$_SESSION = array(); $_SESSION['NOT_BOT'] = 1; redirect(FORUM_ROOT . "search.php?action=show_new"); } } } } else { if ($action == 'out') { if ($forum_user['is_guest'] || !isset($_GET['id']) || $_GET['id'] != $forum_user['id']) { header('Location: ' . forum_link($forum_url['index'])); exit; } // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. // If it's in GET, we need to make sure it's valid. if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('logout' . $forum_user['id']))) { csrf_confirm_form(); } ($hook = get_hook('li_logout_selected')) ? eval($hook) : null; // Remove user from "users online" list. $query = array('DELETE' => 'online', 'WHERE' => 'user_id=' . $forum_user['id']); ($hook = get_hook('li_logout_qr_delete_online_user')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); // Update last_visit (make sure there's something to update it with) if (isset($forum_user['logged'])) { $query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']); ($hook = get_hook('li_logout_qr_update_last_visit')) ? eval($hook) : null; $forum_db->query_build($query) or error(__FILE__, __LINE__); } $expire = time() + 1209600; forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire); // Reset tracked topics
protected function _check_csrf_token($generated_token) { if (!isset($_POST['csrf_token']) && (!isset($this->csrf_token) || $this->csrf_token !== $generated_token)) { csrf_confirm_form(); } }
function pun_pm_get_page(&$page) { global $forum_url, $forum_user, $lang_common; $return = ($hook = get_hook('pun_pm_fn_get_page_new_page')) ? eval($hook) : null; if ($return != null) { return $return; } if ($page == 'write') { if (isset($_GET['message_id'])) { if (isset($_POST['pm_delete_inbox']) || isset($_POST['pm_delete_outbox'])) { if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== generate_form_token(forum_link($forum_url['pun_pm_edit'], $_GET['message_id']))) { csrf_confirm_form(); } return pun_pm_delete_message(array($_GET['message_id'])); } else { return pun_pm_edit_message(); } } if (isset($_POST['pm_delete'])) { if (isset($_POST['pm_delete_inbox']) || isset($_POST['pm_delete_outbox'])) { if (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== generate_form_token(forum_link($forum_url['pun_pm_write']))) { csrf_confirm_form(); } return pun_pm_delete_message($_POST['pm_delete']); } } return pun_pm_send_form(); } elseif ($page == 'compose') { $receiver_id = isset($_GET['receiver_id']) ? (int) $_GET['receiver_id'] : 0; return pun_pm_send_form(pun_pm_get_username($receiver_id)); } elseif ($page == 'outbox') { if (isset($_GET['message_id'])) { $message = pun_pm_get_message((int) $_GET['message_id'], 'outbox'); if ($message === false) { message($lang_common['Bad request']); } return pun_pm_message($message, 'outbox'); } return pun_pm_outbox(); } else { $page = 'inbox'; if (isset($_GET['message_id'])) { $message = pun_pm_get_message((int) $_GET['message_id'], 'inbox'); if ($message === false) { message($lang_common['Bad request']); } return pun_pm_message($message, 'inbox'); } return pun_pm_inbox(); } }
public function action_alerts_topics_off() { global $forum_db, $forum_user, $forum_url, $lang_common, $lang_fancy_alerts, $forum_flash, $ext_info; if ($forum_user['is_guest']) { message($lang_common['No permission']); } // TOPIC ID $tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0; if ($tid < 1) { message($lang_common['Bad request']); } // We validate the CSRF token. If it's set in POST and we're at this point, the token is valid. // If it's in GET, we need to make sure it's valid. if (!isset($_POST['csrf_token']) && (!isset($_GET['csrf_token']) || $_GET['csrf_token'] !== generate_form_token('fancy_alerts_topics_off' . $tid . $forum_user['id']))) { csrf_confirm_form(); } // LOAD LANG if (!isset($lang_fancy_alerts)) { if ($forum_user['language'] != 'English' && file_exists($ext_info['path'] . '/lang/' . $forum_user['language'] . '/' . $ext_info['id'] . '.php')) { require $ext_info['path'] . '/lang/' . $forum_user['language'] . '/' . $ext_info['id'] . '.php'; } else { require $ext_info['path'] . '/lang/English/' . $ext_info['id'] . '.php'; } } // GET TOPIC LAST_POST_TIME AND SUBJECT // Make sure the user can view the topic $query = array('SELECT' => 'subject, last_post', 'FROM' => 'topics AS t', 'JOINS' => array(array('LEFT JOIN' => 'forum_perms AS fp', 'ON' => '(fp.forum_id=t.forum_id AND fp.group_id=' . $forum_user['g_id'] . ')')), 'WHERE' => '(fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=' . $tid . ' AND t.moved_to IS NULL'); $result = $forum_db->query_build($query) or error(__FILE__, __LINE__); $cur_topic = $forum_db->fetch_assoc($result); if (!$cur_topic) { message($lang_common['Bad request']); } // DEL CURRENT TOPIC ALERTS $query = array('DELETE' => 'fancy_alerts_topics', 'WHERE' => 'user_id=' . $forum_user['id'] . ' AND topic_id=' . $tid); $forum_db->query_build($query) or error(__FILE__, __LINE__); $forum_flash->add_info($lang_fancy_alerts['Alerts Topics off redirect']); // REDIRECT TO INDEX redirect(forum_link($forum_url['topic'], array($tid, sef_friendly($cur_topic['subject']))), $lang_fancy_alerts['Alerts Topics off redirect']); }