} else { $message = getLang('reset_noemail'); } } } $ShowQuestionForm = 0; $SecretQuestion = ''; if ($_POST['_reqpass'] == 1 || $_POST['_pwdreset1'] == 1) { $pattern = '/^[\\_]*([a-z0-9]+(\\.|\\_*)?)+@([a-z][a-z0-9\\-]+(\\.|\\-*\\.))+[a-z]{2,6}$/i'; $check = preg_match($pattern, $_POST['rform_email']); if ($check == 0) { $_POST['rform_email'] = ''; $message = 'Invalid email'; } else { $db = new DBConnection(); $query = 'SELECT * FROM users WHERE user_email="' . $db->string_escape($_POST['rform_email']) . '" LIMIT 1'; $res = $db->rq($query); $row = $db->fetch($res); if (!$row['user_secret_question']) { $message = getLang('reset_noquest'); } else { $SecretQuestion = $row['user_secret_question']; $ShowQuestionForm = 1; } } } // $ShowQuestionForm=1; if ($ShowQuestionForm == 1) { include 'parts/show_question.php'; } else { include 'parts/forgot_box.php';
public function resetPasswordAnswer() { $db = new DBConnection(); $return = array(); $query = 'SELECT * FROM users WHERE user_email="' . $db->string_escape($_POST['rform_email']) . '" LIMIT 1'; $res = $db->rq($query); $row = $db->fetch($res); if (!isset($row['user_secret_answer'])) { $return['error'] = getLang('reset_noansw'); } else { if (strtolower(trim($_POST['rform_answer'])) == strtolower(trim($row['user_secret_answer']))) { $pattern = '/^[\\_]*([a-z0-9]+(\\.|\\_*)?)+@([a-z][a-z0-9\\-]+(\\.|\\-*\\.))+[a-z]{2,6}$/i'; $check = preg_match($pattern, $_POST['rform_email']); if ($check == 0) { $return['error'] = getLang('reset_invalid_email'); } else { $db = new DBConnection(); $query = 'SELECT u.*, ua1.advisor_names as user_advisor1, ua2.advisor_names as user_advisor2 FROM users u left join users_advisors ua1 on u.user_advisor1 = ua1.users_advisors_id left join users_advisors ua2 on u.user_advisor2 = ua2.users_advisors_id WHERE u.user_email="' . $_POST['rform_email'] . '" LIMIT 1'; $res = $db->rq($query); $num_rows = $db->num_rows($res); if ($num_rows > 0) { $row = $db->fetch($res); addLog('Front-end', 'Login', '' . $row['user_firstname'] . ' ' . $row['user_lastname'] . ' (' . $row['user_account_num'] . ')', 0, 'Password reset request.'); /*$possible = '0123456789abcdfghjklmnopqrstuvwxyzABCDFGHJKLMNOPQRSTUVWXYZ'; $newpass = ''; $i = 0; for($i=0;$i<8;$i++) { $newpass.= substr($possible, mt_rand(0, strlen($possible)-1), 1); } $query2='UPDATE users SET user_password="******", user_passisset=0 WHERE users_id='.($row['users_id']+0).''; $db->rq($query2); */ $query3 = 'SELECT * FROM mail_templates mt LEFT JOIN global_settings gs ON mt.mail_templates_id=gs.variable_value WHERE variable="Forgot password"'; $res3 = $db->rq($query3); $num_rows3 = $db->num_rows($res3); if ($num_rows3 > 0) { $row3 = $db->fetch($res3); $query4 = 'SELECT * FROM global_settings WHERE section="mail_settings"'; $res4 = $db->rq($query4); while (($row4 = $db->fetch($res4)) != FALSE) { if ($row4['variable'] == 'mail_mandrill_host' && $row4['variable_value'] != '') { $smtp_host = $row4['variable_value']; } if ($row4['variable'] == 'mail_mandrill_port' && $row4['variable_value'] != '') { $smtp_port = $row4['variable_value']; } if ($row4['variable'] == 'mail_mandrill_user' && $row4['variable_value'] != '') { $smtp_user = $row4['variable_value']; } if ($row4['variable'] == 'mail_mandrill_password' && $row4['variable_value'] != '') { $smtp_password = $row4['variable_value']; } } include 'nomad_mimemail.inc.php'; $mimemail = new nomad_mimemail(); $mimemail->set_charset("UTF-8"); if ($row3['mail_from'] != '') { $mimemail->set_from($row3['mail_from_mail'], $row3['mail_from']); $mimemail->set_reply_to($row3['mail_from_mail'], $row3['mail_from']); } else { $mimemail->set_from($row3['mail_from_mail']); $mimemail->set_reply_to($row3['mail_from_mail']); } $search_for = array('{user_first_name}', '{user_last_name}', '{user_username}', '{user_password}', '{user_password_org}', '{user_account_num}', '{user_account_name}', '{user_admin_ref}', '{user_phone}', '{user_email}', '{user_mailing_address}', '{user_city}', '{user_state}', '{user_postal}', '{user_country}', '{user_advisor1}', '{user_advisor2}', '{user_app_date}'); $replace_with = array($row['user_firstname'], $row['user_lastname'], $row['user_username'], $row['user_password'], $row['user_password'], $row['user_account_num'], $row['user_account_name'], $row['user_ref'], $row['user_phone'], $row['user_email'], $row['user_mailing_address'], $row['user_city'], $row['user_state'], $row['user_postal'], $row['user_country'], $row['user_advisor1'], $row['user_advisor2'], $row['user_app_date']); $row3['mail_html'] = str_replace($search_for, $replace_with, $row3['mail_html']); $row3['mail_plain'] = str_replace($search_for, $replace_with, $row3['mail_plain']); $t_search_for = array('{thanks}'); $t_replace_with_html = array(getLang('mails_thanks_html')); $t_replace_with_plain = array(getLang('mails_thanks_plain')); $row3['mail_html'] = str_replace($t_search_for, $t_replace_with_html, $row3['mail_html']); $row3['mail_plain'] = str_replace($t_search_for, $t_replace_with_plain, $row3['mail_plain']); $mimemail->set_subject($row3['mail_subject']); $mimemail->set_html($row3['mail_html']); $mimemail->set_text($row3['mail_plain']); $mimemail->set_to($_POST['rform_email'], '' . $row['user_firstname'] . ' ' . $row['user_lastname'] . ''); if ($row3['mail_bcc']) { $mimemail->set_bcc($row3['mail_bcc']); } $mimemail->set_smtp_host($smtp_host, $smtp_port); $mimemail->set_smtp_auth($smtp_user, $smtp_password); $mimemail->send(); } $db->close(); $return['success'] = getLang('rform_newpass'); } else { $return['error'] = getLang('reset_noemail'); } } } else { $return['error'] = getLang('reset_wrong'); } } if (isset($return['error'])) { $return['error'] = strip_tags($return['error']); } echo json_encode($return); }
<?php require '../../vendor/autoload.php'; require_once('ulogin/config/all.inc.php'); require_once('ulogin/main.inc.php'); require_once('auth.php'); if($_SESSION['admin']['is_logged']!=1) { header('Location: index.php'); exit(); } usleep(150000); require_once('../../classes/db.class.php'); $db=new DBConnection(); $validateStock=$db->string_escape($_GET['symbol']); $query='SELECT stocks_id FROM stocks WHERE stocks_symbol="'.$validateStock.'" LIMIT 1'; $res=$db->rq($query); $num_rows=$db->num_rows($res); if ($num_rows==0){ $valid = 'true'; }else{ $row=$db->fetch($res); if($row['stocks_id'] > 0 && isset($_SESSION['admin']['uedit']) && $row['stocks_id'] == $_SESSION['admin']['uedit']) { $valid = 'true'; }else{ $valid = 'false'; } } $db->close(); echo $valid;
<?php require '../../vendor/autoload.php'; require_once('ulogin/config/all.inc.php'); require_once('ulogin/main.inc.php'); require_once('auth.php'); if($_SESSION['admin']['is_logged']!=1) { header('Location: index.php'); exit(); } usleep(150000); require_once('../../classes/db.class.php'); $db=new DBConnection(); $validateRef=$db->string_escape($_GET['ref']); $query='SELECT users_advisors_id FROM users_advisors WHERE advisor_ref="'.$validateRef.'" LIMIT 1'; $res=$db->rq($query); $num_rows=$db->num_rows($res); if ($num_rows==0){ $valid = 'true'; }else{ $row=$db->fetch($res); if($row['users_advisors_id']>0&&$row['users_advisors_id']==$_SESSION['admin']['uedit']) { $valid = 'true'; }else{ $valid = 'false'; } } $db->close(); echo $valid; ?>
<?php session_start(); require '../vendor/autoload.php'; if ($_SESSION['user']['is_logged'] != 1) { header('Location: index.php'); exit; } usleep(150000); require_once '../classes/db.class.php'; $db = new DBConnection(); $validateEmail = $db->string_escape($_GET['user_email']); $query = 'SELECT user_account_num FROM users WHERE user_email="' . $validateEmail . '" LIMIT 1'; $res = $db->rq($query); $num_rows = $db->num_rows($res); if ($num_rows == 0) { $valid = 'true'; } else { $row = $db->fetch($res); if ($row['user_account_num'] > 0 && $row['user_account_num'] == $_SESSION['user']['user_account_num']) { $valid = 'true'; } else { $valid = 'false'; } } $db->close(); echo $valid;
require_once('../includes/ulogin/config/all.inc.php'); require_once('../includes/ulogin/main.inc.php'); require_once('../includes/auth.php'); if ($_SESSION['admin']['is_logged']!=1){ echo 'ERROR'; exit(); } require_once ('../../classes/db.class.php'); $db=new DBConnection(); $searchColumns=array('commodities_groups_id','commodities_groups_name'); $searchLimit=''; if (isset($_GET['iDisplayStart'])&&$_GET['iDisplayLength']!='-1'){ $searchLimit='LIMIT '.$db->string_escape($_GET['iDisplayStart']).', '.$db->string_escape($_GET['iDisplayLength']).''; } /* Ordering */ if (isset($_GET['iSortCol_0'])){ $searchOrder="ORDER BY "; for($i=0; $i<$db->string_escape($_GET['iSortingCols']); $i++ ){ $addComma=''; if($i!=0) $addComma.=', '; $searchOrder.=$addComma.fnColumnToField($db->string_escape($_GET['iSortCol_'.$i])).' '.$db->string_escape($_GET['iSortDir_'.$i]).''; } } $searchFor=''; if ($_GET['sSearch']!=''){
function addNewValue($details_id=0) { $JSCripts=' onchange="setDetails();"'; $db=new DBConnection(); $pcontent=''; $pcontent.=' <div class="mainHolder"> <div class="hintHolder ui-state-default"><b>Adding New Stock Values</b></div> <script type="text/javascript" src="../js/jquery.validate.js"></script> <script type="text/javascript" src="js/forms/stockValues.js"></script> <form name="addNewStockValue" method="POST" id="MainForms" action="">'; $query='SELECT * FROM stocks ORDER BY stocks_name ASC'; $res=$db->rq($query); $num = 1; $pcontent.='<div class="left">'; while (($row=$db->fetch($res))!=FALSE){ if($details_id > 0) { $details_id = $db->string_escape($details_id); $curval = $db->getRow('stock_details','stocks_id="'.$row['stocks_id'].'" AND details_ref="'.$details_id.'"','value, volume, date'); } else { $curval = $db->getRow('stock_details','stocks_id="'.$row['stocks_id'].'" ORDER BY date DESC','value, volume'); } if($curval){ $date = array_get($curval, 'date'); $pcontent.='<fieldset class="mainFormHolder"> <legend>Share</legend> <div class="formsLeft">Share:</div> <div class="formsRight"> <select name="stocks_id_'.$num.'" id="stocks_id_'.$num.'" class="text-input">'; $pcontent.='<option value="'.$row['stocks_id'].'">'.$row['stocks_symbol'].' ('.$row['stocks_name'].')</option>'; $pcontent.=' </select> </div><br /> <div class="formsLeft">Value:</div> <div class="formsRight"> <input class="required text-input align-right" type="text" name="value_'.$num.'" id="value_'.$num.'" value="'.$curval['value'].'"'.$JSCripts.' /> </div> <br /> <div class="formsLeft">Volume:</div> <div class="formsRight"> <input class="text-input align-right" type="text" name="volume_'.$num.'" id="volume_'.$num.'" value="'.$curval['volume'].'"'.$JSCripts.' /> </div><br /> </fieldset>'; } $num++; } $pcontent.='</div><div class="left"><fieldset class="mainFormHolder"> <legend>Date</legend> <div class="formsLeft">Value date:</div> <div class="formsRight"><input class="text-input" type="text" name="date_value" id="date_value" value="'.$date.'" /></div> <br />'; if($details_id) { $pcontent.='<input type="hidden" name="trade_ref" value="'.$details_id.'" />'; $pcontent.='<input type="button" name="_delete" value="'.getLang('sform_delbtn').'" class="submitBtn ui-state-default" onclick="if(confirm(\'Are you sure you want to delete the values from this date?\')) location=\'?action=delete_values&sid='.($details_id).'\';" />'; } $pcontent.='<input type="hidden" name="_form_submit" value="1" /> <input type="hidden" name="_new_value" value="1" /> <input type="submit" name="_submit" value="'.getLang('sform_savebtn').'" class="submitBtn ui-state-default" /> '; $pcontent.=' <input type="button" name="_cancel" value="'.getLang('sform_backbtn').'" class="submitBtn ui-state-default" onclick="location=\'stocks.php\';" /> </fieldset></div> </form> </div>'; return $pcontent; }
<?php require_once('template.php'); if(!$_SESSION['admin']['is_logged']) { header('Location: index.php'); exit(); } $_SESSION['admin']['selected_tab']=5; unset($_SESSION['admin']['uedit']); if(isset($_POST['_form_submit'])) { $db=new DBConnection(); foreach ($_POST AS $k=>$x) $_POST[$k]=$db->string_escape($x); if(($_POST['cid']+0)>0) { $query='UPDATE commodities SET commodities_groups_id="'.$_POST['commodities_groups_id'].'", commodities_name="'.($_POST['commodities_name']).'", commodities_symbol="'.$_POST['commodities_symbol'].'", commodities_contract_size="'.$db->string_escape($_POST['commodities_contract_size']).'", commodities_unit="'.$db->string_escape($_POST['commodities_unit']).'", commodities_status="'.$db->string_escape($_POST['commodities_status']).'", commodities_order_priority="'.$db->string_escape($_POST['commodities_order_priority']).'", commodities_def_fee="'.$db->string_escape($_POST['commodities_def_fee']+0).'", commodities_def_prem="'.$db->string_escape($_POST['commodities_def_prem']+0).'" WHERE commodities_id='.($_POST['cid']+0).''; $db->rq($query); addLog('Back-end','Back-end Settings, Commodities',0,''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Commodity edited ('.$_POST['commodities_symbol'].')'); }else { $query='INSERT INTO commodities SET commodities_groups_id="'.$_POST['commodities_groups_id'].'", commodities_name="'.($_POST['commodities_name']).'", commodities_symbol="'.$_POST['commodities_symbol'].'", commodities_contract_size="'.$db->string_escape($_POST['commodities_contract_size']).'", commodities_unit="'.$db->string_escape($_POST['commodities_unit']).'", commodities_status="'.$db->string_escape($_POST['commodities_status']).'", commodities_order_priority="'.$db->string_escape($_POST['commodities_order_priority']).'",
<?php require '../../vendor/autoload.php'; require_once('ulogin/config/all.inc.php'); require_once('ulogin/main.inc.php'); require_once('auth.php'); if(!isAppLoggedIn()) { header('Location: index.php'); exit(); } usleep(150000); require_once('../../classes/db.class.php'); $db=new DBConnection(); $validateUsername=$db->string_escape($_GET['user_username']); $query='SELECT users_id FROM users WHERE user_username="******" LIMIT 1'; $res=$db->rq($query); $num_rows=$db->num_rows($res); if ($num_rows==0){ $valid = 'true'; }else{ $row=$db->fetch($res); if($row['users_id']>0&&$row['users_id']==$_SESSION['admin']['uedit']) { $valid = 'true'; }else{ $valid = 'false'; } } $db->close(); echo $valid; ?>
addLog('Front-end', 'Login', '' . $_SESSION['user']['user_firstname'] . ' ' . $_SESSION['user']['user_lastname'] . ' (' . $_SESSION['user']['user_account_num'] . ')', 0, 'User successfully logged out'); unset($_SESSION['user']); if (!$_SESSION['admin']['is_logged']) { session_destroy(); } header('Location: index.php'); exit; } /** * Initialize the login */ if (isset($_POST['_login']) && $_POST['l_username'] != '' && $_POST['l_password'] != '') { $db = new DBConnection(); $UserIP = GetHostByName($_SERVER["REMOTE_ADDR"]); $username = $_POST['l_username']; $username = $db->string_escape($username); $password = $_POST['l_password']; $password = $db->string_escape($password); $query = 'SELECT * FROM users WHERE user_username="******" AND user_status=1 AND user_password!="" LIMIT 1'; $res = $db->rq($query); $row = $db->fetch($res); $base_password = $row['user_password']; $validatePassword = FALSE; if ($password == $base_password) { $validatePassword = TRUE; } if ($validatePassword == TRUE && strtolower($row['user_username']) == strtolower($username)) { // if everything goes ok page_header_simple(1); echo '<img src="images/lploader.gif" border="0"><br /><b>System is loading, please wait...</b>'; page_footer();
<?php require '../../vendor/autoload.php'; require_once('ulogin/config/all.inc.php'); require_once('ulogin/main.inc.php'); require_once('auth.php'); if($_SESSION['admin']['is_logged']!=1) { header('Location: index.php'); exit(); } usleep(150000); require_once('../../classes/db.class.php'); $db=new DBConnection(); $validateSymbol=$db->string_escape($_GET['commodities_symbol']); $query='SELECT commodities_id FROM commodities WHERE commodities_symbol="'.$validateSymbol.'" LIMIT 1'; $res=$db->rq($query); $num_rows=$db->num_rows($res); if ($num_rows==0){ $valid = 'true'; }else{ $row=$db->fetch($res); if($row['commodities_id']>0&&$row['commodities_id']==$_SESSION['admin']['uedit']) { $valid = 'true'; }else{ $valid = 'false'; } } $db->close(); echo $valid; ?>
$_SESSION['UserSessionTime'] = time() + MAX_SESSION_TIME; } else { if ($_SESSION['UserSessionTime'] < time()) { unset($_SESSION['user']); unset($_SESSION['UserSessionTime']); session_regenerate_id(); session_destroy(); exit; } else { $_SESSION['UserSessionTime'] = time() + MAX_SESSION_TIME; } } if ($_SESSION['user']['is_logged'] != 1) { header('Location: index.php'); exit; } usleep(150000); require_once '../classes/db.class.php'; $db = new DBConnection(); $validateBalance = $db->string_escape($_GET['tr_value']); $validateBalance = str_replace(',', '', $validateBalance); $query = 'SELECT user_balance FROM users WHERE user_account_num="' . $_SESSION['user']['user_account_num'] . '" LIMIT 1'; $res = $db->rq($query); $row = $db->fetch($res); if ($row['user_balance'] >= $validateBalance) { $valid = 'true'; } else { $valid = 'false'; } $db->close(); echo $valid;
if (isset($_GET['action'])){ $cmd=($_GET['action']); }else{ $cmd=''; } if (isset($_POST['_back'])) $cmd=''; $page_content=''; switch ($cmd) { case 'new' : $page_content=addNewAdvisor(); break; case 'edit' : if ($_GET['ref']!=''&&($_GET['advid']+0)==0){ $db=new DBConnection(); $query='SELECT users_advisors_id FROM users_advisors WHERE advisor_ref="'.$db->string_escape($_GET['ref']).'" LIMIT 1'; $res=$db->rq($query); $row=$db->fetch($res); $_GET['advid']=($row['users_advisors_id']+0); } $page_content=addNewAdvisor($_GET['advid']+0); break; case 'delete' : if ($_SESSION['admin']['is_logged']==1){ $db=new DBConnection(); $getCurrentData=$db->getRow('users_advisors', 'users_advisors_id="'.$_GET['advid'].'"'); $query='DELETE FROM users_advisors WHERE users_advisors_id='.($_GET['advid']+0); $db->rq($query); addLog('Back-end','Advisors',''.$getCurrentData['advisor_names'].' ('.$getCurrentData['advisor_ref'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Advisor deleted');
$referenceNumber = $_GET['buyref']; }elseif ($_GET['sellref']!=''){ $whatmail='Trade sell details'; $referenceNumber = $_GET['sellref']; }elseif ($_GET['tdref']!=''){ $whatmail='Transfer deposit details'; $referenceNumber = $_GET['tdref']; }elseif ($_GET['twref']!=''){ $whatmail='Transfer withdraw details'; $referenceNumber = $_GET['twref']; }else{ $whatmail='Other'; } foreach ($_POST as $k => $x){ $_POST[$k] = $db->string_escape($x); } $mysql_fields=''; $comma=''; $count=0; foreach ($_POST as $k => $x) { if($k != '_submit' && $k != '_preview' && $k != '_form_submit' && $k != 'mail_templates_id' && $k != 'user_account_num' && $k != 'mail_html' && $k != 'mail_plain') { if($count != 0){ $comma=', '; } $mysql_fields.=''.$comma.''.$k.'="'.($x).'"'; $count++; } }
<?php require_once('template.php'); if(!$_SESSION['admin']['is_logged']) { header('Location: index.php'); exit(); } $_SESSION['admin']['selected_tab']=5; unset($_SESSION['admin']['uedit']); if(isset($_POST['_form_submit'])) { $db=new DBConnection(); foreach ($_POST AS $k=>$x) $_POST[$k]=$db->string_escape($x); if(($_POST['edid']+0)>0) { $expiry_short=convertTradeDates(strtotime($_POST['expiry_date'])); $query='UPDATE expiry_dates SET expiry_date="'.$_POST['expiry_date'].'", expiry_short="'.$expiry_short.'" WHERE expiry_dates_id='.($_POST['edid']+0).''; $db->rq($query); addLog('Back-end','Back-end Settings, Commodities - exp. dates',0,''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Commodity expiry date edited ('.$_POST['expiry_date'].')'); }else{ $expiry_short=convertTradeDates(strtotime($_POST['expiry_date'])); $query='INSERT INTO expiry_dates SET expiry_date="'.$_POST['expiry_date'].'", expiry_short="'.$expiry_short.'"'; $db->rq($query); addLog('Back-end','Back-end Settings, Commodities - exp. dates',0,''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Commodity expiry date added ('.$_POST['expiry_date'].')'); } $db->close(); header('Location: expiry_dates.php'); exit(); }
$count=0; foreach ($_POST as $k=>$x){ if ($k!='depid'&&$k!='_submit'&&$k!='_add_withdraw'&&$k!='k'){ if ($count!=0) $comma=', '; if ($k=='tr_value'||$k=='tr_fees'||$k=='tr_total') $x=str_replace(',', '', $x); $mysql_fields.=''.$comma.''.$k.'="'.$db->string_escape($x).'"'; $count++ ; } } $query='SELECT user_balance FROM users WHERE user_account_num='.($_SESSION['user']['user_account_num']+0).''; $res=$db->rq($query); $row=$db->fetch($res);
$cmd = ''; } if (isset($_POST['_back'])){ $cmd = ''; } $page_content=''; switch ($cmd) { case 'new' : $page_content=addNewAdmin(); break; case 'edit' : if (isset($_GET['username']) && array_get($_GET, 'aid', 0) == 0){ $db = new DBConnection(); $query = 'SELECT id FROM ul_logins WHERE username="******" LIMIT 1'; $res = $db->rq($query); $row = $db->fetch($res); $_GET['aid'] = $row['id']; } $page_content = addNewAdmin($_GET['aid']+0); break; case 'delete' : if (isAppLoggedIn()){ $db = new DBConnection(); $currentData = $db->getRow('ul_logins', 'id='.($_GET['aid']+0).''); $ulogin->DeleteUser($_GET['aid']); addLog('Back-end','Back-end users',''.$currentData['name'].' ('.$currentData['ref'].')',''.$_SESSION['admin']['name'].' ('.$_SESSION['admin']['refnum'].')','Admin deleted');