Quick Search:

Mode

Context

Displaying 3 lines of context. None | Less | More | Full

Other Diffs

Ignore

Blank Lines Whitespace:

Diff

1840
  
1843
  
1843
  
create_account.php
_> 11 <?php
  22 /*
<> 3 -  $Id: create_account.php 1840 2008-12-12 12:32:40Z hpdl $
   3+  $Id: create_account.php 1843 2008-12-12 13:32:10Z hpdl $
44 
  55   osCommerce, Open Source E-Commerce Solutions
  66   http://www.oscommerce.com
      
 !
1616   require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CREATE_ACCOUNT);
  1717 
  1818   $process = false;
<> 19 -  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
   19+  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
2020     $process = true;
  2121 
  2222     if (ACCOUNT_GENDER == 'true') {
      
 !
226226       tep_session_register('customer_country_id');
  227227       tep_session_register('customer_zone_id');
  228228 
<>  229+// reset session token
   230+      $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
   231+
229232 // restore cart contents
  230233       $cart->restore_contents();
  231234 
      
 !
274277 <!-- left_navigation_eof //-->
  275278     </table></td>
  276279 <!-- body_text //-->
<> 277 -    <td width="100%" valign="top"><?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onSubmit="return check_form(create_account);"') . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
   280+    <td width="100%" valign="top"><?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onSubmit="return check_form(create_account);"', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<_ 278281       <tr>
  279282         <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
  280283           <tr>