function auto_login()
{
if (!isset($_SESSION['valid_user']) && isset($_COOKIE['active']) && $_COOKIE['active'] == 1) {
$token = input_clean($_COOKIE['token']);
$selector = input_clean($_COOKIE['selector']);
if (!($db = db_connect())) {
echo "<br><br><br>Database Error";
exit;
} else {
$selector = mysqli_real_escape_string($db, $selector);
$hToken = crypt($token, "\$5\$");
$query = "select user_id, user_name,token from user\n where selector=?";
$stmt = $db->prepare($query);
$stmt->bind_param('s', $selector);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($user_id, $user_name, $token);
$stmt->fetch();
if (hash_equals($hToken, $token)) {
$_SESSION['valid_user'] = $user_name;
$_SESSION['user_id'] = $user_name;
} else {
setcookie('active', null, time() - 3600);
setcookie('token', null, time() - 3600);
setcookie('selector', null, time() - 3600);
}
}
}
}
}
function input($message)
{
echo $message;
$handle = fopen("php://stdin", "r");
$line = fgets($handle);
$line = input_clean($line);
return $line;
}
header("Location: discussion.php?dis_id={$dis_id_verified}");
}
}
if (!($db = db_connect())) {
echo "Database error<br>";
exit;
}
if (isset($_POST['submit2'])) {
$query = 'CALL delete_discussion (?)';
$stmt = $db->prepare($query);
$stmt->bind_param('i', $dis_id_verified);
$stmt->execute();
header("Location: show_parent_cat.php");
}
/*****************DISPLAY FORM***********************/
$username = input_clean($_SESSION['valid_user']);
$query = 'select user_type, ban_flag, f_name, m_name,
l_name, bio, email, date_joined, com_count,
dis_count, upvote_count, downvote_count
from user where user_name=?';
$stmt = $db->prepare($query);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($user_type, $ban_flag, $f_name, $m_name, $l_name, $bio, $email, $date_joined, $com_count, $dis_count, $up_count, $down_count);
$stmt->fetch();
?>
<div class ='row'>
<div class='columns panel text-center large-8 large-centered medium-8 medium-centered small-10 small-centered '>
<h2 style='color: #008cbb'>Editing <?php
<?php
include_once 'lib.php';
if (isset($_POST['user_id'])) {
if (!($db = db_connect())) {
echo "Database error";
exit;
}
$commentText = mysqli_real_escape_string($db, input_clean($_POST['text']));
$user_id = input_clean($_POST['user_id']);
$com_id = input_clean($_POST['com_id']);
$comUpdate = "update com set com_text=? where com_id=?";
$stmt = $db->prepare($comUpdate);
$stmt->bind_param('si', $commentText, $com_id);
$stmt->execute();
$userEditCom = "update user_edit_com set edit_date=now() where user_id=?";
$stmt = $db->prepare($userEditCom);
$stmt->bind_param('i', $user_id);
$stmt->execute();
$return = array();
$return['text'] = $commentText;
echo json_encode($return);
}
<?php
/*
discussion_vote.php
*/
include_once 'lib.php';
$user_id = intval(input_clean($_POST['user_id']));
$dis_id = intval(input_clean($_POST['dis_id']));
$vote = intval(input_clean($_POST['vote']));
$return = array();
//check if row exists in user_vote_dis
//if not, add to either upvote_count or downvote_count in discussion
$vote_query = "select vote from user_vote_dis \n where user_id=?\n and dis_id=?";
if (!($db = db_connect())) {
echo "<br><br><br>Database Error";
exit;
}
$user_id = mysqli_real_escape_string($db, $user_id);
$dis_id = mysqli_real_escape_string($db, $dis_id);
$stmt = $db->prepare($vote_query);
$stmt->bind_param('ii', $user_id, $dis_id);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($old_vote);
if ($stmt->num_rows > 0) {
//If they have previously voted on this comment
$stmt->fetch();
$stmt->close();
if ($old_vote == $vote) {
//Delete row from user_vote_dis
$delete = "delete from user_vote_dis where user_id = ? and dis_id = ?";
</div>
</div>
</div>
<!-------------------------------DISPLAY existing categories---------------------------------->
<div class='row'>
<div class='columns panel text-left large-8 medium-8 small-10 small-centered '>
<h3 style='color: #008cbb'> Existing Discussions in this Category: </h3><br>
<div class='row'>
<div class='large-12 medium-12 small-10 columns'>
<?php
/********** Query about Existing Discussions *******/
$discussion_flag = true;
$parent_cat = input_clean($_GET['cat_id']);
$query2 = 'select * from cat_cont_dis AS c, discussion AS d where c.cat_id = ? AND c.dis_id = d.dis_id';
$stmt = $db->prepare($query2);
if ($stmt) {
$stmt->bind_param('i', $parent_cat);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($cat_id, $dis_id1, $dis_id2, $dis_name2, $dis_text, $dis_flag, $upvote_count, $downvote_count);
while ($stmt->fetch()) {
echo "<h3> {$dis_name2}</h3>";
}
} else {
echo "<h1>Error</h1>";
}
$stmt->close();
?>
<?php
include_once 'lib.php';
if (isset($_POST['username'])) {
if (!($db = db_connect())) {
echo "Database error";
exit;
}
$commentText = mysqli_real_escape_string($db, input_clean($_POST['commentText']));
$user_id = input_clean($_POST['user_id']);
$dis_id = input_clean($_POST['dis_id']);
$parent_parent_com_id = input_clean($_POST['parent_com_id']);
$parent_com_id = input_clean($_POST['com_id']);
/********************** INSERT INTO COM *******************/
if ($parent_com_id == 1) {
$comInsert = "Insert into com (com_level, \n com_text ,parent_com_id) values (1,?,1)";
} else {
$comInsert = "Insert into com (com_level, com_text ,\n parent_com_id) values (2,?,{$parent_com_id})";
}
$stmt = $db->prepare($comInsert);
$stmt->bind_param('s', $commentText);
$stmt->execute();
/************************************************************/
$com_id = mysqli_insert_id($db);
$comInsert = "Insert into user_edit_com (user_id, com_id, edit_date, edit_type) \n values (?,?,'" . date('Y-m-d H:i:s') . "',0)";
$stmt = $db->prepare($comInsert);
$stmt->bind_param('ii', $user_id, $com_id);
$stmt->execute();
$comInsert = "Insert into dis_cont_com values (?,?)";
$stmt = $db->prepare($comInsert);
$stmt->bind_param('ii', $dis_id, $com_id);
<?php
include_once 'lib.php';
define('LENGTH', 8);
if (isset($_POST['password'])) {
if (empty($_POST['password']) || $_POST['password'] == '') {
echo 'Choose a password';
exit;
}
$pwd = input_clean($_POST['password']);
check_password($pwd);
}
/******************/
function check_password($pass)
{
$length = constant('LENGTH');
$size = strlen($pass);
$error = '';
if ($size < $length) {
$error = 'Too short';
}
if ($size >= $length) {
$error = 'Great!';
}
if (!preg_match('/[0-9]+/', $pass)) {
$error = "Invalid password";
}
if (!preg_match('/[\\W]+/', $pass)) {
$error = "Invalid password";
}
if (!preg_match('/[A-Z]+/', $pass)) {
$hashed = crypt($pwd, '$6$' . $salt);
$query = 'select user_id, selector from user where user_name=? and hashed_pwd=?';
$stmt = $db->prepare($query);
$stmt->bind_param('ss', $username, $hashed);
$stmt->execute();
$stmt->store_result();
$num_rows = $stmt->num_rows;
if ($num_rows > 0) {
$stmt->bind_result($user_id, $selector);
$stmt->fetch();
$_SESSION['valid_user'] = $username;
$_SESSION['user_id'] = $user_id;
/******* COOKIE STUFF *********/
if (isset($_POST['rememberMe'])) {
$rememberMe = input_clean($_POST['rememberMe']);
if (input_clean($_POST['rememberMe']) == 'yes') {
$exp = time() + 86400 * 30;
$token = gen_token();
/**/
setcookie("selector", $selector, $exp);
setcookie("token", $token, $exp);
setcookie("active", true, $exp);
/**/
$hToken = crypt($token, "\$5\$");
$updateToken = "Update user set token='{$hToken}' where user_id={$user_id}";
$st = $db->prepare($updateToken);
if (!$st->execute()) {
echo "<br><br><br>Error";
exit;
}
$st->close();
<?php
include_once 'lib.php';
if (isset($_POST['username'])) {
if (!($db = db_connect())) {
echo "Database error";
exit;
}
$user_id = input_clean($_POST['user_id']);
$dis_id = input_clean($_POST['dis_id']);
$bookInsert = "Delete from bookmarked \n where user_id=? and dis_id=?";
$stmt = $db->prepare($bookInsert);
$stmt->bind_param('ii', $user_id, $dis_id);
$stmt->execute();
/************************************************************/
}
<script src="js/vendor/modernizr.js"></script>
</head>
<body>
<?php
include_once 'header.php';
/********** Boolean Flags *********/
$cat_search_executed = false;
/******** If the form has been submitted *******/
if (isset($_POST['submit2'])) {
$searchstat = true;
if (!isset($_POST['search_field']) || empty($_POST['search_field'])) {
$searchstat = false;
echo "enter something!";
} else {
$cat_input_search = input_clean($_POST['search_field']);
if (!preg_match('/^[a-zA-Z-]+$/', $cat_input_search)) {
$searchstat = false;
}
}
if ($searchstat) {
if (!($db = db_connect())) {
echo 'Database error<br>';
exit;
}
?>
<br><br><br>
<div class="row">
<div class='columns panel text-center large-11 large-centered medium-11 medium-centered small-11 small-centered'>
}
$query = 'select user_id from reset_password where hash = ?';
$stmt = $db->prepare($query);
$stmt->bind_param('s', $passedhash);
// echo "<br><br><br> $passedhash";
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($userid);
$stmt->fetch();
if ($userid == 0) {
header("Location: https://www.cs.csubak.edu/~quadcore/Forum/");
}
//echo "<br><br><br> $userid";
if ($userid != 0) {
//$username = mysqli_real_escape_string($db, input_clean($_POST['username']));
$pwd = mysqli_real_escape_string($db, input_clean($_POST['password']));
$query = 'Update user set hashed_pwd = ?, salt = ? where user_id = ?';
//$query2 = 'Update salt=? from user where user_name = ?';
$fp = fopen('/dev/urandom', 'r');
$random = fread($fp, 32);
fclose($fp);
$salt = base64_encode($random);
$hashed = crypt($pwd, '$6$' . $salt);
$salt = mysqli_real_escape_string($db, $salt);
$hashed = mysqli_real_escape_string($db, $hashed);
//echo "$username ** $pwd ** $hashed ** $salt";
$stmt = $db->prepare($query);
$stmt->bind_param('sss', $hashed, $salt, $userid);
if (!$stmt->execute()) {
echo 'Failure to save to database';
$stmt->close();
$categoryname = input_clean($_POST['categoryname']);
}
/******** Category Text Input ************/
if (!isset($_POST['categorytext']) || empty($_POST['categorytext'])) {
$categorytext_flag = false;
} else {
$categorytext = input_clean($_POST['categorytext']);
}
if ($category_flag && $categorytext_flag) {
if (!($db = db_connect())) {
echo "<h4>Database Error!!<br>";
exit;
}
/************** Insert in Database -- Category **************/
$insert_pid = input_clean($_POST['parent_cat_id_post']);
$insert_level = input_clean($_POST['cat_level_post']);
$query = 'Insert into category (cat_name,cat_level,cat_text,parent_cat_id) values (?,?,?,?)';
$stmt = $db->prepare($query);
$categoryname = mysqli_real_escape_string($db, $categoryname);
$categorytext = mysqli_real_escape_string($db, $categorytext);
$stmt->bind_param('sisi', $categoryname, $insert_level, $categorytext, $insert_pid);
if (!$stmt->execute()) {
echo '<br><br><br>Error with Insertion!!<br>';
$stmt->close();
$db->close();
exit;
}
$stmt->close();
/************** Insert in Database -- Category **************/
/*
$cat_id2 = mysqli_insert_id($db);
<?php
include_once 'lib.php';
if (isset($_POST['username'])) {
if (!($db = db_connect())) {
echo "Database error";
exit;
}
$username = mysqli_real_escape_string($db, input_clean($_POST['username']));
$query = 'select * from user where user_name=?';
$stmt = $db->prepare($query);
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
$num_rows = $stmt->num_rows;
if ($num_rows > 0) {
echo 'Username taken';
}
if ($num_rows == 0 && !empty($username)) {
echo 'Username available!';
}
$stmt->close();
$db->close();
}
if (empty($_POST['username'])) {
echo 'Choose a username';
}
</div>
</div>
</div>
</div>
<!-------------------------------DISPLAY existing categories---------------------------------->
<div class='row'>
<div class='columns panel text-left large-8 medium-8 small-10 small-centered '>
<h3 style='color: #008cbb'> Existing Categories at Current Level: </h3><br>
<div class='row'>
<div class='large-12 medium-12 small-10 columns'>
<?php
/********** Get information about the existing categories ***********/
$passed_cat_level = input_clean($_GET['cat_level']);
$query = 'select * from category where cat_level=?';
$stmt = $db->prepare($query);
$stmt->bind_param('i', $passed_cat_level);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($cat_id2, $cat_name2, $cat_level2, $cat_text2, $parent_cat_id2);
while ($stmt->fetch()) {
echo "<h3>{$cat_name2}</h3>";
}
?>
</div>
</div>
</div>
