/_taios.php |
---|
13,16 → 13,12 |
$this->drawnMiddle = false; |
$this->drawnFooter = false; |
$this->db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD); |
if (!$this->db) |
{ |
$this->drawError('Failed to connect to database: ' . mysql_error()); |
} |
if (!mysql_select_db('Tim32')) |
{ |
$this->drawError('Failed to select database: ' . mysql_error()); |
} |
try { |
$this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, |
array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" )); |
} catch (PDOException $e) { |
$this->drawError("Failed to connect to database!"); |
} |
} |
function drawHeader() |
30,13 → 26,13 |
if (!$this->drawnHeader) |
{ |
write('<!DOCTYPE html>'); |
write('<html>'); |
write('<html lang="en">'); |
write('<head>'); |
write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">'); |
write('<title>Tim32 · ' . $this->title . '</title>'); |
write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="screen" />'); |
write('<title>Tim32 · ' . htmlentities($this->title, ENT_QUOTES) . '</title>'); |
write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />'); |
write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />'); |
write('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>'); |
write('<script type="text/javascript" src="//code.jquery.com/jquery-1.9.0.min.js"></script>'); |
write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>'); |
write('</head>'); |
write('<body>'); |
115,8 → 111,7 |
write('<h4 style="color: red;">Error: ' . $text . '</h4>'); |
if ($die) |
{ |
if ($die) { |
$this->drawFooter(); |
die(); |
} |
127,13 → 122,13 |
$post = $this->getBlogPost($id); |
if ($first) |
{ |
write('<h3><a href="post.php?id=' . $id . '">' . $post->title. '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>'); |
write('<h3><a href="post.php?id=' . $id . '">' . htmlentities($post->title, ENT_QUOTES). '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>'); |
} |
else |
{ |
write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
write('<a href="post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>'); |
} |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>'); |
write('<p>' . $this->replaceBBCode($post->content) . '</p>'); |
if ($this->isUserNormal($this->getLoggedInUser())) |
147,7 → 142,7 |
write('</p><br />'); |
} |
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id)); |
for ($i = 0; $i < count($ids); $i++) |
{ |
write('<div class="indent">'); |
173,18 → 168,14 |
write('<h3>Categories</h3>'); |
for ($i = 0; $i < count($cats); $i++) |
{ |
$this->drawMenuItem($cats[$i], 'blog/index.php?cat=' . $cats[$i]); |
$this->drawMenuItem(htmlentities($cats[$i], ENT_QUOTES), 'blog/index.php?cat=' . $cats[$i]); |
} |
} |
function replaceBBCode($str) |
{ |
$newstr = $str; |
$newstr = str_replace("<", "<", $newstr); |
$newstr = str_replace(">", ">", $newstr); |
$newstr = htmlentities($str, ENT_QUOTES); |
$newstr = str_replace("\n", "<br />", $newstr); |
$newstr = str_replace("\\'", "'", $newstr); |
$newstr = str_replace("\\\"",'"', $newstr); |
$newstr = str_replace(' ', ' ', $newstr); |
$bbcode = array( |
191,8 → 182,11 |
'/\[b\](.+?)\[\/b\]/is', |
'/\[i\](.+?)\[\/i\]/is', |
'/\[u\](.+?)\[\/u\]/is', |
'/\[s\](.+?)\[\/s\]/is', |
'/\[url\](.+?)\[\/url\]/is', |
'/\[w\](.+?)\[\/w\]/is', |
'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is', |
'/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is', |
'/\[code\](.+?)\[\/code\]/is', |
'/\[img\](.+?)\[\/img\]/is', |
'/\[ul\](.+?)\[\/ul\]/is', |
206,8 → 200,11 |
'<b>$1</b>', |
'<i>$1</i>', |
'<u>$1</u>', |
'<del>$1</del>', |
'<a href="$1">$1</a>', |
'<a href="/wiki/index.php?page=$1">$1</a>', |
'<a href="$1">$2</a>', |
'<a href="/wiki/index.php?page=$1">$2</a>', |
'</p><div class="code">$1</div><p>', |
'<img src="$1" alt="BBCode-included image" />', |
'<ul>$1</ul>', |
214,7 → 211,7 |
'<ol>$1</ol>', |
'<li>$1</li>', |
'<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>', |
'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="http://tim32.org/~freddie/timlan/goTCP.png" alt="Open TCP Editor" /></span>' |
'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="//tim32.org/timlan/goTCP.png" alt="Open TCP Editor" /></span>' |
); |
$newstr = preg_replace($bbcode, $html, $newstr); |
222,6 → 219,59 |
return $newstr; |
} |
function acceptFile($fname) |
{ |
if (!ALLOW_FILES) |
{ |
$this->drawError("This system doesn't allow file uploading."); |
return false; |
} |
$this->checkLoggedIn(); |
if ($this->getLoggedInUser()->accessID >= 2) |
{ |
$this->drawError('You do not have permission to access this page.'); |
} |
$allowedExts = array("gif", "jpeg", "jpg", "png", "tga"); |
$temp = explode(".", $_FILES[$fname]["name"]); |
$extension = end($temp); |
if ((($_FILES[$fname]["type"] == "image/gif") |
|| ($_FILES[$fname]["type"] == "image/jpeg") |
|| ($_FILES[$fname]["type"] == "image/jpg") |
|| ($_FILES[$fname]["type"] == "image/pjpeg") |
|| ($_FILES[$fname]["type"] == "image/x-png") |
|| ($_FILES[$fname]["type"] == "image/png") |
|| ($_FILES[$fname]["type"] == "image/x-targa") |
|| ($_FILES[$fname]["type"] == "image/x-tga")) |
&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes) |
&& in_array($extension, $allowedExts)) |
{ |
if ($_FILES[$fname]["error"] > 0) |
{ |
$this->drawError("File Upload Error: " . $_FILES[$fname]["error"]); |
} |
else |
{ |
$lname = "upload/" . $this->rndString(12) . "." . $extension; |
while (file_exists($lname)) |
{ |
$lname = "upload/" . $this->rndString(12) . "." . $extension; |
} |
move_uploaded_file($_FILES[$fname]["tmp_name"], $this->url . $lname); |
return ROOT_PATH . $lname; |
} |
} |
else |
{ |
$this->drawError("Invalid file"); |
} |
return false; |
} |
function redirect($u) |
{ |
header('Location: ' . $u); |
325,24 → 375,22 |
} |
} |
function query($query) |
function query($query, $args = array()) |
{ |
$result = mysql_query($query); |
if (!$result) |
{ |
$this->drawError('Query Failed: ' . $query . "\n" . 'MySQL Error: ' . mysql_error()); |
} |
return $result; |
$statement = $this->db->prepare($query); |
if (!$statement->execute($args)) { |
$this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo()); |
} |
return $statement->fetchAll(); |
} |
function findIDs($table, $query = '') |
function findIDs($table, $query = '', $args = array()) |
{ |
$array = array(); |
$result = $this->query('SELECT ID FROM ' . $table . ' ' . $query); |
while ($row = mysql_fetch_array($result)) |
{ |
$results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args); |
foreach ($results as $row) { |
array_push($array, $row['ID']); |
} |
351,16 → 399,16 |
function getUserByID($id) |
{ |
$result = $this->query('SELECT * FROM Users WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
$user = new User; |
foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) { |
$user = new User(); |
$user->ID = $row['ID']; |
$user->accessID = $row['AccessID']; |
$user->username = $row['Username']; |
$user->password = $row['Password']; |
$user->salt = $row['Salt']; |
$user->emailAddress = $row['EmailAddress']; |
$user->name = $row['Name']; |
$user->csrftoken = $row['CSRFToken']; |
$user->challengeID = $row['ChallengeID']; |
return $user; |
369,11 → 417,8 |
return false; |
} |
function getUserByUsername($username) |
{ |
$result = $this->query('SELECT * FROM Users WHERE Username = "' . $username . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
function getUserByUsername($username) { |
foreach ($this->query("SELECT ID FROM Users WHERE Username = ?", array($username)) as $row) { |
return $this->getUserByID($row['ID']); |
} |
380,10 → 425,8 |
return false; |
} |
function getLoggedInUser() |
{ |
if ($this->isLoggedIn()) |
{ |
function getLoggedInUser() { |
if ($this->isLoggedIn()) { |
$clist = explode('|~|', $_COOKIE['Tim32_Login']); |
return $this->getUserByUsername($clist[0]); |
} |
391,25 → 434,21 |
return false; |
} |
function getBlogPost($id) |
{ |
$result = $this->query('SELECT * FROM BlogPosts WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
function getBlogPost($id) { |
foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) { |
$post = new BlogPost; |
$post->ID = $row['ID']; |
if ($row['ParentID'] == -1) |
{ |
if ($row['ParentID'] == -1) { |
$post->parent = -1; |
} |
else |
{ |
} else { |
$post->parent = $this->getBlogPost($row['ParentID']); |
} |
$post->author = $this->getUserByID($row['AuthorID']); |
$post->user = $this->getUserByID($row['AuthorID']); // For some older pages |
$post->title = htmlspecialchars($row['Title']); |
$post->content = htmlspecialchars($row['Content']); |
$post->title = $row['Title']; |
$post->content = $row['Content']; |
$post->datePosted = strtotime($row['DatePosted']); |
$post->category = $row['Category']; |
$post->spam = $row['Spam']; |
420,11 → 459,8 |
$this->drawError('Cannot find blog post, #' . $id); |
} |
function getProject($id) |
{ |
$result = $this->query('SELECT * FROM Projects WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
function getProject($id) { |
foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) { |
$project = new Project; |
$project->ID = $row['ID']; |
443,11 → 479,8 |
return false; |
} |
function getForumCategory($id) |
{ |
$result = $this->query('SELECT * FROM ForumCategories WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
function getForumCategory($id) { |
foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) { |
$f = new ForumCategory; |
$f->ID = $row['ID']; |
461,11 → 494,8 |
return false; |
} |
function getForumPost($id) |
{ |
$result = $this->query('SELECT * FROM ForumPosts WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
function getForumPost($id) { |
foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) { |
$f = new ForumPost; |
$f->ID = $row['ID']; |
483,22 → 513,48 |
return false; |
} |
function delBlogPost($id) |
{ |
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
for ($i = 0; $i < count($ids); $i++) |
{ |
$this->delBlogPost($ids[$i]); |
function delBlogPost($id) { |
foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) { |
$this->delBlogPost($i); |
} |
$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
} |
$this->query('DELETE FROM BlogPosts WHERE ID="' . $id . '"'); |
function saltAndBurn($pass, $salt) { |
return sha1($salt . $pass); |
} |
function getGetID() |
{ |
function rndString($len = 8) { |
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp'; |
$clen = strlen($chars); |
$res = ''; |
for ($i = $len - 1; $i >= 0; $i--) { |
$res .= $chars[rand(0, $clen - 1)]; |
} |
return $res; |
} |
function getCSRFToken($id) { |
$token = $this->rndString(); |
$this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
return $token; |
} |
function checkCSRFToken($id, $token) { |
$user = $this->getUserByID($id); |
if ($token !== $user->csrftoken) { |
die("a death"); |
} |
$this->getCSRFToken($id); // change to something else so we can't re-use it |
} |
function getGetID() { |
$id = $_GET['id']; |
if (empty($id)) |
{ |
if (empty($id)) { |
$id = 1; |
} |
505,11 → 561,9 |
return $id; |
} |
function getPostID() |
{ |
function getPostID() { |
$id = $_POST['id']; |
if (empty($id)) |
{ |
if (empty($id)) { |
$id = 1; |
} |
524,8 → 578,10 |
public $accessID; |
public $username; |
public $password; |
public $salt; |
public $emailAddress; |
public $name; |
public $csrftoken; |
public $challengeID; |
} |
/admin/account.php |
---|
32,10 → 32,10 |
write('<tr><td class="bold">AccessID: </td><td>' . $user->accessID . '</td></tr>'); |
} |
?> |
<tr><td class="bold">Username: </td><td><?php echo $user->username; ?></td></tr> |
<tr><td class="bold">Username: </td><td><?php echo htmlentities($user->username, ENT_QUOTES); ?></td></tr> |
<tr><td class="bold">Password: </td><td><input type="password" name="password" /></td></tr> |
<tr><td class="bold">Email Address: </td><td><input type="text" name="email" value="<?php echo $user->emailAddress; ?>" /></td></tr> |
<tr><td class="bold">Name: </td><td><input type="text" name="name" value="<?php echo $user->name; ?>" /></td></tr> |
<tr><td class="bold">Email Address: </td><td><input type="text" name="email" value="<?php echo htmlentities($user->emailAddress, ENT_QUOTES); ?>" /></td></tr> |
<tr><td class="bold">Name: </td><td><input type="text" name="name" value="<?php echo htmlentities($user->name, ENT_QUOTES); ?>" /></td></tr> |
<tr><td></td><td><input type="submit" value="Update Account" /></td></tr> |
</table> |
</form> |
/admin/all-accounts.php |
---|
17,7 → 17,7 |
write('<td class="bold">ID</td>'); |
write('<td class="bold">AccessID</td>'); |
write('<td class="bold">Username</td>'); |
write('<td class="bold">SHA1 Password</td>'); |
write('<td class="bold">Salt and Burned Password</td>'); |
write('<td class="bold">Name</td>'); |
write('<td class="bold">Email Address</td>'); |
write('<td class="bold">Challenge ID</td>'); |
30,10 → 30,10 |
write('<tr>'); |
write('<td><a href="account.php?id=' . $user->ID . '">' . $user->ID . '</a></td>'); |
write('<td>' . $user->accessID . '</td>'); |
write('<td>' . $user->username . '</td>'); |
write('<td>' . htmlentities($user->username, ENT_QUOTES) . '</td>'); |
write('<td>' . $user->password . '</td>'); |
write('<td>' . $user->name . '</td>'); |
write('<td>' . $user->emailAddress . '</td>'); |
write('<td>' . htmlentities($user->name, ENT_QUOTES) . '</td>'); |
write('<td>' . htmlentities($user->emailAddress, ENT_QUOTES) . '</td>'); |
write('<td>' . $user->challengeID . '</td>'); |
write('</tr>'); |
} |
/admin/all-blog-posts.php |
---|
39,13 → 39,13 |
} |
else |
{ |
write('<td>' . $post->parent->title . '</td>'); |
write('<td>' . htmlentities($post->parent->title, ENT_QUOTES) . '</td>'); |
} |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . $post->author->name . '</a></td>'); |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . htmlentities($post->author->name, ENT_QUOTES) . '</a></td>'); |
write('<td>' . $post->title . '</td>'); |
write('<td>' . str_replace("\n", '<br />', $post->content) . '</td>'); |
write('<td>' . str_replace("\n", '<br />', htmlentities($post->content, ENT_QUOTES)) . '</td>'); |
write('<td>' . date('j/m/Y H:i', $post->datePosted) . ' <a href="nowify.php?id=' . $post->ID . '">Nowify</a></td>'); |
write('<td>' . $post->category . '</td>'); |
write('<td>' . htmlentities($post->category, ENT_QUOTES) . '</td>'); |
write('<td>' . $post->spam . '</td>'); |
write('</tr>'); |
} |
/admin/all-forum-categories.php |
---|
32,10 → 32,10 |
} |
else |
{ |
write('<td>' . $cat->parent->title . '</td>'); |
write('<td>' . htmlentities($cat->parent->title, ENT_QUOTES) . '</td>'); |
} |
write('<td>' . $cat->title . '</td>'); |
write('<td>' . $cat->description . '</td>'); |
write('<td>' . htmlentities($cat->title, ENT_QUOTES) . '</td>'); |
write('<td>' . htmlentities($cat->description, ENT_QUOTES) . '</td>'); |
write('</tr>'); |
} |
/admin/all-forum-posts.php |
---|
30,7 → 30,7 |
$post = $page->getForumPost($ids[$i]); |
write('<tr>'); |
write('<td><a href="../forums/post.php?id=' . $post->ID . '">' . $post->ID . '</a></td>'); |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . $post->author->name . '</a></td>'); |
write('<td><a href="account.php?id=' . $post->author->ID . '">' . htmlentities($post->author->name, ENT_QUOTES) . '</a></td>'); |
if (!$post->category) |
{ |
write('<td style="color: #444444;">No Category</td>'); |
37,7 → 37,7 |
} |
else |
{ |
write('<td>' . $post->category->title . '</td>'); |
write('<td>' . htmlentities($post->category->title, ENT_QUOTES) . '</td>'); |
} |
if (!$post->parent) |
{ |
45,10 → 45,10 |
} |
else |
{ |
write('<td>' . $post->parent->title . '</td>'); |
write('<td>' . htmlentities($post->parent->title, ENT_QUOTES) . '</td>'); |
} |
write('<td>' . $post->title . '</td>'); |
write('<td>' . str_replace("\n", ' ', $post->content) . '</td>'); |
write('<td>' . htmlentities($post->title, ENT_QUOTES) . '</td>'); |
write('<td>' . str_replace("\n", ' ', htmlentities($post->content, ENT_QUOTES)) . '</td>'); |
write('<td>' . date('j/m/Y H:i', $post->datePosted) . '</td>'); |
write('<td>' . $post->spam . '</td>'); |
write('</tr>'); |
/admin/all-projects.php |
---|
31,13 → 31,13 |
$project = $page->getProject($ids[$i]); |
write('<tr>'); |
write('<td><a href="../projects/edit-project.php?id=' . $project->ID . '">' . $project->ID . '</a></td>'); |
write('<td><a href="account.php?id=' . $project->author->ID . '">' . $project->author->name . '</a></td>'); |
write('<td>' . $project->title . '</td>'); |
write('<td>' . str_replace("\n", '<br />', $project->description) . '</td>'); |
write('<td><img src="' . $project->logoURL . '" /></td>'); |
write('<td><a href="' . $project->downloadURL . '">Link</a></td>'); |
write('<td><a href="' . $project->websiteURL . '">Link</a></td>'); |
write('<td>' . $project->latestVersion . '</td>'); |
write('<td><a href="account.php?id=' . $project->author->ID . '">' . htmlentities($project->author->name, ENT_QUOTES) . '</a></td>'); |
write('<td>' . htmlentities($project->title, ENT_QUOTES) . '</td>'); |
write('<td>' . str_replace("\n", '<br />', htmlentities($project->description, ENT_QUOTES)) . '</td>'); |
write('<td><img src="' . htmlentities($project->logoURL, ENT_QUOTES) . '" /></td>'); |
write('<td><a href="' . htmlentities($project->downloadURL, ENT_QUOTES) . '">Link</a></td>'); |
write('<td><a href="' . htmlentities($project->websiteURL, ENT_QUOTES) . '">Link</a></td>'); |
write('<td>' . htmlentities($project->latestVersion, ENT_QUOTES) . '</td>'); |
write('<td>' . date('j/m/Y H:i', $project->lastUpdate) . '</td>'); |
write('</tr>'); |
} |
/admin/nowify.php |
---|
4,16 → 4,11 |
$page = new Taios_Page('Nowify', '../'); |
if (isset($_GET['id'])) |
{ |
if (isset($_GET['id'])) { |
$id = $_GET['id']; |
} |
else if (isset($_POST['id'])) |
{ |
} else if (isset($_POST['id'])) { |
$id = $_POST['id']; |
} |
else |
{ |
} else { |
$page->drawError('No ID set.'); |
} |
20,8 → 15,7 |
$page->checkLoggedIn(); |
$post = $page->getBlogPost($id); |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) { |
$page->drawError('You do not have permission to access this page.'); |
} |
31,7 → 25,7 |
{ |
$title = $_POST['title']; |
$page->query('UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = "' . $id . '"'); |
$page->query("UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = ?", array($id)); |
$page->redirect('/blog/post.php?id=' . $id); |
} |
39,8 → 33,7 |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
if (!empty($error)) |
{ |
if (!empty($error)) { |
$page->drawError($error, false); |
} |
47,7 → 40,7 |
?> |
<form action="nowify.php" method="post"> |
Press Sumbit if you wish to nowify post <?php echo $post->title; ?>.<br /><br /> |
Press Sumbit if you wish to nowify post <?php echo htmlentities($post->title, ENT_QUOTES); ?>.<br /><br /> |
<?php |
write('<input type="hidden" name="id" value="' . $id . '" />'); |
65,4 → 58,3 |
$page->drawFooter(); |
?> |
/admin/account-do.php |
---|
13,36 → 13,27 |
$name = $_POST['name']; |
$user = $page->getUserByID($userID); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) |
{ |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) |
{ |
$page->query('UPDATE Users SET AccessID = "' . $accessID . '" WHERE ID = "' . $userID . '"'); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) { |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) { |
$page->query("UPDATE Users SET AccessID = ? WHERE ID = ?", array($accessID, $userID)); |
} |
if (!empty($password)) |
{ |
$page->query('UPDATE Users SET Password = "' . sha1($password) . '" WHERE ID = "' . $userID . '"'); |
if (!empty($password)) { |
$salt = $user->username . "sheeps"; |
$page->query("UPDATE Users SET Password = ?, Salt = ? WHERE ID = ?", array($page->saltAndBurn($password, $salt), $salt, $userID)); |
} |
if (!empty($email)) |
{ |
$page->query('UPDATE Users SET EmailAddress = "' . $email . '" WHERE ID = "' . $userID . '"'); |
if (!empty($email)) { |
$page->query("UPDATE Users SET EmailAddress = ? WHERE ID = ?", array($email, $userID)); |
} |
if (!empty($name)) |
{ |
$page->query('UPDATE Users SET Name = "' . $name . '" WHERE ID = "' . $userID . '"'); |
if (!empty($name)) { |
$page->query("UPDATE Users SET Name = ? WHERE ID = ?", array($name, $userID)); |
} |
} |
else |
{ |
if (!$user) |
{ |
} else { |
if (!$user) { |
$page->drawError('No such user, #' . $userID); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
/blog/edit-post.php |
---|
27,23 → 27,20 |
$error = ''; |
if (isset($_POST['id'])) |
{ |
if (isset($_POST['id'])) { |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$title = $_POST['title']; |
$content = $_POST['content']; |
$category = $_POST['category']; |
if (empty($title)) |
{ |
if (empty($title)) { |
$error = "No Title Specified"; |
} |
else if (empty($content)) |
{ |
} else if (empty($content)) { |
$error = "No Content Specified"; |
} |
else |
{ |
$page->query('UPDATE BlogPosts SET Content = "' . $content . '", Title = "' . $title . '", Category = "' . $category . '" WHERE ID = "' . $id . '"'); |
} else { |
$args = array($content, $title, $category, $id); |
$page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args); |
$page->redirect('post.php?id=' . $id); |
} |
} |
52,8 → 49,7 |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
if (!empty($error)) |
{ |
if (!empty($error)) { |
$page->drawError($error, false); |
} |
63,22 → 59,23 |
<table> |
<tr> |
<td class="bold">Title: </td> |
<td><input type="text" name="title" value="<?php echo $post->title; ?>"/></td> |
<td><input type="text" name="title" value="<?php echo htmlentities($post->title, ENT_QUOTES); ?>"/></td> |
</tr> |
<tr> |
<td class="bold">Content: </td> |
<td><textarea name="content"><?php echo $post->content; ?></textarea></td> |
<td><textarea name="content"><?php echo htmlentities($post->content, ENT_QUOTES); ?></textarea></td> |
</tr> |
<tr> |
<td class="bold">Catagory: </td> |
<td><input type="text" name="category" value="<?php echo $post->category; ?>" /></td> |
<td><input type="text" name="category" value="<?php echo htmlentities($post->category, ENT_QUOTES); ?>" /></td> |
</tr> |
<?php |
write('<input type="hidden" name="id" value="' . $id . '" />'); |
?> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
<tr> |
<tr> |
<td class="bold"></td> |
<td><input type="submit" value="Edit" /></td> |
</tr> |
/blog/index.php |
---|
16,30 → 16,27 |
} |
$query = 'WHERE ParentID = -1'; |
$args = array(); |
if (isset($_GET['cat'])) |
{ |
$query = $query . ' AND Category = "' . $_GET['cat'] . '"'; |
write('<p>Only showing blog posts from the ' . $_GET['cat'] . ' category. <a href="index.php">Reset Filtering</a></p><br />'); |
if (isset($_GET['cat'])) { |
$query = $query . " AND Category = ?"; |
array_push($args, $_GET['cat']); |
write('<p>Only showing blog posts from the ' . htmlentities($_GET['cat'], ENT_QUOTES) . ' category. <a href="index.php">Reset Filtering</a></p><br />'); |
} |
if(!$page->isUserGM($page->getLoggedInUser())) |
{ |
if (!$page->isUserGM($page->getLoggedInUser())) { |
$query = $query . ' AND Category != "Drafts"'; |
} |
$query = $query . " ORDER BY DatePosted DESC"; |
$ids = $page->findIDs('BlogPosts', $query); |
for ($i = 0; $i < count($ids); $i++) |
{ |
$id = $ids[$i]; |
foreach ($page->findIDs('BlogPosts', $query, $args) as $id) { |
$post = $page->getBlogPost($id); |
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
write('<a href="post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>'); |
write('<p>' . $page->replaceBBCode($post->content) . '</p>'); |
write('<h5 style="color: #666666;"><a href="post.php?id=' . $id . '">' . count($ids2) . ' Comments</a></h5>'); |
write('<br />'); |
/blog/post.php |
---|
9,6 → 9,8 |
$page->redirect('index.php'); |
} |
$page->title = 'Blog Post · ' . htmlentities($page->getBlogPost($page->getGetID())->title, ENT_QUOTES); |
$page->drawHeader(); |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
/blog/rss.php |
---|
20,7 → 20,7 |
$post = $page->getBlogPost($id); |
write('<item>'); |
write('<title>' . $post->title . '</title>'); |
write('<title>' . htmlentities($post->title, ENT_QUOTES) . '</title>'); |
write('<link>http://tim32.org/blog/post.php?id=' . $id . '</link>'); |
write('<guid>' . $id . '</guid>'); |
write('<pubDate>' . date('D, d M Y H:i:s O', $post->datePosted). '</pubDate>'); |
/blog/add-post-img.php |
---|
0,0 → 1,97 |
<?php |
require '../_taios.php'; |
$page = new Taios_Page('Edit Post', '../'); |
if (isset($_GET['id'])) |
{ |
$id = $_GET['id']; |
} |
else if (isset($_POST['id'])) |
{ |
$id = $_POST['id']; |
} |
else |
{ |
$page->drawError('No ID set.'); |
} |
$page->checkLoggedIn(); |
$post = $page->getBlogPost($id); |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
$error = ''; |
if (isset($_POST['id'])) { |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$lname = $page->acceptFile("file"); |
if ($lname == false) |
die(); |
$content = $post->content; |
if (isset($_POST['label'])) |
{ |
$label = $_POST['label']; |
$content = $content . "\n\n[b]" . $label . "[/b]\n"; |
} |
$content = $content . "[img]" . $lname . "[/img]"; |
if (empty($title)) { |
$args = array($content, $id); |
$page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args); |
$page->redirect('post.php?id=' . $id); |
} |
} |
$page->drawHeader(); |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
if (!empty($error)) { |
$page->drawError($error, false); |
} |
?> |
<form action="add-post-img.php" method="post" enctype="multipart/form-data"> |
<table> |
<tr> |
<td class="bold">Post Title: </td> |
<td><?php echo $post->title; ?></td> |
</tr> |
<tr> |
<td class="bold">Label: </td> |
<td><input type="text" name="label" value=""/></td> |
</tr> |
<tr> |
<td class="bold">File: </td> |
<td><input type="file" name="file" id="file"></td> |
</tr> |
<?php |
write('<input type="hidden" name="id" value="' . $id . '" />'); |
?> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
<tr> |
<td class="bold"></td> |
<td><input type="submit" value="Add Image" /></td> |
</tr> |
</table> |
</form> |
<?php |
$page->drawFooter(); |
?> |
/blog/add-post.php |
---|
21,6 → 21,8 |
if (isset($_POST['post'])) |
{ |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$title = $_POST['title']; |
$content = $_POST['content']; |
$parentID = $_POST['parentID']; |
44,8 → 46,9 |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
$page->query('INSERT INTO BlogPosts VALUES(0, "' . $parentID . '", "' . $page->getLoggedInUser()->ID . '", "' . $title . '", "' . $content . '", NOW(), "' . $category . '", 0)'); |
$args = array(0, $parentID, $page->getLoggedInUser()->ID, $title, $content, $category, 0); |
$page->query("INSERT INTO BlogPosts VALUES(?, ?, ?, ?, ?, NOW(), ?, ?)", $args); |
$page->redirect('post.php?id=' . $parentID); |
} |
} |
77,6 → 80,7 |
</tr> |
<input type="hidden" name="post" value="yes" /> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
<?php |
write('<input type="hidden" name="parentID" value="' . getParentID() . '" />'); |
/forums/edit-category.php |
---|
26,11 → 26,11 |
<table> |
<tr> |
<td class="bold">Title: </td> |
<td><input type="text" name="title" value="<?php echo $cat->title; ?>" /></td> |
<td><input type="text" name="title" value="<?php echo htmlentities($cat->title, ENT_QUOTES); ?>" /></td> |
</tr> |
<tr> |
<td class="bold">Description: </td> |
<td><input type="text" name="description" value="<?php echo $cat->description; ?>" /></td> |
<td><input type="text" name="description" value="<?php echo htmlentities($cat->description, ENT_QUOTES); ?>" /></td> |
</tr> |
<tr> |
<td></td> |
/forums/index.php |
---|
9,8 → 9,14 |
{ |
$parentID = -1; |
} |
else if ($parentID != -1) |
if (!is_numeric($parentID)) |
{ |
$parentID = -1; |
} |
if ($parentID != -1) |
{ |
$page->title = $page->getForumCategory($parentID)->title; |
} |
52,8 → 58,8 |
for ($i = 0; $i < count($ids); $i++) |
{ |
$forumCategory = $page->getForumCategory($ids[$i]); |
write('<h4><a href="index.php?parentID=' . $forumCategory->ID . '">' . $forumCategory->title . '</a></h4>'); |
write('<p>' . $forumCategory->description . '</p>'); |
write('<h4><a href="index.php?parentID=' . $forumCategory->ID . '">' . htmlentities($forumCategory->title, ENT_QUOTES) . '</a></h4>'); |
write('<p>' . htmlentities($forumCategory->description, ENT_QUOTES) . '</p>'); |
if ($page->isUserAdmin($page->getLoggedInUser())) |
{ |
write('<p class="bold"><a href="edit-category.php?id=' . $forumCategory->ID . '">Edit Category</a> · <a href="delete-category-do.php?id=' . $forumCategory->ID . '">Delete Category</a></p>'); |
71,7 → 77,7 |
for ($i = 0; $i < count($ids); $i++) |
{ |
$forumPost = $page->getForumPost($ids[$i]); |
write('<h4><a href="post.php?id=' . $forumPost->ID . '">' . $forumPost->title . '</a></h4>'); |
write('<h4><a href="post.php?id=' . $forumPost->ID . '">' . htmlentities($forumPost->title, ENT_QUOTES) . '</a></h4>'); |
write('<br />'); |
} |
/forums/post.php |
---|
9,8 → 9,8 |
$id = $page->getGetID(); |
$forumPost = $page->getForumPost($id); |
write('<p class="bold"><a href="index.php?parentID=' . $forumPost->category->ID . '">Back to Topics</a></p><br />'); |
write('<h3>' . $forumPost->title . '</h3>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . $forumPost->author->name . ' (' . $forumPost->author->username . ')</h5>'); |
write('<h3>' . htmlentities($forumPost->title, ENT_QUOTES) . '</h3>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . htmlentities($forumPost->author->name, ENT_QUOTES) . ' (' . htmlentities($forumPost->author->username, ENT_QUOTES) . ')</h5>'); |
write('<p>' . $page->replaceBBCode($forumPost->content) . '</p>'); |
if ($page->isLoggedIn()) |
{ |
28,8 → 28,8 |
for ($i = 0; $i < count($ids); $i++) |
{ |
$forumPost = $page->getForumPost($ids[$i]); |
write('<h4>' . $forumPost->title . '</h4>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . $forumPost->author->name . ' (' . $forumPost->author->username . ')</h5>'); |
write('<h4>' . htmlentities($forumPost->title, ENT_QUOTES) . '</h4>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . htmlentities($forumPost->author->name, ENT_QUOTES) . ' (' . htmlentities($forumPost->author->username, ENT_QUOTES) . ')</h5>'); |
write('<p>' . $page->replaceBBCode($forumPost->content) . '</p>'); |
if ($page->isUserAdmin($page->getLoggedInUser()) || $forumPost->author->ID == $page->getLoggedInUser()->ID) |
{ |
/forums/add-post-do.php |
---|
7,13 → 7,12 |
$page->checkLoggedIn(); |
$parentID = $_POST['parentID']; |
if (empty($parentID)) |
{ |
if (empty($parentID)) { |
$parentID = -1; |
} |
$categoryID = $_POST['categoryID']; |
if (empty($categoryID)) |
{ |
if (empty($categoryID)) { |
$parentID = -1; |
} |
20,21 → 19,20 |
$title = $_POST['title']; |
$content = $_POST['content']; |
if (!$page->isUserNormal($page->getLoggedInUser())) |
{ |
if (!$page->isUserNormal($page->getLoggedInUser())) { |
$page->redirect('add-post.php?error=You do not have permission to access this page'); |
} |
if (empty($title)) |
{ |
if (empty($title)) { |
$page->redirect('add-post.php?error=No Title Specified'); |
} |
if (empty($title)) |
{ |
if (empty($title)) { |
$page->redirect('add-post.php?error=No Content Specified'); |
} |
$page->query('INSERT INTO ForumPosts VALUES (0, "' .$page->getLoggedInUser()->ID . '", "' . $categoryID . '", "' . $parentID . '", "' . $title . '", "' . $content . '", NOW(), FALSE)'); |
$args = array($page->getLoggedInUser()->ID, $categoryID, $parentID, $title, $content); |
$page->query("INSERT INTO ForumPosts VALUES (0, ?, ?, ?, ?, ?, NOW(), FALSE)", $args); |
$page->redirect('index.php?parentID=' . $categoryID); |
?> |
/forums/delete-category-do.php |
---|
8,13 → 8,10 |
$id = $page->getGetID(); |
if ($page->isUserAdmin($page->getLoggedInUser())) |
{ |
$page->query('DELETE FROM ForumCategories WHERE ID = "' . $id . '"'); |
if ($page->isUserAdmin($page->getLoggedInUser())) { |
$page->query("DELETE FROM ForumCategories WHERE ID = ?", array($id)); |
$page->redirect('index.php'); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
/forums/edit-category-do.php |
---|
11,20 → 11,16 |
$title = $_POST['title']; |
$description = $_POST['description']; |
if ($page->isUserAdmin($page->getLoggedInUser())) |
{ |
if (empty($title)) |
{ |
if ($page->isUserAdmin($page->getLoggedInUser())) { |
if (empty($title)) { |
$page->redirect('edit-category.php?error=No Title Specified'); |
} |
$page->query('UPDATE ForumCategories SET Title = "' . $title . '", Description = "' . $description . '" WHERE ID = "' . $id . '"'); |
$args = array($title, $description, $id); |
$page->query("UPDATE ForumCategories SET Title = ?, Description = ? WHERE ID = ?", $args); |
$page->redirect('index.php'); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
?> |
/forums/add-category-do.php |
---|
7,8 → 7,7 |
$page->checkLoggedIn(); |
$parentID = $_POST['parentID']; |
if (empty($parentID)) |
{ |
if (empty($parentID)) { |
$parentID = -1; |
} |
15,20 → 14,15 |
$title = $_POST['title']; |
$description = $_POST['description']; |
if ($page->isUserAdmin($page->getLoggedInUser())) |
{ |
if (empty($title)) |
{ |
if ($page->isUserAdmin($page->getLoggedInUser())) { |
if (empty($title)) { |
$page->redirect('add-category.php?error=No Title Specified'); |
} |
$page->query('INSERT INTO ForumCategories VALUES (0, "' . $parentID . '", "' . $title . '", "' . $description . '")'); |
$page->query("INSERT INTO ForumCategories VALUES (0, ?, ?, ?)", array($parentID, $title, $description)); |
$page->redirect('index.php?parentID=' . $parentID); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
?> |
/forums/delete-post-do.php |
---|
9,22 → 9,15 |
$id = $page->getGetID(); |
$post = $page->getForumPost($id); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->query('DELETE FROM ForumPosts WHERE ID = "' . $id . '"'); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser())) { |
$page->query("DELETE FROM ForumPosts WHERE ID = ?", array($id)); |
$page->redirect('index.php'); |
} |
else |
{ |
if (!$post) |
{ |
} else { |
if (!$post) { |
$page->drawError('No such forum post, #' . $id); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
?> |
/index.php |
---|
10,7 → 10,7 |
<p class="bold">Welcome to Tim32!</p> |
<?php |
write('<p>Tim32 is a ' . (date("Y") - 2000) . '-year-old laptop running Ubuntu Server Edition 10.04.</p>'); |
write('<p>Tim32 is a ' . (date("Y") - 2000) . '-year-old laptop running Ubuntu Server Edition 14.04.</p>'); |
write('<p>On the other hand, Tim36 (which is serving this page) is a ' . (date("Y") - 2007) . '-year-old laptop running Ubuntu Server Edition 10.04.</p>'); |
?> |
<p>By using this website, you hereby accept cookies being stored on your computer.</p> |
30,8 → 30,8 |
$comment_count = 0; |
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
write('<a href="blog/post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>'); |
write('<a href="blog/post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>'); |
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>'); |
write('<p>' . $page->replaceBBCode($post->content) . '</p>'); |
write('<h5 style="color: #666666;">' . count($ids2) . ' Comments</h5>'); |
write('<br />'); |
/photos/album.php |
---|
35,6 → 35,10 |
$page->redirect('index.php'); |
} |
while (strpos($dirName, '../') !== false) { |
$dirName = str_replace("../", "/", $dirName); |
} |
$page->drawHeader(); |
write('<br /><h3>RSS</h3>'); |
$page->drawMenuItem('RSS Feed', 'photos/rss.php?dir=' . $dirName); |
/photos/rss.php |
---|
12,6 → 12,10 |
$dirName = "Lassitor"; |
} |
while (strpos($dirName, '../') !== false) { |
$dirName = str_replace("../", "/", $dirName); |
} |
write('<?xml version="1.0" encoding="UTF-8" ?>'); |
write('<rss version="2.0">'); |
write('<channel>'); |
/projects/edit-project.php |
---|
36,32 → 36,33 |
<table> |
<tr> |
<td class="bold">Title: </td> |
<td><input type="text" name="title" value="<?php echo $project->title; ?>" /></td> |
<td><input type="text" name="title" value="<?php echo htmlentities($project->title, ENT_QUOTES); ?>" /></td> |
</tr> |
<tr> |
<td class="bold">Description: </td> |
<td><textarea name="description"><?php echo $project->description; ?></textarea></td> |
<td><textarea name="description"><?php echo htmlentities($project->description, ENT_QUTOES); ?></textarea></td> |
</tr> |
<tr> |
<td class="bold">Logo URL: </td> |
<td><input type="text" name="logourl" value="<?php echo $project->logoURL; ?>" /></td> |
<td><input type="text" name="logourl" value="<?php echo htmlentities($project->logoURL, ENT_QUOTES); ?>" /></td> |
</tr> |
<tr> |
<td class="bold">Website URL: </td> |
<td><input type="text" name="websiteurl" value="<?php echo $project->websiteURL; ?>" /></td> |
<td><input type="text" name="websiteurl" value="<?php echo htmlentities($project->websiteURL, ENT_QUOTES); ?>" /></td> |
</tr> |
<tr> |
<td class="bold">DownloadURL: </td> |
<td><input type="text" name="downloadurl" value="<?php echo $project->downloadURL; ?>" /></td> |
<td><input type="text" name="downloadurl" value="<?php echo htmlentities($project->downloadURL, ENT_QUOTES); ?>" /></td> |
</tr> |
<tr> |
<td class="bold">Latest Version: </td> |
<td><input type="text" name="latestversion" value="<?php echo $project->latestVersion; ?>" /></td> |
<td><input type="text" name="latestversion" value="<?php echo htmlentities($project->latestVersion, ENT_QUTOES); ?>" /></td> |
</tr> |
<tr> |
<td class="bold"></td> |
<td><input type="submit" value="Edit Project" /></td> |
</tr> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
</table> |
</form> |
/projects/index.php |
---|
19,10 → 19,10 |
$id = $ids[$i]; |
$project = $page->getProject($id); |
write('<h3>' . $project->title . '</h3>'); |
write('<h3>' . htmlentities($project->title, ENT_QUOTES) . '</h3>'); |
write('<table style="border: 0px;">'); |
write('<tr>'); |
write('<td style="border: 0px; vertical-align: top;"><img class="smiley" src="' . $project->logoURL . '" alt="' . $project->title . ' logo" /></td>'); |
write('<td style="border: 0px; vertical-align: top;"><img class="smiley" src="' . htmlentities($project->logoURL, ENT_QUOTES). '" alt="' . htmlentities($project->title, ENT_QUOTES) . ' logo" /></td>'); |
write('<td style="border: 0px;">'); |
if (empty($project->latestVersion)) |
{ |
30,18 → 30,18 |
} |
else |
{ |
write('<h4>Latest Version: ' . $project->latestVersion . '</h4>'); |
write('<h4>Latest Version: ' . htmlentities($project->latestVersion, ENT_QUOTES) . '</h4>'); |
} |
write('<p>Project Author: ' . $project->author->name . '</p>'); |
write('<p>Project Author: ' . htmlentities($project->author->name, ENT_QUOTES) . '</p>'); |
write('<p>' . $page->replaceBBCode($project->description) . '</p>'); |
write('<p>'); |
if (!empty($project->websiteURL)) |
{ |
write('<a href="' . $project->websiteURL . '">Website</a>'); |
write('<a href="' . htmlentities($project->websiteURL, ENT_QUOTES) . '">Website</a>'); |
} |
if (!empty($project->downloadURL)) |
{ |
write(' · <a href="' . $project->downloadURL . '">Download</a>'); |
write(' · <a href="' . htmlentities($project->downloadURL, ENT_QUOTES) . '">Download</a>'); |
} |
write('</p>'); |
write('</td>'); |
/projects/edit-project-do.php |
---|
4,6 → 4,8 |
$page = new Taios_Page('Edit Project', '../'); |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$project = $page->getProject($page->getPostID()); |
if (!$project) |
{ |
22,37 → 24,34 |
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) |
{ |
if (!empty($title)) |
{ |
$page->query('UPDATE Projects SET Title = "' . $title . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($title)) { |
$page->query("UPDATE Projects SET Title = ? WHERE ID = ?", array($title, $project->ID)); |
} |
if (!empty($description)) |
{ |
$page->query('UPDATE Projects SET Description = "' . $description . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($description)) { |
$page->query("UPDATE Projects SET Description = ? WHERE ID = ?", array($description, $project->ID)); |
} |
if (!empty($logoURL)) |
{ |
$page->query('UPDATE Projects SET LogoURL = "' . $logoURL . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($logoURL)) { |
$page->query("UPDATE Projects SET LogoURL = ? WHERE ID = ?", array($logoURL, $project->ID)); |
} |
if (!empty($websiteURL)) |
{ |
$page->query('UPDATE Projects SET WebsiteURL = "' . $websiteURL . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($websiteURL)) { |
$page->query("UPDATE Projects SET WebsiteURL = ? WHERE ID = ?", array($websiteURL, $project->ID)); |
} |
if (!empty($downloadURL)) |
{ |
$page->query('UPDATE Projects SET DownloadURL = "' . $downloadURL . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($downloadURL)) { |
$page->query("UPDATE Projects SET DownloadURL = ? WHERE ID = ?", array($downloadURL, $project->ID)); |
} |
if (!empty($latestVersion)) |
{ |
$page->query('UPDATE Projects SET LatestVersion = "' . $latestVersion . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($latestVersion)) { |
$page->query("UPDATE Projects SET LatestVersion = ? WHERE ID = ?", array($latestVersion, $project->ID)); |
} |
$page->query('UPDATE Projects SET LastUpdate = NOW() WHERE ID = "' . $project->ID . '"'); |
$page->query("UPDATE Projects SET LastUpdate = NOW() WHERE ID = ?", array($project->ID)); |
$page->redirect('index.php'); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
/projects/add-project-do.php |
---|
4,6 → 4,8 |
$page = new Taios_Page('Add Project', '../'); |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$title = $_POST['title']; |
$description = $_POST['description']; |
$logoURL = $_POST['logourl']; |
14,22 → 16,19 |
$page->checkLoggedIn(); |
$user = $page->getLoggedInUser(); |
if (empty($title)) |
{ |
if (empty($title)) { |
$page->redirect('add-project.php?error=No Title Specified'); |
} |
if (empty($description)) |
{ |
if (empty($description)) { |
$page->redirect('add-project.php?error=No Title Specified'); |
} |
if ($page->isUserGM($user)) |
{ |
$page->query('INSERT INTO Projects VALUES (0, "' . $user->ID . '", "' . $title . '", "' . $description . '", "' . $logoURL . '", "' . $downloadURL . '", "' . $websiteURL . '", "' . $latestVersion . '", NOW())'); |
if ($page->isUserGM($user)) { |
$args = array($user->ID, $title, $description, $logoURL, $downloadURL, $websiteURL, $latestVersion); |
$page->query("INSERT INTO Projects VALUES (0, ?, ?, ?, ?, ?, ?, ?, NOW())", $args); |
$page->redirect('index.php'); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
/projects/add-project.php |
---|
54,6 → 54,7 |
<td class="bold"></td> |
<td><input type="submit" value="Add Project" /></td> |
</tr> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
</table> |
</form> |
/projects/delete-project-do.php |
---|
8,19 → 8,13 |
$id = $page->getGetID(); |
$project = $page->getProject($id); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project) |
{ |
$page->query('DELETE FROM Projects WHERE ID = "' . $id . '"'); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project) { |
$page->query("DELETE FROM Projects WHERE ID = ?", array($id)); |
$page->redirect('index.php'); |
} |
else |
{ |
if (!$project) |
{ |
} else { |
if (!$project) { |
$page->drawError('No such project, #' . $id); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
/tcp.js |
---|
1,6 → 1,6 |
function updateResult(box, text) { |
box.find(".tcp_inner_result").html("<i>Loading...</i>"); |
$.get('http://tim32.org/~freddie/VOSLookup/tcppop.php?totr=' + text, function(data) { |
$.get('//tim32.org/timlan/lookup/tcppop.php?totr=' + text, function(data) { |
box.find(".tcp_inner_result").html(data); |
}); |
} |
35,12 → 35,12 |
var s = box.attr("data-status"); |
if (s == "closed") { |
box.attr("data-status", "open"); |
$(this).attr("src", "http://tim32.org/~freddie/timlan/noTCP.png"); |
$(this).attr("src", "//tim32.org/timlan/noTCP.png"); |
$(this).attr("title", "Close TCP Editor"); |
openBox(box); |
} else { |
box.attr("data-status", "closed"); |
$(this).attr("src", "http://tim32.org/~freddie/timlan/goTCP.png"); |
$(this).attr("src", "//tim32.org/timlan/goTCP.png"); |
$(this).attr("title", "Open TCP Editor"); |
closeBox(box); |
} |
/wiki/edit-do.php |
---|
2,6 → 2,22 |
require '../_taios.php'; |
if (get_magic_quotes_gpc()) { |
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); |
while (list($key, $val) = each($process)) { |
foreach ($val as $k => $v) { |
unset($process[$key][$k]); |
if (is_array($v)) { |
$process[$key][stripslashes($k)] = $v; |
$process[] = &$process[$key][stripslashes($k)]; |
} else { |
$process[$key][stripslashes($k)] = stripslashes($v); |
} |
} |
} |
unset($process); |
} |
$pageName = $_POST['page']; |
if (empty($pageName)) |
{ |
14,7 → 30,14 |
if ($page->isUserGM($page->getLoggedInUser())) |
{ |
while (strpos($pageName, '../') !== false) { |
$pageName = str_replace("../", "/", $pageName); |
} |
$filename = 'pages/' . $pageName . '.txt'; |
if(!is_dir(dirname($filename))) |
mkdir(dirname($filename), 0777, true); |
$fp = @fopen($filename, 'w'); |
if ($fp) |
/wiki/edit.php |
---|
1,7 → 1,21 |
<?php |
require '../_taios.php'; |
if (get_magic_quotes_gpc()) { |
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); |
while (list($key, $val) = each($process)) { |
foreach ($val as $k => $v) { |
unset($process[$key][$k]); |
if (is_array($v)) { |
$process[$key][stripslashes($k)] = $v; |
$process[] = &$process[$key][stripslashes($k)]; |
} else { |
$process[$key][stripslashes($k)] = stripslashes($v); |
} |
} |
} |
unset($process); |
} |
$pageName = $_GET['page']; |
if (empty($pageName)) |
{ |
8,7 → 22,7 |
$pageName = 'Index'; |
} |
$page = new Taios_Page('Edit Page - ' . $pageName, '../'); |
$page = new Taios_Page('Edit Page - ' . htmlentities($pageName, ENT_QUOTES), '../'); |
$page->drawHeader(); |
$page->drawMiddle(); |
16,6 → 30,10 |
if ($page->isUserGM($page->getLoggedInUser())) |
{ |
while (strpos($pageName, '../') !== false) { |
$pageName = str_replace("../", "/", $pageName); |
} |
$filename = 'pages/' . $pageName . '.txt'; |
$content = ""; |
30,10 → 48,10 |
?> |
<form action="edit-do.php" method="POST"> |
<input type="hidden" name="page" value="<?php echo $pageName; ?>" /> |
<input type="hidden" name="page" value="<?php echo htmlentities($pageName, ENT_QUOTES); ?>" /> |
<table> |
<tr> |
<td><textarea name="content"><?php echo $content; ?></textarea></td> |
<td><textarea name="content"><?php write(htmlentities($content, ENT_QUOTES)); ?></textarea></td> |
</tr> |
<tr> |
<td><input type="submit" value="Edit" /></td> |
/wiki/index.php |
---|
8,7 → 8,21 |
} |
require '../_taios.php'; |
if (get_magic_quotes_gpc()) { |
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); |
while (list($key, $val) = each($process)) { |
foreach ($val as $k => $v) { |
unset($process[$key][$k]); |
if (is_array($v)) { |
$process[$key][stripslashes($k)] = $v; |
$process[] = &$process[$key][stripslashes($k)]; |
} else { |
$process[$key][stripslashes($k)] = stripslashes($v); |
} |
} |
} |
unset($process); |
} |
$pageName = $_GET['page']; |
if (empty($pageName)) |
{ |
15,7 → 29,7 |
$pageName = 'Index'; |
} |
$page = new Taios_Page('Wiki - ' . $pageName, '../'); |
$page = new Taios_Page('Wiki · ' . htmlentities($pageName, ENT_QUOTES), '../'); |
if (isset($_GET['random'])) |
{ |
42,9 → 56,13 |
if ($page->isUserGM($page->getLoggedInUser())) |
{ |
write('<p class="bold"><a href="edit.php?page=' . $pageName . '">Edit Page</a></p><br />'); |
write('<p class="bold"><a href="edit.php?page=' . htmlentities($pageName, ENT_QUOTES) . '">Edit Page</a></p><br />'); |
} |
while (strpos($pageName, '../') !== false) { |
$pageName = str_replace("../", "/", $pageName); |
} |
$filename = 'pages/' . $pageName . '.txt'; |
$fp = @fopen($filename, 'r'); |
58,6 → 76,26 |
write('<p>This page is empty.</p>'); |
} |
if(is_dir('pages/' . $pageName)) |
{ |
write('<p>Directory listing of ' . htmlentities($pageName, ENT_QUOTES) . ':</p>'); |
write('<ul>'); |
$dir = opendir('pages/' . $pageName); |
if($dir) |
{ |
while (($file = readdir($dir)) !== false) |
{ |
if($file != '.' && $file != '..' && (preg_match('/\.txt$/', $file) || is_dir('pages/' . $pageName . '/' . $file))) |
{ |
$file = preg_replace('/\.txt$/', '', $file); |
write('<li><a href="index.php?page=' . htmlentities($pageName, ENT_QUOTES) . '/' . htmlentities($file, ENT_QUOTES) . '">' . htmlentities($file, ENT_QUOTES) . '</a></li>'); |
} |
} |
} |
write('</ul>'); |
write('<p>End of directory listing</p>'); |
} |
$page->drawFooter(); |
?> |
/_config.dummy.php |
---|
0,0 → 1,11 |
<?php |
define('MYSQL_HOST', 'localhost'); |
define('MYSQL_USER', 'taios'); |
define('MYSQL_PASSWORD', 'dummy'); |
define('ALLOW_FILES', false); |
define('ROOT_PATH', 'http://wolves.org/~dummy/taios/'); |
define('RECAPTCHA_PUBLICKEY', 'dummy'); |
define('RECAPTCHA_PRIVATEKEY', 'dummy'); |
?> |
/install.sql |
---|
11,6 → 11,8 |
Password TEXT, |
EmailAddress TEXT, |
Name TEXT, |
Salt TEXT, |
CSRFToken TEXT, |
ChallengeID INT, |
PRIMARY KEY(ID) |
); |
64,7 → 66,7 |
PRIMARY KEY(ID) |
); |
INSERT INTO Users VALUES (1, 0, "admin", SHA1("password"), "admins@tim32.org", "Tim32 Admin", 0); |
INSERT INTO Users VALUES (1, 0, "admin", SHA1("passwordrostok"), "admins@tim32.org", "Tim32 Admin", "rostok", "rostok", 0); |
INSERT INTO BlogPosts VALUES(1, -1, 1, "Welcome to Tim32!", "Welcome to the new Tim32 website! It has had a complete design re-think to make it simpler and easier to use!", NOW(), "Tim32", FALSE); |
INSERT INTO Projects VALUES (1, 1, "TAIOS", "TAIOS (The All In One System) is a PHP based system to make the Tim32 website very self contained and altogether.", "http://websvn.kde.org/*checkout*/trunk/kdesupport/oxygen-icons/64x64/categories/applications-internet.png", "", "http://tim32.org/~tom/taios/", "SVN", NOW()); |
INSERT INTO ForumCategories VALUES (1, -1, "Tim32", "Talk about Tim32 in here"); |
/register-do.php |
---|
42,8 → 42,11 |
$page->redirect('register.php?error=Incorrect reCAPTCHA response'); |
} |
$page->query('INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (2, "' . $username . '", "' . sha1($password) . '", "' . $email . '", "' . $name . '", 0)'); |
$salt = $username . "horses"; |
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, $page->rndString(), 0); |
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, CSRFToken, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $args); |
$page->redirect('login.php'); |
?> |
/login-do.php |
---|
23,7 → 23,7 |
} |
$user = $page->getUserByUsername($username); |
if (!$user || $user->password != sha1($password)) |
if (!$user || $user->password !== $page->saltAndBurn($password, $user->salt)) |
{ |
$page->redirect('login.php?error=Incorrect Username or Password&oldurl=' . urlencode($redirurl)); |
} |