/**
* Validate CSRF token, GET only.
* User will get logged out in case $logout=true and error reporting does not stop script.
*
* @access public
* @param string $token_name (default: 'csrftoken')
* @param bool $logout (default: true)
* @return bool
*/
function validate_csrf_get_token($token_name = 'csrftoken', $logout = true)
{
if ($_SERVER['REQUEST_METHOD'] === 'GET' && count($_GET)) {
if (empty($_GET[$token_name])) {
if ($logout) {
trigger_error('No CSRF GET token found, probable invalid request.', E_USER_ERROR);
logout_user('csrf-get-invalid', 'danger');
}
return false;
}
if ($_GET[$token_name] !== get_token_get_value($token_name)) {
if ($logout) {
trigger_error('Validating the CSRF GET token failed, probable an outdated request.', E_USER_ERROR);
logout_user('csrf-get-failed', 'danger');
}
return false;
}
}
return true;
}
if (phpwcms_revision_check_temp($phpwcms["revision"]) !== true) {
_dbQuery('SET storage_engine=MYISAM', 'SET');
$revision_status = phpwcms_revision_check($phpwcms["revision"]);
}
// define vars
$err = 0;
$wcs_user = '';
// where user should be redirected too after login
if (!empty($_POST['ref_url'])) {
$ref_url = xss_clean($_POST['ref_url']);
} elseif (!empty($_GET['ref'])) {
$ref_url = xss_clean(rawurldecode($_GET['ref']));
} else {
$ref_url = '';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && count($_POST) && $_POST['logintoken'] !== get_token_get_value('csrftoken')) {
$csrf_error = true;
} else {
$csrf_error = false;
}
define('LOGIN_TOKEN', generate_get_token('csrftoken'));
// reset all inactive users
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET ";
$sql .= "logged_in = 0, logged_change = '" . time() . "' ";
$sql .= "WHERE logged_in = 1 AND ( " . time() . " - logged_change ) > " . intval($phpwcms["max_time"]);
mysql_query($sql, $db);
//load default language EN
require_once PHPWCMS_ROOT . '/include/inc_lang/backend/en/lang.inc.php';
//define language and check if language file is available
if (isset($_COOKIE['phpwcmsBELang'])) {
$temp_lang = strtoupper(substr(trim($_COOKIE['phpwcmsBELang']), 0, 2));
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
$count_sent = _dbQuery('SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_newsletterqueue WHERE queue_status=1 AND queue_pid=' . $newsletter['newsletter_id'], 'COUNT');
$count_queue = _dbQuery('SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_newsletterqueue WHERE queue_status=0 AND queue_pid=' . $newsletter['newsletter_id'], 'COUNT');
?>
<div id="messagesend" style="display:block;">
<form action="include/inc_act/act_sendnewsletter.php" method="get" target="sendframe" id="sendnewsletter" onsubmit="hideLayer('messagesend');showLayer('sendjobnow');" data-csrf="off">
<input type="hidden" name="csrftoken" value="<?php
echo get_token_get_value('csrftoken');
?>
" />
<input type="hidden" name="newsletter_id" value="<?php
echo intval($newsletter['newsletter_id']);
?>
" />
<table border="0" cellpadding="0" cellspacing="0" summary="">
<tr><td colspan="2" class="title" style="padding-bottom:5px"><?php
echo $BL['be_newsletter_sendnow'];
?>
</td></tr>
<tr><td colspan="2"><img src="img/lines/l538_70.gif" alt="" width="538" height="1" /></td></tr>
<tr bgcolor="#DEF9AC"><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="5" /></td></tr>
<tr bgcolor="#DEF9AC">
