function save()
{
if ($this->id == 0 || !is_int($this->id)) {
return;
}
sqlQuery("UPDATE \"users\" SET \"Username\"='" . makeSafeSQL($this->username) . "', \"Password\"='" . $this->password . "', \"Rank\"=" . intval($this->rank) . " WHERE \"ID\"=" . $this->id);
}
<?php
if (isLoggedIn() && isMod()) {
if (isset($_POST['add'])) {
if (!isValidSessionkey()) {
die("Hack attempt blocked.");
}
$title = makeSafeSQL($_POST['title']);
$content = makeSafeSQL($_POST['content']);
sqlQuery("INSERT INTO \"news\" (\"Author\",\"Title\",\"Content\") VALUES(" . $me->id . ",'{$title}','{$content}')");
header("Location: index.php");
exit;
}
?>
<div class="title">[Mod] Add News</div>
<div class="block">
<div class="blocktitle">Post</div>
<div class="blockcontent">
<form method="post" action="index.php?page=mod_news">
<p>Title:<br /><input type="text" name="title" class="halfwidth" /></p>
<p>Contents:<br /><textarea name="content"></textarea></p>
<?php
echoHiddenSessionkey();
?>
<input type="submit" name="add" value="Add" />
</form>
</div>
</div>
<?php
} else {
header("Location: index.php");
if ($_POST['p'] != $_POST['p2']) {
echo makeBlock("Error", "Passwords are not the same.");
$okay = false;
}
if ($_POST['e'] != $_POST['e2']) {
echo makeBlock("Error", "Email addresses are not the same.");
$okay = false;
}
if (isValidEmail($_POST['e'])) {
echo makeBlock("Error", "Email address does not seem valid.");
$okay = false;
}
if ($okay) {
$username = makeSafeSQL($_POST['u']);
$password = strtoupper(md5($_POST['p']));
$email = makeSafeSQL($_POST['e']);
$existingCheck = sqlQuery("SELECT * FROM \"users\" WHERE \"Username\"='" . $username . "' OR \"Email\"='" . $email . "'");
if (count($existingCheck) != 0) {
echo makeBlock("Error", "Username or email address already in use.");
$okay = false;
}
if ($okay) {
execQuery("INSERT INTO main.users (\"Username\",\"Password\",\"Email\",\"Rank\",\"XP\") VALUES('{$username}','{$password}','{$email}',0,0)");
header("Location: index.php?page=login&r");
exit;
}
}
}
?>
<div class="title">Register</div>
<div class="block">
<?php
if (isLoggedIn()) {
header("Location: index.php");
exit;
}
if (isset($_POST['login'])) {
if (!isValidSessionkey()) {
die("Hack attempt blocked.");
}
$username = makeSafeSQL($_POST['u']);
$password = strtoupper(md5($_POST['p']));
$loginCheck = sqlQuery("SELECT * FROM \"users\" WHERE \"Username\"=\"{$username}\" AND \"Password\"=\"{$password}\"");
if (count($loginCheck) == 1) {
$user = new User($loginCheck[0]);
$_SESSION['UID'] = $user->id;
header("Location: index.php?page=profile&uid=" . $user->id);
exit;
} else {
echo makeBlock("Error", "Wrong username or password.");
}
}
if (isset($_GET['r'])) {
echo makeBlock("Success!", "You are now registered on OpenSMO. Log in <a href=\"index.php?page=login\">here</a>.");
}
?>
<div class="title">Login</div>
<div class="block">
<div class="blocktitle">Login</div>
<div class="blockcontent">
<form method="post" action="index.php?page=login">
function setSetting($key, $value)
{
global $settings;
if (isset($settings[$key])) {
sqlQuery("UPDATE \"settings\" SET \"Value\"='" . makeSafeSQL($value) . "' WHERE \"Key\"='" . makeSafeSQL($key) . "'");
}
}
