public function show($num) { $ammo = Engine::protect($num); $query = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT {$num}"); $result = $query; if ($result) { while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo stripslashes('<article class="news"> <h2 class="topic">' . $row['title'] . '</h2> <div class="post"> ' . $row['content'] . ' </div> </article> <hr /> '); } echo ' </div> </body> </html> '; } else { echo 'News System is undergoing maintenance. Please check back soon!'; } }
/** * * @param string $u Username * @param string $v Vkey * Void */ public function doValidate($u, $v) { global $min_usr, $max_usr; $user = $this->username = $u; $key = $this->vkey = $v; /*if(strlen($user) > $max_usr || strlen($user) < $min_usr) { exit("Unable to validate :: Invalid username!"); }*/ ##<!-- Does captcha pass? --> $privatekey = "NkxkSHZMOFNBQUFBQUNUSjFyV2tWd2FxS04wUHJXck5DYUFESHV5Qw=="; $resp = recaptcha_check_answer(base64_decode($privatekey), $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { exit("The reCAPTCHA was entered incorrectly."); } ##<!-- Sanitize Username -->## /*$user = trim($user); $user = htmlspecialchars($user,ENT_QUOTES);*/ $user = parent::protect($user); ##<!-- Sanitize vkey -->## $key = strip_tags($key); $key = parent::protect($key); $query = mysql_query("SELECT * FROM hxm_members WHERE `username` = '{$user}' AND `key` = '{$key}'"); $result = mysql_num_rows($query); if ($result > 0 && $result < 2) { $update = mysql_query("UPDATE hxm_members SET `group` = '1' WHERE `username` = '{$user}' AND `key` = '{$key}'"); } if ($update) { header("Location: " . HOME); } else { exit("Invalid key or user has already validated."); } }
/** * * Void * Checks if user is logged in */ public function chkLogin() { global $cookie_prefix; if (isset($_COOKIE[$cookie_prefix . "id"]) && isset($_COOKIE[$cookie_prefix . "pass"])) { #<!-- Sanitize ID --> $id = $_COOKIE[$cookie_prefix . "id"]; /*$id = mysql_real_escape_string($id); $id = strip_tags($id);*/ $id = parent::protect($id); #<!-- Sanitize Pass --> $pass = $_COOKIE[$cookie_prefix . "pass"]; /*$pass = mysql_real_escape_string($pass); $pass = strip_tags($pass);*/ $pass = parent::protect($pass); $query = mysql_query("SELECT * FROM `hxm_members` WHERE `id` = '{$id}' AND `password` = '{$pass}'"); $result = mysql_num_rows($query); $data = mysql_fetch_array($query); if ($result != 1) { header("Location: " . AUTH); } if ($data["group"] == "0") { header("Location: " . AUTH); } } else { header("Location: " . AUTH); } }