function session_hash(database $database, base $base, $username)
{
//generate new hash
$session_hash = $base->randomString(35);
//update old hash to new one (after checking the hahs doesn't exist)
$database->processQuery("SELECT * FROM `users` WHERE `cookie` = ?", array($session_hash), false);
if ($database->getRowCount() == 0) {
$database->processQuery("UPDATE `users` SET `cookie` = ? WHERE `username` = ? LIMIT 1", array($session_hash, $username), false);
return $session_hash;
} else {
session_hash();
}
}
<?php
require '../includes/config.php';
require '../structure/database.php';
require '../structure/base.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base();
if (isset($_POST['qfc'])) {
$thread = $database->processQuery("SELECT `id`,`parent` FROM `threads` WHERE `qfc` = ? LIMIT 1", array($_POST['qfc']), true);
if ($database->getRowCount() >= 1) {
$base->redirect('viewthread.php?forum=' . $thread[0]['parent'] . '&id=' . $thread[0]['id']);
}
}
$base->redirect('index.php');
}
//check if the POST has been edited, then adjust the $date variable accordingly
if (empty($details['lastedit'])) {
$date = $details['date'];
} else {
//get USERNAME:DATE/TIME
$edit_details = explode('@', $details['lastedit']);
$date = $details['date'] . '<br/>Last edit on ' . $edit_details[1] . ' by ' . $edit_details[0];
}
//get forum details
$forum_details = $database->processQuery("SELECT `title` FROM `forums` WHERE `id` = ?", array($f), true);
//pagination
$per_page = 10;
//get # of pages
$database->processQuery("SELECT * FROM `posts` WHERE `thread` = ?", array($i), false);
$pages = $database->getRowCount() == 0 ? 1 : ceil($database->getRowCount() / $per_page);
//get current page
!ctype_digit($_GET['page']) || $_GET['page'] > $pages ? $page = 1 : ($page = $_GET['page']);
//get next link
$page < $pages ? $next = $page + 1 : ($next = $page);
//get prev link
$page - 1 >= 1 ? $prev = $page - 1 : ($prev = $page);
//start
$start = ($page - 1) * $per_page;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
?>
</b><br />
<fieldset class="question">
<legend><?php
echo stripslashes($poll_data[0]['poll_title']);
?>
</legend>
<table border="0" width="100%">
<?php
//display the options and vote percentages
$options = $database->processQuery("SELECT `id`,`option` FROM `poll_options` WHERE `belongs` = ? ORDER BY `id` ASC", array($id), true);
foreach ($options as $option) {
//get the number of people who chose the option
$database->processQuery("SELECT * FROM `votes` WHERE `option_id` = ?", array($option['id']), false);
//number of people that chose the option
$times_chosen = $database->getRowCount();
$percentage = $times_chosen >= 1 ? round(100 * $times_chosen / $poll->getNumOfVotes($id)) : 0;
?>
<tr>
<td class="shield" style="width: auto;"> <?php
echo $option['option'];
?>
</td>
<td style="width: auto;">
<img id="poll_left" src="../img/polls/poll_start_cap.gif">
<!--
Keep both of the below lines on the same line with each other, else a small
graphical glitch will be conceived.
-->
<img id="poll_bg" style="height: 15px; width: <?php
<link href="css/basic-3.css" rel="stylesheet" type="text/css" media="all">
<link href="css/main/title-5.css" rel="stylesheet" type="text/css" media="all">
<link rel="shortcut icon" href="img/favicon.ico" />
<?php
include 'includes/google_analytics.html';
?>
</head>
<body>
<div id="body">
<div>
<div style="text-align: center; margin-bottom: 10px; position:relative;">
<img src="img/title2/rslogo3.gif" alt="RuneScape"><br>
<?php
$database->processQuery("SELECT * FROM `users`", array(), false);
echo 'There are currently ' . number_format($database->getRowCount()) . ' people registered!';
?>
</div>
</div>
<div class="left">
<fieldset class="menu rs">
<legend><?php
echo $data['wb_abbr'];
?>
</legend>
<ul>
<?php
if ($user->isLoggedIn()) {
?>
<li class="i-create"><a href="logout.php">Logout</a></li>
<li class="i-shop"><a href="donate.php">Donate</a></li>
//let's also make sure they have the right permissions to view the forum
if ($forum->canView($f, $rank) == false) {
$base->redirect('index.php');
}
//check if a moderator is taking action against threads
if (isset($_POST['action']) && isset($_POST['selection']) && $rank > 2) {
//get all the threads we're going to update
foreach ($_POST['selection'] as $object) {
$threads .= $object . '-';
}
//now send them off to action.php to update all the threads selected
$base->redirect('action.php?forum=' . $f . '&action=' . $_POST['action'] . '&threads=' . $threads);
}
$forum_details = $database->processQuery("SELECT `icon`,`title`,`type` FROM `forums` WHERE `id` = ? LIMIT 1", array($f), true);
//Check existence of the specified forum
if ($database->getRowCount() == 0) {
$base->redirect('index.php');
}
//pagination
$per_page = 20;
//get # of pages
$database->processQuery("SELECT * FROM `threads` WHERE `parent` = ?", array($f), false);
$pages = ceil($database->getRowCount() / $per_page);
//get current page
!ctype_digit($_GET['page']) || $_GET['page'] > $pages ? $page = 1 : ($page = $_GET['page']);
//get next link
$page < $pages ? $next = $page + 1 : ($next = $page);
//get prev link
$page - 1 >= 1 ? $prev = $page - 1 : ($prev = $page);
//start
$start = ($page - 1) * $per_page;
</head>
<div id="body">
<div style="text-align: center; background: none;">
<div class="titleframe e">
<b>Daily Screenshot</b><br />
<a href="index.php">Main Menu</a>
</div>
</div>
<br/>
<br/>
<div class="titleframe e" style="text-align:left; color:white; width:750px; margin-left:auto; margin-right:auto;">
<?php
//pagination for daily screenshots - newest to oldest
$database->processQuery("SELECT * FROM `dailyscreenshots`", array(), false);
$pages = $database->getRowCount();
if ($pages == 0) {
echo 'No screenshots to display.';
} else {
//set basic variables
$page = $_GET['page'] > $pages || $_GET['page'] == 0 || !isset($_GET['page']) ? 1 : $_GET['page'];
$start = ($page - 1) * 1;
if ($page < $pages) {
?>
<div style="float:right;"><a href="?page=<?php
echo $page + 1;
?>
">Older Screenshot ></a> <a href="?page=<?php
echo $pages;
?>
">Oldest Screenshot >></a></div> <?php
function delete($id, database $database, $rank)
{
//this is an administrator only feature
if ($rank > 3) {
//make sure it exists
$database->processQuery("SELECT * FROM `threads` WHERE `id` = ? LIMIT 1", array($id), false);
if ($database->getRowCount() == 1) {
//delete thread
$database->processQuery("DELETE FROM `threads` WHERE `id` = ? LIMIT 1", array($id), false);
//delete all posts the thread had
$database->processQuery("DELETE FROM `posts` WHERE `thread` = ?", array($id), false);
}
}
}
<img class="widescroll-top" src="../img/scroll/backdrop_765_top.gif" alt="" width="765" height="50" />
<div class="widescroll">
<div class="widescroll-bgimg">
<div class="widescroll-content">
<div id="black_fields">
There is a total of <?php
echo $base->userCount();
?>
registered users.
<?php
//get the # of users
$database->processQuery("SELECT * FROM `users`", array(), false);
//pagination
$per_page = 25;
$pages = ceil($database->getRowCount() / $per_page);
//current page
$page = $_GET['page'] < 1 || $_GET['page'] > $pages || !ctype_digit($_GET['page']) ? 1 : $_GET['page'];
//where to start at when extracting
$start = ($page - 1) * $per_page;
//query to draw user list
$users = $database->processQuery("SELECT `username` FROM `users` ORDER BY `username` ASC LIMIT {$start},{$per_page}", array(), true);
?>
<table cellspacing="4" cellpadding="3">
<?php
//place holder
$ph = 0;
foreach ($users as $user) {
$ph++;
echo '<tr><td><font size="3"><b>#' . $ph . ':</b> ' . $user['username'] . '</font></td></tr>';
<tr><td>Delete threads</td><td><input type="checkbox" name="threads" value="1"></td></tr>
<tr><td>Done?</td><td><input type="submit" value="Delete!"></td></tr>
</table>
</form>
</div>
<?php
} else {
$selected_user = $_POST['username'];
if ($user->getRank($selected_user) > 1) {
echo 'You can\'t delete posts by a fellow staff member. <input type="button" value="Back" onclick="goBack()" />';
} else {
if (isset($_POST['posts'])) {
$database->processQuery("DELETE FROM `posts` WHERE `username` = ?", array($selected_user), false);
}
$affected = $database->getRowCount();
if (isset($_POST['threads'])) {
$threads = $database->processQuery("SELECT `id` FROM `threads` WHERE `username` = ?", array($selected_user), true);
//delete all posts in the threads the user mades
foreach ($threads as $thread) {
$database->processQuery("DELETE FROM `posts` WHERE `thread` = ?", array($thread['id']), false);
$affected += $database->getRowCount();
}
//delete the thread now
$database->processQuery("DELETE FROM `threads` WHERE `username` = ?", array($selected_user), false);
$affected += $database->getRowCount();
}
$affected += $database->getRowCount();
if ($affected == 0) {
echo 'No posts or threads were deleted. Are you sure they exist?';
} else {
<?php
require '../includes/config.php';
require '../structure/database.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
/*
* this file is for addforum.php's and editforum.php's AJAX requests
*/
if (isset($_GET['cat'])) {
//id of the category
$cat = $_GET['cat'];
$database->processQuery("SELECT * FROM `cats` WHERE `id` = ?", array($cat), false);
if ($database->getRowCount() > 0) {
$query = $database->processQuery("SELECT `pos` FROM `forums` WHERE `parent` = ? ORDER BY `pos` DESC LIMIT 0,1", array($cat), true);
echo $query[0]['pos'] + 1;
}
}
</div>
<br/>
<div id="msg_c_container">
<div id="t_container">
<img src="../img/msgcenter/received.gif">
<div id="t_container_bottom">
<?php
//get new replies
//administrators should receive ALL newly created conversations that aren't closed/solved, so they can reply to them
if ($rank < 4) {
$new = $database->processQuery("SELECT `id`,`title`,`date` FROM `messages` WHERE (`opened` = '0' AND `receiver` = ?) OR (`opened` = 0 AND `receiver` = '*') AND " . time() . " - `timestamp` < '7889231' ORDER BY `date` DESC", array($username), true);
} else {
$new = $database->processQuery("SELECT `id`,`title`,`date` FROM `messages` WHERE (`opened` = 0 AND `receiver` = ?) OR (`lastreply` <> ? AND `receiver` = '!' AND `status` = 0) AND " . time() . " - `timestamp` < '7889231' ORDER BY `date` DESC", array($username, $username), true);
}
if ($database->getRowCount()) {
foreach ($new as $message) {
?>
<table>
<tr>
<td width="15%"><a href="viewmessage.php?id=<?php
echo $message['id'];
?>
"><?php
echo stripslashes($message['title']);
?>
</a></td>
<td width="5%"><?php
echo $msgcenter->getReplies($message['id']);
?>
</td>
require '../structure/database.php';
require '../structure/base.php';
require '../structure/user.php';
require '../structure/user.register.php';
$database = new database($db_host, $db_name, $db_user, $db_password);
$base = new base($database);
$user = new user($database);
$register = new user_register($database);
//preform basic checks before loading page
if ($user->isLoggedIn()) {
$base->redirect('../index.php');
}
//lets check if they already have three accounts (max # of accs per ip)
$database->processQuery("SELECT * FROM `users` WHERE `ip` = ?", array($_SERVER['REMOTE_ADDR']), false);
//0: no error 1: error
$err = $database->getRowCount() >= 3 ? 2 : 0;
if (isset($_POST['age']) && isset($_POST['country'])) {
if (!in_array($_POST['age'], array('Below 13', '13-18', '19-24', '25-30', '31-36', '36-39', '40+')) || !ctype_digit($_POST['country'])) {
$err = 1;
} else {
$_SESSION['age'] = $_POST['age'];
$_SESSION['country'] = $_POST['country'];
$base->redirect('username.php');
}
} else {
$register->clear();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
function qfc(database $database)
{
$qfc = rand(0, 9) . '-' . rand(0, 9) . '-' . rand(1000, 9999) . '-' . rand(10000, 19999);
//make sure this qfc doesn't already exist (even though it's not likely to happen)
$database->processQuery("SELECT * FROM `threads` WHERE `qfc` = ?", array($qfc), false);
if ($database->getRowCount() >= 1) {
qfc();
} else {
return $qfc;
}
}
if (strlen($_POST['keywords']) < 3) {
echo '<b>Your search term must be at least 3 characters.</b>';
} else {
if ($_POST['forum'] == 'all') {
$query = $database->processQuery("SELECT `id`,`title`,`parent`,`date` FROM `threads` WHERE `title` LIKE ? ORDER BY `date` DESC", array('%' . $_POST['keywords'] . '%'), true);
} else {
$query = $database->processQuery("SELECT `id`,`title`,`parent`,`date` FROM `threads` WHERE `title` LIKE ? AND parent = ? ORDER BY `date` DESC", array('%' . $_POST['keywords'] . '%', $_POST['forum']), true);
}
?>
<div id="pack_results">
<b>Results for "<?php
echo htmlentities($_POST['keywords'], ENT_NOQUOTES);
?>
" (<?php
echo $database->getRowCount();
?>
)</b><br/><table cellpadding="3" cellspacing="0">
<?php
foreach ($query as $result) {
$forum = $database->processQuery("SELECT `title` FROM `forums` WHERE `id` = ?", array($result['parent']), true);
//put on a separate line as having it in the echo would be too long
$title = '<a href="viewthread.php?forum=' . $result['parent'] . '&id=' . $result['id'] . '">' . $result['title'] . '</a>';
echo '<tr><td align="left"><img src="../img/forum/sword_five.png"></td><td align="left">' . $result['date'] . '</td><td align="left">' . $title . ' in forum <a href="viewforum.php?forum=' . $result['parent'] . '">' . $forum[0]['title'] . '</a></td></tr>';
}
?>
</table>
</div>
<?php
}
<center>
<?php
if (!isset($_GET['tracking_id'])) {
?>
<fieldset class="question">
<legend>Track</legend>
Please enter in the the tracking ID you were given.
</fieldset>
<form action="track.php" method="GET">
<input type="text" name="tracking_id" maxlength="12"><input type="submit" value="Track">
</form>
<?php
} else {
$info = $database->processQuery("SELECT `status`,`ip`,`account` FROM `tracking` WHERE `tracking_id` = ?", array($_GET['tracking_id']), true);
if ($database->getRowCount() == 0) {
echo 'No recovery request exists with this tracking ID. <input type="button" value="Back" onclick="goBack()" />';
} elseif ($_SERVER['REMOTE_ADDR'] != $info[0]['ip']) {
echo 'This isn\'t yours to check. <input type="button" value="Back" onclick="goBack()" />';
} elseif ($info[0]['status'] == 1) {
if (!isset($_POST['password']) || !isset($_POST['confirm'])) {
?>
<fieldset class="question">
<legend>Accepted</legend>
Your recovery was accepted. Please enter in the new details of your account.
</fieldset>
<form action="track.php?tracking_id=<?php
echo $_GET['tracking_id'];
?>
<tr><td></td><td align="left"><input type="submit" class="button" value="Create"></td></tr>
</table>
</form>';
} elseif (strlen($_POST['reply']) > 2000 || strlen($_POST['title']) > 50) {
$content = 'Your reply cannot be greater than 2000 characters; your title cannot be greater than 50 characters. <input type="button" class="button" value="Back" onclick="goBack()" />';
} elseif (strlen($_POST['reply']) == 0 || strlen($_POST['title']) == 0) {
$content = 'Either your message contents or title is empty. <input type="button" class="button" value="Back" onclick="goBack()" />';
} else {
if ($rank < 4) {
$receiver = '!';
} else {
$receiver = isset($_POST['mass_message']) ? '*' : $_POST['receiver'];
}
//verify the selected user exists
$database->processQuery("SELECT * FROM `users` WHERE `username` = ?", array($receiver), false);
if ($database->getRowCount() == 0 && $receiver != '!' && $receiver != '*') {
$content = 'The chosen user does not exist. <input type="button" class="button" value="Back" onclick="goBack()" />';
} else {
//create conversation
$database->processQuery("INSERT INTO `messages` VALUES (null, ?, ?, ?, ?, ?, NOW(), '0', '0', ?, ?)", array($username, $receiver, $_POST['title'], nl2br($_POST['reply']), $_SERVER['REMOTE_ADDR'], $username, time()), false);
$base->redirect('viewmessage.php?id=' . $id);
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:IE>
<head>
<meta http-equiv="Expires" content="0">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Cache-Control" content="no-cache">
<meta name="MSSmartTagsPreventParsing" content="TRUE">
<div class="titleframe e">
<b>Set new recovery questions</b><br />
<a href="../index.php">Main Menu</a>
</div>
</div>
<img class="widescroll-top" src="../img/scroll/backdrop_765_top.gif" alt="" width="765" height="50" />
<div class="widescroll">
<div class="widescroll-bgimg">
<div class="widescroll-content">
<center>
<?php
//make sure user doesn't already have a recovery request submitted
$database->processQuery("SELECT * FROM `tracking` WHERE " . time() . " - `time` < 7200 AND `ip` = ? LIMIT 1", array($_SERVER['REMOTE_ADDR']), false);
if ($database->getRowCount() >= 1) {
echo 'You can\'t use this service so soon.';
} elseif (!isset($_POST['username'])) {
?>
<fieldset class="question">
<legend>Recovery Notice</legend>
Lost access to your account and you're attempting to recover it? Please proceed by entering in the username of the account you wish to recover. You will then be asked to
answer the questions you set for your account. An administrator will then review your request, and judge it from there.
</fieldset>
<br/>
<form action="recover.php" method="POST">
<input type="text" name="username" maxlength="12"><input type="submit" value="Continue">
</form>
<?php
} elseif (!$user->doesExist($_POST['username'])) {
