Integreated Fourm users

10 files changed, 104 insertions, 149 deletions

@@ -30,7 +30,7 @@ $curID = 0;
 
 $template = new FITemplate('comments');
 $template->add('PAGEID',$page_id);
-$template->add('USERNAME',(isLoggedIn() ? sess_get('uname') : 'Anonymous'));
+$template->add('USERNAME',(isLoggedIn() ? getSessionUsername() : 'Anonymous'));
 
 if (!isLoggedIn())
 {
@@ -43,7 +43,7 @@ $getcomments2 = mysql_query($getcomments) or die($getcomments);
 $i=0;
 while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
 {
-        $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
+        $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
         $getuser2 = mysql_query($getuser);
         $getuser3 = mysql_fetch_array($getuser2);
 
@@ -51,7 +51,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
         {
                 $username = $getuser3['username'];
                 $email = $getuser3['user_email'];
-                $website = $getuser3['website'];
+                $website = $getuser3['user_website'];
         } else {
                 $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
                 $getanon2 = mysql_query($getanon);
@@ -68,7 +68,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
         if (isset($username))
         {
                 $template->add_ref($curID, 'COMMENTS', array(   'CODEDEMAIL' => md5(strtolower($email)),
-                                                                'USERNAME' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username),
+                                                                'USERNAME' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username),
                                                                 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
                                                                 'ID' => $getcomments3[$i]['id'],
                                                                 'TEXT' => parseText($getcomments3[$i]['comment'])));
@@ -93,14 +93,14 @@ if (!isset($noRightbar))
         $i=0;
         while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
         {
-                $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
+                $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
                 $getuser2 = mysql_query($getuser);
                 $getuser3 = mysql_fetch_array($getuser2);
 
                 if ($getuser3['username'] == $getcomments3[$i]['username'])
                 {
                         $username = $getuser3['username'];
-                        $website = $getuser3['website'];
+                        $website = $getuser3['user_website'];
                 } else {
                         $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
                         $getanon2 = mysql_query($getanon);
@@ -125,7 +125,7 @@ if (!isset($noRightbar))
                                                                         'CODED' => $getpost3['slug'],
                                                                         'ENDING' => '/',
                                                                         'TITLE' => stripslashes($getpost3['title']),
-                                                                        'AUTHOR' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username)));
+                                                                        'AUTHOR' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username)));
                         $i++;
                 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
                 {
@@ -136,11 +136,12 @@ if (!isset($noRightbar))
                                                                         'CODED' => $num,
                                                                         'ENDING' => '.php',
                                                                         'TITLE' => 'Quote #' . $num,
-                                                                        'AUTHOR' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username)));
+                                                                        'AUTHOR' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username)));
                         $i++;                   
                 }
         }
 
+        $users = array();
         $getusers = "SELECT DISTINCT username FROM comments";
         $getusers2 = mysql_query($getusers);
         $i=0;
@@ -150,14 +151,14 @@ if (!isset($noRightbar))
                 $getcount2 = mysql_query($getcount);
                 $getcount3 = mysql_fetch_array($getcount2);
 
-                $getuser = "SELECT * FROM users WHERE username = \"" . $getusers3[$i]['username'] . "\"";
+                $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getusers3[$i]['username'] . "\"";
                 $getuser2 = mysql_query($getuser);
                 $getuser3 = mysql_fetch_array($getuser2);
 
                 if ($getuser3['username'] == $getusers3[$i]['username'])
                 {
                         $username = $getuser3['username'];
-                        $website = $getuser3['website'];
+                        $website = $getuser3['user_website'];
                 } else {
                         $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getusers3[$i]['username'] . "\"";
                         $getanon2 = mysql_query($getanon);
@@ -170,23 +171,39 @@ if (!isset($noRightbar))
                         }
                 }
 
-                $name = (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username);
-                $users[$name] = $getcount3[0];
+                $name = (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username);
+                $users[] = array('name' => $name, 'count' => $getcount3['COUNT(*)']);
 
                 $i++;
         }
 
-        arsort($users);
+        function count_sort($a, $b)
+        {
+                $a = $a['count'];
+                $b = $b['count'];
+
+                if ($a > $b)
+                {
+                        return -1;
+                } else if ($a < $b)
+                {
+                        return 1;
+                } else {
+                        return 0;
+                }
+        }
+
+        usort($users, 'count_sort');
         $i=0;
-        foreach ($users as $name => $count)
+        foreach ($users as $value)
         {
                 if ($i == 5)
                 {
                         break;
                 }
 
-                $template->adds_block('TOP', array(     'USERNAME' => $name,
-                                                        'COUNT' => $count));
+                $template->adds_block('TOP', array(     'USERNAME' => $value['name'],
+                                                        'COUNT' => $value['count']));
                 $i++;
         }
 
@@ -22,24 +22,6 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
 
 require('headerproc.php');
 
-function isLoggedIn()
-{
-        return sess_exists('uname');
-}
-
-function getUserlevel()
-{
-        if (isLoggedIn())
-        {
-                $getuser = "SELECT * FROM users WHERE username = \"" . sess_get('uname') . "\"";
-                $getuser2 = mysql_query($getuser);
-                $getuser3 = mysql_fetch_array($getuser2);
-                return $getuser3['user_group'];
-        } else {
-                return 4;
-        }
-}
-
 function countRows($table, $extra = '')
 {
         $cntrows = "SELECT * FROM " . $table . " " . $extra;
@@ -62,7 +44,8 @@ function generateError($error)
 
 function echoLogData()
 {
-        if (!isLoggedIn()) {
+        if (!isLoggedIn())
+        {
                 return('in');
         } else {
                 return('out');
@@ -212,14 +195,6 @@ function updatePop($id, $area, $plus=1)
         }
 }
 
-function verifyUser($username, $password)
-{
-        $getuser = 'SELECT * FROM users WHERE username = "' . $username . '" AND user_password = "' . md5($password) . '"';
-        $getuser2 = mysql_query($getuser);
-        $getuser3 = mysql_fetch_array($getuser2);
-        return (($_POST['username'] != '') && ($getuser3['username'] == $_POST['username']));
-}
-
 function getTags($id, $type = 'published')
 {
         $gettags = "SELECT * FROM tags WHERE post_id = " . $id . " AND post_type = \"" . $type . "\"";
@@ -38,8 +38,6 @@ $headerTemp->add('HEADTAGS',isset($headtags) ? $headtags : '');
 $headerTemp->add('EXTRATITLE',isset($title) ? ($title . ' - ') : '');
 $headerTemp->add('PAGEID',(isset($pageID)) ? $pageID : 'none');
 $headerTemp->add(strtoupper($pageCategory) . 'ACTIVE', ' CLASS="active"');
-$headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI']));
-$headerTemp->add('LOGDATA',echoLogData());
 
 if (isset($_POST['message']))
 {
@@ -48,6 +46,9 @@ if (isset($_POST['message']))
 
 if (($pageCategory != 'fourm') && ($pageCategory != 'wiki'))
 {
+        $headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI']));
+        $headerTemp->add('LOGDATA',echoLogData());
+        $headerTemp->add('SID',getSessionID());
         $headerTemp->adds_block('MEMBERS',array('exi' => 1));
 }
 
@@ -24,38 +24,74 @@ require('headerproc.php');
 
 session_start();
 
-function sess_exists($name)
+function getSessionID()
 {
-        return(isset($_SESSION[$name]));
-}
+        $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\"";
+        $getconfig2 = mysql_query($getconfig);
+        $getconfig3 = mysql_fetch_array($getconfig2);
 
-function sess_set($name,$value)
-{
-        $_SESSION[$name] = $value;
+        if (isset($_COOKIE[$getconfig3['config_value'] . '_sid']))
+        {
+                return $_COOKIE[$getconfig3['config_value'] . '_sid'];
+        }
+
+        return false;
 }
 
-function sess_get($name)
+function getSessionUsername()
 {
-        return $_SESSION[$name];
-}
+        $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\"";
+        $getconfig2 = mysql_query($getconfig);
+        $getconfig3 = mysql_fetch_array($getconfig2);
+
+        if (isset($_COOKIE[$getconfig3['config_value'] . '_sid']))
+        {
+                $getsession = "SELECT * FROM phpbb_sessions AS s, phpbb_users AS u WHERE s.session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\" AND u.user_id = s.session_user_id";
+                $getsession2 = mysql_query($getsession) or die($getsession);
+                $getsession3 = mysql_fetch_array($getsession2);
 
+                return $getsession3['username'];
+        }
+
+        return false;
+}
 
-function sess_getifset($name)
+function isLoggedIn()
 {
-        if (sess_exists($name))
+        $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\"";
+        $getconfig2 = mysql_query($getconfig);
+        $getconfig3 = mysql_fetch_array($getconfig2);
+
+        if (isset($_COOKIE[$getconfig3['config_value'] . '_sid']))
         {
-                return sess_get($name);
-        } else {
-                return false;
+                $getsession = "SELECT * FROM phpbb_sessions WHERE session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\"";
+                $getsession2 = mysql_query($getsession);
+                $getsession3 = mysql_fetch_array($getsession2);
+
+                if ($getsession3['session_user_id'] != '1')
+                {
+                        return true;
+                }
         }
+
+        return false;
 }
 
-function sess_delete($name)
+function isAdmin()
 {
-        if (sess_exists($name))
+        if (isLoggedIn())
         {
-                unset($_SESSION[$name]);
+                $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2";
+                $getgroup2 = mysql_query($getgroup);
+                $getgroup3 = mysql_fetch_array($getgroup2);
+
+                if ($getgroup3['COUNT(*)'] == '1')
+                {
+                        return true;
+                }
         }
+
+        return false;
 }
 
 ?>
@@ -26,7 +26,7 @@ $pageCategory = 'panel';
 
 if (isLoggedIn())
 {
-        if (getUserlevel() == 1)
+        if (isAdmin())
         {
                 if (!isset($_GET['page']))
                 {
@@ -41,7 +41,7 @@ if (isLoggedIn())
 
                                 if ($_POST['type'] == 'draft')
                                 {
-                                        $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
+                                        $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
                                         $insdraft2 = mysql_query($insdraft);
 
                                         $id = mysql_insert_id();
@@ -51,7 +51,7 @@ if (isLoggedIn())
                                         $template->add('ID', $id);
                                 } else if ($_POST['type'] == 'instant')
                                 {
-                                        $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']);
+                                        $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
 
                                         $getpost = "SELECT * FROM updates WHERE id = " . $id;
                                         $getpost2 = mysql_query($getpost);
@@ -87,7 +87,7 @@ if (isLoggedIn())
                                                 generateError(404);
                                         }
 
-                                        $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
+                                        $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
                                         $inspending2 = mysql_query($inspending);
 
                                         addTags($id, $tags, 'pending');
@@ -140,7 +140,7 @@ if (isLoggedIn())
                                                 $template->add('ID', $_GET['id']);
                                         } else if ($_POST['type'] == 'instant')
                                         {
-                                                $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']);
+                                                $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
 
                                                 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id'];
                                                 $deldraft2 = mysql_query($deldraft);
@@ -179,7 +179,7 @@ if (isLoggedIn())
                                                         generateError(404);
                                                 }
 
-                                                $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
+                                                $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
                                                 $inspending2 = mysql_query($inspending);
 
                                                 addTags($id, $tags, 'pending');
@@ -539,14 +539,14 @@ if (isLoggedIn())
 
                         if ($getcomment3['id'] == $_GET['id'])
                         {
-                                $getuser = "SELECT * FROM users WHERE username = \"" . $getcomment3['author'] . "\"";
+                                $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomment3['author'] . "\"";
                                 $getuser2 = mysql_query($getuser);
                                 $getuser3 = mysql_fetch_array($getuser2);
 
                                 $template = new FITemplate('admin/viewComment');
                                 $template->add('ID', $_GET['id']);
                                 $template->add('USERNAME', $getcomment3['author']);
-                                $template->add('CODEDEMAIL', md5(strtolower($getuser3['email'])));
+                                $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email'])));
                                 $template->add('TEXT', parseText($getcomment3['comment']));
                                 $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate'])));
                         } else {
@@ -601,7 +601,7 @@ if (isLoggedIn())
                                 $template = new FITemplate('admin/pollrss');
                         } else if ($_GET['step'] == 2)
                         {
-                                $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
+                                $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
                                 $insrss2 = mysql_query($insrss);
 
                                 $template = new FITemplate('admin/newPoll');
@@ -1,46 +0,0 @@
-<?php
-/*
-       444444444  
-      4::::::::4  
-     4:::::::::4  
-    4::::44::::4  
-   4::::4 4::::4   Four Island
-  4::::4  4::::4  
- 4::::4   4::::4   Written and maintained by Starla Insigna
-4::::444444::::444
-4::::::::::::::::4  pages/login.php
-4444444444:::::444
-          4::::4   Please do not use, reproduce or steal the
-          4::::4   contents of this file without explicit
-          4::::4   permission from Hatkirby.
-        44::::::44
-        4::::::::4
-        4444444444
-*/
-
-if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
-
-require('headerproc.php');
-
-$pageCategory = 'log';
-
-if (!isset($_GET['submit']))
-{
-        $template = new FITemplate('login');
-        $template->add('REDIRECT',$_GET['redirect']);
-} else {
-        if (verifyUser($_POST['username'], $_POST['password']))
-        {
-                sess_set('uname',$_POST['username']);
-                header('Location: ' . rawurldecode($_POST['redirect']));
-                exit;
-        } else {
-                $template = new FITemplate('login');
-                $template->add('REDIRECT',$_POST['redirect']);
-                $template->adds_block('ERROR',array('MSG' => "The username/password pair didn't resolve to a real user. Try logging on again, spelling the password right, or making sure you actually have an a account."));
-        }
-}
-
-$template->display();
-
-?>
@@ -1,28 +0,0 @@
-<?php
-/*
-       444444444  
-      4::::::::4  
-     4:::::::::4  
-    4::::44::::4  
-   4::::4 4::::4   Four Island
-  4::::4  4::::4  
- 4::::4   4::::4   Written and maintained by Starla Insigna
-4::::444444::::444
-4::::::::::::::::4  pages/logout.php
-4444444444:::::444
-          4::::4   Please do not use, reproduce or steal the
-          4::::4   contents of this file without explicit
-          4::::4   permission from Hatkirby.
-        44::::::44
-        4::::::::4
-        4444444444
-*/
-
-if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
-
-require('headerproc.php');
-
-sess_delete('uname');
-header('Location: ' . rawurldecode($_GET['redirect']));
-
-?>
@@ -84,10 +84,10 @@ if (!isset($_GET['id']))
                                 }
                         }
                 } else {
-                        $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . sess_get('uname') . "\", comment = \"" . $_POST['comment'] . "\"";
+                        $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . getSessionUsername() . "\", comment = \"" . $_POST['comment'] . "\"";
                         $setcomment2 = mysql_query($setcomment);
 
-                        mail('hatkirby@fourisland.com', 'New comment on Four Island!', sess_get('uname') . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']);
+                        mail('hatkirby@fourisland.com', 'New comment on Four Island!', getSessionUsername() . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']);
 
                         $page_id = $_GET['id'];
                         $comType = substr($page_id,0,strpos($page_id,'-'));
@@ -97,7 +97,7 @@ if (!isset($_GET['id']))
                                 recalcPop($comID);
                         }
 
-                        $template->add('MSG',"Thank you, " . sess_get('uname') . ", for posting your valuable comment!");
+                        $template->add('MSG',"Thank you, " . getSessionUsername() . ", for posting your valuable comment!");
                 }
         }
 }
@@ -62,7 +62,7 @@
                                                 <!--BEGIN MEMBERS-->
                                                 <LI<!--LOGACTIVE-->>
                                                         <IMG SRC="/theme/images/icons/door_in.png" ALT="Log<!--LOGDATA-->">
-                                                        <A HREF="http://fourisland.com/log<!--LOGDATA-->.php?redirect=<!--REDIRPAGE-->">Log<!--LOGDATA--></A>
+                                                        <A HREF="http://fourisland.com/fourm/ucp.php?mode=log<!--LOGDATA-->&amp;redirect=<!--REDIRPAGE-->&amp;sid=<!--SID-->">Log<!--LOGDATA--></A>
                                                 </LI>
                                                 <!--END MEMBERS-->
                                         </UL>