$error = "Username '{$_POST['username']}' does not exist!"; $smarty->assign('login_error', $error); $smarty->assign('login_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; } if ($user_info['can_login'] == 0) { $error = "Your account has been disabled! Sorry..."; $smarty->assign('login_error', $error); $smarty->display('index.tpl.html'); exit; } $md5_pass = md5($_POST['password']); if ($md5_pass == $user_info['password']) { # $_SESSION['user_id'] = $user_info['id']; $_SESSION['username'] = $_POST['username']; setcookie('user_id', $_SESSION['user_id'], time() + 3600 * 24 * 10); # expire after 10 days setcookie('md5_pass', $md5_pass, time() + 3600 * 24 * 10); $time = time(); $last_access_query = "UPDATE users set date_access = {$time} WHERE id = {$user_info['id']}"; $db->query($last_access_query); header("Location: {$SITE_URL}"); } else { $error = "Password incorrect for username '{$_POST['username']}'!"; $smarty->assign('login_error', $error); $smarty->assign('login_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; }
$smarty->assign('registration_error', $error); $smarty->assign('register_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; } if ($user_count) { $error = "Username '{$_POST['username']}' already exists!\n" . "Please choose a different one!"; $smarty->assign('registration_error', $error); $smarty->assign('register_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; } $current_time = time(); $md5_pass = md5($_POST['password']); $insert_query = "INSERT INTO users (username, password, date_regged, date_access, ip_address) VALUES " . "('{$_POST['username']}', '{$md5_pass}', {$current_time}, {$current_time}, '{$_SERVER['REMOTE_ADDR']}')"; $res = $db->query($insert_query); if ($db->isError()) { $error = "Registration failed! There was a database error: " . $db->getError(); $smarty->assign('registration_error', $error); $smarty->assign('register_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; } $_SESSION['user_id'] = $db->getLastInsertId(); $_SESSION['username'] = $_POST['username']; setcookie('user_id', $_SESSION['user_id'], time() + 3600 * 24 * 10); # expire after 10 days setcookie('md5_pass', $md5_pass, time() + 3600 * 24 * 10); # Display a welcome message to the user as she/he just got registered. $_SESSION['welcome'] = 1; header("Location: {$SITE_URL}");
} $smarty->assign('email', isset($data['email']) ? $data['email'] : ''); $smarty->assign('website', isset($data['website']) ? $data['website'] : ''); # UGLINESS if (isset($_POST['action'])) { if ($_POST['action'] == "profile") { $data['email'] = isset($_POST['email']) ? $_POST['email'] : ''; $data['website'] = isset($_POST['website']) ? $_POST['website'] : ''; if ($data['email'] && !preg_match("#^.+@.+\$#", $data['email'])) { $smarty->assign('error_profile', "Invalid email address '{$data['email']}'!"); $smarty->display('index.tpl.html'); exit; } $data_esc_ser = $db->escape(serialize($data)); $update_query = "UPDATE users SET data = '{$data_esc_ser}' WHERE id = {$_SESSION['user_id']}"; if (!$db->query($update_query)) { $smarty->assign('error_profile', "There was a database error while updating your profile: " . $db->getError()); } else { $smarty->assign('email', $data['email']); $smarty->assign('website', $data['website']); } } else { if ($_POST['action'] == "password") { $current_pass = isset($_POST['current_password']) ? $_POST['current_password'] : ''; $new_pass = isset($_POST['new_password']) ? $_POST['new_password'] : ''; $new_pass2 = isset($_POST['new_password2']) ? $_POST['new_password2'] : ''; if (empty($current_pass)) { $smarty->assign('error_password', "To set a new password, enter your current password!"); $smarty->display('index.tpl.html'); exit; }
# $check_query = "SELECT date_added FROM comments " . "WHERE item_id = {$item['id']} AND " . "user_id = {$user_id} AND " . "ip_address = '{$_SERVER['REMOTE_ADDR']}' " . "ORDER BY date_added DESC"; $date_added = $db->fetchRowQuerySingle($check_query); if ($db->isError()) { $comment_error = "There was a database error while adding your comment: " . $db->getError() . "! Sorry..."; $smarty->assign('comment_error', $comment_error); $smarty->assign('existing_comment', isset($_POST['comment']) ? $_POST['comment'] : ''); } if ($date_added && $time_now - $date_added < 20) { $comment_error = "Please wait at least 20 seconds between posting comments! Thank you :)"; $smarty->assign('comment_error', $comment_error); $smarty->assign('existing_comment', isset($_POST['comment']) ? $_POST['comment'] : ''); } if (!$comment_error) { $add_comment_query = "INSERT INTO comments (comment, item_id, user_id, anonymous_name, date_added, ip_address) VALUES " . "('{$escaped_comment}', {$item['id']}, {$user_id}, '{$anonymous_name}', {$time_now}, '{$_SERVER['REMOTE_ADDR']}')"; if (!$db->query($add_comment_query)) { $comment_error = "There was a database error while adding your comment: " . $db->getError() . "! Sorry..."; $smarty->assign('comment_error', $comment_error); $smarty->assign('existing_comment', isset($_POST['comment']) ? $_POST['comment'] : ''); } } } # Get comments for this item # $comments_query = "SELECT c.id id, c.comment comment, c.date_added date_added, c.anonymous_name as anonymous_name, u.username username FROM comments c " . "LEFT JOIN users u ON c.user_id = u.id WHERE c.item_id = {$item['id']} ORDER BY date_added ASC"; $comments = $db->fetchAllQueryAssoc($comments_query); if ($db->isError()) { $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', 'Database error has occured: ' . $db->getError()); $smarty->display('index.tpl.html'); exit;
$profile = isset($profile) && $profile === false ? false : true; if (isset($mssql)) { if ($export = ci_load_database('mssql', $mssql, $query_builder, $profile)) { $export = new Database($export); } } elseif (isset($mysql)) { if ($export = ci_load_database('mysqli', $mysql, $query_builder, $profile)) { $export = new Database($export); } } elseif (isset($oracle)) { if ($export = ci_load_database('oci8', $oracle, $query_builder, $profile)) { $export = new Database($export); } } elseif (isset($postgre)) { if ($export = ci_load_database('postgre', $postgre, $query_builder, $profile)) { $export = new Database($export); } } elseif (isset($sqlite)) { $export = new SQLite($sqlite, $query_builder, $profile); } elseif (isset($fts)) { $export = array(); list($search, $values) = each($fts); $db = new SQLite(); $db->fts->create('results', 'search', 'porter'); $db->fts->upsert('results', 'search', $values); $db->query('SELECT docid, search FROM results WHERE search MATCH ?', array($search)); while (list($docid, $value) = $db->fetch('row')) { $export[$docid] = $value; } unset($db); }