diff options
Diffstat (limited to 'central')
-rw-r--r-- | central/trunk/instadisc.php | 44 |
1 files changed, 34 insertions, 10 deletions
diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php index 0edbd82..fa2eb07 100644 --- a/central/trunk/instadisc.php +++ b/central/trunk/instadisc.php | |||
@@ -321,28 +321,52 @@ function instaDisc_listPendingSubscriptions($username) | |||
321 | 321 | ||
322 | function instaDisc_generateSubscriptionActivation($username, $url) | 322 | function instaDisc_generateSubscriptionActivation($username, $url) |
323 | { | 323 | { |
324 | $key = md5(rand(1,65536)); | 324 | $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\""; |
325 | $getuser2 = mysql_query($getuser); | ||
326 | $getuser3 = mysql_fetch_array($getuser2); | ||
327 | if ($getuser3['username'] == $username) | ||
328 | { | ||
329 | $key = md5(rand(1,65536)); | ||
325 | 330 | ||
326 | $inspending = "INSERT INTO pending2 (username, url, key) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")"; | 331 | $inspending = "INSERT INTO pending2 (username, url, key) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")"; |
327 | $inspending2 = mysql_query($inspending); | 332 | $inspending2 = mysql_query($inspending); |
333 | |||
334 | return $key; | ||
335 | } | ||
328 | 336 | ||
329 | return $key; | 337 | return false; |
330 | } | 338 | } |
331 | 339 | ||
332 | function instaDisc_deleteSubscription($username, $url) | 340 | function instaDisc_deleteSubscription($username, $url) |
333 | { | 341 | { |
334 | $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 342 | $getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; |
335 | $delsub2 = mysql_query($delsub); | 343 | $getsub2 = mysql_query($getsub); |
344 | $getsub3 = mysql_fetch_array($getsub2); | ||
345 | if ($getsub3['username'] == $username) | ||
346 | { | ||
347 | $delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | ||
348 | $delsub2 = mysql_query($delsub); | ||
336 | 349 | ||
337 | return true; | 350 | return true; |
351 | } | ||
352 | |||
353 | return false; | ||
338 | } | 354 | } |
339 | 355 | ||
340 | function instaDisc_cancelSubscription($username, $url) | 356 | function instaDisc_cancelSubscription($username, $url) |
341 | { | 357 | { |
342 | $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | 358 | $getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; |
343 | $delsub2 = mysql_query($delsub); | 359 | $getsub2 = mysql_query($getsub); |
360 | $getsub3 = mysql_fetch_array($getsub2); | ||
361 | if ($getsub3['username'] == $username) | ||
362 | { | ||
363 | $delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")"; | ||
364 | $delsub2 = mysql_query($delsub); | ||
344 | 365 | ||
345 | return true; | 366 | return true; |
367 | } | ||
368 | |||
369 | return false; | ||
346 | } | 370 | } |
347 | 371 | ||
348 | ?> | 372 | ?> |