From 289c028d8455b8cc1e77140e5d9f7834cce29c8d Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Thu, 11 Sep 2008 10:58:11 +0000
Subject: Series: Added instaDisc_checkVerification()

Refs #55
---
 series/trunk/includes/instadisc.php | 37 +++++++++++++++++++++++++++++++++++++
 series/trunk/xmlrpc.php             |  1 +
 2 files changed, 38 insertions(+)

(limited to 'series/trunk')

diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php
index dd879c6..41080bd 100644
--- a/series/trunk/includes/instadisc.php
+++ b/series/trunk/includes/instadisc.php
@@ -69,4 +69,41 @@ function instaDisc_addSubscription($id, $title, $url, $category, $password = '')
 	$inssub2 = mysql_query($inssub);
 }
 
+function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField)
+{
+        $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID;
+        $getverid2 = mysql_query($getverid);
+        $getverid3 = mysql_fetch_array($getverid2);
+        if ($getverid3['id'] != $verificationID)
+        {
+                $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\"";
+                $getitem2 = mysql_query($getitem);
+                $getitem3 = mysql_fetch_array($getitem2);
+                if ($getitem3[$nameField] == $username)
+                {
+                        $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID;
+
+                        if (md5($test) == $verification)
+                        {
+                                $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\"";
+                                $cntverid2 = mysql_query($cntverid);
+                                $cntverid3 = mysql_fetch_array($cntverid2);
+                                if ($cntverid3[0] >= 10000)
+                                {
+                                        $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1";
+                                        $delverid2 = mysql_query($delverid);
+                                }
+
+                                $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")";
+                                $insverid2 = mysql_query($insverid);
+
+                                return true;
+                        }
+                }
+        }
+
+        return false;
+}
+
+
 ?>
diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php
index 6d3a245..9024ae2 100644
--- a/series/trunk/xmlrpc.php
+++ b/series/trunk/xmlrpc.php
@@ -39,6 +39,7 @@ function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $
 {
 	if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password'))
 	{
+		
 	} else {
 		return new xmlrpcresp(new xmlrpcval('2', 'int'));
 	}
-- 
cgit 1.4.1