From c2b0db2df28651e0a9672f6f52a75648f6b3f1e9 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Sun, 3 Aug 2008 20:18:46 +0000
Subject: Central: Added checks to Subscription ownership functions

Closes #5
---
 central/trunk/instadisc.php | 44 ++++++++++++++++++++++++++++++++++----------
 1 file changed, 34 insertions(+), 10 deletions(-)

(limited to 'central')

diff --git a/central/trunk/instadisc.php b/central/trunk/instadisc.php
index 0edbd82..fa2eb07 100644
--- a/central/trunk/instadisc.php
+++ b/central/trunk/instadisc.php
@@ -321,28 +321,52 @@ function instaDisc_listPendingSubscriptions($username)
 
 function instaDisc_generateSubscriptionActivation($username, $url)
 {
-	$key = md5(rand(1,65536));
+	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] == $username)
+	{
+		$key = md5(rand(1,65536));
 
-	$inspending = "INSERT INTO pending2 (username, url, key) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")";
-	$inspending2 = mysql_query($inspending);
+		$inspending = "INSERT INTO pending2 (username, url, key) VALUES (\"" . mysql_real_escape_string($username) . "\", \"" . mysql_real_escape_string($url) . "\", \"" . mysql_real_escape_string($key) . "\")";
+		$inspending2 = mysql_query($inspending);
+
+		return $key;
+	}
 
-	return $key;
+	return false;
 }
 
 function instaDisc_deleteSubscription($username, $url)
 {
-	$delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
-	$delsub2 = mysql_query($delsub);
+	$getsub = "SELECT * FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+	$getsub2 = mysql_query($getsub);
+	$getsub3 = mysql_fetch_array($getsub2);
+	if ($getsub3['username'] == $username)
+	{
+		$delsub = "DELETE FROM subscriptions WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+		$delsub2 = mysql_query($delsub);
 
-	return true;
+		return true;
+	}
+
+	return false;
 }
 
 function instaDisc_cancelSubscription($username, $url)
 {
-	$delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
-	$delsub2 = mysql_query($delsub);
+	$getsub = "SELECT * FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+	$getsub2 = mysql_query($getsub);
+	$getsub3 = mysql_fetch_array($getsub2);
+	if ($getsub3['username'] == $username)
+	{
+		$delsub = "DELETE FROM pending2 WHERE username = \"" . mysql_real_escape_string($username) . "\" AND url = \"" . mysql_real_escape_string($url) . "\")";
+		$delsub2 = mysql_query($delsub);
 
-	return true;
+		return true;
+	}
+
+	return false;
 }
 
 ?>
-- 
cgit 1.4.1