Subversion Repositories taios

Compare Revisions

Ignore whitespace Rev 506 → Rev 522

/_taios.php
29,10 → 29,10
write('<html lang="en">');
write('<head>');
write('<meta http-equiv="Content-Type" content="text/html;charset=utf-8">');
write('<title>Tim32 &middot; ' . $this->title . '</title>');
write('<title>Tim32 &middot; ' . htmlentities($this->title, ENT_QUOTES) . '</title>');
write('<link href="' . $this->url . 'styles.css" rel="stylesheet" type="text/css" media="all" />');
write('<link rel="shortcut icon" href="' . $this->url . 'data/favicon.png" />');
write('<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.0.min.js"></script>');
write('<script type="text/javascript" src="//code.jquery.com/jquery-1.9.0.min.js"></script>');
write('<script type="text/javascript" src="' . $this->url . 'tcp.js"></script>');
write('</head>');
write('<body>');
122,13 → 122,13
$post = $this->getBlogPost($id);
if ($first)
{
write('<h3><a href="post.php?id=' . $id . '">' . $post->title. '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>');
write('<h3><a href="post.php?id=' . $id . '">' . htmlentities($post->title, ENT_QUOTES). '</a> <a href="post.php?id=' . $post->parent->ID . '">^</a></h3>');
}
else
{
write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>');
write('<a href="post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>');
}
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>');
write('<p>' . $this->replaceBBCode($post->content) . '</p>');
 
if ($this->isUserNormal($this->getLoggedInUser()))
168,18 → 168,14
write('<h3>Categories</h3>');
for ($i = 0; $i < count($cats); $i++)
{
$this->drawMenuItem($cats[$i], 'blog/index.php?cat=' . $cats[$i]);
$this->drawMenuItem(htmlentities($cats[$i], ENT_QUOTES), 'blog/index.php?cat=' . $cats[$i]);
}
}
function replaceBBCode($str)
{
$newstr = $str;
$newstr = str_replace("<", "&lt;", $newstr);
$newstr = str_replace(">", "&gt;", $newstr);
$newstr = htmlentities($str, ENT_QUOTES);
$newstr = str_replace("\n", "<br />", $newstr);
$newstr = str_replace("\\'", "'", $newstr);
$newstr = str_replace("\\\"",'"', $newstr);
$newstr = str_replace(' ', '&nbsp;&nbsp;', $newstr);
$bbcode = array(
215,7 → 211,7
'<ol>$1</ol>',
'<li>$1</li>',
'<span style="font-family: Droid Sans Mono, monospace, fixed; margin-left: 1em; margin-right: 1em;">$1</span>',
'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="http://tim32.org/~freddie/timlan/goTCP.png" alt="Open TCP Editor" /></span>'
'<span class="tcp" data-status="closed" data-text="$1">$1<img title="Open TCP Editor" class="tcp_button" src="//tim32.org/timlan/goTCP.png" alt="Open TCP Editor" /></span>'
);
 
$newstr = preg_replace($bbcode, $html, $newstr);
223,6 → 219,59
return $newstr;
}
 
function acceptFile($fname)
{
if (!ALLOW_FILES)
{
$this->drawError("This system doesn't allow file uploading.");
return false;
}
$this->checkLoggedIn();
if ($this->getLoggedInUser()->accessID >= 2)
{
$this->drawError('You do not have permission to access this page.');
}
$allowedExts = array("gif", "jpeg", "jpg", "png", "tga");
$temp = explode(".", $_FILES[$fname]["name"]);
$extension = end($temp);
if ((($_FILES[$fname]["type"] == "image/gif")
|| ($_FILES[$fname]["type"] == "image/jpeg")
|| ($_FILES[$fname]["type"] == "image/jpg")
|| ($_FILES[$fname]["type"] == "image/pjpeg")
|| ($_FILES[$fname]["type"] == "image/x-png")
|| ($_FILES[$fname]["type"] == "image/png")
|| ($_FILES[$fname]["type"] == "image/x-targa")
|| ($_FILES[$fname]["type"] == "image/x-tga"))
&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes)
&& in_array($extension, $allowedExts))
{
if ($_FILES[$fname]["error"] > 0)
{
$this->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
}
else
{
$lname = "upload/" . $this->rndString(12) . "." . $extension;
while (file_exists($lname))
{
$lname = "upload/" . $this->rndString(12) . "." . $extension;
}
move_uploaded_file($_FILES[$fname]["tmp_name"], $this->url . $lname);
return ROOT_PATH . $lname;
}
}
else
{
$this->drawError("Invalid file");
}
return false;
}
 
function redirect($u)
{
header('Location: ' . $u);
359,6 → 408,7
$user->salt = $row['Salt'];
$user->emailAddress = $row['EmailAddress'];
$user->name = $row['Name'];
$user->csrftoken = $row['CSRFToken'];
$user->challengeID = $row['ChallengeID'];
return $user;
368,7 → 418,7
}
function getUserByUsername($username) {
foreach ($this->query("SELECT * FROM Users WHERE Username = ?", array($username)) as $row) {
foreach ($this->query("SELECT ID FROM Users WHERE Username = ?", array($username)) as $row) {
return $this->getUserByID($row['ID']);
}
397,8 → 447,8
$post->author = $this->getUserByID($row['AuthorID']);
$post->user = $this->getUserByID($row['AuthorID']); // For some older pages
$post->title = htmlspecialchars($row['Title']);
$post->content = htmlspecialchars($row['Content']);
$post->title = $row['Title'];
$post->content = $row['Content'];
$post->datePosted = strtotime($row['DatePosted']);
$post->category = $row['Category'];
$post->spam = $row['Spam'];
475,6 → 525,33
return sha1($salt . $pass);
}
 
function rndString($len = 8) {
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
$clen = strlen($chars);
 
$res = '';
for ($i = $len - 1; $i >= 0; $i--) {
$res .= $chars[rand(0, $clen - 1)];
}
 
return $res;
}
 
function getCSRFToken($id) {
$token = $this->rndString();
$this->query("UPDATE Users Set CSRFToken = ? WHERE ID = ?", array($token, $id));
return $token;
}
 
function checkCSRFToken($id, $token) {
$user = $this->getUserByID($id);
if ($token !== $user->csrftoken) {
die("a death");
}
 
$this->getCSRFToken($id); // change to something else so we can't re-use it
}
 
function getGetID() {
$id = $_GET['id'];
if (empty($id)) {
504,6 → 581,7
public $salt;
public $emailAddress;
public $name;
public $csrftoken;
 
public $challengeID;
}
/admin/account.php
32,10 → 32,10
write('<tr><td class="bold">AccessID: </td><td>' . $user->accessID . '</td></tr>');
}
?>
<tr><td class="bold">Username: </td><td><?php echo $user->username; ?></td></tr>
<tr><td class="bold">Username: </td><td><?php echo htmlentities($user->username, ENT_QUOTES); ?></td></tr>
<tr><td class="bold">Password: </td><td><input type="password" name="password" /></td></tr>
<tr><td class="bold">Email Address: </td><td><input type="text" name="email" value="<?php echo $user->emailAddress; ?>" /></td></tr>
<tr><td class="bold">Name: </td><td><input type="text" name="name" value="<?php echo $user->name; ?>" /></td></tr>
<tr><td class="bold">Email Address: </td><td><input type="text" name="email" value="<?php echo htmlentities($user->emailAddress, ENT_QUOTES); ?>" /></td></tr>
<tr><td class="bold">Name: </td><td><input type="text" name="name" value="<?php echo htmlentities($user->name, ENT_QUOTES); ?>" /></td></tr>
<tr><td></td><td><input type="submit" value="Update Account" /></td></tr>
</table>
</form>
/admin/all-accounts.php
30,10 → 30,10
write('<tr>');
write('<td><a href="account.php?id=' . $user->ID . '">' . $user->ID . '</a></td>');
write('<td>' . $user->accessID . '</td>');
write('<td>' . $user->username . '</td>');
write('<td>' . htmlentities($user->username, ENT_QUOTES) . '</td>');
write('<td>' . $user->password . '</td>');
write('<td>' . $user->name . '</td>');
write('<td>' . $user->emailAddress . '</td>');
write('<td>' . htmlentities($user->name, ENT_QUOTES) . '</td>');
write('<td>' . htmlentities($user->emailAddress, ENT_QUOTES) . '</td>');
write('<td>' . $user->challengeID . '</td>');
write('</tr>');
}
/admin/all-blog-posts.php
39,13 → 39,13
}
else
{
write('<td>' . $post->parent->title . '</td>');
write('<td>' . htmlentities($post->parent->title, ENT_QUOTES) . '</td>');
}
write('<td><a href="account.php?id=' . $post->author->ID . '">' . $post->author->name . '</a></td>');
write('<td><a href="account.php?id=' . $post->author->ID . '">' . htmlentities($post->author->name, ENT_QUOTES) . '</a></td>');
write('<td>' . $post->title . '</td>');
write('<td>' . str_replace("\n", '<br />', $post->content) . '</td>');
write('<td>' . str_replace("\n", '<br />', htmlentities($post->content, ENT_QUOTES)) . '</td>');
write('<td>' . date('j/m/Y H:i', $post->datePosted) . ' <a href="nowify.php?id=' . $post->ID . '">Nowify</a></td>');
write('<td>' . $post->category . '</td>');
write('<td>' . htmlentities($post->category, ENT_QUOTES) . '</td>');
write('<td>' . $post->spam . '</td>');
write('</tr>');
}
/admin/all-forum-categories.php
32,10 → 32,10
}
else
{
write('<td>' . $cat->parent->title . '</td>');
write('<td>' . htmlentities($cat->parent->title, ENT_QUOTES) . '</td>');
}
write('<td>' . $cat->title . '</td>');
write('<td>' . $cat->description . '</td>');
write('<td>' . htmlentities($cat->title, ENT_QUOTES) . '</td>');
write('<td>' . htmlentities($cat->description, ENT_QUOTES) . '</td>');
write('</tr>');
}
/admin/all-forum-posts.php
30,7 → 30,7
$post = $page->getForumPost($ids[$i]);
write('<tr>');
write('<td><a href="../forums/post.php?id=' . $post->ID . '">' . $post->ID . '</a></td>');
write('<td><a href="account.php?id=' . $post->author->ID . '">' . $post->author->name . '</a></td>');
write('<td><a href="account.php?id=' . $post->author->ID . '">' . htmlentities($post->author->name, ENT_QUOTES) . '</a></td>');
if (!$post->category)
{
write('<td style="color: #444444;">No Category</td>');
37,7 → 37,7
}
else
{
write('<td>' . $post->category->title . '</td>');
write('<td>' . htmlentities($post->category->title, ENT_QUOTES) . '</td>');
}
if (!$post->parent)
{
45,10 → 45,10
}
else
{
write('<td>' . $post->parent->title . '</td>');
write('<td>' . htmlentities($post->parent->title, ENT_QUOTES) . '</td>');
}
write('<td>' . $post->title . '</td>');
write('<td>' . str_replace("\n", ' ', $post->content) . '</td>');
write('<td>' . htmlentities($post->title, ENT_QUOTES) . '</td>');
write('<td>' . str_replace("\n", ' ', htmlentities($post->content, ENT_QUOTES)) . '</td>');
write('<td>' . date('j/m/Y H:i', $post->datePosted) . '</td>');
write('<td>' . $post->spam . '</td>');
write('</tr>');
/admin/all-projects.php
31,13 → 31,13
$project = $page->getProject($ids[$i]);
write('<tr>');
write('<td><a href="../projects/edit-project.php?id=' . $project->ID . '">' . $project->ID . '</a></td>');
write('<td><a href="account.php?id=' . $project->author->ID . '">' . $project->author->name . '</a></td>');
write('<td>' . $project->title . '</td>');
write('<td>' . str_replace("\n", '<br />', $project->description) . '</td>');
write('<td><img src="' . $project->logoURL . '" /></td>');
write('<td><a href="' . $project->downloadURL . '">Link</a></td>');
write('<td><a href="' . $project->websiteURL . '">Link</a></td>');
write('<td>' . $project->latestVersion . '</td>');
write('<td><a href="account.php?id=' . $project->author->ID . '">' . htmlentities($project->author->name, ENT_QUOTES) . '</a></td>');
write('<td>' . htmlentities($project->title, ENT_QUOTES) . '</td>');
write('<td>' . str_replace("\n", '<br />', htmlentities($project->description, ENT_QUOTES)) . '</td>');
write('<td><img src="' . htmlentities($project->logoURL, ENT_QUOTES) . '" /></td>');
write('<td><a href="' . htmlentities($project->downloadURL, ENT_QUOTES) . '">Link</a></td>');
write('<td><a href="' . htmlentities($project->websiteURL, ENT_QUOTES) . '">Link</a></td>');
write('<td>' . htmlentities($project->latestVersion, ENT_QUOTES) . '</td>');
write('<td>' . date('j/m/Y H:i', $project->lastUpdate) . '</td>');
write('</tr>');
}
/admin/nowify.php
40,7 → 40,7
?>
 
<form action="nowify.php" method="post">
Press Sumbit if you wish to nowify post <?php echo $post->title; ?>.<br /><br />
Press Sumbit if you wish to nowify post <?php echo htmlentities($post->title, ENT_QUOTES); ?>.<br /><br />
 
<?php
write('<input type="hidden" name="id" value="' . $id . '" />');
/blog/edit-post.php
28,6 → 28,8
$error = '';
 
if (isset($_POST['id'])) {
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
 
$title = $_POST['title'];
$content = $_POST['content'];
$category = $_POST['category'];
57,22 → 59,23
<table>
<tr>
<td class="bold">Title: </td>
<td><input type="text" name="title" value="<?php echo $post->title; ?>"/></td>
<td><input type="text" name="title" value="<?php echo htmlentities($post->title, ENT_QUOTES); ?>"/></td>
</tr>
<tr>
<td class="bold">Content: </td>
<td><textarea name="content"><?php echo $post->content; ?></textarea></td>
<td><textarea name="content"><?php echo htmlentities($post->content, ENT_QUOTES); ?></textarea></td>
</tr>
<tr>
<td class="bold">Catagory: </td>
<td><input type="text" name="category" value="<?php echo $post->category; ?>" /></td>
<td><input type="text" name="category" value="<?php echo htmlentities($post->category, ENT_QUOTES); ?>" /></td>
</tr>
 
<?php
write('<input type="hidden" name="id" value="' . $id . '" />');
?>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
 
<tr>
<tr>
<td class="bold"></td>
<td><input type="submit" value="Edit" /></td>
</tr>
/blog/index.php
21,7 → 21,7
if (isset($_GET['cat'])) {
$query = $query . " AND Category = ?";
array_push($args, $_GET['cat']);
write('<p>Only showing blog posts from the ' . $_GET['cat'] . ' category. <a href="index.php">Reset Filtering</a></p><br />');
write('<p>Only showing blog posts from the ' . htmlentities($_GET['cat'], ENT_QUOTES) . ' category. <a href="index.php">Reset Filtering</a></p><br />');
}
 
if (!$page->isUserGM($page->getLoggedInUser())) {
35,8 → 35,8
 
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"');
write('<a href="post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>');
write('<a href="post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>');
write('<p>' . $page->replaceBBCode($post->content) . '</p>');
write('<h5 style="color: #666666;"><a href="post.php?id=' . $id . '">' . count($ids2) . ' Comments</a></h5>');
write('<br />');
/blog/post.php
9,7 → 9,7
$page->redirect('index.php');
}
 
$page->title = 'Blog Post &middot; ' . $page->getBlogPost($page->getGetID())->title;
$page->title = 'Blog Post &middot; ' . htmlentities($page->getBlogPost($page->getGetID())->title, ENT_QUOTES);
 
$page->drawHeader();
$page->drawBlogCategoriesMenu();
/blog/rss.php
20,7 → 20,7
$post = $page->getBlogPost($id);
write('<item>');
write('<title>' . $post->title . '</title>');
write('<title>' . htmlentities($post->title, ENT_QUOTES) . '</title>');
write('<link>http://tim32.org/blog/post.php?id=' . $id . '</link>');
write('<guid>' . $id . '</guid>');
write('<pubDate>' . date('D, d M Y H:i:s O', $post->datePosted). '</pubDate>');
/blog/add-post-img.php
0,0 → 1,97
<?php
 
require '../_taios.php';
 
$page = new Taios_Page('Edit Post', '../');
 
if (isset($_GET['id']))
{
$id = $_GET['id'];
}
else if (isset($_POST['id']))
{
$id = $_POST['id'];
}
else
{
$page->drawError('No ID set.');
}
 
$page->checkLoggedIn();
 
$post = $page->getBlogPost($id);
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
{
$page->drawError('You do not have permission to access this page.');
}
 
$error = '';
 
if (isset($_POST['id'])) {
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
 
$lname = $page->acceptFile("file");
 
if ($lname == false)
die();
 
$content = $post->content;
 
if (isset($_POST['label']))
{
$label = $_POST['label'];
$content = $content . "\n\n[b]" . $label . "[/b]\n";
}
$content = $content . "[img]" . $lname . "[/img]";
 
if (empty($title)) {
$args = array($content, $id);
$page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args);
 
$page->redirect('post.php?id=' . $id);
}
}
 
$page->drawHeader();
$page->drawBlogCategoriesMenu();
$page->drawMiddle();
 
if (!empty($error)) {
$page->drawError($error, false);
}
 
?>
 
<form action="add-post-img.php" method="post" enctype="multipart/form-data">
<table>
<tr>
<td class="bold">Post Title: </td>
<td><?php echo $post->title; ?></td>
</tr>
<tr>
<td class="bold">Label: </td>
<td><input type="text" name="label" value=""/></td>
</tr>
<tr>
<td class="bold">File: </td>
<td><input type="file" name="file" id="file"></td>
</tr>
 
<?php
write('<input type="hidden" name="id" value="' . $id . '" />');
?>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
 
<tr>
<td class="bold"></td>
<td><input type="submit" value="Add Image" /></td>
</tr>
</table>
</form>
 
<?php
 
$page->drawFooter();
 
?>
 
/blog/add-post.php
21,6 → 21,8
 
if (isset($_POST['post']))
{
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
 
$title = $_POST['title'];
$content = $_POST['content'];
$parentID = $_POST['parentID'];
78,6 → 80,7
</tr>
 
<input type="hidden" name="post" value="yes" />
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
 
<?php
write('<input type="hidden" name="parentID" value="' . getParentID() . '" />');
/forums/edit-category.php
26,11 → 26,11
<table>
<tr>
<td class="bold">Title: </td>
<td><input type="text" name="title" value="<?php echo $cat->title; ?>" /></td>
<td><input type="text" name="title" value="<?php echo htmlentities($cat->title, ENT_QUOTES); ?>" /></td>
</tr>
<tr>
<td class="bold">Description: </td>
<td><input type="text" name="description" value="<?php echo $cat->description; ?>" /></td>
<td><input type="text" name="description" value="<?php echo htmlentities($cat->description, ENT_QUOTES); ?>" /></td>
</tr>
<tr>
<td></td>
/forums/index.php
9,8 → 9,14
{
$parentID = -1;
}
else if ($parentID != -1)
 
if (!is_numeric($parentID))
{
$parentID = -1;
}
 
if ($parentID != -1)
{
$page->title = $page->getForumCategory($parentID)->title;
}
 
52,8 → 58,8
for ($i = 0; $i < count($ids); $i++)
{
$forumCategory = $page->getForumCategory($ids[$i]);
write('<h4><a href="index.php?parentID=' . $forumCategory->ID . '">' . $forumCategory->title . '</a></h4>');
write('<p>' . $forumCategory->description . '</p>');
write('<h4><a href="index.php?parentID=' . $forumCategory->ID . '">' . htmlentities($forumCategory->title, ENT_QUOTES) . '</a></h4>');
write('<p>' . htmlentities($forumCategory->description, ENT_QUOTES) . '</p>');
if ($page->isUserAdmin($page->getLoggedInUser()))
{
write('<p class="bold"><a href="edit-category.php?id=' . $forumCategory->ID . '">Edit Category</a> &nbsp; &middot; &nbsp; <a href="delete-category-do.php?id=' . $forumCategory->ID . '">Delete Category</a></p>');
71,7 → 77,7
for ($i = 0; $i < count($ids); $i++)
{
$forumPost = $page->getForumPost($ids[$i]);
write('<h4><a href="post.php?id=' . $forumPost->ID . '">' . $forumPost->title . '</a></h4>');
write('<h4><a href="post.php?id=' . $forumPost->ID . '">' . htmlentities($forumPost->title, ENT_QUOTES) . '</a></h4>');
write('<br />');
}
 
/forums/post.php
9,8 → 9,8
$id = $page->getGetID();
$forumPost = $page->getForumPost($id);
write('<p class="bold"><a href="index.php?parentID=' . $forumPost->category->ID . '">Back to Topics</a></p><br />');
write('<h3>' . $forumPost->title . '</h3>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . $forumPost->author->name . ' (' . $forumPost->author->username . ')</h5>');
write('<h3>' . htmlentities($forumPost->title, ENT_QUOTES) . '</h3>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . htmlentities($forumPost->author->name, ENT_QUOTES) . ' (' . htmlentities($forumPost->author->username, ENT_QUOTES) . ')</h5>');
write('<p>' . $page->replaceBBCode($forumPost->content) . '</p>');
if ($page->isLoggedIn())
{
28,8 → 28,8
for ($i = 0; $i < count($ids); $i++)
{
$forumPost = $page->getForumPost($ids[$i]);
write('<h4>' . $forumPost->title . '</h4>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . $forumPost->author->name . ' (' . $forumPost->author->username . ')</h5>');
write('<h4>' . htmlentities($forumPost->title, ENT_QUOTES) . '</h4>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $forumPost->datePosted) . ' by ' . htmlentities($forumPost->author->name, ENT_QUOTES) . ' (' . htmlentities($forumPost->author->username, ENT_QUOTES) . ')</h5>');
write('<p>' . $page->replaceBBCode($forumPost->content) . '</p>');
if ($page->isUserAdmin($page->getLoggedInUser()) || $forumPost->author->ID == $page->getLoggedInUser()->ID)
{
/index.php
10,7 → 10,7
 
<p class="bold">Welcome to Tim32!</p>
<?php
write('<p>Tim32 is a ' . (date("Y") - 2000) . '-year-old laptop running Ubuntu Server Edition 10.04.</p>');
write('<p>Tim32 is a ' . (date("Y") - 2000) . '-year-old laptop running Ubuntu Server Edition 14.04.</p>');
write('<p>On the other hand, Tim36 (which is serving this page) is a ' . (date("Y") - 2007) . '-year-old laptop running Ubuntu Server Edition 10.04.</p>');
?>
<p>By using this website, you hereby accept cookies being stored on your computer.</p>
30,8 → 30,8
$comment_count = 0;
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"');
 
write('<a href="blog/post.php?id=' . $id . '"><h3>' . $post->title. '</h3></a>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . $post->user->name . ' (' . $post->user->username . ')</h5>');
write('<a href="blog/post.php?id=' . $id . '"><h3>' . htmlentities($post->title, ENT_QUOTES). '</h3></a>');
write('<h5 style="color: #666666;">Posted On ' . date('l j F Y', $post->datePosted) . ' by ' . htmlentities($post->user->name, ENT_QUOTES) . ' (' . htmlentities($post->user->username, ENT_QUOTES) . ')</h5>');
write('<p>' . $page->replaceBBCode($post->content) . '</p>');
write('<h5 style="color: #666666;">' . count($ids2) . ' Comments</h5>');
write('<br />');
/photos/album.php
35,6 → 35,10
$page->redirect('index.php');
}
 
while (strpos($dirName, '../') !== false) {
$dirName = str_replace("../", "/", $dirName);
}
 
$page->drawHeader();
write('<br /><h3>RSS</h3>');
$page->drawMenuItem('RSS Feed', 'photos/rss.php?dir=' . $dirName);
/photos/rss.php
12,6 → 12,10
$dirName = "Lassitor";
}
 
while (strpos($dirName, '../') !== false) {
$dirName = str_replace("../", "/", $dirName);
}
 
write('<?xml version="1.0" encoding="UTF-8" ?>');
write('<rss version="2.0">');
write('<channel>');
/projects/edit-project.php
36,32 → 36,33
<table>
<tr>
<td class="bold">Title: </td>
<td><input type="text" name="title" value="<?php echo $project->title; ?>" /></td>
<td><input type="text" name="title" value="<?php echo htmlentities($project->title, ENT_QUOTES); ?>" /></td>
</tr>
<tr>
<td class="bold">Description: </td>
<td><textarea name="description"><?php echo $project->description; ?></textarea></td>
<td><textarea name="description"><?php echo htmlentities($project->description, ENT_QUTOES); ?></textarea></td>
</tr>
<tr>
<td class="bold">Logo URL: </td>
<td><input type="text" name="logourl" value="<?php echo $project->logoURL; ?>" /></td>
<td><input type="text" name="logourl" value="<?php echo htmlentities($project->logoURL, ENT_QUOTES); ?>" /></td>
</tr>
<tr>
<td class="bold">Website URL: </td>
<td><input type="text" name="websiteurl" value="<?php echo $project->websiteURL; ?>" /></td>
<td><input type="text" name="websiteurl" value="<?php echo htmlentities($project->websiteURL, ENT_QUOTES); ?>" /></td>
</tr>
<tr>
<td class="bold">DownloadURL: </td>
<td><input type="text" name="downloadurl" value="<?php echo $project->downloadURL; ?>" /></td>
<td><input type="text" name="downloadurl" value="<?php echo htmlentities($project->downloadURL, ENT_QUOTES); ?>" /></td>
</tr>
<tr>
<td class="bold">Latest Version: </td>
<td><input type="text" name="latestversion" value="<?php echo $project->latestVersion; ?>" /></td>
<td><input type="text" name="latestversion" value="<?php echo htmlentities($project->latestVersion, ENT_QUTOES); ?>" /></td>
</tr>
<tr>
<td class="bold"></td>
<td><input type="submit" value="Edit Project" /></td>
</tr>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
</table>
</form>
 
/projects/index.php
19,10 → 19,10
$id = $ids[$i];
$project = $page->getProject($id);
write('<h3>' . $project->title . '</h3>');
write('<h3>' . htmlentities($project->title, ENT_QUOTES) . '</h3>');
write('<table style="border: 0px;">');
write('<tr>');
write('<td style="border: 0px; vertical-align: top;"><img class="smiley" src="' . $project->logoURL . '" alt="' . $project->title . ' logo" /></td>');
write('<td style="border: 0px; vertical-align: top;"><img class="smiley" src="' . htmlentities($project->logoURL, ENT_QUOTES). '" alt="' . htmlentities($project->title, ENT_QUOTES) . ' logo" /></td>');
write('<td style="border: 0px;">');
if (empty($project->latestVersion))
{
30,18 → 30,18
}
else
{
write('<h4>Latest Version: ' . $project->latestVersion . '</h4>');
write('<h4>Latest Version: ' . htmlentities($project->latestVersion, ENT_QUOTES) . '</h4>');
}
write('<p>Project Author: ' . $project->author->name . '</p>');
write('<p>Project Author: ' . htmlentities($project->author->name, ENT_QUOTES) . '</p>');
write('<p>' . $page->replaceBBCode($project->description) . '</p>');
write('<p>');
if (!empty($project->websiteURL))
{
write('<a href="' . $project->websiteURL . '">Website</a>');
write('<a href="' . htmlentities($project->websiteURL, ENT_QUOTES) . '">Website</a>');
}
if (!empty($project->downloadURL))
{
write(' &middot; <a href="' . $project->downloadURL . '">Download</a>');
write(' &middot; <a href="' . htmlentities($project->downloadURL, ENT_QUOTES) . '">Download</a>');
}
write('</p>');
write('</td>');
/projects/edit-project-do.php
4,6 → 4,8
 
$page = new Taios_Page('Edit Project', '../');
 
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
 
$project = $page->getProject($page->getPostID());
if (!$project)
{
/projects/add-project-do.php
4,6 → 4,8
 
$page = new Taios_Page('Add Project', '../');
 
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
 
$title = $_POST['title'];
$description = $_POST['description'];
$logoURL = $_POST['logourl'];
/projects/add-project.php
54,6 → 54,7
<td class="bold"></td>
<td><input type="submit" value="Add Project" /></td>
</tr>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
</table>
</form>
 
/tcp.js
1,6 → 1,6
function updateResult(box, text) {
box.find(".tcp_inner_result").html("<i>Loading...</i>");
$.get('http://tim32.org/~freddie/VOSLookup/tcppop.php?totr=' + text, function(data) {
$.get('//tim32.org/timlan/lookup/tcppop.php?totr=' + text, function(data) {
box.find(".tcp_inner_result").html(data);
});
}
35,12 → 35,12
var s = box.attr("data-status");
if (s == "closed") {
box.attr("data-status", "open");
$(this).attr("src", "http://tim32.org/~freddie/timlan/noTCP.png");
$(this).attr("src", "//tim32.org/timlan/noTCP.png");
$(this).attr("title", "Close TCP Editor");
openBox(box);
} else {
box.attr("data-status", "closed");
$(this).attr("src", "http://tim32.org/~freddie/timlan/goTCP.png");
$(this).attr("src", "//tim32.org/timlan/goTCP.png");
$(this).attr("title", "Open TCP Editor");
closeBox(box);
}
/wiki/edit-do.php
30,7 → 30,9
 
if ($page->isUserGM($page->getLoggedInUser()))
{
$pageName = str_replace("../", "/", $pageName);
while (strpos($pageName, '../') !== false) {
$pageName = str_replace("../", "/", $pageName);
}
 
$filename = 'pages/' . $pageName . '.txt';
 
/wiki/edit.php
22,7 → 22,7
$pageName = 'Index';
}
 
$page = new Taios_Page('Edit Page - ' . $pageName, '../');
$page = new Taios_Page('Edit Page - ' . htmlentities($pageName, ENT_QUOTES), '../');
$page->drawHeader();
$page->drawMiddle();
 
30,7 → 30,9
 
if ($page->isUserGM($page->getLoggedInUser()))
{
$pageName = str_replace("../", "/", $pageName);
while (strpos($pageName, '../') !== false) {
$pageName = str_replace("../", "/", $pageName);
}
 
$filename = 'pages/' . $pageName . '.txt';
46,10 → 48,10
?>
 
<form action="edit-do.php" method="POST">
<input type="hidden" name="page" value="<?php echo $pageName; ?>" />
<input type="hidden" name="page" value="<?php echo htmlentities($pageName, ENT_QUOTES); ?>" />
<table>
<tr>
<td><textarea name="content"><?php write($content); ?></textarea></td>
<td><textarea name="content"><?php write(htmlentities($content, ENT_QUOTES)); ?></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Edit" /></td>
/wiki/index.php
29,7 → 29,7
$pageName = 'Index';
}
 
$page = new Taios_Page('Wiki &middot; ' . $pageName, '../');
$page = new Taios_Page('Wiki &middot; ' . htmlentities($pageName, ENT_QUOTES), '../');
 
if (isset($_GET['random']))
{
56,10 → 56,12
 
if ($page->isUserGM($page->getLoggedInUser()))
{
write('<p class="bold"><a href="edit.php?page=' . $pageName . '">Edit Page</a></p><br />');
write('<p class="bold"><a href="edit.php?page=' . htmlentities($pageName, ENT_QUOTES) . '">Edit Page</a></p><br />');
}
 
$pageName = str_replace("../", "/", $pageName);
while (strpos($pageName, '../') !== false) {
$pageName = str_replace("../", "/", $pageName);
}
 
$filename = 'pages/' . $pageName . '.txt';
 
76,7 → 78,7
 
if(is_dir('pages/' . $pageName))
{
write('<p>Directory listing of ' . $pageName . ':</p>');
write('<p>Directory listing of ' . htmlentities($pageName, ENT_QUOTES) . ':</p>');
write('<ul>');
$dir = opendir('pages/' . $pageName);
if($dir)
86,7 → 88,7
if($file != '.' && $file != '..' && (preg_match('/\.txt$/', $file) || is_dir('pages/' . $pageName . '/' . $file)))
{
$file = preg_replace('/\.txt$/', '', $file);
write('<li><a href="index.php?page=' . $pageName . '/' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</a></li>');
write('<li><a href="index.php?page=' . htmlentities($pageName, ENT_QUOTES) . '/' . htmlentities($file, ENT_QUOTES) . '">' . htmlentities($file, ENT_QUOTES) . '</a></li>');
}
}
}
/_config.dummy.php
3,6 → 3,8
define('MYSQL_HOST', 'localhost');
define('MYSQL_USER', 'taios');
define('MYSQL_PASSWORD', 'dummy');
define('ALLOW_FILES', false);
define('ROOT_PATH', 'http://wolves.org/~dummy/taios/');
define('RECAPTCHA_PUBLICKEY', 'dummy');
define('RECAPTCHA_PRIVATEKEY', 'dummy');
 
/install.sql
12,6 → 12,7
EmailAddress TEXT,
Name TEXT,
Salt TEXT,
CSRFToken TEXT,
ChallengeID INT,
PRIMARY KEY(ID)
);
65,7 → 66,7
PRIMARY KEY(ID)
);
 
INSERT INTO Users VALUES (1, 0, "admin", SHA1("password"), "admins@tim32.org", "Tim32 Admin", 0);
INSERT INTO Users VALUES (1, 0, "admin", SHA1("passwordrostok"), "admins@tim32.org", "Tim32 Admin", "rostok", "rostok", 0);
INSERT INTO BlogPosts VALUES(1, -1, 1, "Welcome to Tim32!", "Welcome to the new Tim32 website! It has had a complete design re-think to make it simpler and easier to use!", NOW(), "Tim32", FALSE);
INSERT INTO Projects VALUES (1, 1, "TAIOS", "TAIOS (The All In One System) is a PHP based system to make the Tim32 website very self contained and altogether.", "http://websvn.kde.org/*checkout*/trunk/kdesupport/oxygen-icons/64x64/categories/applications-internet.png", "", "http://tim32.org/~tom/taios/", "SVN", NOW());
INSERT INTO ForumCategories VALUES (1, -1, "Tim32", "Talk about Tim32 in here");
/register-do.php
44,8 → 44,8
 
$salt = $username . "horses";
 
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?)", $args);
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, $page->rndString(), 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, CSRFToken, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $args);
 
$page->redirect('login.php');