function auto_login() { if (!isset($_SESSION['valid_user']) && isset($_COOKIE['active']) && $_COOKIE['active'] == 1) { $token = input_clean($_COOKIE['token']); $selector = input_clean($_COOKIE['selector']); if (!($db = db_connect())) { echo "<br><br><br>Database Error"; exit; } else { $selector = mysqli_real_escape_string($db, $selector); $hToken = crypt($token, "\$5\$"); $query = "select user_id, user_name,token from user\n where selector=?"; $stmt = $db->prepare($query); $stmt->bind_param('s', $selector); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 0) { $stmt->bind_result($user_id, $user_name, $token); $stmt->fetch(); if (hash_equals($hToken, $token)) { $_SESSION['valid_user'] = $user_name; $_SESSION['user_id'] = $user_name; } else { setcookie('active', null, time() - 3600); setcookie('token', null, time() - 3600); setcookie('selector', null, time() - 3600); } } } } }
function input($message) { echo $message; $handle = fopen("php://stdin", "r"); $line = fgets($handle); $line = input_clean($line); return $line; }
header("Location: discussion.php?dis_id={$dis_id_verified}"); } } if (!($db = db_connect())) { echo "Database error<br>"; exit; } if (isset($_POST['submit2'])) { $query = 'CALL delete_discussion (?)'; $stmt = $db->prepare($query); $stmt->bind_param('i', $dis_id_verified); $stmt->execute(); header("Location: show_parent_cat.php"); } /*****************DISPLAY FORM***********************/ $username = input_clean($_SESSION['valid_user']); $query = 'select user_type, ban_flag, f_name, m_name, l_name, bio, email, date_joined, com_count, dis_count, upvote_count, downvote_count from user where user_name=?'; $stmt = $db->prepare($query); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($user_type, $ban_flag, $f_name, $m_name, $l_name, $bio, $email, $date_joined, $com_count, $dis_count, $up_count, $down_count); $stmt->fetch(); ?> <div class ='row'> <div class='columns panel text-center large-8 large-centered medium-8 medium-centered small-10 small-centered '> <h2 style='color: #008cbb'>Editing <?php
<?php include_once 'lib.php'; if (isset($_POST['user_id'])) { if (!($db = db_connect())) { echo "Database error"; exit; } $commentText = mysqli_real_escape_string($db, input_clean($_POST['text'])); $user_id = input_clean($_POST['user_id']); $com_id = input_clean($_POST['com_id']); $comUpdate = "update com set com_text=? where com_id=?"; $stmt = $db->prepare($comUpdate); $stmt->bind_param('si', $commentText, $com_id); $stmt->execute(); $userEditCom = "update user_edit_com set edit_date=now() where user_id=?"; $stmt = $db->prepare($userEditCom); $stmt->bind_param('i', $user_id); $stmt->execute(); $return = array(); $return['text'] = $commentText; echo json_encode($return); }
<?php /* discussion_vote.php */ include_once 'lib.php'; $user_id = intval(input_clean($_POST['user_id'])); $dis_id = intval(input_clean($_POST['dis_id'])); $vote = intval(input_clean($_POST['vote'])); $return = array(); //check if row exists in user_vote_dis //if not, add to either upvote_count or downvote_count in discussion $vote_query = "select vote from user_vote_dis \n where user_id=?\n and dis_id=?"; if (!($db = db_connect())) { echo "<br><br><br>Database Error"; exit; } $user_id = mysqli_real_escape_string($db, $user_id); $dis_id = mysqli_real_escape_string($db, $dis_id); $stmt = $db->prepare($vote_query); $stmt->bind_param('ii', $user_id, $dis_id); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($old_vote); if ($stmt->num_rows > 0) { //If they have previously voted on this comment $stmt->fetch(); $stmt->close(); if ($old_vote == $vote) { //Delete row from user_vote_dis $delete = "delete from user_vote_dis where user_id = ? and dis_id = ?";
</div> </div> </div> <!-------------------------------DISPLAY existing categories----------------------------------> <div class='row'> <div class='columns panel text-left large-8 medium-8 small-10 small-centered '> <h3 style='color: #008cbb'> Existing Discussions in this Category: </h3><br> <div class='row'> <div class='large-12 medium-12 small-10 columns'> <?php /********** Query about Existing Discussions *******/ $discussion_flag = true; $parent_cat = input_clean($_GET['cat_id']); $query2 = 'select * from cat_cont_dis AS c, discussion AS d where c.cat_id = ? AND c.dis_id = d.dis_id'; $stmt = $db->prepare($query2); if ($stmt) { $stmt->bind_param('i', $parent_cat); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($cat_id, $dis_id1, $dis_id2, $dis_name2, $dis_text, $dis_flag, $upvote_count, $downvote_count); while ($stmt->fetch()) { echo "<h3> {$dis_name2}</h3>"; } } else { echo "<h1>Error</h1>"; } $stmt->close(); ?>
<?php include_once 'lib.php'; if (isset($_POST['username'])) { if (!($db = db_connect())) { echo "Database error"; exit; } $commentText = mysqli_real_escape_string($db, input_clean($_POST['commentText'])); $user_id = input_clean($_POST['user_id']); $dis_id = input_clean($_POST['dis_id']); $parent_parent_com_id = input_clean($_POST['parent_com_id']); $parent_com_id = input_clean($_POST['com_id']); /********************** INSERT INTO COM *******************/ if ($parent_com_id == 1) { $comInsert = "Insert into com (com_level, \n com_text ,parent_com_id) values (1,?,1)"; } else { $comInsert = "Insert into com (com_level, com_text ,\n parent_com_id) values (2,?,{$parent_com_id})"; } $stmt = $db->prepare($comInsert); $stmt->bind_param('s', $commentText); $stmt->execute(); /************************************************************/ $com_id = mysqli_insert_id($db); $comInsert = "Insert into user_edit_com (user_id, com_id, edit_date, edit_type) \n values (?,?,'" . date('Y-m-d H:i:s') . "',0)"; $stmt = $db->prepare($comInsert); $stmt->bind_param('ii', $user_id, $com_id); $stmt->execute(); $comInsert = "Insert into dis_cont_com values (?,?)"; $stmt = $db->prepare($comInsert); $stmt->bind_param('ii', $dis_id, $com_id);
<?php include_once 'lib.php'; define('LENGTH', 8); if (isset($_POST['password'])) { if (empty($_POST['password']) || $_POST['password'] == '') { echo 'Choose a password'; exit; } $pwd = input_clean($_POST['password']); check_password($pwd); } /******************/ function check_password($pass) { $length = constant('LENGTH'); $size = strlen($pass); $error = ''; if ($size < $length) { $error = 'Too short'; } if ($size >= $length) { $error = 'Great!'; } if (!preg_match('/[0-9]+/', $pass)) { $error = "Invalid password"; } if (!preg_match('/[\\W]+/', $pass)) { $error = "Invalid password"; } if (!preg_match('/[A-Z]+/', $pass)) {
$hashed = crypt($pwd, '$6$' . $salt); $query = 'select user_id, selector from user where user_name=? and hashed_pwd=?'; $stmt = $db->prepare($query); $stmt->bind_param('ss', $username, $hashed); $stmt->execute(); $stmt->store_result(); $num_rows = $stmt->num_rows; if ($num_rows > 0) { $stmt->bind_result($user_id, $selector); $stmt->fetch(); $_SESSION['valid_user'] = $username; $_SESSION['user_id'] = $user_id; /******* COOKIE STUFF *********/ if (isset($_POST['rememberMe'])) { $rememberMe = input_clean($_POST['rememberMe']); if (input_clean($_POST['rememberMe']) == 'yes') { $exp = time() + 86400 * 30; $token = gen_token(); /**/ setcookie("selector", $selector, $exp); setcookie("token", $token, $exp); setcookie("active", true, $exp); /**/ $hToken = crypt($token, "\$5\$"); $updateToken = "Update user set token='{$hToken}' where user_id={$user_id}"; $st = $db->prepare($updateToken); if (!$st->execute()) { echo "<br><br><br>Error"; exit; } $st->close();
<?php include_once 'lib.php'; if (isset($_POST['username'])) { if (!($db = db_connect())) { echo "Database error"; exit; } $user_id = input_clean($_POST['user_id']); $dis_id = input_clean($_POST['dis_id']); $bookInsert = "Delete from bookmarked \n where user_id=? and dis_id=?"; $stmt = $db->prepare($bookInsert); $stmt->bind_param('ii', $user_id, $dis_id); $stmt->execute(); /************************************************************/ }
<script src="js/vendor/modernizr.js"></script> </head> <body> <?php include_once 'header.php'; /********** Boolean Flags *********/ $cat_search_executed = false; /******** If the form has been submitted *******/ if (isset($_POST['submit2'])) { $searchstat = true; if (!isset($_POST['search_field']) || empty($_POST['search_field'])) { $searchstat = false; echo "enter something!"; } else { $cat_input_search = input_clean($_POST['search_field']); if (!preg_match('/^[a-zA-Z-]+$/', $cat_input_search)) { $searchstat = false; } } if ($searchstat) { if (!($db = db_connect())) { echo 'Database error<br>'; exit; } ?> <br><br><br> <div class="row"> <div class='columns panel text-center large-11 large-centered medium-11 medium-centered small-11 small-centered'>
} $query = 'select user_id from reset_password where hash = ?'; $stmt = $db->prepare($query); $stmt->bind_param('s', $passedhash); // echo "<br><br><br> $passedhash"; $stmt->execute(); $stmt->store_result(); $stmt->bind_result($userid); $stmt->fetch(); if ($userid == 0) { header("Location: https://www.cs.csubak.edu/~quadcore/Forum/"); } //echo "<br><br><br> $userid"; if ($userid != 0) { //$username = mysqli_real_escape_string($db, input_clean($_POST['username'])); $pwd = mysqli_real_escape_string($db, input_clean($_POST['password'])); $query = 'Update user set hashed_pwd = ?, salt = ? where user_id = ?'; //$query2 = 'Update salt=? from user where user_name = ?'; $fp = fopen('/dev/urandom', 'r'); $random = fread($fp, 32); fclose($fp); $salt = base64_encode($random); $hashed = crypt($pwd, '$6$' . $salt); $salt = mysqli_real_escape_string($db, $salt); $hashed = mysqli_real_escape_string($db, $hashed); //echo "$username ** $pwd ** $hashed ** $salt"; $stmt = $db->prepare($query); $stmt->bind_param('sss', $hashed, $salt, $userid); if (!$stmt->execute()) { echo 'Failure to save to database'; $stmt->close();
$categoryname = input_clean($_POST['categoryname']); } /******** Category Text Input ************/ if (!isset($_POST['categorytext']) || empty($_POST['categorytext'])) { $categorytext_flag = false; } else { $categorytext = input_clean($_POST['categorytext']); } if ($category_flag && $categorytext_flag) { if (!($db = db_connect())) { echo "<h4>Database Error!!<br>"; exit; } /************** Insert in Database -- Category **************/ $insert_pid = input_clean($_POST['parent_cat_id_post']); $insert_level = input_clean($_POST['cat_level_post']); $query = 'Insert into category (cat_name,cat_level,cat_text,parent_cat_id) values (?,?,?,?)'; $stmt = $db->prepare($query); $categoryname = mysqli_real_escape_string($db, $categoryname); $categorytext = mysqli_real_escape_string($db, $categorytext); $stmt->bind_param('sisi', $categoryname, $insert_level, $categorytext, $insert_pid); if (!$stmt->execute()) { echo '<br><br><br>Error with Insertion!!<br>'; $stmt->close(); $db->close(); exit; } $stmt->close(); /************** Insert in Database -- Category **************/ /* $cat_id2 = mysqli_insert_id($db);
<?php include_once 'lib.php'; if (isset($_POST['username'])) { if (!($db = db_connect())) { echo "Database error"; exit; } $username = mysqli_real_escape_string($db, input_clean($_POST['username'])); $query = 'select * from user where user_name=?'; $stmt = $db->prepare($query); $stmt->bind_param('s', $username); $stmt->execute(); $stmt->store_result(); $num_rows = $stmt->num_rows; if ($num_rows > 0) { echo 'Username taken'; } if ($num_rows == 0 && !empty($username)) { echo 'Username available!'; } $stmt->close(); $db->close(); } if (empty($_POST['username'])) { echo 'Choose a username'; }
</div> </div> </div> </div> <!-------------------------------DISPLAY existing categories----------------------------------> <div class='row'> <div class='columns panel text-left large-8 medium-8 small-10 small-centered '> <h3 style='color: #008cbb'> Existing Categories at Current Level: </h3><br> <div class='row'> <div class='large-12 medium-12 small-10 columns'> <?php /********** Get information about the existing categories ***********/ $passed_cat_level = input_clean($_GET['cat_level']); $query = 'select * from category where cat_level=?'; $stmt = $db->prepare($query); $stmt->bind_param('i', $passed_cat_level); $stmt->execute(); $stmt->store_result(); $stmt->bind_result($cat_id2, $cat_name2, $cat_level2, $cat_text2, $parent_cat_id2); while ($stmt->fetch()) { echo "<h3>{$cat_name2}</h3>"; } ?> </div> </div> </div>