diff options
Diffstat (limited to 'central')
| -rw-r--r-- | central/trunk/instadisc.php | 44 |
1 files changed, 34 insertions, 10 deletions
| diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 0edbd82..fa2eb07 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php | |||
| @@ -321,28 +321,52 @@ function instaDisc_listPendingSubscriptions($username) | |||
| 321 | 321 | ||
| 322 | function instaDisc_generateSubscriptionActivation($username, $url) | 322 | function instaDisc_generateSubscriptionActivation($username, $url) |
| 323 | { | 323 | { |
| 324 | $key = md5(rand(1,65536)); | 324 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
| 325 | $getuser2 = mysql_query($getuser); | ||
| 326 | $getuser3 = mysql_fetch_array($getuser2); | ||
| 327 | if ($getuser3['username'] == $username) | ||
| 328 | { | ||
| 329 | $key = md5(rand(1,65536)); | ||
| 325 | 330 | ||
| 326 | $inspending = "INSERT INTO pending2 (username, url, key) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")"; | 331 | $inspending = "INSERT INTO pending2 (username, url, key) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")"; |
| 327 | $inspending2 = mysql_query($inspending); | 332 | $inspending2 = mysql_query($inspending); |
| 333 | |||
| 334 | return $key; | ||
| 335 | } | ||
| 328 | 336 | ||
| 329 | return $key; | 337 | return false; |
| 330 | } | 338 | } |
| 331 | 339 | ||
| 332 | function instaDisc_deleteSubscription($username, $url) | 340 | function instaDisc_deleteSubscription($username, $url) |
| 333 | { | 341 | { |
| 334 | $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 342 | $getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; |
| 335 | $delsub2 = mysql_query($delsub); | 343 | $getsub2 = mysql_query($getsub); |
| 344 | $getsub3 = mysql_fetch_array($getsub2); | ||
| 345 | if ($getsub3['username'] == $username) | ||
| 346 | { | ||
| 347 | $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | ||
| 348 | $delsub2 = mysql_query($delsub); | ||
| 336 | 349 | ||
| 337 | return true; | 350 | return true; |
| 351 | } | ||
| 352 | |||
| 353 | return false; | ||
| 338 | } | 354 | } |
| 339 | 355 | ||
| 340 | function instaDisc_cancelSubscription($username, $url) | 356 | function instaDisc_cancelSubscription($username, $url) |
| 341 | { | 357 | { |
| 342 | $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 358 | $getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; |
| 343 | $delsub2 = mysql_query($delsub); | 359 | $getsub2 = mysql_query($getsub); |
| 360 | $getsub3 = mysql_fetch_array($getsub2); | ||
| 361 | if ($getsub3['username'] == $username) | ||
| 362 | { | ||
| 363 | $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | ||
| 364 | $delsub2 = mysql_query($delsub); | ||
| 344 | 365 | ||
| 345 | return true; | 366 | return true; |
| 367 | } | ||
| 368 | |||
| 369 | return false; | ||
| 346 | } | 370 | } |
| 347 | 371 | ||
| 348 | ?> | 372 | ?> |