function get_cat($subcat)
{
$res1 = mysql_safe("SELECT id_cat FROM subcat WHERE id=?", array($subcat));
if (mysql_num_rows($res1) > 0) {
$row1 = mysql_fetch_array($res1);
return $row1['id_cat'];
} else {
return 0;
}
}
function appPagesIsDraft($id)
{
if (appPagesIsPage($id)) {
$_page = query(SharedPage::$statements['is_draft'], mysql_safe($id));
return is_resource($_page) and mysql_num_rows($_page) == 1;
} else {
exLog("appPagesIsDraft(): Invalid reading, {$id} is not a valid page.");
return false;
}
}
//Run on user hitting submit button
if (isset($_POST['submit'])) {
//Send to function FormReady check if form input is valid
$output = FormReady();
//If no form input errors go
if ($output == "") {
//setup database connection information
$connection = mysql_connect("localhost", "root", "");
$db = mysql_select_db("baseball", $connection);
//set varables from user input after mysql_safe function is run from funtions.php file
$firstname = mysql_safe($_POST['firstname']);
$lastname = mysql_safe($_POST['lastname']);
$username = mysql_safe($_POST['username']);
$email = mysql_safe($_POST['email']);
//for password hash with MD5 first then SHA
$password = sha1(md5(mysql_safe($_POST['password'])));
//Get query to check for user is in database
$query = mysql_query("select username from login where username='******'", $connection);
$row = mysql_fetch_assoc($query);
$userCheck = $row['username'];
//checks to see if the username input by user is the same as the one from database
if (!isset($userCheck)) {
//get query to check if email is in database
$query = mysql_query("select email from login where email='{$email}'", $connection);
$row = mysql_fetch_assoc($query);
$emailCheck = $row['email'];
//check to see if email that was input by user is already in database
if (!isset($emailCheck)) {
//checks if error while connecting to databes
if (mysql_query("INSERT INTO login(firstname, lastname, username, password, email) VALUES('{$firstname}','{$lastname}','{$username}', '{$password}', '{$email}')", $connection)) {
//use javascript to alert them that there input was successfully stored in database
public function __construct()
{
// Put all of the queries in one place ;)
$this->statements['new_session'] = "INSERT INTO `[database]`.`[prefix]sessions` (`id`, `seed`, `verification_code`, `valid_ip`, `expire_time`, `user`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s');";
$this->statements['update_time'] = "UPDATE `[database]`.`[prefix]sessions` SET `expire_time` = '%s' WHERE CONVERT(`[prefix]sessions`.`id` USING utf8) = '%s' LIMIT 1;";
$this->statements['update_conf'] = "UPDATE `[database]`.`[prefix]sessions` SET `configuration` = '%s' WHERE CONVERT(`[prefix]sessions`.`id` USING utf8) = 'i-d' LIMIT 1;";
$this->statements['load_session'] = "SELECT * FROM `[prefix]sessions` WHERE `id` LIKE CONVERT(_utf8 '%s' USING latin1) COLLATE latin1_swedish_ci";
$this->statements['delete_session'] = "DELETE FROM `[prefix]sessions` WHERE CONVERT(`[prefix]sessions`.`id` USING utf8) = '%s' LIMIT 1";
$this->statements['delete_past_sessions'] = "DELETE FROM `[prefix]sessions` WHERE `expire_time` < %s";
$this->statements['user_from_id'] = "SELECT * FROM `[prefix]users` WHERE `id` LIKE CONVERT(_utf8 '%s' USING latin1) COLLATE latin1_swedish_ci";
$this->statements['user_from_username'] = "******";
// Check for banned users by IP regardless (user check comes later)
if (in_array($this->sClientIP, cfRead('Banned IPs'))) {
die(cfRead('Banned User Error Message'));
}
// Setup properties
$this->verified = true;
// This is assumed, can be override in Initialize.php
$this->reload = false;
// Shortcut: Is this a reload or new session
$this->guest = true;
// Shortcut: Is user a guest
$_create = true;
// Make new session?
// Diagnostic Defaults
$this->action = '-- action : not set --';
$this->mode = '-- mode : not set --';
$this->roles = cfRead('Roles');
// For documentation on roles see section X.X.X
// Setup Session
$this->session['id'] = mysql_safe($_COOKIE['kSessionID']);
$this->session['seed'] = mysql_safe($_COOKIE['kSessionSeed']);
// Setup Auth
$this->auth['attempt'] = isset($_POST['kAuthAttempt']);
$this->auth['username'] = mysql_safe($_POST['kAuthUsername']);
$this->auth['password'] = md5($_POST['kAuthPassword']);
$random_helper = unique_seed();
// Check for possibilit of reloading session
if (!is_null($this->session['id'])) {
exMethod('Authority: _attemptReload');
// Load the session
$_session = query($this->statements['load_session'], $this->session['id']);
if (is_resource($_session) and mysql_num_rows($_session) == 1) {
exMethod('Authority: _sessionExists');
$session = mysql_fetch_assoc($_session);
// Check for user type
$session['guest'] = substr($session['user'], 0, 2) == 'g:';
// Load user (based on type info)
if (!$session['guest']) {
exMethod('Authority: _sessionIsGuest');
$_user = query($this->statements['user_from_id'], substr($session['user'], 2));
if (is_resource($_user) and mysql_num_rows($_user)) {
$session['user'] = mysql_fetch_assoc($_user);
}
// Check if user is banned
if ($session['user']['banned']) {
die(cfRead('Banned User Error Message'));
}
}
$test['v_Code'] = md5($this->session['seed'] . $session['seed']) == $session['verification_code'];
$test['ip'] = client_ip == $session['valid_ip'];
$test['expire'] = $session['expire_time'] > time();
exMethod(print_r($test, true));
if (md5($this->session['seed'] . $session['seed']) == $session['verification_code'] and client_ip == $session['valid_ip'] and $session['expire_time'] > time()) {
$this->sessionReload($session);
$_create = false;
}
}
}
// Work with auth attempts
if ($this->auth['attempt']) {
exMethod('Authority: _authAttempt');
$_user = query($this->statements['user_from_username'], $this->auth['username']);
if (is_resource($_user) and mysql_num_rows($_user) == 1) {
$user = mysql_fetch_assoc($_user);
exLog("\n" . $this->auth['password'] . "\n" . $user['password']);
if ($this->auth['password'] == $user['password']) {
$this->sessionCreate($user);
$_create = false;
}
}
}
// Create New Session ???
if ($_create) {
exMethod('Authority: _create');
$this->sessionCreate();
}
}
<?php
# Pages Application
if (!is_null($_GET['arg']) and $_GET['arg'] != '') {
exMethod("Pages: View -> Single Page with ID {$_GET['arg']}");
$page = new Page(mysql_safe($_GET['arg']), true);
if (!is_null($page->id)) {
add(template('Single Page', 'Page Name: %1$s<br />Date Mod: %3$s | Date Created: %4$s<br />Author: %7$s<br /><pre style="color:green">%2$s</pre>'), $page->name, $page->content, format_date($page->date_modified), format_date($page->date_created), $page->author->id, $page->author->username, $page->author->display_name);
} else {
error('Page Not Found', 'You entered an invalid page.');
}
} else {
exMethod("Pages: View -> List with offset({$_GET['offset']}) and count({$_GET['count']})");
$pages = SharedPage::Fetch(mysql_safe($_GET['offset']), mysql_safe($_GET['count']), true);
// DONT CARE YET
}
echo "<input type='text' name='percent' value='" . $row1['percent'] . "' size=5>";
echo "</td>";
echo "<td>";
echo "<input type='text' name='round' value='" . $row1['round'] . "' size=5>";
echo "</td>";
echo "<td>";
echo "<input type='submit' value='change'>";
echo "</form>";
echo "</tr>";
}
echo "</table>";
echo "</div>";
}
} else {
// category list
$res = mysql_safe("SELECT * FROM category");
while ($row = mysql_fetch_array($res)) {
echo "<a href='adm.php?login="******"&pass="******"&cat=" . $row['id'] . "' class='menuitem'>" . $row['name'] . "</a><br>";
}
echo "</div>";
echo "<div id='rightcolumn'>";
echo "Choose category for change";
echo "</div>";
}
} else {
show_form();
echo "</div>";
echo "<div id='rightcolumn'>";
echo "Incorrect login-pass pair, try again";
echo "</div>";
}
