/**
* is this input element posted?
* @return boolean
*/
public function isPosted()
{
// check the hidden input field that is always send
return isset($_POST[$this->name . '-isPosted']) && isPosted($this->name);
}
<?php
define("allow_inc", true);
require_once "_func.global.php";
if (!isPosted()) {
die("You can't access this file directly.");
}
if (!$user) {
die("You're not logged in.");
}
require_once "scr/securimage/securimage.php";
$securimage = new Securimage();
if (!$securimage->check($_POST['captcha_code'])) {
die("incorrect_captcha");
}
$username = $user["uid"];
$password = $dbc->escape_string($_POST["password"]);
$stmt = $dbc->stmt_init();
if (!$stmt->prepare("SELECT `uid`,`upw`,`salt`,`status` FROM `users` WHERE `uid` = ?")) {
die("users_select_error [" . $stmt->error . "]");
}
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($username, $current_password, $salt, $status);
if ($stmt->fetch() === NULL) {
die("user_not_found");
}
if (sha1($salt . $password) !== $current_password) {
die("incorrect_password");
}
$new_password = sha1($salt . $_POST["password1"]);
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
/*
url query options:
- clearReport=_ : will make it always prepare a new report id
- purgeIncomplete=x : remove all incomplete reports in the db older than x minutes
*/
include "common.php";
//print_r($_POST);
checkPurge();
$noError = true;
if (isPosted()) {
if ($noError = checkPostResult()) {
if (db_checkFinalized()) {
// this is a repost -- ignore
restart_session();
prepareForm();
header("Location:report.php");
} else {
db_saveFinalReport();
$confid = $REPDATA['id'];
restart_session();
header("Location:thanks.php?conf={$confid}");
include "thanks.php";
exit;
}
} else {
//preparePostedForm();
