From 74dafd4ec901db76148cc0894b94d0e80fadec08 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Mon, 4 Aug 2008 14:39:11 +0000
Subject: Central: Reverted instadisc.php

For some reason, instadisc.php was accidentally replaced with xmlrpc.php and
commited. It has been reverted now. Also, xmlrpc.php has been using
$_SERVER['HTTP_HOST'], but that variable returns the server's address PLUS the
port number. $_SERVER['SERVER_NAME'] is much more appropriate for this
instance.
---
 central/trunk/instadisc.php | 474 ++++++++++++++++++++++++++------------------
 central/trunk/xmlrpc.php    |   4 +-
 2 files changed, 283 insertions(+), 195 deletions(-)

(limited to 'central')

diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php
index 3b734ad..2a7cbb9 100644
--- a/central/trunk/instadisc.php
+++ b/central/trunk/instadisc.php
@@ -2,283 +2,371 @@
 
 /* InstaDisc Server - A Four Island Project */
 
-include('xmlrpc/xmlrpc.inc');
-include('xmlrpc/xmlrpcs.inc');
-include('db.php');
-include('instadisc.php');
+include_once('db.php');
+include_once('class.phpmailer.php');
 
-function checkRegistration($username, $verification, $verificationID)
+function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
 {
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
+	$getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;
+	$getverid2 = mysql_query($getverid);
+	$getverid3 = mysql_fetch_array($getverid2);
+	if ($getverid3['id'] != $verificationID)
 	{
-		return new xmlrpcresp(new xmlrpcval(0, "int"));
-	}
-
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
-}
-
-function deleteItem($username, $verification, $verificationID, $id)
-{
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
-	{
-		$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
+		$getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
 		$getitem2 = mysql_query($getitem);
 		$getitem3 = mysql_fetch_array($getitem2);
-		if ($getitem3['id'] == $id)
+		if ($getitem3[$nameField] == $username)
 		{
-			$delitem = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
-			$delitem2 = mysql_query($delitem);
+			$test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
 
-			return new xmlrpcresp(new xmlrpcval(0, "int"));
+			if (md5($test) == $verification)
+			{
+				$cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+				$cntverid2 = mysql_query($cntverid);
+				$cntverid3 = mysql_fetch_array($cntverid2);
+				if ($cntverid3[0] >= intval(instaDisc_getConfig('verIDBufferSize')))
+				{
+					$delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+					$delverid2 = mysql_query($delverid);
+				}
+
+				$insverid = "INSERT INTO oldVerID (name, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";
+				$insverid2 = mysql_query($insverid);
+
+				return true;
+			}
 		}
 	}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+	return false;
 }
 
-function resendItem($username, $verification, $verificationID, $id)
+function instaDisc_sendItem($username, $id)
 {
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
+	$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
+	$getitem2 = mysql_query($getitem);
+	$getitem3 = mysql_fetch_array($getitem2);
+	if ($getitem3['username'] == $username)
 	{
-		$getitem = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\" AND itemID = " . $id;
-		$getitem2 = mysql_query($getitem);
-		$getitem3 = mysql_fetch_array($getitem2);
-		if ($getitem3['id'] == $id)
+		$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+		$getuser2 = mysql_query($getuser);
+		$getuser3 = mysql_fetch_array($getuser2);
+
+		$fp = fsockopen($getuser3['ip'], 4444, $errno, $errstr);
+		if ($fp)
 		{
-			instaDisc_sendItem($username, $id);
+			$verID = rand(1,65536);
 
-			return new xmlrpcresp(new xmlrpcval(0, "int"));
+			$out = 'ID: ' . $id . "\r\n";
+			$out .= 'Verification: ' . md5($username . ':' . $getuser3['password'] . ':' . $verID) . "\r\n";
+			$out .= 'Verification-ID: ' . $verID . "\r\n";
+			$out .= 'Subscription: ' . $getitem3['subscription'] . "\r\n";
+			$out .= 'Title: ' . $getitem3['title'] . "\r\n";
+			$out .= 'Author: ' . $getitem3['author'] . "\r\n";
+			$out .= 'URL: ' . $getitem3['url'] . "\r\n";
+			$out .= "\r\n\r\n";
+
+			fwrite($fp, $out);
+			fclose($fp);
 		}
 	}
+}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+function instaDisc_sendUpdateNotice($softwareVersion)
+{
+	$username = instaDisc_getConfig('owner');
+	$subscription = 'http://' . $_SERVER['HTTP_HOST'];
+	$title = 'Update your software to ' . $software;
+	$author = 'Hatkirby';
+	$url = 'http://fourisland.com/projects/instadisc/wiki/CentralSoftwareUpdate';
+	$semantics = array();
+
+	instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics);
 }
 
-function requestRetained($username, $verification, $veriicationID)
+function instaDisc_sendDatabase($cserver)
 {
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
+	$getdb = "SELECT * FROM centralServers";
+	$getdb2 = mysql_query($getdb);
+	$i=0;
+	while ($getdb3[$i] = mysql_fetch_array($getdb2))
 	{
-		$getitems = "SELECT * FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\"";
-		$getitems2 = mysql_query($getitems);
-		$i=0;
-		while ($getitems3[$i] = mysql_fetch_array($getitems2))
-		{
-			instaDisc_sendItem($username, $getitems3[$i]['itemID']);
-			$i++;
-		}
-
-		return new xmlrpcresp(new xmlrpcval(0, "int"));
+		$db[$getdb3[$i]['url']]['code'] = $getdb3[$i]['code'];
+		$db[$getdb3[$i]['url']]['xmlrpc'] = $getdb3[$i]['xmlrpc'];
+		$i++;
 	}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+	$cserver2 = $_SERVER['HTTP_HOST'];
+	$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
+	$getuk2 = mysql_query($getuk);
+	$getuk3 = mysql_fetch_array($getuk2);
+
+	$verID = rand(1,65536);
+
+	$client = new xmlrpc_client($cserver);
+	$msg = new xmlrpcmsg("InstaDisc.sendDatabase", array(	new xmlrpcval($cserver2, 'string'),
+								new xmlrpcval(md5($cserver2 . ":" . $getuk3['code'] . ":" . $verID), 'string'),
+								new xmlrpcval($verID, 'int'),
+								new xmlrpcval($db, 'array')));
+	$client->send($msg);
 }
 
-function sendFromUpdate($username, $verification, $verificationID, $subscription, $title, $author, $url, $semantics)
+function instaDisc_addItem($username, $subscription, $title, $author, $url, $semantics)
 {
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
+	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] == $username)
 	{
-		$getusubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($subscription) . "\" AND owner = \"true\"";
-		$getusubs2 = mysql_query($getusubs);
-		$getusubs3 = mysql_fetch_array($getusubs2);
-		if ($getusubs3['username'] == $username)
-		{
-			$cserver = $_SERVER['SERVER_NAME'];
-			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver) . "\"";
-			$getuk2 = mysql_query($getuk);
-			$getuk3 = mysql_fetch_array($getuk2);
-
-			$getcs = "SELECT * FROM centralServers";
-			$getcs2 = mysql_query($getcs);
-			$i=0;
-			while ($getcs3[$i] = mysql_fetch_array($getcs2))
-			{
-				$verID = rand(1,65536);
-
-				$client = new xmlrpc_client($getcs3[$i]['xmlrpc']);
-				$msg = new xmlrpcmsg("InstaDisc.sendFromCentral", array(	new xmlrpcval($cserver, 'string'),
-												new xmlrpcval(md5($cserver . ":" . $getuk3['code'] . ":" . $verID), 'string'),
-												new xmlrpcval($verID, 'int'),
-												new xmlrpcval($subscription, 'string'),
-												new xmlrpcval($title, 'string'),
-												new xmlrpcval($author, 'string'),
-												new xmlrpcval($url, 'string'),
-												new xmlrpcval($semantics, 'array'),
-												new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int'),
-												new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int')));
-				$client->send($msg);
-				$i++;
-			}
+		$itemID = $getuser3['nextItemID'];
+		$setuser = "UPDATE users SET nextItemID = nextItemID+1 WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+		$setuser2 = mysql_query($setuser);
 
-			return new xmlrpcresp(new xmlrpcval(0, "int"));
-		}
-	}
+		$insitem = "INSERT INTO inbox (username, itemID, subscription, title, author, url, semantics) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $itemID . ", \"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($title) . "\", \"" . mysql_real_escape_string($author) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string(serialize($semantics)) . "\")";
+		$insitem2 = mysql_query($insitem);
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+		instaDisc_sendItem($username, $itemID);
+	}
 }
 
-function sendFromCentral($cserver, $verification, $verificationID, $subscription, $title, $author, $url, $semantics, $softwareVersion, $databaseVersion)
+function instaDisc_phpMailer()
 {
-	if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
+	$mail = new PHPMailer();
+	$mail->IsSMTP();
+	$mail->From = 'instadisc@' . instaDisc_getConfig('mailDomain');
+	$mail->FromName = 'InstaDisc';
+	$mail->Host = instaDisc_getConfig('smtpHost');
+	if (instaDisc_getConfig('smtpAuth') == 'true')
 	{
-		if ($softwareVersion > instaDisc_getConfig('softwareVersion'))
-		{
-			instaDisc_sendUpdateNotice($softwareVersion);
-		} else if ($softwareVersion < instaDisc_getConfig('softwareVersion'))
-		{
-			$cserver2 = $_SERVER['HTTP_HOST'];
-			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
-			$getuk2 = mysql_query($getuk);
-			$getuk3 = mysql_fetch_array($getuk2);
+		$mail->SMTPAuth = true;
+		$mail->Username = instaDisc_getConfig('smtpUser');
+		$mail->Password = instaDisc_getConfig('smtpPass');
+	}
+	$mail->Helo = $_SERVER['HTTP_HOST'];
+	$mail->ClearAddresses();
 
-			$verID = rand(1,65536);
+	return $mail;
+}
 
-			$client = new xmlrpc_client($cserver);
-			$msg = new xmlrpcmsg("InstaDisc.sendUpdateNotice", array(	new xmlrpcval($cserver2, 'string'),
-											new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'),
-											new xmlrpcval($verID, 'int'),
-											new xmlrpcval(instaDisc_getConfig('softwareVersion'), 'int')));
-			$client->send($msg);
-		}
+function instaDisc_sendActivationEmail($username, $password, $email)
+{
+	$penKey = md5(rand(1,65536));
 
-		if ($databaseVersion > instaDisc_getConfig('databaseVersion'))
-		{
-			$cserver2 = $_SERVER['HTTP_HOST'];
-			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
-			$getuk2 = mysql_query($getuk);
-			$getuk3 = mysql_fetch_array($getuk2);
+	$inspending = "INSERT INTO pending (username, password, email, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string(md5($password)) . "\", \"" . mysql_real_escape_string($email) . "\", \"" . mysql_real_escape_string($penKey) . "\")";
+	$inspending2 = mysql_query($inspending);
 
-			$verID = rand(1,65536);
+	$mail = instaDisc_phpMailer();
+	$mail->AddAddress($email, $username);
+	$mail->Subject = 'InstaDisc Account Verification';
+	$mail->Body = "Hello, someone has recently registered an account at " . $_SERVER['HTTP_HOST'] . " with your email address. If that was you, and your chosen username IS " . $username . ", then copy the account verification code below to our Account Verification page, enter your username and press Activate!\r\n\r\n" . $penKey . "\r\n\r\nIf that was not you, copy the above code to our Account Verification page, enter the above username, and click Delete.";
 
-			$client = new xmlrpc_client($cserver);
-			$msg = new xmlrpcmsg("InstaDisc.askForDatabase", array(	new xmlrpcval($cserver2, 'string'),
-										new xmlrpcval(md5($cserver2 . ':' . $getuk3['code'] . ':' . $verID), 'string'),
-										new xmlrpcval($verID, 'int'),
-										new xmlrpcval(instaDisc_getConfig('databaseVersion'), 'int')));
-			$client->send($msg);
-		} else if ($databaseVersion < instaDisc_getConfig('databaseVersion'))
-		{
-			instaDisc_sendDatabase($cserver);
-		}
+	return $mail->Send();
+}
 
-		$getsed = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\"";
-		$getsed2 = mysql_query($getsed);
-		$i=0;
-		while ($getsed3[$i] = mysql_fetch_array($getsed2))
-		{
-			instaDisc_addItem($getsed3[$i]['username'], $subscription, $title, $author, $url, $semantics);
-			$i++;
-		}
+function instaDisc_activateAccount($username, $penKey)
+{
+	$getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] == $username)
+	{
+		$insuser = "INSERT INTO users (username, password, email) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($getuser3['password']) . "\", \"" . mysql_real_escape_string($getuser3['email']) . "\")";
+		$insuser2 = mysql_query($insuser);
 
-		return new xmlrpcresp(new xmlrpcval(0, "int"));
+		$delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+		$delpending2 = mysql_query($delpending);
+
+		$mail = instaDisc_phpMailer();
+		$mail->AddAddress($getuser3['email'], $username);
+		$mail->Subject = 'Welcome to InstaDisc!';
+		$mail->Body = "Welcome to InstaDisc! Thank you for registering at " . instaDisc_getConfig('siteName') . " Central Server, we hope you enjoy our service! Now, when you download an InstaDisc Client, it will ask you for the following information which you will need to enter into it for it to work:\r\n\r\nUsername: " . $username . "\r\nPassword: (you should know this, it's not displayed here for security reasons)\r\nCentral Server URL: " . instaDisc_getConfig("xmlrpcURL") . "\r\n\r\nOnce again, thank you for choosing " . instaDisc_getConfig("siteName") . "!";
+
+		return $mail->Send();
+	} else {
+		return false;
 	}
+}
+
+function instaDisc_deactivateAccount($username, $penKey)
+{
+	$getuser = "SELECT * FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\" AND code = \"" . mysql_real_escape_string($penKey) . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] == $username)
+	{
+		$delpending = "DELETE FROM pending WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+		$delpending2 = mysql_query($delpending);
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+		return true;
+	} else {
+		return false;
+	}
 }
 
-function sendUpdateNotice($cserver, $verification, $verificationID, $softwareVersion)
+function instaDisc_verifyUser($username, $password)
 {
-	if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
+	return instaDisc_checkVerification($username, md5($username . ':' . md5($password) . ':0'), 0, 'users', 'username', 'password');
+}
+
+function instaDisc_deleteAccount($username)
+{
+	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] == $username)
 	{
-		if ($softwareVersion > instaDisc_getConfig('softwareVersion'))
-		{
-			instaDisc_sendUpdateNotice($softwareVersion);
+		$deluser = "DELETE FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+		$deluser2 = mysql_query($deluser);
 
-			return new xmlrpcresp(new xmlrpcval(0, "int"));
-		}
+		$delsubs = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+		$delsubs2 = mysql_query($delsubs);
+
+		$delitems = "DELETE FROM inbox WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+		$delitems2 = mysql_query($delitems);
+
+		return true;
 	}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+	return false;
 }
 
-function askForDatabase($cserver, $verification, $verificationID, $databaseVersion)
+function instaDisc_getConfig($key)
 {
-	if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
+	$getconfig = "SELECT * FROM config WHERE name = \"" . mysql_real_escape_string($key) . "\"";
+	$getconfig2 = mysql_query($getconfig);
+	$getconfig3 = mysql_fetch_array($getconfig2);
+
+	return $getconfig3['value'];
+}
+
+function instaDisc_listSubscriptions($username)
+{
+	$getsubs = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"true\"";
+	$getsubs2 = mysql_query($getsubs);
+	$i=0;
+	while ($getsubs3[$i] = mysql_fetch_array($getsubs2))
 	{
-		if ($databaseVersion < instaDisc_getConfig('databaseVersion'))
-		{
-			instaDisc_sendDatabase($cserver);
+		$subs[$i] = $getsubs3[$i]['url'];
 
-			return new xmlrpcresp(new xmlrpcval(0, "int"));
-		}
+		$i++;
 	}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+	$subs['size'] = $i;
+	return $subs;
 }
 
-function deleteSubscription($username, $verification, $verificationID, $subscription)
+function instaDisc_addSubscription($username, $url)
 {
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
+	$getcode = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\"";
+	$getcode2 = mysql_query($getcode);
+	$getcode3 = mysql_fetch_array($getcode2);
+	if ($getcode3['username'] == $username)
 	{
-		$getsub = "SELECT * FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
-		$getsub2 = mysql_query($getsub);
-		$getsub3 = mysql_fetch_array($getsub2);
-		if ($getsub3['url'] == $subscription)	
+		$delcode = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\"";
+		$delcode2 = mysql_query($delcode);
+
+		$c = curl_init();
+		curl_setopt($c, CURLOPT_URL, $url);
+		curl_setopt($c, CURLOPT_HEADER, false);
+		curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
+		$page_data = curl_exec($c);
+		curl_close($c);
+
+		$headers = split("\n", $page_date);
+		foreach ($headers as $name => $value)
 		{
-			$delsub = "DELETE FROM subscriptions WHERE url = \"" . mysql_real_escape_string($subscription) . "\" AND username = \"" . mysql_real_escape_string($username) . "\" AND owner = \"false\"";
-			$delsub2 = mysql_query($delsub);
+			$header = split(": ", $value);
+			$headerMap[$header[0]] = $header[1];
+		}
 
-			return new xmlrpcresp(new xmlrpcval(0, "int"));
+		if (isset($header['Subscription']))
+		{
+			if (isset($header['Title']))
+			{
+				if (isset($header['Category']))
+				{
+					if (isset($header['Key']))
+					{
+						if ($header['Key'] == $getcode3['code'])
+						{
+							$inssub = "INSERT INTO subscriptions (username,url,owner) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($header['Subscription']) . "\", \"true\")";
+							$inssub2 = mysql_query($inssub);
+
+							return true;
+						}
+					}
+				}
+			}
 		}
 	}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+	return false;
 }
 
-function addSubscription($username, $verification, $verificationID, $subscription)
+function instaDisc_listPendingSubscriptions($username)
 {
-	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
+	$getsubs = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+	$getsubs2 = mysql_query($getsubs);
+	$i=0;
+	while ($getsubs3[$i] = mysql_fetch_array($getsubs2))
 	{
-		$inssub = "INSERT INTO subscriptions (url, username, owner) VALUES (\"" . mysql_real_escape_string($subscription) . "\", \"" . mysql_real_escape_string($username) . "\", \"false\")";
-		$inssub2 = mysql_query($inssub);
+		$subs[$i] = array('url' => $getsubs3[$i]['url'], 'code' => $getsubs3[$i]['code']);
 
-		return new xmlrpcresp(new xmlrpcval(0, "int"));
+		$i++;
 	}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+	$subs['size'] = $i;
+	return $subs;
 }
 
-function sendDatabase($cserver, $verification, $verificationID, $db)
+function instaDisc_generateSubscriptionActivation($username, $url)
 {
-	if (instaDisc_checkVerification($cserver, $verification, $verificationID, 'centralServers', 'url', 'code'))
+	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] == $username)
 	{
-		if (isset($db['central.fourisland.com']))
-		{
-			$getfi = "SELECT * FROM centralServers WHERE url = \"central.fourisland.com\"";
-			$getfi2 = mysql_query($getfi);
-			$getfi3 = mysql_fetch_array($getfi2);
+		$key = md5(rand(1,65536));
 
-			if ($db['central.fourisland.com']['code'] == $getfi3['code'])
-			{
-				$deldb = "DELETE FROM centralServers";
-				$deldb2 = mysql_query($deldb);
+		$inspending = "INSERT INTO pending2 (username, url, code) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")";
+		$inspending2 = mysql_query($inspending);
 
-				foreach($db as $name => $value)
-				{
-					$insdb = "INSERT INTO centralServers (url, code, xmlrpc) VALUES (\"" . mysql_real_escape_string($name) . "\", \"" . mysql_real_escape_string($value['code']) . "\", \"" . mysql_real_escape_string($value['xmlrpc']) . "\")";
-					$insdb2 = mysql_query($insdb);
-				}
+		return $key;
+	}
 
-				return new xmlrpcresp(new xmlrpcval("0", 'int'));
-			}
-		}
+	return false;
+}
+
+function instaDisc_deleteSubscription($username, $url)
+{
+	$getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+	$getsub2 = mysql_query($getsub);
+	$getsub3 = mysql_fetch_array($getsub2);
+	if ($getsub3['username'] == $username)
+	{
+		$delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+		$delsub2 = mysql_query($delsub);
+
+		return true;
 	}
 
-	return new xmlrpcresp(new xmlrpcval(1, "int"));
+	return false;
 }
 
-$s = new xmlrpc_server(	array(	"InstaDisc.checkRegistration" => array("function" => "checkRegistration"),
-				"InstaDisc.deleteItem" => array("function" => "deleteItem"),
-				"InstaDisc.resendItem" => array("function" => "resendItem"),
-				"InstaDisc.requestRetained" => array("function" => "requestRetained"),
-				"InstaDisc.sendFromUpdate" => array("function" => "sendFromUpdate"),
-				"InstaDisc.sendFromCentral" => array("function" => "sendFromCentral"),
-				"InstaDisc.sendUpdateNotice" => array("function" => "sendUpdateNotice"),
-				"InstaDisc.askForDatabase" => array("function" => "askForDatabase"),
-				"InstaDisc.deleteSubscription" => array("function" => "deleteSubscription"),
-				"InstaDisc.addSubscription" => array("function" => "addSubscription"),
-				"InstaDisc.sendDatabase" => array("function" => "sendDatabase")
-			),0);
-$s->functions_parameters_type = 'phpvals';
-$s->service();
+function instaDisc_cancelSubscription($username, $url)
+{
+	$getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+	$getsub2 = mysql_query($getsub);
+	$getsub3 = mysql_fetch_array($getsub2);
+	if ($getsub3['username'] == $username)
+	{
+		$delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+		$delsub2 = mysql_query($delsub);
+
+		return true;
+	}
+
+	return false;
+}
 
 ?>
diff --git a/central/trunk/xmlrpc.php b/central/trunk/xmlrpc.php
index 3b734ad..95d439d 100644
--- a/central/trunk/xmlrpc.php
+++ b/central/trunk/xmlrpc.php
@@ -125,7 +125,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
 			instaDisc_sendUpdateNotice($softwareVersion);
 		} else if ($softwareVersion < instaDisc_getConfig('softwareVersion'))
 		{
-			$cserver2 = $_SERVER['HTTP_HOST'];
+			$cserver2 = $_SERVER['SERVER_NAME'];
 			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
 			$getuk2 = mysql_query($getuk);
 			$getuk3 = mysql_fetch_array($getuk2);
@@ -142,7 +142,7 @@ function sendFromCentral($cserver, $verification, $verificationID, $subscription
 
 		if ($databaseVersion > instaDisc_getConfig('databaseVersion'))
 		{
-			$cserver2 = $_SERVER['HTTP_HOST'];
+			$cserver2 = $_SERVER['SERVER_NAME'];
 			$getuk = "SELECT * FROM centralServers WHERE url = \"" . mysql_real_escape_string($cserver2) . "\"";
 			$getuk2 = mysql_query($getuk);
 			$getuk3 = mysql_fetch_array($getuk2);
-- 
cgit 1.4.1