From cefd374290b6d0ebfa22e0af8d289e51481f6f90 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Sun, 14 Sep 2008 14:15:06 +0000
Subject: Series: Reverted Update integration

Refs #55
---
 series/trunk/admin/addsub.php       |  2 +-
 series/trunk/admin/chpwd.php        |  2 +-
 series/trunk/admin/main.php         |  6 +++
 series/trunk/includes/instadisc.php | 77 ++++++++++++++++---------------------
 series/trunk/instadisc.sql          | 16 +-------
 series/trunk/theme/main.tpl         |  5 +++
 series/trunk/xmlrpc.php             | 66 +------------------------------
 7 files changed, 49 insertions(+), 125 deletions(-)

diff --git a/series/trunk/admin/addsub.php b/series/trunk/admin/addsub.php
index f462d3f..0b6ff3f 100644
--- a/series/trunk/admin/addsub.php
+++ b/series/trunk/admin/addsub.php
@@ -50,7 +50,7 @@ if (!isset($_GET['submit']))
 	{
 		showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors);
 	} else {
-		instaDisc_addSubscription($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password']);
+		instaDisc_initSubscription($_SESSION['username'], $_POST['id'], $_POST['url'], $_POST['title'], $_POST['category'], $_POST['personal'], $_POST['password']);
 
 		$template = new FITemplate('addedsub');
 		$template->add('SITENAME', instaDisc_getConfig('siteName'));
diff --git a/series/trunk/admin/chpwd.php b/series/trunk/admin/chpwd.php
index 2f5368d..abd6d97 100644
--- a/series/trunk/admin/chpwd.php
+++ b/series/trunk/admin/chpwd.php
@@ -56,7 +56,7 @@ if (isset($_SESSION['username']))
 		{
 			showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors);
 		} else {
-			instaDisc_changePassword( $_POST['new']);
+			instaDisc_changePassword($_SESSION['username'], $_POST['new']);
 
 			$template = new FITemplate('changedpassword');
 			$template->add('SITENAME', instaDisc_getConfig('siteName'));
diff --git a/series/trunk/admin/main.php b/series/trunk/admin/main.php
index eb0e35b..f2d8e9e 100644
--- a/series/trunk/admin/main.php
+++ b/series/trunk/admin/main.php
@@ -20,6 +20,12 @@ if (!isset($_SESSION['username']))
 
 $template = new FITemplate('main');
 $template->add('SITENAME',instaDisc_getConfig('siteName'));
+
+if (instaDisc_isAdmin($_SESSION['username'])
+{
+	$template->adds_block('ADMIN', array('exi'=>1));
+}
+
 $template->display();
 
 ?>
diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php
index 41080bd..a5afb3a 100644
--- a/series/trunk/includes/instadisc.php
+++ b/series/trunk/includes/instadisc.php
@@ -53,57 +53,48 @@ function instaDisc_getConfig($name)
 
 function instaDisc_verifyUser($username, $password)
 {
-	return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass')));
+	$getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\"";
+	$getusers2 = mysql_query($getusers);
+	$getusers3 = mysql_fetch_array($getusers2);
+
+	return ($getusers3['username'] == $username);
 }
 
-function instaDisc_changePassword($password)
+function instaDisc_changePassword($username, $password)
 {
-	$setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\"";
+	$setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\"";
 	$setconfig2 = mysql_query($setconfig);
 	$setconfig3 = mysql_fetch_array($setconfig2);
 }
 
-function instaDisc_addSubscription($id, $title, $url, $category, $password = '')
-{
-	$inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")";
-	$inssub2 = mysql_query($inssub);
-}
-
-function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
+function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword)
 {
-        $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;
-        $getverid2 = mysql_query($getverid);
-        $getverid3 = mysql_fetch_array($getverid2);
-        if ($getverid3['id'] != $verificationID)
-        {
-                $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
-                $getitem2 = mysql_query($getitem);
-                $getitem3 = mysql_fetch_array($getitem2);
-                if ($getitem3[$nameField] == $username)
-                {
-                        $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
-
-                        if (md5($test) == $verification)
-                        {
-                                $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
-                                $cntverid2 = mysql_query($cntverid);
-                                $cntverid3 = mysql_fetch_array($cntverid2);
-                                if ($cntverid3[0] >= 10000)
-                                {
-                                        $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1";
-                                        $delverid2 = mysql_query($delverid);
-                                }
-
-                                $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";
-                                $insverid2 = mysql_query($insverid);
-
-                                return true;
-                        }
-                }
-        }
-
-        return false;
+	$getuser = "SELECT * FROM users WHERE username = \"" . $username . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] == $username)
+	{
+		$getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
+		$getsub2 = mysql_query($getsub);
+		$getsub3 = mysql_fetch_array($getsub2);
+		if ($getsub3['identity'] == $seriesID)
+		{
+			if ($getsub3['username'] != $username)
+			{
+				return false;
+			}
+
+			$setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\"";
+			$setsub2 = mysql_query($setsub);
+		} else {
+			$inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")";
+			$inssub2 = mysql_query($inssub);
+		}
+
+		return true;
+	} else {
+		return false;
+	}
 }
 
-
 ?>
diff --git a/series/trunk/instadisc.sql b/series/trunk/instadisc.sql
index 9ab9699..bb2018c 100644
--- a/series/trunk/instadisc.sql
+++ b/series/trunk/instadisc.sql
@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 -- 
 -- Host: localhost
--- Generation Time: Sep 13, 2008 at 09:46 AM
+-- Generation Time: Sep 14, 2008 at 10:12 AM
 -- Server version: 5.0.51
 -- PHP Version: 5.2.4-2ubuntu5.3
 -- 
@@ -25,20 +25,6 @@ CREATE TABLE `config` (
 
 -- --------------------------------------------------------
 
--- 
--- Table structure for table `oldVerID`
--- 
-
-DROP TABLE IF EXISTS `oldVerID`;
-CREATE TABLE `oldVerID` (
-  `id` int(11) NOT NULL auto_increment,
-  `username` varchar(255) NOT NULL,
-  `verID` int(11) NOT NULL,
-  PRIMARY KEY  (`id`)
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
--- --------------------------------------------------------
-
 -- 
 -- Table structure for table `subscriptions`
 -- 
diff --git a/series/trunk/theme/main.tpl b/series/trunk/theme/main.tpl
index 982be74..cffee3c 100644
--- a/series/trunk/theme/main.tpl
+++ b/series/trunk/theme/main.tpl
@@ -8,6 +8,11 @@ Here are some actions you can preform:
 	<LI><A HREF="admin.php?id=chpwd">Change your Password</A></LI>
 	<LI><A HREF="admin.php?id=addsub">Add a new Subscription</A></LI>
 	<LI><A HREF="admin.php?id=mansub">Manage subscriptions</A></LI>
+	<!--BEGIN ADMIN-->
+	<LI><A HREF="admin.php?id=adduser">Add a new user</A></LI>
+	<LI><A HREF="admin.php?id=manuser">Manage user</A></LI>
+	<!--END ADMIN-->
 	<LI><A HREF="admin.php?id=logout">Log out</A></LI>
 </UL>
+
 </CENTER>
diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php
index 114296e..01664ad 100644
--- a/series/trunk/xmlrpc.php
+++ b/series/trunk/xmlrpc.php
@@ -35,72 +35,8 @@ function getPasswordInfo($id)
 	}
 }
 
-function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $seriesID, $title, $author, $url, $semantics, $encryptionID)
-{
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
-	{
-		$getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
-		$getsub2 = mysql_query($getsub);
-		$getsub3 = mysql_fetch_array($getsub2);
-		if ($getsub3['identity'] == $seriesID)
-		{
-			if ($getsub3['username'] != $username)
-			{
-				return new xmlrpcresp(new xmlrpcval('1', 'int'));
-			}
-
-			$setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
-			$setsub2 = mysql_query($setsub);
-		} else {
-			$inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
-			$inssub2 = mysql_query($inssub);
-		}
-
-		$client = new xmlrpc_client('http://central.fourisland.com/xmlrpc.php');
-		$msg = new xmlrpcmsg("InstaDisc.sendFromSeries", array(	new xmlrpcval($seriesURL, 'string'),
-									new xmlrpcval($seriesID, 'string'),
-									new xmlrpcval($title, 'string'),
-									new xmlrpcval($author, 'string'),
-									new xmlrpcval($url, 'string'),
-									new xmlrpcval($semantics, 'string'),
-									new xmlrpcval($encryptionID, 'int')));
-		$client->send($msg);
-
-		return new xmlrpcresp(new xmlrpcval('0', 'int'));
-	} else {
-		return new xmlrpcresp(new xmlrpcval('2', 'int'));
-	}
-
-	return new xmlrpcresp(new xmlrpcval('1', 'int'));
-}
-
-function initSubscription($username, $verification, $verificationID, $seriesURL, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal)
-{
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
-	{
-		$getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\"";
-		$getsub2 = mysql_query($getsub);
-		$getsub3 = mysql_fetch_array($getsub2);
-		if ($getsub3['identity'] == $seriesID)
-		{
-			if ($getsub3['username'] != $username)
-			{
-				return new xmlrpcresp(new xmlrpcval('1', 'int'));
-			}
-
-			$setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\"";
-			$setsub2 = mysql_query($setsub);
-		} else {
-			$inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")";
-			$inssub2 = mysql_query($inssub);
-		}
-	}
-}
-
 $s = new xmlrpc_server(array(	"InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'),
-				"InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo'),
-				"InstaDisc.sendFromUpdate" => array('function' => 'sendFromUpdate'),
-				"InstaDisc.initSubscription" => array('function' => 'initSubscription')
+				"InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo')
 			), 0);
 $s->functions_parameters_type = 'phpvals';
 $s->service();
-- 
cgit 1.4.1