function Process() { $this->errors = array(); if ($_POST[ self::fieldName ] && $this->objects[$_POST[ self::fieldName ]]) { $csrf = new CSRFProtect(); if (!$csrf->ValidateToken()) { $this->errors = array("who are you and where did you come from ?"); return; } $this->errors = $this->objects[$_POST[ self::fieldName ]]->ParsePostMessage( $_POST ); if (!$this->errors) { $this->successURL = str_replace("{%NEWID%}",rawurlencode($this->objects[$_POST[ self::fieldName ]]->GetInsertionID()),$this->successURL); if ($this->redirectOnSuccess) { redirect($this->successURL."#success"); exit(); } } } }
$metaValues["og:type"] = "website"; $metaValues["twitter:card"] = "photo"; $metaValues["twitter:site"] = "@pouetdotnet"; if ($main->screenshotPath) { $metaValues["og:image"] = $metaValues["twitter:image"] = POUET_CONTENT_URL . $main->screenshotPath; } } $csrf = new CSRFProtect(); if ($_POST["wlAction"] && $currentUser) { if (!$csrf->ValidateToken()) exit(); if ($_POST["wlAction"]=="removeFromWatchlist") { SQLLib::Query(sprintf_esc("delete from watchlist where prodID = %d and userID = %d",$prodid,$currentUser->id)); } else if ($_POST["wlAction"]=="addToWatchlist") { $a = array("prodID"=>$prodid,"userID"=>$currentUser->id); SQLLib::InsertRow("watchlist",$a); } if ($_POST["partial"]) { $csrf->PrintToken(); if ($_POST["wlAction"]=="addToWatchlist")
$sel = new SQLSelect(); $sel->AddField("logos.id as id"); $sel->AddField("logos.file as file"); $sel->AddTable("logos"); $sel->AddJoin("LEFT","logos_votes",sprintf_esc("logos_votes.logo = logos.id AND logos_votes.user = %d",$currentUser->id)); $sel->AddWhere("logos_votes.id IS NULL"); $sel->AddOrder("RAND()"); if (get_login_id() && $_POST["logoID"] && $_POST["submit"]) { $vote = 0; if ($_POST["submit"] == "rulez") $vote = 1; if ($_POST["submit"] == "sucks") $vote = -1; $csrf = new CSRFProtect(); if ($vote && $csrf->ValidateToken()) { SQLLib::Query(sprintf_esc("delete from logos_votes where logo = %d and user = %d",$_POST["logoID"],$currentUser->id)); $a = array(); $a["logo"] = (int)$_POST["logoID"]; $a["user"] = $currentUser->id; $a["vote"] = $vote; SQLLib::InsertRow("logos_votes",$a); } SQLLib::Query(sprintf_esc("update logos set vote_count = (select sum(vote) from logos_votes where logo = %d) where id = %d",(int)$_POST["logoID"],(int)$_POST["logoID"])); // ajax if ($_POST["partial"]==1) {