From 38f73720eaec5f49752589ac088b04b3fa734117 Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Mon, 5 Jan 2009 18:01:06 -0500 Subject: Integreated Fourm users --- includes/comments.php | 8 +++--- includes/footer.php | 41 ++++++++++++++++++++--------- includes/functions.php | 29 ++------------------- includes/header.php | 5 ++-- includes/session.php | 70 ++++++++++++++++++++++++++++++++++++++------------ pages/admin.php | 18 ++++++------- pages/login.php | 46 --------------------------------- pages/logout.php | 28 -------------------- pages/post.php | 6 ++--- theme/header.tpl | 2 +- 10 files changed, 104 insertions(+), 149 deletions(-) delete mode 100755 pages/login.php delete mode 100755 pages/logout.php diff --git a/includes/comments.php b/includes/comments.php index 15e9fc8..d405279 100755 --- a/includes/comments.php +++ b/includes/comments.php @@ -30,7 +30,7 @@ $curID = 0; $template = new FITemplate('comments'); $template->add('PAGEID',$page_id); -$template->add('USERNAME',(isLoggedIn() ? sess_get('uname') : 'Anonymous')); +$template->add('USERNAME',(isLoggedIn() ? getSessionUsername() : 'Anonymous')); if (!isLoggedIn()) { @@ -43,7 +43,7 @@ $getcomments2 = mysql_query($getcomments) or die($getcomments); $i=0; while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) { - $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; + $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; $getuser2 = mysql_query($getuser); $getuser3 = mysql_fetch_array($getuser2); @@ -51,7 +51,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) { $username = $getuser3['username']; $email = $getuser3['user_email']; - $website = $getuser3['website']; + $website = $getuser3['user_website']; } else { $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; $getanon2 = mysql_query($getanon); @@ -68,7 +68,7 @@ while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) if (isset($username)) { $template->add_ref($curID, 'COMMENTS', array( 'CODEDEMAIL' => md5(strtolower($email)), - 'USERNAME' => (($website != '') ? '' . $username . '' : $username), + 'USERNAME' => (($website != '') ? '' . $username . '' : $username), 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getcomments3[$i]['posttime'])), 'ID' => $getcomments3[$i]['id'], 'TEXT' => parseText($getcomments3[$i]['comment']))); diff --git a/includes/footer.php b/includes/footer.php index dadb6f5..0a93ae9 100755 --- a/includes/footer.php +++ b/includes/footer.php @@ -93,14 +93,14 @@ if (!isset($noRightbar)) $i=0; while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) { - $getuser = "SELECT * FROM users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; + $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomments3[$i]['username'] . "\""; $getuser2 = mysql_query($getuser); $getuser3 = mysql_fetch_array($getuser2); if ($getuser3['username'] == $getcomments3[$i]['username']) { $username = $getuser3['username']; - $website = $getuser3['website']; + $website = $getuser3['user_website']; } else { $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getcomments3[$i]['username'] . "\""; $getanon2 = mysql_query($getanon); @@ -125,7 +125,7 @@ if (!isset($noRightbar)) 'CODED' => $getpost3['slug'], 'ENDING' => '/', 'TITLE' => stripslashes($getpost3['title']), - 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); + 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); $i++; } else if (strpos($getcomments3[$i]['page_id'], 'quote') !== FALSE) { @@ -136,11 +136,12 @@ if (!isset($noRightbar)) 'CODED' => $num, 'ENDING' => '.php', 'TITLE' => 'Quote #' . $num, - 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); + 'AUTHOR' => (($website != '') ? '' . $username . '' : $username))); $i++; } } + $users = array(); $getusers = "SELECT DISTINCT username FROM comments"; $getusers2 = mysql_query($getusers); $i=0; @@ -150,14 +151,14 @@ if (!isset($noRightbar)) $getcount2 = mysql_query($getcount); $getcount3 = mysql_fetch_array($getcount2); - $getuser = "SELECT * FROM users WHERE username = \"" . $getusers3[$i]['username'] . "\""; + $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getusers3[$i]['username'] . "\""; $getuser2 = mysql_query($getuser); $getuser3 = mysql_fetch_array($getuser2); if ($getuser3['username'] == $getusers3[$i]['username']) { $username = $getuser3['username']; - $website = $getuser3['website']; + $website = $getuser3['user_website']; } else { $getanon = "SELECT * FROM anon_commenters WHERE username = \"" . $getusers3[$i]['username'] . "\""; $getanon2 = mysql_query($getanon); @@ -170,23 +171,39 @@ if (!isset($noRightbar)) } } - $name = (($website != '') ? '' . $username . '' : $username); - $users[$name] = $getcount3[0]; + $name = (($website != '') ? '' . $username . '' : $username); + $users[] = array('name' => $name, 'count' => $getcount3['COUNT(*)']); $i++; } - arsort($users); + function count_sort($a, $b) + { + $a = $a['count']; + $b = $b['count']; + + if ($a > $b) + { + return -1; + } else if ($a < $b) + { + return 1; + } else { + return 0; + } + } + + usort($users, 'count_sort'); $i=0; - foreach ($users as $name => $count) + foreach ($users as $value) { if ($i == 5) { break; } - $template->adds_block('TOP', array( 'USERNAME' => $name, - 'COUNT' => $count)); + $template->adds_block('TOP', array( 'USERNAME' => $value['name'], + 'COUNT' => $value['count'])); $i++; } diff --git a/includes/functions.php b/includes/functions.php index 7c06077..16de184 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -22,24 +22,6 @@ if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);} require('headerproc.php'); -function isLoggedIn() -{ - return sess_exists('uname'); -} - -function getUserlevel() -{ - if (isLoggedIn()) - { - $getuser = "SELECT * FROM users WHERE username = \"" . sess_get('uname') . "\""; - $getuser2 = mysql_query($getuser); - $getuser3 = mysql_fetch_array($getuser2); - return $getuser3['user_group']; - } else { - return 4; - } -} - function countRows($table, $extra = '') { $cntrows = "SELECT * FROM " . $table . " " . $extra; @@ -62,7 +44,8 @@ function generateError($error) function echoLogData() { - if (!isLoggedIn()) { + if (!isLoggedIn()) + { return('in'); } else { return('out'); @@ -212,14 +195,6 @@ function updatePop($id, $area, $plus=1) } } -function verifyUser($username, $password) -{ - $getuser = 'SELECT * FROM users WHERE username = "' . $username . '" AND user_password = "' . md5($password) . '"'; - $getuser2 = mysql_query($getuser); - $getuser3 = mysql_fetch_array($getuser2); - return (($_POST['username'] != '') && ($getuser3['username'] == $_POST['username'])); -} - function getTags($id, $type = 'published') { $gettags = "SELECT * FROM tags WHERE post_id = " . $id . " AND post_type = \"" . $type . "\""; diff --git a/includes/header.php b/includes/header.php index c2cbbc2..4460d0a 100755 --- a/includes/header.php +++ b/includes/header.php @@ -38,8 +38,6 @@ $headerTemp->add('HEADTAGS',isset($headtags) ? $headtags : ''); $headerTemp->add('EXTRATITLE',isset($title) ? ($title . ' - ') : ''); $headerTemp->add('PAGEID',(isset($pageID)) ? $pageID : 'none'); $headerTemp->add(strtoupper($pageCategory) . 'ACTIVE', ' CLASS="active"'); -$headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI'])); -$headerTemp->add('LOGDATA',echoLogData()); if (isset($_POST['message'])) { @@ -48,6 +46,9 @@ if (isset($_POST['message'])) if (($pageCategory != 'fourm') && ($pageCategory != 'wiki')) { + $headerTemp->add('REDIRPAGE',rawurlencode($_SERVER['REQUEST_URI'])); + $headerTemp->add('LOGDATA',echoLogData()); + $headerTemp->add('SID',getSessionID()); $headerTemp->adds_block('MEMBERS',array('exi' => 1)); } diff --git a/includes/session.php b/includes/session.php index ff47e12..a4a7604 100755 --- a/includes/session.php +++ b/includes/session.php @@ -24,38 +24,74 @@ require('headerproc.php'); session_start(); -function sess_exists($name) +function getSessionID() { - return(isset($_SESSION[$name])); -} + $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\""; + $getconfig2 = mysql_query($getconfig); + $getconfig3 = mysql_fetch_array($getconfig2); -function sess_set($name,$value) -{ - $_SESSION[$name] = $value; + if (isset($_COOKIE[$getconfig3['config_value'] . '_sid'])) + { + return $_COOKIE[$getconfig3['config_value'] . '_sid']; + } + + return false; } -function sess_get($name) +function getSessionUsername() { - return $_SESSION[$name]; -} + $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\""; + $getconfig2 = mysql_query($getconfig); + $getconfig3 = mysql_fetch_array($getconfig2); + + if (isset($_COOKIE[$getconfig3['config_value'] . '_sid'])) + { + $getsession = "SELECT * FROM phpbb_sessions AS s, phpbb_users AS u WHERE s.session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\" AND u.user_id = s.session_user_id"; + $getsession2 = mysql_query($getsession) or die($getsession); + $getsession3 = mysql_fetch_array($getsession2); + return $getsession3['username']; + } + + return false; +} -function sess_getifset($name) +function isLoggedIn() { - if (sess_exists($name)) + $getconfig = "SELECT * FROM phpbb_config WHERE config_name LIKE \"cookie_name\""; + $getconfig2 = mysql_query($getconfig); + $getconfig3 = mysql_fetch_array($getconfig2); + + if (isset($_COOKIE[$getconfig3['config_value'] . '_sid'])) { - return sess_get($name); - } else { - return false; + $getsession = "SELECT * FROM phpbb_sessions WHERE session_id LIKE \"" . mysql_real_escape_string($_COOKIE[$getconfig3['config_value'] . '_sid']) . "\""; + $getsession2 = mysql_query($getsession); + $getsession3 = mysql_fetch_array($getsession2); + + if ($getsession3['session_user_id'] != '1') + { + return true; + } } + + return false; } -function sess_delete($name) +function isAdmin() { - if (sess_exists($name)) + if (isLoggedIn()) { - unset($_SESSION[$name]); + $getgroup = "SELECT COUNT(*) FROM phpbb_user_group, phpbb_users WHERE phpbb_user_group.user_id = phpbb_users.user_id AND phpbb_users.username = \"" . getSessionUsername() . "\" AND phpbb_user_group.group_id = 2"; + $getgroup2 = mysql_query($getgroup); + $getgroup3 = mysql_fetch_array($getgroup2); + + if ($getgroup3['COUNT(*)'] == '1') + { + return true; + } } + + return false; } ?> diff --git a/pages/admin.php b/pages/admin.php index a3b1783..60bc73d 100755 --- a/pages/admin.php +++ b/pages/admin.php @@ -26,7 +26,7 @@ $pageCategory = 'panel'; if (isLoggedIn()) { - if (getUserlevel() == 1) + if (isAdmin()) { if (!isset($_GET['page'])) { @@ -41,7 +41,7 @@ if (isLoggedIn()) if ($_POST['type'] == 'draft') { - $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $insdraft2 = mysql_query($insdraft); $id = mysql_insert_id(); @@ -51,7 +51,7 @@ if (isLoggedIn()) $template->add('ID', $id); } else if ($_POST['type'] == 'instant') { - $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); + $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']); $getpost = "SELECT * FROM updates WHERE id = " . $id; $getpost2 = mysql_query($getpost); @@ -87,7 +87,7 @@ if (isLoggedIn()) generateError(404); } - $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $inspending2 = mysql_query($inspending); addTags($id, $tags, 'pending'); @@ -140,7 +140,7 @@ if (isLoggedIn()) $template->add('ID', $_GET['id']); } else if ($_POST['type'] == 'instant') { - $id = postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']); + $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']); $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; $deldraft2 = mysql_query($deldraft); @@ -179,7 +179,7 @@ if (isLoggedIn()) generateError(404); } - $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $inspending2 = mysql_query($inspending); addTags($id, $tags, 'pending'); @@ -539,14 +539,14 @@ if (isLoggedIn()) if ($getcomment3['id'] == $_GET['id']) { - $getuser = "SELECT * FROM users WHERE username = \"" . $getcomment3['author'] . "\""; + $getuser = "SELECT * FROM phpbb_users WHERE username = \"" . $getcomment3['author'] . "\""; $getuser2 = mysql_query($getuser); $getuser3 = mysql_fetch_array($getuser2); $template = new FITemplate('admin/viewComment'); $template->add('ID', $_GET['id']); $template->add('USERNAME', $getcomment3['author']); - $template->add('CODEDEMAIL', md5(strtolower($getuser3['email']))); + $template->add('CODEDEMAIL', md5(strtolower($getuser3['user_email']))); $template->add('TEXT', parseText($getcomment3['comment'])); $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); } else { @@ -601,7 +601,7 @@ if (isLoggedIn()) $template = new FITemplate('admin/pollrss'); } else if ($_GET['step'] == 2) { - $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; + $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\")"; $insrss2 = mysql_query($insrss); $template = new FITemplate('admin/newPoll'); diff --git a/pages/login.php b/pages/login.php deleted file mode 100755 index a787729..0000000 --- a/pages/login.php +++ /dev/null @@ -1,46 +0,0 @@ -add('REDIRECT',$_GET['redirect']); -} else { - if (verifyUser($_POST['username'], $_POST['password'])) - { - sess_set('uname',$_POST['username']); - header('Location: ' . rawurldecode($_POST['redirect'])); - exit; - } else { - $template = new FITemplate('login'); - $template->add('REDIRECT',$_POST['redirect']); - $template->adds_block('ERROR',array('MSG' => "The username/password pair didn't resolve to a real user. Try logging on again, spelling the password right, or making sure you actually have an a account.")); - } -} - -$template->display(); - -?> diff --git a/pages/logout.php b/pages/logout.php deleted file mode 100755 index 69b9386..0000000 --- a/pages/logout.php +++ /dev/null @@ -1,28 +0,0 @@ - diff --git a/pages/post.php b/pages/post.php index 1b89fa4..48239cf 100755 --- a/pages/post.php +++ b/pages/post.php @@ -84,10 +84,10 @@ if (!isset($_GET['id'])) } } } else { - $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . sess_get('uname') . "\", comment = \"" . $_POST['comment'] . "\""; + $setcomment = "INSERT INTO comments SET page_id = \"" . $_GET['id'] . "\", username = \"" . getSessionUsername() . "\", comment = \"" . $_POST['comment'] . "\""; $setcomment2 = mysql_query($setcomment); - mail('hatkirby@fourisland.com', 'New comment on Four Island!', sess_get('uname') . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); + mail('hatkirby@fourisland.com', 'New comment on Four Island!', getSessionUsername() . ' has posted a comment on Four Island under the "page id" ' . $_GET['id']); $page_id = $_GET['id']; $comType = substr($page_id,0,strpos($page_id,'-')); @@ -97,7 +97,7 @@ if (!isset($_GET['id'])) recalcPop($comID); } - $template->add('MSG',"Thank you, " . sess_get('uname') . ", for posting your valuable comment!"); + $template->add('MSG',"Thank you, " . getSessionUsername() . ", for posting your valuable comment!"); } } } diff --git a/theme/header.tpl b/theme/header.tpl index dfe3459..8e43e31 100755 --- a/theme/header.tpl +++ b/theme/header.tpl @@ -62,7 +62,7 @@ > Log<!--LOGDATA--> - Log + Log -- cgit 1.4.1