function session_hash(database $database, base $base, $username) { //generate new hash $session_hash = $base->randomString(35); //update old hash to new one (after checking the hahs doesn't exist) $database->processQuery("SELECT * FROM `users` WHERE `cookie` = ?", array($session_hash), false); if ($database->getRowCount() == 0) { $database->processQuery("UPDATE `users` SET `cookie` = ? WHERE `username` = ? LIMIT 1", array($session_hash, $username), false); return $session_hash; } else { session_hash(); } }
<?php require '../includes/config.php'; require '../structure/database.php'; require '../structure/base.php'; $database = new database($db_host, $db_name, $db_user, $db_password); $base = new base(); if (isset($_POST['qfc'])) { $thread = $database->processQuery("SELECT `id`,`parent` FROM `threads` WHERE `qfc` = ? LIMIT 1", array($_POST['qfc']), true); if ($database->getRowCount() >= 1) { $base->redirect('viewthread.php?forum=' . $thread[0]['parent'] . '&id=' . $thread[0]['id']); } } $base->redirect('index.php');
} //check if the POST has been edited, then adjust the $date variable accordingly if (empty($details['lastedit'])) { $date = $details['date']; } else { //get USERNAME:DATE/TIME $edit_details = explode('@', $details['lastedit']); $date = $details['date'] . '<br/>Last edit on ' . $edit_details[1] . ' by ' . $edit_details[0]; } //get forum details $forum_details = $database->processQuery("SELECT `title` FROM `forums` WHERE `id` = ?", array($f), true); //pagination $per_page = 10; //get # of pages $database->processQuery("SELECT * FROM `posts` WHERE `thread` = ?", array($i), false); $pages = $database->getRowCount() == 0 ? 1 : ceil($database->getRowCount() / $per_page); //get current page !ctype_digit($_GET['page']) || $_GET['page'] > $pages ? $page = 1 : ($page = $_GET['page']); //get next link $page < $pages ? $next = $page + 1 : ($next = $page); //get prev link $page - 1 >= 1 ? $prev = $page - 1 : ($prev = $page); //start $start = ($page - 1) * $per_page; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html xmlns:IE> <head> <meta http-equiv="Expires" content="0"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Cache-Control" content="no-cache">
?> </b><br /> <fieldset class="question"> <legend><?php echo stripslashes($poll_data[0]['poll_title']); ?> </legend> <table border="0" width="100%"> <?php //display the options and vote percentages $options = $database->processQuery("SELECT `id`,`option` FROM `poll_options` WHERE `belongs` = ? ORDER BY `id` ASC", array($id), true); foreach ($options as $option) { //get the number of people who chose the option $database->processQuery("SELECT * FROM `votes` WHERE `option_id` = ?", array($option['id']), false); //number of people that chose the option $times_chosen = $database->getRowCount(); $percentage = $times_chosen >= 1 ? round(100 * $times_chosen / $poll->getNumOfVotes($id)) : 0; ?> <tr> <td class="shield" style="width: auto;"> <?php echo $option['option']; ?> </td> <td style="width: auto;"> <img id="poll_left" src="../img/polls/poll_start_cap.gif"> <!-- Keep both of the below lines on the same line with each other, else a small graphical glitch will be conceived. --> <img id="poll_bg" style="height: 15px; width: <?php
<link href="css/basic-3.css" rel="stylesheet" type="text/css" media="all"> <link href="css/main/title-5.css" rel="stylesheet" type="text/css" media="all"> <link rel="shortcut icon" href="img/favicon.ico" /> <?php include 'includes/google_analytics.html'; ?> </head> <body> <div id="body"> <div> <div style="text-align: center; margin-bottom: 10px; position:relative;"> <img src="img/title2/rslogo3.gif" alt="RuneScape"><br> <?php $database->processQuery("SELECT * FROM `users`", array(), false); echo 'There are currently ' . number_format($database->getRowCount()) . ' people registered!'; ?> </div> </div> <div class="left"> <fieldset class="menu rs"> <legend><?php echo $data['wb_abbr']; ?> </legend> <ul> <?php if ($user->isLoggedIn()) { ?> <li class="i-create"><a href="logout.php">Logout</a></li> <li class="i-shop"><a href="donate.php">Donate</a></li>
//let's also make sure they have the right permissions to view the forum if ($forum->canView($f, $rank) == false) { $base->redirect('index.php'); } //check if a moderator is taking action against threads if (isset($_POST['action']) && isset($_POST['selection']) && $rank > 2) { //get all the threads we're going to update foreach ($_POST['selection'] as $object) { $threads .= $object . '-'; } //now send them off to action.php to update all the threads selected $base->redirect('action.php?forum=' . $f . '&action=' . $_POST['action'] . '&threads=' . $threads); } $forum_details = $database->processQuery("SELECT `icon`,`title`,`type` FROM `forums` WHERE `id` = ? LIMIT 1", array($f), true); //Check existence of the specified forum if ($database->getRowCount() == 0) { $base->redirect('index.php'); } //pagination $per_page = 20; //get # of pages $database->processQuery("SELECT * FROM `threads` WHERE `parent` = ?", array($f), false); $pages = ceil($database->getRowCount() / $per_page); //get current page !ctype_digit($_GET['page']) || $_GET['page'] > $pages ? $page = 1 : ($page = $_GET['page']); //get next link $page < $pages ? $next = $page + 1 : ($next = $page); //get prev link $page - 1 >= 1 ? $prev = $page - 1 : ($prev = $page); //start $start = ($page - 1) * $per_page;
</head> <div id="body"> <div style="text-align: center; background: none;"> <div class="titleframe e"> <b>Daily Screenshot</b><br /> <a href="index.php">Main Menu</a> </div> </div> <br/> <br/> <div class="titleframe e" style="text-align:left; color:white; width:750px; margin-left:auto; margin-right:auto;"> <?php //pagination for daily screenshots - newest to oldest $database->processQuery("SELECT * FROM `dailyscreenshots`", array(), false); $pages = $database->getRowCount(); if ($pages == 0) { echo 'No screenshots to display.'; } else { //set basic variables $page = $_GET['page'] > $pages || $_GET['page'] == 0 || !isset($_GET['page']) ? 1 : $_GET['page']; $start = ($page - 1) * 1; if ($page < $pages) { ?> <div style="float:right;"><a href="?page=<?php echo $page + 1; ?> ">Older Screenshot ></a> <a href="?page=<?php echo $pages; ?> ">Oldest Screenshot >></a></div> <?php
function delete($id, database $database, $rank) { //this is an administrator only feature if ($rank > 3) { //make sure it exists $database->processQuery("SELECT * FROM `threads` WHERE `id` = ? LIMIT 1", array($id), false); if ($database->getRowCount() == 1) { //delete thread $database->processQuery("DELETE FROM `threads` WHERE `id` = ? LIMIT 1", array($id), false); //delete all posts the thread had $database->processQuery("DELETE FROM `posts` WHERE `thread` = ?", array($id), false); } } }
<img class="widescroll-top" src="../img/scroll/backdrop_765_top.gif" alt="" width="765" height="50" /> <div class="widescroll"> <div class="widescroll-bgimg"> <div class="widescroll-content"> <div id="black_fields"> There is a total of <?php echo $base->userCount(); ?> registered users. <?php //get the # of users $database->processQuery("SELECT * FROM `users`", array(), false); //pagination $per_page = 25; $pages = ceil($database->getRowCount() / $per_page); //current page $page = $_GET['page'] < 1 || $_GET['page'] > $pages || !ctype_digit($_GET['page']) ? 1 : $_GET['page']; //where to start at when extracting $start = ($page - 1) * $per_page; //query to draw user list $users = $database->processQuery("SELECT `username` FROM `users` ORDER BY `username` ASC LIMIT {$start},{$per_page}", array(), true); ?> <table cellspacing="4" cellpadding="3"> <?php //place holder $ph = 0; foreach ($users as $user) { $ph++; echo '<tr><td><font size="3"><b>#' . $ph . ':</b> ' . $user['username'] . '</font></td></tr>';
<tr><td>Delete threads</td><td><input type="checkbox" name="threads" value="1"></td></tr> <tr><td>Done?</td><td><input type="submit" value="Delete!"></td></tr> </table> </form> </div> <?php } else { $selected_user = $_POST['username']; if ($user->getRank($selected_user) > 1) { echo 'You can\'t delete posts by a fellow staff member. <input type="button" value="Back" onclick="goBack()" />'; } else { if (isset($_POST['posts'])) { $database->processQuery("DELETE FROM `posts` WHERE `username` = ?", array($selected_user), false); } $affected = $database->getRowCount(); if (isset($_POST['threads'])) { $threads = $database->processQuery("SELECT `id` FROM `threads` WHERE `username` = ?", array($selected_user), true); //delete all posts in the threads the user mades foreach ($threads as $thread) { $database->processQuery("DELETE FROM `posts` WHERE `thread` = ?", array($thread['id']), false); $affected += $database->getRowCount(); } //delete the thread now $database->processQuery("DELETE FROM `threads` WHERE `username` = ?", array($selected_user), false); $affected += $database->getRowCount(); } $affected += $database->getRowCount(); if ($affected == 0) { echo 'No posts or threads were deleted. Are you sure they exist?'; } else {
<?php require '../includes/config.php'; require '../structure/database.php'; $database = new database($db_host, $db_name, $db_user, $db_password); /* * this file is for addforum.php's and editforum.php's AJAX requests */ if (isset($_GET['cat'])) { //id of the category $cat = $_GET['cat']; $database->processQuery("SELECT * FROM `cats` WHERE `id` = ?", array($cat), false); if ($database->getRowCount() > 0) { $query = $database->processQuery("SELECT `pos` FROM `forums` WHERE `parent` = ? ORDER BY `pos` DESC LIMIT 0,1", array($cat), true); echo $query[0]['pos'] + 1; } }
</div> <br/> <div id="msg_c_container"> <div id="t_container"> <img src="../img/msgcenter/received.gif"> <div id="t_container_bottom"> <?php //get new replies //administrators should receive ALL newly created conversations that aren't closed/solved, so they can reply to them if ($rank < 4) { $new = $database->processQuery("SELECT `id`,`title`,`date` FROM `messages` WHERE (`opened` = '0' AND `receiver` = ?) OR (`opened` = 0 AND `receiver` = '*') AND " . time() . " - `timestamp` < '7889231' ORDER BY `date` DESC", array($username), true); } else { $new = $database->processQuery("SELECT `id`,`title`,`date` FROM `messages` WHERE (`opened` = 0 AND `receiver` = ?) OR (`lastreply` <> ? AND `receiver` = '!' AND `status` = 0) AND " . time() . " - `timestamp` < '7889231' ORDER BY `date` DESC", array($username, $username), true); } if ($database->getRowCount()) { foreach ($new as $message) { ?> <table> <tr> <td width="15%"><a href="viewmessage.php?id=<?php echo $message['id']; ?> "><?php echo stripslashes($message['title']); ?> </a></td> <td width="5%"><?php echo $msgcenter->getReplies($message['id']); ?> </td>
require '../structure/database.php'; require '../structure/base.php'; require '../structure/user.php'; require '../structure/user.register.php'; $database = new database($db_host, $db_name, $db_user, $db_password); $base = new base($database); $user = new user($database); $register = new user_register($database); //preform basic checks before loading page if ($user->isLoggedIn()) { $base->redirect('../index.php'); } //lets check if they already have three accounts (max # of accs per ip) $database->processQuery("SELECT * FROM `users` WHERE `ip` = ?", array($_SERVER['REMOTE_ADDR']), false); //0: no error 1: error $err = $database->getRowCount() >= 3 ? 2 : 0; if (isset($_POST['age']) && isset($_POST['country'])) { if (!in_array($_POST['age'], array('Below 13', '13-18', '19-24', '25-30', '31-36', '36-39', '40+')) || !ctype_digit($_POST['country'])) { $err = 1; } else { $_SESSION['age'] = $_POST['age']; $_SESSION['country'] = $_POST['country']; $base->redirect('username.php'); } } else { $register->clear(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head>
function qfc(database $database) { $qfc = rand(0, 9) . '-' . rand(0, 9) . '-' . rand(1000, 9999) . '-' . rand(10000, 19999); //make sure this qfc doesn't already exist (even though it's not likely to happen) $database->processQuery("SELECT * FROM `threads` WHERE `qfc` = ?", array($qfc), false); if ($database->getRowCount() >= 1) { qfc(); } else { return $qfc; } }
if (strlen($_POST['keywords']) < 3) { echo '<b>Your search term must be at least 3 characters.</b>'; } else { if ($_POST['forum'] == 'all') { $query = $database->processQuery("SELECT `id`,`title`,`parent`,`date` FROM `threads` WHERE `title` LIKE ? ORDER BY `date` DESC", array('%' . $_POST['keywords'] . '%'), true); } else { $query = $database->processQuery("SELECT `id`,`title`,`parent`,`date` FROM `threads` WHERE `title` LIKE ? AND parent = ? ORDER BY `date` DESC", array('%' . $_POST['keywords'] . '%', $_POST['forum']), true); } ?> <div id="pack_results"> <b>Results for "<?php echo htmlentities($_POST['keywords'], ENT_NOQUOTES); ?> " (<?php echo $database->getRowCount(); ?> )</b><br/><table cellpadding="3" cellspacing="0"> <?php foreach ($query as $result) { $forum = $database->processQuery("SELECT `title` FROM `forums` WHERE `id` = ?", array($result['parent']), true); //put on a separate line as having it in the echo would be too long $title = '<a href="viewthread.php?forum=' . $result['parent'] . '&id=' . $result['id'] . '">' . $result['title'] . '</a>'; echo '<tr><td align="left"><img src="../img/forum/sword_five.png"></td><td align="left">' . $result['date'] . '</td><td align="left">' . $title . ' in forum <a href="viewforum.php?forum=' . $result['parent'] . '">' . $forum[0]['title'] . '</a></td></tr>'; } ?> </table> </div> <?php }
<center> <?php if (!isset($_GET['tracking_id'])) { ?> <fieldset class="question"> <legend>Track</legend> Please enter in the the tracking ID you were given. </fieldset> <form action="track.php" method="GET"> <input type="text" name="tracking_id" maxlength="12"><input type="submit" value="Track"> </form> <?php } else { $info = $database->processQuery("SELECT `status`,`ip`,`account` FROM `tracking` WHERE `tracking_id` = ?", array($_GET['tracking_id']), true); if ($database->getRowCount() == 0) { echo 'No recovery request exists with this tracking ID. <input type="button" value="Back" onclick="goBack()" />'; } elseif ($_SERVER['REMOTE_ADDR'] != $info[0]['ip']) { echo 'This isn\'t yours to check. <input type="button" value="Back" onclick="goBack()" />'; } elseif ($info[0]['status'] == 1) { if (!isset($_POST['password']) || !isset($_POST['confirm'])) { ?> <fieldset class="question"> <legend>Accepted</legend> Your recovery was accepted. Please enter in the new details of your account. </fieldset> <form action="track.php?tracking_id=<?php echo $_GET['tracking_id']; ?>
<tr><td></td><td align="left"><input type="submit" class="button" value="Create"></td></tr> </table> </form>'; } elseif (strlen($_POST['reply']) > 2000 || strlen($_POST['title']) > 50) { $content = 'Your reply cannot be greater than 2000 characters; your title cannot be greater than 50 characters. <input type="button" class="button" value="Back" onclick="goBack()" />'; } elseif (strlen($_POST['reply']) == 0 || strlen($_POST['title']) == 0) { $content = 'Either your message contents or title is empty. <input type="button" class="button" value="Back" onclick="goBack()" />'; } else { if ($rank < 4) { $receiver = '!'; } else { $receiver = isset($_POST['mass_message']) ? '*' : $_POST['receiver']; } //verify the selected user exists $database->processQuery("SELECT * FROM `users` WHERE `username` = ?", array($receiver), false); if ($database->getRowCount() == 0 && $receiver != '!' && $receiver != '*') { $content = 'The chosen user does not exist. <input type="button" class="button" value="Back" onclick="goBack()" />'; } else { //create conversation $database->processQuery("INSERT INTO `messages` VALUES (null, ?, ?, ?, ?, ?, NOW(), '0', '0', ?, ?)", array($username, $receiver, $_POST['title'], nl2br($_POST['reply']), $_SERVER['REMOTE_ADDR'], $username, time()), false); $base->redirect('viewmessage.php?id=' . $id); } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html xmlns:IE> <head> <meta http-equiv="Expires" content="0"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Cache-Control" content="no-cache"> <meta name="MSSmartTagsPreventParsing" content="TRUE">
<div class="titleframe e"> <b>Set new recovery questions</b><br /> <a href="../index.php">Main Menu</a> </div> </div> <img class="widescroll-top" src="../img/scroll/backdrop_765_top.gif" alt="" width="765" height="50" /> <div class="widescroll"> <div class="widescroll-bgimg"> <div class="widescroll-content"> <center> <?php //make sure user doesn't already have a recovery request submitted $database->processQuery("SELECT * FROM `tracking` WHERE " . time() . " - `time` < 7200 AND `ip` = ? LIMIT 1", array($_SERVER['REMOTE_ADDR']), false); if ($database->getRowCount() >= 1) { echo 'You can\'t use this service so soon.'; } elseif (!isset($_POST['username'])) { ?> <fieldset class="question"> <legend>Recovery Notice</legend> Lost access to your account and you're attempting to recover it? Please proceed by entering in the username of the account you wish to recover. You will then be asked to answer the questions you set for your account. An administrator will then review your request, and judge it from there. </fieldset> <br/> <form action="recover.php" method="POST"> <input type="text" name="username" maxlength="12"><input type="submit" value="Continue"> </form> <?php } elseif (!$user->doesExist($_POST['username'])) {