function check_login($username, $password, $remember = true)
{
$db = get_db_read();
# Get the salt and check if the user exists at the same time
$result = try_mysql_query("SELECT salt FROM users WHERE username = '******'", $db);
if (mysql_num_rows($result) != 1) {
return null;
}
$row = mysql_fetch_assoc($result);
$salt = $row['salt'];
mysql_free_result($result);
$hashed_password = hash_password($password, $salt);
$ret = get_user_info($db, $username, $hashed_password);
if ($ret == null) {
return null;
}
if ($remember == true) {
setcookie("username", $username, time() + 60 * 60 * 24 * 3000);
setcookie("password", $hashed_password, time() + 60 * 60 * 24 * 3000);
}
$_SESSION["username"] = $username;
return $ret;
}
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# upload_iamge.php
# * Image is uploaded to this
# * Image is moved and named appropriately
# *
#
header('Pragma: no-cache');
require 'shared.php';
# Make a connection to the database
$db = get_db_read();
if (!$me) {
show_error_redirect_back("Please log in first");
}
if (isset($_FILES['file']) == false) {
show_error_redirect_back("Error uploading file! The filename wasn't found.");
}
$ext = get_extension(strtolower($_FILES['file']['name']));
if (!in_array($ext, array("jpeg", "jpg", "png", "gif", "bmp", "tif", "tiff"))) {
show_error_redirect_back("Sorry, {$ext} isn't an allowed file type. Allowed extensions are JPEG, JPG, GIF, PNG, BMP, TIF, and TIFF<BR>");
}
# Generate the new filename
$rand = generate_salt();
$i = 0;
do {
$newname = $me['username'] . "-" . $rand . "-{$i}.jpeg";
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# admin.php
# This script performs several administrative tasks
#
header('Pragma: no-cache');
require 'shared.php';
# Make a connection to the database
$db_read = get_db_read();
$db_write = get_db_write();
if ($me == null || $me['admin'] != '1') {
show_error_redirect_back("Error");
}
if (isset($_GET['action']) == false) {
show_error_redirect_back('No action specified');
}
$action = $_GET['action'];
if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) {
$user_id = $_GET['user_id'];
}
if ($action == 'authorize') {
if (isset($user_id) == false) {
show_error_redirect_back('No user_id specified');
}
if (is_dir($f) == false) {
$info = stat("{$preview_directory}/{$f}");
$age_in_seconds = time() - $info['mtime'];
$age_in_minutes = $age_in_seconds / 60;
if ($age_in_minutes > $preview_timeout) {
unlink("{$preview_directory}/{$f}");
}
}
}
if (is_dir($upload_directory) == false) {
mkdir($upload_directory) or show_error_die("Unable to create upload directory '{$upload_directory}'");
}
if (is_dir($preview_directory) == false) {
mkdir($preview_directory) or show_error_die("Unable to create preview directory '{$preview_directory}'");
}
$me = get_current_user_info(get_db_read());
# Makes sure the username is made up of letters and numbers, and is between 3 and 14 characters long
function validate_username($username)
{
if (isset($username) == false) {
return false;
}
if (ereg('^([a-zA-Z0-9])*$', $username) == false) {
return false;
}
if (strlen($username) < 3 || strlen($username) > 14) {
return false;
}
return true;
}
# Makes sure the password isn't an unreasonable length
