7 files changed, 49 insertions, 125 deletions
diff --git a/series/trunk/admin/addsub.php b/series/trunk/admin/addsub.php
index f462d3f..0b6ff3f 100644
--- a/series/trunk/admin/addsub.php
+++ b/series/trunk/admin/addsub.php

@@ -50,7 +50,7 @@ if (!isset($_GET['submit']))
        {
                showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors);
        } else {
-                instaDisc_addSubscription($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password']);
+                instaDisc_initSubscription($_SESSION['username'], $_POST['id'], $_POST['url'], $_POST['title'], $_POST['category'], $_POST['personal'], $_POST['password']);
                $template = new FITemplate('addedsub');
                $template->add('SITENAME', instaDisc_getConfig('siteName'));
diff --git a/series/trunk/admin/chpwd.php b/series/trunk/admin/chpwd.php
index 2f5368d..abd6d97 100644
--- a/series/trunk/admin/chpwd.php
+++ b/series/trunk/admin/chpwd.php

@@ -56,7 +56,7 @@ if (isset($_SESSION['username']))
                {
                        showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);
                } else {
-                        instaDisc_changePassword( $_POST['new']);
+                        instaDisc_changePassword($_SESSION['username'], $_POST['new']);
                        $template = new FITemplate('changedpassword');
                        $template->add('SITENAME', instaDisc_getConfig('siteName'));
diff --git a/series/trunk/admin/main.php b/series/trunk/admin/main.php
index eb0e35b..f2d8e9e 100644
--- a/series/trunk/admin/main.php
+++ b/series/trunk/admin/main.php

@@ -20,6 +20,12 @@ if (!isset($_SESSION['username']))
 $template = new FITemplate('main');
 $template->add('SITENAME',instaDisc_getConfig('siteName'));
+if (instaDisc_isAdmin($_SESSION['username'])
+{
+        $template->adds_block('ADMIN', array('exi'=>1));
+}
 $template->display();
 ?>
diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php
index 41080bd..a5afb3a 100644
--- a/series/trunk/includes/instadisc.php
+++ b/series/trunk/includes/instadisc.php

@@ -53,57 +53,48 @@ function instaDisc_getConfig($name)
 function instaDisc_verifyUser($username, $password)
 {
-        return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass')));
+        $getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
+        $getusers2 = mysql_query($getusers);
+        $getusers3 = mysql_fetch_array($getusers2);
+        return ($getusers3['username'] == $username);
 }
-function instaDisc_changePassword($password)
+function instaDisc_changePassword($username, $password)
 {
-        $setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\"";
+        $setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\"";
        $setconfig2 = mysql_query($setconfig);
        $setconfig3 = mysql_fetch_array($setconfig2);
 }
-function instaDisc_addSubscription($id, $title, $url, $category, $password = '')
+function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword)
-{
-        $inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")";
-        $inssub2 = mysql_query($inssub);
-}
-function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
 {
-        $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;
+        $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
-        $getverid2 = mysql_query($getverid);
+        $getuser2 = mysql_query($getuser);
-        $getverid3 = mysql_fetch_array($getverid2);
+        $getuser3 = mysql_fetch_array($getuser2);
-        if ($getverid3['id'] != $verificationID)
+        if ($getuser3['username'] == $username)
-        {
+        {
-                $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
+                $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
-                $getitem2 = mysql_query($getitem);
+                $getsub2 = mysql_query($getsub);
-                $getitem3 = mysql_fetch_array($getitem2);
+                $getsub3 = mysql_fetch_array($getsub2);
-                if ($getitem3[$nameField] == $username)
+                if ($getsub3['identity'] == $seriesID)
-                {
+                {
-                        $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
+                        if ($getsub3['username'] != $username)
+                        {
-                        if (md5($test) == $verification)
+                                return false;
-                        {
+                        }
-                                $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
-                                $cntverid2 = mysql_query($cntverid);
+                        $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\"";
-                                $cntverid3 = mysql_fetch_array($cntverid2);
+                        $setsub2 = mysql_query($setsub);
-                                if ($cntverid3[0] >= 10000)
+                } else {
-                                {
+                        $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")";
-                                        $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1";
+                        $inssub2 = mysql_query($inssub);
-                                        $delverid2 = mysql_query($delverid);
+                }
-                                }
+                return true;
-                                $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";
+        } else {
-                                $insverid2 = mysql_query($insverid);
+                return false;
+        }
-                                return true;
-                        }
-                }
-        }
-        return false;
 }
 ?>
diff --git a/series/trunk/instadisc.sql b/series/trunk/instadisc.sql
index 9ab9699..bb2018c 100644
--- a/series/trunk/instadisc.sql
+++ b/series/trunk/instadisc.sql

@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 -- 
 -- Host: localhost
-- Generation Time: Sep 13, 2008 at 09:46 AM
+-- Generation Time: Sep 14, 2008 at 10:12 AM
 -- Server version: 5.0.51
 -- PHP Version: 5.2.4-2ubuntu5.3
 -- 
@@ -26,20 +26,6 @@ CREATE TABLE `config` (
 -- --------------------------------------------------------
 -- 
-- Table structure for table `oldVerID`
-- 
-DROP TABLE IF EXISTS `oldVerID`;
-CREATE TABLE `oldVerID` (
-  `id` int(11) NOT NULL auto_increment,
-  `username` varchar(255) NOT NULL,
-  `verID` int(11) NOT NULL,
-  PRIMARY KEY  (`id`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
-- 
 -- Table structure for table `subscriptions`
 -- 
diff --git a/series/trunk/theme/main.tpl b/series/trunk/theme/main.tpl
index 982be74..cffee3c 100644
--- a/series/trunk/theme/main.tpl
+++ b/series/trunk/theme/main.tpl

@@ -8,6 +8,11 @@ Here are some actions you can preform:
        <LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI>
        <LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI>
        <LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI>
+        <!--BEGIN ADMIN-->
+        <LI><A HREF="admin.php?id=adduser">Add a new user</A></LI>
+        <LI><A HREF="admin.php?id=manuser">Manage user</A></LI>
+        <!--END ADMIN-->
        <LI><A HREF="admin.php?id=logout">Log out</A></LI>
 </UL>
 </CENTER>
diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php
index 114296e..01664ad 100644
--- a/series/trunk/xmlrpc.php
+++ b/series/trunk/xmlrpc.php

@@ -35,72 +35,8 @@ function getPasswordInfo($id)
        }
 }
-function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $seriesID, $title, $author, $url, $semantics, $encryptionID)
-{
-        if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
-        {
-                $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
-                $getsub2 = mysql_query($getsub);
-                $getsub3 = mysql_fetch_array($getsub2);
-                if ($getsub3['identity'] == $seriesID)
-                {
-                        if ($getsub3['username'] != $username)
-                        {
-                                return new xmlrpcresp(new xmlrpcval('1', 'int'));
-                        }
-                        $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
-                        $setsub2 = mysql_query($setsub);
-                } else {
-                        $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
-                        $inssub2 = mysql_query($inssub);
-                }
-                $client = new xmlrpc_client('http://central.fourisland.com/xmlrpc.php');
-                $msg = new xmlrpcmsg("InstaDisc.sendFromSeries", array( new xmlrpcval($seriesURL, 'string'),
-                                                                        new xmlrpcval($seriesID, 'string'),
-                                                                        new xmlrpcval($title, 'string'),
-                                                                        new xmlrpcval($author, 'string'),
-                                                                        new xmlrpcval($url, 'string'),
-                                                                        new xmlrpcval($semantics, 'string'),
-                                                                        new xmlrpcval($encryptionID, 'int')));
-                $client->send($msg);
-                return new xmlrpcresp(new xmlrpcval('0', 'int'));
-        } else {
-                return new xmlrpcresp(new xmlrpcval('2', 'int'));
-        }
-        return new xmlrpcresp(new xmlrpcval('1', 'int'));
-}
-function initSubscription($username, $verification, $verificationID, $seriesURL, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal)
-{
-        if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
-        {
-                $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
-                $getsub2 = mysql_query($getsub);
-                $getsub3 = mysql_fetch_array($getsub2);
-                if ($getsub3['identity'] == $seriesID)
-                {
-                        if ($getsub3['username'] != $username)
-                        {
-                                return new xmlrpcresp(new xmlrpcval('1', 'int'));
-                        }
-                        $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
-                        $setsub2 = mysql_query($setsub);
-                } else {
-                        $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
-                        $inssub2 = mysql_query($inssub);
-                }
-        }
-}
 $s = new xmlrpc_server(array(   "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'),
-                                "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo'),
+                                "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo')
-                                "InstaDisc.sendFromUpdate" => array('function' => 'sendFromUpdate'),
-                                "InstaDisc.initSubscription" => array('function' => 'initSubscription')
                        ), 0);
 $s->functions_parameters_type = 'phpvals';
 $s->service();

diff --git a/series/trunk/admin/addsub.php b/series/trunk/admin/addsub.php index f462d3f..0b6ff3f 100644 --- a/series/trunk/admin/addsub.php +++ b/series/trunk/admin/addsub.php
@@ -50,7 +50,7 @@ if (!isset($_GET['submit']))
50	{	50	{
51	showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors);	51	showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors);
52	} else {	52	} else {
53	instaDisc_addSubscription($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password']);	53	instaDisc_initSubscription($_SESSION['username'], $_POST['id'], $_POST['url'], $_POST['title'], $_POST['category'], $_POST['personal'], $_POST['password']);
54		54
55	$template = new FITemplate('addedsub');	55	$template = new FITemplate('addedsub');
56	$template->add('SITENAME', instaDisc_getConfig('siteName'));	56	$template->add('SITENAME', instaDisc_getConfig('siteName'));


diff --git a/series/trunk/admin/chpwd.php b/series/trunk/admin/chpwd.php index 2f5368d..abd6d97 100644 --- a/series/trunk/admin/chpwd.php +++ b/series/trunk/admin/chpwd.php
@@ -56,7 +56,7 @@ if (isset($_SESSION['username']))
56	{	56	{
57	showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);	57	showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);
58	} else {	58	} else {
59	instaDisc_changePassword( $_POST['new']);	59	instaDisc_changePassword($_SESSION['username'], $_POST['new']);
60		60
61	$template = new FITemplate('changedpassword');	61	$template = new FITemplate('changedpassword');
62	$template->add('SITENAME', instaDisc_getConfig('siteName'));	62	$template->add('SITENAME', instaDisc_getConfig('siteName'));


diff --git a/series/trunk/admin/main.php b/series/trunk/admin/main.php index eb0e35b..f2d8e9e 100644 --- a/series/trunk/admin/main.php +++ b/series/trunk/admin/main.php
@@ -20,6 +20,12 @@ if (!isset($_SESSION['username']))
20		20
21	$template = new FITemplate('main');	21	$template = new FITemplate('main');
22	$template->add('SITENAME',instaDisc_getConfig('siteName'));	22	$template->add('SITENAME',instaDisc_getConfig('siteName'));
		23
		24	if (instaDisc_isAdmin($_SESSION['username'])
		25	{
		26	$template->adds_block('ADMIN', array('exi'=>1));
		27	}
		28
23	$template->display();	29	$template->display();
24		30
25	?>	31	?>


diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index 41080bd..a5afb3a 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php
@@ -53,57 +53,48 @@ function instaDisc_getConfig($name)
53		53
54	function instaDisc_verifyUser($username, $password)	54	function instaDisc_verifyUser($username, $password)
55	{	55	{
56	return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass')));	56	$getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
		57	$getusers2 = mysql_query($getusers);
		58	$getusers3 = mysql_fetch_array($getusers2);
		59
		60	return ($getusers3['username'] == $username);
57	}	61	}
58		62
59	function instaDisc_changePassword($password)	63	function instaDisc_changePassword($username, $password)
60	{	64	{
61	$setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\"";	65	$setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\"";
62	$setconfig2 = mysql_query($setconfig);	66	$setconfig2 = mysql_query($setconfig);
63	$setconfig3 = mysql_fetch_array($setconfig2);	67	$setconfig3 = mysql_fetch_array($setconfig2);
64	}	68	}
65		69
66	function instaDisc_addSubscription($id, $title, $url, $category, $password = '')	70	function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword)
67	{
68	$inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")";
69	$inssub2 = mysql_query($inssub);
70	}
71
72	function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
73	{	71	{
74	$getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;	72	$getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
75	$getverid2 = mysql_query($getverid);	73	$getuser2 = mysql_query($getuser);
76	$getverid3 = mysql_fetch_array($getverid2);	74	$getuser3 = mysql_fetch_array($getuser2);
77	if ($getverid3['id'] != $verificationID)	75	if ($getuser3['username'] == $username)
78	{	76	{
79	$getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";	77	$getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
80	$getitem2 = mysql_query($getitem);	78	$getsub2 = mysql_query($getsub);
81	$getitem3 = mysql_fetch_array($getitem2);	79	$getsub3 = mysql_fetch_array($getsub2);
82	if ($getitem3[$nameField] == $username)	80	if ($getsub3['identity'] == $seriesID)
83	{	81	{
84	$test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;	82	if ($getsub3['username'] != $username)
85		83	{
86	if (md5($test) == $verification)	84	return false;
87	{	85	}
88	$cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";	86
89	$cntverid2 = mysql_query($cntverid);	87	$setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\"";
90	$cntverid3 = mysql_fetch_array($cntverid2);	88	$setsub2 = mysql_query($setsub);
91	if ($cntverid3[0] >= 10000)	89	} else {
92	{	90	$inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")";
93	$delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1";	91	$inssub2 = mysql_query($inssub);
94	$delverid2 = mysql_query($delverid);	92	}
95	}	93
96		94	return true;
97	$insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";	95	} else {
98	$insverid2 = mysql_query($insverid);	96	return false;
99		97	}
100	return true;
101	}
102	}
103	}
104
105	return false;
106	}	98	}
107		99
108
109	?>	100	?>


diff --git a/series/trunk/instadisc.sql b/series/trunk/instadisc.sql index 9ab9699..bb2018c 100644 --- a/series/trunk/instadisc.sql +++ b/series/trunk/instadisc.sql
@@ -3,7 +3,7 @@
3	-- http://www.phpmyadmin.net	3	-- http://www.phpmyadmin.net
4	--	4	--
5	-- Host: localhost	5	-- Host: localhost
6	-- Generation Time: Sep 13, 2008 at 09:46 AM	6	-- Generation Time: Sep 14, 2008 at 10:12 AM
7	-- Server version: 5.0.51	7	-- Server version: 5.0.51
8	-- PHP Version: 5.2.4-2ubuntu5.3	8	-- PHP Version: 5.2.4-2ubuntu5.3
9	--	9	--
@@ -26,20 +26,6 @@ CREATE TABLE `config` (
26	-- --------------------------------------------------------	26	-- --------------------------------------------------------
27		27
28	--	28	--
29	-- Table structure for table `oldVerID`
30	--
31
32	DROP TABLE IF EXISTS `oldVerID`;
33	CREATE TABLE `oldVerID` (
34	`id` int(11) NOT NULL auto_increment,
35	`username` varchar(255) NOT NULL,
36	`verID` int(11) NOT NULL,
37	PRIMARY KEY (`id`)
38	) ENGINE=MyISAM DEFAULT CHARSET=latin1;
39
40	-- --------------------------------------------------------
41
42	--
43	-- Table structure for table `subscriptions`	29	-- Table structure for table `subscriptions`
44	--	30	--
45		31


diff --git a/series/trunk/theme/main.tpl b/series/trunk/theme/main.tpl index 982be74..cffee3c 100644 --- a/series/trunk/theme/main.tpl +++ b/series/trunk/theme/main.tpl
@@ -8,6 +8,11 @@ Here are some actions you can preform:
8	<LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI>	8	<LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI>
9	<LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI>	9	<LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI>
10	<LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI>	10	<LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI>
		11	<!--BEGIN ADMIN-->
		12	<LI><A HREF="admin.php?id=adduser">Add a new user</A></LI>
		13	<LI><A HREF="admin.php?id=manuser">Manage user</A></LI>
		14	<!--END ADMIN-->
11	<LI><A HREF="admin.php?id=logout">Log out</A></LI>	15	<LI><A HREF="admin.php?id=logout">Log out</A></LI>
12	</UL>	16	</UL>
		17
13	</CENTER>	18	</CENTER>


diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php index 114296e..01664ad 100644 --- a/series/trunk/xmlrpc.php +++ b/series/trunk/xmlrpc.php
@@ -35,72 +35,8 @@ function getPasswordInfo($id)
35	}	35	}
36	}	36	}
37		37
38	function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $seriesID, $title, $author, $url, $semantics, $encryptionID)
39	{
40	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
41	{
42	$getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
43	$getsub2 = mysql_query($getsub);
44	$getsub3 = mysql_fetch_array($getsub2);
45	if ($getsub3['identity'] == $seriesID)
46	{
47	if ($getsub3['username'] != $username)
48	{
49	return new xmlrpcresp(new xmlrpcval('1', 'int'));
50	}
51
52	$setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
53	$setsub2 = mysql_query($setsub);
54	} else {
55	$inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
56	$inssub2 = mysql_query($inssub);
57	}
58
59	$client = new xmlrpc_client('http://central.fourisland.com/xmlrpc.php');
60	$msg = new xmlrpcmsg("InstaDisc.sendFromSeries", array( new xmlrpcval($seriesURL, 'string'),
61	new xmlrpcval($seriesID, 'string'),
62	new xmlrpcval($title, 'string'),
63	new xmlrpcval($author, 'string'),
64	new xmlrpcval($url, 'string'),
65	new xmlrpcval($semantics, 'string'),
66	new xmlrpcval($encryptionID, 'int')));
67	$client->send($msg);
68
69	return new xmlrpcresp(new xmlrpcval('0', 'int'));
70	} else {
71	return new xmlrpcresp(new xmlrpcval('2', 'int'));
72	}
73
74	return new xmlrpcresp(new xmlrpcval('1', 'int'));
75	}
76
77	function initSubscription($username, $verification, $verificationID, $seriesURL, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal)
78	{
79	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
80	{
81	$getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
82	$getsub2 = mysql_query($getsub);
83	$getsub3 = mysql_fetch_array($getsub2);
84	if ($getsub3['identity'] == $seriesID)
85	{
86	if ($getsub3['username'] != $username)
87	{
88	return new xmlrpcresp(new xmlrpcval('1', 'int'));
89	}
90
91	$setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
92	$setsub2 = mysql_query($setsub);
93	} else {
94	$inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
95	$inssub2 = mysql_query($inssub);
96	}
97	}
98	}
99
100	$s = new xmlrpc_server(array( "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'),	38	$s = new xmlrpc_server(array( "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'),
101	"InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo'),	39	"InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo')
102	"InstaDisc.sendFromUpdate" => array('function' => 'sendFromUpdate'),
103	"InstaDisc.initSubscription" => array('function' => 'initSubscription')
104	), 0);	40	), 0);
105	$s->functions_parameters_type = 'phpvals';	41	$s->functions_parameters_type = 'phpvals';
106	$s->service();	42	$s->service();