diff options
author | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-09-14 14:15:06 +0000 |
---|---|---|
committer | Kelly Rauchenberger <fefferburbia@gmail.com> | 2008-09-14 14:15:06 +0000 |
commit | cefd374290b6d0ebfa22e0af8d289e51481f6f90 (patch) | |
tree | f9302202770988d9e7f7ff0f576bd430033bc72a /series | |
parent | b20c87df8f9eed0c8e883efca9bf6e127f94b5ce (diff) | |
download | instadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.tar.gz instadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.tar.bz2 instadisc-cefd374290b6d0ebfa22e0af8d289e51481f6f90.zip |
Series: Reverted Update integration
Refs #55
Diffstat (limited to 'series')
-rw-r--r-- | series/trunk/admin/addsub.php | 2 | ||||
-rw-r--r-- | series/trunk/admin/chpwd.php | 2 | ||||
-rw-r--r-- | series/trunk/admin/main.php | 6 | ||||
-rw-r--r-- | series/trunk/includes/instadisc.php | 77 | ||||
-rw-r--r-- | series/trunk/instadisc.sql | 16 | ||||
-rw-r--r-- | series/trunk/theme/main.tpl | 5 | ||||
-rw-r--r-- | series/trunk/xmlrpc.php | 66 |
7 files changed, 49 insertions, 125 deletions
diff --git a/series/trunk/admin/addsub.php b/series/trunk/admin/addsub.php index f462d3f..0b6ff3f 100644 --- a/series/trunk/admin/addsub.php +++ b/series/trunk/admin/addsub.php | |||
@@ -50,7 +50,7 @@ if (!isset($_GET['submit'])) | |||
50 | { | 50 | { |
51 | showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors); | 51 | showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors); |
52 | } else { | 52 | } else { |
53 | instaDisc_addSubscription($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password']); | 53 | instaDisc_initSubscription($_SESSION['username'], $_POST['id'], $_POST['url'], $_POST['title'], $_POST['category'], $_POST['personal'], $_POST['password']); |
54 | 54 | ||
55 | $template = new FITemplate('addedsub'); | 55 | $template = new FITemplate('addedsub'); |
56 | $template->add('SITENAME', instaDisc_getConfig('siteName')); | 56 | $template->add('SITENAME', instaDisc_getConfig('siteName')); |
diff --git a/series/trunk/admin/chpwd.php b/series/trunk/admin/chpwd.php index 2f5368d..abd6d97 100644 --- a/series/trunk/admin/chpwd.php +++ b/series/trunk/admin/chpwd.php | |||
@@ -56,7 +56,7 @@ if (isset($_SESSION['username'])) | |||
56 | { | 56 | { |
57 | showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); | 57 | showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); |
58 | } else { | 58 | } else { |
59 | instaDisc_changePassword( $_POST['new']); | 59 | instaDisc_changePassword($_SESSION['username'], $_POST['new']); |
60 | 60 | ||
61 | $template = new FITemplate('changedpassword'); | 61 | $template = new FITemplate('changedpassword'); |
62 | $template->add('SITENAME', instaDisc_getConfig('siteName')); | 62 | $template->add('SITENAME', instaDisc_getConfig('siteName')); |
diff --git a/series/trunk/admin/main.php b/series/trunk/admin/main.php index eb0e35b..f2d8e9e 100644 --- a/series/trunk/admin/main.php +++ b/series/trunk/admin/main.php | |||
@@ -20,6 +20,12 @@ if (!isset($_SESSION['username'])) | |||
20 | 20 | ||
21 | $template = new FITemplate('main'); | 21 | $template = new FITemplate('main'); |
22 | $template->add('SITENAME',instaDisc_getConfig('siteName')); | 22 | $template->add('SITENAME',instaDisc_getConfig('siteName')); |
23 | |||
24 | if (instaDisc_isAdmin($_SESSION['username']) | ||
25 | { | ||
26 | $template->adds_block('ADMIN', array('exi'=>1)); | ||
27 | } | ||
28 | |||
23 | $template->display(); | 29 | $template->display(); |
24 | 30 | ||
25 | ?> | 31 | ?> |
diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index 41080bd..a5afb3a 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php | |||
@@ -53,57 +53,48 @@ function instaDisc_getConfig($name) | |||
53 | 53 | ||
54 | function instaDisc_verifyUser($username, $password) | 54 | function instaDisc_verifyUser($username, $password) |
55 | { | 55 | { |
56 | return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass'))); | 56 | $getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\""; |
57 | $getusers2 = mysql_query($getusers); | ||
58 | $getusers3 = mysql_fetch_array($getusers2); | ||
59 | |||
60 | return ($getusers3['username'] == $username); | ||
57 | } | 61 | } |
58 | 62 | ||
59 | function instaDisc_changePassword($password) | 63 | function instaDisc_changePassword($username, $password) |
60 | { | 64 | { |
61 | $setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\""; | 65 | $setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
62 | $setconfig2 = mysql_query($setconfig); | 66 | $setconfig2 = mysql_query($setconfig); |
63 | $setconfig3 = mysql_fetch_array($setconfig2); | 67 | $setconfig3 = mysql_fetch_array($setconfig2); |
64 | } | 68 | } |
65 | 69 | ||
66 | function instaDisc_addSubscription($id, $title, $url, $category, $password = '') | 70 | function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword) |
67 | { | ||
68 | $inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")"; | ||
69 | $inssub2 = mysql_query($inssub); | ||
70 | } | ||
71 | |||
72 | function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) | ||
73 | { | 71 | { |
74 | $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; | 72 | $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\""; |
75 | $getverid2 = mysql_query($getverid); | 73 | $getuser2 = mysql_query($getuser); |
76 | $getverid3 = mysql_fetch_array($getverid2); | 74 | $getuser3 = mysql_fetch_array($getuser2); |
77 | if ($getverid3['id'] != $verificationID) | 75 | if ($getuser3['username'] == $username) |
78 | { | 76 | { |
79 | $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; | 77 | $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\""; |
80 | $getitem2 = mysql_query($getitem); | 78 | $getsub2 = mysql_query($getsub); |
81 | $getitem3 = mysql_fetch_array($getitem2); | 79 | $getsub3 = mysql_fetch_array($getsub2); |
82 | if ($getitem3[$nameField] == $username) | 80 | if ($getsub3['identity'] == $seriesID) |
83 | { | 81 | { |
84 | $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; | 82 | if ($getsub3['username'] != $username) |
85 | 83 | { | |
86 | if (md5($test) == $verification) | 84 | return false; |
87 | { | 85 | } |
88 | $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; | 86 | |
89 | $cntverid2 = mysql_query($cntverid); | 87 | $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\""; |
90 | $cntverid3 = mysql_fetch_array($cntverid2); | 88 | $setsub2 = mysql_query($setsub); |
91 | if ($cntverid3[0] >= 10000) | 89 | } else { |
92 | { | 90 | $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")"; |
93 | $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1"; | 91 | $inssub2 = mysql_query($inssub); |
94 | $delverid2 = mysql_query($delverid); | 92 | } |
95 | } | 93 | |
96 | 94 | return true; | |
97 | $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; | 95 | } else { |
98 | $insverid2 = mysql_query($insverid); | 96 | return false; |
99 | 97 | } | |
100 | return true; | ||
101 | } | ||
102 | } | ||
103 | } | ||
104 | |||
105 | return false; | ||
106 | } | 98 | } |
107 | 99 | ||
108 | |||
109 | ?> | 100 | ?> |
diff --git a/series/trunk/instadisc.sql b/series/trunk/instadisc.sql index 9ab9699..bb2018c 100644 --- a/series/trunk/instadisc.sql +++ b/series/trunk/instadisc.sql | |||
@@ -3,7 +3,7 @@ | |||
3 | -- http://www.phpmyadmin.net | 3 | -- http://www.phpmyadmin.net |
4 | -- | 4 | -- |
5 | -- Host: localhost | 5 | -- Host: localhost |
6 | -- Generation Time: Sep 13, 2008 at 09:46 AM | 6 | -- Generation Time: Sep 14, 2008 at 10:12 AM |
7 | -- Server version: 5.0.51 | 7 | -- Server version: 5.0.51 |
8 | -- PHP Version: 5.2.4-2ubuntu5.3 | 8 | -- PHP Version: 5.2.4-2ubuntu5.3 |
9 | -- | 9 | -- |
@@ -26,20 +26,6 @@ CREATE TABLE `config` ( | |||
26 | -- -------------------------------------------------------- | 26 | -- -------------------------------------------------------- |
27 | 27 | ||
28 | -- | 28 | -- |
29 | -- Table structure for table `oldVerID` | ||
30 | -- | ||
31 | |||
32 | DROP TABLE IF EXISTS `oldVerID`; | ||
33 | CREATE TABLE `oldVerID` ( | ||
34 | `id` int(11) NOT NULL auto_increment, | ||
35 | `username` varchar(255) NOT NULL, | ||
36 | `verID` int(11) NOT NULL, | ||
37 | PRIMARY KEY (`id`) | ||
38 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1; | ||
39 | |||
40 | -- -------------------------------------------------------- | ||
41 | |||
42 | -- | ||
43 | -- Table structure for table `subscriptions` | 29 | -- Table structure for table `subscriptions` |
44 | -- | 30 | -- |
45 | 31 | ||
diff --git a/series/trunk/theme/main.tpl b/series/trunk/theme/main.tpl index 982be74..cffee3c 100644 --- a/series/trunk/theme/main.tpl +++ b/series/trunk/theme/main.tpl | |||
@@ -8,6 +8,11 @@ Here are some actions you can preform: | |||
8 | <LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI> | 8 | <LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI> |
9 | <LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI> | 9 | <LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI> |
10 | <LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI> | 10 | <LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI> |
11 | <!--BEGIN ADMIN--> | ||
12 | <LI><A HREF="admin.php?id=adduser">Add a new user</A></LI> | ||
13 | <LI><A HREF="admin.php?id=manuser">Manage user</A></LI> | ||
14 | <!--END ADMIN--> | ||
11 | <LI><A HREF="admin.php?id=logout">Log out</A></LI> | 15 | <LI><A HREF="admin.php?id=logout">Log out</A></LI> |
12 | </UL> | 16 | </UL> |
17 | |||
13 | </CENTER> | 18 | </CENTER> |
diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php index 114296e..01664ad 100644 --- a/series/trunk/xmlrpc.php +++ b/series/trunk/xmlrpc.php | |||
@@ -35,72 +35,8 @@ function getPasswordInfo($id) | |||
35 | } | 35 | } |
36 | } | 36 | } |
37 | 37 | ||
38 | function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $seriesID, $title, $author, $url, $semantics, $encryptionID) | ||
39 | { | ||
40 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | ||
41 | { | ||
42 | $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\""; | ||
43 | $getsub2 = mysql_query($getsub); | ||
44 | $getsub3 = mysql_fetch_array($getsub2); | ||
45 | if ($getsub3['identity'] == $seriesID) | ||
46 | { | ||
47 | if ($getsub3['username'] != $username) | ||
48 | { | ||
49 | return new xmlrpcresp(new xmlrpcval('1', 'int')); | ||
50 | } | ||
51 | |||
52 | $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\""; | ||
53 | $setsub2 = mysql_query($setsub); | ||
54 | } else { | ||
55 | $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")"; | ||
56 | $inssub2 = mysql_query($inssub); | ||
57 | } | ||
58 | |||
59 | $client = new xmlrpc_client('http://central.fourisland.com/xmlrpc.php'); | ||
60 | $msg = new xmlrpcmsg("InstaDisc.sendFromSeries", array( new xmlrpcval($seriesURL, 'string'), | ||
61 | new xmlrpcval($seriesID, 'string'), | ||
62 | new xmlrpcval($title, 'string'), | ||
63 | new xmlrpcval($author, 'string'), | ||
64 | new xmlrpcval($url, 'string'), | ||
65 | new xmlrpcval($semantics, 'string'), | ||
66 | new xmlrpcval($encryptionID, 'int'))); | ||
67 | $client->send($msg); | ||
68 | |||
69 | return new xmlrpcresp(new xmlrpcval('0', 'int')); | ||
70 | } else { | ||
71 | return new xmlrpcresp(new xmlrpcval('2', 'int')); | ||
72 | } | ||
73 | |||
74 | return new xmlrpcresp(new xmlrpcval('1', 'int')); | ||
75 | } | ||
76 | |||
77 | function initSubscription($username, $verification, $verificationID, $seriesURL, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal) | ||
78 | { | ||
79 | if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) | ||
80 | { | ||
81 | $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\""; | ||
82 | $getsub2 = mysql_query($getsub); | ||
83 | $getsub3 = mysql_fetch_array($getsub2); | ||
84 | if ($getsub3['identity'] == $seriesID) | ||
85 | { | ||
86 | if ($getsub3['username'] != $username) | ||
87 | { | ||
88 | return new xmlrpcresp(new xmlrpcval('1', 'int')); | ||
89 | } | ||
90 | |||
91 | $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\""; | ||
92 | $setsub2 = mysql_query($setsub); | ||
93 | } else { | ||
94 | $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")"; | ||
95 | $inssub2 = mysql_query($inssub); | ||
96 | } | ||
97 | } | ||
98 | } | ||
99 | |||
100 | $s = new xmlrpc_server(array( "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'), | 38 | $s = new xmlrpc_server(array( "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'), |
101 | "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo'), | 39 | "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo') |
102 | "InstaDisc.sendFromUpdate" => array('function' => 'sendFromUpdate'), | ||
103 | "InstaDisc.initSubscription" => array('function' => 'initSubscription') | ||
104 | ), 0); | 40 | ), 0); |
105 | $s->functions_parameters_type = 'phpvals'; | 41 | $s->functions_parameters_type = 'phpvals'; |
106 | $s->service(); | 42 | $s->service(); |