fixed a bug in edit account template

moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up

public/include/classes/user.class.php

@@ -145,7 +145,7 @@ class User extends Base {
         $notifs->setSetting($this->setting);
         $notifs->setErrorCodes($this->aErrorCodes);
         $ndata = $notifs->getNotificationSettings($uid);
-        if ($ndata['success_login'] == 1) {
+        if (@$ndata['success_login'] == 1) {
           // seems to be active, let's send it
           $aDataN['username'] = $username;
           $aDataN['email'] = $this->getUserEmail($username);

public/include/pages/account/edit.inc.php

@@ -168,17 +168,17 @@ if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
     $wf_sent = $user->token->doesTokenExist('withdraw_funds', $_SESSION['USERDATA']['id']);
   }
 }
-// Tempalte specifics
-$smarty->assign("CONTENT", "default.tpl");
+// csrf stuff
 $smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
 $smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
 $smarty->assign("DETAILSUNLOCKED", $ea_editable);
 $smarty->assign("CHANGEPASSSENT", $cp_sent);
 $smarty->assign("WITHDRAWSENT", $wf_sent);
 $smarty->assign("DETAILSSENT", $ea_sent);
-// csrf token
 if ($csrfenabled) {
   $token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount', 'mdyH');
   $smarty->assign('CTOKEN', $token);
 }
+// Tempalte specifics
+$smarty->assign("CONTENT", "default.tpl");
 ?>

public/include/pages/account/invitations.inc.php

@@ -31,10 +31,10 @@ if ($user->isAuthenticated()) {
     $_SESSION['POPUP'][] = array('CONTENT' => 'Invitations are disabled', 'TYPE' => 'errormsg');
   }
 }
-$smarty->assign('CONTENT', 'default.tpl');
 // csrf token
 if ($csrfenabled) {
   $token = $csrftoken->getBasic($user->getCurrentIP(), 'invitations', 'mdyH');
   $smarty->assign('CTOKEN', $token);
 }
+$smarty->assign('CONTENT', 'default.tpl');
 ?>

public/include/pages/account/notifications.inc.php

@@ -33,14 +33,14 @@ if ($user->isAuthenticated()) {
     // Fetch user notification settings
     $aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
 
-    $smarty->assign('NOTIFICATIONS', $aNotifications);
-    $smarty->assign('SETTINGS', $aSettings);
-    $smarty->assign('CONTENT', 'default.tpl');
     // csrf token
     if ($csrfenabled) {
       $token = $csrftoken->getBasic($user->getCurrentIP(), 'editnotifs', 'mdyH');
       $smarty->assign('CTOKEN', $token);
     }
+    $smarty->assign('NOTIFICATIONS', $aNotifications);
+    $smarty->assign('SETTINGS', $aSettings);
+    $smarty->assign('CONTENT', 'default.tpl');
   }
 }
 ?>

public/include/pages/account/workers.inc.php

@@ -48,11 +48,10 @@ if ($user->isAuthenticated()) {
 
   $smarty->assign('WORKERS', $aWorkers);
 }
-
-$smarty->assign('CONTENT', 'default.tpl');
 // csrf token
 if ($csrfenabled) {
   $token = $csrftoken->getBasic($user->getCurrentIP(), 'workers', 'mdyH');
   $smarty->assign('CTOKEN', $token);
 }
+$smarty->assign('CONTENT', 'default.tpl');
 ?>

public/include/pages/contactform/contactform.inc.php

@@ -63,11 +63,11 @@ if ($setting->getValue('disable_contactform')) {
   }
 }
 
-// Tempalte specifics
-$smarty->assign("CONTENT", "default.tpl");
 // csrf token
 if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
   $token = $csrftoken->getBasic($user->getCurrentIP(), 'contact', 'mdyH');
   $smarty->assign('CTOKEN', $token);
 }
+// Tempalte specifics
+$smarty->assign("CONTENT", "default.tpl");
 ?>

public/include/pages/home.inc.php

@@ -22,11 +22,11 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
 } else {
   $debug->append('Using cached page', 3);
 }
-// Load news entries for Desktop site and unauthenticated users
-$smarty->assign("CONTENT", "default.tpl");
 // csrf token
 if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
   $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
   $smarty->assign('CTOKEN', $token);
 }
+// Load news entries for Desktop site and unauthenticated users
+$smarty->assign("CONTENT", "default.tpl");
 ?>

public/include/pages/login.inc.php

@@ -63,11 +63,11 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
     $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
   }
 }
-// Load login template
-$smarty->assign('CONTENT', 'default.tpl');
 // csrf token
 if ($csrfenabled) {
   $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
   $smarty->assign('CTOKEN', $token);
 }
+// Load login template
+$smarty->assign('CONTENT', 'default.tpl');
 ?>

public/include/pages/register.inc.php

@@ -14,12 +14,12 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit
     require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
     $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
   }
-  // Load news entries for Desktop site and unauthenticated users
-  $smarty->assign("CONTENT", "default.tpl");
   // csrf token
   if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
     $token = $csrftoken->getBasic($user->getCurrentIP(), 'register', 'mdyH');
     $smarty->assign('CTOKEN', $token);
   }
+  // Load news entries for Desktop site and unauthenticated users
+  $smarty->assign("CONTENT", "default.tpl");
 }
 ?>

public/templates/mpos/account/edit/default.tpl

@@ -57,7 +57,7 @@
       <div class="submit_link">
       {nocache}
         {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
-        <input type="hidden" name="ea_token" value="{$smarty.request.ea_token|escape}">
+        <input type="hidden" name="ea_token" value="{$smarty.request.ea_token|escape|default:""}">
         <input type="hidden" name="utype" value="account_edit">
         {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details}
           {if $DETAILSSENT == 1 && $DETAILSUNLOCKED == 1}
@@ -105,7 +105,7 @@
     <footer>
       <div class="submit_link">
       {nocache}
-        <input type="hidden" name="wf_token" value="{$smarty.request.wf_token|escape}">
+        <input type="hidden" name="wf_token" value="{$smarty.request.wf_token|escape|default:""}">
         {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
         <input type="hidden" name="utype" value="withdraw_funds">
         {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.withdraw}
@@ -158,7 +158,7 @@
     <footer>
       <div class="submit_link">
       {nocache}
-        <input type="hidden" name="cp_token" value="{$smarty.request.cp_token|escape}">
+        <input type="hidden" name="cp_token" value="{$smarty.request.cp_token|escape|default:""}">
         {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
         <input type="hidden" name="utype" value="change_pw">
         {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw}

public/templates/mpos/global/header.tpl

@@ -2,4 +2,4 @@
       <h1 class="site_title">{$GLOBAL.website.name|default:"Unknown Pool"}</h1>
       <h2 class="section_title">{if $smarty.request.action|escape|default:""}{$smarty.request.action|escape|capitalize}{else}{$smarty.request.page|escape|default:"home"|capitalize}{/if}</h2>
     </hgroup>
-    {if $GLOBAL.config.recaptcha_enabled|default:"0" != 1 || $GLOBAL.config.recaptcha_enabled_logins|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if}
+    {if $GLOBAL.config.recaptcha_enabled|default:"0" != 1 || $GLOBAL.config.recaptcha_enabled_logins|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if}