/** * is this input element posted? * @return boolean */ public function isPosted() { // check the hidden input field that is always send return isset($_POST[$this->name . '-isPosted']) && isPosted($this->name); }
<?php define("allow_inc", true); require_once "_func.global.php"; if (!isPosted()) { die("You can't access this file directly."); } if (!$user) { die("You're not logged in."); } require_once "scr/securimage/securimage.php"; $securimage = new Securimage(); if (!$securimage->check($_POST['captcha_code'])) { die("incorrect_captcha"); } $username = $user["uid"]; $password = $dbc->escape_string($_POST["password"]); $stmt = $dbc->stmt_init(); if (!$stmt->prepare("SELECT `uid`,`upw`,`salt`,`status` FROM `users` WHERE `uid` = ?")) { die("users_select_error [" . $stmt->error . "]"); } $stmt->bind_param("s", $username); $stmt->execute(); $stmt->bind_result($username, $current_password, $salt, $status); if ($stmt->fetch() === NULL) { die("user_not_found"); } if (sha1($salt . $password) !== $current_password) { die("incorrect_password"); } $new_password = sha1($salt . $_POST["password1"]);
<?php error_reporting(E_ALL); ini_set('display_errors', '1'); /* url query options: - clearReport=_ : will make it always prepare a new report id - purgeIncomplete=x : remove all incomplete reports in the db older than x minutes */ include "common.php"; //print_r($_POST); checkPurge(); $noError = true; if (isPosted()) { if ($noError = checkPostResult()) { if (db_checkFinalized()) { // this is a repost -- ignore restart_session(); prepareForm(); header("Location:report.php"); } else { db_saveFinalReport(); $confid = $REPDATA['id']; restart_session(); header("Location:thanks.php?conf={$confid}"); include "thanks.php"; exit; } } else { //preparePostedForm();