include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); $parentid = mifi($_REQUEST['parentid']); $mysqldb->query("SELECT Title from articles where FileID ='{$parentid}'"); $result = mysql_query($query); $row = $mysqldb->fetchObject(); $title = "Re: {$row->Title}"; if (isset($_POST['submit'])) { // Handle the Form $message = NULL; // Create an empty new variable. // sanitise user input $titlee = escdata(xss_clean($_POST['commenttitle'])); $articledatae = escdata(xss_clean($_POST['article'])); // Validate user input // Check for Title. if (strlen($titlee) > 0) { $title = TRUE; } else { $title = FALSE; $message .= 'You need to include a title for your comment. '; } // Check for Article. if (strlen($articledatae) > 0) { $article = TRUE; } else { $article = FALSE; $message .= 'You need to include the comment. '; }
<?php // confirm.php include './config/config.php'; include 'functions.php'; $title = 'Confirmation'; head_page($title); menu_options($title, $vnum, $viewop, $pid, $keys, $adfl); contentinit($title); if (isset($_REQUEST['emd'])) { // Handle the form. $emd = escdata(xss_clean($_REQUEST['emd'])); $emailmd5 = md5($e); $query = "UPDATE authors SET Approved = 'Y' WHERE EmailMD5='{$emd}'"; $result = @mysql_query($query); // Run the query. if ($result) { // If it ran OK. // Registration Message and Thanks. echo ' <p>Thank you for your confirmation!</p> <p>Please feel free to <a href="./login.php">login</a>.</p>'; footer($index); exit; } else { // If it did not run OK. // Send a message to the error log, if desired. echo '<p>You could not be registered due to a system error. We apologize for any inconvenience.</p><p>'; }
contentinit($title); if (isset($_POST['submit'])) { // Check if the form has been submitted. if (empty($_POST['username'])) { // Validate the username. $u = FALSE; echo '<p>You forgot to enter your username!</p>'; } else { $u = escdata(xss_clean($_POST['username'])); } if (empty($_POST['password'])) { // Validate the password. $p = FALSE; echo '<p>You forgot to enter your password!</p>'; } else { $p = escdata(xss_clean($_POST['password'])); } if ($u && $p) { // If everything's OK. // Query the database. $query = "SELECT AuthorID, FirstName FROM authors WHERE UserName='******' AND Passwd=PASSWORD('{$p}') AND Approved!='B'"; $mysqldb->query($query); $row = $mysqldb->fetchObject(); if ($row) { // A match was made. // Start the session, register the values & redirect. $_SESSION['first_name'] = $row->FirstName; $_SESSION['user_id'] = $row->AuthorID; if ($u == 'Admin' || $u == 'admin') { $_SESSION['adfl'] = TRUE; }
$title = 'Change Your Password'; include 'functions.php'; head_page($title); menu_options($title, $vnum, $viewop, $pid, $keys, $adfl); contentinit($title); // If no first_name variable exists, redirect the user. if (!isset($_SESSION['first_name'])) { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php"); ob_end_clean(); exit; } else { if (isset($_POST['submit'])) { // Check for a new password and match against the confirmed password. if (eregi("^[[:alnum:]]{4,20}\$", stripslashes(trim($_POST['password1'])))) { if ($_POST['password1'] == $_POST['password2']) { $p = escdata($_POST['password1']); } else { $p = FALSE; echo '<p>Your password did not match the confirmed password!</p>'; } } else { $p = FALSE; echo '<p>Please enter a valid password!</p>'; } if ($p) { // If everything's OK. // Make the query. $query = "UPDATE authors SET Passwd=PASSWORD('{$p}') WHERE AuthorID={$_SESSION['user_id']}"; $result = @mysql_query($query); // Run the query. if (mysql_affected_rows() == 1) {
$article = TRUE; } else { $article = FALSE; $message .= 'needs content, '; } // Check for Keywords. if (strlen($_REQUEST['keywords']) > 0) { $keywords = TRUE; } else { $keywords = FALSE; $message .= 'needs keywords, '; } if ($title && $article && $keywords) { // If everythings okay. $titlesql = escdata($_REQUEST['title']); $keywordssql = escdata($_REQUEST['keywords']); // $articledatasql = escdata($_REQUEST['article']); $articledatasql = $_REQUEST['article']; $mysqldb->query("UPDATE articles SET Title = '{$titlesql}', Articledata = '{$articledatasql}', Keyw = '{$keywordssql}' WHERE FileID='{$enum}'"); $message .= "has been updated successfully. This article "; // now that the database is updated, we'd like to put these values back $title = xss_clean($_REQUEST['title']); $keywords = xss_clean($_REQUEST['keywords']); $articledata = xss_clean($_REQUEST['article']); } else { $message .= ' and has not been updated, please try again. This article '; } } // Set the page title and include the HTML header. $title = 'Edit Article'; head_page($title);
include './config/config.php'; include 'functions.php'; include "./classes/mysql.class.php"; //starting database $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); //variables $pagetitle = 'Search Results'; if ($_REQUEST['authorid'] || $_REQUEST['authorname']) { $authorid = mifi($_REQUEST['authorid']); $authorname = escdata($_REQUEST['authorname']); $authorquery = "SELECT a.FileID, a.Title, a.ArticleData, a.AuthorID, (SELECT au.UserName FROM authors as au WHERE au.AuthorID=a.AuthorID) AS AuthorName, a.Keyw, a.Approved, DATE_FORMAT(a.SubmitDate, '%m/%e/%y') as date FROM articles AS a WHERE a.ParentID=0 AND a.Approved='Y' AND a.AuthorID={$authorid}"; } if ($_REQUEST['keyword_list']) { $keyword_list = escdata(xss_clean($_REQUEST['keyword_list'])); } else { $keyword_list = 'nothing'; } if ($_REQUEST['authorid'] || $_REQUEST['authorname']) { $pagetitle = "Articles by {$authorname} "; } else { $pagetitle = "Search Results for \"{$keyword_list}\""; } head_page($pagetitle); menu_options($pagetitle, $vnum, $viewop, $pid, $keys, $adfl); contentinit($pagetitle); // Number of Records to show per page: $display = DB_MAX_REC; // Determine where in the db results to start returning results if (isset($_GET['s'])) {
include './config/config.php'; include "./config/dbsettings.php"; include 'functions.php'; // Set the page title and include the HTML header. $title = 'Password Reset'; head_page($title); menu_options($title, $vnum, $viewop, $pid, $keys, $adfl); contentinit($title); if (isset($_POST['submit'])) { // Handle the form. if (empty($_POST['username']) || $_POST['username'] == 'Admin') { // Validate the username. $u = FALSE; echo '<p>Invalid or missing User Name!</p>'; } else { $u = escdata($_POST['username']); // Check for the existence of that username. $query = "SELECT AuthorID, Email FROM authors WHERE UserName='******'"; $result = @mysql_query($query); $row = mysql_fetch_array($result, MYSQL_NUM); if ($row) { $uid = $row[0]; $email = $row[1]; } else { echo '<p>The submitted username does not match those on file!</p>'; $u = FALSE; } } if ($u) { // If everything's OK. // Create a new, random password.
include_once 'config/config.php'; include_once 'config/dbsettings.php'; $title = "Edit Article"; $fileid = mifi(escdata(xss_clean($_REQUEST['fileid']))); $aid = mifi(escdata(xss_clean($_REQUEST['aid']))); $authorid = $aid; if (isset($_SESSION['first_name'])) { $enum = TRUE; } if (isset($_REQUEST['submit'])) { $message = NULL; // sanitise user input $titlee = escdata(xss_clean($_POST['title'])); $keywordse = escdata(xss_clean($_POST['keywords'])); $articledatae = escdata(xss_clean($_POST['article'])); $descriptione = escdata(xss_clean($_POST['description'])); // Form Validation // Check for Title. if (strlen($titlee) > 0) { $title = TRUE; } else { $title = FALSE; $message .= 'You need to include a title for the article. '; } // Check for Article. if (strlen($articledatae) > 0) { $article = TRUE; } else { $article = FALSE; $message .= 'You need to include the article. '; }