/** * Validate CSRF token, GET only. * User will get logged out in case $logout=true and error reporting does not stop script. * * @access public * @param string $token_name (default: 'csrftoken') * @param bool $logout (default: true) * @return bool */ function validate_csrf_get_token($token_name = 'csrftoken', $logout = true) { if ($_SERVER['REQUEST_METHOD'] === 'GET' && count($_GET)) { if (empty($_GET[$token_name])) { if ($logout) { trigger_error('No CSRF GET token found, probable invalid request.', E_USER_ERROR); logout_user('csrf-get-invalid', 'danger'); } return false; } if ($_GET[$token_name] !== get_token_get_value($token_name)) { if ($logout) { trigger_error('Validating the CSRF GET token failed, probable an outdated request.', E_USER_ERROR); logout_user('csrf-get-failed', 'danger'); } return false; } } return true; }
if (phpwcms_revision_check_temp($phpwcms["revision"]) !== true) { _dbQuery('SET storage_engine=MYISAM', 'SET'); $revision_status = phpwcms_revision_check($phpwcms["revision"]); } // define vars $err = 0; $wcs_user = ''; // where user should be redirected too after login if (!empty($_POST['ref_url'])) { $ref_url = xss_clean($_POST['ref_url']); } elseif (!empty($_GET['ref'])) { $ref_url = xss_clean(rawurldecode($_GET['ref'])); } else { $ref_url = ''; } if ($_SERVER['REQUEST_METHOD'] === 'POST' && count($_POST) && $_POST['logintoken'] !== get_token_get_value('csrftoken')) { $csrf_error = true; } else { $csrf_error = false; } define('LOGIN_TOKEN', generate_get_token('csrftoken')); // reset all inactive users $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET "; $sql .= "logged_in = 0, logged_change = '" . time() . "' "; $sql .= "WHERE logged_in = 1 AND ( " . time() . " - logged_change ) > " . intval($phpwcms["max_time"]); mysql_query($sql, $db); //load default language EN require_once PHPWCMS_ROOT . '/include/inc_lang/backend/en/lang.inc.php'; //define language and check if language file is available if (isset($_COOKIE['phpwcmsBELang'])) { $temp_lang = strtoupper(substr(trim($_COOKIE['phpwcmsBELang']), 0, 2));
* @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- $count_sent = _dbQuery('SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_newsletterqueue WHERE queue_status=1 AND queue_pid=' . $newsletter['newsletter_id'], 'COUNT'); $count_queue = _dbQuery('SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_newsletterqueue WHERE queue_status=0 AND queue_pid=' . $newsletter['newsletter_id'], 'COUNT'); ?> <div id="messagesend" style="display:block;"> <form action="include/inc_act/act_sendnewsletter.php" method="get" target="sendframe" id="sendnewsletter" onsubmit="hideLayer('messagesend');showLayer('sendjobnow');" data-csrf="off"> <input type="hidden" name="csrftoken" value="<?php echo get_token_get_value('csrftoken'); ?> " /> <input type="hidden" name="newsletter_id" value="<?php echo intval($newsletter['newsletter_id']); ?> " /> <table border="0" cellpadding="0" cellspacing="0" summary=""> <tr><td colspan="2" class="title" style="padding-bottom:5px"><?php echo $BL['be_newsletter_sendnow']; ?> </td></tr> <tr><td colspan="2"><img src="img/lines/l538_70.gif" alt="" width="538" height="1" /></td></tr> <tr bgcolor="#DEF9AC"><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="5" /></td></tr> <tr bgcolor="#DEF9AC">