1 files changed, 34 insertions, 43 deletions
diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php
index 41080bd..a5afb3a 100644
--- a/series/trunk/includes/instadisc.php
+++ b/series/trunk/includes/instadisc.php

@@ -53,57 +53,48 @@ function instaDisc_getConfig($name)
 function instaDisc_verifyUser($username, $password)
 {
-        return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass')));
+        $getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
+        $getusers2 = mysql_query($getusers);
+        $getusers3 = mysql_fetch_array($getusers2);
+        return ($getusers3['username'] == $username);
 }
-function instaDisc_changePassword($password)
+function instaDisc_changePassword($username, $password)
 {
-        $setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\"";
+        $setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\"";
        $setconfig2 = mysql_query($setconfig);
        $setconfig3 = mysql_fetch_array($setconfig2);
 }
-function instaDisc_addSubscription($id, $title, $url, $category, $password = '')
+function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword)
-{
-        $inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")";
-        $inssub2 = mysql_query($inssub);
-}
-function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
 {
-        $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;
+        $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
-        $getverid2 = mysql_query($getverid);
+        $getuser2 = mysql_query($getuser);
-        $getverid3 = mysql_fetch_array($getverid2);
+        $getuser3 = mysql_fetch_array($getuser2);
-        if ($getverid3['id'] != $verificationID)
+        if ($getuser3['username'] == $username)
-        {
+        {
-                $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
+                $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
-                $getitem2 = mysql_query($getitem);
+                $getsub2 = mysql_query($getsub);
-                $getitem3 = mysql_fetch_array($getitem2);
+                $getsub3 = mysql_fetch_array($getsub2);
-                if ($getitem3[$nameField] == $username)
+                if ($getsub3['identity'] == $seriesID)
-                {
+                {
-                        $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
+                        if ($getsub3['username'] != $username)
+                        {
-                        if (md5($test) == $verification)
+                                return false;
-                        {
+                        }
-                                $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
-                                $cntverid2 = mysql_query($cntverid);
+                        $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\"";
-                                $cntverid3 = mysql_fetch_array($cntverid2);
+                        $setsub2 = mysql_query($setsub);
-                                if ($cntverid3[0] >= 10000)
+                } else {
-                                {
+                        $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")";
-                                        $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1";
+                        $inssub2 = mysql_query($inssub);
-                                        $delverid2 = mysql_query($delverid);
+                }
-                                }
+                return true;
-                                $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";
+        } else {
-                                $insverid2 = mysql_query($insverid);
+                return false;
+        }
-                                return true;
-                        }
-                }
-        }
-        return false;
 }
 ?>

diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index 41080bd..a5afb3a 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php
@@ -53,57 +53,48 @@ function instaDisc_getConfig($name)
53		53
54	function instaDisc_verifyUser($username, $password)	54	function instaDisc_verifyUser($username, $password)
55	{	55	{
56	return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass')));	56	$getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
		57	$getusers2 = mysql_query($getusers);
		58	$getusers3 = mysql_fetch_array($getusers2);
		59
		60	return ($getusers3['username'] == $username);
57	}	61	}
58		62
59	function instaDisc_changePassword($password)	63	function instaDisc_changePassword($username, $password)
60	{	64	{
61	$setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\"";	65	$setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\"";
62	$setconfig2 = mysql_query($setconfig);	66	$setconfig2 = mysql_query($setconfig);
63	$setconfig3 = mysql_fetch_array($setconfig2);	67	$setconfig3 = mysql_fetch_array($setconfig2);
64	}	68	}
65		69
66	function instaDisc_addSubscription($id, $title, $url, $category, $password = '')	70	function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword)
67	{
68	$inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")";
69	$inssub2 = mysql_query($inssub);
70	}
71
72	function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
73	{	71	{
74	$getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;	72	$getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
75	$getverid2 = mysql_query($getverid);	73	$getuser2 = mysql_query($getuser);
76	$getverid3 = mysql_fetch_array($getverid2);	74	$getuser3 = mysql_fetch_array($getuser2);
77	if ($getverid3['id'] != $verificationID)	75	if ($getuser3['username'] == $username)
78	{	76	{
79	$getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";	77	$getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
80	$getitem2 = mysql_query($getitem);	78	$getsub2 = mysql_query($getsub);
81	$getitem3 = mysql_fetch_array($getitem2);	79	$getsub3 = mysql_fetch_array($getsub2);
82	if ($getitem3[$nameField] == $username)	80	if ($getsub3['identity'] == $seriesID)
83	{	81	{
84	$test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;	82	if ($getsub3['username'] != $username)
85		83	{
86	if (md5($test) == $verification)	84	return false;
87	{	85	}
88	$cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";	86
89	$cntverid2 = mysql_query($cntverid);	87	$setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\"";
90	$cntverid3 = mysql_fetch_array($cntverid2);	88	$setsub2 = mysql_query($setsub);
91	if ($cntverid3[0] >= 10000)	89	} else {
92	{	90	$inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")";
93	$delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1";	91	$inssub2 = mysql_query($inssub);
94	$delverid2 = mysql_query($delverid);	92	}
95	}	93
96		94	return true;
97	$insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";	95	} else {
98	$insverid2 = mysql_query($insverid);	96	return false;
99		97	}
100	return true;
101	}
102	}
103	}
104
105	return false;
106	}	98	}
107		99
108
109	?>	100	?>