function contact_form($loc = '') { global $LANG; $form = '<div class="contact_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) { $pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]); try { $id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0; \user\main::send_contact($pd); $form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>'; unset($pd); } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#widget_contact"> <div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div> <div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div> <input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" /> <button>' . $LANG['send'] . '</button> </form> </div>'; return $form; }
function edit_store_form($id) { global $LANG; if ($GLOBALS['me']) { if ($GLOBALS['me']->Stores > 0) { $store = \query\main::store_infos($id); if ($store->userID !== $GLOBALS['me']->ID) { return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>'; } /* */ $store_image = $store->image; $form = '<div class="edit_store_form other_form">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) { $pd = \site\utils::validate_user_data($_POST['edit_store_form']); try { $post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd); $store_image = $post_info->image; $form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>'; } catch (Exception $e) { $form .= '<div class="error">' . $e->getMessage() . '</div>'; } } $csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12); $form .= '<form method="POST" action="#" enctype="multipart/form-data"> <div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label> <div><select name="edit_store_form[category]" id="edit_store_form[category]">'; foreach (\query\main::group_categories(array('max' => 0)) as $cat) { $wcat = '<optgroup label="' . $cat['infos']->name . '">'; $wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>'; if (isset($cat['subcats'])) { foreach ($cat['subcats'] as $subcat) { $wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>'; } } $wcat .= '</optgroup>'; $form .= $wcat; } $form .= '</select></div> </div> <div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div> <div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div> <div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div> <div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div> <div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" /> <span>Note:* max width: 600px, max height: 400px.</span></div></div> <input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" /> <button>' . $LANG['edit_store_button'] . '</button> </form> </div>'; return $form; } else { return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>'; } } else { return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>'; } }
function check_csrf($post, $session) { return \site\utils::check_csrf($post, $session); }
<head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="robots" content="noindex, nofollow"> <title>' . $LANG['uunsubscr_metatitle'] . '</title> <link href="//fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900" rel="stylesheet" /> <link href="' . MISCDIR . '/verify.css" media="all" rel="stylesheet" /> </head> <body> <section class="msg">'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['token']) && isset($_POST['email']) && \site\utils::check_csrf($_POST['token'], 'sendunsubscr_csrf')) { try { $type = \user\main::unsubscribe(array('email' => $_POST['email'])); if ($type == 1) { echo '<div class="success">' . sprintf($LANG['uunsubscr_reqsent'], $_POST['email']) . '</div>'; } else { echo '<div class="success">' . $LANG['uunsubscr_ok'] . '</div>'; } } catch (Exception $e) { echo '<div class="error">' . $e->getMessage() . '</div>'; } } } $csrf = $_SESSION['sendunsubscr_csrf'] = \site\utils::str_random(10); echo '<h2 style="color: #000;">' . $LANG['uunsubscr_title'] . '</h2> ' . sprintf($LANG['uunsubscr_body'], '<span id="seconds">5</span>') . ' <br /><br />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <meta name="robots" content="noindex, nofollow"> <title>' . $LANG['payments_metatitle'] . '</title> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> <script src="' . MISCDIR . '/pay.js"></script> <link href="//fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900" rel="stylesheet" /> <link href="' . MISCDIR . '/pay.css" media="all" rel="stylesheet" /> </head> <body> <div class="msg">'; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['token']) && \site\utils::check_csrf($_POST['token'], 'payment_csrf')) { if (isset($_POST['pay_direct'])) { try { // redirect URLs, used for PayPal, but can be used for other other gateways also $payment->success_url = $GLOBALS['siteURL'] . "payment.php?gateway={$payment->gateway_name}&plan={$_GET['plan']}"; $payment->cancel_url = $GLOBALS['siteURL'] . "payment.php?gateway={$payment->gateway_name}&plan={$_GET['plan']}"; $answer = $payment->direct(); // save transaction \query\payments::inset_payment(array($GLOBALS['me']->ID, $payment->gateway_name, $answer['total'], $answer['id'], $answer['state'], @serialize($answer['items']), $answer['details'], 0, 0)); // save token $_SESSION['payment_direct_token'] = $answer['id']; if (isset($answer['href'])) { header('Location: ' . $answer['href']); die; } } catch (Exception $e) {
?> <div class="gtitle">Rewards</div> <div style="text-align: right; margin-bottom: 10px;"> <a href="<?php echo tlink('user/claim-history'); ?> " class="btn">Claims History</a> </div> <?php if (($pagination = have_rewards(array('show' => 'active'))) && $pagination['results'] > 0) { if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['csrf']) && \site\utils::check_csrf($_POST['csrf'], 'claim_reward')) { echo create_reward_request(); // without this function rewards can't be claimed } $csrf = $_SESSION['claim_reward'] = \site\utils::str_random(12); echo '<div>'; foreach (rewards(array('show' => 'active', 'orderby' => 'points')) as $item) { echo '<section class="array_item twopl"> <div class="table"> <div class="left"> <img src="' . reward_avatar($item->image) . '" alt="" style="height: 60px; width: 60px;"> </div> <div class="right">