API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 8th, 2012
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.24 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. ?>
  4. <?php require_once('Connections/localserver.php'); ?>
  5. <?php
  6. if (!function_exists("GetSQLValueString")) {
  7. function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
  8. {
  9. if (PHP_VERSION < 6) {
  10. $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  11. }
  12.  
  13. $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  14.  
  15. switch ($theType) {
  16. case "text":
  17. $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  18. break;
  19. case "long":
  20. case "int":
  21. $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  22. break;
  23. case "double":
  24. $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  25. break;
  26. case "date":
  27. $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  28. break;
  29. case "defined":
  30. $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  31. break;
  32. }
  33. return $theValue;
  34. }
  35. }
  36.  
  37. $editFormAction = $_SERVER['PHP_SELF'];
  38. if (isset($_SERVER['QUERY_STRING'])) {
  39. $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
  40. }
  41.  
  42. if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  43. $updateSQL = sprintf("UPDATE users SET user_hash=%s WHERE user_level=%s",
  44. GetSQLValueString($_POST['user_hash'], "text"),
  45. GetSQLValueString($_POST['valcode'], "int"));
  46.  
  47. mysql_select_db($database_localserver, $localserver);
  48. $Result1 = mysql_query($updateSQL, $localserver) or die(mysql_error());
  49.  
  50. $updateGoTo = "validated.php";
  51. if (isset($_SERVER['QUERY_STRING'])) {
  52. $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
  53. $updateGoTo .= $_SERVER['QUERY_STRING'];
  54. }
  55. header(sprintf("Location: %s", $updateGoTo));
  56. }
  57.  
  58. if (!function_exists("GetSQLValueString")) {
  59. function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
  60. {
  61. if (PHP_VERSION < 6) {
  62. $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  63. }
  64.  
  65. $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  66.  
  67. switch ($theType) {
  68. case "text":
  69. $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  70. break;
  71. case "long":
  72. case "int":
  73. $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  74. break;
  75. case "double":
  76. $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  77. break;
  78. case "date":
  79. $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  80. break;
  81. case "defined":
  82. $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  83. break;
  84. }
  85. return $theValue;
  86. }
  87. }
  88.  
  89. $colname_rstUsers = "-1";
  90. if (isset($_GET['hash'])) {
  91. $colname_rstUsers = $_GET['hash'];
  92. }
  93. mysql_select_db($database_localserver, $localserver);
  94. $query_rstUsers = sprintf("SELECT * FROM users WHERE user_hash = %s", GetSQLValueString($colname_rstUsers, "int"));
  95. $rstUsers = mysql_query($query_rstUsers, $localserver) or die(mysql_error());
  96. $row_rstUsers = mysql_fetch_assoc($rstUsers);
  97. $totalRows_rstUsers = mysql_num_rows($rstUsers);
  98.  
  99.  
  100.  
  101.  
  102.  
  103.  
  104. if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  105. $_SESSION['valcode'] = $row_rstUsers['password'];
  106. $_SESSION['userguess']= GetSQLValueString($_POST['password'], "text");
  107.  
  108. if (($_SESSION['userguess'])==($_SESSION['valcode'])){ /* both values match */
  109. $updateSQL = sprintf("UPDATE users SET user_level='1' WHERE user_hash='%s'", /* Update the user level to 1 where the user hashtag is equal to the one that was sent in the link*/
  110.  
  111. GetSQLValueString($_POST['password'], "text"));
  112. mysql_select_db($mmos, $localserver);
  113. $Result1 = mysql_query($updateSQL, $localserver) or die(mysql_error());
  114.  
  115. if (isset($_SERVER['QUERY_STRING'])) {
  116. $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
  117. $updateGoTo .= $_SERVER['QUERY_STRING'];
  118. }
  119. header('Location: validated.php');
  120. }
  121. else { /* If values dont match*/
  122. header( 'Location: validate.php' ) ; /* Where to go if validation failed, does not update database and goes back to the same page. */
  123. }
  124. }
  125.  
  126.  
  127.  
  128.  
  129.  
  130. ?>
  131. <?php require_once('Connections/localserver.php'); ?>
  132. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  133. <html xmlns="http://www.w3.org/1999/xhtml">
  134. <head>
  135. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  136. <title>Validate</title>
  137. <meta name="description" content="This is an experimental site which reviews the latest and greatest titles of the MMORPG genre">
  138. <meta name="keywords" content="Review, Video Game, MMORPG, MMO, Massively, Multiplayer, Online, Roleplaying, Game, World of Warcraft, Guild Wars, Rift, EVE Online, Star Wars: The Old Republic">
  139. <link href="savedstylesheet.css" rel="stylesheet" type="text/css" />
  140. </head>
  141.  
  142. <body id="Mainbody">
  143. <div id="Wrapper">
  144. <div id="Header">
  145. <h1>MMORPG Reviews </h1>
  146. </div>
  147. <div id="MainNavbarone">
  148. <ul>
  149. <li> <h2> <a href="index.php">Home</a></h2> </li>
  150. <li> <h2> <a href="includes/warcraft.php">World of Warcraft</a></h2> </li>
  151. <li> <h2> <a href="includes/guildwars.php">Guild Wars</a></h2> </li>
  152. <li> <h2> <a href="includes/rift.php">Rift</a></h2> </li>
  153. <li> <h2> <a href="includes/eveonline.php">Eve Online</a></h2> </li>
  154. <li> <h2> <a href="includes/starwars.php"> Star Wars: The Old Republic </a></h2> </li>
  155. <li> <h2> <a href="includes/login.php">Login</a></h2> </li>
  156. <li> <h2> <a href="includes/about.php"> About</a></h2> </li>
  157. </ul>
  158. </div>
  159. <div id="MainAdbar">
  160. <h3>Content for id "Adbar" Goes Here</h3>
  161. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  162. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  163. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  164. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  165. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  166. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  167. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  168. <h3>Content for id &quot;Adbar&quot; Goes Here </h3>
  169. <h3>Content for id &quot;Adbar&quot; Goes Here</h3>
  170. <h3>Content for id &quot;Adbar&quot; Goes Here </h3>
  171. </div>
  172.  
  173.  
  174.  
  175.  
  176. <div id="RedirectMainareaone">
  177. <?php if ($totalRows_rstUsers == 0) { // Show if recordset empty ?>
  178. <p>&nbsp;</p>
  179. <p>Oops! Your URL was incorrect. Please click <a href="index.php">here</a> to return to the Home Page!
  180. <p>&nbsp;</p>
  181. <?php } // Show if recordset empty ?>
  182. <?php if ($totalRows_rstUsers > 0) { // Show if recordset not empty ?>
  183. <?php if ($row_rstUsers['user_level']==0) { // Select between validated or not ?>
  184. <p>&nbsp;</p>
  185. <p>Welcome <?php echo $row_rstUsers['user_name']; ?>. To continue validating your account please enter your password below into the box provided and click on Next to continue:</p>
  186. <form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
  187. <p>
  188. <label for="password">Enter Password:</label>
  189. <input type="password" name="valcode" id="password" />
  190. <input name="user_hash" type="hidden" value="<?php echo $_GET['hash']; ?>"/>
  191. </p>
  192. <p>
  193. <input type="submit" name="go" id="go" value="Validate" />
  194. </p>
  195. <input type="hidden" name="MM_update" value="form1" />
  196. </form>
  197. <p>&nbsp;</p>
  198. <?php } else { ?>
  199. <p>&nbsp;</p>
  200. <p>Oops! Your account has already been validated! Please click <a href="index.php">here</a> to return to the Home Page! </p>
  201. <p>&nbsp;</p>
  202. <?php } // Select between validated or not ?>
  203. <?php } // Show if recordset not empty ?>
  204. </div>
  205.  
  206.  
  207.  
  208.  
  209. <div id="Wrapperone">
  210. <div id="MainNavbar">
  211. <h3><a href="http://eu.battle.net/wow/en/">Official World Of Warcraft Website</a></h3>
  212. <h3><a href="https://www.guildwars2.com/en-gb/">Official Guild Wars Website</a></h3>
  213. <h3><a href="http://eu.riftgame.com/en/">Official Rift Website</a></h3>
  214. <h3><a href="http://www.eveonline.com/">Official EVE Online Website</a></h3>
  215. <h3><a href="http://www.swtor.com/">Official Star Wars: The Old Republic Website</a></h3>
  216. </div>
  217. <div id="MainChatbar">
  218. <?php
  219. if ( isset ($_SESSION['MM_UserGroup']) ) {
  220. if ($_SESSION['MM_UserGroup']==1)//user
  221. { ?>
  222. <embed src="http://www.xatech.com/web_gear/chat/chat.swf" quality="high" width="300" height="700" name="chat" flashvars="id=184909259" align="middle" allowscriptaccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://xat.com/update_flash.shtml" />
  223. <?php
  224. }
  225. elseif ($_SESSION['MM_UserGroup']==2)//admin
  226. { ?>
  227. <embed src="http://www.xatech.com/web_gear/chat/chat.swf" quality="high" width="300" height="700" name="chat" flashvars="id=184909259" align="middle" allowscriptaccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://xat.com/update_flash.shtml" />
  228. <?php
  229. }
  230. else//hide chatbox
  231. {
  232. echo '<h3> Oops! User Authentication Is Required To Access This Content! </h3>';
  233. }
  234. }
  235. else echo '<h3> Oops! User Authentication Is Required To Access This Content! </h3>';
  236. ?>
  237. </div>
  238. </div>
  239. <div id="MainFooter">
  240. <h4><a href="includes/sitemap.php">Site Map/</a><a href="includes/admin.php">Administrative Page</a></h4>
  241. </div>
  242. </div>
  243. </body>
  244. </html>
  245. <?php
  246. mysql_free_result($rstUsers);
  247.  
  248. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!