$smarty->assign('login_username', $_POST['username']); } } } } } if ($error) { $smarty->assign('login_error', $error); $smarty->display('index.tpl.html'); exit; } $db = new SQLite($SQLITE_DB_PATH); $query = "SELECT id, password, can_login FROM users WHERE username = '******'username']}'"; $user_info = $db->fetchRowQueryAssoc($query); if ($db->isError()) { $error = "Login failed! There was a database error: " . $db->getError(); $smarty->assign('login_error', $error); $smarty->display('index.tpl.html'); exit; } if (!$user_info) { $error = "Username '{$_POST['username']}' does not exist!"; $smarty->assign('login_error', $error); $smarty->assign('login_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; } if ($user_info['can_login'] == 0) { $error = "Your account has been disabled! Sorry..."; $smarty->assign('login_error', $error); $smarty->display('index.tpl.html');
} } } } } } if ($error) { $smarty->assign('registration_error', $error); $smarty->display('index.tpl.html'); exit; } $db = new SQLite($SQLITE_DB_PATH); $user_count_query = "SELECT COUNT(*) FROM users WHERE username = '******'username']}'"; $user_count = $db->fetchRowQuerySingle($user_count_query); if ($db->isError()) { $error = "Registration failed! There was a database error: " . $db->getError(); $smarty->assign('registration_error', $error); $smarty->assign('register_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; } if ($user_count) { $error = "Username '{$_POST['username']}' already exists!\n" . "Please choose a different one!"; $smarty->assign('registration_error', $error); $smarty->assign('register_username', $_POST['username']); $smarty->display('index.tpl.html'); exit; } $current_time = time(); $md5_pass = md5($_POST['password']); $insert_query = "INSERT INTO users (username, password, date_regged, date_access, ip_address) VALUES " . "('{$_POST['username']}', '{$md5_pass}', {$current_time}, {$current_time}, '{$_SERVER['REMOTE_ADDR']}')";
exit; } $db = new SQLite($SQLITE_DB_PATH); # Check if the requested site exists. # # $HandlerMatches is a global array defined index.php where the # request url was matched. # $escaped_site = $db->escape($HandlerMatches[1]); # find the sites to display # TODO: cache this (because it changes very rarely) # $site = $db->fetchRowQueryAssoc("SELECT id, name, sane_name, url FROM sites WHERE sane_name = '{$escaped_site}' AND visible = 1"); if ($db->isError()) { $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', 'Database error has occured: ' . $db->getError()); $smarty->display('index.tpl.html'); exit; } if (!$site) { # The requested site was not found # $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', "Pictures from '" . htmlentities($HandlerMatches[1]) . "' are not being collected!"); $smarty->display('index.tpl.html'); exit; } # Prepare data for navigation through pages [<prev] [1], [2], [3], etc, [next>] # $total_items_query = "SELECT COUNT(*) FROM items WHERE site_id = {$site['id']}"; $total_items = $db->fetchRowQuerySingle($total_items_query);
} } } # Check if the requested item exists. # # $HandlerMatches is a global array defined index.php where the # request url was matched. # $escaped_item_title = $db->escape($sane_item_title); # Fetch the item # $item_query = "SELECT " . join(',', $ITEM_FIELDS) . " FROM items " . "WHERE sane_title = '{$escaped_item_title}' AND visible = 1"; $item = $db->fetchRowQueryAssoc($item_query, 'id'); if ($db->isError()) { $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', 'Database error has occured: ' . $db->getError()); $smarty->display('index.tpl.html'); exit; } if (!$item) { # The requested item was not found # $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', "Item '" . htmlentities($HandlerMatches[1]) . "' does not exist!"); $smarty->display('index.tpl.html'); exit; } if ($add_comment) { $escaped_comment = $db->escape($_POST['comment']); $user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : 0; $anonymous_name = isset($_POST['name']) ? $db->escape($_POST['name']) : '';
exit; } } require_once 'mysmarty.php'; require_once 'system/db.sqlite.php'; $smarty = new MySmarty(); $db = new SQLite($SQLITE_DB_PATH); $smarty->assign('tpl_content', 'content-my-profile.tpl.html'); $smarty->assign('page_style', 'style-my-profile.css'); # Get the current information # $data_query = "SELECT data FROM users WHERE id = {$_SESSION['user_id']}"; $data_ser = $db->fetchRowQuerySingle($data_query); if ($db->isError()) { $smarty->assign('tpl_content', 'content-error.tpl.html'); $smarty->assign('error', 'There was a database error while getting your profile information: ' . $db->getError()); $smarty->display('index.tpl.html'); exit; } $data = array(); if ($data_ser) { $data = unserialize($data_ser); } $smarty->assign('email', isset($data['email']) ? $data['email'] : ''); $smarty->assign('website', isset($data['website']) ? $data['website'] : ''); # UGLINESS if (isset($_POST['action'])) { if ($_POST['action'] == "profile") { $data['email'] = isset($_POST['email']) ? $_POST['email'] : ''; $data['website'] = isset($_POST['website']) ? $_POST['website'] : ''; if ($data['email'] && !preg_match("#^.+@.+\$#", $data['email'])) {