header('Pragma: no-cache'); require 'shared.php'; if (isset($_GET['action'])) { $action = $_GET['action']; } if (isset($action) && $action == "logout") { logout(); show_message_redirect_back("Logged out"); } else { $username = mysql_escape_string(htmlentities(trim($_POST['username']))); $password = $_POST['password']; $info = check_login($username, $password); if (!$info) { show_error_redirect_back("Login failed"); } else { show_message_redirect_back("Logged in"); } } # Functions # NOTE: USERNAME HAS TO BE SANITIZED BEFORE ENTERING! function check_login($username, $password, $remember = true) { $db = get_db_read(); # Get the salt and check if the user exists at the same time $result = try_mysql_query("SELECT salt FROM users WHERE username = '******'", $db); if (mysql_num_rows($result) != 1) { return null; } $row = mysql_fetch_assoc($result); $salt = $row['salt']; mysql_free_result($result);
# header('Pragma: no-cache'); require_once 'shared.php'; # Make a connection to the database $db_read = get_db_read(); $db_write = get_db_write(); if (!$me) { redirect("index.php"); } if (isset($_POST['category']) == false) { redirect("index.php"); } $category = mysql_escape_string(htmlentities(trim($_POST['category']))); $private = isset($_POST['private']) ? '1' : '0'; if (validate_category($category) == false) { show_error_redirect_back("Please enter a valid category name (between 3 and {$max_length_category} characters)"); } $result = try_mysql_query("SELECT * FROM categories WHERE name = '{$category}' AND user_id = '" . $me['user_id'] . "'", $db_read); if (mysql_num_rows($result) > 0) { show_error_redirect_back('Error: you already have a category with that name!'); } try_mysql_query("INSERT INTO categories (user_id, name, private, date_created, last_updated, last_updated_public) VALUES (" . $me['user_id'] . ", '{$category}', '{$private}', NOW(), 0, 0)", $db_write); $category_id = mysql_insert_id($db_write); try_mysql_query("UPDATE users SET last_category='{$category_id}' WHERE user_id='" . $me['user_id'] . "'", $db_write); show_message_redirect_back("Category successfully created!"); ?>
if ($action == 'authorize') { if (isset($user_id) == false) { show_error_redirect_back('No user_id specified'); } try_mysql_query("UPDATE users SET authorized='1' WHERE user_id='{$user_id}'", $db_write); show_message_redirect_back("User successfully authorized."); } else { if ($action == 'promote') { if (isset($user_id) == false) { show_error_redirect_back('No user_id specified'); } try_mysql_query("UPDATE users SET admin='1' WHERE user_id='{$user_id}'", $db_write); show_message_redirect_back("User successfully granted admin privilidges"); } else { if ($action == 'demote') { if (isset($user_id) == false) { show_error_redirect_back('No user_id specified'); } try_mysql_query("UPDATE users SET admin='0' WHERE user_id='{$user_id}'", $db_write); show_message_redirect_back("User successfully revoked admin privilidges"); } else { show_error_redirect_back("Unknown action"); } } } ?>
show_error_redirect_back("Please enter a username made up of 3 - 14 alpha-numeric characters"); } if (validate_password($password) == false) { show_error_redirect_back("Please enter a password that is at least 6 characters (it's for your own protection!)"); } if (validate_email($email) == false) { show_error_redirect_back("Please enter a valid email address"); } # Check if the username is being used $result = try_mysql_query("SELECT * FROM users WHERE username='******'", $db_read); if (mysql_num_rows($result) > 0) { show_error_redirect_back("Sorry, that username is already in use."); } mysql_free_result($result); # Check if the email address is already used $result = try_mysql_query("SELECT * FROM users WHERE email='" . $email . "'", $db_read); if (mysql_num_rows($result) > 0) { show_error_redirect_back("Sorry, that email address is already in use."); } mysql_free_result($result); # Generate the salt and hash the password $salt = generate_salt(); $hashed_password = hash_password($password, $salt); try_mysql_query("INSERT INTO users (username, password, salt, email, date_registered, authorized, admin, last_updated, last_updated_public, notify_comments, notify_pictures) VALUES ('{$username}', '{$hashed_password}', '{$salt}', '{$email}', NOW(), '{$require_authorization}', '{$admin}', '0', '0', '{$notify_comments}', '{$notify_pictures}')", $db_write); show_message_redirect_back("Account created! Please log in."); ?>