summary refs log tree commit diff stats
path: root/pages
diff options
context:
space:
mode:
Diffstat (limited to 'pages')
-rwxr-xr-xpages/admin.php18
-rwxr-xr-xpages/login.php46
-rwxr-xr-xpages/logout.php28
-rwxr-xr-xpages/post.php6
4 files changed, 12 insertions, 86 deletions
diff --git a/pages/admin.php b/pages/admin.php index a3b1783..60bc73d 100755 --- a/pages/admin.php +++ b/pages/admin.php
@@ -26,7 +26,7 @@ $pageCategory = 'panel';
26 26
27if (isLoggedIn()) 27if (isLoggedIn())
28{ 28{
29 if (getUserlevel() == 1) 29 if (isAdmin())
30 { 30 {
31 if (!isset($_GET['page'])) 31 if (!isset($_GET['page']))
32 { 32 {
@@ -41,7 +41,7 @@ if (isLoggedIn())
41 41
42 if ($_POST['type'] == 'draft') 42 if ($_POST['type'] == 'draft')
43 { 43 {
44 $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 44 $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
45 $insdraft2 = mysql_query($insdraft); 45 $insdraft2 = mysql_query($insdraft);
46 46
47 $id = mysql_insert_id(); 47 $id = mysql_insert_id();
@@ -51,7 +51,7 @@ if (isLoggedIn())
51 $template->add('ID', $id); 51 $template->add('ID', $id);
52 } else if ($_POST['type'] == 'instant') 52 } else if ($_POST['type'] == 'instant')
53 { 53 {
54 $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); 54 $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
55 55
56 $getpost = "SELECT * FROM updates WHERE id = " . $id; 56 $getpost = "SELECT * FROM updates WHERE id = " . $id;
57 $getpost2 = mysql_query($getpost); 57 $getpost2 = mysql_query($getpost);
@@ -87,7 +87,7 @@ if (isLoggedIn())
87 generateError(404); 87 generateError(404);
88 } 88 }
89 89
90 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 90 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
91 $inspending2 = mysql_query($inspending); 91 $inspending2 = mysql_query($inspending);
92 92
93 addTags($id, $tags, 'pending'); 93 addTags($id, $tags, 'pending');
@@ -140,7 +140,7 @@ if (isLoggedIn())
140 $template->add('ID', $_GET['id']); 140 $template->add('ID', $_GET['id']);
141 } else if ($_POST['type'] == 'instant') 141 } else if ($_POST['type'] == 'instant')
142 { 142 {
143 $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); 143 $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
144 144
145 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; 145 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id'];
146 $deldraft2 = mysql_query($deldraft); 146 $deldraft2 = mysql_query($deldraft);
@@ -179,7 +179,7 @@ if (isLoggedIn())
179 generateError(404); 179 generateError(404);
180 } 180 }
181 181
182 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 182 $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
183 $inspending2 = mysql_query($inspending); 183 $inspending2 = mysql_query($inspending);
184 184
185 addTags($id, $tags, 'pending'); 185 addTags($id, $tags, 'pending');
@@ -539,14 +539,14 @@ if (isLoggedIn())
539 539
540 if ($getcomment3['id'] == $_GET['id']) 540 if ($getcomment3['id'] == $_GET['id'])
541 { 541 {
542 $getuser = "SELECT * FROM users WHERE username = \"" . $getcomment3['author'] . "\""; 542 $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomment3['author'] . "\"";
543 $getuser2 = mysql_query($getuser); 543 $getuser2 = mysql_query($getuser);
544 $getuser3 = mysql_fetch_array($getuser2); 544 $getuser3 = mysql_fetch_array($getuser2);
545 545
546 $template = new FITemplate('admin/viewComment'); 546 $template = new FITemplate('admin/viewComment');
547 $template->add('ID', $_GET['id']); 547 $template->add('ID', $_GET['id']);
548 $template->add('USERNAME', $getcomment3['author']); 548 $template->add('USERNAME', $getcomment3['author']);
549 $template->add('CODEDEMAIL', md5(strtolower($getuser3['email']))); 549 $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email'])));
550 $template->add('TEXT', parseText($getcomment3['comment'])); 550 $template->add('TEXT', parseText($getcomment3['comment']));
551 $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); 551 $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate'])));
552 } else { 552 } else {
@@ -601,7 +601,7 @@ if (isLoggedIn())
601 $template = new FITemplate('admin/pollrss'); 601 $template = new FITemplate('admin/pollrss');
602 } else if ($_GET['step'] == 2) 602 } else if ($_GET['step'] == 2)
603 { 603 {
604 $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; 604 $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")";
605 $insrss2 = mysql_query($insrss); 605 $insrss2 = mysql_query($insrss);
606 606
607 $template = new FITemplate('admin/newPoll'); 607 $template = new FITemplate('admin/newPoll');
diff --git a/pages/login.php b/pages/login.php deleted file mode 100755 index a787729..0000000 --- a/pages/login.php +++ /dev/null
@@ -1,46 +0,0 @@
1<?php
2/*
3 444444444
4 4::::::::4
5 4:::::::::4
6 4::::44::::4
7 4::::4 4::::4 Four Island
8 4::::4 4::::4
9 4::::4 4::::4 Written and maintained by Starla Insigna
104::::444444::::444
114::::::::::::::::4 pages/login.php
124444444444:::::444
13 4::::4 Please do not use, reproduce or steal the
14 4::::4 contents of this file without explicit
15 4::::4 permission from Hatkirby.
16 44::::::44
17 4::::::::4
18 4444444444
19*/
20
21if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
22
23require('headerproc.php');
24
25$pageCategory = 'log';
26
27if (!isset($_GET['submit']))
28{
29 $template = new FITemplate('login');
30 $template->add('REDIRECT',$_GET['redirect']);
31} else {
32 if (verifyUser($_POST['username'], $_POST['password']))
33 {
34 sess_set('uname',$_POST['username']);
35 header('Location: ' . rawurldecode($_POST['redirect']));
36 exit;
37 } else {
38 $template = new FITemplate('login');
39 $template->add('REDIRECT',$_POST['redirect']);
40 $template->adds_block('ERROR',array('MSG' => "The username/password pair didn't resolve to a real user. Try logging on again, spelling the password right, or making sure you actually have an a account."));
41 }
42}
43
44$template->display();
45
46?>
diff --git a/pages/logout.php b/pages/logout.php deleted file mode 100755 index 69b9386..0000000 --- a/pages/logout.php +++ /dev/null
@@ -1,28 +0,0 @@
1<?php
2/*
3 444444444
4 4::::::::4
5 4:::::::::4
6 4::::44::::4
7 4::::4 4::::4 Four Island
8 4::::4 4::::4
9 4::::4 4::::4 Written and maintained by Starla Insigna
104::::444444::::444
114::::::::::::::::4 pages/logout.php
124444444444:::::444
13 4::::4 Please do not use, reproduce or steal the
14 4::::4 contents of this file without explicit
15 4::::4 permission from Hatkirby.
16 44::::::44
17 4::::::::4
18 4444444444
19*/
20
21if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
22
23require('headerproc.php');
24
25sess_delete('uname');
26header('Location: ' . rawurldecode($_GET['redirect']));
27
28?>
diff --git a/pages/post.php b/pages/post.php index 1b89fa4..48239cf 100755 --- a/pages/post.php +++ b/pages/post.php
@@ -84,10 +84,10 @@ if (!isset($_GET['id']))
84 } 84 }
85 } 85 }
86 } else { 86 } else {
87 $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . sess_get('uname') . "\", comment = \"" . $_POST['comment'] . "\""; 87 $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . getSessionUsername() . "\", comment = \"" . $_POST['comment'] . "\"";
88 $setcomment2 = mysql_query($setcomment); 88 $setcomment2 = mysql_query($setcomment);
89 89
90 mail('hatkirby@fourisland.com', 'New comment on Four Island!', sess_get('uname') . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); 90 mail('hatkirby@fourisland.com', 'New comment on Four Island!', getSessionUsername() . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']);
91 91
92 $page_id = $_GET['id']; 92 $page_id = $_GET['id'];
93 $comType = substr($page_id,0,strpos($page_id,'-')); 93 $comType = substr($page_id,0,strpos($page_id,'-'));
@@ -97,7 +97,7 @@ if (!isset($_GET['id']))
97 recalcPop($comID); 97 recalcPop($comID);
98 } 98 }
99 99
100 $template->add('MSG',"Thank you, " . sess_get('uname') . ", for posting your valuable comment!"); 100 $template->add('MSG',"Thank you, " . getSessionUsername() . ", for posting your valuable comment!");
101 } 101 }
102 } 102 }
103} 103}