function autologin() { if (isset($_COOKIE['user']) && isset($_COOKIE['passwd']) && isset($_COOKIE['userid'])) { global $db; $pass = $_COOKIE['passwd']; $user = $_COOKIE['user']; $userid = $_COOKIE['userid']; $sql = 'SELECT * FROM ' . db_tablename('users') . ' WHERE id=' . $db->quote((int) $userid) . ' AND user='******'password'])) { return; } $passchk = md5($row['password'] . $row['salt']); if ($pass == $passchk) { $_SESSION['user'] = $row['user']; $_SESSION['level'] = $row['level']; $_SESSION['userid'] = $row['id']; $_SESSION['logged_in'] = 1; mk_cookie('user', $row['user']); mk_cookie('userid', $row['id']); mk_cookie('passwd', $passchk); } } }
function db_query_singlevalue($sql) { global $db; $args = array(); for ($i = 1; $i < func_num_args(); $i++) { $args[] = func_get_arg($i); } $sth = $db->prepare($sql); check_db_res($sth, $sql); $sth->execute($args); $tmp = $sth->fetch(PDO::FETCH_NUM); return $tmp[0]; }
function quote_queue($method) { global $CONFIG, $TEMPLATE, $db; if ($method == 'judgement') { $x = 0; $sth = $db->query("SELECT * FROM " . db_tablename('queue')); while ($row = $sth->fetch()) { if (isset($_POST['q' . $row['id']])) { $judgement_array[$x] = $_POST['q' . $row['id']]; $x++; } } $x = 0; while (isset($judgement_array[$x])) { $qid = (int) substr($judgement_array[$x], 1); if (substr($judgement_array[$x], 0, 1) == 'y') { $fields = 'quote,rating,flag,date,submitip'; $sql = "SELECT quote FROM " . db_tablename('queue') . " WHERE id =" . $db->quote($qid); $res = $db->query($sql); $tmpdata = $res->fetch(PDO::FETCH_ASSOC); $quotetxt = $tmpdata['quote']; $sql = "INSERT INTO " . db_tablename('quotes') . " ({$fields}) SELECT {$fields} FROM " . db_tablename('queue') . " WHERE id =" . $db->quote($qid); db_query($sql); $sql = 'SELECT LAST_INSERT_ID() FROM ' . db_tablename('quotes'); $res = $db->query($sql); $tmpdata = $res->fetch(PDO::FETCH_NUM); $quoteid = $tmpdata[0]; $qarr = preg_split('/\\n/', html_entity_decode($quotetxt)); $sql = 'INSERT INTO ' . db_tablename('dupes') . ' (normalized, quote_id) VALUES (?, ?)'; $stha = $db->prepare($sql); foreach ($qarr as $l) { $l = normalize_quote_line($l); if (!(strlen($l) < 5 || strpos($l, ' ') === FALSE)) { $stha->execute(array($l, $quoteid)); } } $db->query("DELETE FROM " . db_tablename('queue') . " WHERE id =" . $db->quote($qid)); $TEMPLATE->add_message(sprintf(lang('quote_accepted'), $quoteid)); } else { $db->query("DELETE FROM " . db_tablename('queue') . " WHERE id =" . $db->quote($qid)); $TEMPLATE->add_message(sprintf(lang('quote_deleted'), $qid)); } $x++; } } $sql = 'SELECT * FROM ' . db_tablename('queue') . ' ORDER BY id ASC'; $res = $db->query($sql); check_db_res($res, $sql); $innerhtml = ''; $x = 0; while ($row = $res->fetch()) { $dupes = find_maybe_dupes($row['quote']); $innerhtml .= $TEMPLATE->quote_queue_page_iter($row['id'], mangle_quote_text($row['quote']), $dupes); $x++; } print $TEMPLATE->quote_queue_page($innerhtml); }