function confirmPGP($email, $confirm) { require_once includePath() . "/lock.php"; if (!lockAction('confirmpgp')) { return false; } $result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email)); if ($row = $result->fetch()) { databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0])); return true; } return false; }
function postDrop($post_id) { global $database_cfg; if (postExistsById($post_id)) { databaseQuery("delete from " . $database_cfg["prefix"] . "posts where id='" . intval($post_id) . "'", "Can't delete post"); } }
function groupDropFlags($id, $flags) { $group = groupGetById($id); if (is_array($group)) { $flags1 = $group["flags"]; $flags1 = stringDropTokens($flags1, $flags); global $database_cfg; databaseQuery("update " . $database_cfg["prefix"] . "groups set (flags='" . $flags1 . "'", "Can not add group flags"); } else { return "Group with given id doesn't exists"; } }
function topicAddModerators($topic_id, $users) { global $database_cfg; $topic_moders = topicGetModeratorsString($topic_id); $topic_moders = stringAddTokens($topic_moders, $users); databaseQuery("update " . $database_cfg["prefix"] . "topics set moderators='" . $topic_moders . "' where id='" . intval($topic_id) . "'", "Can't set topic moderators"); }
} else { $message = $spaceName . " is already added to the list!"; } } } else { $message = "The URL is already added to the list!"; } } else { $message = urlencode("Please include the JSON URL to use for the space.\nExample: /add https://example.com/json"); } sendMessage($recipient, $message); } else { if ($command == "/start" || $command == "/help") { $message = urlencode("Let's get started!\n\nFirst of all, to get a list of all spaces that are available to use within this bot, use /spaces.\nIf you see a space you'd like to get the status of, use /state <space>.\nWant to set a default? Use /default <space>. You can get the status of the default space with /state.\nIf there's a space that you'd like to use this bot with, use /add <url>.\n\nFor background info about this bot, use /info.\n\nDo you want to completely remove all your preferences stored by this bot? Use /purge."); sendMessage($recipient, $message); } else { if ($command == "/info") { $message = urlencode("This bot has been created by @stuiterveer. Shoot me a message if you'd like or visit https://stuiterveer.com/. It's okay, I won't bite!\n\nLooking for the source code for this bot? https://github.com/ACKspace/SpaceAPIBot has everything you need!"); sendMessage($recipient, $message); } else { if ($command == "/purge") { databaseQuery("DELETE FROM " . $defaultsTable . " WHERE `ID` = " . $recipient); $message = "All data that's stored for your account by this bot is removed!"; sendMessage($recipient, $message); } } } } } } }
function userDrop($user_id) { global $database_cfg; if (userExistsById($user_id)) { databaseQuery("delete from " . $database_cfg["prefix"] . "users where id='" . intval($post_id) . "'", "Can't delete user"); } }
<?php // // logout.php // IT Club // // Copyright (c) 2015, Mr. Gecko's Media (James Coleman) // All rights reserved. // // The log out page. // databaseQuery("UPDATE users SET time=%d WHERE docid=%s", $_MGM['time'], $_MGM['user']['docid']); setcookie("{$_MGM['CookiePrefix']}user_email", "", $_MGM['time'], $_MGM['CookiePath'], $_MGM['CookieDomain']); setcookie("{$_MGM['CookiePrefix']}user_password", "", $_MGM['time'], $_MGM['CookiePath'], $_MGM['CookieDomain']); header("location: " . generateURL("login")); exit;
function setSetting($name, $value) { $results = databaseQuery("SELECT value FROM settings WHERE name=%s", $name); if ($results == NULL || databaseRowCount($results) == 0) { databaseQuery("INSERT INTO settings (name,value) VALUES (%s,%s)", $name, $value); } else { databaseQuery("UPDATE settings SET value=%s WHERE name=%s", $value, $name); } }
?> <span style="color: #ff0000">Missing fields.</span><?php exit; } if (!filter_var($contact, FILTER_VALIDATE_EMAIL)) { $contact = preg_replace("/[^0-9]/", "", $contact); if (strlen($contact) == 7) { $contact = "256" . $contact; } else { if (strlen($contact) != 10) { ?> <span style="color: #ff0000">Invalid contact info.</span><?php exit; } } } $rsvps = databaseQuery("SELECT * FROM rsvp WHERE meeting=%s AND contact=%s", $id, $contact); $rsvp = databaseFetchAssoc($rsvps); if ($rsvp != NULL) { databaseQuery("UPDATE rsvp SET choice=%s WHERE meeting=%s AND contact=%s", $choice, $id, $contact); ?> <span style="color: #00ff00">Your RSVP was updated.</span><?php } else { databaseQuery("INSERT INTO rsvp (meeting,name,contact,choice,date) VALUES (%s,%s,%s,%s,%s)", $id, $name, $contact, $choice, $_MGM['time']); ?> <span style="color: #00ff00">Your RSVP was submitted.</span><?php } } } } exit;
function lockAction($action) { global $config; $lock_time_initial = $config['lock_time_initial']; $lock_time_overload = $config['lock_time_overload']; $lock_count_overload = $config['lock_count_overload']; $lock_time_reset = $config['lock_time_reset']; $lock_time_max = $config['lock_time_max']; if (!isset($lock_time_initial[$action])) { return true; //well we can't do anything... } $ip = $_SERVER['REMOTE_ADDR']; $replace_id = -1; //first find records with ip/action $result = databaseQuery("SELECT id, time, num FROM gpgmw_locks WHERE ip = ? AND action = ?", array($ip, $action), true); if ($row = $result->fetch()) { $id = $row['id']; $time = $row['time']; $count = $row['num']; //>=0 count means it's a regular initial lock; -1 count means overload lock if ($count >= 0) { if (time() <= $time + $lock_time_initial[$action]) { return false; } else { if (time() > $time + $lock_time_reset) { //this entry is old, but use it to replace $replace_id = $id; } else { //increase the count; maybe initiate an OVERLOAD $count = $count + 1; if ($count >= $lock_count_overload[$action]) { databaseQuery("UPDATE gpgmw_locks SET num = '-1', time = ? WHERE ip = ?", array(time(), $ip)); return false; } else { databaseQuery("UPDATE gpgmw_locks SET num = ?, time = ? WHERE ip = ?", array($count, time(), $ip)); } } } } else { if (time() <= $time + $lock_time_overload[$action]) { return false; } else { //their overload is over, so this entry is old $replace_id = $id; } } } else { databaseQuery("INSERT INTO gpgmw_locks (ip, time, action, num) VALUES (?, ?, ?, '1')", array($ip, time(), $action)); } if ($replace_id != -1) { databaseQuery("UPDATE gpgmw_locks SET num = '1', time = ? WHERE id = ?", array(time(), $replace_id)); } //some housekeeping $delete_time = time() - $lock_time_max; databaseQuery("DELETE FROM gpgmw_locks WHERE time <= ?", array($delete_time)); return true; }
// $error = ""; if (isset($_REQUEST['login'])) { $email = isset($_REQUEST['email']) ? trim($_REQUEST['email']) : ""; $password = isset($_REQUEST['password']) ? trim($_REQUEST['password']) : ""; $result = databaseQuery("SELECT * FROM users WHERE email=%s AND level!=0", $email); $user = databaseFetchAssoc($result); if ($user == NULL) { $error = "Invalid login credentials."; } else { $salt = substr($user['password'], 0, 12); $epassword = $salt . hashPassword($password, hex2bin($salt)); if ($epassword != $user['password']) { $error = "Invalid login credentials."; } else { databaseQuery("UPDATE users SET time=%d WHERE email=%s", $_MGM['time'], $email); setcookie("{$_MGM['CookiePrefix']}user_email", $email, $_MGM['time'] + 31536000, $_MGM['CookiePath'], $_MGM['CookieDomain']); setcookie("{$_MGM['CookiePrefix']}user_password", hash("sha512", $epassword . $_MGM['time']), $_MGM['time'] + 31536000, $_MGM['CookiePath'], $_MGM['CookieDomain']); header("location: " . generateURL("members")); exit; } } } require_once "header.php"; if (!empty($error)) { ?> <div style="color: #ff0000; font-weight: bold;"><?php echo $error; ?> </div><?php }
<?php // // rsvp.php // IT Club // // Copyright (c) 2015, Mr. Gecko's Media (James Coleman) // All rights reserved. // // RSVP Center. // require_once "header.php"; if (!empty($_MGM['path'][1]) && intVal($_MGM['path'][1]) != 0) { $meetings = databaseQuery("SELECT * FROM meetings WHERE id=%s", $_MGM['path'][1]); $meeting = databaseFetchAssoc($meetings); ?> <style type="text/css"> #rsvp_form { margin: 0 auto; width: 280px; padding: 20px; border-radius: 20px; background: #ffffff; } .rsvp_option { display: inline; } </style> <br /> <div id="rsvp_form"> <h4 style="text-align: center;">Meeting RSVP for<br /><?php
<body> <div id="wrapper"> <nav id="sidebar-wrapper"> <ul class="sidebar-nav"> <li class="sidebar-brand"> <a href="<?php echo $_MGM['installPath']; ?> "><img src="<?php echo $_MGM['installPath']; ?> logo.png" alt="logo" id="sidebar-logo" /></a> </li> <?php $results = databaseQuery("SELECT * FROM `sidebar` ORDER BY `order`"); while ($result = databaseFetchAssoc($results)) { ?> <li class="sidebar-link"><a <?php echo substr($result['url'], 0, 1) == "/" ? "" : "target=\"_blank\""; ?> href="<?php echo htmlspecialchars($result['url'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true); ?> "><?php echo htmlspecialchars($result['title'], ENT_COMPAT | ENT_HTML401, 'UTF-8', true); ?> </a></li><?php } ?> <?php