$json = array('username' => $username, 'auth' => $authcode, 'dev' => "API test script", 'device' => "API device", 'mode' => "update", 'links' => array(array('id' => $links[0]), array('id' => $links[1], 'comments' => '123'), array('id' => $links[2], 'comments' => '321', 'both' => true), array('id' => $links[3]), array('id' => $links[4], 'comments' => '456'))); $res = json_decode(sendRequest(array('data' => json_encode($json))), true); if (isset($res['success'])) { echo "added links"; $success++; } else { echo "<h2>ERROR: " . json_encode($res, true) . "</h2>"; $error++; } echo "<br />"; ////////////////////////////////////// /////// CHECK LINKS echo "<h3>checking links</h3>"; echo "checking 8 links for {$username}"; echo "<br />"; $json = array('username' => $username, 'auth' => $authcode, 'dev' => "API test script", 'device' => "API device", 'mode' => "read", 'links' => array(array('id' => $links[0]), array('id' => $links[1]), array('id' => $links[2]), array('id' => $links[3]), array('id' => $links[4]), array('id' => genrand()), array('id' => genrand()), array('id' => genrand()))); $res = json_decode(sendRequest(array('data' => json_encode($json))), true); if (isset($res)) { $worked = true; $count = 0; if (count($res) != 5) { echo "<h2>ERROR: incorrect number of links found " . json_encode($res, true) . "</h2>"; $error++; } else { echo count($res) . " links found. "; foreach ($res as $r) { if ($links[0] == $r['id'] && $r['lastvisit'] > 0 && $r['commentvisit'] < 1) { $count++; } if ($links[1] == $r['id'] && $r['lastvisit'] < 1 && $r['commentvisit'] > 0 && $r['comments'] == "123") { $count++;
function addAuth($username, $userid, $device, $developer) { global $mysql; $success = ""; $error = ""; $key = genrand(); $sql = "INSERT INTO `authcodes` (\n `id`,\n `userid`,\n `username`,\n `authhash`,\n `description`,\n `created`,\n `createdby`\n ) VALUES (\n NULL,\n '" . $mysql->real_escape_string($userid) . "',\n '" . $mysql->real_escape_string($username) . "',\n '" . $key . "',\n '" . $mysql->real_escape_string($device) . "',\n '" . time() . "',\n '" . $mysql->real_escape_string($developer) . "'\n )"; if ($res = $mysql->query($sql)) { $success = $key; } else { $error = "database error"; } return array("success" => $success, "error" => $error); }
// though you can do this with most things // a limit should probably be added $error = "email not found"; } } } } if (isset($_GET['u']) && (int) $_GET['u'] > 0 && isset($_GET['t'])) { $u = (int) $_GET['u']; $sql = "SELECT * FROM `user`\n WHERE\n `id` = '" . $mysql->real_escape_string($u) . "'\n AND\n `resethash` = '" . $mysql->real_escape_string($_GET['t']) . "'\n AND\n `canreset` = '1'\n LIMIT 1"; $user = $mysql->query($sql); $user = $user->fetch_assoc(); if ($user) { $hideform = 1; $user_id = $user['id']; $generated_password = genrand() . genrand(); $hashset = create_hash($generated_password); $pieces = explode(":", $hashset); $salt = $pieces[2]; $hash = $pieces[3]; $sql = "\n UPDATE `user`\n SET\n `passhash` = '" . $mysql->real_escape_string($hash) . "',\n `salt` = '" . $mysql->real_escape_string($salt) . "',\n `canreset` = '0'\n WHERE\n `id` = '" . $mysql->real_escape_string($user_id) . "'\n LIMIT 1\n "; $reset = $mysql->query($sql); if ($reset) { send_email($user['email'], "synccit password reset", "your password has been reset to, " . $generated_password . "\r\n\r\n\n\n try logging in with it"); $error = "new password has been emailed to you"; } else { $error = "database error. sorry, try again"; } } else { $error = "wrong reset code. try resetting again"; }
$error = "updated successfully"; } else { $error = "database error. try again"; } } else { $error = "incorrect password"; } } $links = $mysql->query("SELECT count(*) as `count` FROM `links` WHERE `userid` = '" . $mysql->real_escape_string($user->id) . "'"); $links = $links->fetch_assoc(); $links = $links['count']; $devices = $mysql->query("SELECT count(*) as `count` FROM `authcodes` where `userid` = '" . $mysql->real_escape_string($user->id) . "'"); $devices = $devices->fetch_assoc(); $devices = $devices['count']; htmlHeader("edit your profile - synccit - reddit history/link sync", $loggedin); $_SESSION['temphash'] = hash("sha256", genrand()); ?> <div class="fourcol"> <p><h2>edit profile</h2></p> </div> <div class="fourcol"> <div class=""> <span class="error"><?php echo $error; ?> </span><br /><br /> <form action="<?php echo PROFILEURL; ?> " method="post" id="editprofile">
function addAuth($username, $password, $device, $developer) { global $mysql; $success = ""; $error = ""; $key = genrand(); $userinfo = $mysql->query("SELECT * FROM `user` WHERE `username` = '" . $mysql->real_escape_string($username) . "' LIMIT 1"); if ($userinfo->num_rows > 0) { $user = $userinfo->fetch_assoc(); $hash = $user["passhash"]; $salt = $user["salt"]; $hashset = "sha512:10000:" . $salt . ":" . $hash; $result = validate_password($password, $hashset); if ($result) { $sql = "INSERT INTO `authcodes` (\n `id`,\n `userid`,\n `username`,\n `authhash`,\n `description`,\n `created`,\n `createdby`\n ) VALUES (\n NULL,\n '" . $mysql->real_escape_string($user["id"]) . "',\n '" . $mysql->real_escape_string($user["username"]) . "',\n '" . $key . "',\n '" . $mysql->real_escape_string($device) . "',\n '" . time() . "',\n '" . $mysql->real_escape_string($developer) . "'\n )"; if ($res = $mysql->query($sql)) { $success = $key; } else { $error = "database error"; } } else { $error = "username or password incorrect"; } } else { $error = "user not found"; } return array("success" => $success, "error" => $error); }