Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Nov 8th, 2012  |  syntax: None  |  size: 10.24 KB  |  views: 53  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1.            <?php
  2.     session_start();
  3.     ?>
  4.         <?php require_once('Connections/localserver.php'); ?>
  5.     <?php
  6. if (!function_exists("GetSQLValueString")) {
  7. function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
  8. {
  9.   if (PHP_VERSION < 6) {
  10.     $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  11.   }
  12.  
  13.   $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  14.  
  15.   switch ($theType) {
  16.     case "text":
  17.       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  18.       break;    
  19.     case "long":
  20.     case "int":
  21.       $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  22.       break;
  23.     case "double":
  24.       $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  25.       break;
  26.     case "date":
  27.       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  28.       break;
  29.     case "defined":
  30.       $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  31.       break;
  32.   }
  33.   return $theValue;
  34. }
  35. }
  36.  
  37. $editFormAction = $_SERVER['PHP_SELF'];
  38. if (isset($_SERVER['QUERY_STRING'])) {
  39.   $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
  40. }
  41.  
  42. if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  43.   $updateSQL = sprintf("UPDATE users SET user_hash=%s WHERE user_level=%s",
  44.                        GetSQLValueString($_POST['user_hash'], "text"),
  45.                        GetSQLValueString($_POST['valcode'], "int"));
  46.  
  47.   mysql_select_db($database_localserver, $localserver);
  48.   $Result1 = mysql_query($updateSQL, $localserver) or die(mysql_error());
  49.  
  50.   $updateGoTo = "validated.php";
  51.   if (isset($_SERVER['QUERY_STRING'])) {
  52.     $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
  53.     $updateGoTo .= $_SERVER['QUERY_STRING'];
  54.   }
  55.   header(sprintf("Location: %s", $updateGoTo));
  56. }
  57.  
  58.     if (!function_exists("GetSQLValueString")) {
  59.     function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
  60.     {
  61.       if (PHP_VERSION < 6) {
  62.         $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  63.       }
  64.      
  65.       $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  66.      
  67.       switch ($theType) {
  68.         case "text":
  69.           $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  70.           break;    
  71.         case "long":
  72.         case "int":
  73.           $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  74.           break;
  75.         case "double":
  76.           $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  77.           break;
  78.         case "date":
  79.           $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  80.           break;
  81.         case "defined":
  82.           $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  83.           break;
  84.       }
  85.       return $theValue;
  86.     }
  87.     }
  88.      
  89.     $colname_rstUsers = "-1";
  90.     if (isset($_GET['hash'])) {
  91.       $colname_rstUsers = $_GET['hash'];
  92.     }
  93.     mysql_select_db($database_localserver, $localserver);
  94.     $query_rstUsers = sprintf("SELECT * FROM users WHERE user_hash = %s", GetSQLValueString($colname_rstUsers, "int"));
  95.     $rstUsers = mysql_query($query_rstUsers, $localserver) or die(mysql_error());
  96.     $row_rstUsers = mysql_fetch_assoc($rstUsers);
  97.     $totalRows_rstUsers = mysql_num_rows($rstUsers);
  98.      
  99.      
  100.      
  101.          
  102.          
  103.      
  104.     if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  105.                 $_SESSION['valcode'] = $row_rstUsers['password'];
  106.         $_SESSION['userguess']= GetSQLValueString($_POST['password'], "text");
  107.            
  108.         if (($_SESSION['userguess'])==($_SESSION['valcode'])){ /* both values match */
  109.                         $updateSQL = sprintf("UPDATE users SET user_level='1' WHERE  user_hash='%s'", /* Update the user level to 1 where the user hashtag is equal to the one that was sent in the link*/
  110.                        
  111.                 GetSQLValueString($_POST['password'], "text"));
  112.                 mysql_select_db($mmos, $localserver);
  113.                 $Result1 = mysql_query($updateSQL, $localserver) or die(mysql_error());
  114.                
  115.                         if (isset($_SERVER['QUERY_STRING'])) {
  116.                         $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
  117.                         $updateGoTo .= $_SERVER['QUERY_STRING'];
  118.                 }
  119.                 header('Location: validated.php');
  120.                 }
  121.                 else { /* If values dont match*/
  122.                 header( 'Location: validate.php' ) ; /* Where to go if validation failed, does not update database and goes back to the same page. */
  123.         }
  124.         }
  125.      
  126.            
  127.      
  128.          
  129.      
  130.     ?>
  131.     <?php require_once('Connections/localserver.php'); ?>
  132.     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  133.     <html xmlns="http://www.w3.org/1999/xhtml">
  134.     <head>
  135.     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  136.     <title>Validate</title>
  137.     <meta name="description" content="This is an experimental site which reviews the latest and greatest titles of the MMORPG genre">
  138.     <meta name="keywords" content="Review, Video Game, MMORPG, MMO, Massively, Multiplayer, Online, Roleplaying, Game, World of Warcraft, Guild Wars, Rift, EVE Online, Star Wars: The Old Republic">
  139.     <link href="savedstylesheet.css" rel="stylesheet" type="text/css" />
  140.     </head>
  141.      
  142.     <body id="Mainbody">
  143.     <div id="Wrapper">
  144.       <div id="Header">
  145.         <h1>MMORPG Reviews </h1>
  146.       </div>
  147.       <div id="MainNavbarone">
  148.       <ul>
  149.         <li> <h2> <a href="index.php">Home</a></h2> </li>
  150.         <li> <h2> <a href="includes/warcraft.php">World of Warcraft</a></h2> </li>
  151.         <li> <h2> <a href="includes/guildwars.php">Guild Wars</a></h2> </li>
  152.         <li> <h2> <a href="includes/rift.php">Rift</a></h2> </li>
  153.         <li> <h2> <a href="includes/eveonline.php">Eve Online</a></h2> </li>
  154.         <li> <h2> <a href="includes/starwars.php"> Star Wars: The Old Republic </a></h2> </li>
  155.         <li> <h2> <a href="includes/login.php">Login</a></h2> </li>
  156.         <li> <h2> <a href="includes/about.php"> About</a></h2> </li>
  157.         </ul>
  158.       </div>
  159.       <div id="MainAdbar">
  160.         <h3>Content for  id "Adbar" Goes Here</h3>
  161.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  162.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  163.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  164.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  165.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  166.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  167.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  168.         <h3>Content for  id &quot;Adbar&quot; Goes Here    </h3>
  169.         <h3>Content for  id &quot;Adbar&quot; Goes Here</h3>
  170.         <h3>Content for  id &quot;Adbar&quot; Goes Here  </h3>
  171.       </div>
  172.      
  173.      
  174.      
  175.      
  176.       <div id="RedirectMainareaone">
  177.         <?php if ($totalRows_rstUsers == 0) { // Show if recordset empty ?>
  178.   <p>&nbsp;</p>
  179.         <p>Oops! Your URL was incorrect. Please click <a href="index.php">here</a> to return to the Home Page!
  180.             <p>&nbsp;</p>
  181.           <?php } // Show if recordset empty ?>
  182. <?php if ($totalRows_rstUsers > 0) { // Show if recordset not empty ?>
  183.      <?php if ($row_rstUsers['user_level']==0) { // Select between validated or not ?>
  184.             <p>&nbsp;</p>
  185.             <p>Welcome <?php echo $row_rstUsers['user_name']; ?>. To continue validating your account please enter your password below into the box provided and click on Next to continue:</p>
  186.             <form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
  187.               <p>
  188.                 <label for="password">Enter Password:</label>
  189.                 <input type="password" name="valcode" id="password" />
  190.                 <input name="user_hash" type="hidden" value="<?php echo $_GET['hash']; ?>"/>
  191.               </p>
  192.               <p>
  193.                 <input type="submit" name="go" id="go" value="Validate" />
  194.               </p>
  195.               <input type="hidden" name="MM_update" value="form1" />
  196.             </form>
  197.             <p>&nbsp;</p>
  198.                 <?php } else { ?>
  199.                 <p>&nbsp;</p>
  200.                 <p>Oops! Your account has already been validated! Please click <a href="index.php">here</a> to return to the Home Page! </p>
  201.                 <p>&nbsp;</p>
  202.       <?php } // Select between validated or not ?>
  203.       <?php } // Show if recordset not empty ?>
  204.       </div>
  205.      
  206.      
  207.      
  208.      
  209.       <div id="Wrapperone">
  210.       <div id="MainNavbar">
  211.         <h3><a href="http://eu.battle.net/wow/en/">Official  World Of Warcraft Website</a></h3>
  212.         <h3><a href="https://www.guildwars2.com/en-gb/">Official Guild Wars Website</a></h3>
  213.         <h3><a href="http://eu.riftgame.com/en/">Official Rift Website</a></h3>
  214.         <h3><a href="http://www.eveonline.com/">Official EVE Online Website</a></h3>
  215.         <h3><a href="http://www.swtor.com/">Official Star Wars: The Old Republic Website</a></h3>
  216.       </div>
  217.         <div id="MainChatbar">
  218.           <?php
  219.   if ( isset ($_SESSION['MM_UserGroup']) ) {
  220. if ($_SESSION['MM_UserGroup']==1)//user
  221. { ?>
  222. <embed src="http://www.xatech.com/web_gear/chat/chat.swf" quality="high" width="300" height="700" name="chat" flashvars="id=184909259" align="middle" allowscriptaccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://xat.com/update_flash.shtml" />
  223. <?php
  224. }
  225. elseif ($_SESSION['MM_UserGroup']==2)//admin
  226. { ?>
  227. <embed src="http://www.xatech.com/web_gear/chat/chat.swf" quality="high" width="300" height="700" name="chat" flashvars="id=184909259" align="middle" allowscriptaccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://xat.com/update_flash.shtml" />
  228. <?php
  229. }
  230. else//hide chatbox
  231. {
  232. echo '<h3> Oops! User Authentication Is Required To Access This Content! </h3>';
  233. }
  234.   }
  235.   else echo '<h3> Oops! User Authentication Is Required To Access This Content! </h3>';
  236. ?>
  237.         </div>
  238.       </div>
  239.       <div id="MainFooter">
  240.         <h4><a href="includes/sitemap.php">Site Map/</a><a href="includes/admin.php">Administrative Page</a></h4>
  241.       </div>
  242.     </div>
  243.     </body>
  244.     </html>
  245.     <?php
  246.     mysql_free_result($rstUsers);
  247.      
  248.     ?>
clone this paste RAW Paste Data