} else { $error_mss .= '.</p>'; } $error_array[] = $error_mss; } $password_reset = false; $email_sent = false; $email_verified = false; if (isset($_SESSION['key_confirmed'])) { $email_verified = true; } else { if (isset($_GET['key'])) { // check key against db // if good set $email_verified to true and mark in db as used // also get email of request to double check, put in session $checked_request = check_request($_GET['key'], $db); // if not good throw error. // this will include expired keys if ($checked_request[0]) { // set key variable in session so typos don't force new request $_SESSION['key_confirmed'] = true; $email_verified = true; } else { $error_array[] = $checked_request[1]; } } } if (isset($_POST['email'])) { if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { // check whether email belongs to an account // if so create request in DB and send password email
<?php $class_name = "InvoiceActual"; if (isset($_GET['id'])) { $post_link = $_SERVER["PHP_SELF"] . "?id=" . urldecode($_GET['id']); $page = "Update"; $page1 = "Update "; $text_post = "Updated"; $text_post1 = "update"; } else { $post_link = $_SERVER["PHP_SELF"]; $page = "New"; $page1 = "Add New "; $text_post = "created"; $text_post1 = "creation"; } check_request(); if (request_is_post() && request_is_same_domain()) { if (!csrf_token_is_valid() || !csrf_token_is_recent()) { $message = "Sorry, request was not valid."; } else { $new_item = new $class_name(); $expected_fields = $class_name::get_table_field(); foreach ($expected_fields as $field) { if (isset($_POST[$field])) { $new_item->{$field} = trim($_POST[$field]); } } //todo complete valid like pseudo $valid = $new_item->form_validation(); if (empty($valid->errors)) { if ($new_item->save()) {