$pathname = "../run/" . $filepath . "/" . $filename . ".xml";
debug_msg("The file is being saved in " . $pathname);
$data = unescape($_POST["data"]);
// Open (create if needs be) the file and write the data
$file = fopen($pathname, "w");
if (file_exists($pathname)) {
fwrite($file, $data);
fclose($file);
debug_msg("File written");
// select database
open_db();
// Is there a file in the DB with this name & path?
$sql = "SELECT file_id FROM file WHERE file_name='{$filename}' AND file_path='{$filepath}';";
$date = date("Y-m-d");
$reply = "File {$filename} ";
if ($key = query_one_item($sql)) {
$sql = "UPDATE file SET file_date='" . $date . "' WHERE file_id = " . $key . ";";
$reply .= "updated.";
} else {
$sql = "INSERT INTO file (file_date, file_author, file_path, file_name) " . "VALUES ('" . $date . "','" . $username . "','" . $filepath . "','" . $filename . "')";
$reply .= "created.";
}
query_db($sql);
// if a temp save exists, delete it
$pathname = "../run/users/{$username}/temp/{$filename}.xml";
if (file_exists($pathname)) {
unlink($pathname);
debug_msg("Temp save removed");
}
echo $reply . "\n";
echo "../users/{$username}/{$filename}.xml";
<?php
// database utilities
require_once 'utils.php';
$username = $_POST["user"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$password = $_POST["pass"];
$password2 = $_POST["pass_again"];
$email = $_POST["email"];
$country = $_POST["country"];
// select database
open_db();
// Is there a user in the DB with this name & pwd?
$sql = "SELECT 1 FROM user WHERE user_id='" . $username . "'";
if (query_one_item($sql)) {
echo "The name <i><?php echo({$username}); ?></i> is already taken. Find an alternative name.";
} else {
$sql = "INSERT INTO user VALUES('{$country}','{$email}','{$firstname}','{$lastname}','{$password}','{$username}',0)";
query_db($sql);
mkdir("../run/users/{$username}", 0600, true);
echo "Your registration is recorded.";
}
<?php
// select database
open_db();
// Get tag stats
$sql = "SELECT AVG(tag_requests) FROM tag";
$avg_tag_weight = max(query_one_item($sql), 1);
// at least 1 to avoid div by 0 errors
// Make the query
$sql = "SELECT tag.tag, Count(1) AS tag_use, tag_requests";
$sql .= " FROM tag, file_tag, file";
$sql .= " WHERE tag.tag = file_tag.tag AND file.file_id=file_tag.file_id AND file_active=1";
$sql .= " GROUP BY tag.tag ORDER BY tag_use DESC;";
$result = query_db($sql);
//counter
while ($record = $result->fetch_array()) {
$tagweight = $record["tag_requests"];
$tagweight = round(150 * sqrt($tagweight / $avg_tag_weight));
$tagname = $record["tag"];
$url = 'index.php?tag=' . urlencode($tagname);
$style = "font-size:" . max($tagweight, 60) . "%;";
if ($tag == $tagname) {
// $tag is the current tag being shown
echo " <a style='" . $style . "'>" . str_replace(" ", " ", $tagname) . "</a> \n";
} else {
$url = 'index.php?tag=' . urlencode($tagname);
echo " <a href='" . $url . "' style='" . $style . "'>" . str_replace(" ", " ", $tagname) . "</a> \n";
}
}
// finish showing the files
close_db();
<?php
// debug mode. Uncomment to get debug messages on screen.
//$debug = true;
// database and debug utilities
include 'cgi/utils.php';
$date = date("Y-m-d");
$time = date("H:i:s");
$session_id = session_id();
// Is there a session in the DB with this key?
debug_msg("Looking for session (No. " . $session_id . ")");
// select database
open_db();
if ($loadid = query_one_item("SELECT max(load_id)+1 FROM page_load WHERE session_id='{$session_id}'")) {
} else {
debug_msg("Session not yet recorded. Recording now.");
$client_ip = $_SERVER['REMOTE_ADDR'];
$remote_host = isset($_SERVER['REMOTE_HOST']) ? $_SERVER['REMOTE_HOST'] : 'unknown';
$client_desc = $_SERVER['HTTP_USER_AGENT'];
$sql = "INSERT INTO";
$sql .= " session (client_description, client_ip, client_host_name, session_date, session_time, session_id)";
$sql .= " VALUES ('{$client_desc}','{$client_ip}','{$remote_host}','{$date}','{$time}','{$session_id}')";
query_db($sql);
$loadid = 0;
}
// finish recording the new session
$referer = '';
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
}
$uri = '';
if (isset($_GET["editor"])) {
if ($_GET["editor"] == "on") {
if (strpos($file, "../") == 0) {
$start_path = 3;
}
}
}
// path is everything up to the final /
$file_path = substr($file, $start_path, $fname_pos - $start_path);
debug_msg("Looking for file (name: " . $file_name . "; path: " . $file_path . ")");
// select database
open_db();
// (1) Check if the file is known in the DB, if not, record it
// Is there a file in the DB with this name & path?
$sql = "SELECT round(avg(rate)) as rating FROM file_rating WHERE file_id = (SELECT file_id FROM file WHERE file_name='{$file_name}' AND file_path='{$file_path}');";
$rating = query_one_item($sql);
close_db();
// on ferme la connexion
if ($rating == '0') {
$stars = "noStars";
} else {
if ($rating == '1') {
$stars = "oneStar";
} else {
if ($rating == '2') {
$stars = "twoStars";
} else {
if ($rating == '3') {
$stars = "threeStars";
} else {
if ($rating == '4') {
<?php
$debug = false;
require 'login.php';
// database utilities
$action = $_POST["action"];
debug_msg("Action to take: {$action}");
// select database
open_db();
if ($action == "newpass") {
debug_msg("Changing password.");
$password = $_POST["pass"];
$new_password = $_POST["newpass"];
debug_msg("New password: {$new_password}");
// Is there a user in the DB with this name & pwd?
if (query_one_item("SELECT 1 FROM user WHERE user_id='{$username}' AND pwd='{$password}'")) {
$sql = "UPDATE user set pwd='{$new_password}' WHERE user_id='{$username}';";
} else {
close_db();
header("HTTP/1.1 403 Forbidden");
exit;
}
} else {
if ($action == "newmail") {
debug_msg("Changing email.");
$email = $_POST["email"];
debug_msg("New email: {$email}");
$sql = "UPDATE user set e_mail='{$email}' WHERE user_id='{$username}';";
} else {
if ($action == "personal") {
debug_msg("Changing personal details.");
