Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $headers = 'From: noreply@website.org' . "rn" .
- 'Reply-To: noreply@website.org' . "rn" .
- 'X-Mailer: PHP/' . phpversion();
- function sec_session_start() {
- session_start();
- if (loggedin()){
- $session_name = 'session-' . rand ( 100000 , 999999 ); // Set a custom session name
- $secure = 'SECURE';
- $httponly = true;
- if (ini_set('session.use_only_cookies', 1) === FALSE) {
- header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
- exit();
- }
- $cookieParams = session_get_cookie_params();
- session_set_cookie_params($cookieParams["lifetime"],
- $cookieParams["path"],
- $cookieParams["domain"],
- $secure,
- $httponly);
- session_name($session_name);
- }
- }
- function connect_to_db(){
- $servername = "localhost";
- $db_name = "db_name";
- $db_username = "db_user";
- $db_password = "db_pass";
- // Create connection
- $conn = new mysqli($servername, $db_username, $db_password, $db_name);
- // Check connection
- if ($conn->connect_error) {
- setPrivateFlash("Connection to database failed".$conn->connect_error);
- die();
- }
- return $conn;
- }
- $conn = connect_to_db();
- function sendView($view, $isWithAds){
- if ($isWithAds){
- include ("ads.php");
- }
- include ('header.php');
- echo '<div id="wrapper">';
- include ($view);
- echo '</div>';
- include ('footer.php');
- }
- function loggedin(){
- if (isset($_SESSION['loggedin'])){
- return true;
- }
- else{
- return false;
- }
- }
- function listErrorResults($result){
- if ($result->num_rows > 0){
- while($row = $result->fetch_assoc()){
- echo "<div class='row'>
- <div class='result-item inline center'>";
- $user = getUserByID($row["user_submitted"]);
- $definitionsResult = getDefinitions($row['id']);
- echo $definitionsResult->num_rows
- ."<div class='subtext'>
- definitions
- </div>
- </div>
- <div class='result-item inline word-wrap'>
- <div><a href='?error-post&id="
- .$row["id"]
- ."'>"
- .$row["description"]
- ."</a>
- </div>";
- $definitions = array();
- while($definitionRow = $definitionsResult->fetch_assoc()){
- $definitions[$definitionRow["source"]] = [""];
- }
- foreach ($definitions as $key => $definition){
- echo "<div class='tag-item subtext inline'>"
- .$key
- ."</div>";
- }
- echo "<div class='subtext inline'>Added "
- .$row["date_submitted"]
- ." by <a href='#'>"
- .$user['username']
- ."</a> <span title='reputation'>"
- .$user['reputation']
- ."</span>
- </div>
- </div>
- </div><hr>";
- }
- }
- else{
- echo "No results match your search. Please try again";
- }
- }
- function getUserByID($id){
- $result = selectQuery("select * from user where id=$id;");
- if ($result->num_rows > 0) {
- while($row = $result->fetch_assoc()){
- return $row;
- }
- } else {
- setPrivateFlash("Error: user not found.");
- }
- }
- function getFlagsByErrorId($error_id){
- return selectQuery("select * from error_flag where error_id=$error_id;");
- }
- function login($username, $password){
- $result = selectQuery("select * from user where password='$password' and username='$username';");
- if ($result->num_rows > 0) {
- while($row = $result->fetch_assoc()){
- $_SESSION['username'] = $username;
- $_SESSION['user_id'] = $row["id"];
- $_SESSION['loggedin'] = true;
- $_SESSION['user_role'] = $row["role"];
- }
- updateReputation($row["id"]);
- setFlash("Logged In");
- } else {
- setFlash("Error: user password combination not found.");
- }
- }
- function logout(){
- unset($_SESSION['username']);
- unset($_SESSION['loggedin']);
- unset($_SESSION['user_id']);
- unset($_SESSION['role']);
- setFlash("Logged Out");
- }
- function register($username, $password, $email){
- executeQuery("insert into user (username, password, email) values ('$username', '$password', '$email');");
- }
- function updateEmail($user_id, $email){
- executeQuery("update user set email='$email' where id='$user_id';");
- }
- function updatePassword($user_id, $old_password, $new_password, $code, $email){
- if (isset($code) && isset($email)){
- $result = selectQuery("select * from password_reset_code where email='$email' and code=$code");
- if ($result->num_rows > 0){
- executeQuery("update user set password='$new_password' where email='$email';");
- executeQuery("delete from password_reset_code where email='$email';");
- setFlash("email:".$email." code:".$code);
- }
- }
- else{
- executeQuery("update user set password='$new_password' where id='$user_id' and password='$old_password';");
- }
- }
- function resetPassword($email){
- $result = selectQuery("select * from user where email='$email'");
- if ($result->num_rows > 0){
- setFlash("didn't find email");
- while($row = $result->fetch_assoc()){
- $code = rand ( 100000000000000000 , 999999999999999999 );
- setFlash("sendingEmail");
- mail($email, 'noreply', "Please use the following link to reset your password:rnrnhttp://website.org/eMre2011/?function=verify-password&code=".$code."&email=".$email );
- executeQuery("insert into password_reset_code (code, email) values ($code, '$email');");
- }
- }
- else{
- setFlash("Could not find email: $email");
- }
- }
- function verifyPassword($email, $code){
- $result = selectQuery("select * from password_reset_code where email='$email' and code=$code");
- if ($result->num_rows > 0){
- while($row = $result->fetch_assoc()){
- return true;
- }
- }
- else{
- setFlash("Could not find code/email combination: $code/$email");
- return false;
- }
- }
- function addErrorPost($description, $date, $user_id){
- if (!selectQuery("select * from error_post where description = '$description' and user_submitted = '$user_id' and date_submitted = '$date';")->num_rows > 0){
- executeQuery("insert into error_post (description, date_submitted, user_submitted) values ('$description', '$date_submitted', '$user_id');");
- setFlash("Error logged successfully");
- $result=selectQuery("select * from error_post where description = '$description' and user_submitted = '$user_submitted' and date_submitted = '$date';");
- if ($result->num_rows > 0) {
- while($row = $result->fetch_assoc()){
- subscribe('post', $row['id']);
- }
- }
- }
- }
- function addErrorFlag($error_id, $user_id){
- executeQuery("insert ignore into error_flag (error_id, user_id) values ('$error_id', '$user_id');");
- }
- function addVote($user_id, $definition_id, $up){
- executeQuery("insert into vote (user_id, definition_id, up) values ($user_id, $definition_id, $up) on duplicate key update up=$up ");
- }
- function deleteErrorPost($error_id){
- executeQuery("delete from error_post where id=$error_id;");
- setFlash("Error Deleted");
- }
- function getErrorPost($id){
- executeQuery("insert ignore into post_view (post_id, user_id) values ('$id', '".$_SESSION['user_id']."');");
- $result=selectQuery("select count(user_id) as total from post_view where post_id='$id'");
- $data=$result->fetch_assoc();
- $total=$data['total'];
- executeQuery("update error_post set views='$total' where id='$id';");
- return selectQuery("select * from error_post where id='$id';");
- }
- function getAllErrorPosts(){
- return selectQuery("select * from error_post order by id desc;");
- }
- function searchErrorPosts($search_terms){
- $keyWords = explode (' ', $search_terms);
- $query = "select * from error_post where description like ";
- foreach ($keyWords as $value){
- if ($value != $keyWords[0]){
- $query = $query." or description like ";
- }
- $query = $query."'%$value%'";
- }
- $query = $query.";";
- return selectQuery($query);
- }
- function addDefinition($source, $definition, $errorPostId, $userId, $date){
- executeQuery("insert into definition (source, definition_content, error_post_id, user_id, date) values ('$source', '$definition', '$errorPostId', '$userId', '$date');");
- $result=selectQuery("select * from subscription where type = 'post' and type_id = '$errorPostId';");
- if ($result->num_rows > 0){
- while($row = $result->fetch_assoc()){
- mail($row['email'], 'subscribed update', "Somebody added a definition for a post you are following. Follow this link to view the post:rnrn
- http://website.org/eMre2011/?error-post&id=$errorPostId", $headers);
- }
- }
- $result=selectQuery("select * from definition where source = '$source' and definition_content = '$definition' and error_post_id = '$errorPostId' and date = '$date'
- and user_id = '$userId';");
- if ($result->num_rows > 0){
- while($row = $result->fetch_assoc()){
- $result2=selectQuery("select * from user where id = '$userId';");
- if ($result2->num_rows > 0){
- while($row2 = $result2->fetch_assoc()){
- subscribe('definition', $row['id'], $row2['email']);
- subscribe('post', $errorPostId, $row2['email']);
- }
- }
- }
- }
- }
- function getDefinitions($errorPostId){
- return selectQuery("select * from definition where error_post_id='$errorPostId' order by votes desc;");
- }
- function updateDefinition($definition_id){
- $numVotes = 0;
- $result = selectQuery("select * from vote where definition_id='$definition_id';");
- if ($result->num_rows > 0){
- while($row = $result->fetch_assoc()){
- if ($row['up']){
- $numVotes++;
- }
- else{
- $numVotes--;
- }
- }
- }
- executeQuery("update definition set votes=$numVotes where id=$definition_id;");
- $result=selectQuery("select * from definition where error_post_id='$errorPostId' order by votes desc;");
- if ($result->num_rows > 0){
- $row = $result->fetch_assoc();
- executeQuery("update definition set elected=true where id=".$row['id'].";");
- executeQuery("update definition set elected=true where id=".$row['id']." and error_post_id='$errorPostId';");
- }
- }
- function subscribe($type, $id, $email){
- executeQuery("insert into subscription (type, type_id, email) values ('$type', '$id', '$email');");
- }
- function updateReputation($user_id){
- //insert calculation for user reputation.
- }
- function executeQuery($query){
- global $conn;
- if ($conn->query($query) === TRUE){
- //setFlash("Success");
- } else {
- setFlash("Error: " . $query . "<br>" . $conn->error);
- }
- }
- function selectQuery($query){
- global $conn;
- $result = $conn->query($query);
- return $result;
- }
- function sendFeedback($feedback, $subject){
- mail('info@website.org', $subject, $feedback);
- }
- function setFlash($message){
- $_SESSION['flash'] = "$message";
- }
- function setPrivateFlash($message){
- $_SESSION['flash-private'] = "$message";
- }
- function unsetFlash(){
- unset($_SESSION['flash']);
- unset($_SESSION['flash-private']);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement