From cefd374290b6d0ebfa22e0af8d289e51481f6f90 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Sun, 14 Sep 2008 14:15:06 +0000 Subject: Series: Reverted Update integration Refs #55 --- series/trunk/admin/addsub.php | 2 +- series/trunk/admin/chpwd.php | 2 +- series/trunk/admin/main.php | 6 +++ series/trunk/includes/instadisc.php | 77 ++++++++++++++++--------------------- series/trunk/instadisc.sql | 16 +------- series/trunk/theme/main.tpl | 5 +++ series/trunk/xmlrpc.php | 66 +------------------------------ 7 files changed, 49 insertions(+), 125 deletions(-) (limited to 'series') diff --git a/series/trunk/admin/addsub.php b/series/trunk/admin/addsub.php index f462d3f..0b6ff3f 100644 --- a/series/trunk/admin/addsub.php +++ b/series/trunk/admin/addsub.php @@ -50,7 +50,7 @@ if (!isset($_GET['submit'])) { showForm($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password'], $errors); } else { - instaDisc_addSubscription($_POST['id'], $_POST['title'], $_POST['url'], $_POST['category'], $_POST['password']); + instaDisc_initSubscription($_SESSION['username'], $_POST['id'], $_POST['url'], $_POST['title'], $_POST['category'], $_POST['personal'], $_POST['password']); $template = new FITemplate('addedsub'); $template->add('SITENAME', instaDisc_getConfig('siteName')); diff --git a/series/trunk/admin/chpwd.php b/series/trunk/admin/chpwd.php index 2f5368d..abd6d97 100644 --- a/series/trunk/admin/chpwd.php +++ b/series/trunk/admin/chpwd.php @@ -56,7 +56,7 @@ if (isset($_SESSION['username'])) { showForm($_POST['old'], $_POST['new'], $_POST['confirm'], $errors); } else { - instaDisc_changePassword( $_POST['new']); + instaDisc_changePassword($_SESSION['username'], $_POST['new']); $template = new FITemplate('changedpassword'); $template->add('SITENAME', instaDisc_getConfig('siteName')); diff --git a/series/trunk/admin/main.php b/series/trunk/admin/main.php index eb0e35b..f2d8e9e 100644 --- a/series/trunk/admin/main.php +++ b/series/trunk/admin/main.php @@ -20,6 +20,12 @@ if (!isset($_SESSION['username'])) $template = new FITemplate('main'); $template->add('SITENAME',instaDisc_getConfig('siteName')); + +if (instaDisc_isAdmin($_SESSION['username']) +{ + $template->adds_block('ADMIN', array('exi'=>1)); +} + $template->display(); ?> diff --git a/series/trunk/includes/instadisc.php b/series/trunk/includes/instadisc.php index 41080bd..a5afb3a 100644 --- a/series/trunk/includes/instadisc.php +++ b/series/trunk/includes/instadisc.php @@ -53,57 +53,48 @@ function instaDisc_getConfig($name) function instaDisc_verifyUser($username, $password) { - return (($username == instaDisc_getConfig('adminUser')) && (md5($password) == instaDisc_getConfig('adminPass'))); + $getusers = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($username) . "\" AND password = \"" . mysql_real_escape_string(md5($password)) . "\""; + $getusers2 = mysql_query($getusers); + $getusers3 = mysql_fetch_array($getusers2); + + return ($getusers3['username'] == $username); } -function instaDisc_changePassword($password) +function instaDisc_changePassword($username, $password) { - $setconfig = "UPDATE config SET value = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE name = \"adminPass\""; + $setconfig = "UPDATE users SET password = \"" . mysql_real_escape_string(md5($password)) . "\" WHERE username = \"" . mysql_real_escape_string($username) . "\""; $setconfig2 = mysql_query($setconfig); $setconfig3 = mysql_fetch_array($setconfig2); } -function instaDisc_addSubscription($id, $title, $url, $category, $password = '') -{ - $inssub = "INSERT INTO subscriptions (identity, title, url, category, password, personal) VALUES (\"" . mysql_real_escape_string($id) . "\",\"" . mysql_real_escape_string($title) . "\",\"" . mysql_real_escape_string($url) . "\",\"" . mysql_real_escape_string($category) . "\",\"" . mysql_real_escape_string(($password == '' ? '' : md5($password))) . "\",\"false\")"; - $inssub2 = mysql_query($inssub); -} - -function instaDisc_checkVerification($username, $verification, $verificationID, $table, $nameField, $passField) +function initSubscription($username, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal, $subscriptionPassword) { - $getverid = "SELECT * FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" AND verID = " . $verificationID; - $getverid2 = mysql_query($getverid); - $getverid3 = mysql_fetch_array($getverid2); - if ($getverid3['id'] != $verificationID) - { - $getitem = "SELECT * FROM " . $table . " WHERE " . $nameField . " = \"" . mysql_real_escape_string($username) . "\""; - $getitem2 = mysql_query($getitem); - $getitem3 = mysql_fetch_array($getitem2); - if ($getitem3[$nameField] == $username) - { - $test = $username . ':' . $getitem3[$passField] . ':' . $verificationID; - - if (md5($test) == $verification) - { - $cntverid = "SELECT COUNT(*) FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\""; - $cntverid2 = mysql_query($cntverid); - $cntverid3 = mysql_fetch_array($cntverid2); - if ($cntverid3[0] >= 10000) - { - $delverid = "DELETE FROM oldVerID WHERE username = \"" . mysql_real_escape_string($username) . "\" LIMIT 0,1"; - $delverid2 = mysql_query($delverid); - } - - $insverid = "INSERT INTO oldVerID (username, verID) VALUES (\"" . mysql_real_escape_string($username) . "\", " . $verificationID . ")"; - $insverid2 = mysql_query($insverid); - - return true; - } - } - } - - return false; + $getuser = "SELECT * FROM users WHERE username = \"" . $username . "\""; + $getuser2 = mysql_query($getuser); + $getuser3 = mysql_fetch_array($getuser2); + if ($getuser3['username'] == $username) + { + $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\""; + $getsub2 = mysql_query($getsub); + $getsub3 = mysql_fetch_array($getsub2); + if ($getsub3['identity'] == $seriesID) + { + if ($getsub3['username'] != $username) + { + return false; + } + + $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\", password = \"" . mysql_real_escape_string($subscriptionPassword) . "\" WHERE identity = \"" . mysql_real_escape_string($subscriptionID) . "\""; + $setsub2 = mysql_query($setsub); + } else { + $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username, password) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\",\"" . mysql_real_escape_string($subscriptionPassword) . "\")"; + $inssub2 = mysql_query($inssub); + } + + return true; + } else { + return false; + } } - ?> diff --git a/series/trunk/instadisc.sql b/series/trunk/instadisc.sql index 9ab9699..bb2018c 100644 --- a/series/trunk/instadisc.sql +++ b/series/trunk/instadisc.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Generation Time: Sep 13, 2008 at 09:46 AM +-- Generation Time: Sep 14, 2008 at 10:12 AM -- Server version: 5.0.51 -- PHP Version: 5.2.4-2ubuntu5.3 -- @@ -25,20 +25,6 @@ CREATE TABLE `config` ( -- -------------------------------------------------------- --- --- Table structure for table `oldVerID` --- - -DROP TABLE IF EXISTS `oldVerID`; -CREATE TABLE `oldVerID` ( - `id` int(11) NOT NULL auto_increment, - `username` varchar(255) NOT NULL, - `verID` int(11) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=MyISAM DEFAULT CHARSET=latin1; - --- -------------------------------------------------------- - -- -- Table structure for table `subscriptions` -- diff --git a/series/trunk/theme/main.tpl b/series/trunk/theme/main.tpl index 982be74..cffee3c 100644 --- a/series/trunk/theme/main.tpl +++ b/series/trunk/theme/main.tpl @@ -8,6 +8,11 @@ Here are some actions you can preform:
  • Change your Password
  • Add a new Subscription
  • Manage subscriptions
  • + +
  • Add a new user
  • +
  • Manage user
  • +
  • Log out
  • + diff --git a/series/trunk/xmlrpc.php b/series/trunk/xmlrpc.php index 114296e..01664ad 100644 --- a/series/trunk/xmlrpc.php +++ b/series/trunk/xmlrpc.php @@ -35,72 +35,8 @@ function getPasswordInfo($id) } } -function sendFromUpdate($username, $verification, $verificationID, $seriesURL, $seriesID, $title, $author, $url, $semantics, $encryptionID) -{ - if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) - { - $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\""; - $getsub2 = mysql_query($getsub); - $getsub3 = mysql_fetch_array($getsub2); - if ($getsub3['identity'] == $seriesID) - { - if ($getsub3['username'] != $username) - { - return new xmlrpcresp(new xmlrpcval('1', 'int')); - } - - $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\""; - $setsub2 = mysql_query($setsub); - } else { - $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")"; - $inssub2 = mysql_query($inssub); - } - - $client = new xmlrpc_client('http://central.fourisland.com/xmlrpc.php'); - $msg = new xmlrpcmsg("InstaDisc.sendFromSeries", array( new xmlrpcval($seriesURL, 'string'), - new xmlrpcval($seriesID, 'string'), - new xmlrpcval($title, 'string'), - new xmlrpcval($author, 'string'), - new xmlrpcval($url, 'string'), - new xmlrpcval($semantics, 'string'), - new xmlrpcval($encryptionID, 'int'))); - $client->send($msg); - - return new xmlrpcresp(new xmlrpcval('0', 'int')); - } else { - return new xmlrpcresp(new xmlrpcval('2', 'int')); - } - - return new xmlrpcresp(new xmlrpcval('1', 'int')); -} - -function initSubscription($username, $verification, $verificationID, $seriesURL, $subscriptionID, $subscriptionURL, $subscriptionTitle, $subscriptionCategory, $subscriptionPersonal) -{ - if (instaDisc_checkVerification($username, $verification, $verificationID, 'users', 'username', 'password')) - { - $getsub = "SELECT * FROM subscriptions WHERE identity = \"" . mysql_real_escape_string($seriesID) . "\""; - $getsub2 = mysql_query($getsub); - $getsub3 = mysql_fetch_array($getsub2); - if ($getsub3['identity'] == $seriesID) - { - if ($getsub3['username'] != $username) - { - return new xmlrpcresp(new xmlrpcval('1', 'int')); - } - - $setsub = "UPDATE subscriptions SET title = \"" . mysql_real_escape_string($subscriptionTitle) . "\", url = \"" . mysql_real_escape_string($subscriptionURL) . "\", category = \"" . mysql_real_escape_string($subscriptionCategory) . "\", personal = \"" . mysql_real_escape_string($subscriptionPersonal) . "\""; - $setsub2 = mysql_query($setsub); - } else { - $inssub = "INSERT INTO subscriptions (identity, title, url, category, personal, username) VALUES (\"" . mysql_real_escape_string($seriesID) . "\",\"" . mysql_real_escape_string($subscriptionTitle) . "\",\"" . mysql_real_escape_string($subscriptionURL) . "\",\"" . mysql_real_escape_string($subscriptionCategory) . "\",\"" . mysql_real_escape_string($subscriptionPersonal) . "\",\"" . mysql_real_escape_string($username) . "\")"; - $inssub2 = mysql_query($inssub); - } - } -} - $s = new xmlrpc_server(array( "InstaDisc.subscriptionInfo" => array('function' => 'subscriptionInfo'), - "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo'), - "InstaDisc.sendFromUpdate" => array('function' => 'sendFromUpdate'), - "InstaDisc.initSubscription" => array('function' => 'initSubscription') + "InstaDisc.getPasswordInfo" => array('function' => 'getPasswordInfo') ), 0); $s->functions_parameters_type = 'phpvals'; $s->service(); -- cgit 1.4.1