RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed a bug in edit account template

Browse Source 
moved csrf token to above template in smarty assigns
fixed a bug in user class
remove small login/fix header to catch up
This commit is contained in:
xisi 2014-01-17 10:26:44 -05:00
parent d24f1050ae
commit 15eca659b9
11 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/include/classes/user.class.php
View File

@ -145,7 +145,7 @@ class User extends Base {
$notifs->setSetting($this->setting); $notifs->setSetting($this->setting);
$notifs->setErrorCodes($this->aErrorCodes); $notifs->setErrorCodes($this->aErrorCodes);
$ndata = $notifs->getNotificationSettings($uid); $ndata = $notifs->getNotificationSettings($uid);
if ($ndata['success_login'] == 1) { if (@$ndata['success_login'] == 1) {
// seems to be active, let's send it // seems to be active, let's send it
$aDataN['username'] = $username; $aDataN['username'] = $username;
$aDataN['email'] = $this->getUserEmail($username); $aDataN['email'] = $this->getUserEmail($username);

6
public/include/pages/account/edit.inc.php
View File

@ -168,17 +168,17 @@ if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
$wf_sent = $user->token->doesTokenExist('withdraw_funds', $_SESSION['USERDATA']['id']); $wf_sent = $user->token->doesTokenExist('withdraw_funds', $_SESSION['USERDATA']['id']);
} }
} }
// Tempalte specifics // csrf stuff
$smarty->assign("CONTENT", "default.tpl");
$smarty->assign("CHANGEPASSUNLOCKED", $cp_editable); $smarty->assign("CHANGEPASSUNLOCKED", $cp_editable);
$smarty->assign("WITHDRAWUNLOCKED", $wf_editable); $smarty->assign("WITHDRAWUNLOCKED", $wf_editable);
$smarty->assign("DETAILSUNLOCKED", $ea_editable); $smarty->assign("DETAILSUNLOCKED", $ea_editable);
$smarty->assign("CHANGEPASSSENT", $cp_sent); $smarty->assign("CHANGEPASSSENT", $cp_sent);
$smarty->assign("WITHDRAWSENT", $wf_sent); $smarty->assign("WITHDRAWSENT", $wf_sent);
$smarty->assign("DETAILSSENT", $ea_sent); $smarty->assign("DETAILSSENT", $ea_sent);
// csrf token
if ($csrfenabled) { if ($csrfenabled) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount', 'mdyH'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'editaccount', 'mdyH');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
?> ?>

2
public/include/pages/account/invitations.inc.php
View File

@ -31,10 +31,10 @@ if ($user->isAuthenticated()) {
$_SESSION['POPUP'][] = array('CONTENT' => 'Invitations are disabled', 'TYPE' => 'errormsg'); $_SESSION['POPUP'][] = array('CONTENT' => 'Invitations are disabled', 'TYPE' => 'errormsg');
} }
} }
$smarty->assign('CONTENT', 'default.tpl');
// csrf token // csrf token
if ($csrfenabled) { if ($csrfenabled) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'invitations', 'mdyH'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'invitations', 'mdyH');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
$smarty->assign('CONTENT', 'default.tpl');
?> ?>

6
public/include/pages/account/notifications.inc.php
View File

@ -33,14 +33,14 @@ if ($user->isAuthenticated()) {
// Fetch user notification settings // Fetch user notification settings
$aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']); $aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
$smarty->assign('NOTIFICATIONS', $aNotifications);
$smarty->assign('SETTINGS', $aSettings);
$smarty->assign('CONTENT', 'default.tpl');
// csrf token // csrf token
if ($csrfenabled) { if ($csrfenabled) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'editnotifs', 'mdyH'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'editnotifs', 'mdyH');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
$smarty->assign('NOTIFICATIONS', $aNotifications);
$smarty->assign('SETTINGS', $aSettings);
$smarty->assign('CONTENT', 'default.tpl');
} }
} }
?> ?>

3
public/include/pages/account/workers.inc.php
View File

@ -48,11 +48,10 @@ if ($user->isAuthenticated()) {
$smarty->assign('WORKERS', $aWorkers); $smarty->assign('WORKERS', $aWorkers);
} }
$smarty->assign('CONTENT', 'default.tpl');
// csrf token // csrf token
if ($csrfenabled) { if ($csrfenabled) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'workers', 'mdyH'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'workers', 'mdyH');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
$smarty->assign('CONTENT', 'default.tpl');
?> ?>

4
public/include/pages/contactform/contactform.inc.php
View File

@ -63,11 +63,11 @@ if ($setting->getValue('disable_contactform')) {
} }
} }
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
// csrf token // csrf token
if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) { if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'contact', 'mdyH'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'contact', 'mdyH');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
// Tempalte specifics
$smarty->assign("CONTENT", "default.tpl");
?> ?>

4
public/include/pages/home.inc.php
View File

@ -22,11 +22,11 @@ if (!$smarty->isCached('master.tpl', $smarty_cache_key)) {
} else { } else {
$debug->append('Using cached page', 3); $debug->append('Using cached page', 3);
} }
// Load news entries for Desktop site and unauthenticated users
$smarty->assign("CONTENT", "default.tpl");
// csrf token // csrf token
if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) { if ($config['csrf']['enabled'] && $config['csrf']['forms']['login']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'login'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
// Load news entries for Desktop site and unauthenticated users
$smarty->assign("CONTENT", "default.tpl");
?> ?>

4
public/include/pages/login.inc.php
View File

@ -63,11 +63,11 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
$_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info'); $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
} }
} }
// Load login template
$smarty->assign('CONTENT', 'default.tpl');
// csrf token // csrf token
if ($csrfenabled) { if ($csrfenabled) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'login'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'login');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
// Load login template
$smarty->assign('CONTENT', 'default.tpl');
?> ?>

4
public/include/pages/register.inc.php
View File

@ -14,12 +14,12 @@ if ($setting->getValue('lock_registration') && $setting->getValue('disable_invit
require_once(INCLUDE_DIR . '/lib/recaptchalib.php'); require_once(INCLUDE_DIR . '/lib/recaptchalib.php');
$smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true)); $smarty->assign("RECAPTCHA", recaptcha_get_html($setting->getValue('recaptcha_public_key'), null, true));
} }
// Load news entries for Desktop site and unauthenticated users
$smarty->assign("CONTENT", "default.tpl");
// csrf token // csrf token
if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) { if ($config['csrf']['enabled'] && $config['csrf']['options']['sitewide']) {
$token = $csrftoken->getBasic($user->getCurrentIP(), 'register', 'mdyH'); $token = $csrftoken->getBasic($user->getCurrentIP(), 'register', 'mdyH');
$smarty->assign('CTOKEN', $token); $smarty->assign('CTOKEN', $token);
} }
// Load news entries for Desktop site and unauthenticated users
$smarty->assign("CONTENT", "default.tpl");
} }
?> ?>

6
public/templates/mpos/account/edit/default.tpl
View File

@ -57,7 +57,7 @@
<div class="submit_link"> <div class="submit_link">
{nocache} {nocache}
{if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if} {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
<input type="hidden" name="ea_token" value="{$smarty.request.ea_token|escape}"> <input type="hidden" name="ea_token" value="{$smarty.request.ea_token|escape|default:""}">
<input type="hidden" name="utype" value="account_edit"> <input type="hidden" name="utype" value="account_edit">
{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details} {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.details}
{if $DETAILSSENT == 1 && $DETAILSUNLOCKED == 1} {if $DETAILSSENT == 1 && $DETAILSUNLOCKED == 1}
@ -105,7 +105,7 @@
<footer> <footer>
<div class="submit_link"> <div class="submit_link">
{nocache} {nocache}
<input type="hidden" name="wf_token" value="{$smarty.request.wf_token|escape}"> <input type="hidden" name="wf_token" value="{$smarty.request.wf_token|escape|default:""}">
{if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if} {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
<input type="hidden" name="utype" value="withdraw_funds"> <input type="hidden" name="utype" value="withdraw_funds">
{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.withdraw} {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.withdraw}
@ -158,7 +158,7 @@
<footer> <footer>
<div class="submit_link"> <div class="submit_link">
{nocache} {nocache}
<input type="hidden" name="cp_token" value="{$smarty.request.cp_token|escape}"> <input type="hidden" name="cp_token" value="{$smarty.request.cp_token|escape|default:""}">
{if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if} {if $GLOBAL.csrf.enabled && $GLOBAL.csrf.options.sitewide}<input type="hidden" name="ctoken" value="{$CTOKEN|escape}" />{/if}
<input type="hidden" name="utype" value="change_pw"> <input type="hidden" name="utype" value="change_pw">
{if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw} {if $GLOBAL.twofactor.enabled && $GLOBAL.twofactor.options.changepw}

2
public/templates/mpos/global/header.tpl
View File

@ -2,4 +2,4 @@
<h1 class="site_title">{$GLOBAL.website.name|default:"Unknown Pool"}</h1> <h1 class="site_title">{$GLOBAL.website.name|default:"Unknown Pool"}</h1>
<h2 class="section_title">{if $smarty.request.action|escape|default:""}{$smarty.request.action|escape|capitalize}{else}{$smarty.request.page|escape|default:"home"|capitalize}{/if}</h2> <h2 class="section_title">{if $smarty.request.action|escape|default:""}{$smarty.request.action|escape|capitalize}{else}{$smarty.request.page|escape|default:"home"|capitalize}{/if}</h2>
</hgroup> </hgroup>
{if $GLOBAL.config.recaptcha_enabled|default:"0" != 1 || $GLOBAL.config.recaptcha_enabled_logins|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if} {if $GLOBAL.config.recaptcha_enabled|default:"0" != 1 || $GLOBAL.config.recaptcha_enabled_logins|default:"0" != 1}{nocache}{include file="login/small.tpl"}{/nocache}{/if}