echo CMTX_MSG_DEMO;
    ?>
</div>
<div style="clear: left;"></div>
<?php 
} else {
    if (isset($_POST['bulk_delete']) && isset($_POST['bulk'])) {
        cmtx_check_csrf_form_key();
        $items = $_POST['bulk'];
        $count = count($items);
        $success = 0;
        $failure = 0;
        for ($i = 0; $i < $count; $i++) {
            $id = $items[$i];
            $id = cmtx_sanitize($id);
            if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `is_super` = '1' AND `id` = '{$id}'"))) {
                $failure++;
            } else {
                cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `id` = '{$id}'");
                $success++;
            }
        }
        if ($success == 1) {
            ?>
<div class="success"><?php 
            echo CMTX_MSG_ADMIN_BULK_DELETED;
            ?>
</div><?php 
        }
        if ($success > 1) {
            ?>
        if (isset($_POST['receive_email_new_comment_okay'])) {
            $receive_email_new_comment_okay = 1;
        } else {
            $receive_email_new_comment_okay = 0;
        }
        if (isset($_POST['receive_email_new_flag'])) {
            $receive_email_new_flag = 1;
        } else {
            $receive_email_new_flag = 0;
        }
        $username_san = cmtx_sanitize($username);
        if (!empty($_POST['password_1'])) {
            $password_san = cmtx_sanitize($password);
        }
        $email_san = cmtx_sanitize($email);
        if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `username` = '{$username_san}' AND `id` != '{$admin_id}'"))) {
            ?>
<div class="error"><?php 
            echo CMTX_MSG_ADMIN_EXISTS;
            ?>
</div>
<div style="clear: left;"></div>
<?php 
        } else {
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `username` = '{$username_san}' WHERE `id` = '{$admin_id}'");
            if (!empty($_POST['password_1'])) {
                cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `password` = '{$password_san}' WHERE `id` = '{$admin_id}'");
            }
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `email` = '{$email_san}' WHERE `id` = '{$admin_id}'");
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `receive_email_new_ban` = '{$receive_email_new_ban}' WHERE `id` = '{$admin_id}'");
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `receive_email_new_comment_approve` = '{$receive_email_new_comment_approve}' WHERE `id` = '{$admin_id}'");
Exemple #3
0
        echo CMTX_RATE_NO_PAGE;
        return;
    }
    //check if user has already rated as a poster
    $query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `page_id` = '{$id}' AND `ip_address` = '{$ip_address}' AND `rating` != '0'");
    $count = cmtx_db_num_rows($query);
    if ($count > 0) {
        echo CMTX_RATE_ALREADY_RATED;
        return;
    }
    //check if user has already rated as a guest
    $query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "ratings` WHERE `page_id` = '{$id}' and `ip_address` = '{$ip_address}'");
    $count = cmtx_db_num_rows($query);
    if ($count > 0) {
        echo CMTX_RATE_ALREADY_RATED;
        return;
    }
    //check if user is banned
    $query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "bans` WHERE `ip_address` = '{$ip_address}'");
    $count = cmtx_db_num_rows($query);
    if ($count > 0) {
        echo CMTX_RATE_BANNED;
        return;
    }
    cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "ratings` (`page_id`, `rating`, `ip_address`, `dated`) values ('{$id}', '{$rating}', '{$ip_address}', NOW())");
    $result = cmtx_db_query("SELECT AVG(`rating`) \r\n\tFROM ( \r\n\tSELECT `rating` FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' AND `rating` != '0' AND `page_id` = '{$id}' \r\n\tUNION ALL \r\n\tSELECT `rating` FROM `" . $cmtx_mysql_table_prefix . "ratings` WHERE `page_id` = '{$id}' \r\n\t) \r\n\tAS `average`\r\n\t");
    $average = cmtx_db_fetch_assoc($result);
    $average = $average["AVG(`rating`)"];
    $average = round($average, 0);
    echo $average;
}
Exemple #4
0
                echo CMTX_RESET_BUTTON;
                ?>
' value='<?php 
                echo CMTX_RESET_BUTTON;
                ?>
'/>
	</fieldset>
	</form>
	<div style="text-align:center; margin-top:10px;">
	<?php 
                if (isset($_POST['email'])) {
                    if (cmtx_setting('is_demo')) {
                        echo '<span class="negative">' . CMTX_RESET_DEMO . '</span><p />';
                    } else {
                        $email = cmtx_sanitize($_POST['email']);
                        if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'"))) {
                            $admin_query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'");
                            $admin_result = cmtx_db_fetch_assoc($admin_query);
                            $resets = $admin_result['resets'];
                            if ($resets >= 5) {
                                echo '<span class="negative">' . CMTX_RESET_LIMIT . '</span><p />';
                            } else {
                                $resets++;
                                cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `resets` = '{$resets}' WHERE `email` = '{$email}'");
                                $username = $admin_result['username'];
                                $password = cmtx_get_random_key(10);
                                if (file_exists($cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt')) {
                                    $reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt';
                                    //build path to custom reset password email file
                                } else {
                                    $reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/reset_password.txt';
Exemple #5
0
    $cmtx_mysql_database = ' ';
}
if (empty($cmtx_mysql_port)) {
    @($cmtx_link = mysqli_connect($cmtx_mysql_host, $cmtx_mysql_username, $cmtx_mysql_password, $cmtx_mysql_database));
} else {
    @($cmtx_link = mysqli_connect($cmtx_mysql_host, $cmtx_mysql_username, $cmtx_mysql_password, $cmtx_mysql_database, $cmtx_mysql_port));
}
if (!$cmtx_link) {
    if (defined('CMTX_IN_INSTALLER') || defined('CMTX_IN_ADMIN')) {
        cmtx_db_error_connect(mysqli_connect_errno(), mysqli_connect_error());
    } else {
        cmtx_db_error_general();
    }
    $cmtx_db_ok = false;
    return;
}
if (cmtx_db_num_rows(cmtx_db_query("SHOW TABLES LIKE '" . $cmtx_mysql_table_prefix . "comments'")) == 0) {
    if (defined('CMTX_IN_ADMIN')) {
        cmtx_db_error_table();
        $cmtx_db_ok = false;
        return;
    } else {
        if (defined('CMTX_IN_INSTALLER')) {
        } else {
            cmtx_db_error_general();
            $cmtx_db_ok = false;
            return;
        }
    }
}
cmtx_db_set_charset();
Exemple #6
0
function cmtx_is_administrator()
{
    //is the user the administrator
    global $cmtx_mysql_table_prefix;
    //globalise variables
    //initialise values
    $administrator_found = false;
    $admin_ip_address_found = false;
    $admin_cookie_found = false;
    $detect_admin = false;
    $detect_method = 'both';
    //check IP address
    $ip_address = cmtx_get_ip_address();
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `ip_address` = '{$ip_address}' AND `is_enabled` = '1'"))) {
        $admin_ip_address_found = true;
        //set IP address flag as true
    }
    //check cookie
    if (isset($_COOKIE['Commentics-Admin']) && ctype_alnum($_COOKIE['Commentics-Admin']) && cmtx_strlen($_COOKIE['Commentics-Admin']) == 20) {
        $cookie_value = cmtx_sanitize($_COOKIE['Commentics-Admin'], true, true);
        if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `cookie_key` = '{$cookie_value}' AND `is_enabled` = '1'"))) {
            $admin_cookie_found = true;
            //set cookie flag as true
        }
    }
    //get detection settings
    if ($admin_ip_address_found || $admin_cookie_found) {
        if ($admin_ip_address_found) {
            $detection_settings = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `ip_address` = '{$ip_address}' AND `is_enabled` = '1' LIMIT 1");
            $detection_settings = cmtx_db_fetch_assoc($detection_settings);
            $detect_admin = $detection_settings['detect_admin'];
            $detect_method = $detection_settings['detect_method'];
        } else {
            $detection_settings = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `cookie_key` = '{$cookie_value}' AND `is_enabled` = '1' LIMIT 1");
            $detection_settings = cmtx_db_fetch_assoc($detection_settings);
            $detect_admin = $detection_settings['detect_admin'];
            $detect_method = $detection_settings['detect_method'];
        }
    }
    if ($detect_admin) {
        //if administrator should be detected
        if ($detect_method == 'ip_address') {
            if ($admin_ip_address_found) {
                $administrator_found = true;
            }
        } else {
            if ($detect_method == 'cookie') {
                if ($admin_cookie_found) {
                    $administrator_found = true;
                }
            } else {
                if ($detect_method == 'either') {
                    if ($admin_ip_address_found || $admin_cookie_found) {
                        $administrator_found = true;
                    }
                } else {
                    if ($detect_method == 'both') {
                        if ($admin_ip_address_found && $admin_cookie_found) {
                            $administrator_found = true;
                        }
                    }
                }
            }
        }
    }
    return $administrator_found;
}
Exemple #7
0
function cmtx_user_trusted()
{
    //check if user has previously posted an approved comment
    global $cmtx_name, $cmtx_mysql_table_prefix;
    //globalise variables
    $ip_address = cmtx_get_ip_address();
    //get user's IP address
    //if the user's name and IP address match and an approved comment is found
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `name` = '{$cmtx_name}' AND `ip_address` = '{$ip_address}' AND `is_approved` = '1'"))) {
        return true;
        //user is trusted
    } else {
        return false;
        //user is not trusted
    }
}
</div><?php 
    die;
}
if (isset($_GET['confirm'])) {
    //confirm
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}' AND `is_confirmed` = '0'"))) {
        cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "subscribers` SET `is_confirmed` = '1' WHERE `token` = '{$token}'");
        ?>
<div class="success"><?php 
        echo CMTX_SUB_MSG_CONFIRMED;
        ?>
</div><?php 
        ?>
<div style="clear:left"></div><?php 
    } else {
        if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}' AND `is_confirmed` = '1'"))) {
            ?>
<div class="warning"><?php 
            echo CMTX_SUB_MSG_ALREADY_CONFIRMED;
            ?>
</div><?php 
            ?>
<div style="clear:left"></div><?php 
        }
    }
} else {
    cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "subscribers` SET `is_confirmed` = '1' WHERE `token` = '{$token}'");
}
if (isset($_GET['unsubscribe'])) {
    //unsubscribe
    cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'");
            printf(CMTX_MSG_SUBS_BULK_DELETED, $count);
            ?>
</div><?php 
        }
        ?>
<div style="clear: left;"></div>
<?php 
    }
}
?>

<p />

<?php 
$pages = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages`");
if (cmtx_db_num_rows($pages)) {
    ?>
<form name="add_subscriber" id="add_subscriber" action="index.php?page=manage_subscribers" method="post">
<?php 
    echo CMTX_FIELD_LABEL_NAME;
    ?>
 <input type="text" required name="name" size="12" maxlength="250"/>&nbsp;
<?php 
    echo CMTX_FIELD_LABEL_EMAIL;
    ?>
 <input type="email" required name="email" size="30" maxlength="250"/>&nbsp;
<?php 
    echo CMTX_FIELD_LABEL_PAGE;
    ?>
 <select name="page_id"> <?php 
    $pages = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` ORDER BY `id` ASC");
Exemple #10
0
			You have arrived at this page from outside of the admin panel.
			<p />
			Please access this page through the menu above.
			<?php 
            die;
        }
    }
}
if (cmtx_restrict_page($_GET['page'])) {
    echo '<h3>Page Restricted</h3>';
    echo '<hr class="title"/>';
    echo 'You don\'t have permission to view this page.';
    die;
}
$access_log = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "access`");
$total = cmtx_db_num_rows($access_log);
if ($total >= 100) {
    cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "access` ORDER BY `dated` ASC LIMIT 1");
}
if (file_exists('includes/pages/' . basename($_GET['page']) . '.php')) {
    $admin_id = cmtx_get_admin_id();
    $username = cmtx_sanitize($_SESSION['cmtx_username']);
    $page = cmtx_sanitize(basename($_GET['page']));
    $ip_address = cmtx_get_ip_address();
    cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "access` (`admin_id`, `username`, `ip_address`, `page`, `dated`) VALUES ('{$admin_id}', '{$username}', '{$ip_address}','{$page}', NOW());");
    require 'includes/pages/' . basename($_GET['page']) . '.php';
} else {
    require 'includes/pages/dashboard.php';
}
?>
</body>
Exemple #11
0
    if ($type == 'like' && cmtx_setting('show_like')) {
        cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "comments` SET `likes` = `likes` + 1 WHERE `id` = '{$id}'");
        cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "voters` (`comment_id`, `ip_address`, `dated`) values ('{$id}', '{$ip_address}', NOW())");
    } else {
        if ($type == 'dislike' && cmtx_setting('show_dislike')) {
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "comments` SET `dislikes` = `dislikes` + 1 WHERE `id` = '{$id}'");
            cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "voters` (`comment_id`, `ip_address`, `dated`) values ('{$id}', '{$ip_address}', NOW())");
        }
    }
    if ($type == 'like') {
        $result = cmtx_db_query("SELECT `likes` FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `id` = '{$id}'");
        if (cmtx_db_num_rows($result)) {
            $row = cmtx_db_fetch_assoc($result);
            $likes = $row['likes'];
        } else {
            $likes = 0;
        }
        echo '<img src="' . cmtx_commentics_url() . 'images/buttons/like.png" alt="Like" title="' . CMTX_TITLE_LIKE . '"/><span id="cmtx_flash_like_' . $id . '">' . $likes . '</span>';
    } else {
        if ($type == 'dislike') {
            $result = cmtx_db_query("SELECT `dislikes` FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `id` = '{$id}'");
            if (cmtx_db_num_rows($result)) {
                $row = cmtx_db_fetch_assoc($result);
                $dislikes = $row['dislikes'];
            } else {
                $dislikes = 0;
            }
            echo '<img src="' . cmtx_commentics_url() . 'images/buttons/dislike.png" alt="Dislike" title="' . CMTX_TITLE_DISLIKE . '"/><span id="cmtx_flash_dislike_' . $id . '">' . $dislikes . '</span>';
        }
    }
}
Exemple #12
0
<?php 
} else {
    if (isset($_POST['submit'])) {
        cmtx_check_csrf_form_key();
        $id = $_GET['id'];
        $identifier = $_POST['identifier'];
        $reference = $_POST['reference'];
        $url = $_POST['url'];
        $form_enabled = $_POST['form_enabled'];
        $id_san = cmtx_sanitize($id);
        $identifier_san = cmtx_sanitize($identifier);
        $reference_san = cmtx_sanitize($reference);
        $url_san = cmtx_url_encode_spaces($url);
        $url_san = cmtx_sanitize($url_san);
        $form_enabled_san = cmtx_sanitize($form_enabled);
        if (!empty($identifier) && cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` WHERE `identifier` = '{$identifier_san}' AND `id` != '{$id_san}'"))) {
            ?>
<div class="error"><?php 
            echo CMTX_MSG_IDENTIFIER_EXISTS;
            ?>
</div>
<div style="clear: left;"></div>
<?php 
        } else {
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `identifier` = '{$identifier_san}' WHERE `id` = '{$id_san}'");
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `reference` = '{$reference_san}' WHERE `id` = '{$id_san}'");
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `url` = '{$url_san}' WHERE `id` = '{$id_san}'");
            cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `is_form_enabled` = '{$form_enabled_san}' WHERE `id` = '{$id_san}'");
            ?>
<div class="success"><?php 
            echo CMTX_MSG_PAGE_UPDATED;
Exemple #13
0
/* Time Zone */
cmtx_set_time_zone(cmtx_setting('time_zone'));
if (isset($_GET['id']) && ctype_digit($_GET['id']) && cmtx_strlen($_GET['id']) < 10) {
    //if page ID is in URL and it validates
    $id = (int) $_GET['id'];
    $id = cmtx_sanitize($id, true, true);
    $query = "SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' AND `page_id` = '{$id}' ORDER BY `dated` DESC";
    //get page's items
} else {
    $query = "SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' ORDER BY `dated` DESC";
    //get all items
}
/* Last Build Date */
$lbd_query = $query . " LIMIT 1";
$lbd_query = cmtx_db_query($lbd_query);
if (cmtx_db_num_rows($lbd_query)) {
    $lbd_result = cmtx_db_fetch_assoc($lbd_query);
    $last_build_date = date("r", strtotime($lbd_result["dated"]));
}
/* Most Recent */
if (cmtx_setting('rss_most_recent_enabled')) {
    $query .= " LIMIT " . cmtx_setting('rss_most_recent_amount');
}
$result = cmtx_db_query($query);
echo '<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
	<channel>
		<title>' . cmtx_encode(cmtx_setting('rss_title')) . '</title>
		<link>' . cmtx_url_encode(cmtx_setting('rss_link')) . '</link>
		<description>' . CMTX_RSS_DESCRIPTION . '</description>';
if (isset($last_build_date)) {
Exemple #14
0
        $news = cmtx_sanitize($news, true, false);
        echo nl2br($news);
    }
    ?>
</div>
</div>

<div class="dashboard_block">
<div class="dashboard_title"><?php 
    echo CMTX_DASH_QUICK_LINKS;
    ?>
</div>
<div class="dashboard_content">
<?php 
    $pages = cmtx_db_query("SELECT `page`, COUNT(*) AS `frequency` FROM `" . $cmtx_mysql_table_prefix . "access` WHERE `page` != 'dashboard' AND `page` != 'spam' AND `page` NOT LIKE 'edit%' GROUP BY `page` ORDER BY `frequency` DESC LIMIT 5");
    if (cmtx_db_num_rows($pages) != 5) {
        echo CMTX_DASH_QUICK_LINKS_NO_DATA;
    } else {
        $i = 1;
        while ($row = cmtx_db_fetch_row($pages)) {
            echo $i . ". <a href='index.php?page=" . $row[0] . "'>" . $row[0] . "</a>";
            if ($i != 5) {
                echo "<br />";
            }
            $i++;
        }
    }
    ?>
</div>
</div>
            echo CMTX_MSG_ADMIN_EXISTS;
            ?>
</div>
<div style="clear: left;"></div>
<?php 
        } else {
            if (!$is_enabled && cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `is_super` = '1' AND `id` = '{$id_san}'"))) {
                ?>
<div class="error"><?php 
                echo CMTX_MSG_ADMIN_SUPER_DISABLE;
                ?>
</div>
<div style="clear: left;"></div>
<?php 
            } else {
                if ($restrict_pages && cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `is_super` = '1' AND `id` = '{$id_san}'"))) {
                    ?>
<div class="error"><?php 
                    echo CMTX_MSG_ADMIN_SUPER_RESTRICT;
                    ?>
</div>
<div style="clear: left;"></div>
<?php 
                } else {
                    cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `username` = '{$username_san}' WHERE `id` = '{$id_san}'");
                    if (!empty($_POST['password_1'])) {
                        cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `password` = '{$password_san}' WHERE `id` = '{$id_san}'");
                    }
                    cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `email` = '{$email_san}' WHERE `id` = '{$id_san}'");
                    cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `is_enabled` = '{$is_enabled_san}' WHERE `id` = '{$id_san}'");
                    cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `restrict_pages` = '{$restrict_pages}' WHERE `id` = '{$id_san}'");
Exemple #16
0
function cmtx_has_rated_form()
{
    //checks whether user has already rated
    global $cmtx_mysql_table_prefix, $cmtx_page_id;
    //globalise variables
    $ip_address = cmtx_get_ip_address();
    $rated = false;
    //initialise flag as false
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `page_id` = '{$cmtx_page_id}' AND `ip_address` = '{$ip_address}' AND `rating` != '0'")) != 0) {
        $rated = true;
    }
    return $rated;
}
Exemple #17
0
function cmtx_add_attempt()
{
    //record attempt on login page
    global $cmtx_mysql_table_prefix;
    $ip_address = cmtx_get_ip_address();
    $username = cmtx_sanitize($_POST['username']);
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "attempts` WHERE `ip_address` = '{$ip_address}'"))) {
        cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "attempts` SET `amount` = `amount` + 1, `dated` = NOW() WHERE `ip_address` = '{$ip_address}'");
    } else {
        cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "attempts` (`ip_address`, `amount`, `dated`) VALUES ('{$ip_address}', '1', NOW());");
    }
    if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `username` = '{$username}'"))) {
        cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `login_attempts` = `login_attempts` + 1 WHERE `username` = '{$username}'");
    }
}