<?php require_once 'lib/utils.php'; require_once 'lib/config.php'; session_start(); authenticate(); $automessage = trim(clean($_POST['automessage'], MAXMSGLENGTH)); $sql_insert_automessage = "INSERT INTO automessages (automessage, user_id, date) VALUES ('" . $automessage . "', " . $_SESSION['id'] . ", NOW())"; if (@mysql_query($sql_insert_automessage)) { incrementStat($_SESSION['id'], 'automessages'); myLog('AUTOMESS', $_SESSION['id']); header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/automessage.php?success=true"); exit; } else { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/automessage.php?success=false"); exit; }
*/ if (!isset($req['alias']) or !isset($req['password'])) { myLog('BADPW', getUserID($req['alias']), $req['password']); $_SESSION['error'] = "Bad user name and/or password."; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF'])); exit; } $sql_check_password = "******" . $req['alias'] . "'"; $sth_check_password = @mysql_query($sql_check_password); if ($sth_check_password) { $row = @mysql_fetch_assoc($sth_check_password); if (md5(crypt($req['password'], substr($req['alias'], 0, 2))) == $row['password']) { $_SESSION['alias'] = $req['alias']; $_SESSION['id'] = $row['id']; $_SESSION['logged_in'] = 1; $_SESSION['sl'] = $row['sl']; $_SESSION['sub'] = 1; incrementStat($row['id'], 'logins'); myLog('LOGIN', $row['id']); header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/main_frames.php?login=true&newscan=true&sub=1"); exit; } else { myLog('BADPW', getUserID($req['alias']), $req['password']); $_SESSION['error'] = "Bad user name and/or password."; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF'])); exit; } } $_SESSION['error'] = "Bad user name and/or password."; myLog('BADPW', getUserID($req['alias']), $req['password']); header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']));
<?php require_once 'lib/utils.php'; session_start(); authenticate(); foreach ($_POST as $name => $value) { $req[$name] = trim(clean($value, 255)); } if (!isset($req['motto']) or $req['motto'] == '') { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/motto.php?badmotto=true"); exit; } $req['motto'] = clean($req['motto'], 255); $sql_put_motto = "INSERT INTO mottos (motto) VALUES ('" . $req['motto'] . "')"; if (@mysql_query($sql_put_motto)) { myLog('MOTTO', $_SESSION['id'], $req['motto']); incrementStat($_SESSION['id'], 'mottos'); $_SESSION['success'] = "Motto added!"; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/motto.php"); exit; } else { $_SESSION['error'] = "Could not add motto."; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/motto.php"); exit; }
case LOOP: $sql_get_tagline = "SELECT t.id FROM taglines t, users u WHERE u.last_tagline = t.id AND u.id = " . $_SESSION['id']; $sth_get_tagline = @mysql_query($sql_get_tagline); if ($sth_get_tagline and @mysql_num_rows($sth_get_tagline) > 0) { $row_get_tagline = @mysql_fetch_assoc($sth_get_tagline); $tagline = $row_get_tagline['id']; } else { $sql_get_tagline = "SELECT t.id FROM taglines t WHERE user_id = " . $_SESSION['id']; if ($sth_get_tagline and @mysql_num_rows($sth_get_tagline) > 0) { $row_get_tagline = @mysql_fetch_assoc($sth_get_tagline); $tagline = $row_get_tagline['id']; } } break; } if ($tagline) { $sql_post = "INSERT INTO messages (sub_id, user_id, message, date, tag_id) VALUES (" . $_SESSION['sub'] . ", " . $_SESSION['id'] . ", '" . $message . "', NOW(), " . $tagline . " )"; } else { $sql_post = "INSERT INTO messages (sub_id, user_id, message, date) VALUES (" . $_SESSION['sub'] . ", " . $_SESSION['id'] . ", '" . $message . "', NOW())"; } if (@mysql_query($sql_post)) { incrementStat($_SESSION['id'], 'posts'); myLog('POST', $_SESSION['id'], $_SESSION['sub']); $_SESSION['success'] = "Message posted!"; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/main.php?newscan=true¤t=true&nojump=true&sub=" . $_SESSION['sub']); exit; } else { $_SESSION['error'] = "Post failed."; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/main.php?newscan=true¤t=true&nojump=true&sub=" . $_SESSION['sub']); exit; }
session_start(); authenticate(); foreach ($_POST as $name => $value) { $req[$name] = trim(clean($value, 64)); } if (isset($req['sub'])) { $sql_insert_sub = "INSERT INTO subs (name, created_by_user_id) \n\t\t\tVALUES ('" . $req['sub'] . "', " . $_SESSION['id'] . ")"; @mysql_query($sql_insert_sub); $sql_get_sub_id = "SELECT id FROM subs WHERE name = '" . $req['sub'] . "'"; $sth_get_sub_id = @mysql_query($sql_get_sub_id); $row_get_sub_id = @mysql_fetch_assoc($sth_get_sub_id); $sub_id = $row_get_sub_id['id']; $sql_get_users = "SELECT id FROM users"; $sth_get_users = @mysql_query($sql_get_users); $sql_insert_ptrs = "INSERT INTO pointers (user_id, sub_id) VALUES "; while ($row_get_users = @mysql_fetch_assoc($sth_get_users)) { $sql_insert_ptrs .= "(" . $row_get_users['id'] . "," . $sub_id . "), "; } $sql_insert_ptrs = rtrim($sql_insert_ptrs); $sql_insert_ptrs = substr($sql_insert_ptrs, 0, -1); if ($sth_insert_ptrs = @mysql_query($sql_insert_ptrs)) { incrementStat($_SESSION['id'], 'subs'); myLog('NEWSUB', $_SESSION['id'], $req['sub']); $_SESSION['success'] = "Sub added!"; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/addsub.php"); exit; } } $_SESSION['error'] = "Could not add sub."; header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/addsub.php"); exit;