<?php require_once "../../includes/initialize.php"; // Rather than require setting up a real database, // we can fake one instead. $message = ""; $token = $_GET['token']; // Confirm that the token sent is valid $user = User::find_by_reset_token($token); if (!isset($user) || !$user) { // Token wasn't sent or didn't match a user. $session->message("Did not find you try again"); redirect_to('login_forgot_password_username.php'); } if (request_is_post() && request_is_same_domain()) { if (!csrf_token_is_valid() || !csrf_token_is_recent()) { $message = "Sorry, request was not valid."; } else { // CSRF tests passed--form was created by us recently. // retrieve the values submitted via the form $password = trim($_POST['password']); $password_confirm = trim($_POST['password_confirm']); $valid = new FormValidation(); $valid->validate_presences(array('password', 'password_confirm')); if ($password !== $password_confirm) { $valid->errors['password_confirmation'] = "Password confirmation does not match password."; } if (empty($valid->errors)) { $user->password = $password; $user->save(); $user->delete_reset_token();
function check_request() { // echo $_POST['project_id'][0]."<br>"; // echo $_POST['project_id'][1]."<br>"; // echo array_count_values($_POST['project_id']); if (request_is_post() && $_POST) { echo "<p>POST Request Value</p>" . "<br>"; echo "<pre>"; print_r($_POST); echo "</pre>"; } if (request_is_get() && $_GET) { echo "<p>GET Request Value</p>" . "<br>"; echo "<pre>"; print_r($_GET); echo "</pre>"; } }
/** * */ public function configureAction() { $config = fz_config_get(); // $locales_choices = array(); foreach (glob(option('root_dir') . '/i18n/*', GLOB_ONLYDIR) as $lc) { $locales_choices[basename($lc)] = basename($lc); } $errors = array(); $notifs = array(); // If request is post, check for errors if (request_is_post()) { // prevent unchecked input from being transformed to true when merging config $_POST['config']['looknfeel']['show_credit'] = array_key_exists('show_credit', $_POST['config']['looknfeel']) ? 1 : 0; $config = merge_config($_POST['config'], $config); // checking rights $this->checkRights($errors, $config); // Checking database connection $this->checkDatabaseConf($errors, $config); // If Upload monitoring lib is selected check if it's installed if ($config['app']['progress_monitor'] != '') { $progressMonitor = $config['app']['progress_monitor']; $progressMonitor = new $progressMonitor(); if (!$progressMonitor->isInstalled()) { $errors[] = array('title' => 'Your system is not configured for ' . get_class($progressMonitor), 'msg' => 'Read <a href="http://github.com/UAPV/FileZ/blob/master/doc/INSTALL.markdown" target="_blank">the INSTALL file</a> for help'); } } // Is CAS authentication, check requirements if ($config['app']['auth_handler_class'] == 'Fz_Controller_Security_Cas' && !function_exists('curl_init')) { $errors[] = array('title' => 'PHP extension "cURL" is required for CAS authentication but is not installed', 'msg' => 'Use php5-curl on debian to install it'); } // Checking User factory connection if ($config['app']['user_factory_class'] == 'Fz_User_Factory_Ldap') { $this->checkUserFactoryLdapConf($errors, $config); } // do not check user factory if database. //elseif ($config['app']['user_factory_class'] == 'Fz_User_Factory_Database') // $this->checkUserFactoryDatabaseConf ($errors, $config); // Checking email $this->checkEmailConf($errors, $config); // If no errors or if the user ignored them, save the config and create // the database if (empty($errors) || array_key_exists('ignore_errors', $_POST)) { //$errors = array (); // Reset errors. // Try to save the file or display it $configFile = option('root_dir') . DIRECTORY_SEPARATOR . 'config' . DIRECTORY_SEPARATOR . 'filez.ini'; if (!fz_config_save($config, $configFile)) { $errors[] = array('title' => 'Can\'t save filez.ini.', 'msg' => 'Put the following code in the file "' . $configFile . '" :<textarea cols="60" rows="50">' . fz_serialize_ini_array($config, true) . '</textarea>'); } else { $notifs[] = 'Created file "' . $configFile . '"'; } try { $this->initDatabase(); $notifs[] = 'Database configured.<br/><br/> A default admin account has been created. Login ("<tt>admin</tt>" / "<tt>filez</tt>") and choose a new password.'; } catch (Exception $e) { $errors[] = array('title' => 'Can\'t initialize the database (' . $e->getMessage() . ')', 'msg' => 'Check your database configuration in config/filez.ini and re-run the SQL script "' . $initDbScript . '".'); } set('errors', $errors); set('notifs', $notifs); return html('install/finished.php'); } if (!empty($errors)) { set('errors', $errors); } } set('config', $config); set('locales_choices', $locales_choices); return html('install/index.php'); }
<?php header("Content-Type: text/html; charset=utf-8"); require_once './includes/initialize.php'; function __autoload($class_name) { if ($class_name != 'DbSimple_Mysqli' && $class_name != 'Smarty') { require_once CLASS_PATH . '/class.' . $class_name . '.php'; } } if (request_is_post()) { if (isset($_POST['cancel'])) { redirect_to('index.php'); } $ad = new Ad(AdsStorage::sanitizeFormData($_POST)); $ad->save(); redirect_to('index.php'); } $edit_id = ''; if (isset($_GET['id']) && isset($_GET['mode'])) { $id = (int) $_GET['id']; $mode = strip_tags($_GET['mode']); if ($mode == "show") { $edit_id = $id; } elseif ($mode == "delete") { Ad::delete($id); exit; //AJAX. Output isn't needed } } //could be chained methods -> -> ->