Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(E_ALL);
- ob_start();
- session_start();
- require_once("core.php");
- require_once("secure.php");
- include("config.php");
- $mssql = new mssql($db_acc);
- ?>
- <head>
- <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
- <link rel="shortcut icon" href="favicon.png" type="image/x-icon" />
- <title><?php echo $title; ?></title>
- <link rel="stylesheet" type="text/css" href="style.css" />
- </head>
- <?php if(!isset($_SESSION['loggedin'])) {
- echo '
- <div id="logo">'.$logotxt.'</div>
- <div id="top">
- <div class="head">Vote Panel</div>
- <div id="box">
- ';
- if(isset($_POST['login'])) {
- $username = anti_injection($_POST["username"]);
- $password = anti_injection($_POST["password"]);
- if($username == "" || $password == "")
- {
- echo' <div class="error">Please fill all fields!</div>';
- }else{
- $enpass = md5($password);
- $newpass = sha1($enpass);
- $verifyAccount = $mssql->getCount("select * from TB_User where StrUserID = '$username' AND password = '$enpass'");
- if($verifyAccount <= 0) {
- echo ' <div class="error">Invalid username and/or password!</div>';
- }else{
- $name = $mssql->getArray("select * from TB_User where StrUserID = '$username'");
- $_SESSION['loggedin'] = "YES";
- $_SESSION['name'] = $username;
- header("location:index.php");
- }
- }
- }
- echo'
- <form action="" method="POST">
- <div class="login">
- <table>
- <tr>
- <td>Login</td><td><input type="text" name="username" id="username" /></td>
- </tr>
- <tr>
- <td>Password</td><td><input type="password" name="password" id="password" /></td>
- </tr>
- <tr>
- <td></td><td><input type="submit" value="Login" name="login" /></td>
- </tr>
- </table>
- </form>
- ';
- echo' </div></div></div>';
- }else{
- $userID = $_SESSION['name'];
- $getU = $mssql->getArray("select * from TB_User where StrUserID = '$userID'") ;
- $uJID = $getU['JID'];
- $uGM = $getU['sec_content'];
- $uName = $getU['Name'];
- $uSilk = $mssql->getArray("select * from SK_Silk where JID = '$uJID'");
- $silk = $uSilk['silk_own'];
- if ($silk == '') {
- $silk = 0;
- }
- echo'
- <div id="logo">'.$logotxt.'</div>
- <div id="top" style="width:450px;">
- <div class="head" style="width:450px;">Vote Panel - Welcome <font color="brown">'.$uName.' </font>!</div>
- <div id="box" style="width:450px;">
- <div class="user">
- <div class="tw1">You have: '.$silk.' Silks</div>
- ';
- echo' <div class="tw2"><a href="?logout">Logout</a></div>';
- If($uGM == '1'){
- echo'<div class="tw2"><a href="admin.php"><font color="brown">Admin</font></a></div>';
- }
- echo '</div>';
- If(isset($_POST["vote"])){
- $id = anti_injection($_POST["voteid"]);
- $silk = $mssql->getArray("SELECT * FROM dbo.vote_links WHERE ID = '$id'");
- $reward = $silk['Reward'];
- $today = time();
- $date = $mssql->getArray("SELECT * FROM dbo.vote_actions WHERE VoteID = '$id' AND Username = '$userID' order by Date desc");
- $last = $date['Date'];
- $can = $today - $last;
- $info = $mssql->getArray("select * from dbo.vote_links WHERE ID ='$id'");
- $long = $info['Time'];
- $getIP = $_SERVER['REMOTE_ADDR'];
- $ip_ch = $mssql->getArray("SELECT * FROM dbo.vote_ip WHERE IP ='$getIP' AND VoteID ='$id' order by LastDate desc");
- $ip_last = $ip_ch['LastDate'];
- $ip_can = $today - $ip_last;
- If($can < $long || $ip_can < $long){
- echo '<div class="error">Cant vote!</div>';
- }else{
- $check = $mssql->getCount("select * from dbo.vote_actions where Username = '$userID' AND VoteID ='$id' AND Status = '2' order by Date desc");
- If($check == '0'){
- $ready = sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_actions (Username, Status, VoteID, Date) VALUES ('$userID', '2', '$id', '$today')");
- sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_ip (IP, LastDate, VoteID) VALUES ('$getIP', '$today', '$id')");
- $mssql->addsilk($uJID, $reward);
- }else{
- $del = sqlsrv_query($mssql->connection,"DELETE FROM dbo.vote_actions WHERE Username = '$userID' AND Status = '2' AND VoteID = '$id'");
- If($del){
- $ready = sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_actions (Username, Status, VoteID, Date) VALUES ('$userID', '2', '$id', '$today')");
- sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_ip (IP, LastDate, VoteID) VALUES ('$getIP', '$today', '$id')");
- $mssql->addsilk($uJID, $reward);
- }}
- ?>
- <script type='text/javascript'>window.location='<?php echo $info['Link'];?>';</script>
- <?php
- }
- }if (isset($_GET['logout'])) {
- session_start();
- session_unset();
- session_destroy();
- header("location:?news");
- }
- echo'<table>';
- $links = sqlsrv_query($mssql->connection,"select * from dbo.vote_links order by ID asc") ;
- while($row = sqlsrv_fetch_array($links)):
- echo '
- <form method="POST">
- <tr><td class="tw" align="center" width="50%" ><img src="'.$row['Img'].'" />
- </td><td width="45%" class="tw2" >Reward: '.$row['Reward'].' Silks</td><td class="tw2" >
- '.$mssql->status($userID, $row['ID'], $row['Time']).'
- </td><input type="hidden" name="voteid" id="voteid" Value="'.$row['ID'].'" >
- <td width="25%" class="tw2" ><input class="vote" type="submit" name="vote" value="VOTE" /></td></tr>
- </form>';
- endWhile;
- echo'</table></div>';
- echo' </div></div></div>';
- }
- ?>
- <div id="footer">Deja45Vu® 2013</div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement