/** * verify_email * * takes the posted email address and securely * checks it against emails currently stored in the database * returns true or false * * @param string $email * @return bool 1/0 */ function bouncer_verify_email($email) { global $pre; if (empty($email)) { return false; } $conn = author_connect(); // grab existing list of email addresses $query = "SELECT " . constant($pre . 'EMAIL') . " as emails\n\t\t\t\tFROM " . constant($pre . 'USER_TBL'); $result = $conn->query($query); $data = array(); // create array of existing email addresses while ($row = $result->fetch_assoc()) { $data[] = strtolower($row['emails']); } $result->close(); // check posted email address exists - if not bounce user immediately $email = strtolower($email); if (in_array($email, $data)) { return true; } else { // reset cookies setcookie($pre . '_c_user', '', time() - 1, "/"); setcookie($pre . '_c_key', '', time() - 1, "/"); // generate error message return false; } }
function split_attachments() { $conn = author_connect(); $query = "SELECT articleID, map_attachments\n\t\t\t\t\tFROM ww_articles\n\t\t\t\t\tWHERE map_attachments > 0"; $result = $conn->query($query); $attach_data = array(); while ($row = $result->fetch_assoc()) { $attachments = explode(',', $row['map_attachments']); $article = $row['articleID']; foreach ($attachments as $attach) { $newattach['article_id'] = $article; $newattach['attachment_id'] = $attach; $attach_data[] = $newattach; } } // insert data foreach ($attach_data as $attachment) { $insert = "INSERT INTO attachments_map (attachment_id, article_id) \n\t\t\t\t\t\tVALUES (" . (int) $attachment['attachment_id'] . ", " . (int) $attachment['article_id'] . ")"; $result = $conn->query($insert); } return; }
} } } // edit custom tag if (isset($_POST['update_custom_setting'])) { $conn = author_connect(); $custom_update = "\n\t\t\tUPDATE settings SET \n\t\t\t\tproperty_name='" . $conn->real_escape_string($_POST['property_name']) . "', \n\t\t\t\tproperty_value='" . $conn->real_escape_string($_POST['property_value']) . "' \n\t\t\tWHERE id = " . (int) $_POST['id']; $custom_result = $conn->query($custom_update); if (!$custom_result) { $messages = $conn->error; } } // insert meta tag if (isset($_POST['insert_meta']) || isset($_POST['insert_custom'])) { if (!empty($_POST['property_name']) && !empty($_POST['property_value'])) { $conn = author_connect(); $insert = "\n\t\t\t\tINSERT INTO settings \n\t\t\t\t\t(element_name, property_name, property_value, formtype, summary)\n\t\t\t\t\tVALUES\n\t\t\t\t\t(\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['element_name']) . "',\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['property_name']) . "',\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['property_value']) . "',\n\t\t\t\t\t'custom',\n\t\t\t\t\t'" . $conn->real_escape_string($_POST['summary']) . "'\n\t\t\t\t\t)"; $result = $conn->query($insert); if (!$result) { $messages = $conn->error; } } } // any functions /** * admin_get_settings * * * */ function admin_get_settings()
/** * drop_column * * drops the specified column from the table * */ function drop_column($table, $column) { $check = check_table($table, $column); if ($check === false) { return 'Column ' . $column . ' NOT found in table ' . $table . '<br />'; } $conn = author_connect(); $query = "ALTER TABLE " . $table . " DROP " . $column; $conn->query($query); if ($conn->error) { return 'error: ' . $conn->error . '<br />'; } if (!$conn->error) { return 'Dropped column ' . $column . ' from table ' . $table . '<br />'; } }
/** * delete_link * * * * * * */ function delete_link($link_id) { if (empty($link_id)) { return false; } $conn = author_connect(); $query = "DELETE FROM links WHERE id = " . (int) $link_id; $result = $conn->query($query); if (!$result) { return $conn->error; } else { return true; } }
/** * serve attachment() * * serves an attachment and updates counter * * @param int/string $url2 if only url2 is provided this should be the database id of the file * @param string $url3 if provided this should be the filename * */ function serve_attachment($id) { // database connection $conn = author_connect(); // validate id $id = (int) $id; if (empty($id)) { return; } // get attachment details $file = get_attachment($id); // update counter $query = "UPDATE attachments \n\t\t\t\t\t\tSET downloads = downloads+1 \n\t\t\t\t\t\tWHERE id = " . $id; $conn->query($query); // serve attachment $file_to_download = WW_ROOT . "/ww_files/attachments/" . $file['ext'] . "/" . $file['filename']; header('Content-Type: ' . $file['mime'] . ''); header('Content-Disposition: attachment; filename=' . $file['filename'] . ''); // update download counter readfile($file_to_download); $result->close(); return; }
/** * change_password * */ function change_password() { global $pre; $error = array(); // check all fields are supplied if (empty($_POST['auth']) || empty($_POST['key']) || empty($_POST['newpass']) || empty($_POST['confirmpass'])) { $error[] = '<p>All fields need to be filled in</p>'; } $auth = trim($_POST['auth']); $key = trim($_POST['key']); $newpass = trim($_POST['newpass']); $confirmpass = trim($_POST['confirmpass']); // check entered passwords match $pass_len = strlen($newpass); if ($pass_len < 8) { $error[] = '<p>Password needs to be at least 8 characters long</p>'; } if ($newpass != $confirmpass) { $error[] = '<p>Passwords don\'t match</p>'; } // return errors if any if (!empty($error)) { $errors = implode(',', $error); return $errors; } // get database data for confirmation $conn = author_connect(); $query = "\n\t\t\t\tSELECT \n\t\t\t\t\t" . WW_ID . ", " . WW_EMAIL . ", \n\t\t\t\t\t" . WW_PASS . ", " . WW_LAST_SESS . "\n\t\t\t\tFROM " . WW_USER_TBL . " \n\t\t\t\tWHERE " . WW_PASS . " = '" . $conn->real_escape_string($auth) . "'"; $result = $conn->query($query); $user_data = $result->fetch_assoc(); // compare data - check auth code and time limit $limit = 3600; $passcheck = strcmp($auth, $user_data[WW_PASS]) == 0 ? 1 : 0; if (empty($passcheck)) { $error[] = 'The auth code is incorrect'; } $sess = $user_data[WW_LAST_SESS]; $author_id = $user_data[WW_ID]; $author_email = $user_data[WW_EMAIL]; $time = $sess / $key; $time_now = time(); if ($time_now - $time > $limit) { $error[] = 'Time limit expired - password needs to be changed within one hour of reset'; } // return errors if any if (!empty($error)) { $errors = implode(',', $error); return $errors; } // finally we creat the new password //$len = 2 * (strlen($newpass)); //$salt = substr(md5(uniqid(rand(), true)), 0, $len); //$hash_pass = $salt.hash("sha256",$salt.$newpass); $hash_pass = hash_password($newpass); // update database with new password $update = "UPDATE " . WW_USER_TBL . " SET \n\t\t\t\t\t" . WW_PASS . " = '" . $conn->real_escape_string($hash_pass) . "'\n\t\t\t\t\tWHERE " . WW_ID . " = '" . (int) $author_id . "'"; $update_result = $conn->query($update); if (!$update_result) { return $conn->error; } // email confirmation to user $subject = WW_SITE_NAME . " - password changed"; $message = "Your password for the " . WW_SITE_NAME . " website (" . WW_WEB_ROOT . ") has been changed"; $headers = "From: " . WW_ADMIN_EMAIL . "\n" . "X-Mailer: PHP/" . phpversion() . "\n" . "Content-Type: text/html; charset=utf-8\n" . "Content-Transfer-Encoding: 8bit\n\n"; if (mail($author_email, $subject, $message, $headers, "-f" . WW_ADMIN_EMAIL . "")) { $loginmessage = "Your password has been changed."; } else { // message your password has been changed $loginmessage = "Your password has been changed. \n\t\t\tUnfortunately we were unable to send a confirmation email."; } unset($_SESSION[WW_SESS]['logged_in']); return $loginmessage; }