function __construct()
{
global $GET, $db;
date_default_timezone_set(\query\main::get_option('timezone'));
$db->query("SET time_zone='" . date('P') . "'");
$GLOBALS['siteURL'] = \site\utils::site_url();
$GLOBALS['me'] = \user\main::is_logged();
$this->template = \query\main::get_option('theme');
$this->language = $this->language();
$this->ap_language = $this->admin_panel_language();
if (isset($GET['loc'])) {
$this->page_type = $GET['loc'];
} else {
$this->page_type = 'index';
}
$this->id = isset($GET['id']) ? $GET['id'] : '';
}
<input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required />
<input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required />
<button>' . $LANG['reset_pwd_button'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
$pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
try {
\user\main::recovery_password($_POST['forgot_password_form'], '../', 1);
$form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
$form .= '<form action="#" method="POST">
<input type="text" name="forgot_password_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required />
<button>' . $LANG['recovery'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
}
echo $form;
?>
<div style="margin: 20px 0 0 0; text-align: center;">
<a href="?">← <?php
echo $LANG['login'];
?>
</a>
</div>
' . (empty($item->coupons) ? $LANG['no_coupons_store'] : '<a href="?route=coupons.php&store=' . $item->ID . '">' . sprintf($LANG['nr_coupons_store'], $item->coupons) . '</a>') . '</div>
</div>
<div style="clear:both;"></div>
<div class="options">';
if ($ab_edt) {
echo '<a href="?route=stores.php&action=edit&id=' . $item->ID . '">' . $LANG['edit'] . '</a>';
echo '<a href="' . \site\utils::update_uri('', array('type' => !$item->visible ? 'publish' : 'unpublish', 'id' => $item->ID, 'token' => $csrf)) . '">' . (!$item->visible ? $LANG['publish'] : $LANG['unpublish']) . '</a>';
}
if ($ab_add) {
echo '<a href="?route=coupons.php&action=add&store=' . $item->ID . '&category=' . $item->catID . '">' . $LANG['coupons_add_button'] . '</a>';
}
if ($ab_del) {
echo '<a href="' . \site\utils::update_uri('', array('action' => 'delete', 'id' => $item->ID, 'token' => $csrf)) . '" data-delete-msg="' . $LANG['delete_store'] . '">' . $LANG['delete'] . '</a>';
}
if ($feed_view && $item->feedID !== 0) {
echo '<a href="?route=feed.php&action=coupons&store=' . $item->feedID . '">' . $LANG['feed_coupons_link'] . '</a>';
}
echo '</div>
</li>';
}
echo '</ul>
<input type="hidden" name="csrf" value="' . $csrf . '" />
</form>';
if (isset($p['prev_page']) || isset($p['next_page'])) {
echo '<div class="pagination">';
if (isset($p['prev_page'])) {
function edit_store_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$store = \query\main::store_infos($id);
if ($store->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>';
}
/* */
$store_image = $store->image;
$form = '<div class="edit_store_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_store_form']);
try {
$post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd);
$store_image = $post_info->image;
$form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#" enctype="multipart/form-data">
<div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label>
<div><select name="edit_store_form[category]" id="edit_store_form[category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
$wcat = '<optgroup label="' . $cat['infos']->name . '">';
$wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
$wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
$wcat .= '</optgroup>';
$form .= $wcat;
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div>
<div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div>
<div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" />
<span>Note:* max width: 600px, max height: 400px.</span></div></div>
<input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_store_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
$sendy_template_root = substr($_POST['sendy_template_root'], -1) == '/' ? $_POST['sendy_template_root'] : $_POST['sendy_template_root'] . '/';
$sendy_query_string = isset($_POST['sendy_query_string']) ? $_POST['sendy_query_string'] : '';
if (actions::set_option(array('sendy_query_string' => $sendy_query_string, 'sendy_brand_id' => $_POST['sendy_brand_id'], 'sendy_list_id' => $_POST['sendy_list_id'], 'sendy_reply_to' => $_POST['sendy_reply_to'], 'sendy_from_email' => $_POST['sendy_from_email'], 'sendy_from_name' => $_POST['sendy_from_name'], 'sendy_api_key' => $_POST['sendy_api_key'], 'sendy_url' => $sendy_url, 'sendy_template_root' => $sendy_template_root))) {
echo '<div class="a-success">Saved!</div>';
} else {
echo '<div class="a-error">Error!</div>';
}
} else {
echo '<div class="a-error">Param Error (' . isset($_POST['sendy_brand_id']) . ',' . isset($_POST['sendy_list_id']) . ',' . isset($_POST['sendy_reply_to']) . ',' . isset($_POST['sendy_from_email']) . ',' . isset($_POST['sendy_from_name']) . ',' . isset($_POST['sendy_api_key']) . ',' . isset($_POST['sendy_url']) . ')</div>';
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo '<div class="a-error">Signature Error</div';
}
}
$csrf = $_SESSION['slider_csrf'] = \site\utils::str_random(10);
switch ($_GET['action']) {
default:
echo '
<div class="title">
<h2>Sendy settings</h2>
<span>Modify Sendy settings</span>
</div>
';
echo '<form action="#" method="POST">
<div class="form-table">
public static function while_rewards_reqs($category = array())
{
global $db;
$categories = \site\utils::validate_user_data($category);
$where = $orderby = $limit = array();
if (isset($categories['max'])) {
if (!empty($categories['max'])) {
$limit[] = $categories['max'];
}
} else {
$page = !empty($_GET['page']) ? (int) $_GET['page'] : 1;
$per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page');
$offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0;
$limit[] = $offset;
$limit[] = $per_page;
}
/*
WHERE / ORDER BY
*/
if (!empty($categories['user'])) {
$where[] = 'user = "******"';
}
if (!empty($categories['reward'])) {
$where[] = 'reward = "' . (int) $categories['reward'] . '"';
}
if (!empty($categories['search'])) {
$search = implode('.*', explode(' ', trim($categories['search'])));
$where[] = 'fields REGEXP "' . \site\utils::dbp($search) . '"';
}
if (isset($categories['show'])) {
$show = strtolower($categories['show']);
switch ($show) {
case 'valid':
$where[] = 'claimed = 1';
break;
case 'notvalid':
$where[] = 'claimed = 0';
break;
}
}
if (isset($categories['orderby'])) {
$order = array_map('trim', explode(',', strtolower($categories['orderby'])));
foreach ($order as $v) {
switch ($v) {
case 'rand':
$orderby[] = 'RAND()';
break;
case 'date':
$orderby[] = 'date';
break;
case 'date desc':
$orderby[] = 'date DESC';
break;
case 'points':
$orderby[] = 'points';
break;
case 'points desc':
$orderby[] = 'points DESC';
break;
}
}
}
/*
*/
$stmt = $db->stmt_init();
$stmt->prepare("SELECT id, name, user, points, reward, (SELECT COUNT(*) FROM " . DB_TABLE_PREFIX . "rewards WHERE id = r.reward), fields, claimed, date FROM " . DB_TABLE_PREFIX . "rewards_reqs r" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit)));
$stmt->execute();
$stmt->bind_result($id, $name, $user, $points, $reward, $reward_exists, $fields, $claimed, $date);
$data = array();
while ($stmt->fetch()) {
$data[] = (object) array('ID' => $id, 'name' => htmlspecialchars($name), 'user' => $user, 'points' => $points, 'reward' => $reward, 'reward_exists' => $reward_exists > 0 ? 1 : 0, 'fields' => @unserialize($fields), 'claimed' => $claimed, 'date' => $date);
}
$stmt->close();
return $data;
}
echo '<div class="a-success">' . $LANG['msg_added'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
} else {
if (isset($_GET['delete'])) {
if (actions::delete_widget($zone_id, $_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
$token = $_SESSION['widgets_csrf'] = \site\utils::str_random(10);
/* */
$zone_widgets = \query\main::show_widgets($zone_id, '../');
/* */
echo '<div class="form-table">
<ul class="elements-list el-two">
<li class="head">' . $LANG['widgets_available'] . '</li>';
$available = widgets::available_list();
foreach ($available as $ID => $widget) {
echo '<li>
<div class="info-div">' . htmlspecialchars($widget['name']) . '</div>
<div class="options">
<a href="?route=widgets.php&zone=' . $zone_id . '&id=' . $ID . '&add&token=' . $token . '">' . $LANG['add'] . '</a>
</div>';
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_register']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['register']);
try {
$session = \user\main::register($pd);
$response['state'] = 'success';
$response['message'] = $LANG['register_success'];
$response['session'] = $GLOBALS['siteURL'] . '/setSession.php?session=' . $session;
unset($_SESSION['csrf']['ajax_register']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
$answer = $payment->execute_payment();
echo '<div class="success">' . $LANG['payments_msg_confirmed'] . '</div>';
/*
Action after purchase, add credits or something ...
*/
// add user credits
$delivered = \user\update::add_credits($GLOBALS['me']->ID, $plan->credits);
// update transaction
// state, userID, paid, delivered, transactionID
\query\payments::update_payment(array($answer['state'], $GLOBALS['me']->ID, 1, $delivered, $answer['id']));
} catch (Exception $e) {
echo '<div class="error">' . $e->getMessage() . '</div>';
}
}
}
$csrf = $_SESSION['payment_csrf'] = \site\utils::str_random(10);
echo '<div class="table">';
echo '<section>
<h2>' . $LANG['payments_title_infos'] . '</h2>
<ul class="table2">
<li><span>' . $LANG['form_price'] . ':</span> <b>' . $plan->price_format . '</b></li>
<li><span>' . $LANG['form_plan'] . ':</span> <b>' . $plan->name . '</b></li>
<li><span>' . $LANG['form_credits'] . ':</span> <b>' . $plan->credits . '</b></li>
<li><span>' . $LANG['form_description'] . ':</span> ' . $plan->description . '</li>
</ul>
</section>
<section>';
<?php
$json = array();
foreach (admin_query::while_chat_messages(array('max' => 5, 'orderby' => 'date DESC')) as $item) {
$json[] = array('id' => $item->ID, 'avatar' => \query\main::user_avatar($item->user_avatar), 'name' => $item->user_name, 'text' => \site\utils::bbcodes($item->text), 'date' => $item->date, 'gfdate' => date('Y.m.d, ' . (\query\main::get_option('hour_format') == 12 ? 'g:i A' : 'G:i'), strtotime($item->date)));
}
echo json_encode($json);
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_subscribe']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['subscribe']);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
$type = \user\main::subscribe($id, $pd);
$response['state'] = 'success';
$response['message'] = $type == 1 ? sprintf($LANG['newsletter_reqconfirm'], $pd['email']) : $LANG['newsletter_success'];
unset($_SESSION['csrf']['ajax_subscribe']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
<div style="text-align: right; margin-bottom: 10px;">
<a href="<?php
echo tlink('user/claim-history');
?>
" class="btn">Claims History</a>
</div>
<?php
if (($pagination = have_rewards(array('show' => 'active'))) && $pagination['results'] > 0) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && \site\utils::check_csrf($_POST['csrf'], 'claim_reward')) {
echo create_reward_request();
// without this function rewards can't be claimed
}
$csrf = $_SESSION['claim_reward'] = \site\utils::str_random(12);
echo '<div>';
foreach (rewards(array('show' => 'active', 'orderby' => 'points')) as $item) {
echo '<section class="array_item twopl">
<div class="table">
<div class="left">
<img src="' . reward_avatar($item->image) . '" alt="" style="height: 60px; width: 60px;">
</div>
<div class="right">
<div class="title">' . $item->title . '</div>
<div class="info">Requires: <b style="color: #0086CE; font-weight: 900;">' . $item->points . '</b> Points</div>
<div class="description">' . (!empty($item->description) ? nl2br($item->description) : '-') . '</div>
</div>
<div class="wrapper">
<?php
$form = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) {
$pd = \site\utils::validate_user_data($_POST['login_form']);
try {
$session = \user\main::login($pd, 1);
$form .= '<div class="success">' . $LANG['login_success'] . '</div>';
$form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12);
echo $form;
?>
<form action="#" method="POST">
<input type="text" name="login_form[username]" value="<?php
echo isset($pd['username']) ? htmlspecialchars($pd['username']) : '';
?>
" placeholder="<?php
echo $LANG['form_email'];
?>
" required />
<input type="password" name="login_form[password]" placeholder="<?php
echo $LANG['form_password'];
?>
" required />
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_login']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['login']);
try {
$session = \user\main::login($pd);
$response['state'] = 'success';
$response['message'] = $LANG['login_success'];
$response['session'] = $GLOBALS['siteURL'] . '/setSession.php?session=' . $session;
unset($_SESSION['csrf']['ajax_login']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
echo '</div>';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['chat_csrf']) && check_csrf($_POST['chat_csrf'], 'chat_csrf') && isset($_POST['text'])) {
actions::post_chat_message($_POST['text']);
}
}
$_SESSION['chat_csrf'] = $chat_csrf;
echo '<ul class="elements-list" id="chat-msgs-list">';
if ($chatmsgs = admin_query::chat_messages() > 0) {
foreach (admin_query::while_chat_messages(array('max' => 5, 'orderby' => 'date DESC')) as $item) {
echo '<li>
<div style="display: table;">
<img src="' . \query\main::user_avatar($item->user_avatar) . '" alt="" />
<div class="info-div"><h2>' . $item->user_name . '
<span class="fright date">' . date('Y.m.d, ' . (\query\main::get_option('hour_format') == 12 ? 'g:i A' : 'G:i'), strtotime($item->date)) . '</span></h2>
<div class="info-bar">' . \site\utils::bbcodes($item->text) . '</div>
</div></div>
</li>';
}
} else {
echo '<li>' . $LANG['no_chat_yet'] . '</li>';
}
echo '</ul>';
if ($chatmsgs > 0) {
echo '<div class="links">
<a href="?route=chat.php">' . $LANG['chat_list'] . '</a>
</div>';
}
echo '</div>
</section>';
public static function upload($file, $prefix, $etc = array('name' => '', 'location' => '', 'current' => '', 'path' => '', 'max_size' => '', 'max_height' => '', 'max_width' => ''), $delete_old_file = true)
{
if (!isset($etc['path'])) {
$etc['path'] = '';
}
if (!isset($file['tmp_name'])) {
// check if file is empty, local or external url
if (empty($file)) {
return isset($etc['current']) ? $etc['current'] : false;
} else {
if (filter_var($file, FILTER_VALIDATE_URL)) {
$ufile['tmp_name'] = $etc['path'] . TEMP_LOCATION . '/' . basename($file);
$ufile['size'] = @file_put_contents($ufile['tmp_name'], file_get_contents($file));
} else {
$ufile['tmp_name'] = $etc['path'] . TEMP_LOCATION . '/' . basename($file);
$ufile['size'] = @file_put_contents($ufile['tmp_name'], file_get_contents($etc['path'] . $file));
}
}
$ufile['name'] = basename($ufile['tmp_name']);
$file = $ufile;
}
if (!empty($etc['location'])) {
$location = $etc['location'];
} else {
$location = UPLOAD_IMAGES_LOC;
}
if (isset($file['size']) && (int) $file['size'] === 0) {
@unlink($file['tmp_name']);
return isset($etc['current']) ? $etc['current'] : false;
}
list($width, $height) = getimagesize($file['tmp_name']);
if (isset($etc['max_size']) && $etc['max_size'] * 1024 < $file['size'] || isset($etc['max_height']) && $etc['max_height'] < $height || isset($etc['max_width']) && $etc['max_width'] < $width) {
if (!empty($file['tmp_name'])) {
// delete the temporary file
@unlink($file['tmp_name']);
}
return !empty($etc['current']) ? $etc['current'] : false;
// It's not a image in standars, size it's too big or filename it's empty. In this case return the current image, if is not set, then return false.
}
if (!\site\utils::file_has_extension($file['name'], '.jpg,.jpeg,.png,.gif')) {
if (!empty($file['tmp_name'])) {
// delete the temporary file
@unlink($file['tmp_name']);
}
return !empty($etc['current']) ? $etc['current'] : false;
// This file has not an allowed extension.
}
$new_name = !empty($etc['name']) && strtolower($etc['name']) !== 'auto' ? $etc['name'] : uniqid($prefix) . \site\utils::get_extension($file['name']);
if (file_exists($etc['path'] . $location . '/' . $new_name) || !copy($file['tmp_name'], $etc['path'] . $location . '/' . $new_name)) {
// delete the temporary file
@unlink($file['tmp_name']);
return !empty($etc['current']) ? $etc['current'] : false;
}
if (!empty($etc['current']) && $delete_old_file === true) {
// delete the temporary file
@unlink($etc['path'] . $etc['current']);
}
// delete the temporary file
@unlink($file['tmp_name']);
return $location . '/' . $new_name;
}
public static function map_of_files_recursive($directory, $allowed_ext = '')
{
if (!is_dir($directory)) {
return false;
}
$dir = array();
foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory)) as $filename) {
if (\site\utils::file_has_extension($filename, $allowed_ext)) {
$dir[] = str_replace($directory, '', $filename);
}
}
return $dir;
}
} else {
if ($coupon_p['couponID'] > 0) {
echo '<div class="a-alert">Sorry, the coupon is already imported.</div>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['coupon'])) {
if (isset($_POST['csrf']) && check_csrf($_POST['csrf'], 'cjapi_csrf')) {
$data = array('store' => $store_p['storeID'], 'category' => $_POST['coupon']['Category'], 'popular' => isset($_POST['coupon']['Popular']) ? true : false, 'exclusive' => isset($_POST['coupon']['Exclusive']) ? true : false, 'name' => $_POST['coupon']['Title'], 'url' => !isset($_POST['coupon']['Ownlink']) && isset($_POST['coupon']['Link']) && filter_var($_POST['coupon']['Link'], FILTER_VALIDATE_URL) ? $_POST['coupon']['Link'] : '', 'code' => $_POST['coupon']['Code'], 'description' => $_POST['coupon']['Description'], 'tags' => $_POST['coupon']['Tags'], 'start_on' => implode($_POST['coupon']['SD'], ', '), 'end_on' => implode($_POST['coupon']['ED'], ', '), 'publish' => isset($_POST['coupon']['Publish']) ? true : false, 'meta_title' => $_POST['coupon']['MTitle'], 'meta_desc' => $_POST['coupon']['MDesc']);
if (\plugin\Popshop\inc\actions::add_item(array(array_merge($coupon_p, $data))) > 0) {
echo '<div class="a-success">Added!</div><button class="btn" onclick="window.history.go(-2);">Back</button>';
return;
} else {
echo '<div class="a-error">Error!</div>';
}
}
}
$csrf = $_SESSION['cjapi_csrf'] = \site\utils::str_random(10);
$store = \plugin\Popshop\inc\actions::get_import_store($store_p['storeID']);
echo '<div class="form-table">
<form action="#" method="POST" autocomplete="off">
<div class="row"><span>Category:</span>
<div><select name="coupon[Category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
echo '<optgroup label="' . $cat['infos']->name . '">';
echo '<option value="' . $cat['infos']->ID . '"' . ($store['category'] == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
echo '<option value="' . $subcat->ID . '"' . ($store['category'] == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
echo '</optgroup>';
<img src="' . (empty($item->image) ? '../' . DEFAULT_IMAGES_LOC . '/plugin_ico.png' : '../' . $item->image) . '" alt="" style="width: 70px;" />
<div class="info-div"><h2>' . ($item->visible !== 1 ? '<span class="msg-error">' . $LANG['notpublished'] . '</span> ' : '') . $item->name . '
<span class="fright date">' . date('Y.m.d, ' . (\query\main::get_option('hour_format') == 12 ? 'g:i A' : 'G:i'), strtotime($item->date)) . '</span></h2>
v ' . sprintf('%0.2f', $item->version) . '
</div>
</div>
<div style="clear:both;"></div>
<div class="options">';
if (empty($item->scope)) {
echo '<a href="?plugin=' . $item->main_file . '">' . $LANG['open'] . '</a>';
}
echo '<a href="?route=plugins.php&action=edit&id=' . $item->ID . '">' . $LANG['edit'] . '</a>';
echo '<a href="' . \site\utils::update_uri('', array('type' => !$item->visible ? 'publish' : 'unpublish', 'id' => $item->ID, 'token' => $csrf)) . '">' . (!$item->visible ? $LANG['publish'] : $LANG['unpublish']) . '</a>';
if (!empty($item->options_file)) {
echo '<a href="?plugin=' . $item->options_file . '">' . $LANG['options'] . '</a>';
}
echo '<a href="?route=plugins.php&action=uninstall&id=' . $item->ID . '">' . $LANG['plugins_uninstall'] . '</a>';
if (!empty($item->description)) {
echo '<a href="javascript:void(0)" onclick="$(this).show_next( { after_action: \'\', element: \'div\' } ); return false;">' . $LANG['description'] . '</a>';
echo '<div style="display: none; margin: 10px 0; font-size: 12px;">' . nltobr($item->description) . '</div>';
}
echo '</div>
</li>';
}
echo '</ul>
<input type="hidden" name="csrf" value="' . $csrf . '" />
<section class="msg">';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['token']) && isset($_POST['email']) && \site\utils::check_csrf($_POST['token'], 'sendunsubscr_csrf')) {
try {
$type = \user\main::unsubscribe(array('email' => $_POST['email']));
if ($type == 1) {
echo '<div class="success">' . sprintf($LANG['uunsubscr_reqsent'], $_POST['email']) . '</div>';
} else {
echo '<div class="success">' . $LANG['uunsubscr_ok'] . '</div>';
}
} catch (Exception $e) {
echo '<div class="error">' . $e->getMessage() . '</div>';
}
}
}
$csrf = $_SESSION['sendunsubscr_csrf'] = \site\utils::str_random(10);
echo '<h2 style="color: #000;">' . $LANG['uunsubscr_title'] . '</h2>
' . sprintf($LANG['uunsubscr_body'], '<span id="seconds">5</span>') . ' <br /><br />
<form method="POST" action="#" autocomplete="off">
<input type="email" name="email" value="' . (isset($_GET['email']) ? htmlspecialchars($_GET['email']) : '') . '" required />
<input type="hidden" name="token" value="' . $csrf . '" />
<button>Unsubscribe me</button>
</form> <br /><br />
<a href="index.php">' . $LANG['cancel'] . '</a>
</section>
</body>
</html>';
die;
} else {
if (isset($_GET['action']) && isset($_GET['email']) && isset($_GET['token']) && $_GET['action'] == 'unsubscribe2' && \user\mail_sessions::check('unsubscription', array('email' => $_GET['email'], 'session' => $_GET['token']))) {
$stmt = $db->stmt_init();
public static function while_invoices($category = array())
{
global $db;
$categories = \site\utils::validate_user_data($category);
$where = $orderby = $limit = array();
if (isset($categories['max'])) {
if (!empty($categories['max'])) {
$limit[] = $categories['max'];
}
} else {
$page = !empty($_GET['page']) ? (int) $_GET['page'] : 1;
$per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page');
$offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0;
$limit[] = $offset;
$limit[] = $per_page;
}
/*
WHERE / ORDER BY
*/
if (!empty($categories['search'])) {
$search = implode('.*', explode(' ', trim($categories['search'])));
$where[] = 'CONCAT(t.gateway, t.transaction_id, t.details) REGEXP "' . \site\utils::dbp($search) . '"';
}
if (isset($categories['show'])) {
switch ($categories['show']) {
case 'paid':
$where[] = 'paid > 0';
break;
case 'unpaid':
$where[] = 'paid = 0';
break;
case 'delivered':
$where[] = 'delivered > 0';
break;
case 'undelivered':
$where[] = 'delivered = 0';
break;
case 'undeliveredpayments':
$where[] = 'paid > 0 AND delivered = 0';
}
}
if (!empty($categories['date'])) {
$date = array_map('trim', explode(',', $categories['date']));
$where[] = 't.date >= FROM_UNIXTIME(' . \site\utils::dbp($date[0]) . ')';
if (isset($date[1])) {
$where[] = 't.date <= FROM_UNIXTIME(' . \site\utils::dbp($date[1]) . ')';
}
}
if (isset($categories['orderby'])) {
$order = array_map('trim', explode(',', strtolower($categories['orderby'])));
foreach ($order as $v) {
switch ($v) {
case 'rand':
$orderby[] = 'RAND()';
break;
case 'date':
$orderby[] = 't.date';
break;
case 'date desc':
$orderby[] = 't.date DESC';
break;
case 'price':
$orderby[] = 't.price';
break;
case 'price desc':
$orderby[] = 't.price DESC';
break;
}
}
}
/*
*/
$stmt = $db->stmt_init();
$stmt->prepare("SELECT t.id, t.user, u.name, u.avatar, t.gateway, t.price, t.transaction_id, t.state, t.details, t.lastupdate, t.paid, t.delivered, t.date FROM " . DB_TABLE_PREFIX . "p_transactions t LEFT JOIN " . DB_TABLE_PREFIX . "users u ON (u.id = t.user)" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit)));
$stmt->execute();
$stmt->bind_result($id, $user, $user_name, $user_avatar, $gateway, $price, $transaction_id, $state, $details, $last_update, $paid, $delivered, $date);
$data = array();
while ($stmt->fetch()) {
$data[] = (object) array('ID' => $id, 'user' => $user, 'user_name' => $user_name, 'user_avatar' => $user_avatar, 'gateway' => htmlspecialchars($gateway), 'price' => $price, 'price_format' => sprintf(PRICE_FORMAT, \site\utils::money_format($price)), 'transaction_id' => htmlspecialchars($transaction_id), 'state' => htmlspecialchars($state), 'details' => htmlspecialchars($details), 'last_update' => $last_update, 'paid' => $paid, 'delivered' => $delivered, 'date' => $date);
}
$stmt->close();
return $data;
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'news_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_news($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['news_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="news.php" />
<input type="hidden" name="action" value="list" />
' . $LANG['order_by'] . ':
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k || !isset($_GET['orderby']) && $k == 'date desc' ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>';
if (isset($_GET['search'])) {
echo '<input type="hidden" name="search" value="' . htmlspecialchars($_GET['search']) . '" />';
}
} else {
$cuerr++;
}
}
usleep(500000);
// let's put a break after every page, 500 000 microseconds. that means a half of a second
}
}
} catch (Exception $e) {
}
}
/*
IMPORT COUPONS
*/
try {
$coupons = $feed->coupons($options = array('store' => implode(',', array_values($ids)), 'view' => !isset($_GET['import_expired']) || $_GET['import_expired'] !== 'yes' ? 'active' : '', 'date' => \site\utils::timeconvert(date('Y-m-d, H:i:s', $last_check), $feed->timezone)));
if (!empty($coupons['Count'])) {
for ($cp = 1; $cp <= ceil($coupons['Count'] / 10); $cp++) {
if ($cp != 1) {
$coupons = $feed->coupons(array_merge(array('page' => $cp), $options));
}
foreach ($coupons['List'] as $coupon) {
if (!admin_query::coupon_imported($coupon->ID) && ($store = admin_query::store_imported($coupon->Store_ID)) && actions::add_item(array('feedID' => $coupon->ID, 'store' => $store->ID, 'category' => $store->catID, 'popular' => 0, 'exclusive' => 0, 'name' => $coupon->Title, 'link' => $coupon->URL, 'code' => $coupon->Code, 'description' => $coupon->Description, 'tags' => $coupon->Tags, 'cashback' => 0, 'start' => $coupon->Start_Date, 'end' => $coupon->End_Date, 'publish' => 1, 'meta_title' => '', 'meta_desc' => ''))) {
$csuc++;
} else {
$cerr++;
}
}
usleep(500000);
// let's put a break after every page, 500 000 microseconds. that means a half of a second
}
}
}
} else {
if (isset($_GET['action']) && isset($_GET['token']) && check_csrf($_GET['token'], 'banned_csrf')) {
if ($_GET['action'] == 'delete') {
if (isset($_GET['id'])) {
if (actions::delete_banned($_GET['id'])) {
echo '<div class="a-success">' . $LANG['msg_deleted'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['msg_error'] . '</div>';
}
}
}
}
}
$csrf = $_SESSION['banned_csrf'] = \site\utils::str_random(10);
echo '<div class="page-toolbar">
<form action="#" method="GET" autocomplete="off">
<input type="hidden" name="route" value="banned.php" />
<input type="hidden" name="action" value="list" />
Order by:
<select name="orderby">';
foreach (array('date' => $LANG['order_date'], 'date desc' => $LANG['order_date_desc']) as $k => $v) {
echo '<option value="' . $k . '"' . (isset($_GET['orderby']) && urldecode($_GET['orderby']) == $k ? ' selected' : '') . '>' . $v . '</option>';
}
echo '</select>';
if (isset($_GET['search'])) {
echo '<input type="hidden" name="search" value="' . htmlspecialchars($_GET['search']) . '" />';
}
echo '<div class="title">
<h2>' . $LANG['settings_general_title'] . '</h2>';
if (!empty($LANG['settings_general_subtitle'])) {
echo '<span>' . $LANG['settings_general_subtitle'] . '</span>';
}
echo '</div>';
if (isset($_SESSION['js_settings'])) {
if (isset($_GET['success']) && $_GET['success'] == 'true') {
echo '<div class="a-success">' . $LANG['msg_saved'] . '</div>';
} else {
echo '<div class="a-error">' . $LANG['settings_save_error'] . '</div>';
}
unset($_SESSION['js_settings']);
}
$csrf = $_SESSION['settings_csrf'] = \site\utils::str_random(10);
echo '<div class="form-table">
<form action="?route=post-actions.php&action=general-settings" method="POST">
<div class="row"><span>' . $LANG['settings_form_sitename'] . ':</span><div><input type="text" name="sitename" value="' . htmlspecialchars(\query\main::get_option('sitename')) . '" /></div></div>
<div class="row"><span>' . $LANG['settings_form_siteurl'] . ':</span><div><input type="text" name="siteurl" value="' . htmlspecialchars(\query\main::get_option('siteurl')) . '" /></div></div>
<div class="row"><span>' . $LANG['settings_form_sitedesc'] . ':</span><div><textarea name="description">' . \query\main::get_option('sitedescription') . '</textarea></div></div>
<div class="row"><span>' . $LANG['settings_form_itemspp'] . ':</span><div><input type="number" name="ipp" value="' . (int) \query\main::get_option('items_per_page') . '" /></div></div>
<div class="row"><span>' . $LANG['settings_form_userregs'] . ':</span>
<div>
<select name="registrations"><option value="opened">' . $LANG['settings_select_opened'] . '</option><option value="closed"' . (\query\main::get_option('registrations') != 'opened' ? ' selected' : '') . '>' . $LANG['settings_select_closed'] . '</option></select>
</div></div>
<div class="row"><span>' . $LANG['settings_form_accpip'] . ':</span>
function check_csrf($post, $session)
{
return \site\utils::check_csrf($post, $session);
}
function contact_form($loc = '')
{
global $LANG;
$form = '<div class="contact_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) {
$pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
\user\main::send_contact($pd);
$form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>';
unset($pd);
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#widget_contact">
<div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div>
<input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" />
<button>' . $LANG['send'] . '</button>
</form>
</div>';
return $form;
}
$coupons = array();
while ($stmt->fetch()) {
$coupon_link = $seo_link ? \site\utils::make_seo_link($seo_link_coupon, $c_title, $c_id) : $GLOBALS['siteURL'] . '?id=' . $c_id;
$store_link = $seo_link ? \site\utils::make_seo_link($seo_link_store, $s_name, $s_id) : $GLOBALS['siteURL'] . '?store=' . $s_id;
$c_expiration = str_replace(' 00:00:00', '', $c_expiration);
//build coupon html
$coupons['c_' . $c_id] = str_replace(array('{_BANNER_URL_}', '{_BANNER_IMAGE_}', '{_STORE_URL_}', '{_STORE_NAME_}', '{_ITEM_URL_}', '{_ITEM_NAME_}', '{_EXPIRE_TEXT_}'), array($coupon_link, $s_image, $store_link, $s_name, $coupon_link, $c_title, 'Expires on ' . $c_expiration), $template_favitem);
}
//list product
$search_products = "SELECT p.id, p.title, p.link, p.description, p.tags, p.image, p.currency, p.price, p.old_price, s.name, s.link, s.id, p.expiration FROM " . DB_TABLE_PREFIX . "products p LEFT JOIN " . DB_TABLE_PREFIX . "stores s ON (s.id = p.store) WHERE p.visible > 0 AND s.visible > 0 AND p.expiration > '" . $now . "' and p.store = " . $store;
$stmt->prepare($search_products);
$stmt->execute();
$stmt->bind_result($p_id, $p_title, $p_link, $p_description, $p_tags, $p_image, $p_currency, $p_price, $p_old_price, $s_name, $s_link, $s_id, $p_expiration);
while ($stmt->fetch()) {
$product_link = $seo_link ? \site\utils::make_seo_link($seo_link_product, $p_title, $p_id) : $GLOBALS['siteURL'] . '?product=' . $p_id;
$store_link = $seo_link ? \site\utils::make_seo_link($seo_link_store, $s_name, $s_id) : $GLOBALS['siteURL'] . '?store=' . $s_id;
$p_expiration = str_replace(' 00:00:00', '', $p_expiration);
//build coupon html
$coupons['p_' . $p_id] = str_replace(array('{_BANNER_URL_}', '{_BANNER_IMAGE_}', '{_STORE_URL_}', '{_STORE_NAME_}', '{_ITEM_URL_}', '{_ITEM_NAME_}', '{_EXPIRE_TEXT_}', '{_NOW_PRICE_}', '{_OLD_PRICE_}'), array($product_link, $p_image, $store_link, $s_name, $product_link, $p_title, 'Expires on ' . $p_expiration, $p_currency . $p_price, $p_currency . $p_old_price), $template_favsale);
}
$coupondata[$store] = $coupons;
}
foreach ($coupondata[$store] as $coupon_content) {
$strfav .= $coupon_content;
}
}
if ($strfav == '') {
$strnofav = $template_nofav;
} else {
$strfav = str_replace($fav_anchor, $strfav, $template_fav);
}
public static function while_plugins($category = array())
{
global $db;
$categories = \site\utils::validate_user_data($category);
$where = $orderby = $limit = array();
if (isset($categories['max'])) {
if (!empty($categories['max'])) {
$limit[] = $categories['max'];
}
} else {
$page = !empty($_GET['page']) ? (int) $_GET['page'] : 1;
$per_page = isset($categories['per_page']) ? (int) $categories['per_page'] : \query\main::get_option('items_per_page');
$offset = isset($page) && $page > 1 ? ($page - 1) * $per_page : 0;
$limit[] = $offset;
$limit[] = $per_page;
}
/*
WHERE / ORDER BY
*/
if (!empty($categories['search'])) {
$search = implode('.*', explode(' ', trim($categories['search'])));
$where[] = 'CONCAT(name, description) REGEXP "' . \site\utils::dbp($search) . '"';
}
if (isset($categories['show'])) {
$show = array_map('trim', explode(',', strtolower($categories['show'])));
foreach ($show as $v) {
switch ($v) {
case 'languages':
$where[] = 'scope = "language"';
break;
case 'payment_gateways':
$where[] = 'scope = "pay_gateway"';
break;
case 'feed_servers':
$where[] = 'scope = "feed_server"';
break;
case 'applications':
$where[] = 'scope = ""';
break;
}
}
}
if (isset($categories['orderby'])) {
$order = array_map('trim', explode(',', strtolower($categories['orderby'])));
foreach ($order as $v) {
switch ($v) {
case 'name':
$orderby[] = 'name';
break;
case 'name desc':
$orderby[] = 'name DESC';
break;
case 'date':
$orderby[] = 'date';
break;
case 'date desc':
$orderby[] = 'date DESC';
break;
}
}
}
/*
*/
$stmt = $db->stmt_init();
$stmt->prepare("SELECT id, user, name, image, scope, main, options, menu, menu_ready, menu_icon, extend_vars, description, version, update_checker, uninstall, visible, date FROM " . DB_TABLE_PREFIX . "plugins" . (empty($where) ? '' : ' WHERE ' . implode(' AND ', $where)) . (empty($orderby) ? '' : ' ORDER BY ' . implode(', ', array_filter($orderby))) . (empty($limit) ? '' : ' LIMIT ' . implode(',', $limit)));
$stmt->execute();
$stmt->bind_result($id, $user, $name, $image, $scope, $main_file, $options_file, $menu, $menu_ready, $menu_icon, $vars, $description, $version, $update_checker, $uninstall, $visible, $date);
$data = array();
while ($info = $stmt->fetch()) {
$data[] = (object) array('ID' => $id, 'user' => $user, 'name' => htmlspecialchars($name), 'image' => htmlspecialchars($image), 'scope' => htmlspecialchars($scope), 'main_file' => htmlspecialchars($main_file), 'options_file' => htmlspecialchars($options_file), 'menu' => $menu, 'menu_ready' => $menu_ready, 'menu_icon' => $menu_icon, 'vars' => @unserialize($vars), 'description' => htmlspecialchars($description), 'update_checker' => htmlspecialchars($update_checker), 'version' => $version, 'uninstall_preview' => @unserialize($uninstall), 'visible' => $visible, 'date' => $date);
}
$stmt->close();
return $data;
}
echo '</div>
</li>';
}
echo '</ul>
</form>';
if (($pages = ceil($stores['Count'] / 10)) > 1) {
$page = isset($_GET['page']) && (int) $_GET['page'] > 0 ? (int) $_GET['page'] : 1;
$page = $page > $pages ? $pages : $page;
echo '<div class="pagination">';
if ($page > 1) {
echo '<a href="' . \site\utils::update_uri('', array('page' => $page - 1)) . '" class="btn">' . $LANG['prev_page'] . '</a>';
}
if ($page < $pages) {
echo '<a href="' . \site\utils::update_uri('', array('page' => $page + 1)) . '" class="btn">' . $LANG['next_page'] . '</a>';
}
if ($pages > 1) {
echo '<div class="pag_goto">' . sprintf($LANG['pageofpages'], $page, $pages) . '
<form action="#" method="GET">';
foreach ($_GET as $gk => $gv) {
if ($gk !== 'page') {
echo '<input type="hidden" name="' . htmlspecialchars($gk) . '" value="' . htmlspecialchars($gv) . '" />';
}
}
echo '<input type="number" name="page" min="1" max="' . $pages . '" size="5" value="' . $page . '" />
<button class="btn">' . $LANG['go'] . '</button>
</form>
</div>';
}
echo '</div>';