From 289c028d8455b8cc1e77140e5d9f7834cce29c8d Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Thu, 11 Sep 2008 10:58:11 +0000 Subject: Series: Added instaDisc_checkVerification() Refs #55 --- series/trunk/includes/instadisc.php | 37 +++++++++++++++++++++++++++++++++++++ series/trunk/xmlrpc.php | 1 + 2 files changed, 38 insertions(+) diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index dd879c6..41080bd 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php @@ -69,4 +69,41 @@ function instaDisc_addSubscription($id, $title, $url, $category, $password = '') $inssub2 = mysql_query($inssub); } +function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) +{ + $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; + $getverid2 = mysql_query($getverid); + $getverid3 = mysql_fetch_array($getverid2); + if ($getverid3['id'] != $verificationID) + { + $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; + $getitem2 = mysql_query($getitem); + $getitem3 = mysql_fetch_array($getitem2); + if ($getitem3[$nameField] == $username) + { + $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; + + if (md5($test) == $verification) + { + $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; + $cntverid2 = mysql_query($cntverid); + $cntverid3 = mysql_fetch_array($cntverid2); + if ($cntverid3[0] >= 10000) + { + $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1"; + $delverid2 = mysql_query($delverid); + } + + $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; + $insverid2 = mysql_query($insverid); + + return true; + } + } + } + + return false; +} + + ?> diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php index 6d3a245..9024ae2 100644 --- a/series/trunk/xmlrpc.php +++ b/series/trunk/xmlrpc.php @@ -39,6 +39,7 @@ function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $ { if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) { + } else { return new xmlrpcresp(new xmlrpcval('2', 'int')); } -- cgit 1.4.1