function requestValidateWriteAccess()
{
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
echo 'Invalid request';
die;
}
requestValidateReadAccess();
if (!csrf_check(false)) {
echo 'Unsupported request';
die;
}
return true;
}
{
$r = '';
for ($i = 0; $i < 32; $i++) {
$r .= chr(mt_rand(0, 255));
}
$r .= time() . microtime();
return sha1($r);
}
/**
* Generates a hash/expiry double. If time isn't set it will be calculated
* from the current time.
*/
function csrf_hash($value, $time = null)
{
if (!$time) {
$time = time();
}
return sha1(csrf_get_secret() . $value . $time) . ',' . $time;
}
// Load user configuration
if (function_exists('csrf_startup')) {
csrf_startup();
}
// Initialize our handler
if ($GLOBALS['csrf']['rewrite']) {
ob_start('csrf_ob_handler');
}
// Perform check
if (!$GLOBALS['csrf']['defer']) {
csrf_check();
}
protected function validateCSRF()
{
if (!csrf_check(false)) {
throw new Exception('Unsupported request');
}
}
function csrf_start($use_show_error = false)
{
csrf_check($use_show_error);
csrf_rewrite();
}
$asset_id = $asset->get_id();
$user_id = $user->id();
$payment_id = null;
$balance = null;
$balance = $asset->get_balance($user);
$payment_id = $asset->get_payment_id($user);
// If payment id was not found, create one
if (!$payment_id or isset($_POST['new_payment_id'])) {
$asset->create_payment_id($user);
refresh();
}
if (isset($_POST['withdraw_xmr'])) {
$amount = trim($_POST['xmr_amount']);
// Prepare POST data
$post = array('address' => trim($_POST['xmr_address']), 'payment_id' => trim($_POST['xmr_payment_id']), 'amount' => $amount, 'mixin' => filter_var($_POST['xmr_mixin'], FILTER_VALIDATE_INT, array('options' => array('default' => $asset_config['default_mixin'], 'min_range' => $asset_config['min_mixin'], 'max_range' => $asset_config['max_mixin']))), 'receivable_amount' => bc::op($amount, '-', $asset_config['withdraw_fee']), 'asset_id' => $asset->id);
if (!csrf_check($_POST['csrf_token'])) {
$error->set('xmr_address', 'Invalid CSRF, session expired. Please refresh.');
}
if (!$asset->valid_address($post['address'])) {
$error->set('xmr_address', 'Please enter a valid XMR Address');
}
if (!$asset->valid_payment_id($post['payment_id'])) {
$error->set('xmr_payment_id', 'Please enter a valid Payment ID (64 characters, alpha-numeric string) or leave the field empty to send without payment id');
}
if (!$asset->valid_amount($post['amount'])) {
$error->set('xmr_amount', 'Enter a valid amount');
}
if (!$asset->valid_withdraw($post['amount'], $asset_config['withdraw_fee'])) {
$error->set('xmr_amount', 'Enter a valid amount');
}
if (!$asset->available_balance($user, $post['amount'])) {
require_once 'classes/class.user.php';
require_once 'classes/class.log.php';
require_once 'classes/class.asset.php';
require_once 'classes/asset/cryptonote/class.cryptonote.php';
require_once 'classes/asset/cryptonote/class.wallet.php';
require_once 'classes/asset/cryptonote/class.daemon.php';
// Include asset classes (if any)
foreach ($config['asset'] as $asset_id => $conf) {
if (!isset($conf['properties'])) {
continue;
}
$short_name = $conf['properties']['short_name'];
$path = 'classes/asset/cryptonote/' . strtoupper($short_name) . '/class.' . strtolower($short_name) . '.php';
if (file_exists($path)) {
include $path;
}
$path = 'classes/asset/cryptonote/' . strtoupper($short_name) . '/class.' . strtolower($short_name) . '.daemon.php';
if (file_exists($path)) {
include $path;
}
$path = 'classes/asset/cryptonote/' . strtoupper($short_name) . '/class.' . strtolower($short_name) . '.wallet.php';
if (file_exists($path)) {
include $path;
}
}
$error = new Error();
// Logout user
if (isset($_POST['logout']) and csrf_check($_POST['csrf_token'])) {
User::logout();
refresh();
}
<?php
error_reporting(0);
require_once './libs/csrf-magic/csrf-magic.php';
require_once './vendor/autoload.php';
//if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) {
// // request is not using SSL, redirect to https, or fail
// header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
// exit();
//}else
if ($_SERVER['REQUEST_METHOD'] == 'POST' && csrf_check() === true && isset($_POST['userEmail']) && isset($_POST['newPassword']) && isset($_POST['vPassword']) && isset($_GET['token'])) {
echo "<br>";
echo "restoring password...";
echo "<br>";
$password = trim($_POST['newPassword']);
$vPassword = trim($_POST['vPassword']);
$userEmail = trim($_POST['userEmail']);
$token = trim($_GET['token']);
$passwordValidationService = new \Validators\ValidatorService();
$validationStatus = $passwordValidationService->recoveryValidator($userEmail, $password, $vPassword);
if ($validationStatus === 0) {
$restoreService = new \PhpServicesKit\PasswordRecovery\RecoveryService();
$resetPassword = $restoreService->restoreNewPassword($userEmail, $password, $token);
if ($resetPassword === 0) {
echo "\n <meta name='viewport' content='width=device-width'/>\n <p style='color: lawngreen'>Password has been restored successfully</p>\n ";
} else {
echo "\n <meta name='viewport' content='width=device-width'/>\n <p style='color: red'>Error restoring password. Try again</p>\n ";
}
} else {
echo "\n <meta name='viewport' content='width=device-width'/>\n <p style='color: red'>Missing data, incorrect or password too weak. You need at least 8 char password</p>\n ";
}
<?php
include('include/header.php');
switch($_POST['act'])
{
case 'Send': // Reply
if(!csrf_check()) Output::HardError('Session error. Try again.');
//Lurk more?
if($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_REPLY)
{
add_error('Lurk for at least ' . REQUIRED_LURK_TIME_REPLY . ' seconds before posting your first reply.');
}
// Flood control.
$too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_REPLY;
$res=DB::Execute(sprintf('SELECT 1 FROM {P}PMs WHERE pmFrom = \'%s\' AND pmDateSent > %d',$_SERVER['REMOTE_ADDR'], $too_early));
if($res->RecordCount() > 0)
{
add_error('Wait at least ' . FLOOD_CONTROL_REPLY . ' seconds between each reply. ');
}
//Check inputs
list($_POST['title'],$_POST['body'])=Check4Filter($_POST['title'],$_POST['body']);
$reply=new PM();
$reply->To = $_POST['to'];
$reply->From =$User->ID;
$reply->Title = $_POST['title'];
$reply->Body = $_POST['body'];