Subversion Repositories taios

Compare Revisions

Ignore whitespace Rev 491 → Rev 495

/login-do.php
23,7 → 23,7
}
 
$user = $page->getUserByUsername($username);
if (!$user || $user->password != sha1($password))
if (!$user || $user->password !== sha1($password))
{
$page->redirect('login.php?error=Incorrect Username or Password&oldurl=' . urlencode($redirurl));
}
/_taios.php
186,6 → 186,7
'/\[b\](.+?)\[\/b\]/is',
'/\[i\](.+?)\[\/i\]/is',
'/\[u\](.+?)\[\/u\]/is',
'/\[s\](.+?)\[\/s\]/is',
'/\[url\](.+?)\[\/url\]/is',
'/\[w\](.+?)\[\/w\]/is',
'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is',
203,6 → 204,7
'<b>$1</b>',
'<i>$1</i>',
'<u>$1</u>',
'<del>$1</del>',
'<a href="$1">$1</a>',
'<a href="/wiki/index.php?page=$1">$1</a>',
'<a href="$1">$2</a>',
/_config.dummy.php
0,0 → 1,9
<?php
 
define('MYSQL_HOST', 'localhost');
define('MYSQL_USER', 'taios');
define('MYSQL_PASSWORD', 'dummy');
define('RECAPTCHA_PUBLICKEY', 'dummy');
define('RECAPTCHA_PRIVATEKEY', 'dummy');
 
?>
/blog/index.php
16,24 → 16,21
}
 
$query = 'WHERE ParentID = -1';
$args = array();
 
if (isset($_GET['cat']))
{
$query = $query . ' AND Category = "' . $_GET['cat'] . '"';
if (isset($_GET['cat'])) {
$query = $query . " AND Category = ?";
array_push($args, $_GET['cat']);
write('<p>Only showing blog posts from the ' . $_GET['cat'] . ' category. <a href="index.php">Reset Filtering</a></p><br />');
}
 
if(!$page->isUserGM($page->getLoggedInUser()))
{
if (!$page->isUserGM($page->getLoggedInUser())) {
$query = $query . ' AND Category != "Drafts"';
}
 
$query = $query . " ORDER BY DatePosted DESC";
 
$ids = $page->findIDs('BlogPosts', $query);
for ($i = 0; $i < count($ids); $i++)
{
$id = $ids[$i];
foreach ($page->findIDs('BlogPosts', $query, $args) as $id) {
$post = $page->getBlogPost($id);
 
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"');
/blog/add-post.php
44,8 → 44,9
{
$page->drawError('You do not have permission to access this page.');
}
$page->query('INSERT INTO BlogPosts VALUES(0, "' . $parentID . '", "' . $page->getLoggedInUser()->ID . '", "' . $title . '", "' . $content . '", NOW(), "' . $category . '", 0)');
$args = array(0, $parentID, $page->getLoggedInUser()->ID, $title, $content, $category, 0);
$page->query("INSERT INTO BlogPosts VALUES(?, ?, ?, ?, ?, NOW(), ?, ?)", $args);
$page->redirect('post.php?id=' . $parentID);
}
}
/blog/edit-post.php
27,23 → 27,18
 
$error = '';
 
if (isset($_POST['id']))
{
if (isset($_POST['id'])) {
$title = $_POST['title'];
$content = $_POST['content'];
$category = $_POST['category'];
 
if (empty($title))
{
if (empty($title)) {
$error = "No Title Specified";
}
else if (empty($content))
{
} else if (empty($content)) {
$error = "No Content Specified";
}
else
{
$page->query('UPDATE BlogPosts SET Content = "' . $content . '", Title = "' . $title . '", Category = "' . $category . '" WHERE ID = "' . $id . '"');
} else {
$args = array($content, $title, $category, $id);
$page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args);
$page->redirect('post.php?id=' . $id);
}
}
52,8 → 47,7
$page->drawBlogCategoriesMenu();
$page->drawMiddle();
 
if (!empty($error))
{
if (!empty($error)) {
$page->drawError($error, false);
}
 
/admin/nowify.php
4,16 → 4,11
 
$page = new Taios_Page('Nowify', '../');
 
if (isset($_GET['id']))
{
if (isset($_GET['id'])) {
$id = $_GET['id'];
}
else if (isset($_POST['id']))
{
} else if (isset($_POST['id'])) {
$id = $_POST['id'];
}
else
{
} else {
$page->drawError('No ID set.');
}
 
20,8 → 15,7
$page->checkLoggedIn();
 
$post = $page->getBlogPost($id);
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
{
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) {
$page->drawError('You do not have permission to access this page.');
}
 
31,7 → 25,7
{
$title = $_POST['title'];
 
$page->query('UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = "' . $id . '"');
$page->query("UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = ?", array($id));
$page->redirect('/blog/post.php?id=' . $id);
}
 
39,8 → 33,7
$page->drawBlogCategoriesMenu();
$page->drawMiddle();
 
if (!empty($error))
{
if (!empty($error)) {
$page->drawError($error, false);
}
 
65,4 → 58,3
$page->drawFooter();
 
?>
 
/admin/account-do.php
13,36 → 13,26
$name = $_POST['name'];
 
$user = $page->getUserByID($userID);
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser()))
{
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser()))
{
$page->query('UPDATE Users SET AccessID = "' . $accessID . '" WHERE ID = "' . $userID . '"');
if (($page->getLoggedInUser()->ID == $userID || $page->isUserAdmin($page->getLoggedInUser())) && $user && $page->isUserNormal($page->getLoggedInUser())) {
if (isset($accessID) && $page->isUserAdmin($page->getLoggedInUser())) {
$page->query("UPDATE Users SET AccessID = ? WHERE ID = ?", array($accessID, $userID));
}
if (!empty($password))
{
$page->query('UPDATE Users SET Password = "' . sha1($password) . '" WHERE ID = "' . $userID . '"');
if (!empty($password)) {
$page->query("UPDATE Users SET Password = ? WHERE ID = ?", array(sha1($password), $userID));
}
if (!empty($email))
{
$page->query('UPDATE Users SET EmailAddress = "' . $email . '" WHERE ID = "' . $userID . '"');
if (!empty($email)) {
$page->query("UPDATE Users SET EmailAddress = ? WHERE ID = ?", array($email, $userID));
}
if (!empty($name))
{
$page->query('UPDATE Users SET Name = "' . $name . '" WHERE ID = "' . $userID . '"');
if (!empty($name)) {
$page->query("UPDATE Users SET Name = ? WHERE ID = ?", array($name, $userID));
}
}
else
{
if (!$user)
{
} else {
if (!$user) {
$page->drawError('No such user, #' . $userID);
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
}
/forums/add-post-do.php
7,13 → 7,12
$page->checkLoggedIn();
 
$parentID = $_POST['parentID'];
if (empty($parentID))
{
if (empty($parentID)) {
$parentID = -1;
}
 
$categoryID = $_POST['categoryID'];
if (empty($categoryID))
{
if (empty($categoryID)) {
$parentID = -1;
}
 
20,21 → 19,20
$title = $_POST['title'];
$content = $_POST['content'];
 
if (!$page->isUserNormal($page->getLoggedInUser()))
{
if (!$page->isUserNormal($page->getLoggedInUser())) {
$page->redirect('add-post.php?error=You do not have permission to access this page');
}
 
if (empty($title))
{
if (empty($title)) {
$page->redirect('add-post.php?error=No Title Specified');
}
if (empty($title))
{
 
if (empty($title)) {
$page->redirect('add-post.php?error=No Content Specified');
}
 
$page->query('INSERT INTO ForumPosts VALUES (0, "' .$page->getLoggedInUser()->ID . '", "' . $categoryID . '", "' . $parentID . '", "' . $title . '", "' . $content . '", NOW(), FALSE)');
$args = array($page->getLoggedInUser()->ID, $categoryID, $parentID, $title, $content);
$page->query("INSERT INTO ForumPosts VALUES (0, ?, ?, ?, ?, ?, NOW(), FALSE)", $args);
$page->redirect('index.php?parentID=' . $categoryID);
 
?>
/forums/delete-category-do.php
8,13 → 8,10
 
$id = $page->getGetID();
 
if ($page->isUserAdmin($page->getLoggedInUser()))
{
$page->query('DELETE FROM ForumCategories WHERE ID = "' . $id . '"');
if ($page->isUserAdmin($page->getLoggedInUser())) {
$page->query("DELETE FROM ForumCategories WHERE ID = ?", array($id));
$page->redirect('index.php');
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
 
/forums/edit-category-do.php
11,20 → 11,16
$title = $_POST['title'];
$description = $_POST['description'];
 
if ($page->isUserAdmin($page->getLoggedInUser()))
{
if (empty($title))
{
if ($page->isUserAdmin($page->getLoggedInUser())) {
if (empty($title)) {
$page->redirect('edit-category.php?error=No Title Specified');
}
$page->query('UPDATE ForumCategories SET Title = "' . $title . '", Description = "' . $description . '" WHERE ID = "' . $id . '"');
$args = array($title, $description, $id);
$page->query("UPDATE ForumCategories SET Title = ?, Description = ? WHERE ID = ?", $args);
$page->redirect('index.php');
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
 
?>
 
/forums/add-category-do.php
7,8 → 7,7
$page->checkLoggedIn();
 
$parentID = $_POST['parentID'];
if (empty($parentID))
{
if (empty($parentID)) {
$parentID = -1;
}
 
15,20 → 14,15
$title = $_POST['title'];
$description = $_POST['description'];
 
if ($page->isUserAdmin($page->getLoggedInUser()))
{
if (empty($title))
{
if ($page->isUserAdmin($page->getLoggedInUser())) {
if (empty($title)) {
$page->redirect('add-category.php?error=No Title Specified');
}
$page->query('INSERT INTO ForumCategories VALUES (0, "' . $parentID . '", "' . $title . '", "' . $description . '")');
$page->query("INSERT INTO ForumCategories VALUES (0, ?, ?, ?)", array($parentID, $title, $description));
$page->redirect('index.php?parentID=' . $parentID);
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
 
?>
 
/forums/delete-post-do.php
9,22 → 9,15
$id = $page->getGetID();
$post = $page->getForumPost($id);
 
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser()))
{
$page->query('DELETE FROM ForumPosts WHERE ID = "' . $id . '"');
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser())) {
$page->query("DELETE FROM ForumPosts WHERE ID = ?", array($id));
$page->redirect('index.php');
}
else
{
if (!$post)
{
} else {
if (!$post) {
$page->drawError('No such forum post, #' . $id);
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
}
 
?>
 
/projects/edit-project-do.php
22,37 → 22,34
 
if ($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID)
{
if (!empty($title))
{
$page->query('UPDATE Projects SET Title = "' . $title . '" WHERE ID = "' . $project->ID . '"');
if (!empty($title)) {
$page->query("UPDATE Projects SET Title = ? WHERE ID = ?", array($title, $project->ID));
}
if (!empty($description))
{
$page->query('UPDATE Projects SET Description = "' . $description . '" WHERE ID = "' . $project->ID . '"');
if (!empty($description)) {
$page->query("UPDATE Projects SET Description = ? WHERE ID = ?", array($description, $project->ID));
}
if (!empty($logoURL))
{
$page->query('UPDATE Projects SET LogoURL = "' . $logoURL . '" WHERE ID = "' . $project->ID . '"');
if (!empty($logoURL)) {
$page->query("UPDATE Projects SET LogoURL = ? WHERE ID = ?", array($logoURL, $project->ID));
}
if (!empty($websiteURL))
{
$page->query('UPDATE Projects SET WebsiteURL = "' . $websiteURL . '" WHERE ID = "' . $project->ID . '"');
if (!empty($websiteURL)) {
$page->query("UPDATE Projects SET WebsiteURL = ? WHERE ID = ?", array($websiteURL, $project->ID));
}
if (!empty($downloadURL))
{
$page->query('UPDATE Projects SET DownloadURL = "' . $downloadURL . '" WHERE ID = "' . $project->ID . '"');
if (!empty($downloadURL)) {
$page->query("UPDATE Projects SET DownloadURL = ? WHERE ID = ?", array($downloadURL, $project->ID));
}
if (!empty($latestVersion))
{
$page->query('UPDATE Projects SET LatestVersion = "' . $latestVersion . '" WHERE ID = "' . $project->ID . '"');
if (!empty($latestVersion)) {
$page->query("UPDATE Projects SET LatestVersion = ? WHERE ID = ?", array($latestVersion, $project->ID));
}
$page->query('UPDATE Projects SET LastUpdate = NOW() WHERE ID = "' . $project->ID . '"');
$page->query("UPDATE Projects SET LastUpdate = NOW() WHERE ID = ?", array($project->ID));
 
$page->redirect('index.php');
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
 
/projects/add-project-do.php
14,22 → 14,19
$page->checkLoggedIn();
$user = $page->getLoggedInUser();
 
if (empty($title))
{
if (empty($title)) {
$page->redirect('add-project.php?error=No Title Specified');
}
if (empty($description))
{
 
if (empty($description)) {
$page->redirect('add-project.php?error=No Title Specified');
}
 
if ($page->isUserGM($user))
{
$page->query('INSERT INTO Projects VALUES (0, "' . $user->ID . '", "' . $title . '", "' . $description . '", "' . $logoURL . '", "' . $downloadURL . '", "' . $websiteURL . '", "' . $latestVersion . '", NOW())');
if ($page->isUserGM($user)) {
$args = array($user->ID, $title, $description, $logoURL, $downloadURL, $websiteURL, $latestVersion);
$page->query("INSERT INTO Projects VALUES (0, ?, ?, ?, ?, ?, ?, ?, NOW())", $args);
$page->redirect('index.php');
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
 
/projects/delete-project-do.php
8,19 → 8,13
$id = $page->getGetID();
$project = $page->getProject($id);
 
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project)
{
$page->query('DELETE FROM Projects WHERE ID = "' . $id . '"');
if (($page->isUserAdmin($page->getLoggedInUser()) || $page->getLoggedInUser()->ID == $project->author->ID) && $project) {
$page->query("DELETE FROM Projects WHERE ID = ?", array($id));
$page->redirect('index.php');
}
else
{
if (!$project)
{
} else {
if (!$project) {
$page->drawError('No such project, #' . $id);
}
else
{
} else {
$page->drawError('You do not have permission to access this page.');
}
}
/register-do.php
42,7 → 42,8
$page->redirect('register.php?error=Incorrect reCAPTCHA response');
}
 
$page->query('INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (2, "' . $username . '", "' . sha1($password) . '", "' . $email . '", "' . $name . '", 0)');
$args = array(2, $username, sha1($password), $email, $name, 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args);
 
$page->redirect('login.php');