function save() { if ($this->id == 0 || !is_int($this->id)) { return; } sqlQuery("UPDATE \"users\" SET \"Username\"='" . makeSafeSQL($this->username) . "', \"Password\"='" . $this->password . "', \"Rank\"=" . intval($this->rank) . " WHERE \"ID\"=" . $this->id); }
<?php if (isLoggedIn() && isMod()) { if (isset($_POST['add'])) { if (!isValidSessionkey()) { die("Hack attempt blocked."); } $title = makeSafeSQL($_POST['title']); $content = makeSafeSQL($_POST['content']); sqlQuery("INSERT INTO \"news\" (\"Author\",\"Title\",\"Content\") VALUES(" . $me->id . ",'{$title}','{$content}')"); header("Location: index.php"); exit; } ?> <div class="title">[Mod] Add News</div> <div class="block"> <div class="blocktitle">Post</div> <div class="blockcontent"> <form method="post" action="index.php?page=mod_news"> <p>Title:<br /><input type="text" name="title" class="halfwidth" /></p> <p>Contents:<br /><textarea name="content"></textarea></p> <?php echoHiddenSessionkey(); ?> <input type="submit" name="add" value="Add" /> </form> </div> </div> <?php } else { header("Location: index.php");
if ($_POST['p'] != $_POST['p2']) { echo makeBlock("Error", "Passwords are not the same."); $okay = false; } if ($_POST['e'] != $_POST['e2']) { echo makeBlock("Error", "Email addresses are not the same."); $okay = false; } if (isValidEmail($_POST['e'])) { echo makeBlock("Error", "Email address does not seem valid."); $okay = false; } if ($okay) { $username = makeSafeSQL($_POST['u']); $password = strtoupper(md5($_POST['p'])); $email = makeSafeSQL($_POST['e']); $existingCheck = sqlQuery("SELECT * FROM \"users\" WHERE \"Username\"='" . $username . "' OR \"Email\"='" . $email . "'"); if (count($existingCheck) != 0) { echo makeBlock("Error", "Username or email address already in use."); $okay = false; } if ($okay) { execQuery("INSERT INTO main.users (\"Username\",\"Password\",\"Email\",\"Rank\",\"XP\") VALUES('{$username}','{$password}','{$email}',0,0)"); header("Location: index.php?page=login&r"); exit; } } } ?> <div class="title">Register</div> <div class="block">
<?php if (isLoggedIn()) { header("Location: index.php"); exit; } if (isset($_POST['login'])) { if (!isValidSessionkey()) { die("Hack attempt blocked."); } $username = makeSafeSQL($_POST['u']); $password = strtoupper(md5($_POST['p'])); $loginCheck = sqlQuery("SELECT * FROM \"users\" WHERE \"Username\"=\"{$username}\" AND \"Password\"=\"{$password}\""); if (count($loginCheck) == 1) { $user = new User($loginCheck[0]); $_SESSION['UID'] = $user->id; header("Location: index.php?page=profile&uid=" . $user->id); exit; } else { echo makeBlock("Error", "Wrong username or password."); } } if (isset($_GET['r'])) { echo makeBlock("Success!", "You are now registered on OpenSMO. Log in <a href=\"index.php?page=login\">here</a>."); } ?> <div class="title">Login</div> <div class="block"> <div class="blocktitle">Login</div> <div class="blockcontent"> <form method="post" action="index.php?page=login">
function setSetting($key, $value) { global $settings; if (isset($settings[$key])) { sqlQuery("UPDATE \"settings\" SET \"Value\"='" . makeSafeSQL($value) . "' WHERE \"Key\"='" . makeSafeSQL($key) . "'"); } }