<?phpob_start();session_start();require_once("core.php");require_once("s

1. <?php
2. ob_start();
3. session_start();
4. require_once("core.php");
5. require_once("secure.php");
6. include("config.php");
7. $mssql = new mssql($db_acc);
8.  
9. ?>
10. <head>
11. <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
12. <link rel="shortcut icon" href="favicon.png" type="image/x-icon" />
13. <title><?php echo $title; ?></title>
14. <link rel="stylesheet" type="text/css" href="style.css" />
15. </head>
16.  
17.  
18. <?php if(!isset($_SESSION['loggedin'])) {
19. echo'
20. <div id="logo">'.$logotxt.'</div>
21. <div id="top">
22. <div class="head">Vote Panel</div>
23. <div id="box">
24. ';
25.  
26.  
27.  
28.  
29. if(isset($_POST['login'])) {
30. $username = anti_injection($_POST["username"]);
31. $password = anti_injection($_POST["password"]);
32. if($username == "" || $password == "")
33. {
34. echo' <div class="error">Please fill all fields!</div>';
35. }else{
36. $enpass = md5($password);
37. $newpass = sha1($enpass);
38. $verifyAccount = $mssql->getCount("select * from TB_User where StrUserID = '$username' AND password = '$enpass'");
39. if($verifyAccount <= 0) {
40. echo ' <div class="error">Invalid username and/or password!</div>';
41. }else{
42. $name = $mssql->getArray("select * from TB_User where StrUserID = '$username'");
43.  
44. $_SESSION['loggedin'] = "YES";
45. $_SESSION['name'] = $username;
46. header("location:index.php");
47. }
48. }
49. }
50. echo'
51. <form action="" method="POST">
52.  
53. <div class="login">
54. <table>
55. <tr>
56. <td>Login</td><td><input type="text" name="username" id="username" /></td>
57. </tr>
58. <tr>
59. <td>Password</td><td><input type="password" name="password" id="password" /></td>
60. </tr>
61. <tr>
62. <td></td><td><input type="submit" value="Login" name="login" /></td>
63. </tr>
64. </table>
65. </form>
66. ';
67.  
68. echo' </div></div></div>';
69.  
70. }else{
71. $userID = $_SESSION['name'];
72. $getU = $mssql->getArray("select * from TB_User where StrUserID = '$userID'") ;
73. $uJID = $getU['JID'];
74. $uGM = $getU['sec_content'];
75. $uName = $getU['Name'];
76. $uSilk = $mssql->getArray("select * from SK_Silk where JID = '$uJID'");
77. $silk = $uSilk['silk_own'];
78. if ($silk == '') {
79. $silk = 0;
80. }
81. echo'
82.  
83. <div id="logo">'.$logotxt.'</div>
84. <div id="top" style="width:450px;">
85. <div class="head" style="width:450px;">Vote Panel - Welcome <font color="brown">'.$uName.' </font>!</div>
86. <div id="box" style="width:450px;">
87. <div class="user">
88. <div class="tw1">You have: '.$silk.' Silks</div>
89. ';
90.  
91.  
92.  
93. echo' <div class="tw2"><a href="?logout">Logout</a></div>';
94. If($uGM == '1'){
95. echo'<div class="tw2"><a href="admin.php"><font color="brown">Admin</font></a></div>';
96. }
97. echo '</div>';
98. If(isset($_POST["vote"])){
99. $id = anti_injection($_POST["voteid"]);
100.  
101. $silk = $mssql->getArray("SELECT * FROM dbo.vote_links WHERE ID = '$id'");
102. $reward = $silk['Reward'];
103.  
104. $today = time();
105.  
106. $date = $mssql->getArray("SELECT * FROM dbo.vote_actions WHERE VoteID = '$id' AND Username = '$userID' order by Date desc");
107. $last = $date['Date'];
108.  
109. $can = $today - $last;
110.  
111. $info = $mssql->getArray("select * from dbo.vote_links WHERE ID ='$id'");
112. $long = $info['Time'];
113. $getIP = $_SERVER['REMOTE_ADDR'];
114.  
115. $ip_ch = $mssql->getArray("SELECT * FROM dbo.vote_ip WHERE IP ='$getIP' AND VoteID ='$id' order by LastDate desc");
116. $ip_last = $ip_ch['LastDate'];
117. $ip_can = $today - $ip_last;
118.  
119.  
120.  
121. If($can < $long || $ip_can < $long){
122. echo '<div class="error">Cant vote!</div>';
123. }else{
124. $check = $mssql->getCount("select * from dbo.vote_actions where Username = '$userID' AND VoteID ='$id' AND Status = '2' order by Date desc");
125. If($check == '0'){
126. $ready = sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_actions (Username, Status, VoteID, Date) VALUES ('$userID', '2', '$id', '$today')");
127. sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_ip (IP, LastDate, VoteID) VALUES ('$getIP', '$today', '$id')");
128. $mssql->addsilk($uJID, $reward);
129.  
130. }else{
131. $del = sqlsrv_query($mssql->connection,"DELETE FROM dbo.vote_actions WHERE Username = '$userID' AND Status = '2' AND VoteID = '$id'");
132. If($del){
133. $ready = sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_actions (Username, Status, VoteID, Date) VALUES ('$userID', '2', '$id', '$today')");
134. sqlsrv_query($mssql->connection,"INSERT INTO dbo.vote_ip (IP, LastDate, VoteID) VALUES ('$getIP', '$today', '$id')");
135. $mssql->addsilk($uJID, $reward);
136. }}
137. ?>
138. <script type='text/javascript'>window.location='<?php echo $info['Link']; ?>';</script>
139. <?php
140.  
141. }
142.  
143. }if (isset($_GET['logout'])) {
144. session_start();
145. session_unset();
146. session_destroy();
147. header("location:?news");
148. }
149.  
150.  
151.  
152.  
153.  
154.  
155. echo'<table>';
156.  
157. $links = sqlsrv_query($mssql->connection,"select * from dbo.vote_links order by ID asc") ;
158.  
159. while($row = sqlsrv_fetch_array($links)):
160. echo '
161. <form method="POST">
162. <tr><td class="tw" align="center" width="50%" ><img src="'.$row['Img'].'" /></td><td width="45%" class="tw2" >Reward: '.$row['Reward'].' Silks</td><td class="tw2" >'.$mssql->status($userID, $row['ID'], $row['Time']).'</td><input type="hidden" name="voteid" id="voteid" Value="'.$row['ID'].'" ><td width="25%" class="tw2" ><input class="vote" type="submit" name="vote" value="VOTE" /></td></tr>
163. </form>';
164. endWhile;
165.  
166. echo'</table></div>';
167. echo' </div></div></div>';
168. }
169. ?>
170. <div id="footer">Deja45Vu&reg 2013</div>