Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## index.php
- <?php
- //session_start();
- error_reporting(E_ALL);
- include_once("action.php");
- var_dump($_SESSION['logged_in']);
- if(!isset($_SESSION['logged_in']))
- {
- // display login/ register / resend password forms
- ?>
- Login Form:
- <form name="login" action="action.php?action=login" method="post" id="submitForm">
- <label for="username">Username</label><input type="text" name="username" class="input"/> <br />
- <label for="pass">Password</label><input type="password" name="pass" class="input"/> <br />
- <input type="hidden" name="redirect_to" value="<?php echo htmlentities($_SERVER['HTTP_REFERER']); ?>"/>
- <input type="submit" value="login" class="button"/>
- </form>
- Register form:
- <form name="register" action="action.php?action=register" method="post" id="submitForm">
- <label for="username">Username</label><input type="text" name="username" maxlength="60" /><br />
- <label for="email">Email Address</label><input type="text" name="email" maxlength="60" /> <br />
- <label for="pass">Password</label><input type="password" name="pass" maxlength="10" /><br />
- <label for="pass2">Confirm Password</label><input type="password" name="pass2" maxlength="10" /><br />
- <input type="submit" name="submit" value="Register" class="button"/>
- </form>
- Forgot password form
- <form name="forgotPassword" action="action.php?action=resend_password" method="post" id="submitForm">
- <label for="forgotEmail">Email Address</label><input type="text" name="ForgotEmail" class="input"/> <br />
- <input type="hidden" name="redirect_to" value="<?php echo htmlentities($_SERVER['HTTP_REFERER']); ?>"/>
- <input type="submit" value="Resend Password" class="button"/>
- </form>
- <?php
- }
- else
- {
- ?>
- Logout:<br />
- <a href="action.php?action=logout">logout</a>
- submit tab:<br />
- submit Request:<br />
- edit user settings:<br />
- show submitted tabs:<br />
- show comments by user:<br />
- show tab ratings by user:<br />
- show comment ratings by user:<br />
- <?php
- }
- ?>
- Search:<br />
- show all tabs:<br />
- show all artists:<br />
- show newest tabs:<br />
- show requests <br />
- <h3>show one tab:</h3>
- <br />
- <?php
- show_one_tab(13);
- ?>
- <br />
- end show one tab<br />
- <br />showone
- ## action.php
- <?php
- @session_start();
- error_reporting(E_ALL);
- require_once 'config.php';
- require_once 'query.php';
- $db_login_class = new DBLogin;
- $db_open = $db_login_class->db_open();
- $query = new Query();
- // TODO: implement safeHTML
- // secure user entry against XSS and various other attacks
- function secure_str($str_in)
- {
- $db_open;
- return mysql_real_escape_string($str_in);
- }
- // main switch statement that forwards appropriate $_GET to function
- switch (isset($_GET['action']))
- {
- // A- login / logout / register / resend password
- case "login":
- if ($_SERVER['REQUEST_METHOD']=="POST" && isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['redirect_to']))
- {
- login(secure_str( $_POST['username']), md5($_POST['pass']), secure_str($_POST['redirect_to']) );
- }
- else
- {
- $error = "LOGIN ERROR in input variables";
- header("Location: " . URL);
- }
- break;
- case "logout":
- logout();
- break;
- case "register";
- // TODO: add paramters to function
- if ($_SERVER['REQUEST_METHOD']=="POST" && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['pass']) && isset($_POST['pass2']))
- {
- if ( isset($_POST['pass']) != isset($_POST['pass2']))
- {
- $error = "passwords don't match";
- exit;
- }
- regiter(secure_str( $_POST['username']), secure_str( $_POST['email']), md5($_POST['pass']), md5($_POST['pass2']));
- }
- else
- {
- $error = "LOGIN ERROR in input variables";
- header("Location: " . URL);
- }
- break;
- case "reset_password";
- break;
- case "change_password";
- break;
- // B- Session Management
- case "login_validate";
- break;
- case "login_check";
- break;
- // C- search
- case "search":
- break;
- // D- show top / newest / all tabs
- case "newest_tabs";
- break;
- case "all_tabs";
- break;
- case "top_tabs";
- break;
- // E- various queries
- case "artist";
- break;
- case "user";
- break;
- case "all_users";
- break;
- case "all_users";
- break;
- case "tab";
- break;
- case "show_one_tab";
- show_one_tab(secure_str($_GET['tab_id']));
- break;
- // F- comment / tab / request ratings
- case "comment_up";
- break;
- case "comment_dn";
- break;
- case "tab_up";
- break;
- case "tab_dn";
- break;
- case "request_up";
- break;
- case "request_dn";
- break;
- // M- Misc
- case "show_ads";
- break;
- default;
- //header("Location: " . URL . "/beta");
- break;
- }
- /*******************************************************************************
- * Functions *******************************************************************
- * *****************************************************************************
- */
- // A- login / logout / register / resend password
- function login($user_name, $user_password, $redirect_to)
- {
- $db_open;
- $sql = "SELECT user_alias FROM users WHERE user_alias = '$user_name' AND user_pwd = '$user_password'";
- $result = mysql_query($sql)or die("ERROR - function-login: ".mysql_error());;
- if(mysql_num_rows($result) == 1)
- { // correct username and password
- $_SESSION['logged_in'] = true;
- $_SESSION['loggeduser'] = $user_name;
- login_validate();
- //header('Location: '.$redirect_to);
- header('Location: '. URL);
- }
- else
- { // false user password
- $error = "LOGIN - ERROR ";
- header('Location: ' . URL);
- }
- } // end function login()
- function logout()
- {
- session_start();
- if (isset($_SESSION['logged_in']))
- {
- session_unset();
- unset($_SESSION['logged_in']);
- $_SESSION['logged_in'] = false;
- }
- header('Location: ' . URL);
- } // end function logout()
- // TODO: fix parameters
- function register($user_name, $email, $pass, $pass2)
- {
- if (!get_magic_quotes_gpc())
- {
- $user_name = addslashes($user_name);
- }
- db_open();
- $usercheck = $user_name;
- $checkSQL = mysql_query("SELECT user_alias FROM users WHERE user_alias = '$usercheck'") or die("Error: register() sql error -" . mysql_error());
- $checkNumRowsUser = mysql_num_rows($checkSQL);
- $emailcheck = $email;
- $checkSQL2 = mysql_query("SELECT user_email FROM users WHERE user_email = '$emailcheck'") or die("Error: register() sql error -" . mysql_error());
- $checkNumRowsEmail = mysql_num_rows($checkSQL2);
- //if the name exists it gives an error
- if ($checkNumRowsUse != 0 | $checkNumRowsEmail !=0)
- {
- die('Sorry nickname is already in use.');
- }
- // check for proper email address
- /*if (! preg_match( '/^[A-Za-z0-9!#$%&\'*+-/=?^_`{|}~]+@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)+[A-Za-z]$/', $emailcheck))
- {
- die("Irregular password");
- }*/
- // here we encrypt the password and add slashes if needed
- if (!get_magic_quotes_gpc())
- {
- $pass = addslashes(md5($pass));
- $user_name = addslashes($user_name);
- }
- // now we insert it into the database
- $db_open;
- $insert = "INSERT INTO users (user_alias, user_pwd, user_email, time_added)
- VALUES ('".$user_name."', '".$pass."', '".$email."', DATE_ADD(NOW(), INTERVAL 2 HOUR))";
- $add_member = mysql_query($insert);
- //echo "Registered, You may now login";
- } // end function register()
- function reset_password()
- {
- // generate random 8 charactar password
- $numb_chars = 8;
- $chars = 'abcdefghijklmnopqrstuvwxyz1234567890';
- for ($i = 0 ; $i <= $numb_chars; $i++)
- {
- $random_number = rand(0, (strlen($chars) - 1));
- $new_password .= $chars[$random_number];
- }
- // TODO: code to send password
- } // end function reset_password()
- function change_password()
- {
- } // end function change_password()
- // B- Session Management
- function login_validate()
- {
- //@session_start();
- $timeout = 600; // 10 minutes
- $_SESSION["expires_by"] = time() + $timeout;
- }
- function login_check()
- {
- //@session_start();
- $exp_time = intval($_SESSION["expires_by"]);
- if (time() < $exp_time)
- {
- login_validate();
- return true;
- }
- else
- {
- unset($_SESSION["expires_by"]);
- return false;
- }
- }
- // C- search
- function search()
- {
- // user search
- // tab search
- // artist search
- // request search
- } // end function search()
- // function display all tabs
- function show_one_tab($tab_id)
- {
- $query = new Query();
- // add 1 to number of hits
- $query->add_number_of_hits($tab_id);
- $user_id = 1; //TODO $_SESSION['user_id'];
- // get tab information)
- $artist_name = $query->get_single_tab($tab_id)->artist_name;
- $song_name = $query->get_single_tab($tab_id)->song_name;
- $number_of_hits = $query->get_single_tab($tab_id)->number_of_hits;
- $user_alias = $query->get_single_tab($tab_id)->user_alias;
- $tab_version = $query->get_single_tab($tab_id)->tab_version;
- $tab_text = $query->get_single_tab($tab_id)->tab_text;
- $time_added= $query->convert_datetime_into_something_readable($query->get_single_tab($tab_id)->time_added);
- // get tab rating
- $tab_rating = $query->get_single_tab_rating($tab_id);
- // rate tab up or dn
- $rate_tab_up = $query->rate_a_single_tab($user_id, $tab_id, 1);
- $rate_tab_dn = $query->rate_a_single_tab($user_id, $tab_id, -1);
- display_tab($tab_id, $artist_name, $song_name, $number_of_hits, $user_alias, $tab_version, $tab_text, $time_added, $tab_rating);
- }
- // displays one tab template
- function display_tab($tab_id, $artist_name, $song_name, $number_of_hits, $user_alias, $tab_version, $tab_text, $time_added, $tab_rating)
- {
- ?>
- <div id="tabContainer">
- <span class="listTextHeading">
- <a href="tab.php?id=<?php echo htmlentities($tab_id); ?>" class="listText">
- <?php echo htmlentities($song_name); ?>
- </a>
- <?php
- if ($tab_version >= 2)
- {
- echo htmlentities(" - Version " .$tab_version);
- }
- ?>
- </span>
- <span class="listTextHeadingTwo">
- <a href="search.php?artist=<?php echo htmlentities($artist_name); ?>" class="listText">
- <?php echo htmlentities($artist_name); ?>
- </a>
- </span> <br />
- <span class="listTextHeadingThree">
- <?php echo htmlentities("Rated: " . $tab_rating. " - (" . $number_of_hits . " hits) - Tabbed by: "); ?>
- <a href="search.php?user=<?php echo htmlentities($user_alias); ?>" class="listText">
- <?php echo htmlentities($user_alias); ?>
- </a>
- <?php echo htmlentities(" Added on " . $time_added); ?>
- <br />
- <?php echo TAB_USAGE_DISCLAIMER; ?><br />
- <a href="#">print this</a> -
- <?php
- //if user is logged in then allow to voteup or down
- // if not then display a message to register/login
- if ( login_check())
- {
- ?>
- <a href='<?php echo htmlentities($rate_tab_up); ?>'> Vote up</a> -
- <a href='<?php echo htmlentities($rate_tab_dn); ?>'> Vote Down</a>
- <?php
- }
- else
- {
- echo "Login or Register to rate this tab";
- }
- ?>
- </span> <br /> <hr />
- <div class="txtTab"><?php echo nl2br(htmlentities($tab_text)); ?> </div>
- <?php /*//TODO include 'pages/comment.php' ;*/ ?>
- </div>
- <?php
- } // end display tab function
- ?>
- <?php
- ?>
Add Comment
Please, Sign In to add comment