private function onAdvSearch(GWF_Form $form) { $table = GDO::table('GWF_Links'); if (false === ($matches = $table->searchAdv(GWF_Session::getUser(), $form->getVars()))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templateSearch(array(), ''); } return $this->templateSearch($matches, ''); }
private function onPurchase() { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('Purchase GWF Modules', $error) . $this->templatePurchase(); } if (!isset($_POST['mod']) || !is_array($_POST['mod'])) { return $this->module->error('err_select_modules') . $this->templatePurchase(); // return GWF_HTML::err('ERR_GENERAL', array( __FILE__, __LINE__)).$this->templatePurchase(); } $purchased_modules = array(); foreach ($_POST['mod'] as $mname => $yes) { if (isset($this->modules[$mname])) { $purchased_modules[] = $mname; } } if (count($purchased_modules) === 0) { return $this->module->error('err_select_modules') . $this->templatePurchase(); } $designs = GWF_Design::getDesigns(); $purchased_designs = array(); foreach ($_POST['design'] as $dname => $yes) { if (array_key_exists($dname, $designs)) { $purchased_designs[] = $dname; } } $user = GWF_User::getStaticOrGuest(); $userid = GWF_Session::getUserID(); if (false === ($client = GWF_Client::getClient($userid))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templatePurchase(); } $order = new GWF_ClientOrder(array('vsco_uid' => $userid, 'vsco_modules' => implode(',', $purchased_modules), 'vsco_designs' => implode(',', $purchased_designs))); Module_Payment::saveTempOrder($order); $tVars = array('order' => Module_Payment::displayOrderS($this->module, $order, $user)); return $this->module->template('order.tpl', $tVars); }
public function displayPaysiteButton(GWF_Module $module, GWF_Order $order, GWF_Orderable $gdo, GWF_User $user) { $lang_iso = GWF_Language::getCurrentISO(); $action = self::RECEIVE_MONEY_URL; $hidden = GWF_Form::hidden('ap_purchasetype', 'item') . GWF_Form::hidden('ap_merchant', $this->cfgSeller()) . GWF_Form::hidden('ap_itemname', $gdo->getOrderItemName($module, $lang_iso)) . GWF_Form::hidden('ap_currency', $order->getOrderCurrency()) . GWF_Form::hidden('ap_returnurl', Common::getAbsoluteURL($gdo->getOrderSuccessURL($user), false)) . GWF_Form::hidden('ap_itemcode', $order->getOrderToken()) . GWF_Form::hidden('ap_quantity', $order->getOrderAmount()) . GWF_Form::hidden('ap_description', $gdo->getOrderDescr($module, $lang_iso)) . GWF_Form::hidden('ap_amount', $order->getOrderPriceTotal()) . GWF_Form::hidden('ap_cancelurl', Common::getAbsoluteURL($gdo->getOrderCancelURL($user), false)); // echo GWF_HTML::display($hidden); return Module_Payment::tinyform('pay_ap', 'img/' . GWF_ICON_SET . 'buy_ap.png', $action, $hidden); }
function ttr2_request(WC_Challenge $chall, GWF_Form $form) { if (false !== ($errors = $form->validate($chall))) { return $errors; } # Generate reset token $sid = GWF_Session::getSessSID(); $email = $form->getVar('email'); $token = ttr2_random(16); if (!TTR2_Tokens::insertToken($sid, $email, $token)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } # If it's your own real mail, even send it for the lulz :) if ($email === GWF_User::getStaticOrGuest()->getValidMail()) { ttr2_mail_me($chall, $email, $token); } return GWF_HTML::message($chall->lang('title'), $chall->lang('msg_mail_sent')); }
private function onJoin($array) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('Join Group', $error); } if (false === ($group = GWF_Group::getByID(key($array)))) { return $this->module->error('err_unk_group'); } return $this->module->getMethod('Join')->onQuickJoin($group, GWF_User::getStaticOrGuest()); }
private function onDeleteFolders() { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('PM', $error, false); } $back = ''; foreach (Common::getPostArray('folder', array()) as $folderid => $stub) { $back .= $this->onDeleteFolder($folderid); } return $back; }
private function templatePay(Module_PaymentBank $module, GWF_Order $order) { $module2 = $order->getOrderModule(); $module2->onLoadLanguage(); $gdo = $order->getOrderData(); $user = $order->getUser(); $sitename = $module->getSiteName(); $action = GWF_WEB_ROOT . 'index.php?mo=PaymentBank&me=Pay2'; $hidden = GWF_Form::hidden('gwf_token', $order->getOrderToken()); $buttons = Module_Payment::tinyform('Bank Transfer', 'img/' . GWF_ICON_SET . 'buy_bank.png', $action, $hidden); $lang = $module->loadLangGWF(); $tVars = array('lang' => $lang, 'user' => $user, 'order_c' => $order, 'order' => Module_Payment::displayOrder3S($module2, $order, $gdo, $user, $sitename, $buttons)); return $module->templatePHP('pay.php', $tVars); }
public static function onUpload(Module_PageBuilder $module) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return $error; } if (false === ($file = GWF_Upload::getFile('file'))) { return GWF_HTML::err('ERR_MISSING_UPLOAD'); } $back = ''; # TODO: There are more unsafe languages! # But we want to keep the file extension. # Not really a big deal, unless you have malicious admin users. $name = $file['name']; // $name = str_replace(array('/', '\\'), '', $name); // $forbidden = array('.php',/* '.pl', '.py', '.asp'*/); // foreach ($forbidden as $ext) // { // if (Common::endsWith($name, $ext)) // if (Common::endsWith($name, '.php')) // { // $name .= '.html'; // $back .= $module->error('err_file_ext'); // return $back; // } // } # This is evil, sometimes even with foo.php.html if (stripos($name, '.php') !== false) { return $module->error('err_file_ext'); } # We do a sanity check here if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) { $back .= $module->error('err_file_name'); return $back; } # Copy the file $path = 'dbimg/content/' . $name; $epath = htmlspecialchars($path); if (Common::isFile($path)) { return $back . $module->error('err_upload_exists'); } if (false === GWF_Upload::moveTo($file, $path)) { return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath)); } # Is bbcode mode? $bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0; # Append to page content as image or anchor. $_POST['content'] .= self::fileToContent($name, $path, $bbcode); return $module->message('msg_file_upped', array($epath)); }
function solving_form($tVars, WC_Warflag $flag) { $form = ''; $form .= GWF_Form::start(true, GWF_Form::ENC_DEFAULT, 'post', false); $form .= sprintf('<input type="hidden" name="wfid" value="%s" />', $flag->getID()); $form .= sprintf('<input type="text" name="password_solution" value="" />'); $form .= sprintf('<input type="submit" name="igotitnow" value="!" />'); $form .= GWF_Form::end(); // $data = array( // 'flagid' => array(GWF_Form::HIDDEN, $flag->getID()), // 'solution' => array(GWF_Form::STRING, ''), // ); // $form = new GWF_Form($tVars['method'], $data); // return $form->templateX(); return $form; }
private function templatePay(Module_PaymentFree $module, GWF_Order $order) { $module2 = $order->getOrderModule(); $module2->onLoadLanguage(); $gdo = $order->getOrderData(); $user = $order->getUser(); $sitename = $module->getSiteName(); $action = GWF_WEB_ROOT . 'index.php?mo=PaymentFree&me=Pay'; $hidden = GWF_Form::hidden('gwf_token', $order->getOrderToken()); $form = $this->tinyCaptchaForm($module, $order); $buttons = $form->templateY('Free', $action); // $buttons = Module_Payment::tinyform('Free', 'img/'.GWF_ICON_SET.'buy_free.png', $action, $hidden); // $lang = $module->loadLangGWF(); // if (false !== ($error = $module->canAffordB($order, $user))) { // return $error; // } // $tVars = array('user' => $user, 'order' => Module_Payment::displayOrder3S($module2, $order, $gdo, $user, $sitename, $buttons)); return $module->templatePHP('pay.php', $tVars); }
private function onPay(Module_PaymentGWF $module, GWF_Order $order) { $module2 = $order->getOrderModule(); $module2->onLoadLanguage(); $gdo = $order->getOrderData(); $user = $order->getUser(); $sitename = $module->getSiteName(); $action = GWF_WEB_ROOT . 'index.php?mo=PaymentGWF&me=Pay2'; $hidden = GWF_Form::hidden('gwf_token', $order->getOrderToken()); $buttons = Module_Payment::tinyform('BUYGWF', 'img/' . GWF_ICON_SET . 'buy_gwf.png', $action, $hidden); $lang = $module->loadLangGWF(); if (false !== ($error = $module->canAffordB($order, $user))) { return $error; } if (!$user->isAdmin()) { if (false === $user->increase('user_credits', -$order->getOrderPriceTotal())) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } } return Module_Payment::onExecuteOrderS($module2, $order); }
private function onDelete($array) { if (!GWF_User::isInGroupS('moderator')) { return GWF_HTML::err('ERR_NO_PERMISSION'); } if (!is_array($array)) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('Shoutbox', $error); } foreach ($array as $id => $foo) { break; } if (false === ($row = GWF_Shoutbox::getByID($id))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } if (false === $row->delete()) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } return $this->module->message('msg_deleted'); }
<?php $headers = array(array('WCID'), array('TITLE'), array('CAT'), array('SOL'), array('BTN')); echo GWF_Form::start(); echo GWF_Table::start(); echo GWF_Table::displayHeaders1($headers); foreach ($tVars['flags'] as $flag) { $flag instanceof WC_Warflag; $solved = $flag->getVar('wf_solved_at') !== NULL; echo GWF_Table::rowStart(); echo GWF_Table::column($flag->getID()); $class = 'wc_chall_solved_' . ($solved ? '1' : '0'); echo GWF_Table::column(GWF_HTML::anchor($flag->getURL(), $flag->getTitle()), $class); echo GWF_Table::column($flag->displayCat()); if ($flag->isWarchall()) { echo GWF_Table::column(''); echo GWF_Table::column(''); } elseif ($solved) { echo GWF_Table::column('SOLVED!'); echo GWF_Table::column(''); } else { echo GWF_Table::column(sprintf('<input type="text" name="password[%s]" value="">', $flag->getID())); echo GWF_Table::column(sprintf('<input type="submit" name="button[%s]" value="CHECK">', $flag->getID())); } echo GWF_Table::rowEnd(); } echo GWF_Table::end(); echo GWF_Form::end();
public function getCaptcha() { if (!$this->cfgCaptcha()) { return false; } return GWF_Form::captcha(); }
private function onDelete() { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return $error; } if (isset($_POST['user']) && is_array($_POST['user'])) { $to_delete = implode(',', array_keys($_POST['user'])); if ($to_delete !== '') { $userid = GWF_Session::getUserID(); $table = GDO::table('GWF_ProfilePOIWhitelist'); if (!$table->deleteWhere("pw_uida={$userid} AND pw_uidb IN ({$to_delete})")) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $numDeleted = $table->affectedRows(); if ($numDeleted > 0) { return $this->module->message('msg_white_removed', array($numDeleted)); } } } return ''; }
private function getNewPMFormGuest() { $data = array('username_sel' => array(GWF_Form::SELECT, $this->getUsernameSelect($this->getUsernamesPPM(), 'username_sel')), 'create' => array(GWF_Form::SUBMIT, $this->module->lang('btn_create')), 'username' => array(GWF_Form::STRING, '')); $form = new GWF_Form($this, $data); return $form->templateX($this->module->lang('ft_new_pm'), GWF_PM::getNewPMHref()); }
public function getTranslateSelect() { $back = '<form method="post" action="' . GWF_WEB_ROOT . 'news/edit' . '">'; $back .= '<div>' . PHP_EOL; $back .= GWF_Form::hidden('newsid', $this->getID()); $back .= '<select name="translate">' . PHP_EOL; $langs = GWF_Language::getSupportedLanguages(); foreach ($langs as $lang) { $back .= sprintf('<option value="%s">%s</option>', $lang->getID(), $lang->display('lang_nativename')) . PHP_EOL; } $back .= '</select>' . PHP_EOL; $back .= '<input type="submit" name="quicktranslate" value="Translate" />' . PHP_EOL; $back .= '</div>' . PHP_EOL; $back .= '</form>'; return $back; }
private function onUnFreeze($data) { if (false !== ($err = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('WeChall', $err); } if (!is_array($data)) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } foreach ($data as $key => $value) { break; } $data = explode(',', $key); if (count($data) !== 2) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } $userid = intval($data[0]); $siteid = intval($data[1]); if (false === ($user = GWF_User::getByID($userid))) { return GWF_HTML::err('ERR_UNKNOWN_USER'); } if (false === ($site = WC_Site::getByID($siteid))) { return $this->module->error('err_site'); } if (WC_Freeze::isUserFrozenOnSite($userid, $siteid)) { # Unfreeze if (false === WC_Freeze::unfreezeUser($userid, $siteid)) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } # Insert event. $rank = WC_RegAt::calcExactRank($user); WC_HistoryUser2::insertEntry($user, $site, 'unban'); } # Done return $this->module->message('msg_unfrozen', array($user->displayUsername(), $site->displayName())); }
private function createNewPM(GWF_Form $form) { return GWF_PM::fakePM($this->user->getID(), $this->getReceiver()->getID(), $form->getVar('title'), $form->getVar('message')); }
/** * Display Form. * @param $action * @return string html */ public static function displayForm($action = 'wizard.php', GWF_LangTrans $lang) { self::init($lang); $back = sprintf('<form method="post" action="%s">', htmlspecialchars($action)); $back .= '<table>'; $color_toggle = -1; $current_section = ''; foreach (self::$vars as $var) { list($type, $section, $define, $value, $comment) = $var; if ($section !== $current_section) { $current_section = $section; $color_toggle++; # = 1 - $color_toggle; $back .= self::displayDivRow($color_toggle, $current_section); } $back .= self::displayRow($color_toggle, $var); } # Buttons $buttons = GWF_Form::submit('test_db', 'Test DB'); $buttons .= GWF_Form::submit('write_config', 'Write Config'); $back .= sprintf('<tr class="gwfinstall%d"><td colspan="3">%s</td></tr>', $color_toggle, $buttons) . PHP_EOL; $back .= '</table>' . PHP_EOL; $back .= '</form>' . PHP_EOL; return $back; }
private function templatePreview(GWF_Form $form) { $tVars = array('pm' => GWF_PM::fakePM($this->pm->getSender()->getID(), $this->pm->getReceiver()->getID(), $form->getVar('title'), $form->getVar('message')), 'actions' => false, 'title' => $this->module->lang('ft_preview'), 'unread' => array()); return $this->module->templatePHP('show.php', $tVars); }
function display_the_form(WC_Challenge $chall, GWF_Form $form) { echo $form->templateY($chall->lang('ft_the_form')); }
private function onUnLinkSite($array) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('WeChall', $error); } if (!is_array($array)) { return ''; } // TODO: Replace with appropiate PHP function foreach ($array as $siteid => $stub) { break; } if (false === ($site = WC_Site::getByID($siteid))) { return $this->module->error('err_site'); } $user = GWF_Session::getUser(); $userid = GWF_Session::getUserID(); $old_totalscore = $user->getVar('user_level'); if (WC_Freeze::isUserFrozen($userid)) { return $this->module->error('err_frozen'); } if (false === ($regat = WC_RegAt::getRegatRow($userid, $site->getID()))) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } if (false === WC_RegAt::unlink($userid, $site->getID())) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } $site->increase('site_linkcount', -1); WC_RegAt::calcTotalscores(); # (GWF_Session::getUser()); $user = GWF_User::getByID($userid); $new_totalscore = $user->getVar('user_level'); require_once GWF_CORE_PATH . 'module/WeChall/WC_HistoryUser2.php'; WC_HistoryUser2::insertEntry($user, $site, 'unlink', 0, $regat->getOnsiteScore(), $new_totalscore - $old_totalscore); return $this->module->message('msg_site_unlinked', array($site->displayName())); }
private function getHiddenData(GWF_Module $module, GWF_Order $order, GWF_Orderable $gdo, GWF_User $user) { return GWF_Form::hidden('gwf_token', $order->getOrderToken()); }
private static function validateVars($context, GWF_Form $form, $validator) { $errors = array(); $method = $form->getMethod(); foreach ($form->getFormData() as $key => $data) { # Skippers if (in_array($data[0], self::$SKIPPERS, true) || $data[0] === GWF_Form::SUBMITS || $data[0] === GWF_Form::SUBMIT_IMGS) { continue; } # Captcha if ($data[0] === GWF_Form::CAPTCHA) { if (false !== ($error = self::validateCaptcha($context, $form, $validator, $key))) { $errors[] = $error; } continue; } # Get forms do not validate mo/me if ($method === GWF_Form::METHOD_GET) { if ($key === 'mo' || $key === 'me') { continue; } } # Validators $func_name = 'validate_' . Common::substrUntil($key, '[', $key); $function = array($validator, $func_name); if (!method_exists($validator, $func_name)) { $errors[] = GWF_HTML::lang('ERR_METHOD_MISSING', array($func_name, get_class($validator))); } elseif (false !== ($error = call_user_func($function, $context, $form->getVar($key)))) { $errors[] = $error; } } return count($errors) === 0 ? false : $errors; }
private function getPageObject(GWF_Form $form) { $options = 0; $options |= GWF_Page::ENABLED; $options |= isset($_POST['noguests']) ? GWF_Page::LOGIN_REQUIRED : 0; $options |= isset($_POST['show_author']) ? GWF_Page::SHOW_AUTHOR : 0; $options |= isset($_POST['show_similar']) ? GWF_Page::SHOW_SIMILAR : 0; $options |= isset($_POST['show_modified']) ? GWF_Page::SHOW_MODIFIED : 0; $options |= isset($_POST['show_trans']) ? GWF_Page::SHOW_TRANS : 0; $options |= isset($_POST['show_comments']) ? GWF_Page::COMMENTS : 0; if ($this->is_author) { $options |= isset($_POST['index']) ? GWF_Page::INDEXED : 0; $options |= isset($_POST['follow']) ? GWF_Page::FOLLOW : 0; $options |= isset($_POST['sitemap']) ? GWF_Page::IN_SITEMAP : 0; } $options |= $this->locked_mode ? GWF_Page::LOCKED : 0; $options |= $form->getVar('type'); $gstring = $this->buildGroupString(); $tags = ',' . trim($form->getVar('tags'), ' ,') . ','; $page = new GWF_Page(array('page_id' => '0', 'page_otherid' => '0', 'page_lang' => $form->getVar('lang'), 'page_author' => GWF_Session::getUserID(), 'page_author_name' => GWF_User::getStaticOrGuest()->getVar('user_name'), 'page_groups' => $gstring, 'page_create_date' => GWF_Time::getDate(GWF_Time::LEN_SECOND), 'page_date' => GWF_Time::getDate(GWF_Time::LEN_SECOND), 'page_time' => time(), 'page_url' => $form->getVar('url'), 'page_title' => $form->getVar('title'), 'page_cat' => '0', 'page_meta_tags' => $tags, 'page_meta_desc' => $form->getVar('descr'), 'page_content' => $form->getVar('content'), 'page_views' => '0', 'page_options' => $options, 'page_inline_css' => $form->getVar('inline_css', NULL))); return $page; }
private function uploadedFile(GWF_Form $form) { if (false === ($file = $form->getVar('file'))) { // echo $this->module->error('err_file'); return; } $tempname = 'dbimg/dl/' . basename($file['tmp_name']); if (false === ($file = GWF_Upload::moveTo($file, $tempname))) { echo GWF_HTML::err('ERR_WRITE_FILE', array($tempname)); } GWF_Session::set(self::SESS_FILE, $file); }
private function onEnable($enum) { if (false !== ($error = GWF_Form::validateCSRF_WeakS())) { return GWF_HTML::error('', $error); } if ($this->mod->isCoreModule()) { return $this->module->error('err_disable_core_module'); } if (false === $this->mod->saveOption(GWF_Module::ENABLED, $enum === 'enabled')) { return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)); } if (false === GWF_ModuleLoader::reinstallHTAccess()) { return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__)); } return $this->module->message('msg_module_' . $enum, array($this->mod->display('module_name'))); }
public function displayPaysiteButton(GWF_Module $module, GWF_Order $order, GWF_Orderable $gdo, GWF_User $user) { $action = GWF_WEB_ROOT . 'index.php?mo=PaymentFree&me=Pay'; $hidden = GWF_Form::hidden('gwf_token', $order->getOrderToken()); return Module_Payment::tinyform('Free', 'img/' . GWF_ICON_SET . 'buy_free.png', $action, $hidden); }
public static function displayPaymentButton(GWF_PaymentModule $module, $mode = '2', $order_token = false) { $i = ' style="display:inline;" '; $token = $module->getSiteNameToken(); $action = GWF_HTML::display($_SERVER['REQUEST_URI']); $hidden = GWF_Form::hidden('paysite', $token); $hidden .= $order_token === false ? '' : GWF_Form::hidden('gwf_order', $order_token); $button = GWF_Form::buttonImage('on_order_' . $mode, sprintf('img/' . GWF_ICON_SET . '/buy_%s.png', $token)); return sprintf('<div%s><form%saction="%s" method="post"><div%s>%s%s</div></form></div>', $i, $i, $action, $i, $hidden, $button); }