/blog/add-post.php |
---|
44,8 → 44,9 |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
$page->query('INSERT INTO BlogPosts VALUES(0, "' . $parentID . '", "' . $page->getLoggedInUser()->ID . '", "' . $title . '", "' . $content . '", NOW(), "' . $category . '", 0)'); |
$args = array(0, $parentID, $page->getLoggedInUser()->ID, $title, $content, $category, 0); |
$page->query("INSERT INTO BlogPosts VALUES(?, ?, ?, ?, ?, NOW(), ?, ?)", $args); |
$page->redirect('post.php?id=' . $parentID); |
} |
} |
/blog/edit-post.php |
---|
27,23 → 27,18 |
$error = ''; |
if (isset($_POST['id'])) |
{ |
if (isset($_POST['id'])) { |
$title = $_POST['title']; |
$content = $_POST['content']; |
$category = $_POST['category']; |
if (empty($title)) |
{ |
if (empty($title)) { |
$error = "No Title Specified"; |
} |
else if (empty($content)) |
{ |
} else if (empty($content)) { |
$error = "No Content Specified"; |
} |
else |
{ |
$page->query('UPDATE BlogPosts SET Content = "' . $content . '", Title = "' . $title . '", Category = "' . $category . '" WHERE ID = "' . $id . '"'); |
} else { |
$args = array($content, $title, $category, $id); |
$page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args); |
$page->redirect('post.php?id=' . $id); |
} |
} |
52,8 → 47,7 |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
if (!empty($error)) |
{ |
if (!empty($error)) { |
$page->drawError($error, false); |
} |
/admin/account-do.php |
---|
13,36 → 13,26 |
$name = $_POST['name']; |
$user = $page->getUserByID($userID); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) |
{ |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) |
{ |
$page->query('UPDATE Users SET AccessID = "' . $accessID . '" WHERE ID = "' . $userID . '"'); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) { |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) { |
$page->query("UPDATE Users SET AccessID = ? WHERE ID = ?", array($accessID, $userID)); |
} |
if (!empty($password)) |
{ |
$page->query('UPDATE Users SET Password = "' . sha1($password) . '" WHERE ID = "' . $userID . '"'); |
if (!empty($password)) { |
$page->query("UPDATE Users SET Password = ? WHERE ID = ?", array(sha1($password), $userID)); |
} |
if (!empty($email)) |
{ |
$page->query('UPDATE Users SET EmailAddress = "' . $email . '" WHERE ID = "' . $userID . '"'); |
if (!empty($email)) { |
$page->query("UPDATE Users SET EmailAddress = ? WHERE ID = ?", array($email, $userID)); |
} |
if (!empty($name)) |
{ |
$page->query('UPDATE Users SET Name = "' . $name . '" WHERE ID = "' . $userID . '"'); |
if (!empty($name)) { |
$page->query("UPDATE Users SET Name = ? WHERE ID = ?", array($name, $userID)); |
} |
} |
else |
{ |
if (!$user) |
{ |
} else { |
if (!$user) { |
$page->drawError('No such user, #' . $userID); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
/projects/edit-project-do.php |
---|
22,37 → 22,34 |
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) |
{ |
if (!empty($title)) |
{ |
$page->query('UPDATE Projects SET Title = "' . $title . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($title)) { |
$page->query("UPDATE Projects SET Title = ? WHERE ID = ?", array($title, $project->ID)); |
} |
if (!empty($description)) |
{ |
$page->query('UPDATE Projects SET Description = "' . $description . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($description)) { |
$page->query("UPDATE Projects SET Description = ? WHERE ID = ?", array($description, $project->ID)); |
} |
if (!empty($logoURL)) |
{ |
$page->query('UPDATE Projects SET LogoURL = "' . $logoURL . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($logoURL)) { |
$page->query("UPDATE Projects SET LogoURL = ? WHERE ID = ?", array($logoURL, $project->ID)); |
} |
if (!empty($websiteURL)) |
{ |
$page->query('UPDATE Projects SET WebsiteURL = "' . $websiteURL . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($websiteURL)) { |
$page->query("UPDATE Projects SET WebsiteURL = ? WHERE ID = ?", array($websiteURL, $project->ID)); |
} |
if (!empty($downloadURL)) |
{ |
$page->query('UPDATE Projects SET DownloadURL = "' . $downloadURL . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($downloadURL)) { |
$page->query("UPDATE Projects SET DownloadURL = ? WHERE ID = ?", array($downloadURL, $project->ID)); |
} |
if (!empty($latestVersion)) |
{ |
$page->query('UPDATE Projects SET LatestVersion = "' . $latestVersion . '" WHERE ID = "' . $project->ID . '"'); |
if (!empty($latestVersion)) { |
$page->query("UPDATE Projects SET LatestVersion = ? WHERE ID = ?", array($latestVersion, $project->ID)); |
} |
$page->query('UPDATE Projects SET LastUpdate = NOW() WHERE ID = "' . $project->ID . '"'); |
$page->query("UPDATE Projects SET LastUpdate = NOW() WHERE ID = ?", array($project->ID)); |
$page->redirect('index.php'); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
/projects/add-project-do.php |
---|
14,22 → 14,19 |
$page->checkLoggedIn(); |
$user = $page->getLoggedInUser(); |
if (empty($title)) |
{ |
if (empty($title)) { |
$page->redirect('add-project.php?error=No Title Specified'); |
} |
if (empty($description)) |
{ |
if (empty($description)) { |
$page->redirect('add-project.php?error=No Title Specified'); |
} |
if ($page->isUserGM($user)) |
{ |
$page->query('INSERT INTO Projects VALUES (0, "' . $user->ID . '", "' . $title . '", "' . $description . '", "' . $logoURL . '", "' . $downloadURL . '", "' . $websiteURL . '", "' . $latestVersion . '", NOW())'); |
if ($page->isUserGM($user)) { |
$args = array($user->ID, $title, $description, $logoURL, $downloadURL, $websiteURL, $latestVersion); |
$page->query("INSERT INTO Projects VALUES (0, ?, ?, ?, ?, ?, ?, ?, NOW())", $args); |
$page->redirect('index.php'); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
/projects/delete-project-do.php |
---|
8,19 → 8,13 |
$id = $page->getGetID(); |
$project = $page->getProject($id); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project) |
{ |
$page->query('DELETE FROM Projects WHERE ID = "' . $id . '"'); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project) { |
$page->query("DELETE FROM Projects WHERE ID = ?", array($id)); |
$page->redirect('index.php'); |
} |
else |
{ |
if (!$project) |
{ |
} else { |
if (!$project) { |
$page->drawError('No such project, #' . $id); |
} |
else |
{ |
} else { |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
/register-do.php |
---|
42,7 → 42,8 |
$page->redirect('register.php?error=Incorrect reCAPTCHA response'); |
} |
$page->query('INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (2, "' . $username . '", "' . sha1($password) . '", "' . $email . '", "' . $name . '", 0)'); |
$args = array(2, $username, sha1($password), $email, $name, 0); |
$page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args); |
$page->redirect('login.php'); |
/_taios.php |
---|
372,10 → 372,8 |
return false; |
} |
function getLoggedInUser() |
{ |
if ($this->isLoggedIn()) |
{ |
function getLoggedInUser() { |
if ($this->isLoggedIn()) { |
$clist = explode('|~|', $_COOKIE['Tim32_Login']); |
return $this->getUserByUsername($clist[0]); |
} |
383,20 → 381,17 |
return false; |
} |
function getBlogPost($id) |
{ |
$results = $this->query('SELECT * FROM BlogPosts WHERE ID = "' . $id . '"'); |
foreach ($results as $row) { |
function getBlogPost($id) { |
foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) { |
$post = new BlogPost; |
$post->ID = $row['ID']; |
if ($row['ParentID'] == -1) |
{ |
if ($row['ParentID'] == -1) { |
$post->parent = -1; |
} |
else |
{ |
} else { |
$post->parent = $this->getBlogPost($row['ParentID']); |
} |
$post->author = $this->getUserByID($row['AuthorID']); |
$post->user = $this->getUserByID($row['AuthorID']); // For some older pages |
$post->title = htmlspecialchars($row['Title']); |
411,10 → 406,8 |
$this->drawError('Cannot find blog post, #' . $id); |
} |
function getProject($id) |
{ |
$results = $this->query('SELECT * FROM Projects WHERE ID = "' . $id . '"'); |
foreach ($results as $row) { |
function getProject($id) { |
foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) { |
$project = new Project; |
$project->ID = $row['ID']; |
433,10 → 426,8 |
return false; |
} |
function getForumCategory($id) |
{ |
$results = $this->query('SELECT * FROM ForumCategories WHERE ID = "' . $id . '"'); |
foreach ($results as $row) { |
function getForumCategory($id) { |
foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) { |
$f = new ForumCategory; |
$f->ID = $row['ID']; |
450,10 → 441,8 |
return false; |
} |
function getForumPost($id) |
{ |
$results = $this->query('SELECT * FROM ForumPosts WHERE ID = "' . $id . '"'); |
foreach ($results as $row) { |
function getForumPost($id) { |
foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) { |
$f = new ForumPost; |
$f->ID = $row['ID']; |
471,22 → 460,17 |
return false; |
} |
function delBlogPost($id) |
{ |
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
for ($i = 0; $i < count($ids); $i++) |
{ |
$this->delBlogPost($ids[$i]); |
function delBlogPost($id) { |
foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) { |
$this->delBlogPost($i); |
} |
$this->query('DELETE FROM BlogPosts WHERE ID="' . $id . '"'); |
$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
} |
function getGetID() |
{ |
function getGetID() { |
$id = $_GET['id']; |
if (empty($id)) |
{ |
if (empty($id)) { |
$id = 1; |
} |
493,11 → 477,9 |
return $id; |
} |
function getPostID() |
{ |
function getPostID() { |
$id = $_POST['id']; |
if (empty($id)) |
{ |
if (empty($id)) { |
$id = 1; |
} |