public function upload($username)
{
if (!get('_csrf') or !csrf(get('_csrf'))) {
return response::error('unauthenticated access');
}
$user = $this->user($username);
if (!$user) {
return response::error(l('users.avatar.error.missing'));
}
if (!site()->user()->isAdmin() and !$user->isCurrent()) {
return response::error('You are not allowed to upload an avatar for this user');
}
$root = $user->avatar() ? $user->avatar()->root() : $user->avatarRoot('{safeExtension}');
$upload = new Upload($root, array('accept' => function ($upload) {
if ($upload->type() != 'image') {
throw new Error(l('users.avatar.error.type'));
}
}));
if ($upload->file()) {
thumb::$defaults['root'] = dirname($upload->file()->root());
$thumb = new Thumb($upload->file(), array('filename' => $upload->file()->filename(), 'overwrite' => true, 'width' => 256, 'height' => 256, 'crop' => true));
kirby()->trigger('panel.avatar.upload', $user->avatar());
return response::success(l('users.avatar.success'));
} else {
return response::error($upload->error()->getMessage());
}
}
public function replace($id = null)
{
if (!get('_csrf') or !csrf(get('_csrf'))) {
return response::error('unauthenticated access');
}
$filename = get('filename');
$file = $this->file($id, $filename);
$blueprint = blueprint::find($this->page($id));
$upload = new Upload($file->root(), array('overwrite' => true, 'accept' => function ($upload) use($file) {
if ($upload->mime() != $file->mime()) {
throw new Error(l('files.replace.error.type'));
}
}));
if ($file = $upload->file()) {
try {
$this->checkUpload($file, $blueprint);
kirby()->trigger('panel.file.replace', $file);
return response::success('success');
} catch (Exception $e) {
$file->delete();
return response::error($e->getMessage());
}
} else {
return response::error($upload->error()->getMessage());
}
}
protected function _load_js()
{
$this->template->js_page->prepend(script(js_var('ajax_disabled', $this->_ajax_disabled)), FALSE, TRUE);
if (!$this->_ajax_disabled && $this->config->item('csrf_protection')) {
$this->template->js_page->prepend(script(js_var('csrf', csrf())), FALSE, TRUE);
}
$this->template->js->prepend($this->combine->js_folder('libs', 2, array('jquery-latest.js', 'bootstrap/bootstrap-tooltip.js'))->js_folder('history', 1, array('history.js'), array('history.html4.js'))->js_folder('winx')->js_folder('ui')->js_folder('social')->js_folder('', 1)->build('js'));
}
function json($obj)
{
$CI =& get_instance();
if ($CI->input->is_ajax_request() && $CI->input->server('REQUEST_METHOD') === 'POST') {
$obj = (array) $obj + array('js' => js_var('csrf', csrf()));
}
$CI->output->enable_profiler(FALSE);
$CI->output->set_content_type('application/json');
$CI->output->set_header('Cache-Control: no-cache, must-revalidate');
$CI->output->set_header('Expires: ' . date('r', time() + 86400 * 365));
$CI->output->set_output(json_encode($obj));
$CI->output->_display();
exit;
}
/**
* Facepalm typo alias
* @see csrf()
*/
function csfr($check = null)
{
return csrf($check);
}
</td>
<td><?php
echo $category['name'];
?>
</td>
<td>
<a href="category_edit.php?id=<?php
echo $category['id'];
?>
" class="btn btn-default">Edit</a>
<a href="?delete=<?php
echo $category['id'];
?>
&<?php
echo csrf();
?>
" class="btn btn-error" onclick="return confirm('Sur de sur?');">Supprimer</a>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
<?php
include '../partials/footer.php';
<?php
use Crazy\Form;
return function ($site, $pages, $page) {
$studio = $page->parent();
$form = new Form(['_token' => ['rules' => ['required', csrf(get('_token'))], 'message' => 'Invalid security token. Please try again.'], 'name' => ['rules' => ['required'], 'message' => 'Name is required'], 'email' => ['rules' => ['required', 'email'], 'message' => 'Valid email is required'], 'phone' => [], 'message' => []]);
if (r::is('post')) {
if ($form->validates()) {
flash('messages.success', "Thanks! We'll be back in touch very soon!");
event('studio.contacted', array_merge(['studio' => $studio], $form->data()));
}
go($page->url());
}
return ['studio' => $studio, 'form' => $form];
};
$url_arr = split('/', $_SERVER['PHP_SELF']);
if (!isset($url_arr[2])) {
$url_arr[2] = '/';
}
if (!isset($url_arr[3])) {
$url_arr[3] = '';
}
$ctrl = $url_arr[2];
$method = $_SERVER['REQUEST_METHOD'];
$param = $url_arr[3];
//router
if ($ctrl == '/' && $method == 'GET') {
include 'view/index.php';
}
if ($ctrl == 'forums' && $method == 'GET') {
$csrf = csrf();
if ($param === '') {
include 'view/forums.php';
} else {
include 'view/forum.php';
}
}
if ($ctrl == 'forum' && $method == 'GET') {
if ($param === '') {
$con = new forumController();
$con->return_forums_list();
} else {
$con = new postController();
$con->return_posts_list($param);
}
}
/**
* Validate csrf token
*
* @param $token
* @return mixed
*/
function validate_token($token)
{
return csrf()->validateRequestToken($token);
}
/**
* Instatiate the Dashboard Controller
*
* @return void
*/
public function __construct()
{
$this->form = new Form(['_token' => ['rules' => ['required', csrf(get('_token'))], 'message' => 'Invalid token. Please try again.'], '_redirect' => [], 'username' => ['rules' => ['required'], 'message' => 'Username is required'], 'password' => ['rules' => ['required'], 'message' => 'Password is required', 'flash' => false]]);
}
<?php
use Jevets\Kirby\Form;
return function ($site, $pages, $page) {
$form = new Form(['_token' => ['rules' => ['required', csrf(get('_token'))], 'message' => 'Invalid security token. Please try again.', 'flash' => false], 'name' => ['rules' => ['required'], 'message' => 'Please enter your name'], 'email' => ['rules' => ['required', 'email'], 'message' => 'Please enter your email'], 'phone' => ['rules' => ['required'], 'message' => 'Please enter your phone number'], 'studio' => ['rules' => ['required'], 'message' => 'Please select a studio location'], 'date' => ['rules' => ['required'], 'message' => 'Please specify a date for your party'], 'time' => ['rules' => ['required'], 'message' => 'Please specify a time for your party'], 'type' => [], 'access' => [], 'duration' => [], 'comments' => []]);
$types = ['Birthday', 'Anniversary'];
$artwork = null;
if ($workSlug = get('artwork')) {
if ($artworkPage = page("gallery/{$workSlug}")) {
$artwork = $artworkPage;
}
}
if (r::is('post')) {
if ($form->validates()) {
flash('messages.success', "Thanks! We have received your request and will be back in touch very soon!");
$data = $form->data();
if ($artwork) {
$data['artwork'] = $artwork;
}
$studio = page("studios/{$data['studio']}");
event('party.requested', array_merge($data, ['studio' => $studio]));
}
go($page->url() . '?artwork=' . get('artwork'));
}
return compact('form', 'types', 'artwork');
};
ReDirect('index.php');
}
define('ROLE', 'visitor');
$i['user']['role'] = 'visitor';
template('login');
doAction('login_page_4');
die;
} elseif (SYSTEM_PAGE == 'reg') {
if (defined('ROLE')) {
ReDirect('index.php');
}
define('ROLE', 'visitor');
$i['user']['role'] = 'visitor';
template('reg');
doAction('reg_page_4');
die;
} elseif (isset($_GET['pub_plugin'])) {
define('ROLE', 'visitor');
define('SYSTEM_READY_LOAD_PUBPLUGIN', true);
} elseif (SYSTEM_PAGE == 'admin:logout') {
csrf();
doAction('logout');
setcookie("uid", '', time() - 3600);
setcookie("toolpw", '', time() - 3600);
setcookie("pwd", '', time() - 3600);
ReDirect('index.php?mod=login');
} elseif (!defined('UID') && !defined('SYSTEM_DO_NOT_LOGIN')) {
define('ROLE', 'visitor');
$i['user']['role'] = 'visitor';
ReDirect('index.php?mod=login');
}
<?php
use Crazy\Form;
use Stripe\Stripe;
use Stripe\Charge;
return function ($site, $pages, $page) {
$event = $page->parent();
$studio = $event->studio();
$promoForm = new Form(['coupon_code' => []]);
$form = new Form(['_token' => ['rules' => ['required', csrf(get('_token'))], 'message' => 'Invalid security token. Please try again.'], 'name' => ['rules' => ['required'], 'message' => 'Name is required'], 'email' => ['rules' => ['required', 'email'], 'message' => 'Valid email is required'], 'phone' => ['rules' => ['required'], 'message' => 'Phone is required'], 'comments' => [], 'card_number' => ['rules' => ['required'], 'message' => 'Card number is required', 'flash' => false], 'exp_month' => ['rules' => ['required'], 'message' => 'Expiration month is required', 'flash' => false], 'exp_year' => ['rules' => ['required'], 'message' => 'Expiration year is required', 'flash' => false], 'cvc' => ['rules' => ['required', 'num'], 'message' => 'CVC is required', 'flash' => false], 'billing_name' => ['rules' => ['required'], 'message' => 'Cardholder name is required', 'flash' => false], 'billing_zip' => ['rules' => ['required'], 'message' => 'Cardholder ZIP is required', 'flash' => false]]);
$order = new CrazyEventOrder($page->parent());
// Redirect if no guests
if (!$order->hasGuests()) {
flash('messages.error', 'Please add at least one guest to continue.');
go($order->event()->ticketsUrl());
}
// Handle the post submission
if (r::is('post')) {
if (get('coupon')) {
// find the coupon with this code
$coupon = $order->applyCoupon(get('coupon_code'));
if (!$coupon) {
$promoForm->addError('coupon_code', 'Sorry, that coupon is not available.');
}
} else {
if ($form->validates()) {
// Accept the payment
try {
$stripeMode = env('STRIPE_API_MODE', 'test');
if ($stripeMode == 'test') {
Stripe::setApiKey(env('STRIPE_TEST_SECRET_KEY'));
foreach ($images as $image) {
?>
<li>
<img class="img" src="<?php
echo WEBROOT;
?>
img/<?php
echo $image['name'];
?>
" title="<?php
echo $image['name'];
?>
" width="100%"><br>
| <a href="?delete=<?php
echo $image['id'] . '&' . csrf();
?>
" onclick="return('Sur sur sur ?')">Supprimer</a>
</li>
<?php
}
?>
</ul>
<div class="paginate">
<p><?php
if ($cp > 1) {
echo ' <a href="' . WEBROOT . 'admin/my_creations.php?p=' . ($cp - 1) . '">previous</a>';
}
?>