function check_login($username, $password, $remember = true) { $db = get_db_read(); # Get the salt and check if the user exists at the same time $result = try_mysql_query("SELECT salt FROM users WHERE username = '******'", $db); if (mysql_num_rows($result) != 1) { return null; } $row = mysql_fetch_assoc($result); $salt = $row['salt']; mysql_free_result($result); $hashed_password = hash_password($password, $salt); $ret = get_user_info($db, $username, $hashed_password); if ($ret == null) { return null; } if ($remember == true) { setcookie("username", $username, time() + 60 * 60 * 24 * 3000); setcookie("password", $hashed_password, time() + 60 * 60 * 24 * 3000); } $_SESSION["username"] = $username; return $ret; }
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # upload_iamge.php # * Image is uploaded to this # * Image is moved and named appropriately # * # header('Pragma: no-cache'); require 'shared.php'; # Make a connection to the database $db = get_db_read(); if (!$me) { show_error_redirect_back("Please log in first"); } if (isset($_FILES['file']) == false) { show_error_redirect_back("Error uploading file! The filename wasn't found."); } $ext = get_extension(strtolower($_FILES['file']['name'])); if (!in_array($ext, array("jpeg", "jpg", "png", "gif", "bmp", "tif", "tiff"))) { show_error_redirect_back("Sorry, {$ext} isn't an allowed file type. Allowed extensions are JPEG, JPG, GIF, PNG, BMP, TIF, and TIFF<BR>"); } # Generate the new filename $rand = generate_salt(); $i = 0; do { $newname = $me['username'] . "-" . $rand . "-{$i}.jpeg";
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # admin.php # This script performs several administrative tasks # header('Pragma: no-cache'); require 'shared.php'; # Make a connection to the database $db_read = get_db_read(); $db_write = get_db_write(); if ($me == null || $me['admin'] != '1') { show_error_redirect_back("Error"); } if (isset($_GET['action']) == false) { show_error_redirect_back('No action specified'); } $action = $_GET['action']; if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) { $user_id = $_GET['user_id']; } if ($action == 'authorize') { if (isset($user_id) == false) { show_error_redirect_back('No user_id specified'); }
if (is_dir($f) == false) { $info = stat("{$preview_directory}/{$f}"); $age_in_seconds = time() - $info['mtime']; $age_in_minutes = $age_in_seconds / 60; if ($age_in_minutes > $preview_timeout) { unlink("{$preview_directory}/{$f}"); } } } if (is_dir($upload_directory) == false) { mkdir($upload_directory) or show_error_die("Unable to create upload directory '{$upload_directory}'"); } if (is_dir($preview_directory) == false) { mkdir($preview_directory) or show_error_die("Unable to create preview directory '{$preview_directory}'"); } $me = get_current_user_info(get_db_read()); # Makes sure the username is made up of letters and numbers, and is between 3 and 14 characters long function validate_username($username) { if (isset($username) == false) { return false; } if (ereg('^([a-zA-Z0-9])*$', $username) == false) { return false; } if (strlen($username) < 3 || strlen($username) > 14) { return false; } return true; } # Makes sure the password isn't an unreasonable length