; $criticity = $_POST['criticity']; $field = ''; $type = $_POST['type']; $match = ''; if ($type == "std" && isset($_POST['field'])) { $field = $_POST['field']; $match = $_POST['match']; } if ($type == "meta" && isset($_POST['meta_field'])) { $match = $_POST['meta_match']; $field = $_POST['meta_field']; } create_trigger($description, $label, $criticity, $field, $match, $type); } $triggerz = get_triggerz(); echo '<table>'; while ($res = $triggerz->fetchArray()) { $disp = '<a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&view_trigger=' . secure_display($res['name']) . '">VIEW SQL TRIGGER</a>'; if (isset($_GET['view_trigger']) && $_GET['view_trigger'] == $res['name']) { $disp = secure_display($res['sql']); } echo '<tr><th class="std">' . secure_display($res['name']) . '</th><td>' . $disp . '</td><td><a href="' . $_SERVER['PHP_SELF'] . '?meta_sign&crt=' . gen_csrf(TRUE) . '&remove_trigger=' . secure_display($res['name']) . '" onclick="return confirm(\'Are you sure?\');">REMOVE</a></td></tr>'; } echo '</table>'; $meta_fields_list = ''; $meta_fields = get_metadata_names(); while ($field = $meta_fields->fetchArray()) { $meta_fields_list .= '<option value="' . $field['name'] . '">' . secure_display($field['name']) . '</option>'; } echo '<h1>CREATE RULE</h1> <form action="' . $_SERVER['PHP_SELF'] . '?meta_sign" method="POST"> ' . gen_csrf() . ' <table> <tr><th class="std">LABEL</th><td class="std"><input type="text" name="label" value=""></td></tr> <tr><th class="std">DESCRIPTION</th><td class="std"><input type="text" name="description" value=""></td></tr> <tr><th class="std">CRITICITY</th><td class="std"><select name="criticity"><option value="1">High</option><option value="2">Medium</option><option value="3">Low</option></select></td></tr> <tr><th class="std"> <select name="field"> <option value="md5">MD5</option> <option value="sign">SIGNATURE</option> </select> matches</th><td class="std"><input type="text" name="match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="std" checked /></td></tr> <tr><th class="std"> <select name="meta_field"> ' . $meta_fields_list . ' </select> matches</th><td class="std"><input type="text" name="meta_match" /> (input data is in LIKE SQL statements, use "%" as wildcards)</td><td><input type="radio" name="type" value="meta" /></td></tr> <tr><th colspan="2"><input type="submit" name="CREATE" value="CREATE"/></th></tr> </table> </form>'; }
// (at your option) any later version. // // CAAS is distibuted in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with CAAS. If not, see <http://www.gnu.org/licenses/>. if (!defined("__INCLUDED__")) { exit(0); } @session_start(); /////////////////////////////////////////// // CONFIG /////////////////////////////////////////// $BASE_DIR = dirname(dirname(pathinfo(__FILE__, PATHINFO_DIRNAME))); $db_path = $BASE_DIR . "/db/db.db"; $results_path = $BASE_DIR . "/results/"; $bin_path = $BASE_DIR . "/binaries/"; $download_cmd = $BASE_DIR . "/query.py --download_report"; $error_message = ""; require_once "inc/functions.php"; if ($_SERVER["REQUEST_METHOD"] == "POST") { if (check_csrf() == False) { error("CSRF POST ATTEMPT", "SECURITY"); } } require_once "inc/db.php"; init_db(); require_once "inc/display.php";
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_POST['set_action'])) { if (isset($_POST['id']) && isset($_POST['action'])) { if (actions::action_item($_POST['action'], array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'coupons_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_item($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_item($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
} } } else { if (isset($_POST['set_action'])) { if (isset($_POST['id']) && isset($_POST['action'])) { if (actions::action_store($_POST['action'], array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'stores_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_store($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_store($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if (isset($_POST['set_action'])) { if (isset($_POST['id']) && isset($_POST['action'])) { if (actions::action_product($_POST['action'], array_keys($_POST['id']))) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } } } else { if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'products_csrf')) { if ($_GET['action'] == 'delete') { if (isset($_GET['id'])) { if (actions::delete_product($_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>'; } } } else { if ($_GET['type'] == 'publish' || $_GET['type'] == 'unpublish') { if (isset($_GET['id'])) { if (actions::action_product($_GET['type'], $_GET['id'])) { echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>'; } else { echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';