function getMessagesBefore($uid, $hash, $ruid, $limit, $before)
{
if (!checkCookies($uid, $hash)) {
return 3;
}
if (!($ruid > 0)) {
return 4;
}
if (!$this->hasUser($ruid)) {
return 5;
}
$beforeData = "AND `message`.`mid` < {$before} ";
if (!($before > 0)) {
$beforeData = "";
}
if (!($limit > 0)) {
return 6;
}
$query = "SELECT `users`.`fname` as `rfname`, `users`.`pic` as `rpic`, `last`.`sfname`, `last`.`spic`,`last`.`message`, `last`.`messageCreated`, `last`.`suid`, `last`.`mid`, `last`.`ruid` FROM (SELECT `users`.`fname` as `sfname`, `users`.`pic` as `spic`, `message`.`message`, `message`.`mid`, `message`.`messageCreated`, `message`.`suid`, `message`.`ruid` FROM `message`, `users` WHERE `users`.`uid` = `message`.`suid` {$beforeData}) AS `last`, `users` WHERE `users`.`uid`=`last`.`ruid` ORDER BY `last`.`messageCreated` ASC LIMIT {$limit};";
$messages = array();
if ($result = mysql_query($query)) {
while ($res = mysql_fetch_array($result)) {
$messages[$res["mid"]] = array("mid" => $res["mid"], "suid" => $res["suid"], "ruid" => $res["ruid"], "message" => $res["message"], "messageCreated" => $res["messageCreated"], "rfname" => $res["rfname"], "sfname" => $res["sfname"], "rpic" => getUserPic($res["rpic"]), "spic" => getUserPic($res["spic"]));
}
return $messages;
}
return 2;
}
function getUserById($uid, $hash, $userId)
{
if (!($uid > 0)) {
return -1;
}
if (!($userId > 0)) {
return -1;
}
if (!checkCookies($uid, $hash)) {
return -1;
}
$colsArray = array("users" => array(1, 2, 4, 5, 6, 7, 8));
$colStr = getSqlColumns($colsArray);
$query = "SELECT {$colStr} FROM `users` WHERE `uid`={$userId};";
$data = array();
if ($result = mysql_query($query)) {
while ($res = mysql_fetch_array($result)) {
$data["user"] = getSqlData($colsArray, $res);
}
}
$colsArray = array("item" => array(1, 3, 4, 11));
$colStr = getSqlColumns($colsArray);
$query = "SELECT {$colStr} FROM `item` WHERE `item`.`uid`={$userId};";
if ($result = mysql_query($query)) {
$inndata = array();
while ($res = mysql_fetch_array($result)) {
array_push($inndata, getSqlData($colsArray, $res));
}
$data["items"] = $inndata;
}
return $data;
}
function lendBook($uid, $hash, $itemId)
{
$this->checkItemId($itemId);
if (!checkCookies($uid, $hash)) {
return false;
}
$query = "UPDATE `borrow` SET `isAccepted`=1, `isReturned`=0 WHERE `iid` = {$itemId} AND `isReturned` = 1 AND `isAccepted` = 0;";
if (mysql_query($query)) {
return true;
}
return false;
}
function addComment($uid, $hash, $itemId, $com)
{
$check = $this->checkItemId($itemId);
$check = $check && $this->checkUserId($uid);
$com = $this->checkData($com);
if (!checkCookies($uid, $hash) || !$check) {
return false;
}
$query = "INSERT INTO `comment` (`iid`, `uid`, `comment`) VALUES ({$itemId}, {$uid}, '{$com}');";
if (mysql_query($query)) {
return true;
}
return false;
}
function addReply($uid, $hash, $itemId, $cid, $reply)
{
$check = $this->checkId($itemId);
$check = $check && $this->checkId($uid);
$check = $check && $this->checkId($cid);
$reply = $this->checkData($reply);
if (!checkCookies($uid, $hash) || !$check) {
return false;
}
$query = "INSERT INTO `replycomment` (`iid`, `uid`, `cid`, `reply`) VALUES ({$itemId}, {$uid}, {$cid}, '{$reply}');";
if (mysql_query($query)) {
return true;
}
return false;
}
function addRating($uid, $hash, $itemId, $rate)
{
$this->checkItemId($itemId);
$this->checkUserId($uid);
$rate = $this->makeRating($rate);
if (!checkCookies($uid, $hash)) {
return false;
}
$query = "UPDATE `rating` SET `rating`={$rate} WHERE `iid` = {$itemId} AND `uid`={$uid};";
if (!$this->hasRating($uid, $itemId)) {
$query = "INSERT INTO `rating` (`iid`, `uid`, `rating`) VALUES ({$itemId}, {$uid}, {$rate});";
}
if (mysql_query($query)) {
return true;
}
return false;
}
function getNotification($uid, $hash)
{
if (!($uid > 0)) {
return -1;
}
if (!checkCookies($uid, $hash)) {
return false;
}
$colsArray = array("borrow" => array(1, 2, 3, 4, 5, 6, 7), "item" => array(1, 3, 4));
$colStr = getSqlColumns($colsArray);
$query = "SELECT {$colStr} FROM `item`, `borrow` WHERE `borrow`.`iid`=`item`.`iid` AND `item`.`uid`={$uid} AND `item`.`status`=1;";
$data = array();
if ($result = mysql_query($query)) {
while ($res = mysql_fetch_array($result)) {
$data[$res["bid"]] = getSqlData($colsArray, $res);
}
}
return $data;
}
<?php
require 'reprofunctions.php';
dbgSquirt("============= Change Email ===============");
$result = checkCookies($forceLogin, $error, FALSE);
if (!$result || $forceLogin) {
// we got an error back that occurred while checkCookies was being run,
// or authentication failed. Either way, bounce them back to the login screen
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
$username = $_COOKIE['user'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
System: Repro
File: changeemail.php
Purpose: Allow an authenticated user to change the email address stored for them
Author: S. Chanin
-->
<html>
<head>
<link rel="stylesheet" type="text/css" href="repro_style.css" />
<title>Change Email</title>
</head>
<body>
<h1 class="title">Repro</h1>
<h1>Change Email</h1>
<hr />
function updateItemImage($uid, $hash, $iid, $imgId)
{
if (!($iid > 0)) {
return false;
}
if (!checkCookies($uid, $hash)) {
return false;
}
$query = "UPDATE `item` SET `itemImageSrc`='{$imgId}' WHERE `iid`={$iid} AND `uid` = {$uid};";
if (mysql_query($query)) {
return true;
}
return false;
}
if (isset($_GET['history'])){
echo history();
exit;
}
// Exit if there are no POST variables
if (!isset($_POST['reqType'])) doError('No reqType.');
if (isset($_SESSION['AdminLoggedIn'])) checkBanned();
$reqType = $_POST['reqType'];
switch($reqType) {
case 'init':
initVars();
checkCookies();
checkBanned();
echo newShouts(true);
break;
case 'shout':
$shoutText = $_POST['shout'];
$shoutName = $_POST['name'];
// Parse the message
if(!processCommand($shoutText))
shout($shoutName, $shoutText);
// Allow execution to flow into refresh
case 'refresh':
<?php
require 'reprofunctions.php';
dbgSquirt("============= userhome ===============");
// TODO
/* There is a bug here ... if a user has authenticated successfully (and hence
the cookies for username and passwordMD5 are set) and then they use BACK
to go back to the login page, enter some values for username and
password, and click login, then what they just typed will be ignored,
and they will remain logged in under their original credentials. */
// this variable controls whether the user is forced back to the main page to
// login. For safety, the default value is to force you back.
$forceLogin = TRUE;
$error = "";
$time = time();
if (!checkCookies($forceLogin, $error, TRUE)) {
// we got an error back that occurred while checkCookies was being run
dbgSquirt('Error from checkCookies');
header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?error={$error}");
exit;
}
// if the cookie's didn't pass authentication, or if the cookie's passed BUT
// we've received new values for POST that don't match on username (they did
// a BACK to the login page w/o a logout and then did a new login), then
// try to authenticate via the POSTED values been supplied.
if (isset($_POST['username']) && $_POST['username'] != $_COOKIE['user']) {
$forceLogin = TRUE;
}
if ($forceLogin) {
dbgSquirt('forceLogin is still true... checking post variables');
if (isset($_POST['username']) || isset($_POST['password'])) {
function checkCookieHash($uid, $hash)
{
if (!checkCookies($uid, $hash)) {
add_return_data(0, 4, "Uid, Hash Combination didn't match.");
}
}
