Пример #1
0
function csrfguard_validate_token($unique_form_name, $token_value)
{
    $token = get_from_session($unique_form_name);
    if ($token === false) {
        return true;
    } elseif ($token === $token_value) {
        $result = true;
    } else {
        $result = false;
    }
    unset_session($unique_form_name);
    return $result;
}
Пример #2
0
include_once 'functions.php';
$sid = intval($_COOKIE['sid']);
if (array_key_exists('pre_email', $_REQUEST)) {
    $email = htmlentities($_REQUEST['pre_email'], ENT_QUOTES);
    if (USE_MTURK) {
        $mturk_id = htmlentities($_REQUEST['pre_mturk_id'], ENT_QUOTES);
    } else {
        $mturk_id = false;
    }
    $age = intval($_REQUEST['pre_age']);
    $songId = intval($_REQUEST['songId']);
    $zip = '' . intval($_REQUEST['pre_zip']);
    edit_session(array('pre_email' => $email, 'sid' => $sid, 'pre_zip' => $zip, 'pre_mturk_id' => $mturk_id, 'pre_age' => $age, 'songId' => intval($_REQUEST['songId'])), false, 'pre');
} else {
    $email = get_from_session($sid, 'pre_email');
    $songId = get_from_session($sid, 'songId', true);
}
//get the treatment and its properties for the current session
$treatment = getTreatmentForSession($sid);
$box_value = '';
// get $opt and $prepop based on code
$group_code = $_SESSION['group_code'];
// get $opt from code
$opt = getOptionFromCode($group_code);
// get prepop from code
$prepop = getPrepopFromCode($group_code);
if ($prepop == 'fill') {
    $box_value = htmlentities($email, ENT_QUOTES);
}
$box_display = 'block';
$box_hidden = false;
Пример #3
0
<?php

// change_password_action.php
include_once "config.php";
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}
$current_user = get_from_session("current_user");
if (is_null($current_user)) {
    store_in_session("message", "You must login to access this page");
    header("Location: index.php");
    return;
}
$current_password = $_POST["current_password"];
$new_password = $_POST["new_password"];
$new_password2 = $_POST["new_password2"];
$data = R::getRow("select * from users where username=? and password=md5(?)", array($current_user["username"], $current_password));
if (count($data) == 0) {
    store_in_session("message", "Current password incorrect");
} else {
    if ($new_password != $new_password2) {
        store_in_session("message", "New passwords dont match");
    } else {
        $sql = "update users set password = md5(?) where username=?";
        R::exec($sql, array($new_password, $current_user["username"]));
        store_in_session("message", "New password successfully updated!");
    }
}
header("Location: change_password.php");
Пример #4
0
<?php

include_once "header.php";
?>
<div id="next_steps_container">
	<div class="next_steps_header">
		<p>
			<a href="./">Home</a>
		</p>
		<h1>Next steps</h1>
	</div>

	<?php 
$approval_required = get_from_session("approval_required");
if ($approval_required == 0) {
    ?>

	<!-- For users who do not need admin approval -->
	<div>
		<p>Thank for registering and your registration details have been accepted. Now you can login and explore Madhwa connect services.</p>

		<p>As part of our anti-spam policy, we have sent an mail to your registered email address. You will receive the same in a while. Please check your "Junk Mail" folder also.</p>

		<p>Please click the link in the email to update the additional information.</p>
		<p>You may close this window now. </p>
	</div>

	<?php 
} else {
    ?>
$num_01 = 0;
$num_undef = 0;
$num_err = 0;
if ($approve) {
    for ($i = 0; $i < count($wids); $i++) {
        if (in_array($wids[$i], $previously_affected)) {
            continue;
        }
        $sid = get_sid_from_mturk_id($wids[$i]);
        $finished = has_finished_by_sid($sid);
        if ($finished) {
            if (!$dry) {
                $res = $mturk->approveHIT($aids[$i]);
            }
            if ($giveBonus) {
                $email_sent = get_from_session($sid, 'email_sent');
                $bonus = 0;
                $data[$i]['bonus'] = 0.51;
                $bonusstr = '';
                if (strstr($email_sent, 'true')) {
                    $bonusstr = "You subscribed to SafeDelivery, therefore your bonus is \$0.01.";
                    $bonus = 0.01;
                    $num_01++;
                } elseif (strstr($email_sent, 'false')) {
                    $bonusstr = "You did not subscribe to SafeDelivery, therefore your bonus is \$0.50.";
                    $bonus = 0.5;
                    $num_50++;
                } elseif (strstr($email_sent, 'undef')) {
                    $num_undef++;
                } else {
                    $num_err++;
include_once "header.php";
include_once "functions.php";
?>
		<div id="register_container">
			<div class="fogot_password_header">
				<h1>We just mailed you</h1>
			</div>
			<div>
				<p>We just sent a password-reset link to your registered email addrss. Read the mail and follow the instructions, and you can change your password.
				</p>
				<p>In case if you did not receive a mail from us, please do check in your spam/junkmail folder</p>
			</div>
			<form class="uiv2-form" action="send_password_reset_link.php" method="post">
				<input type="hidden" name="username_email" 
					value="<?php 
echo get_from_session("email_for_password_reset");
?>
" />

				<fieldset>
				    <div class="legend">In case if you did not receive the mail..</div>
				    <div class="uiv2-form-row">
				    	<div class="gap" ></div>
				    </div>
				    <?php 
// add the username/email_address here as a hidden field.
?>
				    <div class="uiv2-form-row">
				    	<span class="uiv2-form-label"></span>
				        <div class="uiv2-form-input">
				        	If you want us to send the link again, please click the button below.
Пример #7
0
    }
    if (isset($_REQUEST[$param])) {
        $res = $_SESSION[$param] = $_REQUEST[$param];
    }
    return $res;
}
session_start();
ini_set('display_errors', true);
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
if (version_compare(phpversion(), '5.1.0', '<') == true) {
    die('PHP5.1 or higher!');
}
ob_implicit_flush();
ob_end_flush();
// langugage
$lang = get_from_session("lang", "ru");
// Константы:
define('DIRSEP', DIRECTORY_SEPARATOR);
// Узнаём путь до файлов сайта
$site_path = realpath(dirname(dirname(__FILE__)) . DIRSEP) . DIRSEP;
define('site_path', $site_path);
// Регистрируем загрузчик классов
function __autoload($class_name)
{
    $filename = strtolower($class_name) . '.php';
    $file = site_path . 'classes' . DIRSEP . $filename;
    if (file_exists($file) == false) {
        return false;
    }
    include $file;
}
Пример #8
0
<?php

session_start();
// Continues running the experiment until the user has finished the group
include 'config.php';
include 'functions.php';
// Get session
$sid = intval($_COOKIE['sid']);
$db = db_connect();
$group = get_from_session($sid, 'group_num');
$transaction = get_from_session($sid, 'transaction');
$treatment = get_from_session($sid, 'treatment_id');
$action = $_GET['sendEmail'];
// based on user choice in purchase.php
$post_email = $_GET['post_email'];
$mediaId = $_GET['mediaId'];
if ($action == 'true') {
    // email needs to be sent
    // adds media id to array
    if (isset($_SESSION['mediaId'])) {
        $_SESSION['mediaId'][] = $mediaId;
    } else {
        $_SESSION['mediaId'] = array($mediaId);
    }
    $action = 1;
} else {
    $action = 0;
}
// Insert results into database
$q = "INSERT INTO treatment_selections(sid, treatment_id, action)\n\t\t  VALUES({$sid}, {$treatment}, {$action})";
runQuery($db, $q, false);
Пример #9
0
function getEmailForCurrentSession()
{
    if (!array_key_exists('sid', $_COOKIE)) {
        return 'NO SESSION';
    }
    $db = db_connect();
    $sid = intval($_COOKIE['sid']);
    return get_from_session($sid, 'post_email');
}
Пример #10
0
         $data = R::getRow($sql, array($username, $password));
         if (count($data) == 0) {
             header("Location: ./login_f.php");
             store_in_session("message", "Invalid username/password");
             return;
         } else {
             if (session_status() == PHP_SESSION_NONE) {
                 session_start();
             }
             if ($data["registration_status"] == "suspended") {
                 header("Location: ./login_f.php");
                 store_in_session("message", "Your account is suspended");
                 return;
             }
             store_in_session("current_user", $data);
             $redirect_to = get_from_session("redirect_to");
             remove_from_session("redirect_to");
             if ($redirect_to == null) {
                 $redirect_to = "index.php";
             }
             header("Location: ./{$redirect_to}");
             if (isset($_POST["keep_me_logged_in"])) {
                 // user wants to be remembered by the browser
                 // send a kookie
                 setcookie("token", $data["id"], time() + 365 * 24 * 60 * 60);
             } else {
             }
             return;
         }
     }
 }