3006cb544f
The way this now works is, if csrf is enabled: * Any new or existing template can have csrf protection by adding the hidden input ctoken that's in this batch to its form, removes any logic in templates * Page controllers that already exist have been updated, new ones only require checking if csrf is enabled and valid
35 lines
1.4 KiB
PHP
35 lines
1.4 KiB
PHP
<?php
|
|
|
|
// Make sure we are called from index.php
|
|
if (!defined('SECURITY')) die('Hacking attempt');
|
|
if ($user->isAuthenticated()) {
|
|
if ($setting->getValue('disable_notifications') == 1) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Notification system disabled by admin.', 'TYPE' => 'info');
|
|
$smarty->assign('CONTENT', 'empty');
|
|
} else {
|
|
if (@$_REQUEST['do'] == 'save') {
|
|
if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) {
|
|
if ($notification->updateSettings($_SESSION['USERDATA']['id'], $_REQUEST['data'])) {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => 'Updated notification settings', 'TYPE' => 'success');
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $notification->getError(), 'TYPE' => 'errormsg');
|
|
}
|
|
} else {
|
|
$_SESSION['POPUP'][] = array('CONTENT' => $csrftoken->getErrorWithDescriptionHTML(), 'TYPE' => 'info');
|
|
}
|
|
}
|
|
|
|
// Fetch notifications
|
|
$aNotifications = $notification->getNofifications($_SESSION['USERDATA']['id']);
|
|
if (!$aNotifications) $_SESSION['POPUP'][] = array('CONTENT' => 'Could not find any notifications', 'TYPE' => 'errormsg');
|
|
|
|
// Fetch user notification settings
|
|
$aSettings = $notification->getNotificationSettings($_SESSION['USERDATA']['id']);
|
|
|
|
$smarty->assign('NOTIFICATIONS', $aNotifications);
|
|
$smarty->assign('SETTINGS', $aSettings);
|
|
$smarty->assign('CONTENT', 'default.tpl');
|
|
}
|
|
}
|
|
|
|
?>
|