about summary refs log tree commit diff stats
path: root/series/trunk
diff options
context:
space:
mode:
authorKelly Rauchenberger <fefferburbia@gmail.com>2008-09-14 14:15:06 +0000
committerKelly Rauchenberger <fefferburbia@gmail.com>2008-09-14 14:15:06 +0000
commitcefd374290b6d0ebfa22e0af8d289e51481f6f90 (patch)
treef9302202770988d9e7f7ff0f576bd430033bc72a /series/trunk
parentb20c87df8f9eed0c8e883efca9bf6e127f94b5ce (diff)
downloadinstadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.tar.gz
instadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.tar.bz2
instadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.zip
Series: Reverted Update integration
Refs #55
Diffstat (limited to 'series/trunk')
-rw-r--r--series/trunk/admin/addsub.php2
-rw-r--r--series/trunk/admin/chpwd.php2
-rw-r--r--series/trunk/admin/main.php6
-rw-r--r--series/trunk/includes/instadisc.php77
-rw-r--r--series/trunk/instadisc.sql16
-rw-r--r--series/trunk/theme/main.tpl5
-rw-r--r--series/trunk/xmlrpc.php66
7 files changed, 49 insertions, 125 deletions
diff --git a/series/trunk/admin/addsub.php b/series/trunk/admin/addsub.php index f462d3f..0b6ff3f 100644 --- a/series/trunk/admin/addsub.php +++ b/series/trunk/admin/addsub.php
@@ -50,7 +50,7 @@ if (!isset($_GET['submit']))
50 { 50 {
51 showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors); 51 showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors);
52 } else { 52 } else {
53 instaDisc_addSubscription($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password']); 53 instaDisc_initSubscription($_SESSION['username'], $_POST['id'], $_POST['url'], $_POST['title'], $_POST['category'], $_POST['personal'], $_POST['password']);
54 54
55 $template = new FITemplate('addedsub'); 55 $template = new FITemplate('addedsub');
56 $template->add('SITENAME', instaDisc_getConfig('siteName')); 56 $template->add('SITENAME', instaDisc_getConfig('siteName'));
diff --git a/series/trunk/admin/chpwd.php b/series/trunk/admin/chpwd.php index 2f5368d..abd6d97 100644 --- a/series/trunk/admin/chpwd.php +++ b/series/trunk/admin/chpwd.php
@@ -56,7 +56,7 @@ if (isset($_SESSION['username']))
56 { 56 {
57 showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); 57 showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);
58 } else { 58 } else {
59 instaDisc_changePassword( $_POST['new']); 59 instaDisc_changePassword($_SESSION['username'], $_POST['new']);
60 60
61 $template = new FITemplate('changedpassword'); 61 $template = new FITemplate('changedpassword');
62 $template->add('SITENAME', instaDisc_getConfig('siteName')); 62 $template->add('SITENAME', instaDisc_getConfig('siteName'));
diff --git a/series/trunk/admin/main.php b/series/trunk/admin/main.php index eb0e35b..f2d8e9e 100644 --- a/series/trunk/admin/main.php +++ b/series/trunk/admin/main.php
@@ -20,6 +20,12 @@ if (!isset($_SESSION['username']))
20 20
21$template = new FITemplate('main'); 21$template = new FITemplate('main');
22$template->add('SITENAME',instaDisc_getConfig('siteName')); 22$template->add('SITENAME',instaDisc_getConfig('siteName'));
23
24if (instaDisc_isAdmin($_SESSION['username'])
25{
26 $template->adds_block('ADMIN', array('exi'=>1));
27}
28
23$template->display(); 29$template->display();
24 30
25?> 31?>
diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index 41080bd..a5afb3a 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php
@@ -53,57 +53,48 @@ function instaDisc_getConfig($name)
53 53
54function instaDisc_verifyUser($username, $password) 54function instaDisc_verifyUser($username, $password)
55{ 55{
56 return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass'))); 56 $getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
57 $getusers2 = mysql_query($getusers);
58 $getusers3 = mysql_fetch_array($getusers2);
59
60 return ($getusers3['username'] == $username);
57} 61}
58 62
59function instaDisc_changePassword($password) 63function instaDisc_changePassword($username, $password)
60{ 64{
61 $setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\""; 65 $setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\"";
62 $setconfig2 = mysql_query($setconfig); 66 $setconfig2 = mysql_query($setconfig);
63 $setconfig3 = mysql_fetch_array($setconfig2); 67 $setconfig3 = mysql_fetch_array($setconfig2);
64} 68}
65 69
66function instaDisc_addSubscription($id, $title, $url, $category, $password = '') 70function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword)
67{
68 $inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")";
69 $inssub2 = mysql_query($inssub);
70}
71
72function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
73{ 71{
74 $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; 72 $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
75 $getverid2 = mysql_query($getverid); 73 $getuser2 = mysql_query($getuser);
76 $getverid3 = mysql_fetch_array($getverid2); 74 $getuser3 = mysql_fetch_array($getuser2);
77 if ($getverid3['id'] != $verificationID) 75 if ($getuser3['username'] == $username)
78 { 76 {
79 $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; 77 $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
80 $getitem2 = mysql_query($getitem); 78 $getsub2 = mysql_query($getsub);
81 $getitem3 = mysql_fetch_array($getitem2); 79 $getsub3 = mysql_fetch_array($getsub2);
82 if ($getitem3[$nameField] == $username) 80 if ($getsub3['identity'] == $seriesID)
83 { 81 {
84 $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; 82 if ($getsub3['username'] != $username)
85 83 {
86 if (md5($test) == $verification) 84 return false;
87 { 85 }
88 $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; 86
89 $cntverid2 = mysql_query($cntverid); 87 $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\"";
90 $cntverid3 = mysql_fetch_array($cntverid2); 88 $setsub2 = mysql_query($setsub);
91 if ($cntverid3[0] >= 10000) 89 } else {
92 { 90 $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")";
93 $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1"; 91 $inssub2 = mysql_query($inssub);
94 $delverid2 = mysql_query($delverid); 92 }
95 } 93
96 94 return true;
97 $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; 95 } else {
98 $insverid2 = mysql_query($insverid); 96 return false;
99 97 }
100 return true;
101 }
102 }
103 }
104
105 return false;
106} 98}
107 99
108
109?> 100?>
diff --git a/series/trunk/instadisc.sql b/series/trunk/instadisc.sql index 9ab9699..bb2018c 100644 --- a/series/trunk/instadisc.sql +++ b/series/trunk/instadisc.sql
@@ -3,7 +3,7 @@
3-- http://www.phpmyadmin.net 3-- http://www.phpmyadmin.net
4-- 4--
5-- Host: localhost 5-- Host: localhost
6-- Generation Time: Sep 13, 2008 at 09:46 AM 6-- Generation Time: Sep 14, 2008 at 10:12 AM
7-- Server version: 5.0.51 7-- Server version: 5.0.51
8-- PHP Version: 5.2.4-2ubuntu5.3 8-- PHP Version: 5.2.4-2ubuntu5.3
9-- 9--
@@ -26,20 +26,6 @@ CREATE TABLE `config` (
26-- -------------------------------------------------------- 26-- --------------------------------------------------------
27 27
28-- 28--
29-- Table structure for table `oldVerID`
30--
31
32DROP TABLE IF EXISTS `oldVerID`;
33CREATE TABLE `oldVerID` (
34 `id` int(11) NOT NULL auto_increment,
35 `username` varchar(255) NOT NULL,
36 `verID` int(11) NOT NULL,
37 PRIMARY KEY (`id`)
38) ENGINE=MyISAM DEFAULT CHARSET=latin1;
39
40-- --------------------------------------------------------
41
42--
43-- Table structure for table `subscriptions` 29-- Table structure for table `subscriptions`
44-- 30--
45 31
diff --git a/series/trunk/theme/main.tpl b/series/trunk/theme/main.tpl index 982be74..cffee3c 100644 --- a/series/trunk/theme/main.tpl +++ b/series/trunk/theme/main.tpl
@@ -8,6 +8,11 @@ Here are some actions you can preform:
8 <LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI> 8 <LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI>
9 <LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI> 9 <LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI>
10 <LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI> 10 <LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI>
11 <!--BEGIN ADMIN-->
12 <LI><A HREF="admin.php?id=adduser">Add a new user</A></LI>
13 <LI><A HREF="admin.php?id=manuser">Manage user</A></LI>
14 <!--END ADMIN-->
11 <LI><A HREF="admin.php?id=logout">Log out</A></LI> 15 <LI><A HREF="admin.php?id=logout">Log out</A></LI>
12</UL> 16</UL>
17
13</CENTER> 18</CENTER>
diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php index 114296e..01664ad 100644 --- a/series/trunk/xmlrpc.php +++ b/series/trunk/xmlrpc.php
@@ -35,72 +35,8 @@ function getPasswordInfo($id)
35 } 35 }
36} 36}
37 37
38function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $seriesID, $title, $author, $url, $semantics, $encryptionID)
39{
40 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
41 {
42 $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
43 $getsub2 = mysql_query($getsub);
44 $getsub3 = mysql_fetch_array($getsub2);
45 if ($getsub3['identity'] == $seriesID)
46 {
47 if ($getsub3['username'] != $username)
48 {
49 return new xmlrpcresp(new xmlrpcval('1', 'int'));
50 }
51
52 $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
53 $setsub2 = mysql_query($setsub);
54 } else {
55 $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
56 $inssub2 = mysql_query($inssub);
57 }
58
59 $client = new xmlrpc_client('http://central.fourisland.com/xmlrpc.php');
60 $msg = new xmlrpcmsg("InstaDisc.sendFromSeries", array( new xmlrpcval($seriesURL, 'string'),
61 new xmlrpcval($seriesID, 'string'),
62 new xmlrpcval($title, 'string'),
63 new xmlrpcval($author, 'string'),
64 new xmlrpcval($url, 'string'),
65 new xmlrpcval($semantics, 'string'),
66 new xmlrpcval($encryptionID, 'int')));
67 $client->send($msg);
68
69 return new xmlrpcresp(new xmlrpcval('0', 'int'));
70 } else {
71 return new xmlrpcresp(new xmlrpcval('2', 'int'));
72 }
73
74 return new xmlrpcresp(new xmlrpcval('1', 'int'));
75}
76
77function initSubscription($username, $verification, $verificationID, $seriesURL, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal)
78{
79 if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
80 {
81 $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
82 $getsub2 = mysql_query($getsub);
83 $getsub3 = mysql_fetch_array($getsub2);
84 if ($getsub3['identity'] == $seriesID)
85 {
86 if ($getsub3['username'] != $username)
87 {
88 return new xmlrpcresp(new xmlrpcval('1', 'int'));
89 }
90
91 $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
92 $setsub2 = mysql_query($setsub);
93 } else {
94 $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
95 $inssub2 = mysql_query($inssub);
96 }
97 }
98}
99
100$s = new xmlrpc_server(array( "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'), 38$s = new xmlrpc_server(array( "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'),
101 "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo'), 39 "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo')
102 "InstaDisc.sendFromUpdate" => array('function' => 'sendFromUpdate'),
103 "InstaDisc.initSubscription" => array('function' => 'initSubscription')
104 ), 0); 40 ), 0);
105$s->functions_parameters_type = 'phpvals'; 41$s->functions_parameters_type = 'phpvals';
106$s->service(); 42$s->service();