<?phperror_reporting(E_ALL);ob_start();session_start();require_once("c

1. <?php
2. error_reporting(E_ALL);
3.  
4. ob_start();
5. session_start();
6. require_once("core.php");
7. require_once("secure.php");
8. include("config.php");
9. $mssql = new mssql($db_acc);
10.  
11. ?>
12. <head>
13. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
14. <link rel="shortcut icon" href="favicon.png" type="image/x-icon" />
15. <title><?php echo $title; ?></title>
16. <link rel="stylesheet" type="text/css" href="style.css" />
17. </head>
18.  
19.  
20. <?php if(!isset($_SESSION['loggedin'])) {
21. echo '
22. <div id="logo">'.$logotxt.'</div>
23. <div id="top">
24. <div class="head">Vote Panel</div>
25. <div id="box">
26. ';
27.  
28.  
29.  
30.  
31. if(isset($_POST['login'])) {
32. $username = anti_injection($_POST["username"]);
33. $password = anti_injection($_POST["password"]);
34. if($username == "" || $password == "")
35. {
36. echo' <div class="error">Please fill all fields!</div>';
37. }else{
38. $enpass = md5($password);
39. $newpass = sha1($enpass);
40. $verifyAccount = $mssql->getCount("select * from TB_User where StrUserID = '$username' AND password = '$enpass'");
41. if($verifyAccount <= 0) {
42. echo ' <div class="error">Invalid username and/or password!</div>';
43. }else{
44. $name = $mssql->getArray("select * from TB_User where StrUserID = '$username'");
45.  
46. $_SESSION['loggedin'] = "YES";
47. $_SESSION['name'] = $username;
48. header("location:index.php");
49. }
50. }
51. }
52. echo'
53. <form action="" method="POST">
54.  
55. <div class="login">
56. <table>
57. <tr>
58. <td>Login</td><td><input type="text" name="username" id="username" /></td>
59. </tr>
60. <tr>
61. <td>Password</td><td><input type="password" name="password" id="password" /></td>
62. </tr>
63. <tr>
64. <td></td><td><input type="submit" value="Login" name="login" /></td>
65. </tr>
66. </table>
67. </form>
68. ';
69.  
70. echo' </div></div></div>';
71.  
72. }else{
73. $userID = $_SESSION['name'];
74. $getU = $mssql->getArray("select * from TB_User where StrUserID = '$userID'") ;
75. $uJID = $getU['JID'];
76. $uGM = $getU['sec_content'];
77. $uName = $getU['Name'];
78. $uSilk = $mssql->getArray("select * from SK_Silk where JID = '$uJID'");
79. $silk = $uSilk['silk_own'];
80. if ($silk == '') {
81. $silk = 0;
82. }
83. echo'
84.  
85. <div id="logo">'.$logotxt.'</div>
86. <div id="top" style="width:450px;">
87. <div class="head" style="width:450px;">Vote Panel - Welcome <font color="brown">'.$uName.' </font>!</div>
88. <div id="box" style="width:450px;">
89. <div class="user">
90. <div class="tw1">You have: '.$silk.' Silks</div>
91. ';
92.  
93.  
94.  
95. echo' <div class="tw2"><a href="?logout">Logout</a></div>';
96. If($uGM == '1'){
97. echo'<div class="tw2"><a href="admin.php"><font color="brown">Admin</font></a></div>';
98. }
99. echo '</div>';
100. If(isset($_POST["vote"])){
101. $id = anti_injection($_POST["voteid"]);
102.  
103. $silk = $mssql->getArray("SELECT * FROM dbo.vote_links WHERE ID = '$id'");
104. $reward = $silk['Reward'];
105.  
106. $today = time();
107.  
108. $date = $mssql->getArray("SELECT * FROM dbo.vote_actions WHERE VoteID = '$id' AND Username = '$userID' order by Date desc");
109. $last = $date['Date'];
110.  
111. $can = $today - $last;
112.  
113. $info = $mssql->getArray("select * from dbo.vote_links WHERE ID ='$id'");
114. $long = $info['Time'];
115. $getIP = $_SERVER['REMOTE_ADDR'];
116.  
117. $ip_ch = $mssql->getArray("SELECT * FROM dbo.vote_ip WHERE IP ='$getIP' AND VoteID ='$id' order by LastDate desc");
118. $ip_last = $ip_ch['LastDate'];
119. $ip_can = $today - $ip_last;
120.  
121.  
122.  
123. If($can < $long || $ip_can < $long){
124. echo '<div class="error">Cant vote!</div>';
125. }else{
126. $check = $mssql->getCount("select * from dbo.vote_actions where Username = '$userID' AND VoteID ='$id' AND Status = '2' order by Date desc");
127. If($check == '0'){
128. $ready = sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_actions (Username, Status, VoteID, Date) VALUES ('$userID', '2', '$id', '$today')");
129. sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_ip (IP, LastDate, VoteID) VALUES ('$getIP', '$today', '$id')");
130. $mssql->addsilk($uJID, $reward);
131.  
132. }else{
133. $del = sqlsrv_query($mssql->connection,"DELETE FROM dbo.vote_actions WHERE Username = '$userID' AND Status = '2' AND VoteID = '$id'");
134. If($del){
135. $ready = sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_actions (Username, Status, VoteID, Date) VALUES ('$userID', '2', '$id', '$today')");
136. sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_ip (IP, LastDate, VoteID) VALUES ('$getIP', '$today', '$id')");
137. $mssql->addsilk($uJID, $reward);
138. }}
139.  
140. ?>
141. <script type='text/javascript'>window.location='<?php echo $info['Link'];?>';</script>
142.  
143. <?php
144.  
145. }
146.  
147. }if (isset($_GET['logout'])) {
148. session_start();
149. session_unset();
150. session_destroy();
151. header("location:?news");
152. }
153.  
154.  
155.  
156.  
157.  
158.  
159. echo'<table>';
160.  
161. $links = sqlsrv_query($mssql->connection,"select * from dbo.vote_links order by ID asc") ;
162.  
163. while($row = sqlsrv_fetch_array($links)):
164. echo '
165.  
166.  
167. <form method="POST">
168. <tr><td class="tw" align="center" width="50%" ><img src="'.$row['Img'].'" />
169. </td><td width="45%" class="tw2" >Reward: '.$row['Reward'].' Silks</td><td class="tw2" >
170. '.$mssql->status($userID, $row['ID'], $row['Time']).'
171. </td><input type="hidden" name="voteid" id="voteid" Value="'.$row['ID'].'" >
172. <td width="25%" class="tw2" ><input class="vote" type="submit" name="vote" value="VOTE" /></td></tr>
173.  
174. </form>';
175. endWhile;
176.  
177. echo'</table></div>';
178.  
179. echo' </div></div></div>';
180.  
181.  
182.  
183.  
184.  
185. }
186.  
187.  
188.  
189.  
190.  
191.  
192.  
193.  
194.  
195.  
196. ?>
197. <div id="footer">Deja45Vu&reg 2013</div>