summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rwxr-xr-xincludes/comments.php8
-rwxr-xr-xincludes/footer.php41
-rwxr-xr-xincludes/functions.php29
-rwxr-xr-xincludes/header.php5
-rwxr-xr-xincludes/session.php70
-rwxr-xr-xpages/admin.php18
-rwxr-xr-xpages/login.php46
-rwxr-xr-xpages/logout.php28
-rwxr-xr-xpages/post.php6
-rwxr-xr-xtheme/header.tpl2
10 files changed, 104 insertions, 149 deletions
diff --git a/includes/comments.php b/includes/comments.php index 15e9fc8..d405279 100755 --- a/includes/comments.php +++ b/includes/comments.php
@@ -30,7 +30,7 @@ $curID = 0;
30 30
31$template = new FITemplate('comments'); 31$template = new FITemplate('comments');
32$template->add('PAGEID',$page_id); 32$template->add('PAGEID',$page_id);
33$template->add('USERNAME',(isLoggedIn() ? sess_get('uname') : 'Anonymous')); 33$template->add('USERNAME',(isLoggedIn() ? getSessionUsername() : 'Anonymous'));
34 34
35if (!isLoggedIn()) 35if (!isLoggedIn())
36{ 36{
@@ -43,7 +43,7 @@ $getcomments2 = mysql_query($getcomments) or die($getcomments);
43$i=0; 43$i=0;
44while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) 44while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
45{ 45{
46 $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; 46 $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
47 $getuser2 = mysql_query($getuser); 47 $getuser2 = mysql_query($getuser);
48 $getuser3 = mysql_fetch_array($getuser2); 48 $getuser3 = mysql_fetch_array($getuser2);
49 49
@@ -51,7 +51,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
51 { 51 {
52 $username = $getuser3['username']; 52 $username = $getuser3['username'];
53 $email = $getuser3['user_email']; 53 $email = $getuser3['user_email'];
54 $website = $getuser3['website']; 54 $website = $getuser3['user_website'];
55 } else { 55 } else {
56 $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; 56 $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
57 $getanon2 = mysql_query($getanon); 57 $getanon2 = mysql_query($getanon);
@@ -68,7 +68,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
68 if (isset($username)) 68 if (isset($username))
69 { 69 {
70 $template->add_ref($curID, 'COMMENTS', array( 'CODEDEMAIL' => md5(strtolower($email)), 70 $template->add_ref($curID, 'COMMENTS', array( 'CODEDEMAIL' => md5(strtolower($email)),
71 'USERNAME' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username), 71 'USERNAME' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username),
72 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])), 72 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])),
73 'ID' => $getcomments3[$i]['id'], 73 'ID' => $getcomments3[$i]['id'],
74 'TEXT' => parseText($getcomments3[$i]['comment']))); 74 'TEXT' => parseText($getcomments3[$i]['comment'])));
diff --git a/includes/footer.php b/includes/footer.php index dadb6f5..0a93ae9 100755 --- a/includes/footer.php +++ b/includes/footer.php
@@ -93,14 +93,14 @@ if (!isset($noRightbar))
93 $i=0; 93 $i=0;
94 while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) 94 while ($getcomments3[$i] = mysql_fetch_array($getcomments2))
95 { 95 {
96 $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; 96 $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
97 $getuser2 = mysql_query($getuser); 97 $getuser2 = mysql_query($getuser);
98 $getuser3 = mysql_fetch_array($getuser2); 98 $getuser3 = mysql_fetch_array($getuser2);
99 99
100 if ($getuser3['username'] == $getcomments3[$i]['username']) 100 if ($getuser3['username'] == $getcomments3[$i]['username'])
101 { 101 {
102 $username = $getuser3['username']; 102 $username = $getuser3['username'];
103 $website = $getuser3['website']; 103 $website = $getuser3['user_website'];
104 } else { 104 } else {
105 $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; 105 $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\"";
106 $getanon2 = mysql_query($getanon); 106 $getanon2 = mysql_query($getanon);
@@ -125,7 +125,7 @@ if (!isset($noRightbar))
125 'CODED' => $getpost3['slug'], 125 'CODED' => $getpost3['slug'],
126 'ENDING' => '/', 126 'ENDING' => '/',
127 'TITLE' => stripslashes($getpost3['title']), 127 'TITLE' => stripslashes($getpost3['title']),
128 'AUTHOR' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username))); 128 'AUTHOR' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username)));
129 $i++; 129 $i++;
130 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) 130 } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE)
131 { 131 {
@@ -136,11 +136,12 @@ if (!isset($noRightbar))
136 'CODED' => $num, 136 'CODED' => $num,
137 'ENDING' => '.php', 137 'ENDING' => '.php',
138 'TITLE' => 'Quote #' . $num, 138 'TITLE' => 'Quote #' . $num,
139 'AUTHOR' => (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username))); 139 'AUTHOR' => (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username)));
140 $i++; 140 $i++;
141 } 141 }
142 } 142 }
143 143
144 $users = array();
144 $getusers = "SELECT DISTINCT username FROM comments"; 145 $getusers = "SELECT DISTINCT username FROM comments";
145 $getusers2 = mysql_query($getusers); 146 $getusers2 = mysql_query($getusers);
146 $i=0; 147 $i=0;
@@ -150,14 +151,14 @@ if (!isset($noRightbar))
150 $getcount2 = mysql_query($getcount); 151 $getcount2 = mysql_query($getcount);
151 $getcount3 = mysql_fetch_array($getcount2); 152 $getcount3 = mysql_fetch_array($getcount2);
152 153
153 $getuser = "SELECT * FROM users WHERE username = \"" . $getusers3[$i]['username'] . "\""; 154 $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getusers3[$i]['username'] . "\"";
154 $getuser2 = mysql_query($getuser); 155 $getuser2 = mysql_query($getuser);
155 $getuser3 = mysql_fetch_array($getuser2); 156 $getuser3 = mysql_fetch_array($getuser2);
156 157
157 if ($getuser3['username'] == $getusers3[$i]['username']) 158 if ($getuser3['username'] == $getusers3[$i]['username'])
158 { 159 {
159 $username = $getuser3['username']; 160 $username = $getuser3['username'];
160 $website = $getuser3['website']; 161 $website = $getuser3['user_website'];
161 } else { 162 } else {
162 $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getusers3[$i]['username'] . "\""; 163 $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getusers3[$i]['username'] . "\"";
163 $getanon2 = mysql_query($getanon); 164 $getanon2 = mysql_query($getanon);
@@ -170,23 +171,39 @@ if (!isset($noRightbar))
170 } 171 }
171 } 172 }
172 173
173 $name = (($website != '') ? '<A HREF="http://' . $website . '">' . $username . '</A>' : $username); 174 $name = (($website != '') ? '<A HREF="' . $website . '">' . $username . '</A>' : $username);
174 $users[$name] = $getcount3[0]; 175 $users[] = array('name' => $name, 'count' => $getcount3['COUNT(*)']);
175 176
176 $i++; 177 $i++;
177 } 178 }
178 179
179 arsort($users); 180 function count_sort($a, $b)
181 {
182 $a = $a['count'];
183 $b = $b['count'];
184
185 if ($a > $b)
186 {
187 return -1;
188 } else if ($a < $b)
189 {
190 return 1;
191 } else {
192 return 0;
193 }
194 }
195
196 usort($users, 'count_sort');
180 $i=0; 197 $i=0;
181 foreach ($users as $name => $count) 198 foreach ($users as $value)
182 { 199 {
183 if ($i == 5) 200 if ($i == 5)
184 { 201 {
185 break; 202 break;
186 } 203 }
187 204
188 $template->adds_block('TOP', array( 'USERNAME' => $name, 205 $template->adds_block('TOP', array( 'USERNAME' => $value['name'],
189 'COUNT' => $count)); 206 'COUNT' => $value['count']));
190 $i++; 207 $i++;
191 } 208 }
192 209
diff --git a/includes/functions.php b/includes/functions.php index 7c06077..16de184 100755 --- a/includes/functions.php +++ b/includes/functions.php
@@ -22,24 +22,6 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
22 22
23require('headerproc.php'); 23require('headerproc.php');
24 24
25function isLoggedIn()
26{
27 return sess_exists('uname');
28}
29
30function getUserlevel()
31{
32 if (isLoggedIn())
33 {
34 $getuser = "SELECT * FROM users WHERE username = \"" . sess_get('uname') . "\"";
35 $getuser2 = mysql_query($getuser);
36 $getuser3 = mysql_fetch_array($getuser2);
37 return $getuser3['user_group'];
38 } else {
39 return 4;
40 }
41}
42
43function countRows($table, $extra = '') 25function countRows($table, $extra = '')
44{ 26{
45 $cntrows = "SELECT * FROM " . $table . " " . $extra; 27 $cntrows = "SELECT * FROM " . $table . " " . $extra;
@@ -62,7 +44,8 @@ function generateError($error)
62 44
63function echoLogData() 45function echoLogData()
64{ 46{
65 if (!isLoggedIn()) { 47 if (!isLoggedIn())
48 {
66 return('in'); 49 return('in');
67 } else { 50 } else {
68 return('out'); 51 return('out');
@@ -212,14 +195,6 @@ function updatePop($id, $area, $plus=1)
212 } 195 }
213} 196}
214 197
215function verifyUser($username, $password)
216{
217 $getuser = 'SELECT * FROM users WHERE username = "' . $username . '" AND user_password = "' . md5($password) . '"';
218 $getuser2 = mysql_query($getuser);
219 $getuser3 = mysql_fetch_array($getuser2);
220 return (($_POST['username'] != '') && ($getuser3['username'] == $_POST['username']));
221}
222
223function getTags($id, $type = 'published') 198function getTags($id, $type = 'published')
224{ 199{
225 $gettags = "SELECT * FROM tags WHERE post_id = " . $id . " AND post_type = \"" . $type . "\""; 200 $gettags = "SELECT * FROM tags WHERE post_id = " . $id . " AND post_type = \"" . $type . "\"";
diff --git a/includes/header.php b/includes/header.php index c2cbbc2..4460d0a 100755 --- a/includes/header.php +++ b/includes/header.php
@@ -38,8 +38,6 @@ $headerTemp->add('HEADTAGS',isset($headtags) ? $headtags : '');
38$headerTemp->add('EXTRATITLE',isset($title) ? ($title . ' - ') : ''); 38$headerTemp->add('EXTRATITLE',isset($title) ? ($title . ' - ') : '');
39$headerTemp->add('PAGEID',(isset($pageID)) ? $pageID : 'none'); 39$headerTemp->add('PAGEID',(isset($pageID)) ? $pageID : 'none');
40$headerTemp->add(strtoupper($pageCategory) . 'ACTIVE', ' CLASS="active"'); 40$headerTemp->add(strtoupper($pageCategory) . 'ACTIVE', ' CLASS="active"');
41$headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI']));
42$headerTemp->add('LOGDATA',echoLogData());
43 41
44if (isset($_POST['message'])) 42if (isset($_POST['message']))
45{ 43{
@@ -48,6 +46,9 @@ if (isset($_POST['message']))
48 46
49if (($pageCategory != 'fourm') && ($pageCategory != 'wiki')) 47if (($pageCategory != 'fourm') && ($pageCategory != 'wiki'))
50{ 48{
49 $headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI']));
50 $headerTemp->add('LOGDATA',echoLogData());
51 $headerTemp->add('SID',getSessionID());
51 $headerTemp->adds_block('MEMBERS',array('exi' => 1)); 52 $headerTemp->adds_block('MEMBERS',array('exi' => 1));
52} 53}
53 54
diff --git a/includes/session.php b/includes/session.php index ff47e12..a4a7604 100755 --- a/includes/session.php +++ b/includes/session.php
@@ -24,38 +24,74 @@ require('headerproc.php');
24 24
25session_start(); 25session_start();
26 26
27function sess_exists($name) 27function getSessionID()
28{ 28{
29 return(isset($_SESSION[$name])); 29 $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\"";
30} 30 $getconfig2 = mysql_query($getconfig);
31 $getconfig3 = mysql_fetch_array($getconfig2);
31 32
32function sess_set($name,$value) 33 if (isset($_COOKIE[$getconfig3['config_value'] . '_sid']))
33{ 34 {
34 $_SESSION[$name] = $value; 35 return $_COOKIE[$getconfig3['config_value'] . '_sid'];
36 }
37
38 return false;
35} 39}
36 40
37function sess_get($name) 41function getSessionUsername()
38{ 42{
39 return $_SESSION[$name]; 43 $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\"";
40} 44 $getconfig2 = mysql_query($getconfig);
45 $getconfig3 = mysql_fetch_array($getconfig2);
46
47 if (isset($_COOKIE[$getconfig3['config_value'] . '_sid']))
48 {
49 $getsession = "SELECT * FROM phpbb_sessions AS s, phpbb_users AS u WHERE s.session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\" AND u.user_id = s.session_user_id";
50 $getsession2 = mysql_query($getsession) or die($getsession);
51 $getsession3 = mysql_fetch_array($getsession2);
41 52
53 return $getsession3['username'];
54 }
55
56 return false;
57}
42 58
43function sess_getifset($name) 59function isLoggedIn()
44{ 60{
45 if (sess_exists($name)) 61 $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\"";
62 $getconfig2 = mysql_query($getconfig);
63 $getconfig3 = mysql_fetch_array($getconfig2);
64
65 if (isset($_COOKIE[$getconfig3['config_value'] . '_sid']))
46 { 66 {
47 return sess_get($name); 67 $getsession = "SELECT * FROM phpbb_sessions WHERE session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\"";
48 } else { 68 $getsession2 = mysql_query($getsession);
49 return false; 69 $getsession3 = mysql_fetch_array($getsession2);
70
71 if ($getsession3['session_user_id'] != '1')
72 {
73 return true;
74 }
50 } 75 }
76
77 return false;
51} 78}
52 79
53function sess_delete($name) 80function isAdmin()
54{ 81{
55 if (sess_exists($name)) 82 if (isLoggedIn())
56 { 83 {
57 unset($_SESSION[$name]); 84 $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2";
85 $getgroup2 = mysql_query($getgroup);
86 $getgroup3 = mysql_fetch_array($getgroup2);
87
88 if ($getgroup3['COUNT(*)'] == '1')
89 {
90 return true;
91 }
58 } 92 }
93
94 return false;
59} 95}
60 96
61?> 97?>
diff --git a/pages/admin.php b/pages/admin.php index a3b1783..60bc73d 100755 --- a/pages/admin.php +++ b/pages/admin.php
@@ -26,7 +26,7 @@ $pageCategory = 'panel';
26 26
27if (isLoggedIn()) 27if (isLoggedIn())
28{ 28{
29 if (getUserlevel() == 1) 29 if (isAdmin())
30 { 30 {
31 if (!isset($_GET['page'])) 31 if (!isset($_GET['page']))
32 { 32 {
@@ -41,7 +41,7 @@ if (isLoggedIn())
41 41
42 if ($_POST['type'] == 'draft') 42 if ($_POST['type'] == 'draft')
43 { 43 {
44 $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 44 $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
45 $insdraft2 = mysql_query($insdraft); 45 $insdraft2 = mysql_query($insdraft);
46 46
47 $id = mysql_insert_id(); 47 $id = mysql_insert_id();
@@ -51,7 +51,7 @@ if (isLoggedIn())
51 $template->add('ID', $id); 51 $template->add('ID', $id);
52 } else if ($_POST['type'] == 'instant') 52 } else if ($_POST['type'] == 'instant')
53 { 53 {
54 $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); 54 $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
55 55
56 $getpost = "SELECT * FROM updates WHERE id = " . $id; 56 $getpost = "SELECT * FROM updates WHERE id = " . $id;
57 $getpost2 = mysql_query($getpost); 57 $getpost2 = mysql_query($getpost);
@@ -87,7 +87,7 @@ if (isLoggedIn())
87 generateError(404); 87 generateError(404);
88 } 88 }
89 89
90 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 90 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
91 $inspending2 = mysql_query($inspending); 91 $inspending2 = mysql_query($inspending);
92 92
93 addTags($id, $tags, 'pending'); 93 addTags($id, $tags, 'pending');
@@ -140,7 +140,7 @@ if (isLoggedIn())
140 $template->add('ID', $_GET['id']); 140 $template->add('ID', $_GET['id']);
141 } else if ($_POST['type'] == 'instant') 141 } else if ($_POST['type'] == 'instant')
142 { 142 {
143 $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); 143 $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
144 144
145 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; 145 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id'];
146 $deldraft2 = mysql_query($deldraft); 146 $deldraft2 = mysql_query($deldraft);
@@ -179,7 +179,7 @@ if (isLoggedIn())
179 generateError(404); 179 generateError(404);
180 } 180 }
181 181
182 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 182 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
183 $inspending2 = mysql_query($inspending); 183 $inspending2 = mysql_query($inspending);
184 184
185 addTags($id, $tags, 'pending'); 185 addTags($id, $tags, 'pending');
@@ -539,14 +539,14 @@ if (isLoggedIn())
539 539
540 if ($getcomment3['id'] == $_GET['id']) 540 if ($getcomment3['id'] == $_GET['id'])
541 { 541 {
542 $getuser = "SELECT * FROM users WHERE username = \"" . $getcomment3['author'] . "\""; 542 $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomment3['author'] . "\"";
543 $getuser2 = mysql_query($getuser); 543 $getuser2 = mysql_query($getuser);
544 $getuser3 = mysql_fetch_array($getuser2); 544 $getuser3 = mysql_fetch_array($getuser2);
545 545
546 $template = new FITemplate('admin/viewComment'); 546 $template = new FITemplate('admin/viewComment');
547 $template->add('ID', $_GET['id']); 547 $template->add('ID', $_GET['id']);
548 $template->add('USERNAME', $getcomment3['author']); 548 $template->add('USERNAME', $getcomment3['author']);
549 $template->add('CODEDEMAIL', md5(strtolower($getuser3['email']))); 549 $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email'])));
550 $template->add('TEXT', parseText($getcomment3['comment'])); 550 $template->add('TEXT', parseText($getcomment3['comment']));
551 $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); 551 $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate'])));
552 } else { 552 } else {
@@ -601,7 +601,7 @@ if (isLoggedIn())
601 $template = new FITemplate('admin/pollrss'); 601 $template = new FITemplate('admin/pollrss');
602 } else if ($_GET['step'] == 2) 602 } else if ($_GET['step'] == 2)
603 { 603 {
604 $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; 604 $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
605 $insrss2 = mysql_query($insrss); 605 $insrss2 = mysql_query($insrss);
606 606
607 $template = new FITemplate('admin/newPoll'); 607 $template = new FITemplate('admin/newPoll');
diff --git a/pages/login.php b/pages/login.php deleted file mode 100755 index a787729..0000000 --- a/pages/login.php +++ /dev/null
@@ -1,46 +0,0 @@
1<?php
2/*
3 444444444
4 4::::::::4
5 4:::::::::4
6 4::::44::::4
7 4::::4 4::::4 Four Island
8 4::::4 4::::4
9 4::::4 4::::4 Written and maintained by Starla Insigna
104::::444444::::444
114::::::::::::::::4 pages/login.php
124444444444:::::444
13 4::::4 Please do not use, reproduce or steal the
14 4::::4 contents of this file without explicit
15 4::::4 permission from Hatkirby.
16 44::::::44
17 4::::::::4
18 4444444444
19*/
20
21if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
22
23require('headerproc.php');
24
25$pageCategory = 'log';
26
27if (!isset($_GET['submit']))
28{
29 $template = new FITemplate('login');
30 $template->add('REDIRECT',$_GET['redirect']);
31} else {
32 if (verifyUser($_POST['username'], $_POST['password']))
33 {
34 sess_set('uname',$_POST['username']);
35 header('Location: ' . rawurldecode($_POST['redirect']));
36 exit;
37 } else {
38 $template = new FITemplate('login');
39 $template->add('REDIRECT',$_POST['redirect']);
40 $template->adds_block('ERROR',array('MSG' => "The username/password pair didn't resolve to a real user. Try logging on again, spelling the password right, or making sure you actually have an a account."));
41 }
42}
43
44$template->display();
45
46?>
diff --git a/pages/logout.php b/pages/logout.php deleted file mode 100755 index 69b9386..0000000 --- a/pages/logout.php +++ /dev/null
@@ -1,28 +0,0 @@
1<?php
2/*
3 444444444
4 4::::::::4
5 4:::::::::4
6 4::::44::::4
7 4::::4 4::::4 Four Island
8 4::::4 4::::4
9 4::::4 4::::4 Written and maintained by Starla Insigna
104::::444444::::444
114::::::::::::::::4 pages/logout.php
124444444444:::::444
13 4::::4 Please do not use, reproduce or steal the
14 4::::4 contents of this file without explicit
15 4::::4 permission from Hatkirby.
16 44::::::44
17 4::::::::4
18 4444444444
19*/
20
21if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
22
23require('headerproc.php');
24
25sess_delete('uname');
26header('Location: ' . rawurldecode($_GET['redirect']));
27
28?>
diff --git a/pages/post.php b/pages/post.php index 1b89fa4..48239cf 100755 --- a/pages/post.php +++ b/pages/post.php
@@ -84,10 +84,10 @@ if (!isset($_GET['id']))
84 } 84 }
85 } 85 }
86 } else { 86 } else {
87 $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . sess_get('uname') . "\", comment = \"" . $_POST['comment'] . "\""; 87 $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . getSessionUsername() . "\", comment = \"" . $_POST['comment'] . "\"";
88 $setcomment2 = mysql_query($setcomment); 88 $setcomment2 = mysql_query($setcomment);
89 89
90 mail('hatkirby@fourisland.com', 'New comment on Four Island!', sess_get('uname') . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); 90 mail('hatkirby@fourisland.com', 'New comment on Four Island!', getSessionUsername() . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']);
91 91
92 $page_id = $_GET['id']; 92 $page_id = $_GET['id'];
93 $comType = substr($page_id,0,strpos($page_id,'-')); 93 $comType = substr($page_id,0,strpos($page_id,'-'));
@@ -97,7 +97,7 @@ if (!isset($_GET['id']))
97 recalcPop($comID); 97 recalcPop($comID);
98 } 98 }
99 99
100 $template->add('MSG',"Thank you, " . sess_get('uname') . ", for posting your valuable comment!"); 100 $template->add('MSG',"Thank you, " . getSessionUsername() . ", for posting your valuable comment!");
101 } 101 }
102 } 102 }
103} 103}
diff --git a/theme/header.tpl b/theme/header.tpl index dfe3459..8e43e31 100755 --- a/theme/header.tpl +++ b/theme/header.tpl
@@ -62,7 +62,7 @@
62 <!--BEGIN MEMBERS--> 62 <!--BEGIN MEMBERS-->
63 <LI<!--LOGACTIVE-->> 63 <LI<!--LOGACTIVE-->>
64 <IMG SRC="/theme/images/icons/door_in.png" ALT="Log<!--LOGDATA-->"> 64 <IMG SRC="/theme/images/icons/door_in.png" ALT="Log<!--LOGDATA-->">
65 <A HREF="http://fourisland.com/log<!--LOGDATA-->.php?redirect=<!--REDIRPAGE-->">Log<!--LOGDATA--></A> 65 <A HREF="http://fourisland.com/fourm/ucp.php?mode=log<!--LOGDATA-->&amp;redirect=<!--REDIRPAGE-->&amp;sid=<!--SID-->">Log<!--LOGDATA--></A>
66 </LI> 66 </LI>
67 <!--END MEMBERS--> 67 <!--END MEMBERS-->
68 </UL> 68 </UL>