function set_validid() { global $config_basedir; if (pf_check_number($_GET['id']) == TRUE) { return $_GET['id']; } else { header("Location: " . $config_basedir); } }
<?php session_start(); require "db.php"; require "functions.php"; if (pf_check_number($_GET['subject']) == TRUE) { $validsubject = $_GET['subject']; } else { header("Location: " . $config_basedir); } if (isset($_GET['topic']) == TRUE) { if (is_numeric($_GET['topic']) == TRUE) { $validtopic = $_GET['topic']; } else { header("Location: " . $config_basedir); } } if (!$_SESSION['SESS_USERNAME']) { header("Location: " . $config_basedir . "login.php"); } if ($_POST['submit']) { $authsql = "SELECT * FROM subjects WHERE id = " . $validsubject . " AND owner_id = " . $_SESSION['SESS_USERID'] . ";"; // $authresult = mysql_query($authsql); // $authnumrows = mysql_num_rows($authresult); $authresult = $db->query($authsql); $authnumrows = $authresult->rowCount(); if ($authnumrows == 1) { $qsql = "INSERT INTO questions(topic_id, question, answer, addedby_id, dateadded, active) VALUES(" . $_POST['topic'] . ", '" . pf_fix_slashes($_POST['question']) . "', '" . pf_fix_slashes($_POST['answer']) . "', " . $_SESSION['SESS_USERID'] . ", NOW()" . ", 1);"; //$qresult = mysql_query($qsql); $qresult = $db->query($qsql); header("Location: " . $config_basedir . "answer.php?id=" . mysql_insert_id());
<?php require_once "../project_functions.php"; pf_protect_admin_page(); if (pf_check_number($_GET['imageid']) == TRUE) { $validimageid = $_GET['imageid']; } else { header("Location: " . $config_projectadminbasedir); } if ($_GET['conf']) { $imagesql = "SELECT * FROM homeproject_screenshots WHERE id = " . $validimageid; // $imageresult = mysql_query($imagesql); // $imagerow = mysql_fetch_assoc($imageresult); $imageresult = $db->query($imagesql); $imagerow = $imageresult->fetchAll(PDO::FETCH_ASSOC); unlink($config_projectdir . $_SESSION['SESS_PROJECTPATH'] . "/screenshots/" . $imagerow[0]['name']); $delsql = "DELETE FROM homeproject_screenshots WHERE id = " . $validimageid; // mysql_query($delsql); $db->query($delsql); header("Location: " . $config_projectadminbaseurl . basename($_SERVER['SCRIPT_NAME']) . "?func=screenshots"); } else { echo "<h2>Delete image?</h2>"; echo "<form action=" . $_SERVER['SCRIPT_NAME'] . "?func=deletescreenshot' method='post'>"; echo "<p>Are you sure you want to delete this image?</p>"; echo "<p>"; echo "<a href=" . $_SERVER['SCRIPT_NAME'] . "?func=deletescreenshot&conf=1&imageid=" . $validimageid . ">Yes</a> / <a href=" . $_SERVER['SCRIPT_NAME'] . "?func=screenshots>No</a>"; echo "</p>"; echo "</form>"; } ?>
<?php require "db.php"; require "functions.php"; if (pf_check_number($_GET['id']) == TRUE) { $validid = $_GET['id']; } else { header("Location: " . $config_basedir); } if (pf_check_number($_GET['rating']) == TRUE) { $validrating = $_GET['rating']; } else { header("Location: " . $config_basedir); } require "header.php"; $checksql = "SELECT * FROM ratings WHERE user_id = " . $_SESSION['SESS_USERID'] . " AND story_id = " . $validid . ";"; $checkresult = mysql_query($checksql); $checknumrows = mysql_num_rows($checkresult); if ($checknumrows == 1) { echo "<h1>Already voted</h1>"; echo "<p>You have already voted for this story.</p>"; } else { $inssql = "INSERT INTO ratings(user_id, story_id, rating) VALUES(" . $_SESSION['SESS_USERID'] . "," . $validid . "," . $validrating . ");"; mysql_query($inssql); echo "<h1>Thankyou!</h1>"; echo "<p>Thankyou for your vote.</p>"; }
session_start(); require "db.php"; require "functions.php"; if ($_SESSION['SESS_ADMIN']) { header("Location: " . $config_basedir); } if (pf_check_number($_GET['topic']) == TRUE) { $validtopic = $_GET['topic']; } else { header("Location: " . $config_basedir); } if (pf_check_number($_GET['subject']) == TRUE) { $validsubject = $_GET['subject']; } else { header("Location: " . $config_basedir); } if (pf_check_number($_GET['questionid']) == TRUE) { $validquestionid = $_GET['questionid']; } else { header("Location: " . $config_basedir); } if ($_GET['conf']) { $delsql = "DELETE FROM questions WHERE id = " . $validquestionid . ";"; mysql_query($delsql); header("Location: " . $config_basedir . "questions.php?subject=" . $validsubject . "&topic=" . $validtopic); } else { require "header.php"; echo "<h1>Are you sure you want to delete this question?</h1>"; echo "<p>[<a href='" . $SCRIPT_NAME . "?conf=1&subject=" . $validsubject . "&topic=" . $validtopic . "&questionid=" . $validquestionid . "'>Yes</a>] [<a href='questions.php?subject=" . $validsubject . "&topic=" . $validtopic . "'>No</a>]</p>"; } require "footer.php";
<?php session_start(); require "db.php"; require "functions.php"; if (isset($_SESSION['SESS_ADMINUSER']) == FALSE) { header("Location: " . $config_basedir); } if (pf_check_number($_GET['topic']) == TRUE) { $validtopic = $_GET['topic']; } else { header("Location: " . $config_basedir); } if ($_GET['conf']) { $delsql = "DELETE FROM topics WHERE id = " . $validtopic . ";"; // mysql_query($delsql); $db->query($delsql); header("Location: " . $config_basedir); } else { require "header.php"; echo "<h1>Are you sure you want to delete this topic?</h1>"; echo "<p>[<a href='" . $_SERVER['SCRIPT_NAME'] . "?conf=1&topic=" . $validtopic . "'>Yes</a>] [<a href='" . $config_basedir . "'>No</a>]"; } require "footer.php";
<?php require_once "../project_functions.php"; pf_protect_admin_page(); if (pf_check_number($_GET['relid']) == TRUE) { $validrelid = $_GET['relid']; } else { header("Location: " . $config_projectadminbasedir); } if ($_GET['conf']) { $uploaddir = $config_projectdir . $_SESSION['SESS_PROJECTPATH'] . "/releases/"; $filesql = "SELECT filename FROM homeproject_releasefiles WHERE id = " . $validrelid . ";"; // $fileresult = mysql_query($filesql); // $filerow = mysql_fetch_assoc($fileresult); $fileresult = $db->query($filesql); $filerow = $fileresult->fetchAll(PDO::FETCH_ASSOC); $fullfile = $uploaddir . $filerow['filename']; if (file_exists($fullfile) == TRUE) { unlink($fullfile); $delsql = "DELETE FROM homeproject_releasefiles WHERE id = " . $validrelid . ";"; // mysql_query($delsql); $db->query($delsql); header("Location: " . $config_projectadminbasedir . basename($_SERVER['SCRIPT_NAME']) . "?func=downloads"); } else { echo "<h1>File does not exist</h1>"; echo "The file you tried to delete does not exist."; } } else { echo "<h1>Are you sure you want to delete this release?</h1>"; echo "<p>[<a href='" . $_SERVER['SCRIPT_NAME'] . "?func=deleterelease&conf=1&relid=" . $validrelid . "'>Yes</a>] [<a href='" . $_SERVER['SCRIPT_NAME'] . "?func=main'>No</a>]"; }