function csrfguard_validate_token($unique_form_name, $token_value)
{
$token = get_from_session($unique_form_name);
if ($token === false) {
return true;
} elseif ($token === $token_value) {
$result = true;
} else {
$result = false;
}
unset_session($unique_form_name);
return $result;
}
include_once 'functions.php';
$sid = intval($_COOKIE['sid']);
if (array_key_exists('pre_email', $_REQUEST)) {
$email = htmlentities($_REQUEST['pre_email'], ENT_QUOTES);
if (USE_MTURK) {
$mturk_id = htmlentities($_REQUEST['pre_mturk_id'], ENT_QUOTES);
} else {
$mturk_id = false;
}
$age = intval($_REQUEST['pre_age']);
$songId = intval($_REQUEST['songId']);
$zip = '' . intval($_REQUEST['pre_zip']);
edit_session(array('pre_email' => $email, 'sid' => $sid, 'pre_zip' => $zip, 'pre_mturk_id' => $mturk_id, 'pre_age' => $age, 'songId' => intval($_REQUEST['songId'])), false, 'pre');
} else {
$email = get_from_session($sid, 'pre_email');
$songId = get_from_session($sid, 'songId', true);
}
//get the treatment and its properties for the current session
$treatment = getTreatmentForSession($sid);
$box_value = '';
// get $opt and $prepop based on code
$group_code = $_SESSION['group_code'];
// get $opt from code
$opt = getOptionFromCode($group_code);
// get prepop from code
$prepop = getPrepopFromCode($group_code);
if ($prepop == 'fill') {
$box_value = htmlentities($email, ENT_QUOTES);
}
$box_display = 'block';
$box_hidden = false;
<?php
// change_password_action.php
include_once "config.php";
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
$current_user = get_from_session("current_user");
if (is_null($current_user)) {
store_in_session("message", "You must login to access this page");
header("Location: index.php");
return;
}
$current_password = $_POST["current_password"];
$new_password = $_POST["new_password"];
$new_password2 = $_POST["new_password2"];
$data = R::getRow("select * from users where username=? and password=md5(?)", array($current_user["username"], $current_password));
if (count($data) == 0) {
store_in_session("message", "Current password incorrect");
} else {
if ($new_password != $new_password2) {
store_in_session("message", "New passwords dont match");
} else {
$sql = "update users set password = md5(?) where username=?";
R::exec($sql, array($new_password, $current_user["username"]));
store_in_session("message", "New password successfully updated!");
}
}
header("Location: change_password.php");
<?php
include_once "header.php";
?>
<div id="next_steps_container">
<div class="next_steps_header">
<p>
<a href="./">Home</a>
</p>
<h1>Next steps</h1>
</div>
<?php
$approval_required = get_from_session("approval_required");
if ($approval_required == 0) {
?>
<!-- For users who do not need admin approval -->
<div>
<p>Thank for registering and your registration details have been accepted. Now you can login and explore Madhwa connect services.</p>
<p>As part of our anti-spam policy, we have sent an mail to your registered email address. You will receive the same in a while. Please check your "Junk Mail" folder also.</p>
<p>Please click the link in the email to update the additional information.</p>
<p>You may close this window now. </p>
</div>
<?php
} else {
?>
$num_01 = 0;
$num_undef = 0;
$num_err = 0;
if ($approve) {
for ($i = 0; $i < count($wids); $i++) {
if (in_array($wids[$i], $previously_affected)) {
continue;
}
$sid = get_sid_from_mturk_id($wids[$i]);
$finished = has_finished_by_sid($sid);
if ($finished) {
if (!$dry) {
$res = $mturk->approveHIT($aids[$i]);
}
if ($giveBonus) {
$email_sent = get_from_session($sid, 'email_sent');
$bonus = 0;
$data[$i]['bonus'] = 0.51;
$bonusstr = '';
if (strstr($email_sent, 'true')) {
$bonusstr = "You subscribed to SafeDelivery, therefore your bonus is \$0.01.";
$bonus = 0.01;
$num_01++;
} elseif (strstr($email_sent, 'false')) {
$bonusstr = "You did not subscribe to SafeDelivery, therefore your bonus is \$0.50.";
$bonus = 0.5;
$num_50++;
} elseif (strstr($email_sent, 'undef')) {
$num_undef++;
} else {
$num_err++;
include_once "header.php";
include_once "functions.php";
?>
<div id="register_container">
<div class="fogot_password_header">
<h1>We just mailed you</h1>
</div>
<div>
<p>We just sent a password-reset link to your registered email addrss. Read the mail and follow the instructions, and you can change your password.
</p>
<p>In case if you did not receive a mail from us, please do check in your spam/junkmail folder</p>
</div>
<form class="uiv2-form" action="send_password_reset_link.php" method="post">
<input type="hidden" name="username_email"
value="<?php
echo get_from_session("email_for_password_reset");
?>
" />
<fieldset>
<div class="legend">In case if you did not receive the mail..</div>
<div class="uiv2-form-row">
<div class="gap" ></div>
</div>
<?php
// add the username/email_address here as a hidden field.
?>
<div class="uiv2-form-row">
<span class="uiv2-form-label"></span>
<div class="uiv2-form-input">
If you want us to send the link again, please click the button below.
}
if (isset($_REQUEST[$param])) {
$res = $_SESSION[$param] = $_REQUEST[$param];
}
return $res;
}
session_start();
ini_set('display_errors', true);
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
if (version_compare(phpversion(), '5.1.0', '<') == true) {
die('PHP5.1 or higher!');
}
ob_implicit_flush();
ob_end_flush();
// langugage
$lang = get_from_session("lang", "ru");
// Константы:
define('DIRSEP', DIRECTORY_SEPARATOR);
// Узнаём путь до файлов сайта
$site_path = realpath(dirname(dirname(__FILE__)) . DIRSEP) . DIRSEP;
define('site_path', $site_path);
// Регистрируем загрузчик классов
function __autoload($class_name)
{
$filename = strtolower($class_name) . '.php';
$file = site_path . 'classes' . DIRSEP . $filename;
if (file_exists($file) == false) {
return false;
}
include $file;
}
<?php
session_start();
// Continues running the experiment until the user has finished the group
include 'config.php';
include 'functions.php';
// Get session
$sid = intval($_COOKIE['sid']);
$db = db_connect();
$group = get_from_session($sid, 'group_num');
$transaction = get_from_session($sid, 'transaction');
$treatment = get_from_session($sid, 'treatment_id');
$action = $_GET['sendEmail'];
// based on user choice in purchase.php
$post_email = $_GET['post_email'];
$mediaId = $_GET['mediaId'];
if ($action == 'true') {
// email needs to be sent
// adds media id to array
if (isset($_SESSION['mediaId'])) {
$_SESSION['mediaId'][] = $mediaId;
} else {
$_SESSION['mediaId'] = array($mediaId);
}
$action = 1;
} else {
$action = 0;
}
// Insert results into database
$q = "INSERT INTO treatment_selections(sid, treatment_id, action)\n\t\t VALUES({$sid}, {$treatment}, {$action})";
runQuery($db, $q, false);
function getEmailForCurrentSession()
{
if (!array_key_exists('sid', $_COOKIE)) {
return 'NO SESSION';
}
$db = db_connect();
$sid = intval($_COOKIE['sid']);
return get_from_session($sid, 'post_email');
}
$data = R::getRow($sql, array($username, $password));
if (count($data) == 0) {
header("Location: ./login_f.php");
store_in_session("message", "Invalid username/password");
return;
} else {
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
if ($data["registration_status"] == "suspended") {
header("Location: ./login_f.php");
store_in_session("message", "Your account is suspended");
return;
}
store_in_session("current_user", $data);
$redirect_to = get_from_session("redirect_to");
remove_from_session("redirect_to");
if ($redirect_to == null) {
$redirect_to = "index.php";
}
header("Location: ./{$redirect_to}");
if (isset($_POST["keep_me_logged_in"])) {
// user wants to be remembered by the browser
// send a kookie
setcookie("token", $data["id"], time() + 365 * 24 * 60 * 60);
} else {
}
return;
}
}
}