function contact_form($loc = '')
{
global $LANG;
$form = '<div class="contact_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['contact_form' . $loc]) && \site\utils::check_csrf($_POST['contact_form' . $loc]['csrf'], 'contact_form' . $loc . '_csrf')) {
$pd = \site\utils::validate_user_data($_POST['contact_form' . $loc]);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
\user\main::send_contact($pd);
$form .= '<div class="success">' . $LANG['sendcontact_success'] . '</div>';
unset($pd);
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['contact_form' . $loc . '_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#widget_contact">
<div class="form_field"><label for="contact_form' . $loc . '[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="contact_form' . $loc . '[name]" id="contact_form' . $loc . '[name]" value="' . (isset($pd['name']) ? $pd['name'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[email]">' . $LANG['form_email'] . ':</label> <div><input type="email" name="contact_form' . $loc . '[email]" id="contact_form' . $loc . '[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" required /></div></div>
<div class="form_field"><label for="contact_form' . $loc . '[message]">' . $LANG['form_message'] . ':</label> <div><textarea name="contact_form' . $loc . '[message]" id="contact_form' . $loc . '[message]">' . (isset($pd['message']) ? $pd['message'] : '') . '</textarea></div></div>
<input type="hidden" name="contact_form' . $loc . '[csrf]" value="' . $csrf . '" />
<button>' . $LANG['send'] . '</button>
</form>
</div>';
return $form;
}
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_register']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['register']);
try {
$session = \user\main::register($pd);
$response['state'] = 'success';
$response['message'] = $LANG['register_success'];
$response['session'] = $GLOBALS['siteURL'] . '/setSession.php?session=' . $session;
unset($_SESSION['csrf']['ajax_register']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
function edit_store_form($id)
{
global $LANG;
if ($GLOBALS['me']) {
if ($GLOBALS['me']->Stores > 0) {
$store = \query\main::store_infos($id);
if ($store->userID !== $GLOBALS['me']->ID) {
return '<div class="info_form">' . $LANG['edit_store_cant'] . '</div>';
}
/* */
$store_image = $store->image;
$form = '<div class="edit_store_form other_form">';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['edit_store_form']) && \site\utils::check_csrf($_POST['edit_store_form']['csrf'], 'edit_store_csrf')) {
$pd = \site\utils::validate_user_data($_POST['edit_store_form']);
try {
$post_info = \user\main::edit_store($id, $GLOBALS['me']->ID, $pd);
$store_image = $post_info->image;
$form .= '<div class="success">' . $LANG['edit_store_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['edit_store_csrf'] = \site\utils::str_random(12);
$form .= '<form method="POST" action="#" enctype="multipart/form-data">
<div class="form_field"><label for="edit_store_form[category]">' . $LANG['form_category'] . '</label>
<div><select name="edit_store_form[category]" id="edit_store_form[category]">';
foreach (\query\main::group_categories(array('max' => 0)) as $cat) {
$wcat = '<optgroup label="' . $cat['infos']->name . '">';
$wcat .= '<option value="' . $cat['infos']->ID . '"' . (isset($store->catID) && $store->catID == $cat['infos']->ID ? ' selected' : '') . '>' . $cat['infos']->name . '</option>';
if (isset($cat['subcats'])) {
foreach ($cat['subcats'] as $subcat) {
$wcat .= '<option value="' . $subcat->ID . '"' . (isset($store->catID) && $store->catID == $subcat->ID ? ' selected' : '') . '>' . $subcat->name . '</option>';
}
}
$wcat .= '</optgroup>';
$form .= $wcat;
}
$form .= '</select></div>
</div>
<div class="form_field"><label for="edit_store_form[name]">' . $LANG['form_name'] . ':</label> <div><input type="text" name="edit_store_form[name]" id="edit_store_form[name]" value="' . (isset($pd['name']) ? $pd['name'] : $store->name) . '" placeholder="' . $LANG['edit_store_name_ph'] . '" required /></div></div>
<div class="form_field"><label for="edit_store_form[url]">' . $LANG['form_store_url'] . ':</label> <div><input type="text" name="edit_store_form[url]" id="edit_store_form[url]" value="' . (isset($pd['url']) ? $pd['url'] : $store->url) . '" placeholder="http://" required /></div></div>
<div class="form_field"><label for="edit_store_form[description]">' . $LANG['form_description'] . ':</label> <div><textarea name="edit_store_form[description]" id="edit_store_form[description]" style="height:100px;">' . (isset($pd['description']) ? $pd['description'] : $store->description) . '</textarea></div></div>
<div class="form_field"><label for="edit_store_form[tags]">' . $LANG['form_tags'] . ':</label> <div><input type="text" name="edit_store_form[tags]" id="edit_store_form[tags]" value="' . (isset($pd['tags']) ? $pd['tags'] : $store->tags) . '" /></div></div>
<div class="form_field"><label for="edit_store_form_logo">' . $LANG['form_logo'] . ':</label> <div><img src="' . store_avatar($store_image) . '" alt="" style="width:100px; height:50px;" /> <input type="file" name="edit_store_form_logo" id="edit_store_form_logo" />
<span>Note:* max width: 600px, max height: 400px.</span></div></div>
<input type="hidden" name="edit_store_form[csrf]" value="' . $csrf . '" />
<button>' . $LANG['edit_store_button'] . '</button>
</form>
</div>';
return $form;
} else {
return '<div class="info_form">' . $LANG['unavailable_form2'] . '</div>';
}
} else {
return '<div class="info_form">' . $LANG['unavailable_form'] . '</div>';
}
}
use Facebook\FacebookRequest;
use Facebook\FacebookResponse;
use Facebook\FacebookSDKException;
use Facebook\FacebookRequestException;
use Facebook\FacebookAuthorizationException;
use Facebook\GraphObject;
use Facebook\GraphUser;
use Facebook\Entities\AccessToken;
use Facebook\HttpClients\FacebookCurlHttpClient;
use Facebook\HttpClients\FacebookHttpable;
FacebookSession::setDefaultApplication(\query\main::get_option('facebook_appID'), \query\main::get_option('facebook_secret'));
$helper = new FacebookRedirectLoginHelper($GLOBALS['siteURL'] . '?plugin=' . $_GET['plugin']);
try {
$session = $helper->getSessionFromRedirect();
} catch (FacebookRequestException $ex) {
echo $ex->getMessage();
} catch (Exception $ex) {
echo $ex->getMessage();
}
if (isset($session)) {
$me = (new FacebookRequest($session, 'GET', '/me'))->execute()->getGraphObject(GraphUser::className())->asArray();
if (!isset($me['email']) || !filter_var($me['email'], FILTER_VALIDATE_EMAIL)) {
echo 'Your facebook account it\'s not associated with a valid email address.';
die;
}
header('Location: ' . $GLOBALS['siteURL'] . 'setSession.php?session=' . \user\main::insert_user(array('username' => $me['name'], 'email' => $me['email']), true, true));
} else {
if (empty($_GET['code'])) {
header('Location:' . $helper->getLoginUrl(array('scope' => 'email')));
}
}
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="robots" content="noindex, nofollow">
<title>' . $LANG['uunsubscr_metatitle'] . '</title>
<link href="//fonts.googleapis.com/css?family=Raleway:100,200,300,400,500,600,700,800,900" rel="stylesheet" />
<link href="' . MISCDIR . '/verify.css" media="all" rel="stylesheet" />
</head>
<body>
<section class="msg">';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['token']) && isset($_POST['email']) && \site\utils::check_csrf($_POST['token'], 'sendunsubscr_csrf')) {
try {
$type = \user\main::unsubscribe(array('email' => $_POST['email']));
if ($type == 1) {
echo '<div class="success">' . sprintf($LANG['uunsubscr_reqsent'], $_POST['email']) . '</div>';
} else {
echo '<div class="success">' . $LANG['uunsubscr_ok'] . '</div>';
}
} catch (Exception $e) {
echo '<div class="error">' . $e->getMessage() . '</div>';
}
}
}
$csrf = $_SESSION['sendunsubscr_csrf'] = \site\utils::str_random(10);
echo '<h2 style="color: #000;">' . $LANG['uunsubscr_title'] . '</h2>
' . sprintf($LANG['uunsubscr_body'], '<span id="seconds">5</span>') . ' <br /><br />
<form method="POST" action="#" autocomplete="off">
<input type="email" name="email" value="' . (isset($_GET['email']) ? htmlspecialchars($_GET['email']) : '') . '" required />
<div class="sign_in">
<div class="wrapper">
<?php
$form = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login_form']) && isset($_POST['login_form']['csrf']) && isset($_SESSION['csrf']['login']) && $_POST['login_form']['csrf'] == $_SESSION['csrf']['login']) {
$pd = \site\utils::validate_user_data($_POST['login_form']);
try {
$session = \user\main::login($pd, 1);
$form .= '<div class="success">' . $LANG['login_success'] . '</div>';
$form .= '<meta http-equiv="refresh" content="1; url=' . $GLOBALS['siteURL'] . '/setSession.php?session=' . $session . '&back=' . rtrim($GLOBALS['siteURL'], '/') . '/' . ADMINDIR . '">';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['login'] = \site\utils::str_random(12);
echo $form;
?>
<form action="#" method="POST">
<input type="text" name="login_form[username]" value="<?php
echo isset($pd['username']) ? htmlspecialchars($pd['username']) : '';
?>
" placeholder="<?php
echo $LANG['form_email'];
?>
" required />
<input type="password" name="login_form[password]" placeholder="<?php
echo $LANG['form_password'];
?>
<?php
if ($_SERVER['REQUEST_METHOD'] && isset($_POST['csrf']) == $_SESSION['csrf']['ajax_subscribe']) {
$response = array();
$pd = \site\utils::validate_user_data($_POST['subscribe']);
try {
$id = $GLOBALS['me'] ? $GLOBALS['me']->ID : 0;
$type = \user\main::subscribe($id, $pd);
$response['state'] = 'success';
$response['message'] = $type == 1 ? sprintf($LANG['newsletter_reqconfirm'], $pd['email']) : $LANG['newsletter_success'];
unset($_SESSION['csrf']['ajax_subscribe']);
} catch (Exception $e) {
$response['state'] = 'error';
$response['message'] = $e->getMessage();
}
echo json_encode($response);
}
<?php
if (isset($_GET['action']) && $GLOBALS['me']) {
switch ($_GET['action']) {
case 'addFavorite':
$answer = \user\main::favorite($GLOBALS['me']->ID, $_GET['id'], 'add');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo json_encode(array('answer' => $answer ? true : false));
die;
} else {
header('Location: ' . (isset($_GET['backto']) ? htmlspecialchars($_GET['backto']) : $GLOBALS['siteURL']));
die;
}
break;
case 'remFavorite':
$answer = \user\main::favorite($GLOBALS['me']->ID, $_GET['id'], 'remove');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo json_encode(array('answer' => $answer ? true : false));
die;
} else {
header('Location: ' . (isset($_GET['backto']) ? htmlspecialchars($_GET['backto']) : $GLOBALS['siteURL']));
die;
}
break;
}
}
<?php
if (\user\main::logout()) {
echo '<div style="text-align: center; margin-top: 20px;">
<h2>' . $LANG['msg_loggiout'] . '</h2>';
}
echo '<meta http-equiv="refresh" content="1; url=index.php">
</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
$form .= '<form action="#" method="POST">
<input type="password" name="forgot_password_form[password1]" value="' . (isset($pd['password1']) ? $pd['password1'] : '') . '" placeholder="' . $LANG['change_pwd_form_new'] . '" required />
<input type="password" name="forgot_password_form[password2]" value="' . (isset($pd['password2']) ? $pd['password2'] : '') . '" placeholder="' . $LANG['change_pwd_form_new2'] . '" required />
<button>' . $LANG['reset_pwd_button'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['forgot_password_form']) && isset($_POST['forgot_password_form']['csrf']) && isset($_SESSION['csrf']['forgot_password']) && $_POST['forgot_password_form']['csrf'] == $_SESSION['csrf']['forgot_password']) {
$pd = \site\utils::validate_user_data($_POST['forgot_password_form']);
try {
\user\main::recovery_password($_POST['forgot_password_form'], '../', 1);
$form .= '<div class="success">' . $LANG['fp_success'] . '</div>';
} catch (Exception $e) {
$form .= '<div class="error">' . $e->getMessage() . '</div>';
}
}
$csrf = $_SESSION['csrf']['forgot_password'] = \site\utils::str_random(12);
$form .= '<form action="#" method="POST">
<input type="text" name="forgot_password_form[email]" value="' . (isset($pd['email']) ? $pd['email'] : '') . '" placeholder="' . $LANG['form_email'] . '" required />
<button>' . $LANG['recovery'] . '</button>
<input type="hidden" name="forgot_password_form[csrf]" value="' . $csrf . '" />
</form>';
}
echo $form;
?>
public static function favorite($id, $store, $type = 'add')
{
global $db;
if ($type == 'add') {
if (!\user\main::check_favorite($id, $store)) {
$stmt = $db->stmt_init();
$stmt->prepare("INSERT INTO " . DB_TABLE_PREFIX . "favorite (user, store, date) VALUES (?, ?, NOW())");
$stmt->bind_param("ii", $id, $store);
$execute = $stmt->execute();
$stmt->close();
if ($execute) {
return true;
} else {
return false;
}
}
} else {
if ($type == 'remove') {
$stmt = $db->stmt_init();
$stmt->prepare("DELETE FROM " . DB_TABLE_PREFIX . "favorite WHERE user = ? AND store = ?");
$stmt->bind_param("ii", $id, $store);
$execute = $stmt->execute();
$stmt->close();
if ($execute) {
return true;
} else {
return false;
}
}
}
return false;
}
public function execute()
{
if (file_exists(THEMES_LOC . '/' . $this->template . '/functions.php')) {
include THEMES_LOC . '/' . $this->template . '/functions.php';
}
if ($redirect_to = \user\main::banned()) {
if (!filter_var($redirect_to, FILTER_VALIDATE_URL)) {
header('HTTP/1.0 403 Forbidden');
} else {
header('Location: ' . $redirect_to);
}
die;
}
if (isset($_GET['ref'])) {
setcookie('referrer', (int) $_GET['ref'], strtotime('+30 days'));
}
switch ($this->page_type) {
case 'page':
$this->page_page();
break;
case 'single':
$this->page_single();
break;
case 'product':
$this->page_product();
break;
case 'category':
$this->page_category();
break;
case 'search':
$this->page_search();
break;
case 'store':
$this->page_store();
break;
case 'stores':
$this->page_stores();
break;
case 'reviews':
$this->page_reviews();
break;
case 'user':
$this->page_user($this->id);
break;
case 'tpage':
$this->page_tpage($this->id);
break;
case 'ajax':
$this->ajax($this->id);
break;
case 'cron':
$this->cron($this->id);
break;
case 'plugin':
$this->plugin($this->id);
break;
default:
$this->page_index();
break;
}
}
