if (empty($confirm_code)) { $smarty->assign('no_code', true); $smarty->display('confirm.tpl'); } else { if (!empty($_POST['submit'])) { if (empty($username)) { $smarty->assign('empty_user', true); $smarty->display('confirm.tpl'); } else { $db = connect_to_db(); if (!select_p($db, 'select username from user where username = ?', array($username), 'getOne')) { $smarty->assign('username', stripslashes($username)); $smarty->assign('incorrect_user', true); $smarty->display('confirm.tpl'); } else { $real_code = select_p($db, 'select code from user_confirm where username = ?', array($username), 'getOne'); if (!$real_code) { $smarty->assign('already', true); $smarty->display('confirm.tpl'); } else { if ($confirm_code == $real_code) { query_p($db, 'delete from user_confirm where username = ?', array($username)); query_p($db, 'update user set registered = 1 where username = ?', array($username)); $smarty->assign('username', stripslashes($username)); $smarty->assign('success', true); $smarty->display('confirm.tpl'); } else { $smarty->assign('username', stripslashes($username)); $smarty->assign('incorrect_code', true); $smarty->display('confirm.tpl'); }
<?php /** main page */ include 'includes/wc.main.inc.php'; $db = connect_to_db(); if ($signed_in) { $who_you_want = select_p($db, "select crushee_id, (select name from wes_users where username = (select username from user where user_id = crushee_id)) as name from crushes where crusher_id = ?", array($signed_in_id), 'getAll'); $who_want_you = select_p($db, "select crusher_id, crusher_alias from crushes where crushee_id = ?", array($signed_in_id), 'getAll'); for ($i = 0; $i < count($who_you_want); $i++) { $crushee_id = $who_you_want[$i]['crushee_id']; $match = select_p($db, "select count(*) from crushes where crusher_id = ? and crushee_id = ?", array($crushee_id, $signed_in_id), 'getOne'); $who_you_want[$i]['match'] = $match; } for ($i = 0; $i < count($who_want_you); $i++) { $crusher_id = $who_want_you[$i]['crusher_id']; $match = select_p($db, "select count(*) from crushes where crusher_id = ? and crushee_id = ?", array($signed_in_id, $crusher_id), 'getOne'); // the big reveal... don't f**k up this code if ($match) { $name = select_p($db, "select name from wes_users where username = (select username from user where user_id = ?)", array($crusher_id), 'getOne'); $who_want_you[$i]['name'] = $name; } $who_want_you[$i]['match'] = $match; } $smarty->assign('who_you_want', $who_you_want); $smarty->assign('who_want_you', $who_want_you); $quote = select_p($db, "select * from quotes order by rand() limit 1", array(), 'getRow'); $smarty->assign('quote', $quote['quote']); $smarty->assign('quoted', $quote['quoted']); } $smarty->display('index.tpl'); close_db($db);
if ($they_like_you) { $to_name = select_p($db, 'select crusher_alias from crushes where crusher_id = ? and crushee_id = ?', array($to_id, $signed_in_id), 'getOne'); } } if ($you_like_them && $they_like_you) { $from_name = $signed_in_name; } else { if ($they_like_you) { $from_name = select_p($db, 'select name from wes_users where username = (select username from user where user_id = ?)', array($signed_in_id), 'getOne'); } else { if ($you_like_them) { $from_name = select_p($db, 'select crusher_alias from crushes where crusher_id = ? and crushee_id = ?', array($signed_in_id, $to_id), 'getOne'); } } } $to_username = select_p($db, 'select username from wes_users where username = (select username from user where user_id = ?)', array($to_id), 'getOne'); /** start e-mail */ if ($message_body) { require_once "/home/syn/swift/swift_required.php"; $transport = Swift_MailTransport::newInstance(); $mailer = Swift_Mailer::newInstance($transport); $message = Swift_Message::newInstance()->setSubject("Wescam - {$from_name} has messaged you")->setFrom(array('*****@*****.**' => 'Wescam'))->setTo(array("{$to_username}@wesleyan.edu"))->setBody("{$from_name} sent you the following message. Sign in to respond!\n-----------\n\n{$message_body}\n\n-----------\nhttp://cam.weshub.com/"); $result = $mailer->send($message); $smarty->assign('sent_message', true); } /** end e-mail */ } close_db($db); $smarty->assign('to_id', $to_id); $smarty->assign('to_name', $to_name); $smarty->assign('errors', $errors);
<?php include 'includes/wc.main.inc.php'; $stats_file = '../../private/stats.txt'; $diff = time() - filemtime($stats_file); if ($diff > 60 * 60) { $db = connect_to_db(); $students_registered = select_p($db, 'select count(*) from user where registered = 1', array(), 'getOne'); $students_added = select_p($db, 'select count(distinct crushee_id) from crushes', array(), 'getOne'); $matches_made = select_p($db, 'select count(c1.crusher_id) from crushes c1, crushes c2 where c1.crusher_id = c2.crushee_id and c1.crushee_id = c2.crusher_id', array(), 'getOne'); close_db($db); $stats = "{$students_registered},{$students_added},{$matches_made}"; $fh = fopen($stats_file, 'w'); fwrite($fh, $stats); fclose($fh); } else { $fh = fopen($stats_file, 'r'); $stats = fread($fh, filesize($stats_file)); fclose($fh); $stats = explode(',', $stats); $students_registered = $stats[0]; $students_added = $stats[1]; $matches_made = $stats[2]; }
query_p($db, "insert into user (username, password, registered) values (?,'hashed',0)", array($crushee)); } do { $adjective = ucfirst(select_p($db, "select word from words where type = 'adjective' order by rand() limit 1", array(), 'getOne')); $noun = ucfirst(select_p($db, "select word from words where type = 'noun' order by rand() limit 1", array(), 'getOne')); $num = rand(1, select_p($db, "select count(*) from wes_users", array(), 'getOne')); $crusher_alias = "{$adjective} {$noun} {$num}"; $already = select_p($db, 'select crusher_alias from crushes where crusher_alias = ?', array($crusher_alias), 'getOne'); } while ($already); $crushee_id = select_p($db, 'select user_id from user where username = ?', array($crushee), 'getOne'); query_p($db, 'insert into crushes (crusher_id, crusher_alias, crushee_id) values (?,?,?)', array($signed_in_id, $crusher_alias, $crushee_id)); /** send e-mail */ $they_like_you = select_p($db, 'select * from crushes where crusher_id = ? and crushee_id = ?', array($crushee_id, $signed_in_id), 'getOne'); $successful_match = false; if ($they_like_you) { $successful_match = select_p($db, 'select user_id from user where username = ?', array($crushee), 'getOne'); $email_subject = "Wescam - {$signed_in_name} likes you, too!"; $email_body = "Wow... I mean, we always thought Wescam was a great idea, but we never thought it would actually, you know, *work*!. From everyone at Wescam, congrats!\n\n-Wescam"; } else { $email_subject = "Wescam - Someone on campus has added you"; $email_body = "Wescam 2010 is a site developed by Wesleyan students for seniors on campus interested in meeting up and someone has added you! Sign in below to learn more!\n\nhttp://cam.weshub.com/"; } require_once "/home/syn/swift/swift_required.php"; $transport = Swift_MailTransport::newInstance(); $mailer = Swift_Mailer::newInstance($transport); $message = Swift_Message::newInstance()->setSubject($email_subject)->setFrom(array('*****@*****.**' => 'Wescam'))->setTo(array("{$crushee}@wesleyan.edu"))->setBody($email_body); $mailer->send($message); /** end e-mail */ $return = array('name' => "{$name}", 'successful_match' => $successful_match, 'error' => false); } }
} } close_db($db); if (empty($password)) { $errors['password'] = '******'; } else { if (strlen($password) > 32) { $errors['password'] = '******'; } } if (!empty($errors)) { $smarty->assign('username', stripslashes($username)); $smarty->assign('errors', $errors); $smarty->display('login.tpl'); } else { $db = connect_to_db(); $db_pass = select_p($db, 'select password from user where username = ?', array($username), 'getOne'); if (generateHash($password, $db_pass) != $db_pass) { $errors['username'] = '******'; $smarty->assign('username', stripslashes($username)); $smarty->assign('errors', $errors); $smarty->display('login.tpl'); } else { $_SESSION['signed_in'] = stripslashes($username); $_SESSION['signed_in_id'] = select_p($db, 'select user_id from user where username = ?', array($username), 'getOne'); $_SESSION['signed_in_name'] = select_p($db, 'select name from wes_users where username = ?', array($username), 'getOne'); $_SESSION['signed_in_division'] = select_p($db, 'select division from wes_users where username = ?', array($username), 'getOne'); header('Location: ' . SITE); } } }
$db = connect_to_db(); if (count(select_p($db, "select * from user_confirm where username = ?", array($username), 'getAll')) > 0) { $errors['username'] = '******'; displayWithErrors($errors); } else { if (count(select_p($db, "select * from user where username = ? and registered = 1", array($username), 'getAll')) > 0) { $errors['username'] = '******'; displayWithErrors($errors); } else { if (!preg_match('/[0-9][0-9][0-9][0-9]/', select_p($db, 'select division from wes_users where username = ?', array($username), 'getOne'))) { $errors['username'] = '******'; displayWithErrors($errors); } else { $password = generateHash($password); $code = randomString(); $has_dummy_account = select_p($db, "select * from user where username = ? and registered = 0", array($username), 'getOne'); query_p($db, 'start transaction'); if ($has_dummy_account) { query_p($db, 'update user set password = ? where username = ?', array($password, $username)); } else { query_p($db, 'insert into user (username, password, registered) values (?,?,0)', array($username, $password)); } query_p($db, 'insert into user_confirm (username, code) values (?,?)', array($username, $code)); query_p($db, 'commit'); /** start e-mail */ require_once "/home/syn/swift/swift_required.php"; $transport = Swift_MailTransport::newInstance(); $mailer = Swift_Mailer::newInstance($transport); $message = Swift_Message::newInstance()->setSubject("Wescam Confirmation - You did it!")->setFrom(array('*****@*****.**' => 'Wescam'))->setTo(array("{$username}@wesleyan.edu"))->setBody("You're almost there! Just click on the link below!\n\nhttp://cam.weshub.com/confirm/{$code}/"); $result = $mailer->send($message); /** end e-mail */