diff options
-rwxr-xr-x | includes/comments.php | 8 | ||||
-rwxr-xr-x | includes/footer.php | 41 | ||||
-rwxr-xr-x | includes/functions.php | 29 | ||||
-rwxr-xr-x | includes/header.php | 5 | ||||
-rwxr-xr-x | includes/session.php | 70 | ||||
-rwxr-xr-x | pages/admin.php | 18 | ||||
-rwxr-xr-x | pages/login.php | 46 | ||||
-rwxr-xr-x | pages/logout.php | 28 | ||||
-rwxr-xr-x | pages/post.php | 6 | ||||
-rwxr-xr-x | theme/header.tpl | 2 |
10 files changed, 104 insertions, 149 deletions
diff --git a/includes/comments.php b/includes/comments.php index 15e9fc8..d405279 100755 --- a/includes/comments.php +++ b/includes/comments.php | |||
@@ -30,7 +30,7 @@ $curID = 0; | |||
30 | 30 | ||
31 | $template = new FITemplate('comments'); | 31 | $template = new FITemplate('comments'); |
32 | $template->add('PAGEID',$page_id); | 32 | $template->add('PAGEID',$page_id); |
33 | $template->add('USERNAME',(isLoggedIn() ? sess_get('uname') : 'Anonymous')); | 33 | $template->add('USERNAME',(isLoggedIn() ? getSessionUsername() : 'Anonymous')); |
34 | 34 | ||
35 | if (!isLoggedIn()) | 35 | if (!isLoggedIn()) |
36 | { | 36 | { |
@@ -43,7 +43,7 @@ $getcomments2 = mysql_query($getcomments) or die($getcomments); | |||
43 | $i=0; | 43 | $i=0; |
44 | while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | 44 | while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) |
45 | { | 45 | { |
46 | $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; | 46 | $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; |
47 | $getuser2 = mysql_query($getuser); | 47 | $getuser2 = mysql_query($getuser); |
48 | $getuser3 = mysql_fetch_array($getuser2); | 48 | $getuser3 = mysql_fetch_array($getuser2); |
49 | 49 | ||
@@ -51,7 +51,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
51 | { | 51 | { |
52 | $username = $getuser3['username']; | 52 | $username = $getuser3['username']; |
53 | $email = $getuser3['user_email']; | 53 | $email = $getuser3['user_email']; |
54 | $website = $getuser3['website']; | 54 | $website = $getuser3['user_website']; |
55 | } else { | 55 | } else { |
56 | $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; | 56 | $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; |
57 | $getanon2 = mysql_query($getanon); | 57 | $getanon2 = mysql_query($getanon); |
@@ -68,7 +68,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | |||
68 | if (isset($username)) | 68 | if (isset($username)) |
69 | { | 69 | { |
70 | $template->add_ref($curID, 'COMMENTS', array( 'CODEDEMAIL' => md5(strtolower($email)), | 70 | $template->add_ref($curID, 'COMMENTS', array( 'CODEDEMAIL' => md5(strtolower($email)), |
71 | 'USERNAME' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username), | 71 | 'USERNAME' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username), |
72 | 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])), | 72 | 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])), |
73 | 'ID' => $getcomments3[$i]['id'], | 73 | 'ID' => $getcomments3[$i]['id'], |
74 | 'TEXT' => parseText($getcomments3[$i]['comment']))); | 74 | 'TEXT' => parseText($getcomments3[$i]['comment']))); |
diff --git a/includes/footer.php b/includes/footer.php index dadb6f5..0a93ae9 100755 --- a/includes/footer.php +++ b/includes/footer.php | |||
@@ -93,14 +93,14 @@ if (!isset($noRightbar)) | |||
93 | $i=0; | 93 | $i=0; |
94 | while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) | 94 | while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) |
95 | { | 95 | { |
96 | $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; | 96 | $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; |
97 | $getuser2 = mysql_query($getuser); | 97 | $getuser2 = mysql_query($getuser); |
98 | $getuser3 = mysql_fetch_array($getuser2); | 98 | $getuser3 = mysql_fetch_array($getuser2); |
99 | 99 | ||
100 | if ($getuser3['username'] == $getcomments3[$i]['username']) | 100 | if ($getuser3['username'] == $getcomments3[$i]['username']) |
101 | { | 101 | { |
102 | $username = $getuser3['username']; | 102 | $username = $getuser3['username']; |
103 | $website = $getuser3['website']; | 103 | $website = $getuser3['user_website']; |
104 | } else { | 104 | } else { |
105 | $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; | 105 | $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; |
106 | $getanon2 = mysql_query($getanon); | 106 | $getanon2 = mysql_query($getanon); |
@@ -125,7 +125,7 @@ if (!isset($noRightbar)) | |||
125 | 'CODED' => $getpost3['slug'], | 125 | 'CODED' => $getpost3['slug'], |
126 | 'ENDING' => '/', | 126 | 'ENDING' => '/', |
127 | 'TITLE' => stripslashes($getpost3['title']), | 127 | 'TITLE' => stripslashes($getpost3['title']), |
128 | 'AUTHOR' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username))); | 128 | 'AUTHOR' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username))); |
129 | $i++; | 129 | $i++; |
130 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) | 130 | } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) |
131 | { | 131 | { |
@@ -136,11 +136,12 @@ if (!isset($noRightbar)) | |||
136 | 'CODED' => $num, | 136 | 'CODED' => $num, |
137 | 'ENDING' => '.php', | 137 | 'ENDING' => '.php', |
138 | 'TITLE' => 'Quote #' . $num, | 138 | 'TITLE' => 'Quote #' . $num, |
139 | 'AUTHOR' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username))); | 139 | 'AUTHOR' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username))); |
140 | $i++; | 140 | $i++; |
141 | } | 141 | } |
142 | } | 142 | } |
143 | 143 | ||
144 | $users = array(); | ||
144 | $getusers = "SELECT DISTINCT username FROM comments"; | 145 | $getusers = "SELECT DISTINCT username FROM comments"; |
145 | $getusers2 = mysql_query($getusers); | 146 | $getusers2 = mysql_query($getusers); |
146 | $i=0; | 147 | $i=0; |
@@ -150,14 +151,14 @@ if (!isset($noRightbar)) | |||
150 | $getcount2 = mysql_query($getcount); | 151 | $getcount2 = mysql_query($getcount); |
151 | $getcount3 = mysql_fetch_array($getcount2); | 152 | $getcount3 = mysql_fetch_array($getcount2); |
152 | 153 | ||
153 | $getuser = "SELECT * FROM users WHERE username = \"" . $getusers3[$i]['username'] . "\""; | 154 | $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getusers3[$i]['username'] . "\""; |
154 | $getuser2 = mysql_query($getuser); | 155 | $getuser2 = mysql_query($getuser); |
155 | $getuser3 = mysql_fetch_array($getuser2); | 156 | $getuser3 = mysql_fetch_array($getuser2); |
156 | 157 | ||
157 | if ($getuser3['username'] == $getusers3[$i]['username']) | 158 | if ($getuser3['username'] == $getusers3[$i]['username']) |
158 | { | 159 | { |
159 | $username = $getuser3['username']; | 160 | $username = $getuser3['username']; |
160 | $website = $getuser3['website']; | 161 | $website = $getuser3['user_website']; |
161 | } else { | 162 | } else { |
162 | $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getusers3[$i]['username'] . "\""; | 163 | $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getusers3[$i]['username'] . "\""; |
163 | $getanon2 = mysql_query($getanon); | 164 | $getanon2 = mysql_query($getanon); |
@@ -170,23 +171,39 @@ if (!isset($noRightbar)) | |||
170 | } | 171 | } |
171 | } | 172 | } |
172 | 173 | ||
173 | $name = (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username); | 174 | $name = (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username); |
174 | $users[$name] = $getcount3[0]; | 175 | $users[] = array('name' => $name, 'count' => $getcount3['COUNT(*)']); |
175 | 176 | ||
176 | $i++; | 177 | $i++; |
177 | } | 178 | } |
178 | 179 | ||
179 | arsort($users); | 180 | function count_sort($a, $b) |
181 | { | ||
182 | $a = $a['count']; | ||
183 | $b = $b['count']; | ||
184 | |||
185 | if ($a > $b) | ||
186 | { | ||
187 | return -1; | ||
188 | } else if ($a < $b) | ||
189 | { | ||
190 | return 1; | ||
191 | } else { | ||
192 | return 0; | ||
193 | } | ||
194 | } | ||
195 | |||
196 | usort($users, 'count_sort'); | ||
180 | $i=0; | 197 | $i=0; |
181 | foreach ($users as $name => $count) | 198 | foreach ($users as $value) |
182 | { | 199 | { |
183 | if ($i == 5) | 200 | if ($i == 5) |
184 | { | 201 | { |
185 | break; | 202 | break; |
186 | } | 203 | } |
187 | 204 | ||
188 | $template->adds_block('TOP', array( 'USERNAME' => $name, | 205 | $template->adds_block('TOP', array( 'USERNAME' => $value['name'], |
189 | 'COUNT' => $count)); | 206 | 'COUNT' => $value['count'])); |
190 | $i++; | 207 | $i++; |
191 | } | 208 | } |
192 | 209 | ||
diff --git a/includes/functions.php b/includes/functions.php index 7c06077..16de184 100755 --- a/includes/functions.php +++ b/includes/functions.php | |||
@@ -22,24 +22,6 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);} | |||
22 | 22 | ||
23 | require('headerproc.php'); | 23 | require('headerproc.php'); |
24 | 24 | ||
25 | function isLoggedIn() | ||
26 | { | ||
27 | return sess_exists('uname'); | ||
28 | } | ||
29 | |||
30 | function getUserlevel() | ||
31 | { | ||
32 | if (isLoggedIn()) | ||
33 | { | ||
34 | $getuser = "SELECT * FROM users WHERE username = \"" . sess_get('uname') . "\""; | ||
35 | $getuser2 = mysql_query($getuser); | ||
36 | $getuser3 = mysql_fetch_array($getuser2); | ||
37 | return $getuser3['user_group']; | ||
38 | } else { | ||
39 | return 4; | ||
40 | } | ||
41 | } | ||
42 | |||
43 | function countRows($table, $extra = '') | 25 | function countRows($table, $extra = '') |
44 | { | 26 | { |
45 | $cntrows = "SELECT * FROM " . $table . " " . $extra; | 27 | $cntrows = "SELECT * FROM " . $table . " " . $extra; |
@@ -62,7 +44,8 @@ function generateError($error) | |||
62 | 44 | ||
63 | function echoLogData() | 45 | function echoLogData() |
64 | { | 46 | { |
65 | if (!isLoggedIn()) { | 47 | if (!isLoggedIn()) |
48 | { | ||
66 | return('in'); | 49 | return('in'); |
67 | } else { | 50 | } else { |
68 | return('out'); | 51 | return('out'); |
@@ -212,14 +195,6 @@ function updatePop($id, $area, $plus=1) | |||
212 | } | 195 | } |
213 | } | 196 | } |
214 | 197 | ||
215 | function verifyUser($username, $password) | ||
216 | { | ||
217 | $getuser = 'SELECT * FROM users WHERE username = "' . $username . '" AND user_password = "' . md5($password) . '"'; | ||
218 | $getuser2 = mysql_query($getuser); | ||
219 | $getuser3 = mysql_fetch_array($getuser2); | ||
220 | return (($_POST['username'] != '') && ($getuser3['username'] == $_POST['username'])); | ||
221 | } | ||
222 | |||
223 | function getTags($id, $type = 'published') | 198 | function getTags($id, $type = 'published') |
224 | { | 199 | { |
225 | $gettags = "SELECT * FROM tags WHERE post_id = " . $id . " AND post_type = \"" . $type . "\""; | 200 | $gettags = "SELECT * FROM tags WHERE post_id = " . $id . " AND post_type = \"" . $type . "\""; |
diff --git a/includes/header.php b/includes/header.php index c2cbbc2..4460d0a 100755 --- a/includes/header.php +++ b/includes/header.php | |||
@@ -38,8 +38,6 @@ $headerTemp->add('HEADTAGS',isset($headtags) ? $headtags : ''); | |||
38 | $headerTemp->add('EXTRATITLE',isset($title) ? ($title . ' - ') : ''); | 38 | $headerTemp->add('EXTRATITLE',isset($title) ? ($title . ' - ') : ''); |
39 | $headerTemp->add('PAGEID',(isset($pageID)) ? $pageID : 'none'); | 39 | $headerTemp->add('PAGEID',(isset($pageID)) ? $pageID : 'none'); |
40 | $headerTemp->add(strtoupper($pageCategory) . 'ACTIVE', ' CLASS="active"'); | 40 | $headerTemp->add(strtoupper($pageCategory) . 'ACTIVE', ' CLASS="active"'); |
41 | $headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI'])); | ||
42 | $headerTemp->add('LOGDATA',echoLogData()); | ||
43 | 41 | ||
44 | if (isset($_POST['message'])) | 42 | if (isset($_POST['message'])) |
45 | { | 43 | { |
@@ -48,6 +46,9 @@ if (isset($_POST['message'])) | |||
48 | 46 | ||
49 | if (($pageCategory != 'fourm') && ($pageCategory != 'wiki')) | 47 | if (($pageCategory != 'fourm') && ($pageCategory != 'wiki')) |
50 | { | 48 | { |
49 | $headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI'])); | ||
50 | $headerTemp->add('LOGDATA',echoLogData()); | ||
51 | $headerTemp->add('SID',getSessionID()); | ||
51 | $headerTemp->adds_block('MEMBERS',array('exi' => 1)); | 52 | $headerTemp->adds_block('MEMBERS',array('exi' => 1)); |
52 | } | 53 | } |
53 | 54 | ||
diff --git a/includes/session.php b/includes/session.php index ff47e12..a4a7604 100755 --- a/includes/session.php +++ b/includes/session.php | |||
@@ -24,38 +24,74 @@ require('headerproc.php'); | |||
24 | 24 | ||
25 | session_start(); | 25 | session_start(); |
26 | 26 | ||
27 | function sess_exists($name) | 27 | function getSessionID() |
28 | { | 28 | { |
29 | return(isset($_SESSION[$name])); | 29 | $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\""; |
30 | } | 30 | $getconfig2 = mysql_query($getconfig); |
31 | $getconfig3 = mysql_fetch_array($getconfig2); | ||
31 | 32 | ||
32 | function sess_set($name,$value) | 33 | if (isset($_COOKIE[$getconfig3['config_value'] . '_sid'])) |
33 | { | 34 | { |
34 | $_SESSION[$name] = $value; | 35 | return $_COOKIE[$getconfig3['config_value'] . '_sid']; |
36 | } | ||
37 | |||
38 | return false; | ||
35 | } | 39 | } |
36 | 40 | ||
37 | function sess_get($name) | 41 | function getSessionUsername() |
38 | { | 42 | { |
39 | return $_SESSION[$name]; | 43 | $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\""; |
40 | } | 44 | $getconfig2 = mysql_query($getconfig); |
45 | $getconfig3 = mysql_fetch_array($getconfig2); | ||
46 | |||
47 | if (isset($_COOKIE[$getconfig3['config_value'] . '_sid'])) | ||
48 | { | ||
49 | $getsession = "SELECT * FROM phpbb_sessions AS s, phpbb_users AS u WHERE s.session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\" AND u.user_id = s.session_user_id"; | ||
50 | $getsession2 = mysql_query($getsession) or die($getsession); | ||
51 | $getsession3 = mysql_fetch_array($getsession2); | ||
41 | 52 | ||
53 | return $getsession3['username']; | ||
54 | } | ||
55 | |||
56 | return false; | ||
57 | } | ||
42 | 58 | ||
43 | function sess_getifset($name) | 59 | function isLoggedIn() |
44 | { | 60 | { |
45 | if (sess_exists($name)) | 61 | $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\""; |
62 | $getconfig2 = mysql_query($getconfig); | ||
63 | $getconfig3 = mysql_fetch_array($getconfig2); | ||
64 | |||
65 | if (isset($_COOKIE[$getconfig3['config_value'] . '_sid'])) | ||
46 | { | 66 | { |
47 | return sess_get($name); | 67 | $getsession = "SELECT * FROM phpbb_sessions WHERE session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\""; |
48 | } else { | 68 | $getsession2 = mysql_query($getsession); |
49 | return false; | 69 | $getsession3 = mysql_fetch_array($getsession2); |
70 | |||
71 | if ($getsession3['session_user_id'] != '1') | ||
72 | { | ||
73 | return true; | ||
74 | } | ||
50 | } | 75 | } |
76 | |||
77 | return false; | ||
51 | } | 78 | } |
52 | 79 | ||
53 | function sess_delete($name) | 80 | function isAdmin() |
54 | { | 81 | { |
55 | if (sess_exists($name)) | 82 | if (isLoggedIn()) |
56 | { | 83 | { |
57 | unset($_SESSION[$name]); | 84 | $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2"; |
85 | $getgroup2 = mysql_query($getgroup); | ||
86 | $getgroup3 = mysql_fetch_array($getgroup2); | ||
87 | |||
88 | if ($getgroup3['COUNT(*)'] == '1') | ||
89 | { | ||
90 | return true; | ||
91 | } | ||
58 | } | 92 | } |
93 | |||
94 | return false; | ||
59 | } | 95 | } |
60 | 96 | ||
61 | ?> | 97 | ?> |
diff --git a/pages/admin.php b/pages/admin.php index a3b1783..60bc73d 100755 --- a/pages/admin.php +++ b/pages/admin.php | |||
@@ -26,7 +26,7 @@ $pageCategory = 'panel'; | |||
26 | 26 | ||
27 | if (isLoggedIn()) | 27 | if (isLoggedIn()) |
28 | { | 28 | { |
29 | if (getUserlevel() == 1) | 29 | if (isAdmin()) |
30 | { | 30 | { |
31 | if (!isset($_GET['page'])) | 31 | if (!isset($_GET['page'])) |
32 | { | 32 | { |
@@ -41,7 +41,7 @@ if (isLoggedIn()) | |||
41 | 41 | ||
42 | if ($_POST['type'] == 'draft') | 42 | if ($_POST['type'] == 'draft') |
43 | { | 43 | { |
44 | $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 44 | $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
45 | $insdraft2 = mysql_query($insdraft); | 45 | $insdraft2 = mysql_query($insdraft); |
46 | 46 | ||
47 | $id = mysql_insert_id(); | 47 | $id = mysql_insert_id(); |
@@ -51,7 +51,7 @@ if (isLoggedIn()) | |||
51 | $template->add('ID', $id); | 51 | $template->add('ID', $id); |
52 | } else if ($_POST['type'] == 'instant') | 52 | } else if ($_POST['type'] == 'instant') |
53 | { | 53 | { |
54 | $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); | 54 | $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']); |
55 | 55 | ||
56 | $getpost = "SELECT * FROM updates WHERE id = " . $id; | 56 | $getpost = "SELECT * FROM updates WHERE id = " . $id; |
57 | $getpost2 = mysql_query($getpost); | 57 | $getpost2 = mysql_query($getpost); |
@@ -87,7 +87,7 @@ if (isLoggedIn()) | |||
87 | generateError(404); | 87 | generateError(404); |
88 | } | 88 | } |
89 | 89 | ||
90 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 90 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
91 | $inspending2 = mysql_query($inspending); | 91 | $inspending2 = mysql_query($inspending); |
92 | 92 | ||
93 | addTags($id, $tags, 'pending'); | 93 | addTags($id, $tags, 'pending'); |
@@ -140,7 +140,7 @@ if (isLoggedIn()) | |||
140 | $template->add('ID', $_GET['id']); | 140 | $template->add('ID', $_GET['id']); |
141 | } else if ($_POST['type'] == 'instant') | 141 | } else if ($_POST['type'] == 'instant') |
142 | { | 142 | { |
143 | $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); | 143 | $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']); |
144 | 144 | ||
145 | $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; | 145 | $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; |
146 | $deldraft2 = mysql_query($deldraft); | 146 | $deldraft2 = mysql_query($deldraft); |
@@ -179,7 +179,7 @@ if (isLoggedIn()) | |||
179 | generateError(404); | 179 | generateError(404); |
180 | } | 180 | } |
181 | 181 | ||
182 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; | 182 | $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; |
183 | $inspending2 = mysql_query($inspending); | 183 | $inspending2 = mysql_query($inspending); |
184 | 184 | ||
185 | addTags($id, $tags, 'pending'); | 185 | addTags($id, $tags, 'pending'); |
@@ -539,14 +539,14 @@ if (isLoggedIn()) | |||
539 | 539 | ||
540 | if ($getcomment3['id'] == $_GET['id']) | 540 | if ($getcomment3['id'] == $_GET['id']) |
541 | { | 541 | { |
542 | $getuser = "SELECT * FROM users WHERE username = \"" . $getcomment3['author'] . "\""; | 542 | $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomment3['author'] . "\""; |
543 | $getuser2 = mysql_query($getuser); | 543 | $getuser2 = mysql_query($getuser); |
544 | $getuser3 = mysql_fetch_array($getuser2); | 544 | $getuser3 = mysql_fetch_array($getuser2); |
545 | 545 | ||
546 | $template = new FITemplate('admin/viewComment'); | 546 | $template = new FITemplate('admin/viewComment'); |
547 | $template->add('ID', $_GET['id']); | 547 | $template->add('ID', $_GET['id']); |
548 | $template->add('USERNAME', $getcomment3['author']); | 548 | $template->add('USERNAME', $getcomment3['author']); |
549 | $template->add('CODEDEMAIL', md5(strtolower($getuser3['email']))); | 549 | $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email']))); |
550 | $template->add('TEXT', parseText($getcomment3['comment'])); | 550 | $template->add('TEXT', parseText($getcomment3['comment'])); |
551 | $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); | 551 | $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); |
552 | } else { | 552 | } else { |
@@ -601,7 +601,7 @@ if (isLoggedIn()) | |||
601 | $template = new FITemplate('admin/pollrss'); | 601 | $template = new FITemplate('admin/pollrss'); |
602 | } else if ($_GET['step'] == 2) | 602 | } else if ($_GET['step'] == 2) |
603 | { | 603 | { |
604 | $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; | 604 | $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; |
605 | $insrss2 = mysql_query($insrss); | 605 | $insrss2 = mysql_query($insrss); |
606 | 606 | ||
607 | $template = new FITemplate('admin/newPoll'); | 607 | $template = new FITemplate('admin/newPoll'); |
diff --git a/pages/login.php b/pages/login.php deleted file mode 100755 index a787729..0000000 --- a/pages/login.php +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | <?php | ||
2 | /* | ||
3 | 444444444 | ||
4 | 4::::::::4 | ||
5 | 4:::::::::4 | ||
6 | 4::::44::::4 | ||
7 | 4::::4 4::::4 Four Island | ||
8 | 4::::4 4::::4 | ||
9 | 4::::4 4::::4 Written and maintained by Starla Insigna | ||
10 | 4::::444444::::444 | ||
11 | 4::::::::::::::::4 pages/login.php | ||
12 | 4444444444:::::444 | ||
13 | 4::::4 Please do not use, reproduce or steal the | ||
14 | 4::::4 contents of this file without explicit | ||
15 | 4::::4 permission from Hatkirby. | ||
16 | 44::::::44 | ||
17 | 4::::::::4 | ||
18 | 4444444444 | ||
19 | */ | ||
20 | |||
21 | if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);} | ||
22 | |||
23 | require('headerproc.php'); | ||
24 | |||
25 | $pageCategory = 'log'; | ||
26 | |||
27 | if (!isset($_GET['submit'])) | ||
28 | { | ||
29 | $template = new FITemplate('login'); | ||
30 | $template->add('REDIRECT',$_GET['redirect']); | ||
31 | } else { | ||
32 | if (verifyUser($_POST['username'], $_POST['password'])) | ||
33 | { | ||
34 | sess_set('uname',$_POST['username']); | ||
35 | header('Location: ' . rawurldecode($_POST['redirect'])); | ||
36 | exit; | ||
37 | } else { | ||
38 | $template = new FITemplate('login'); | ||
39 | $template->add('REDIRECT',$_POST['redirect']); | ||
40 | $template->adds_block('ERROR',array('MSG' => "The username/password pair didn't resolve to a real user. Try logging on again, spelling the password right, or making sure you actually have an a account.")); | ||
41 | } | ||
42 | } | ||
43 | |||
44 | $template->display(); | ||
45 | |||
46 | ?> | ||
diff --git a/pages/logout.php b/pages/logout.php deleted file mode 100755 index 69b9386..0000000 --- a/pages/logout.php +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | <?php | ||
2 | /* | ||
3 | 444444444 | ||
4 | 4::::::::4 | ||
5 | 4:::::::::4 | ||
6 | 4::::44::::4 | ||
7 | 4::::4 4::::4 Four Island | ||
8 | 4::::4 4::::4 | ||
9 | 4::::4 4::::4 Written and maintained by Starla Insigna | ||
10 | 4::::444444::::444 | ||
11 | 4::::::::::::::::4 pages/logout.php | ||
12 | 4444444444:::::444 | ||
13 | 4::::4 Please do not use, reproduce or steal the | ||
14 | 4::::4 contents of this file without explicit | ||
15 | 4::::4 permission from Hatkirby. | ||
16 | 44::::::44 | ||
17 | 4::::::::4 | ||
18 | 4444444444 | ||
19 | */ | ||
20 | |||
21 | if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);} | ||
22 | |||
23 | require('headerproc.php'); | ||
24 | |||
25 | sess_delete('uname'); | ||
26 | header('Location: ' . rawurldecode($_GET['redirect'])); | ||
27 | |||
28 | ?> | ||
diff --git a/pages/post.php b/pages/post.php index 1b89fa4..48239cf 100755 --- a/pages/post.php +++ b/pages/post.php | |||
@@ -84,10 +84,10 @@ if (!isset($_GET['id'])) | |||
84 | } | 84 | } |
85 | } | 85 | } |
86 | } else { | 86 | } else { |
87 | $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . sess_get('uname') . "\", comment = \"" . $_POST['comment'] . "\""; | 87 | $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . getSessionUsername() . "\", comment = \"" . $_POST['comment'] . "\""; |
88 | $setcomment2 = mysql_query($setcomment); | 88 | $setcomment2 = mysql_query($setcomment); |
89 | 89 | ||
90 | mail('hatkirby@fourisland.com', 'New comment on Four Island!', sess_get('uname') . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); | 90 | mail('hatkirby@fourisland.com', 'New comment on Four Island!', getSessionUsername() . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); |
91 | 91 | ||
92 | $page_id = $_GET['id']; | 92 | $page_id = $_GET['id']; |
93 | $comType = substr($page_id,0,strpos($page_id,'-')); | 93 | $comType = substr($page_id,0,strpos($page_id,'-')); |
@@ -97,7 +97,7 @@ if (!isset($_GET['id'])) | |||
97 | recalcPop($comID); | 97 | recalcPop($comID); |
98 | } | 98 | } |
99 | 99 | ||
100 | $template->add('MSG',"Thank you, " . sess_get('uname') . ", for posting your valuable comment!"); | 100 | $template->add('MSG',"Thank you, " . getSessionUsername() . ", for posting your valuable comment!"); |
101 | } | 101 | } |
102 | } | 102 | } |
103 | } | 103 | } |
diff --git a/theme/header.tpl b/theme/header.tpl index dfe3459..8e43e31 100755 --- a/theme/header.tpl +++ b/theme/header.tpl | |||
@@ -62,7 +62,7 @@ | |||
62 | <!--BEGIN MEMBERS--> | 62 | <!--BEGIN MEMBERS--> |
63 | <LI<!--LOGACTIVE-->> | 63 | <LI<!--LOGACTIVE-->> |
64 | <IMG SRC="/theme/images/icons/door_in.png" ALT="Log<!--LOGDATA-->"> | 64 | <IMG SRC="/theme/images/icons/door_in.png" ALT="Log<!--LOGDATA-->"> |
65 | <A HREF="http://fourisland.com/log<!--LOGDATA-->.php?redirect=<!--REDIRPAGE-->">Log<!--LOGDATA--></A> | 65 | <A HREF="http://fourisland.com/fourm/ucp.php?mode=log<!--LOGDATA-->&redirect=<!--REDIRPAGE-->&sid=<!--SID-->">Log<!--LOGDATA--></A> |
66 | </LI> | 66 | </LI> |
67 | <!--END MEMBERS--> | 67 | <!--END MEMBERS--> |
68 | </UL> | 68 | </UL> |