about summary refs log tree commit diff stats
path: root/series/trunk/includes/instadisc.php
diff options
context:
space:
mode:
authorKelly Rauchenberger <fefferburbia@gmail.com>2008-09-14 14:15:06 +0000
committerKelly Rauchenberger <fefferburbia@gmail.com>2008-09-14 14:15:06 +0000
commitcefd374290b6d0ebfa22e0af8d289e51481f6f90 (patch)
treef9302202770988d9e7f7ff0f576bd430033bc72a /series/trunk/includes/instadisc.php
parentb20c87df8f9eed0c8e883efca9bf6e127f94b5ce (diff)
downloadinstadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.tar.gz
instadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.tar.bz2
instadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.zip
Series: Reverted Update integration
Refs #55
Diffstat (limited to 'series/trunk/includes/instadisc.php')
-rw-r--r--series/trunk/includes/instadisc.php77
1 files changed, 34 insertions, 43 deletions
diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index 41080bd..a5afb3a 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php
@@ -53,57 +53,48 @@ function instaDisc_getConfig($name)
53 53
54function instaDisc_verifyUser($username, $password) 54function instaDisc_verifyUser($username, $password)
55{ 55{
56 return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass'))); 56 $getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
57 $getusers2 = mysql_query($getusers);
58 $getusers3 = mysql_fetch_array($getusers2);
59
60 return ($getusers3['username'] == $username);
57} 61}
58 62
59function instaDisc_changePassword($password) 63function instaDisc_changePassword($username, $password)
60{ 64{
61 $setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\""; 65 $setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\"";
62 $setconfig2 = mysql_query($setconfig); 66 $setconfig2 = mysql_query($setconfig);
63 $setconfig3 = mysql_fetch_array($setconfig2); 67 $setconfig3 = mysql_fetch_array($setconfig2);
64} 68}
65 69
66function instaDisc_addSubscription($id, $title, $url, $category, $password = '') 70function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword)
67{
68 $inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")";
69 $inssub2 = mysql_query($inssub);
70}
71
72function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
73{ 71{
74 $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; 72 $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
75 $getverid2 = mysql_query($getverid); 73 $getuser2 = mysql_query($getuser);
76 $getverid3 = mysql_fetch_array($getverid2); 74 $getuser3 = mysql_fetch_array($getuser2);
77 if ($getverid3['id'] != $verificationID) 75 if ($getuser3['username'] == $username)
78 { 76 {
79 $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; 77 $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
80 $getitem2 = mysql_query($getitem); 78 $getsub2 = mysql_query($getsub);
81 $getitem3 = mysql_fetch_array($getitem2); 79 $getsub3 = mysql_fetch_array($getsub2);
82 if ($getitem3[$nameField] == $username) 80 if ($getsub3['identity'] == $seriesID)
83 { 81 {
84 $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; 82 if ($getsub3['username'] != $username)
85 83 {
86 if (md5($test) == $verification) 84 return false;
87 { 85 }
88 $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; 86
89 $cntverid2 = mysql_query($cntverid); 87 $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\"";
90 $cntverid3 = mysql_fetch_array($cntverid2); 88 $setsub2 = mysql_query($setsub);
91 if ($cntverid3[0] >= 10000) 89 } else {
92 { 90 $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")";
93 $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1"; 91 $inssub2 = mysql_query($inssub);
94 $delverid2 = mysql_query($delverid); 92 }
95 } 93
96 94 return true;
97 $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; 95 } else {
98 $insverid2 = mysql_query($insverid); 96 return false;
99 97 }
100 return true;
101 }
102 }
103 }
104
105 return false;
106} 98}
107 99
108
109?> 100?>