From 15eca659b97f1b04aef4da1431717cfa2e4641f2 Mon Sep 17 00:00:00 2001 From: xisi Date: Fri, 17 Jan 2014 10:26:44 -0500 Subject: [PATCH] fixed a bug in edit account template moved csrf token to above template in smarty assigns fixed a bug in user class remove small login/fix header to catch up --- public/include/classes/user.class.php | 2 +- public/include/pages/account/edit.inc.php | 6 +++--- public/include/pages/account/invitations.inc.php | 2 +- public/include/pages/account/notifications.inc.php | 6 +++--- public/include/pages/account/workers.inc.php | 3 +-- public/include/pages/contactform/contactform.inc.php | 4 ++-- public/include/pages/home.inc.php | 4 ++-- public/include/pages/login.inc.php | 4 ++-- public/include/pages/register.inc.php | 4 ++-- public/templates/mpos/account/edit/default.tpl | 6 +++--- public/templates/mpos/global/header.tpl | 2 +- 11 files changed, 21 insertions(+), 22 deletions(-) diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php index d238339e..94bafb57 100644 --- a/public/include/classes/user.class.php +++ b/public/include/classes/user.class.php @@ -145,7 +145,7 @@ class User extends Base { $notifs->setSetting($this->setting); $notifs->setErrorCodes($this->aErrorCodes); $ndata = $notifs->getNotificationSettings($uid); - if ($ndata['success_login'] == 1) { + if (@$ndata['success_login'] == 1) { // seems to be active, let's send it $aDataN['username'] = $username; $aDataN['email'] = $this->getUserEmail($username); diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php index 0d822e86..27203ef0 100644 --- a/public/include/pages/account/edit.inc.php +++ b/public/include/pages/account/edit.inc.php @@ -168,17 +168,17 @@ if ($user->isAuthenticated() && $config['twofactor']['enabled']) { $wf_sent = $user->token->doesTokenExist('withdraw_funds', $_SESSION['USERDATA']['id']); } } -// Tempalte specifics -$smarty->assign("CONTENT", "default.tpl"); +// csrf stuff $smarty->assign("CHANGEPASSUNLOCKED", $cp_editable); $smarty->assign("WITHDRAWUNLOCKED", $wf_editable); $smarty->assign("DETAILSUNLOCKED", $ea_editable); $smarty->assign("CHANGEPASSSENT", $cp_sent); $smarty->assign("WITHDRAWSENT", $wf_sent); $smarty->assign("DETAILSSENT", $ea_sent); -// csrf token if ($csrfenabled) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount', 'mdyH'); $smarty->assign('CTOKEN', $token); } +// Tempalte specifics +$smarty->assign("CONTENT", "default.tpl"); ?> diff --git a/public/include/pages/account/invitations.inc.php b/public/include/pages/account/invitations.inc.php index ce970e56..b7fd94e0 100644 --- a/public/include/pages/account/invitations.inc.php +++ b/public/include/pages/account/invitations.inc.php @@ -31,10 +31,10 @@ if ($user->isAuthenticated()) { $_SESSION['POPUP'][] = array('CONTENT' => 'Invitations are disabled', 'TYPE' => 'errormsg'); } } -$smarty->assign('CONTENT', 'default.tpl'); // csrf token if ($csrfenabled) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'invitations', 'mdyH'); $smarty->assign('CTOKEN', $token); } +$smarty->assign('CONTENT', 'default.tpl'); ?> diff --git a/public/include/pages/account/notifications.inc.php b/public/include/pages/account/notifications.inc.php index ca53b7f2..c9c184a6 100644 --- a/public/include/pages/account/notifications.inc.php +++ b/public/include/pages/account/notifications.inc.php @@ -33,14 +33,14 @@ if ($user->isAuthenticated()) { // Fetch user notification settings $aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']); - $smarty->assign('NOTIFICATIONS', $aNotifications); - $smarty->assign('SETTINGS', $aSettings); - $smarty->assign('CONTENT', 'default.tpl'); // csrf token if ($csrfenabled) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'editnotifs', 'mdyH'); $smarty->assign('CTOKEN', $token); } + $smarty->assign('NOTIFICATIONS', $aNotifications); + $smarty->assign('SETTINGS', $aSettings); + $smarty->assign('CONTENT', 'default.tpl'); } } ?> diff --git a/public/include/pages/account/workers.inc.php b/public/include/pages/account/workers.inc.php index 23068959..96a076d8 100644 --- a/public/include/pages/account/workers.inc.php +++ b/public/include/pages/account/workers.inc.php @@ -48,11 +48,10 @@ if ($user->isAuthenticated()) { $smarty->assign('WORKERS', $aWorkers); } - -$smarty->assign('CONTENT', 'default.tpl'); // csrf token if ($csrfenabled) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'workers', 'mdyH'); $smarty->assign('CTOKEN', $token); } +$smarty->assign('CONTENT', 'default.tpl'); ?> diff --git a/public/include/pages/contactform/contactform.inc.php b/public/include/pages/contactform/contactform.inc.php index 7e0a3106..483e6b3e 100644 --- a/public/include/pages/contactform/contactform.inc.php +++ b/public/include/pages/contactform/contactform.inc.php @@ -63,11 +63,11 @@ if ($setting->getValue('disable_contactform')) { } } -// Tempalte specifics -$smarty->assign("CONTENT", "default.tpl"); // csrf token if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'contact', 'mdyH'); $smarty->assign('CTOKEN', $token); } +// Tempalte specifics +$smarty->assign("CONTENT", "default.tpl"); ?> diff --git a/public/include/pages/home.inc.php b/public/include/pages/home.inc.php index 85e550dc..c4dbe852 100644 --- a/public/include/pages/home.inc.php +++ b/public/include/pages/home.inc.php @@ -22,11 +22,11 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) { } else { $debug->append('Using cached page', 3); } -// Load news entries for Desktop site and unauthenticated users -$smarty->assign("CONTENT", "default.tpl"); // csrf token if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'login'); $smarty->assign('CTOKEN', $token); } +// Load news entries for Desktop site and unauthenticated users +$smarty->assign("CONTENT", "default.tpl"); ?> diff --git a/public/include/pages/login.inc.php b/public/include/pages/login.inc.php index b7590abd..0682699f 100644 --- a/public/include/pages/login.inc.php +++ b/public/include/pages/login.inc.php @@ -63,11 +63,11 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info'); } } -// Load login template -$smarty->assign('CONTENT', 'default.tpl'); // csrf token if ($csrfenabled) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'login'); $smarty->assign('CTOKEN', $token); } +// Load login template +$smarty->assign('CONTENT', 'default.tpl'); ?> diff --git a/public/include/pages/register.inc.php b/public/include/pages/register.inc.php index 2be0e636..0ef87aae 100644 --- a/public/include/pages/register.inc.php +++ b/public/include/pages/register.inc.php @@ -14,12 +14,12 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit require_once(INCLUDE_DIR . '/lib/recaptchalib.php'); $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true)); } - // Load news entries for Desktop site and unauthenticated users - $smarty->assign("CONTENT", "default.tpl"); // csrf token if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) { $token = $csrftoken->getBasic($user->getCurrentIP(), 'register', 'mdyH'); $smarty->assign('CTOKEN', $token); } + // Load news entries for Desktop site and unauthenticated users + $smarty->assign("CONTENT", "default.tpl"); } ?> diff --git a/public/templates/mpos/account/edit/default.tpl b/public/templates/mpos/account/edit/default.tpl index 174b3745..5baac533 100644 --- a/public/templates/mpos/account/edit/default.tpl +++ b/public/templates/mpos/account/edit/default.tpl @@ -57,7 +57,7 @@
{nocache} {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}{/if} - + {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details} {if $DETAILSSENT == 1 && $DETAILSUNLOCKED == 1} @@ -105,7 +105,7 @@