$u =& user_get_object(user_getid());
if (!$u || !is_object($u)) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
exit_error('Error','Could Not Get User');
} elseif ($u->isError()) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
exit_error('Error',$u->getErrorMessage());
}
if (!$u->setNewEmailAndHash($newemail, $confirm_hash)) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
exit_error(
'Could Not Complete Operation',
$u->getErrorMessage()
}
if (strlen($passwd)<6) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
exit_error(
$Language->getText('general','error'),
$Language->getText('account_change_pw','not_valid_password')
}
if ($passwd != $passwd2) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
exit_error(
$Language->getText('general','error'),
$Language->getText('account_change_pw','passwords_dont_match')
}
if (!$u->setPasswd($passwd)) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
exit_error(
$Language->getText('general','error'),
'Could not change password: '.$u->getErrorMessage()
if (!$u->update($firstname, $lastname, $language, $timezone, $mail_site, $mail_va, $use_ratings,
$jabber_address,$jabber_only,$theme_id,$address,$address2,$phone,$fax,$title,$ccode)) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
$feedback .= $u->getErrorMessage().'<br />';
} else {
$feedback .= $Language->getText('account','updated').'<br />';
// ###### first check for valid login, if so, redirect
if ($login) {
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
$success=session_login_valid(strtolower($form_loginname),$form_pw);
$HTML->header(array('title'=>'Login'));
if ($login && !$success) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
// Account Pending
if ($userstatus == "P") {
$feedback = $Language->getText('account_login', 'pending_account', array(htmlspecialchars($form_loginname)));
exit_error('Error',$u->getErrorMessage());
}
-if ($submit) {
+if (getStringFromRequest("submit")) {
if (strlen($passwd)<6) {
exit_error(
$u->setNewEmailAndHash($u->getEmail(), $confirm_hash);
if ($u->isError()) {
- form_release_key($_POST['form_key']);
+ form_release_key(getStringFromRequest('form_key'));
exit_error('Error',$u->getErrorMessage());
} else {
}
if (getStringFromRequest('submit')) {
-
/*
-
Adding call to library rather than
logic that used to be coded in this page
-
*/
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
$new_user = new User();
if (getStringFromRequest('people_cat')) {
$cat_name = getStringFromRequest('cat_name');
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
$sql="INSERT INTO people_job_category (name) VALUES ('$cat_name')";
} else if (getStringFromRequest('people_skills')) {
$skill_name = getStringFromRequest('skill_name');
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
$sql="INSERT INTO people_skill (name) VALUES ('$skill_name')";
/*
update the job's description, status, etc
*/
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
//
if ($query_action == 1) {
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
// Update the name and or fields of the displayed saved query
//
} elseif ($query_action == 3) {
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
$aq = new ArtifactQuery($ath,$query_id);
// Delete the query
//
} elseif ($query_action == 5) {
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
$aq = new ArtifactQuery($ath,$query_id);
no one is hacking around, we override any fields they don't have
permission to change.
*/
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
//
case 'postdeleteartifact' : {
- if (!form_key_is_valid($_POST['form_key'])) {
+ if (!form_key_is_valid(getStringFromRequest('form_key'))) {
exit_form_double_submit();
}
if ($ath->userIsAdmin()) {