include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
$parentid = mifi($_REQUEST['parentid']);
$mysqldb->query("SELECT Title from articles where FileID ='{$parentid}'");
$result = mysql_query($query);
$row = $mysqldb->fetchObject();
$title = "Re: {$row->Title}";
if (isset($_POST['submit'])) {
// Handle the Form
$message = NULL;
// Create an empty new variable.
// sanitise user input
$titlee = escdata(xss_clean($_POST['commenttitle']));
$articledatae = escdata(xss_clean($_POST['article']));
// Validate user input
// Check for Title.
if (strlen($titlee) > 0) {
$title = TRUE;
} else {
$title = FALSE;
$message .= 'You need to include a title for your comment. ';
}
// Check for Article.
if (strlen($articledatae) > 0) {
$article = TRUE;
} else {
$article = FALSE;
$message .= 'You need to include the comment. ';
}
<?php
// confirm.php
include './config/config.php';
include 'functions.php';
$title = 'Confirmation';
head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);
if (isset($_REQUEST['emd'])) {
// Handle the form.
$emd = escdata(xss_clean($_REQUEST['emd']));
$emailmd5 = md5($e);
$query = "UPDATE authors SET Approved = 'Y' WHERE EmailMD5='{$emd}'";
$result = @mysql_query($query);
// Run the query.
if ($result) {
// If it ran OK.
// Registration Message and Thanks.
echo '
<p>Thank you for your confirmation!</p>
<p>Please feel free to <a href="./login.php">login</a>.</p>';
footer($index);
exit;
} else {
// If it did not run OK.
// Send a message to the error log, if desired.
echo '<p>You could not be registered due to a system error. We apologize for any inconvenience.</p><p>';
}
contentinit($title);
if (isset($_POST['submit'])) {
// Check if the form has been submitted.
if (empty($_POST['username'])) {
// Validate the username.
$u = FALSE;
echo '<p>You forgot to enter your username!</p>';
} else {
$u = escdata(xss_clean($_POST['username']));
}
if (empty($_POST['password'])) {
// Validate the password.
$p = FALSE;
echo '<p>You forgot to enter your password!</p>';
} else {
$p = escdata(xss_clean($_POST['password']));
}
if ($u && $p) {
// If everything's OK.
// Query the database.
$query = "SELECT AuthorID, FirstName FROM authors WHERE UserName='******' AND Passwd=PASSWORD('{$p}') AND Approved!='B'";
$mysqldb->query($query);
$row = $mysqldb->fetchObject();
if ($row) {
// A match was made.
// Start the session, register the values & redirect.
$_SESSION['first_name'] = $row->FirstName;
$_SESSION['user_id'] = $row->AuthorID;
if ($u == 'Admin' || $u == 'admin') {
$_SESSION['adfl'] = TRUE;
}
$title = 'Change Your Password';
include 'functions.php';
head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);
// If no first_name variable exists, redirect the user.
if (!isset($_SESSION['first_name'])) {
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
ob_end_clean();
exit;
} else {
if (isset($_POST['submit'])) {
// Check for a new password and match against the confirmed password.
if (eregi("^[[:alnum:]]{4,20}\$", stripslashes(trim($_POST['password1'])))) {
if ($_POST['password1'] == $_POST['password2']) {
$p = escdata($_POST['password1']);
} else {
$p = FALSE;
echo '<p>Your password did not match the confirmed password!</p>';
}
} else {
$p = FALSE;
echo '<p>Please enter a valid password!</p>';
}
if ($p) {
// If everything's OK.
// Make the query.
$query = "UPDATE authors SET Passwd=PASSWORD('{$p}') WHERE AuthorID={$_SESSION['user_id']}";
$result = @mysql_query($query);
// Run the query.
if (mysql_affected_rows() == 1) {
$article = TRUE;
} else {
$article = FALSE;
$message .= 'needs content, ';
}
// Check for Keywords.
if (strlen($_REQUEST['keywords']) > 0) {
$keywords = TRUE;
} else {
$keywords = FALSE;
$message .= 'needs keywords, ';
}
if ($title && $article && $keywords) {
// If everythings okay.
$titlesql = escdata($_REQUEST['title']);
$keywordssql = escdata($_REQUEST['keywords']);
// $articledatasql = escdata($_REQUEST['article']);
$articledatasql = $_REQUEST['article'];
$mysqldb->query("UPDATE articles SET Title = '{$titlesql}', Articledata = '{$articledatasql}', Keyw = '{$keywordssql}' WHERE FileID='{$enum}'");
$message .= "has been updated successfully. This article ";
// now that the database is updated, we'd like to put these values back
$title = xss_clean($_REQUEST['title']);
$keywords = xss_clean($_REQUEST['keywords']);
$articledata = xss_clean($_REQUEST['article']);
} else {
$message .= ' and has not been updated, please try again. This article ';
}
}
// Set the page title and include the HTML header.
$title = 'Edit Article';
head_page($title);
include './config/config.php';
include 'functions.php';
include "./classes/mysql.class.php";
//starting database
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
//variables
$pagetitle = 'Search Results';
if ($_REQUEST['authorid'] || $_REQUEST['authorname']) {
$authorid = mifi($_REQUEST['authorid']);
$authorname = escdata($_REQUEST['authorname']);
$authorquery = "SELECT a.FileID, a.Title, a.ArticleData, a.AuthorID, (SELECT au.UserName FROM authors as au WHERE au.AuthorID=a.AuthorID) AS AuthorName, a.Keyw, a.Approved, DATE_FORMAT(a.SubmitDate, '%m/%e/%y') as date FROM articles AS a WHERE a.ParentID=0 AND a.Approved='Y' AND a.AuthorID={$authorid}";
}
if ($_REQUEST['keyword_list']) {
$keyword_list = escdata(xss_clean($_REQUEST['keyword_list']));
} else {
$keyword_list = 'nothing';
}
if ($_REQUEST['authorid'] || $_REQUEST['authorname']) {
$pagetitle = "Articles by {$authorname} ";
} else {
$pagetitle = "Search Results for \"{$keyword_list}\"";
}
head_page($pagetitle);
menu_options($pagetitle, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($pagetitle);
// Number of Records to show per page:
$display = DB_MAX_REC;
// Determine where in the db results to start returning results
if (isset($_GET['s'])) {
include './config/config.php';
include "./config/dbsettings.php";
include 'functions.php';
// Set the page title and include the HTML header.
$title = 'Password Reset';
head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);
if (isset($_POST['submit'])) {
// Handle the form.
if (empty($_POST['username']) || $_POST['username'] == 'Admin') {
// Validate the username.
$u = FALSE;
echo '<p>Invalid or missing User Name!</p>';
} else {
$u = escdata($_POST['username']);
// Check for the existence of that username.
$query = "SELECT AuthorID, Email FROM authors WHERE UserName='******'";
$result = @mysql_query($query);
$row = mysql_fetch_array($result, MYSQL_NUM);
if ($row) {
$uid = $row[0];
$email = $row[1];
} else {
echo '<p>The submitted username does not match those on file!</p>';
$u = FALSE;
}
}
if ($u) {
// If everything's OK.
// Create a new, random password.
include_once 'config/config.php';
include_once 'config/dbsettings.php';
$title = "Edit Article";
$fileid = mifi(escdata(xss_clean($_REQUEST['fileid'])));
$aid = mifi(escdata(xss_clean($_REQUEST['aid'])));
$authorid = $aid;
if (isset($_SESSION['first_name'])) {
$enum = TRUE;
}
if (isset($_REQUEST['submit'])) {
$message = NULL;
// sanitise user input
$titlee = escdata(xss_clean($_POST['title']));
$keywordse = escdata(xss_clean($_POST['keywords']));
$articledatae = escdata(xss_clean($_POST['article']));
$descriptione = escdata(xss_clean($_POST['description']));
// Form Validation
// Check for Title.
if (strlen($titlee) > 0) {
$title = TRUE;
} else {
$title = FALSE;
$message .= 'You need to include a title for the article. ';
}
// Check for Article.
if (strlen($articledatae) > 0) {
$article = TRUE;
} else {
$article = FALSE;
$message .= 'You need to include the article. ';
}
