function get_cat($subcat) { $res1 = mysql_safe("SELECT id_cat FROM subcat WHERE id=?", array($subcat)); if (mysql_num_rows($res1) > 0) { $row1 = mysql_fetch_array($res1); return $row1['id_cat']; } else { return 0; } }
function appPagesIsDraft($id) { if (appPagesIsPage($id)) { $_page = query(SharedPage::$statements['is_draft'], mysql_safe($id)); return is_resource($_page) and mysql_num_rows($_page) == 1; } else { exLog("appPagesIsDraft(): Invalid reading, {$id} is not a valid page."); return false; } }
//Run on user hitting submit button if (isset($_POST['submit'])) { //Send to function FormReady check if form input is valid $output = FormReady(); //If no form input errors go if ($output == "") { //setup database connection information $connection = mysql_connect("localhost", "root", ""); $db = mysql_select_db("baseball", $connection); //set varables from user input after mysql_safe function is run from funtions.php file $firstname = mysql_safe($_POST['firstname']); $lastname = mysql_safe($_POST['lastname']); $username = mysql_safe($_POST['username']); $email = mysql_safe($_POST['email']); //for password hash with MD5 first then SHA $password = sha1(md5(mysql_safe($_POST['password']))); //Get query to check for user is in database $query = mysql_query("select username from login where username='******'", $connection); $row = mysql_fetch_assoc($query); $userCheck = $row['username']; //checks to see if the username input by user is the same as the one from database if (!isset($userCheck)) { //get query to check if email is in database $query = mysql_query("select email from login where email='{$email}'", $connection); $row = mysql_fetch_assoc($query); $emailCheck = $row['email']; //check to see if email that was input by user is already in database if (!isset($emailCheck)) { //checks if error while connecting to databes if (mysql_query("INSERT INTO login(firstname, lastname, username, password, email) VALUES('{$firstname}','{$lastname}','{$username}', '{$password}', '{$email}')", $connection)) { //use javascript to alert them that there input was successfully stored in database
public function __construct() { // Put all of the queries in one place ;) $this->statements['new_session'] = "INSERT INTO `[database]`.`[prefix]sessions` (`id`, `seed`, `verification_code`, `valid_ip`, `expire_time`, `user`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s');"; $this->statements['update_time'] = "UPDATE `[database]`.`[prefix]sessions` SET `expire_time` = '%s' WHERE CONVERT(`[prefix]sessions`.`id` USING utf8) = '%s' LIMIT 1;"; $this->statements['update_conf'] = "UPDATE `[database]`.`[prefix]sessions` SET `configuration` = '%s' WHERE CONVERT(`[prefix]sessions`.`id` USING utf8) = 'i-d' LIMIT 1;"; $this->statements['load_session'] = "SELECT * FROM `[prefix]sessions` WHERE `id` LIKE CONVERT(_utf8 '%s' USING latin1) COLLATE latin1_swedish_ci"; $this->statements['delete_session'] = "DELETE FROM `[prefix]sessions` WHERE CONVERT(`[prefix]sessions`.`id` USING utf8) = '%s' LIMIT 1"; $this->statements['delete_past_sessions'] = "DELETE FROM `[prefix]sessions` WHERE `expire_time` < %s"; $this->statements['user_from_id'] = "SELECT * FROM `[prefix]users` WHERE `id` LIKE CONVERT(_utf8 '%s' USING latin1) COLLATE latin1_swedish_ci"; $this->statements['user_from_username'] = "******"; // Check for banned users by IP regardless (user check comes later) if (in_array($this->sClientIP, cfRead('Banned IPs'))) { die(cfRead('Banned User Error Message')); } // Setup properties $this->verified = true; // This is assumed, can be override in Initialize.php $this->reload = false; // Shortcut: Is this a reload or new session $this->guest = true; // Shortcut: Is user a guest $_create = true; // Make new session? // Diagnostic Defaults $this->action = '-- action : not set --'; $this->mode = '-- mode : not set --'; $this->roles = cfRead('Roles'); // For documentation on roles see section X.X.X // Setup Session $this->session['id'] = mysql_safe($_COOKIE['kSessionID']); $this->session['seed'] = mysql_safe($_COOKIE['kSessionSeed']); // Setup Auth $this->auth['attempt'] = isset($_POST['kAuthAttempt']); $this->auth['username'] = mysql_safe($_POST['kAuthUsername']); $this->auth['password'] = md5($_POST['kAuthPassword']); $random_helper = unique_seed(); // Check for possibilit of reloading session if (!is_null($this->session['id'])) { exMethod('Authority: _attemptReload'); // Load the session $_session = query($this->statements['load_session'], $this->session['id']); if (is_resource($_session) and mysql_num_rows($_session) == 1) { exMethod('Authority: _sessionExists'); $session = mysql_fetch_assoc($_session); // Check for user type $session['guest'] = substr($session['user'], 0, 2) == 'g:'; // Load user (based on type info) if (!$session['guest']) { exMethod('Authority: _sessionIsGuest'); $_user = query($this->statements['user_from_id'], substr($session['user'], 2)); if (is_resource($_user) and mysql_num_rows($_user)) { $session['user'] = mysql_fetch_assoc($_user); } // Check if user is banned if ($session['user']['banned']) { die(cfRead('Banned User Error Message')); } } $test['v_Code'] = md5($this->session['seed'] . $session['seed']) == $session['verification_code']; $test['ip'] = client_ip == $session['valid_ip']; $test['expire'] = $session['expire_time'] > time(); exMethod(print_r($test, true)); if (md5($this->session['seed'] . $session['seed']) == $session['verification_code'] and client_ip == $session['valid_ip'] and $session['expire_time'] > time()) { $this->sessionReload($session); $_create = false; } } } // Work with auth attempts if ($this->auth['attempt']) { exMethod('Authority: _authAttempt'); $_user = query($this->statements['user_from_username'], $this->auth['username']); if (is_resource($_user) and mysql_num_rows($_user) == 1) { $user = mysql_fetch_assoc($_user); exLog("\n" . $this->auth['password'] . "\n" . $user['password']); if ($this->auth['password'] == $user['password']) { $this->sessionCreate($user); $_create = false; } } } // Create New Session ??? if ($_create) { exMethod('Authority: _create'); $this->sessionCreate(); } }
<?php # Pages Application if (!is_null($_GET['arg']) and $_GET['arg'] != '') { exMethod("Pages: View -> Single Page with ID {$_GET['arg']}"); $page = new Page(mysql_safe($_GET['arg']), true); if (!is_null($page->id)) { add(template('Single Page', 'Page Name: %1$s<br />Date Mod: %3$s | Date Created: %4$s<br />Author: %7$s<br /><pre style="color:green">%2$s</pre>'), $page->name, $page->content, format_date($page->date_modified), format_date($page->date_created), $page->author->id, $page->author->username, $page->author->display_name); } else { error('Page Not Found', 'You entered an invalid page.'); } } else { exMethod("Pages: View -> List with offset({$_GET['offset']}) and count({$_GET['count']})"); $pages = SharedPage::Fetch(mysql_safe($_GET['offset']), mysql_safe($_GET['count']), true); // DONT CARE YET }
echo "<input type='text' name='percent' value='" . $row1['percent'] . "' size=5>"; echo "</td>"; echo "<td>"; echo "<input type='text' name='round' value='" . $row1['round'] . "' size=5>"; echo "</td>"; echo "<td>"; echo "<input type='submit' value='change'>"; echo "</form>"; echo "</tr>"; } echo "</table>"; echo "</div>"; } } else { // category list $res = mysql_safe("SELECT * FROM category"); while ($row = mysql_fetch_array($res)) { echo "<a href='adm.php?login="******"&pass="******"&cat=" . $row['id'] . "' class='menuitem'>" . $row['name'] . "</a><br>"; } echo "</div>"; echo "<div id='rightcolumn'>"; echo "Choose category for change"; echo "</div>"; } } else { show_form(); echo "</div>"; echo "<div id='rightcolumn'>"; echo "Incorrect login-pass pair, try again"; echo "</div>"; }