Пример #1
0
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
    header("Location: checkout.php");
    die;
}
// Enforce authentication
if (!isset($_SESSION["auth"])) {
    header("Location: index.php");
    die;
}
if (!isset($_POST["csrf_token"])) {
    http_response_code(400);
    echo "err: no csrf token included in request";
    die;
}
$token = $_POST["csrf_token"];
if (!validate_csrf("checkout_form", $token)) {
    http_response_code(400);
    echo "err: incorrect csrf token (validation error)";
    die;
}
$count = 0;
$items = $db->getAllItemsInShop();
for ($i = 0; $i < count($items); $i++) {
    if (isset($_SESSION['shopping_cart'][$i])) {
        $count += $_SESSION['shopping_cart'][$i];
        print $_SESSION['shopping_cart'][$i] . ' "' . $items[$i] . '" <br>';
        unset($_SESSION["shopping_cart"][$i]);
    }
}
if ($count == 0) {
    print 'You need to purchase something in order to get a receipt...?';
Пример #2
0
    load_user_plugins($_SESSION["uid"]);
}
$purge_intervals = array(0 => __("Use default"), -1 => __("Never purge"), 5 => __("1 week old"), 14 => __("2 weeks old"), 31 => __("1 month old"), 60 => __("2 months old"), 90 => __("3 months old"));
$update_intervals = array(0 => __("Default interval"), -1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly"));
$update_intervals_nodefault = array(-1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly"));
$access_level_names = array(0 => __("User"), 5 => __("Power User"), 10 => __("Administrator"));
$op = str_replace("-", "_", $op);
$override = PluginHost::getInstance()->lookup_handler($op, $method);
if (class_exists($op) || $override) {
    if ($override) {
        $handler = $override;
    } else {
        $handler = new $op($_REQUEST);
    }
    if ($handler && implements_interface($handler, 'IHandler')) {
        if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
            if ($handler->before($method)) {
                if ($method && method_exists($handler, $method)) {
                    $handler->{$method}();
                } else {
                    if (method_exists($handler, "catchall")) {
                        $handler->catchall($method);
                    }
                }
                $handler->after();
                return;
            } else {
                header("Content-Type: text/json");
                print error_json(6);
                return;
            }
Пример #3
0
<?php

session_start();
require_once './form_funcs.php';
validate_csrf();
?>

<b>session: <?php 
echo $_SESSION['csrf_token'];
?>
</b>
<pre style="text-align: left;">
<?php 
print_r($_POST);
?>
</pre>

<?php 
if ($_POST['website'] != '') {
    if (is_valid_url($_POST['website'])) {
        $title = fetch_url_title($_POST['website']);
        if (!$title) {
            $title = "&lt;title&gt; tag could not be found.";
        }
    } else {
        $title = "INVALID URL given.";
    }
} else {
    // They didn't pass us a website, it must be something else.
    // I'm beginning to think a ?type=website, ?type=book, etc would be easier.
    $title = "&lt;not website&gt;";