/admin/account-do.php |
---|
13,26 → 13,36 |
$name = $_POST['name']; |
$user = $page->getUserByID($userID); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) { |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) { |
$page->query("UPDATE Users SET AccessID = ? WHERE ID = ?", array($accessID, $userID)); |
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) |
{ |
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) |
{ |
$page->query('UPDATE Users SET AccessID = "' . $accessID . '" WHERE ID = "' . $userID . '"'); |
} |
if (!empty($password)) { |
$page->query("UPDATE Users SET Password = ? WHERE ID = ?", array(sha1($password), $userID)); |
if (!empty($password)) |
{ |
$page->query('UPDATE Users SET Password = "' . sha1($password) . '" WHERE ID = "' . $userID . '"'); |
} |
if (!empty($email)) { |
$page->query("UPDATE Users SET EmailAddress = ? WHERE ID = ?", array($email, $userID)); |
if (!empty($email)) |
{ |
$page->query('UPDATE Users SET EmailAddress = "' . $email . '" WHERE ID = "' . $userID . '"'); |
} |
if (!empty($name)) { |
$page->query("UPDATE Users SET Name = ? WHERE ID = ?", array($name, $userID)); |
if (!empty($name)) |
{ |
$page->query('UPDATE Users SET Name = "' . $name . '" WHERE ID = "' . $userID . '"'); |
} |
} else { |
if (!$user) { |
} |
else |
{ |
if (!$user) |
{ |
$page->drawError('No such user, #' . $userID); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
/projects/edit-project-do.php |
---|
22,34 → 22,37 |
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) |
{ |
if (!empty($title)) { |
$page->query("UPDATE Projects SET Title = ? WHERE ID = ?", array($title, $project->ID)); |
if (!empty($title)) |
{ |
$page->query('UPDATE Projects SET Title = "' . $title . '" WHERE ID = "' . $project->ID . '"'); |
} |
if (!empty($description)) { |
$page->query("UPDATE Projects SET Description = ? WHERE ID = ?", array($description, $project->ID)); |
if (!empty($description)) |
{ |
$page->query('UPDATE Projects SET Description = "' . $description . '" WHERE ID = "' . $project->ID . '"'); |
} |
if (!empty($logoURL)) { |
$page->query("UPDATE Projects SET LogoURL = ? WHERE ID = ?", array($logoURL, $project->ID)); |
if (!empty($logoURL)) |
{ |
$page->query('UPDATE Projects SET LogoURL = "' . $logoURL . '" WHERE ID = "' . $project->ID . '"'); |
} |
if (!empty($websiteURL)) { |
$page->query("UPDATE Projects SET WebsiteURL = ? WHERE ID = ?", array($websiteURL, $project->ID)); |
if (!empty($websiteURL)) |
{ |
$page->query('UPDATE Projects SET WebsiteURL = "' . $websiteURL . '" WHERE ID = "' . $project->ID . '"'); |
} |
if (!empty($downloadURL)) { |
$page->query("UPDATE Projects SET DownloadURL = ? WHERE ID = ?", array($downloadURL, $project->ID)); |
if (!empty($downloadURL)) |
{ |
$page->query('UPDATE Projects SET DownloadURL = "' . $downloadURL . '" WHERE ID = "' . $project->ID . '"'); |
} |
if (!empty($latestVersion)) { |
$page->query("UPDATE Projects SET LatestVersion = ? WHERE ID = ?", array($latestVersion, $project->ID)); |
if (!empty($latestVersion)) |
{ |
$page->query('UPDATE Projects SET LatestVersion = "' . $latestVersion . '" WHERE ID = "' . $project->ID . '"'); |
} |
$page->query("UPDATE Projects SET LastUpdate = NOW() WHERE ID = ?", array($project->ID)); |
$page->query('UPDATE Projects SET LastUpdate = NOW() WHERE ID = "' . $project->ID . '"'); |
$page->redirect('index.php'); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
/projects/add-project-do.php |
---|
14,19 → 14,22 |
$page->checkLoggedIn(); |
$user = $page->getLoggedInUser(); |
if (empty($title)) { |
if (empty($title)) |
{ |
$page->redirect('add-project.php?error=No Title Specified'); |
} |
if (empty($description)) { |
if (empty($description)) |
{ |
$page->redirect('add-project.php?error=No Title Specified'); |
} |
if ($page->isUserGM($user)) { |
$args = array($user->ID, $title, $description, $logoURL, $downloadURL, $websiteURL, $latestVersion); |
$page->query("INSERT INTO Projects VALUES (0, ?, ?, ?, ?, ?, ?, ?, NOW())", $args); |
if ($page->isUserGM($user)) |
{ |
$page->query('INSERT INTO Projects VALUES (0, "' . $user->ID . '", "' . $title . '", "' . $description . '", "' . $logoURL . '", "' . $downloadURL . '", "' . $websiteURL . '", "' . $latestVersion . '", NOW())'); |
$page->redirect('index.php'); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
/projects/delete-project-do.php |
---|
8,13 → 8,19 |
$id = $page->getGetID(); |
$project = $page->getProject($id); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project) { |
$page->query("DELETE FROM Projects WHERE ID = ?", array($id)); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project) |
{ |
$page->query('DELETE FROM Projects WHERE ID = "' . $id . '"'); |
$page->redirect('index.php'); |
} else { |
if (!$project) { |
} |
else |
{ |
if (!$project) |
{ |
$page->drawError('No such project, #' . $id); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
/_taios.php |
---|
13,12 → 13,16 |
$this->drawnMiddle = false; |
$this->drawnFooter = false; |
try { |
$this->db = new PDO("mysql:dbname=Tim32;host=" . MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD, |
array( PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'UTF8'" )); |
} catch (PDOException $e) { |
$this->drawError("Failed to connect to database!"); |
} |
$this->db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD); |
if (!$this->db) |
{ |
$this->drawError('Failed to connect to database: ' . mysql_error()); |
} |
if (!mysql_select_db('Tim32')) |
{ |
$this->drawError('Failed to select database: ' . mysql_error()); |
} |
} |
function drawHeader() |
26,11 → 30,11 |
if (!$this->drawnHeader) |
{ |
write('<!DOCTYPE html>'); |
write('<html lang="en">'); |
write('<html>'); |
write('<head>'); |
write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">'); |
write('<title>Tim32 · ' . $this->title . '</title>'); |
write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />'); |
write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="screen" />'); |
write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />'); |
write('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>'); |
write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>'); |
111,7 → 115,8 |
write('<h4 style="color: red;">Error: ' . $text . '</h4>'); |
if ($die) { |
if ($die) |
{ |
$this->drawFooter(); |
die(); |
} |
187,9 → 192,7 |
'/\[i\](.+?)\[\/i\]/is', |
'/\[u\](.+?)\[\/u\]/is', |
'/\[url\](.+?)\[\/url\]/is', |
'/\[w\](.+?)\[\/w\]/is', |
'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is', |
'/\[w=(?:")?(.+?)(?:")?\](.+?)\[\/w\]/is', |
'/\[code\](.+?)\[\/code\]/is', |
'/\[img\](.+?)\[\/img\]/is', |
'/\[ul\](.+?)\[\/ul\]/is', |
204,9 → 207,7 |
'<i>$1</i>', |
'<u>$1</u>', |
'<a href="$1">$1</a>', |
'<a href="/wiki/index.php?page=$1">$1</a>', |
'<a href="$1">$2</a>', |
'<a href="/wiki/index.php?page=$1">$2</a>', |
'</p><div class="code">$1</div><p>', |
'<img src="$1" alt="BBCode-included image" />', |
'<ul>$1</ul>', |
324,22 → 325,24 |
} |
} |
function query($query, $args = array()) |
function query($query) |
{ |
$statement = $this->db->prepare($query); |
if (!$statement->execute($args)) { |
$this->drawError("Query Failed! MySQL Error: " . $statement->errorInfo()); |
} |
return $statement->fetchAll(); |
$result = mysql_query($query); |
if (!$result) |
{ |
$this->drawError('Query Failed: ' . $query . "\n" . 'MySQL Error: ' . mysql_error()); |
} |
return $result; |
} |
function findIDs($table, $query = '', $args = array()) |
function findIDs($table, $query = '') |
{ |
$array = array(); |
$results = $this->query('SELECT ID FROM ' . $table . ' ' . $query, $args); |
foreach ($results as $row) { |
$result = $this->query('SELECT ID FROM ' . $table . ' ' . $query); |
while ($row = mysql_fetch_array($result)) |
{ |
array_push($array, $row['ID']); |
} |
348,8 → 351,10 |
function getUserByID($id) |
{ |
foreach ($this->query("SELECT * FROM Users WHERE ID = ?", array($id)) as $row) { |
$user = new User(); |
$result = $this->query('SELECT * FROM Users WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
$user = new User; |
$user->ID = $row['ID']; |
$user->accessID = $row['AccessID']; |
$user->username = $row['Username']; |
364,8 → 369,11 |
return false; |
} |
function getUserByUsername($username) { |
foreach ($this->query("SELECT * FROM Users WHERE Username = ?", array($username)) as $row) { |
function getUserByUsername($username) |
{ |
$result = $this->query('SELECT * FROM Users WHERE Username = "' . $username . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
return $this->getUserByID($row['ID']); |
} |
372,8 → 380,10 |
return false; |
} |
function getLoggedInUser() { |
if ($this->isLoggedIn()) { |
function getLoggedInUser() |
{ |
if ($this->isLoggedIn()) |
{ |
$clist = explode('|~|', $_COOKIE['Tim32_Login']); |
return $this->getUserByUsername($clist[0]); |
} |
381,17 → 391,21 |
return false; |
} |
function getBlogPost($id) { |
foreach ($this->query("SELECT * FROM BlogPosts WHERE ID = ?", array($id)) as $row) { |
function getBlogPost($id) |
{ |
$result = $this->query('SELECT * FROM BlogPosts WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
$post = new BlogPost; |
$post->ID = $row['ID']; |
if ($row['ParentID'] == -1) { |
if ($row['ParentID'] == -1) |
{ |
$post->parent = -1; |
} else { |
} |
else |
{ |
$post->parent = $this->getBlogPost($row['ParentID']); |
} |
$post->author = $this->getUserByID($row['AuthorID']); |
$post->user = $this->getUserByID($row['AuthorID']); // For some older pages |
$post->title = htmlspecialchars($row['Title']); |
406,8 → 420,11 |
$this->drawError('Cannot find blog post, #' . $id); |
} |
function getProject($id) { |
foreach ($this->query("SELECT * FROM Projects WHERE ID = ?", array($id)) as $row) { |
function getProject($id) |
{ |
$result = $this->query('SELECT * FROM Projects WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
$project = new Project; |
$project->ID = $row['ID']; |
426,8 → 443,11 |
return false; |
} |
function getForumCategory($id) { |
foreach ($this->query("SELECT * FROM ForumCategories WHERE ID = ?", array($id)) as $row) { |
function getForumCategory($id) |
{ |
$result = $this->query('SELECT * FROM ForumCategories WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
$f = new ForumCategory; |
$f->ID = $row['ID']; |
441,8 → 461,11 |
return false; |
} |
function getForumPost($id) { |
foreach ($this->query("SELECT * FROM ForumPosts WHERE ID = ?", array($id)) as $row) { |
function getForumPost($id) |
{ |
$result = $this->query('SELECT * FROM ForumPosts WHERE ID = "' . $id . '"'); |
while ($row = mysql_fetch_array($result)) |
{ |
$f = new ForumPost; |
$f->ID = $row['ID']; |
460,17 → 483,22 |
return false; |
} |
function delBlogPost($id) { |
foreach ($this->findIDs("BlogPosts", "WHERE ParentID = ?", array($id)) as $i) { |
$this->delBlogPost($i); |
function delBlogPost($id) |
{ |
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
for ($i = 0; $i < count($ids); $i++) |
{ |
$this->delBlogPost($ids[$i]); |
} |
$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
$this->query('DELETE FROM BlogPosts WHERE ID="' . $id . '"'); |
} |
function getGetID() { |
function getGetID() |
{ |
$id = $_GET['id']; |
if (empty($id)) { |
if (empty($id)) |
{ |
$id = 1; |
} |
477,9 → 505,11 |
return $id; |
} |
function getPostID() { |
function getPostID() |
{ |
$id = $_POST['id']; |
if (empty($id)) { |
if (empty($id)) |
{ |
$id = 1; |
} |
/blog/add-post.php |
---|
44,9 → 44,8 |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
$args = array(0, $parentID, $page->getLoggedInUser()->ID, $title, $content, $category, 0); |
$page->query("INSERT INTO BlogPosts VALUES(?, ?, ?, ?, ?, NOW(), ?, ?)", $args); |
$page->query('INSERT INTO BlogPosts VALUES(0, "' . $parentID . '", "' . $page->getLoggedInUser()->ID . '", "' . $title . '", "' . $content . '", NOW(), "' . $category . '", 0)'); |
$page->redirect('post.php?id=' . $parentID); |
} |
} |
/blog/edit-post.php |
---|
27,18 → 27,23 |
$error = ''; |
if (isset($_POST['id'])) { |
if (isset($_POST['id'])) |
{ |
$title = $_POST['title']; |
$content = $_POST['content']; |
$category = $_POST['category']; |
if (empty($title)) { |
if (empty($title)) |
{ |
$error = "No Title Specified"; |
} else if (empty($content)) { |
} |
else if (empty($content)) |
{ |
$error = "No Content Specified"; |
} else { |
$args = array($content, $title, $category, $id); |
$page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args); |
} |
else |
{ |
$page->query('UPDATE BlogPosts SET Content = "' . $content . '", Title = "' . $title . '", Category = "' . $category . '" WHERE ID = "' . $id . '"'); |
$page->redirect('post.php?id=' . $id); |
} |
} |
47,7 → 52,8 |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
if (!empty($error)) { |
if (!empty($error)) |
{ |
$page->drawError($error, false); |
} |
/wiki/index.php |
---|
45,8 → 45,6 |
write('<p class="bold"><a href="edit.php?page=' . $pageName . '">Edit Page</a></p><br />'); |
} |
$pageName = str_replace("../", "/", $pageName); |
$filename = 'pages/' . $pageName . '.txt'; |
$fp = @fopen($filename, 'r'); |
60,26 → 58,6 |
write('<p>This page is empty.</p>'); |
} |
if(is_dir('pages/' . $pageName)) |
{ |
write('<p>Directory listing of ' . $pageName . ':</p>'); |
write('<ul>'); |
$dir = opendir('pages/' . $pageName); |
if($dir) |
{ |
while (($file = readdir($dir)) !== false) |
{ |
if($file != '.' && $file != '..' && (preg_match('/\.txt$/', $file) || is_dir('pages/' . $pageName . '/' . $file))) |
{ |
$file = preg_replace('/\.txt$/', '', $file); |
write('<li><a href="index.php?page=' . $pageName . '/' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</a></li>'); |
} |
} |
} |
write('</ul>'); |
write('<p>End of directory listing</p>'); |
} |
$page->drawFooter(); |
?> |
/wiki/edit-do.php |
---|
2,22 → 2,6 |
require '../_taios.php'; |
if (get_magic_quotes_gpc()) { |
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); |
while (list($key, $val) = each($process)) { |
foreach ($val as $k => $v) { |
unset($process[$key][$k]); |
if (is_array($v)) { |
$process[$key][stripslashes($k)] = $v; |
$process[] = &$process[$key][stripslashes($k)]; |
} else { |
$process[$key][stripslashes($k)] = stripslashes($v); |
} |
} |
} |
unset($process); |
} |
$pageName = $_POST['page']; |
if (empty($pageName)) |
{ |
30,12 → 14,7 |
if ($page->isUserGM($page->getLoggedInUser())) |
{ |
$pageName = str_replace("../", "/", $pageName); |
$filename = 'pages/' . $pageName . '.txt'; |
if(!is_dir(dirname($filename))) |
mkdir(dirname($filename), 0777, true); |
$fp = @fopen($filename, 'w'); |
if ($fp) |
/wiki/edit.php |
---|
16,8 → 16,6 |
if ($page->isUserGM($page->getLoggedInUser())) |
{ |
$pageName = str_replace("../", "/", $pageName); |
$filename = 'pages/' . $pageName . '.txt'; |
$content = ""; |
35,7 → 33,7 |
<input type="hidden" name="page" value="<?php echo $pageName; ?>" /> |
<table> |
<tr> |
<td><textarea name="content"><?php write($content); ?></textarea></td> |
<td><textarea name="content"><?php echo $content; ?></textarea></td> |
</tr> |
<tr> |
<td><input type="submit" value="Edit" /></td> |
/register-do.php |
---|
42,8 → 42,7 |
$page->redirect('register.php?error=Incorrect reCAPTCHA response'); |
} |
$args = array(2, $username, sha1($password), $email, $name, 0); |
$page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args); |
$page->query('INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (2, "' . $username . '", "' . sha1($password) . '", "' . $email . '", "' . $name . '", 0)'); |
$page->redirect('login.php'); |