1 files changed, 130 insertions, 131 deletions
diff --git a/pages/quotes.php b/pages/quotes.php
index 6db3cb0..4e0332f 100755
--- a/pages/quotes.php
+++ b/pages/quotes.php

@@ -24,70 +24,92 @@ require('headerproc.php');
 $pageCategory = 'quotes';
-if (isset($_GET['id']))
+$hatNav = array(        array(  'title' => 'Latest',
+                                                        'url' => 'http://fourisland.com/quotes/latest.php',
+                                                        'icon' => '16-star-hot'
+                                        ),
+                                        array(  'title' => 'Best',
+                                                        'url' => 'http://fourisland.com/quotes/top.php',
+                                                        'icon' => 'medal_gold_1'
+                                        ),
+                                        array(  'title' => 'Worst',
+                                                        'url' => 'http://fourisland.com/quotes/bottom.php',
+                                                        'icon' => '16-message-warn'
+                                        ),
+                                        array(  'title' => 'Browse All',
+                                                        'url' => 'http://fourisland.com/quotes/browse.php',
+                                                        'icon' => '16-file-archive'
+                                        ),
+                                        array(  'title' => 'Random',
+                                                        'url' => 'http://fourisland.com/quotes/random.php',
+                                                        'icon' => '16-clock'
+                                        ),
+                                        array(  'title' => 'Add',
+                                                        'url' => 'http://fourisland.com/quotes/add.php',
+                                                        'icon' => '16-em-pencil'
+                                        ),
+                                        array(  'title' => 'Search',
+                                                        'url' => 'http://fourisland.com/quotes/search.php',
+                                                        'icon' => 'book_open'
+                                        ));
+if (isset($_GET['id']) && is_numeric($_GET['id']))
 {
        $quote_num = $_GET['id'];
 }
-if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest'))
+if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
+{
+        generateError('404');
+} else if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest'))
 {
-        $query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY id DESC LIMIT 50";
+        $query = "SELECT * FROM rash_quotes ORDER BY id DESC LIMIT 50";
        quote_generation($query, "Latest", -1);
 } else if ($_GET['act'] == 'add')
 {
        $template = new FITemplate('quotes/add');
        if (isset($_GET['submit']))
        {
-                $template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n")));
+                $template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities($_POST['rash_quote']))));
                if (!isLoggedIn())
                {
                        $insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
                } else {
-                        $today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y'));
+                        $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")";
-                        $insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")";
                }
                $insquote2 = mysql_query($insquote);
        }
        $template->display();
 } elseif ($_GET['act'] == 'bottom')
 {
-        $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating < 0 ORDER BY rating ASC LIMIT 50";
+        $query = "SELECT * FROM rash_quotes WHERE rating < 0 ORDER BY rating ASC LIMIT 50";
        quote_generation($query, "Bottom", -1);
 } elseif ($_GET['act'] == 'browse')
 {
-        $query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY id ASC ";
+        $query = "SELECT * FROM rash_quotes ORDER BY id ASC ";
        quote_generation($query, "Browse", (isset($_GET['page']) ? $_GET['page'] : 1), 10, 5);
 } elseif ($_GET['act'] == 'flag')
 {
-        $template = new FITemplate('msg');
+        $getfla = "SELECT * FROM rash_quotes WHERE id = " . $quote_num . " LIMIT 0,1";
-        $tracking_verdict = user_quote_status('flag', $quote_num, $template);
+        $getfla2 = mysql_query($getfla);
-        if ($tracking_verdict < 3)
+        $getfla3 = mysql_fetch_array($getfla2);
+        if ($getfla3['flag'] == 2)
        {
-                $getfla = "SELECT flag FROM rash_quotes WHERE id = " . $quote_num . " LIMIT 0,1";
+                die('0');
-                $getfla2 = mysql_query($getfla);
+        } else {
-                $getfla3 = mysql_fetch_array($getfla2);
+                $setfla = "UPDATE rash_quotes SET flag = 1 WHERE id = " . $quote_num;
+                $setfla2 = mysql_query($setfla);
-                if ($getfla3['flag'] == 2)
+                die('1');
-                {
-                        $template->add('MSG',"This quote has been flagged and rechecked by a moderator already.");
-                } elseif ($getfla3['flag'] == 1)
-                {
-                        $template->add('MSG',"This quote is currently pending deletion.");
-                } else {
-                        $template->add('MSG',"You have marked this quote for deletion.");
-                        $setfla = "UPDATE rash_quotes SET flag = 1 WHERE id = " . $quote_num;
-                        $setfla2 = mysql_query($setfla);
-                }
        }
-        $template->add('BACK','Quote #' . $quote_num);
-        $template->display();
 } elseif ($_GET['act'] == 'random')
 {
-        $query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY rand() LIMIT 50";
+        $query = "SELECT * FROM rash_quotes ORDER BY rand() LIMIT 50";
        quote_generation($query, "Random", -1);
 } elseif ($_GET['act'] == 'random2')
 {
-        $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating > 1 ORDER BY rand() LIMIT 50";
+        $query = "SELECT * FROM rash_quotes WHERE rating > 1 ORDER BY rand() LIMIT 50";
        quote_generation($query, "Random2", -1);
 } elseif ($_GET['act'] == 'search')
 {
@@ -99,22 +121,24 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest'))
                } else {
                        $how = 'asc';
                }
-                $getquotes = "SELECT id, quote, rating, flag FROM rash_quotes WHERE quote LIKE \"%" . $_POST['search'] . "%\" ORDER BY " . $_POST['sortby'] . " " . $how . " LIMIT 0," . $_POST['number'];
+                $getquotes = "SELECT * FROM rash_quotes WHERE quote LIKE \"%" . $_POST['search'] . "%\" ORDER BY " . $_POST['sortby'] . " " . $how . " LIMIT 0," . $_POST['number'];
                quote_generation($getquotes, "Query Results", -1);
        }
        $template = new FITemplate('quotes/search');
        $template->display();
 } elseif ($_GET['act'] == 'top')
 {
-        $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating > 0 ORDER BY rating DESC LIMIT 50";
+        $query = "SELECT * FROM rash_quotes WHERE rating > 0 ORDER BY rating DESC LIMIT 50";
        quote_generation($query, "Top", -1);
 } elseif ($_GET['act'] == 'vote')
 {
-        $template = new FITemplate('msg');
+        $gettrack = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
-        $tracking_verdict = user_quote_status('vote', $quote_num,$template);
+        $gettrack2 = mysql_query($gettrack);
-        $template->add('BACK','Quote #' . $quote_num);
+        $gettrack3 = mysql_fetch_array($gettrack2);
-        $template->display();
-        if ($tracking_verdict < 3)
+        $trackArr = explode(',',$gettrack3['vote']);
+        if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($quote_num,$trackArr) === FALSE))
        {
                if ($_GET['dir'] == "plus")
                {
@@ -125,18 +149,32 @@ if ((!isset($_GET['act'])) || ($_GET['act'] == 'latest'))
                        $setquote = "UPDATE rash_quotes SET rating = rating-1 WHERE id = " . $quote_num;
                        $setquote2 = mysql_query($setquote);
                }
-        }
-} else {
-        if ((is_int($_GET['act']) || ($_GET['act'] != false)) && (verify_int($_GET['act'])))
-        {
-                $query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE id = " . $_GET['act'];
-                quote_generation($query, "#" . $_GET['act'], -1);
-                $page_id = 'quote-' . $_GET['act'];
+                if ($gettrack3['ip'] == $_SERVER['REMOTE_ADDR'])
-                include('includes/comments.php');
+                {
+                        $settrack = "UPDATE rash_tracking SET vote = \"" . $gettrack3['vote'] . "," . $quote_num . "\" WHERE id = " . $gettrack3['id'];
+                } else {
+                        $settrack = "INSERT INTO tracking (ip,vote) VALUES (\"" . $_SERVER['REMOTE_ADDR'] . "\",\"" . $quote_num . "\")";
+                }
+                $settrack2 = mysql_query($settrack) or die($settrack);
+                $getquote = "SELECT * FROM rash_quotes WHERE id = " . $quote_num;
+                $getquote2 = mysql_query($getquote);
+                $getquote3 = mysql_fetch_array($getquote2);
+                die($getquote3['rating']);
        } else {
-                generateError('404');
+                die;
        }
+} else if (is_numeric($_GET['act']))
+{
+        $query = "SELECT * FROM rash_quotes WHERE id = " . $_GET['act'];
+        quote_generation($query, "#" . $_GET['act'], -1);
+        $page_id = 'quote-' . $_GET['act'];
+        include('includes/comments.php');
+} else {
+        generateError('404');
 }
 function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_limit = 10)
@@ -152,13 +190,56 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
        }
        $template->add('ORIGIN',$origin);
+        $gettrack = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
+        $gettrack2 = mysql_query($gettrack);
+        $gettrack3 = mysql_fetch_array($gettrack2);
+        $trackArr = explode(',',$gettrack3['vote']);
        $getquotes2 = mysql_query($query);
        $i=0;
        while ($getquotes3[$i] = mysql_fetch_array($getquotes2))
        {
-                $template->adds_block('QUOTES',array(   'NUMBER' => $getquotes3[$i]['id'],
+                if (!isset($curID))
-                                                        'RATING' => $getquotes3[$i]['rating'],
+                {
-                                                        'QUOTE' => parseSmilies(str_replace("\n","<BR>",stripslashes($getquotes3[$i]['quote'])))));
+                        $curID = 0;
+                } else {
+                        $curID++;
+                }
+                $cntcomments = "SELECT COUNT(*) FROM comments WHERE page_id = \"quote-" . $getquotes3[$i]['id'] . "\"";
+                $cntcomments2 = mysql_query($cntcomments);
+                $cntcomments3 = mysql_fetch_array($cntcomments2);
+                if ($cntcomments3['COUNT(*)'] == 0)
+                {
+                        $comments = '';
+                } else if ($cntcomments3['COUNT(*)'] == 1)
+                {
+                        $comments = '1 Comment';
+                } else {
+                        $comments = $cntcomments3['COUNT(*)'] . ' Comments';
+                }
+                $template->add_ref($curID,'QUOTES',array(       'NUMBER' => $getquotes3[$i]['id'],
+                                                                'RATING' => $getquotes3[$i]['rating'],
+                                                                'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
+                                                                'QUOTE' => str_replace("\n","<br />",htmlentities(stripslashes($getquotes3[$i]['quote']))),
+                                                                'COMMENTS' => $comments));
+                if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) || (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))
+                {
+                        $template->adds_ref_sub($curID, 'CANVOTE', array('exi'=>1));
+                } else {
+                        $template->adds_ref_sub($curID, 'NOVOTE', array('exi'=>1));
+                }
+                if ($getquotes3[$i]['flag'] == 0)
+                {
+                        $template->adds_ref_sub($curID, 'CANFLAG', array('exi'=>1));
+                } else {
+                        $template->adds_ref_sub($curID, 'NOFLAG', array('exi'=>1));
+                }
                
                $i++;
        }
@@ -170,7 +251,7 @@ function page_numbers($template, $origin, $quote_limit, $page_default, $page_lim
 {
        $numrows = countRows('rash_quotes');
        $testrows = $numrows;
-        $pagenum = (($testrows + 1) / ($quote_limit > 0 ? $quote_limit : 1));
+        $pagenum = floor(($testrows + 1) / ($quote_limit > 0 ? $quote_limit : 1));
        if (($page_limit % 2))
        {
@@ -227,86 +308,4 @@ function page_numbers($template, $origin, $quote_limit, $page_default, $page_lim
        $template->add('LASTPAGE',$pagenum);
 }
-function user_quote_status($where, $quote_num, $template)
-{
-        $tracking_verdict = ip_track($where, $quote_num);
-        if ($where != 'flag')
-        {
-                switch ($tracking_verdict)
-                {
-                        case 1:
-                                $template->add('TRACKING',"Quote has been modified, and data of your action has been recorded in the database.");
-                                break;
-                        case 2:
-                                $template->add('TRACKING',"Quote has been modified, your IP has been logged, and data of your action has been recorded in the database.");
-                                break;
-                        case 3:
-                                $template->add('TRACKING',"You have already voted on this quote, please try again later.");
-                                break;
-                }
-        }
-        return $tracking_verdict;
-}
-function ip_track($where, $quote_num)
-{
-        switch ($where)
-        {
-                case 'flag':
-                        $where2 = 'vote';
-                        break;
-                case 'vote':
-                        $where2 = 'flag';
-                        break;
-        }
-        
-        $getip = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
-        $getip2 = mysql_query($getip);
-        $getip3 = mysql_fetch_array($getip2);
-        if ($getip3['ip'] == $_SERVER['REMOTE_ADDR'])
-        {
-                $quote_array = explode(",", $getip3['quote_id']);
-                $quote_place = array_search($quote_num, $quote_array);
-                if (in_array($quote_num, $quote_array))
-                {
-                        $where_result = explode(",", $getip3[$where]);
-                        if (!isset($where_result[$quote_place]))
-                        {
-                                $where_result[$quote_place] = 1;
-                                $where_result = implode(",", $where_result);
-                                $setip = "UPDATE rash_tracking SET " . $where . " = \"" . $where_result . "\" WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
-                                $setip2 = mysql_query($getip);
-                                return 1;
-                        } else {
-                                return 3;
-                        }
-                } else {
-                        $setip = "UPDATE rash_tracking SET " . $where . " = CONCAT(" . $where . ",\",1\"), " . $where2 . " = CONCAT(" . $where2 . ",\",0\"), quote_id = CONCAT(quote_id,\"," . $quote_num . "\") WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
-                        $setip2 = mysql_query($setip);
-                        return 1;
-                }
-        } else {
-                $insip = "INSERT INTO rash_tracking (ip, quote_id, " . $where . ", " . $where2 . ") VALUES (\"" . $_SERVER['REMOTE_ADDR'] . "\", \"" . $quote_num . "\", 1, 0)";
-                $insip2 = mysql_query($insip);
-                return 2;
-        }
-}
-function verify_int($subject)
-{
-        $ymax = strlen($subject);
-        $y = 0;
-        while($y < $ymax)
-        {
-                if ((is_int((int)($subject{$y})) && (int)($subject{$y})) || (int)($subject{$y}) === 0 )
-                {
-                        $y++;
-                } else {
-                        return false;
-                }
-        }
-        return true;
-}
 ?>

diff --git a/pages/quotes.php b/pages/quotes.php index 6db3cb0..4e0332f 100755 --- a/pages/quotes.php +++ b/pages/quotes.php
@@ -24,70 +24,92 @@ require('headerproc.php');
24		24
25	$pageCategory = 'quotes';	25	$pageCategory = 'quotes';
26		26
27	if (isset($_GET['id']))	27	$hatNav = array( array( 'title' => 'Latest',
		28	'url' => 'http://fourisland.com/quotes/latest.php',
		29	'icon' => '16-star-hot'
		30	),
		31	array( 'title' => 'Best',
		32	'url' => 'http://fourisland.com/quotes/top.php',
		33	'icon' => 'medal_gold_1'
		34	),
		35	array( 'title' => 'Worst',
		36	'url' => 'http://fourisland.com/quotes/bottom.php',
		37	'icon' => '16-message-warn'
		38	),
		39	array( 'title' => 'Browse All',
		40	'url' => 'http://fourisland.com/quotes/browse.php',
		41	'icon' => '16-file-archive'
		42	),
		43	array( 'title' => 'Random',
		44	'url' => 'http://fourisland.com/quotes/random.php',
		45	'icon' => '16-clock'
		46	),
		47	array( 'title' => 'Add',
		48	'url' => 'http://fourisland.com/quotes/add.php',
		49	'icon' => '16-em-pencil'
		50	),
		51	array( 'title' => 'Search',
		52	'url' => 'http://fourisland.com/quotes/search.php',
		53	'icon' => 'book_open'
		54	));
		55
		56	if (isset($_GET['id']) && is_numeric($_GET['id']))
28	{	57	{
29	$quote_num = $_GET['id'];	58	$quote_num = $_GET['id'];
30	}	59	}
31		60
32	if ((!isset($_GET['act'])) \|\| ($_GET['act'] == 'latest'))	61	if (isset($_GET['id']) && !(is_numeric($_GET['id'])))
		62	{
		63	generateError('404');
		64	} else if ((!isset($_GET['act'])) \|\| ($_GET['act'] == 'latest'))
33	{	65	{
34	$query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY id DESC LIMIT 50";	66	$query = "SELECT * FROM rash_quotes ORDER BY id DESC LIMIT 50";
35	quote_generation($query, "Latest", -1);	67	quote_generation($query, "Latest", -1);
36	} else if ($_GET['act'] == 'add')	68	} else if ($_GET['act'] == 'add')
37	{	69	{
38	$template = new FITemplate('quotes/add');	70	$template = new FITemplate('quotes/add');
39	if (isset($_GET['submit']))	71	if (isset($_GET['submit']))
40	{	72	{
41	$template->adds_block('SUBMITTED',array('QUOTE' => (nl2br(htmlspecialchars($_POST['rash_quote'])) . "\n")));	73	$template->adds_block('SUBMITTED',array('QUOTE' => str_replace("\n","<br />",htmlentities($_POST['rash_quote']))));
42	if (!isLoggedIn())	74	if (!isLoggedIn())
43	{	75	{
44	$insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";	76	$insquote = "INSERT INTO rash_queue (quote) VALUES(\"" . mysql_real_escape_string(htmlspecialchars($_POST['rash_quote'])) . "\")";
45	} else {	77	} else {
46	$today = mktime(date('G'),date('i'),date('s'),date('m'),date('d'),date('Y'));	78	$insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . time() . "\")";
47	$insquote = "INSERT INTO rash_quotes (quote, rating, flag, date) VALUES (\"" . mysql_real_escape_string($_POST['rash_quote']) . "\", 0, 0, \"" . $today . "\")";
48	}	79	}
49	$insquote2 = mysql_query($insquote);	80	$insquote2 = mysql_query($insquote);
50	}	81	}
51	$template->display();	82	$template->display();
52	} elseif ($_GET['act'] == 'bottom')	83	} elseif ($_GET['act'] == 'bottom')
53	{	84	{
54	$query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating < 0 ORDER BY rating ASC LIMIT 50";	85	$query = "SELECT * FROM rash_quotes WHERE rating < 0 ORDER BY rating ASC LIMIT 50";
55	quote_generation($query, "Bottom", -1);	86	quote_generation($query, "Bottom", -1);
56	} elseif ($_GET['act'] == 'browse')	87	} elseif ($_GET['act'] == 'browse')
57	{	88	{
58	$query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY id ASC ";	89	$query = "SELECT * FROM rash_quotes ORDER BY id ASC ";
59	quote_generation($query, "Browse", (isset($_GET['page']) ? $_GET['page'] : 1), 10, 5);	90	quote_generation($query, "Browse", (isset($_GET['page']) ? $_GET['page'] : 1), 10, 5);
60	} elseif ($_GET['act'] == 'flag')	91	} elseif ($_GET['act'] == 'flag')
61	{	92	{
62	$template = new FITemplate('msg');	93	$getfla = "SELECT * FROM rash_quotes WHERE id = " . $quote_num . " LIMIT 0,1";
63	$tracking_verdict = user_quote_status('flag', $quote_num, $template);	94	$getfla2 = mysql_query($getfla);
64	if ($tracking_verdict < 3)	95	$getfla3 = mysql_fetch_array($getfla2);
		96
		97	if ($getfla3['flag'] == 2)
65	{	98	{
66	$getfla = "SELECT flag FROM rash_quotes WHERE id = " . $quote_num . " LIMIT 0,1";	99	die('0');
67	$getfla2 = mysql_query($getfla);	100	} else {
68	$getfla3 = mysql_fetch_array($getfla2);	101	$setfla = "UPDATE rash_quotes SET flag = 1 WHERE id = " . $quote_num;
		102	$setfla2 = mysql_query($setfla);
69		103
70	if ($getfla3['flag'] == 2)	104	die('1');
71	{
72	$template->add('MSG',"This quote has been flagged and rechecked by a moderator already.");
73	} elseif ($getfla3['flag'] == 1)
74	{
75	$template->add('MSG',"This quote is currently pending deletion.");
76	} else {
77	$template->add('MSG',"You have marked this quote for deletion.");
78	$setfla = "UPDATE rash_quotes SET flag = 1 WHERE id = " . $quote_num;
79	$setfla2 = mysql_query($setfla);
80	}
81	}	105	}
82	$template->add('BACK','Quote #' . $quote_num);
83	$template->display();
84	} elseif ($_GET['act'] == 'random')	106	} elseif ($_GET['act'] == 'random')
85	{	107	{
86	$query = "SELECT id, quote, rating, flag FROM rash_quotes ORDER BY rand() LIMIT 50";	108	$query = "SELECT * FROM rash_quotes ORDER BY rand() LIMIT 50";
87	quote_generation($query, "Random", -1);	109	quote_generation($query, "Random", -1);
88	} elseif ($_GET['act'] == 'random2')	110	} elseif ($_GET['act'] == 'random2')
89	{	111	{
90	$query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating > 1 ORDER BY rand() LIMIT 50";	112	$query = "SELECT * FROM rash_quotes WHERE rating > 1 ORDER BY rand() LIMIT 50";
91	quote_generation($query, "Random2", -1);	113	quote_generation($query, "Random2", -1);
92	} elseif ($_GET['act'] == 'search')	114	} elseif ($_GET['act'] == 'search')
93	{	115	{
@@ -99,22 +121,24 @@ if ((!isset($_GET['act'])) \|\| ($_GET['act'] == 'latest'))
99	} else {	121	} else {
100	$how = 'asc';	122	$how = 'asc';
101	}	123	}
102	$getquotes = "SELECT id, quote, rating, flag FROM rash_quotes WHERE quote LIKE \"%" . $_POST['search'] . "%\" ORDER BY " . $_POST['sortby'] . " " . $how . " LIMIT 0," . $_POST['number'];	124	$getquotes = "SELECT * FROM rash_quotes WHERE quote LIKE \"%" . $_POST['search'] . "%\" ORDER BY " . $_POST['sortby'] . " " . $how . " LIMIT 0," . $_POST['number'];
103	quote_generation($getquotes, "Query Results", -1);	125	quote_generation($getquotes, "Query Results", -1);
104	}	126	}
105	$template = new FITemplate('quotes/search');	127	$template = new FITemplate('quotes/search');
106	$template->display();	128	$template->display();
107	} elseif ($_GET['act'] == 'top')	129	} elseif ($_GET['act'] == 'top')
108	{	130	{
109	$query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE rating > 0 ORDER BY rating DESC LIMIT 50";	131	$query = "SELECT * FROM rash_quotes WHERE rating > 0 ORDER BY rating DESC LIMIT 50";
110	quote_generation($query, "Top", -1);	132	quote_generation($query, "Top", -1);
111	} elseif ($_GET['act'] == 'vote')	133	} elseif ($_GET['act'] == 'vote')
112	{	134	{
113	$template = new FITemplate('msg');	135	$gettrack = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
114	$tracking_verdict = user_quote_status('vote', $quote_num,$template);	136	$gettrack2 = mysql_query($gettrack);
115	$template->add('BACK','Quote #' . $quote_num);	137	$gettrack3 = mysql_fetch_array($gettrack2);
116	$template->display();	138
117	if ($tracking_verdict < 3)	139	$trackArr = explode(',',$gettrack3['vote']);
		140
		141	if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) \|\| (array_search($quote_num,$trackArr) === FALSE))
118	{	142	{
119	if ($_GET['dir'] == "plus")	143	if ($_GET['dir'] == "plus")
120	{	144	{
@@ -125,18 +149,32 @@ if ((!isset($_GET['act'])) \|\| ($_GET['act'] == 'latest'))
125	$setquote = "UPDATE rash_quotes SET rating = rating-1 WHERE id = " . $quote_num;	149	$setquote = "UPDATE rash_quotes SET rating = rating-1 WHERE id = " . $quote_num;
126	$setquote2 = mysql_query($setquote);	150	$setquote2 = mysql_query($setquote);
127	}	151	}
128	}
129	} else {
130	if ((is_int($_GET['act']) \|\| ($_GET['act'] != false)) && (verify_int($_GET['act'])))
131	{
132	$query = "SELECT id, quote, rating, flag FROM rash_quotes WHERE id = " . $_GET['act'];
133	quote_generation($query, "#" . $_GET['act'], -1);
134		152
135	$page_id = 'quote-' . $_GET['act'];	153	if ($gettrack3['ip'] == $_SERVER['REMOTE_ADDR'])
136	include('includes/comments.php');	154	{
		155	$settrack = "UPDATE rash_tracking SET vote = \"" . $gettrack3['vote'] . "," . $quote_num . "\" WHERE id = " . $gettrack3['id'];
		156	} else {
		157	$settrack = "INSERT INTO tracking (ip,vote) VALUES (\"" . $_SERVER['REMOTE_ADDR'] . "\",\"" . $quote_num . "\")";
		158	}
		159	$settrack2 = mysql_query($settrack) or die($settrack);
		160
		161	$getquote = "SELECT * FROM rash_quotes WHERE id = " . $quote_num;
		162	$getquote2 = mysql_query($getquote);
		163	$getquote3 = mysql_fetch_array($getquote2);
		164
		165	die($getquote3['rating']);
137	} else {	166	} else {
138	generateError('404');	167	die;
139	}	168	}
		169	} else if (is_numeric($_GET['act']))
		170	{
		171	$query = "SELECT * FROM rash_quotes WHERE id = " . $_GET['act'];
		172	quote_generation($query, "#" . $_GET['act'], -1);
		173
		174	$page_id = 'quote-' . $_GET['act'];
		175	include('includes/comments.php');
		176	} else {
		177	generateError('404');
140	}	178	}
141		179
142	function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_limit = 10)	180	function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_limit = 10)
@@ -152,13 +190,56 @@ function quote_generation($query, $origin, $page = 1, $quote_limit = 50, $page_l
152	}	190	}
153	$template->add('ORIGIN',$origin);	191	$template->add('ORIGIN',$origin);
154		192
		193	$gettrack = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
		194	$gettrack2 = mysql_query($gettrack);
		195	$gettrack3 = mysql_fetch_array($gettrack2);
		196
		197	$trackArr = explode(',',$gettrack3['vote']);
		198
155	$getquotes2 = mysql_query($query);	199	$getquotes2 = mysql_query($query);
156	$i=0;	200	$i=0;
157	while ($getquotes3[$i] = mysql_fetch_array($getquotes2))	201	while ($getquotes3[$i] = mysql_fetch_array($getquotes2))
158	{	202	{
159	$template->adds_block('QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'],	203	if (!isset($curID))
160	'RATING' => $getquotes3[$i]['rating'],	204	{
161	'QUOTE' => parseSmilies(str_replace("\n","<BR>",stripslashes($getquotes3[$i]['quote'])))));	205	$curID = 0;
		206	} else {
		207	$curID++;
		208	}
		209
		210	$cntcomments = "SELECT COUNT(*) FROM comments WHERE page_id = \"quote-" . $getquotes3[$i]['id'] . "\"";
		211	$cntcomments2 = mysql_query($cntcomments);
		212	$cntcomments3 = mysql_fetch_array($cntcomments2);
		213
		214	if ($cntcomments3['COUNT(*)'] == 0)
		215	{
		216	$comments = '';
		217	} else if ($cntcomments3['COUNT(*)'] == 1)
		218	{
		219	$comments = '1 Comment';
		220	} else {
		221	$comments = $cntcomments3['COUNT(*)'] . ' Comments';
		222	}
		223
		224	$template->add_ref($curID,'QUOTES',array( 'NUMBER' => $getquotes3[$i]['id'],
		225	'RATING' => $getquotes3[$i]['rating'],
		226	'DATE' => ($getquotes3[$i]['date'] != 0 ? date('F jS Y \a\\t g:i:s a', $getquotes3[$i]['date']) : ''),
		227	'QUOTE' => str_replace("\n","<br />",htmlentities(stripslashes($getquotes3[$i]['quote']))),
		228	'COMMENTS' => $comments));
		229
		230	if (($gettrack3['ip'] != $_SERVER['REMOTE_ADDR']) \|\| (array_search($getquotes3[$i]['id'],$trackArr) === FALSE))
		231	{
		232	$template->adds_ref_sub($curID, 'CANVOTE', array('exi'=>1));
		233	} else {
		234	$template->adds_ref_sub($curID, 'NOVOTE', array('exi'=>1));
		235	}
		236
		237	if ($getquotes3[$i]['flag'] == 0)
		238	{
		239	$template->adds_ref_sub($curID, 'CANFLAG', array('exi'=>1));
		240	} else {
		241	$template->adds_ref_sub($curID, 'NOFLAG', array('exi'=>1));
		242	}
162		243
163	$i++;	244	$i++;
164	}	245	}
@@ -170,7 +251,7 @@ function page_numbers($template, $origin, $quote_limit, $page_default, $page_lim
170	{	251	{
171	$numrows = countRows('rash_quotes');	252	$numrows = countRows('rash_quotes');
172	$testrows = $numrows;	253	$testrows = $numrows;
173	$pagenum = (($testrows + 1) / ($quote_limit > 0 ? $quote_limit : 1));	254	$pagenum = floor(($testrows + 1) / ($quote_limit > 0 ? $quote_limit : 1));
174		255
175	if (($page_limit % 2))	256	if (($page_limit % 2))
176	{	257	{
@@ -227,86 +308,4 @@ function page_numbers($template, $origin, $quote_limit, $page_default, $page_lim
227	$template->add('LASTPAGE',$pagenum);	308	$template->add('LASTPAGE',$pagenum);
228	}	309	}
229		310
230	function user_quote_status($where, $quote_num, $template)
231	{
232	$tracking_verdict = ip_track($where, $quote_num);
233	if ($where != 'flag')
234	{
235	switch ($tracking_verdict)
236	{
237	case 1:
238	$template->add('TRACKING',"Quote has been modified, and data of your action has been recorded in the database.");
239	break;
240	case 2:
241	$template->add('TRACKING',"Quote has been modified, your IP has been logged, and data of your action has been recorded in the database.");
242	break;
243	case 3:
244	$template->add('TRACKING',"You have already voted on this quote, please try again later.");
245	break;
246	}
247	}
248	return $tracking_verdict;
249	}
250
251	function ip_track($where, $quote_num)
252	{
253	switch ($where)
254	{
255	case 'flag':
256	$where2 = 'vote';
257	break;
258	case 'vote':
259	$where2 = 'flag';
260	break;
261	}
262
263	$getip = "SELECT * FROM rash_tracking WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
264	$getip2 = mysql_query($getip);
265	$getip3 = mysql_fetch_array($getip2);
266
267	if ($getip3['ip'] == $_SERVER['REMOTE_ADDR'])
268	{
269	$quote_array = explode(",", $getip3['quote_id']);
270	$quote_place = array_search($quote_num, $quote_array);
271	if (in_array($quote_num, $quote_array))
272	{
273	$where_result = explode(",", $getip3[$where]);
274	if (!isset($where_result[$quote_place]))
275	{
276	$where_result[$quote_place] = 1;
277	$where_result = implode(",", $where_result);
278	$setip = "UPDATE rash_tracking SET " . $where . " = \"" . $where_result . "\" WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
279	$setip2 = mysql_query($getip);
280	return 1;
281	} else {
282	return 3;
283	}
284	} else {
285	$setip = "UPDATE rash_tracking SET " . $where . " = CONCAT(" . $where . ",\",1\"), " . $where2 . " = CONCAT(" . $where2 . ",\",0\"), quote_id = CONCAT(quote_id,\"," . $quote_num . "\") WHERE ip = \"" . $_SERVER['REMOTE_ADDR'] . "\"";
286	$setip2 = mysql_query($setip);
287	return 1;
288	}
289	} else {
290	$insip = "INSERT INTO rash_tracking (ip, quote_id, " . $where . ", " . $where2 . ") VALUES (\"" . $_SERVER['REMOTE_ADDR'] . "\", \"" . $quote_num . "\", 1, 0)";
291	$insip2 = mysql_query($insip);
292	return 2;
293	}
294	}
295
296	function verify_int($subject)
297	{
298	$ymax = strlen($subject);
299	$y = 0;
300	while($y < $ymax)
301	{
302	if ((is_int((int)($subject{$y})) && (int)($subject{$y})) \|\| (int)($subject{$y}) === 0 )
303	{
304	$y++;
305	} else {
306	return false;
307	}
308	}
309	return true;
310	}
311
312	?>	311	?>