echo CMTX_MSG_DEMO;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
if (isset($_POST['bulk_delete']) && isset($_POST['bulk'])) {
cmtx_check_csrf_form_key();
$items = $_POST['bulk'];
$count = count($items);
$success = 0;
$failure = 0;
for ($i = 0; $i < $count; $i++) {
$id = $items[$i];
$id = cmtx_sanitize($id);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `is_super` = '1' AND `id` = '{$id}'"))) {
$failure++;
} else {
cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `id` = '{$id}'");
$success++;
}
}
if ($success == 1) {
?>
<div class="success"><?php
echo CMTX_MSG_ADMIN_BULK_DELETED;
?>
</div><?php
}
if ($success > 1) {
?>
if (isset($_POST['receive_email_new_comment_okay'])) {
$receive_email_new_comment_okay = 1;
} else {
$receive_email_new_comment_okay = 0;
}
if (isset($_POST['receive_email_new_flag'])) {
$receive_email_new_flag = 1;
} else {
$receive_email_new_flag = 0;
}
$username_san = cmtx_sanitize($username);
if (!empty($_POST['password_1'])) {
$password_san = cmtx_sanitize($password);
}
$email_san = cmtx_sanitize($email);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `username` = '{$username_san}' AND `id` != '{$admin_id}'"))) {
?>
<div class="error"><?php
echo CMTX_MSG_ADMIN_EXISTS;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `username` = '{$username_san}' WHERE `id` = '{$admin_id}'");
if (!empty($_POST['password_1'])) {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `password` = '{$password_san}' WHERE `id` = '{$admin_id}'");
}
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `email` = '{$email_san}' WHERE `id` = '{$admin_id}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `receive_email_new_ban` = '{$receive_email_new_ban}' WHERE `id` = '{$admin_id}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `receive_email_new_comment_approve` = '{$receive_email_new_comment_approve}' WHERE `id` = '{$admin_id}'");
echo CMTX_RATE_NO_PAGE;
return;
}
//check if user has already rated as a poster
$query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `page_id` = '{$id}' AND `ip_address` = '{$ip_address}' AND `rating` != '0'");
$count = cmtx_db_num_rows($query);
if ($count > 0) {
echo CMTX_RATE_ALREADY_RATED;
return;
}
//check if user has already rated as a guest
$query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "ratings` WHERE `page_id` = '{$id}' and `ip_address` = '{$ip_address}'");
$count = cmtx_db_num_rows($query);
if ($count > 0) {
echo CMTX_RATE_ALREADY_RATED;
return;
}
//check if user is banned
$query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "bans` WHERE `ip_address` = '{$ip_address}'");
$count = cmtx_db_num_rows($query);
if ($count > 0) {
echo CMTX_RATE_BANNED;
return;
}
cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "ratings` (`page_id`, `rating`, `ip_address`, `dated`) values ('{$id}', '{$rating}', '{$ip_address}', NOW())");
$result = cmtx_db_query("SELECT AVG(`rating`) \r\n\tFROM ( \r\n\tSELECT `rating` FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' AND `rating` != '0' AND `page_id` = '{$id}' \r\n\tUNION ALL \r\n\tSELECT `rating` FROM `" . $cmtx_mysql_table_prefix . "ratings` WHERE `page_id` = '{$id}' \r\n\t) \r\n\tAS `average`\r\n\t");
$average = cmtx_db_fetch_assoc($result);
$average = $average["AVG(`rating`)"];
$average = round($average, 0);
echo $average;
}
echo CMTX_RESET_BUTTON;
?>
' value='<?php
echo CMTX_RESET_BUTTON;
?>
'/>
</fieldset>
</form>
<div style="text-align:center; margin-top:10px;">
<?php
if (isset($_POST['email'])) {
if (cmtx_setting('is_demo')) {
echo '<span class="negative">' . CMTX_RESET_DEMO . '</span><p />';
} else {
$email = cmtx_sanitize($_POST['email']);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'"))) {
$admin_query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `email` = '{$email}'");
$admin_result = cmtx_db_fetch_assoc($admin_query);
$resets = $admin_result['resets'];
if ($resets >= 5) {
echo '<span class="negative">' . CMTX_RESET_LIMIT . '</span><p />';
} else {
$resets++;
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `resets` = '{$resets}' WHERE `email` = '{$email}'");
$username = $admin_result['username'];
$password = cmtx_get_random_key(10);
if (file_exists($cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt')) {
$reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/reset_password.txt';
//build path to custom reset password email file
} else {
$reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/reset_password.txt';
$cmtx_mysql_database = ' ';
}
if (empty($cmtx_mysql_port)) {
@($cmtx_link = mysqli_connect($cmtx_mysql_host, $cmtx_mysql_username, $cmtx_mysql_password, $cmtx_mysql_database));
} else {
@($cmtx_link = mysqli_connect($cmtx_mysql_host, $cmtx_mysql_username, $cmtx_mysql_password, $cmtx_mysql_database, $cmtx_mysql_port));
}
if (!$cmtx_link) {
if (defined('CMTX_IN_INSTALLER') || defined('CMTX_IN_ADMIN')) {
cmtx_db_error_connect(mysqli_connect_errno(), mysqli_connect_error());
} else {
cmtx_db_error_general();
}
$cmtx_db_ok = false;
return;
}
if (cmtx_db_num_rows(cmtx_db_query("SHOW TABLES LIKE '" . $cmtx_mysql_table_prefix . "comments'")) == 0) {
if (defined('CMTX_IN_ADMIN')) {
cmtx_db_error_table();
$cmtx_db_ok = false;
return;
} else {
if (defined('CMTX_IN_INSTALLER')) {
} else {
cmtx_db_error_general();
$cmtx_db_ok = false;
return;
}
}
}
cmtx_db_set_charset();
function cmtx_is_administrator()
{
//is the user the administrator
global $cmtx_mysql_table_prefix;
//globalise variables
//initialise values
$administrator_found = false;
$admin_ip_address_found = false;
$admin_cookie_found = false;
$detect_admin = false;
$detect_method = 'both';
//check IP address
$ip_address = cmtx_get_ip_address();
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `ip_address` = '{$ip_address}' AND `is_enabled` = '1'"))) {
$admin_ip_address_found = true;
//set IP address flag as true
}
//check cookie
if (isset($_COOKIE['Commentics-Admin']) && ctype_alnum($_COOKIE['Commentics-Admin']) && cmtx_strlen($_COOKIE['Commentics-Admin']) == 20) {
$cookie_value = cmtx_sanitize($_COOKIE['Commentics-Admin'], true, true);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `cookie_key` = '{$cookie_value}' AND `is_enabled` = '1'"))) {
$admin_cookie_found = true;
//set cookie flag as true
}
}
//get detection settings
if ($admin_ip_address_found || $admin_cookie_found) {
if ($admin_ip_address_found) {
$detection_settings = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `ip_address` = '{$ip_address}' AND `is_enabled` = '1' LIMIT 1");
$detection_settings = cmtx_db_fetch_assoc($detection_settings);
$detect_admin = $detection_settings['detect_admin'];
$detect_method = $detection_settings['detect_method'];
} else {
$detection_settings = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `cookie_key` = '{$cookie_value}' AND `is_enabled` = '1' LIMIT 1");
$detection_settings = cmtx_db_fetch_assoc($detection_settings);
$detect_admin = $detection_settings['detect_admin'];
$detect_method = $detection_settings['detect_method'];
}
}
if ($detect_admin) {
//if administrator should be detected
if ($detect_method == 'ip_address') {
if ($admin_ip_address_found) {
$administrator_found = true;
}
} else {
if ($detect_method == 'cookie') {
if ($admin_cookie_found) {
$administrator_found = true;
}
} else {
if ($detect_method == 'either') {
if ($admin_ip_address_found || $admin_cookie_found) {
$administrator_found = true;
}
} else {
if ($detect_method == 'both') {
if ($admin_ip_address_found && $admin_cookie_found) {
$administrator_found = true;
}
}
}
}
}
}
return $administrator_found;
}
function cmtx_user_trusted()
{
//check if user has previously posted an approved comment
global $cmtx_name, $cmtx_mysql_table_prefix;
//globalise variables
$ip_address = cmtx_get_ip_address();
//get user's IP address
//if the user's name and IP address match and an approved comment is found
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `name` = '{$cmtx_name}' AND `ip_address` = '{$ip_address}' AND `is_approved` = '1'"))) {
return true;
//user is trusted
} else {
return false;
//user is not trusted
}
}
</div><?php
die;
}
if (isset($_GET['confirm'])) {
//confirm
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}' AND `is_confirmed` = '0'"))) {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "subscribers` SET `is_confirmed` = '1' WHERE `token` = '{$token}'");
?>
<div class="success"><?php
echo CMTX_SUB_MSG_CONFIRMED;
?>
</div><?php
?>
<div style="clear:left"></div><?php
} else {
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}' AND `is_confirmed` = '1'"))) {
?>
<div class="warning"><?php
echo CMTX_SUB_MSG_ALREADY_CONFIRMED;
?>
</div><?php
?>
<div style="clear:left"></div><?php
}
}
} else {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "subscribers` SET `is_confirmed` = '1' WHERE `token` = '{$token}'");
}
if (isset($_GET['unsubscribe'])) {
//unsubscribe
cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "subscribers` WHERE `token` = '{$token}'");
printf(CMTX_MSG_SUBS_BULK_DELETED, $count);
?>
</div><?php
}
?>
<div style="clear: left;"></div>
<?php
}
}
?>
<p />
<?php
$pages = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages`");
if (cmtx_db_num_rows($pages)) {
?>
<form name="add_subscriber" id="add_subscriber" action="index.php?page=manage_subscribers" method="post">
<?php
echo CMTX_FIELD_LABEL_NAME;
?>
<input type="text" required name="name" size="12" maxlength="250"/>
<?php
echo CMTX_FIELD_LABEL_EMAIL;
?>
<input type="email" required name="email" size="30" maxlength="250"/>
<?php
echo CMTX_FIELD_LABEL_PAGE;
?>
<select name="page_id"> <?php
$pages = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` ORDER BY `id` ASC");
You have arrived at this page from outside of the admin panel.
<p />
Please access this page through the menu above.
<?php
die;
}
}
}
if (cmtx_restrict_page($_GET['page'])) {
echo '<h3>Page Restricted</h3>';
echo '<hr class="title"/>';
echo 'You don\'t have permission to view this page.';
die;
}
$access_log = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "access`");
$total = cmtx_db_num_rows($access_log);
if ($total >= 100) {
cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "access` ORDER BY `dated` ASC LIMIT 1");
}
if (file_exists('includes/pages/' . basename($_GET['page']) . '.php')) {
$admin_id = cmtx_get_admin_id();
$username = cmtx_sanitize($_SESSION['cmtx_username']);
$page = cmtx_sanitize(basename($_GET['page']));
$ip_address = cmtx_get_ip_address();
cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "access` (`admin_id`, `username`, `ip_address`, `page`, `dated`) VALUES ('{$admin_id}', '{$username}', '{$ip_address}','{$page}', NOW());");
require 'includes/pages/' . basename($_GET['page']) . '.php';
} else {
require 'includes/pages/dashboard.php';
}
?>
</body>
if ($type == 'like' && cmtx_setting('show_like')) {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "comments` SET `likes` = `likes` + 1 WHERE `id` = '{$id}'");
cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "voters` (`comment_id`, `ip_address`, `dated`) values ('{$id}', '{$ip_address}', NOW())");
} else {
if ($type == 'dislike' && cmtx_setting('show_dislike')) {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "comments` SET `dislikes` = `dislikes` + 1 WHERE `id` = '{$id}'");
cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "voters` (`comment_id`, `ip_address`, `dated`) values ('{$id}', '{$ip_address}', NOW())");
}
}
if ($type == 'like') {
$result = cmtx_db_query("SELECT `likes` FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `id` = '{$id}'");
if (cmtx_db_num_rows($result)) {
$row = cmtx_db_fetch_assoc($result);
$likes = $row['likes'];
} else {
$likes = 0;
}
echo '<img src="' . cmtx_commentics_url() . 'images/buttons/like.png" alt="Like" title="' . CMTX_TITLE_LIKE . '"/><span id="cmtx_flash_like_' . $id . '">' . $likes . '</span>';
} else {
if ($type == 'dislike') {
$result = cmtx_db_query("SELECT `dislikes` FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `id` = '{$id}'");
if (cmtx_db_num_rows($result)) {
$row = cmtx_db_fetch_assoc($result);
$dislikes = $row['dislikes'];
} else {
$dislikes = 0;
}
echo '<img src="' . cmtx_commentics_url() . 'images/buttons/dislike.png" alt="Dislike" title="' . CMTX_TITLE_DISLIKE . '"/><span id="cmtx_flash_dislike_' . $id . '">' . $dislikes . '</span>';
}
}
}
<?php
} else {
if (isset($_POST['submit'])) {
cmtx_check_csrf_form_key();
$id = $_GET['id'];
$identifier = $_POST['identifier'];
$reference = $_POST['reference'];
$url = $_POST['url'];
$form_enabled = $_POST['form_enabled'];
$id_san = cmtx_sanitize($id);
$identifier_san = cmtx_sanitize($identifier);
$reference_san = cmtx_sanitize($reference);
$url_san = cmtx_url_encode_spaces($url);
$url_san = cmtx_sanitize($url_san);
$form_enabled_san = cmtx_sanitize($form_enabled);
if (!empty($identifier) && cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` WHERE `identifier` = '{$identifier_san}' AND `id` != '{$id_san}'"))) {
?>
<div class="error"><?php
echo CMTX_MSG_IDENTIFIER_EXISTS;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `identifier` = '{$identifier_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `reference` = '{$reference_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `url` = '{$url_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "pages` SET `is_form_enabled` = '{$form_enabled_san}' WHERE `id` = '{$id_san}'");
?>
<div class="success"><?php
echo CMTX_MSG_PAGE_UPDATED;
/* Time Zone */
cmtx_set_time_zone(cmtx_setting('time_zone'));
if (isset($_GET['id']) && ctype_digit($_GET['id']) && cmtx_strlen($_GET['id']) < 10) {
//if page ID is in URL and it validates
$id = (int) $_GET['id'];
$id = cmtx_sanitize($id, true, true);
$query = "SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' AND `page_id` = '{$id}' ORDER BY `dated` DESC";
//get page's items
} else {
$query = "SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `is_approved` = '1' ORDER BY `dated` DESC";
//get all items
}
/* Last Build Date */
$lbd_query = $query . " LIMIT 1";
$lbd_query = cmtx_db_query($lbd_query);
if (cmtx_db_num_rows($lbd_query)) {
$lbd_result = cmtx_db_fetch_assoc($lbd_query);
$last_build_date = date("r", strtotime($lbd_result["dated"]));
}
/* Most Recent */
if (cmtx_setting('rss_most_recent_enabled')) {
$query .= " LIMIT " . cmtx_setting('rss_most_recent_amount');
}
$result = cmtx_db_query($query);
echo '<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
<title>' . cmtx_encode(cmtx_setting('rss_title')) . '</title>
<link>' . cmtx_url_encode(cmtx_setting('rss_link')) . '</link>
<description>' . CMTX_RSS_DESCRIPTION . '</description>';
if (isset($last_build_date)) {
$news = cmtx_sanitize($news, true, false);
echo nl2br($news);
}
?>
</div>
</div>
<div class="dashboard_block">
<div class="dashboard_title"><?php
echo CMTX_DASH_QUICK_LINKS;
?>
</div>
<div class="dashboard_content">
<?php
$pages = cmtx_db_query("SELECT `page`, COUNT(*) AS `frequency` FROM `" . $cmtx_mysql_table_prefix . "access` WHERE `page` != 'dashboard' AND `page` != 'spam' AND `page` NOT LIKE 'edit%' GROUP BY `page` ORDER BY `frequency` DESC LIMIT 5");
if (cmtx_db_num_rows($pages) != 5) {
echo CMTX_DASH_QUICK_LINKS_NO_DATA;
} else {
$i = 1;
while ($row = cmtx_db_fetch_row($pages)) {
echo $i . ". <a href='index.php?page=" . $row[0] . "'>" . $row[0] . "</a>";
if ($i != 5) {
echo "<br />";
}
$i++;
}
}
?>
</div>
</div>
echo CMTX_MSG_ADMIN_EXISTS;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
if (!$is_enabled && cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `is_super` = '1' AND `id` = '{$id_san}'"))) {
?>
<div class="error"><?php
echo CMTX_MSG_ADMIN_SUPER_DISABLE;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
if ($restrict_pages && cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `is_super` = '1' AND `id` = '{$id_san}'"))) {
?>
<div class="error"><?php
echo CMTX_MSG_ADMIN_SUPER_RESTRICT;
?>
</div>
<div style="clear: left;"></div>
<?php
} else {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `username` = '{$username_san}' WHERE `id` = '{$id_san}'");
if (!empty($_POST['password_1'])) {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `password` = '{$password_san}' WHERE `id` = '{$id_san}'");
}
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `email` = '{$email_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `is_enabled` = '{$is_enabled_san}' WHERE `id` = '{$id_san}'");
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `restrict_pages` = '{$restrict_pages}' WHERE `id` = '{$id_san}'");
function cmtx_has_rated_form()
{
//checks whether user has already rated
global $cmtx_mysql_table_prefix, $cmtx_page_id;
//globalise variables
$ip_address = cmtx_get_ip_address();
$rated = false;
//initialise flag as false
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `page_id` = '{$cmtx_page_id}' AND `ip_address` = '{$ip_address}' AND `rating` != '0'")) != 0) {
$rated = true;
}
return $rated;
}
function cmtx_add_attempt()
{
//record attempt on login page
global $cmtx_mysql_table_prefix;
$ip_address = cmtx_get_ip_address();
$username = cmtx_sanitize($_POST['username']);
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "attempts` WHERE `ip_address` = '{$ip_address}'"))) {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "attempts` SET `amount` = `amount` + 1, `dated` = NOW() WHERE `ip_address` = '{$ip_address}'");
} else {
cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "attempts` (`ip_address`, `amount`, `dated`) VALUES ('{$ip_address}', '1', NOW());");
}
if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `username` = '{$username}'"))) {
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `login_attempts` = `login_attempts` + 1 WHERE `username` = '{$username}'");
}
}