API tools faq
paste
Guest User

Untitled

a guest
Jul 1st, 2018
197
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.43 KB | None | 0 0
raw download clone embed print report
  1. ## index.php
  2.  
  3. <?php
  4. //session_start();
  5. error_reporting(E_ALL);
  6.  
  7. include_once("action.php");
  8.  
  9. var_dump($_SESSION['logged_in']);
  10.  
  11. if(!isset($_SESSION['logged_in']))
  12. {
  13. // display login/ register / resend password forms
  14.  
  15. ?>
  16. Login Form:
  17. <form name="login" action="action.php?action=login" method="post" id="submitForm">
  18. <label for="username">Username</label><input type="text" name="username" class="input"/> <br />
  19. <label for="pass">Password</label><input type="password" name="pass" class="input"/> <br />
  20. <input type="hidden" name="redirect_to" value="<?php echo htmlentities($_SERVER['HTTP_REFERER']); ?>"/>
  21. <input type="submit" value="login" class="button"/>
  22. </form>
  23.  
  24. Register form:
  25. <form name="register" action="action.php?action=register" method="post" id="submitForm">
  26. <label for="username">Username</label><input type="text" name="username" maxlength="60" /><br />
  27. <label for="email">Email Address</label><input type="text" name="email" maxlength="60" /> <br />
  28. <label for="pass">Password</label><input type="password" name="pass" maxlength="10" /><br />
  29. <label for="pass2">Confirm Password</label><input type="password" name="pass2" maxlength="10" /><br />
  30. <input type="submit" name="submit" value="Register" class="button"/>
  31. </form>
  32.  
  33. Forgot password form
  34. <form name="forgotPassword" action="action.php?action=resend_password" method="post" id="submitForm">
  35. <label for="forgotEmail">Email Address</label><input type="text" name="ForgotEmail" class="input"/> <br />
  36. <input type="hidden" name="redirect_to" value="<?php echo htmlentities($_SERVER['HTTP_REFERER']); ?>"/>
  37. <input type="submit" value="Resend Password" class="button"/>
  38. </form>
  39. <?php
  40.  
  41. }
  42. else
  43. {
  44. ?>
  45. Logout:<br />
  46. <a href="action.php?action=logout">logout</a>
  47.  
  48.  
  49. submit tab:<br />
  50.  
  51. submit Request:<br />
  52.  
  53. edit user settings:<br />
  54.  
  55. show submitted tabs:<br />
  56.  
  57. show comments by user:<br />
  58.  
  59. show tab ratings by user:<br />
  60.  
  61. show comment ratings by user:<br />
  62.  
  63.  
  64.  
  65. <?php
  66.  
  67. }
  68. ?>
  69.  
  70. Search:<br />
  71.  
  72.  
  73.  
  74. show all tabs:<br />
  75.  
  76.  
  77. show all artists:<br />
  78.  
  79.  
  80. show newest tabs:<br />
  81.  
  82.  
  83. show requests <br />
  84.  
  85.  
  86.  
  87. <h3>show one tab:</h3>
  88. <br />
  89. <?php
  90. show_one_tab(13);
  91. ?>
  92. <br />
  93. end show one tab<br />
  94.  
  95.  
  96. <br />showone
  97.  
  98.  
  99.  
  100.  
  101.  
  102.  
  103.  
  104.  
  105.  
  106.  
  107.  
  108.  
  109.  
  110.  
  111. ## action.php
  112.  
  113.  
  114.  
  115. <?php
  116. @session_start();
  117. error_reporting(E_ALL);
  118. require_once 'config.php';
  119. require_once 'query.php';
  120.  
  121. $db_login_class = new DBLogin;
  122. $db_open = $db_login_class->db_open();
  123.  
  124. $query = new Query();
  125.  
  126. // TODO: implement safeHTML
  127. // secure user entry against XSS and various other attacks
  128. function secure_str($str_in)
  129. {
  130. $db_open;
  131. return mysql_real_escape_string($str_in);
  132. }
  133.  
  134.  
  135.  
  136. // main switch statement that forwards appropriate $_GET to function
  137. switch (isset($_GET['action']))
  138. {
  139. // A- login / logout / register / resend password
  140. case "login":
  141. if ($_SERVER['REQUEST_METHOD']=="POST" && isset($_POST['username']) && isset($_POST['pass']) && isset($_POST['redirect_to']))
  142. {
  143. login(secure_str( $_POST['username']), md5($_POST['pass']), secure_str($_POST['redirect_to']) );
  144. }
  145. else
  146. {
  147. $error = "LOGIN ERROR in input variables";
  148. header("Location: " . URL);
  149. }
  150. break;
  151. case "logout":
  152. logout();
  153. break;
  154. case "register";
  155. // TODO: add paramters to function
  156. if ($_SERVER['REQUEST_METHOD']=="POST" && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['pass']) && isset($_POST['pass2']))
  157. {
  158. if ( isset($_POST['pass']) != isset($_POST['pass2']))
  159. {
  160. $error = "passwords don't match";
  161. exit;
  162. }
  163. regiter(secure_str( $_POST['username']), secure_str( $_POST['email']), md5($_POST['pass']), md5($_POST['pass2']));
  164. }
  165. else
  166. {
  167. $error = "LOGIN ERROR in input variables";
  168. header("Location: " . URL);
  169. }
  170. break;
  171. case "reset_password";
  172. break;
  173. case "change_password";
  174. break;
  175.  
  176. // B- Session Management
  177. case "login_validate";
  178. break;
  179. case "login_check";
  180. break;
  181.  
  182. // C- search
  183. case "search":
  184. break;
  185.  
  186. // D- show top / newest / all tabs
  187. case "newest_tabs";
  188. break;
  189. case "all_tabs";
  190. break;
  191. case "top_tabs";
  192. break;
  193.  
  194. // E- various queries
  195. case "artist";
  196. break;
  197. case "user";
  198. break;
  199. case "all_users";
  200. break;
  201. case "all_users";
  202. break;
  203. case "tab";
  204. break;
  205. case "show_one_tab";
  206. show_one_tab(secure_str($_GET['tab_id']));
  207. break;
  208.  
  209. // F- comment / tab / request ratings
  210. case "comment_up";
  211. break;
  212. case "comment_dn";
  213. break;
  214. case "tab_up";
  215. break;
  216. case "tab_dn";
  217. break;
  218. case "request_up";
  219. break;
  220. case "request_dn";
  221. break;
  222.  
  223. // M- Misc
  224. case "show_ads";
  225. break;
  226.  
  227. default;
  228. //header("Location: " . URL . "/beta");
  229. break;
  230. }
  231.  
  232.  
  233.  
  234. /*******************************************************************************
  235. * Functions *******************************************************************
  236. * *****************************************************************************
  237. */
  238.  
  239. // A- login / logout / register / resend password
  240.  
  241. function login($user_name, $user_password, $redirect_to)
  242. {
  243. $db_open;
  244. $sql = "SELECT user_alias FROM users WHERE user_alias = '$user_name' AND user_pwd = '$user_password'";
  245. $result = mysql_query($sql)or die("ERROR - function-login: ".mysql_error());;
  246. if(mysql_num_rows($result) == 1)
  247. { // correct username and password
  248.  
  249. $_SESSION['logged_in'] = true;
  250. $_SESSION['loggeduser'] = $user_name;
  251. login_validate();
  252. //header('Location: '.$redirect_to);
  253. header('Location: '. URL);
  254. }
  255. else
  256. { // false user password
  257. $error = "LOGIN - ERROR ";
  258. header('Location: ' . URL);
  259. }
  260. } // end function login()
  261.  
  262. function logout()
  263. {
  264. session_start();
  265.  
  266. if (isset($_SESSION['logged_in']))
  267. {
  268. session_unset();
  269. unset($_SESSION['logged_in']);
  270. $_SESSION['logged_in'] = false;
  271. }
  272. header('Location: ' . URL);
  273. } // end function logout()
  274.  
  275. // TODO: fix parameters
  276. function register($user_name, $email, $pass, $pass2)
  277. {
  278. if (!get_magic_quotes_gpc())
  279. {
  280. $user_name = addslashes($user_name);
  281. }
  282. db_open();
  283. $usercheck = $user_name;
  284. $checkSQL = mysql_query("SELECT user_alias FROM users WHERE user_alias = '$usercheck'") or die("Error: register() sql error -" . mysql_error());
  285. $checkNumRowsUser = mysql_num_rows($checkSQL);
  286. $emailcheck = $email;
  287. $checkSQL2 = mysql_query("SELECT user_email FROM users WHERE user_email = '$emailcheck'") or die("Error: register() sql error -" . mysql_error());
  288. $checkNumRowsEmail = mysql_num_rows($checkSQL2);
  289.  
  290. //if the name exists it gives an error
  291. if ($checkNumRowsUse != 0 | $checkNumRowsEmail !=0)
  292. {
  293. die('Sorry nickname is already in use.');
  294. }
  295.  
  296. // check for proper email address
  297. /*if (! preg_match( '/^[A-Za-z0-9!#$%&\'*+-/=?^_`{|}~]+@[A-Za-z0-9-]+(\.[A-Za-z0-9-]+)+[A-Za-z]$/', $emailcheck))
  298. {
  299. die("Irregular password");
  300. }*/
  301.  
  302. // here we encrypt the password and add slashes if needed
  303. if (!get_magic_quotes_gpc())
  304. {
  305. $pass = addslashes(md5($pass));
  306. $user_name = addslashes($user_name);
  307. }
  308.  
  309. // now we insert it into the database
  310. $db_open;
  311. $insert = "INSERT INTO users (user_alias, user_pwd, user_email, time_added)
  312. VALUES ('".$user_name."', '".$pass."', '".$email."', DATE_ADD(NOW(), INTERVAL 2 HOUR))";
  313. $add_member = mysql_query($insert);
  314. //echo "Registered, You may now login";
  315.  
  316. } // end function register()
  317.  
  318. function reset_password()
  319. {
  320.  
  321. // generate random 8 charactar password
  322. $numb_chars = 8;
  323. $chars = 'abcdefghijklmnopqrstuvwxyz1234567890';
  324. for ($i = 0 ; $i <= $numb_chars; $i++)
  325. {
  326. $random_number = rand(0, (strlen($chars) - 1));
  327. $new_password .= $chars[$random_number];
  328. }
  329. // TODO: code to send password
  330.  
  331. } // end function reset_password()
  332.  
  333. function change_password()
  334. {
  335.  
  336. } // end function change_password()
  337.  
  338.  
  339.  
  340. // B- Session Management
  341. function login_validate()
  342. {
  343. //@session_start();
  344. $timeout = 600; // 10 minutes
  345. $_SESSION["expires_by"] = time() + $timeout;
  346. }
  347.  
  348. function login_check()
  349. {
  350. //@session_start();
  351. $exp_time = intval($_SESSION["expires_by"]);
  352. if (time() < $exp_time)
  353. {
  354. login_validate();
  355. return true;
  356. }
  357. else
  358. {
  359. unset($_SESSION["expires_by"]);
  360. return false;
  361. }
  362. }
  363.  
  364. // C- search
  365. function search()
  366. {
  367. // user search
  368.  
  369.  
  370. // tab search
  371.  
  372.  
  373. // artist search
  374.  
  375.  
  376. // request search
  377.  
  378.  
  379.  
  380. } // end function search()
  381.  
  382.  
  383.  
  384.  
  385.  
  386.  
  387.  
  388.  
  389. // function display all tabs
  390. function show_one_tab($tab_id)
  391. {
  392. $query = new Query();
  393. // add 1 to number of hits
  394. $query->add_number_of_hits($tab_id);
  395. $user_id = 1; //TODO $_SESSION['user_id'];
  396. // get tab information)
  397. $artist_name = $query->get_single_tab($tab_id)->artist_name;
  398. $song_name = $query->get_single_tab($tab_id)->song_name;
  399. $number_of_hits = $query->get_single_tab($tab_id)->number_of_hits;
  400. $user_alias = $query->get_single_tab($tab_id)->user_alias;
  401. $tab_version = $query->get_single_tab($tab_id)->tab_version;
  402. $tab_text = $query->get_single_tab($tab_id)->tab_text;
  403. $time_added= $query->convert_datetime_into_something_readable($query->get_single_tab($tab_id)->time_added);
  404.  
  405. // get tab rating
  406. $tab_rating = $query->get_single_tab_rating($tab_id);
  407.  
  408. // rate tab up or dn
  409. $rate_tab_up = $query->rate_a_single_tab($user_id, $tab_id, 1);
  410. $rate_tab_dn = $query->rate_a_single_tab($user_id, $tab_id, -1);
  411.  
  412. display_tab($tab_id, $artist_name, $song_name, $number_of_hits, $user_alias, $tab_version, $tab_text, $time_added, $tab_rating);
  413.  
  414.  
  415. }
  416.  
  417.  
  418.  
  419.  
  420.  
  421. // displays one tab template
  422. function display_tab($tab_id, $artist_name, $song_name, $number_of_hits, $user_alias, $tab_version, $tab_text, $time_added, $tab_rating)
  423. {
  424. ?>
  425. <div id="tabContainer">
  426. <span class="listTextHeading">
  427. <a href="tab.php?id=<?php echo htmlentities($tab_id); ?>" class="listText">
  428. <?php echo htmlentities($song_name); ?>
  429. </a>
  430. <?php
  431. if ($tab_version >= 2)
  432. {
  433. echo htmlentities(" - Version " .$tab_version);
  434. }
  435. ?>
  436. </span>
  437. <span class="listTextHeadingTwo">
  438. <a href="search.php?artist=<?php echo htmlentities($artist_name); ?>" class="listText">
  439. <?php echo htmlentities($artist_name); ?>
  440. </a>
  441. </span> <br />
  442. <span class="listTextHeadingThree">
  443. <?php echo htmlentities("Rated: " . $tab_rating. " - (" . $number_of_hits . " hits) - Tabbed by: "); ?>
  444. <a href="search.php?user=<?php echo htmlentities($user_alias); ?>" class="listText">
  445. <?php echo htmlentities($user_alias); ?>
  446. </a>
  447. <?php echo htmlentities(" Added on " . $time_added); ?>
  448. <br />
  449.  
  450. <?php echo TAB_USAGE_DISCLAIMER; ?><br />
  451.  
  452. <a href="#">print this</a> -
  453.  
  454. <?php
  455. //if user is logged in then allow to voteup or down
  456. // if not then display a message to register/login
  457. if ( login_check())
  458. {
  459. ?>
  460. <a href='<?php echo htmlentities($rate_tab_up); ?>'> Vote up</a> -
  461. <a href='<?php echo htmlentities($rate_tab_dn); ?>'> Vote Down</a>
  462. <?php
  463. }
  464. else
  465. {
  466. echo "Login or Register to rate this tab";
  467. }
  468. ?>
  469.  
  470. </span> <br /> <hr />
  471. <div class="txtTab"><?php echo nl2br(htmlentities($tab_text)); ?> </div>
  472.  
  473. <?php /*//TODO include 'pages/comment.php' ;*/ ?>
  474. </div>
  475.  
  476. <?php
  477. } // end display tab function
  478. ?>
  479.  
  480.  
  481.  
  482.  
  483. <?php
  484.  
  485.  
  486.  
  487.  
  488.  
  489.  
  490. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!