From cefd374290b6d0ebfa22e0af8d289e51481f6f90 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Sun, 14 Sep 2008 14:15:06 +0000 Subject: Series: Reverted Update integration Refs #55 --- series/trunk/includes/instadisc.php | 77 ++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 43 deletions(-) (limited to 'series/trunk/includes') diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index 41080bd..a5afb3a 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php @@ -53,57 +53,48 @@ function instaDisc_getConfig($name) function instaDisc_verifyUser($username, $password) { - return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass'))); + $getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\""; + $getusers2 = mysql_query($getusers); + $getusers3 = mysql_fetch_array($getusers2); + + return ($getusers3['username'] == $username); } -function instaDisc_changePassword($password) +function instaDisc_changePassword($username, $password) { - $setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\""; + $setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\""; $setconfig2 = mysql_query($setconfig); $setconfig3 = mysql_fetch_array($setconfig2); } -function instaDisc_addSubscription($id, $title, $url, $category, $password = '') -{ - $inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")"; - $inssub2 = mysql_query($inssub); -} - -function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) +function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword) { - $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; - $getverid2 = mysql_query($getverid); - $getverid3 = mysql_fetch_array($getverid2); - if ($getverid3['id'] != $verificationID) - { - $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; - $getitem2 = mysql_query($getitem); - $getitem3 = mysql_fetch_array($getitem2); - if ($getitem3[$nameField] == $username) - { - $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; - - if (md5($test) == $verification) - { - $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; - $cntverid2 = mysql_query($cntverid); - $cntverid3 = mysql_fetch_array($cntverid2); - if ($cntverid3[0] >= 10000) - { - $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1"; - $delverid2 = mysql_query($delverid); - } - - $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; - $insverid2 = mysql_query($insverid); - - return true; - } - } - } - - return false; + $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\""; + $getuser2 = mysql_query($getuser); + $getuser3 = mysql_fetch_array($getuser2); + if ($getuser3['username'] == $username) + { + $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\""; + $getsub2 = mysql_query($getsub); + $getsub3 = mysql_fetch_array($getsub2); + if ($getsub3['identity'] == $seriesID) + { + if ($getsub3['username'] != $username) + { + return false; + } + + $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\""; + $setsub2 = mysql_query($setsub); + } else { + $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")"; + $inssub2 = mysql_query($inssub); + } + + return true; + } else { + return false; + } } - ?> -- cgit 1.4.1