Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //////////////////////////
- // phuct uploads //
- // objects.php //
- //////////////////////////
- class database {
- function connect()
- {
- // if ( $_SERVER["REMOTE_ADDR"] == "127.0.0.1" ) { $domain = "localhost"; }
- //else{
- //$domain = "mysql.rypedesigns.com";
- //}
- $dbuser = "rype";
- $dbpass = "password!";
- $dbname = "rype_db";
- $dbhost = "mysql.rypesrealm.com";
- $this->id = mysql_connect($dbhost, $dbuser, $dbpass) or die("<br />Failed onConnect(DB); printing report..<br />" . mysql_error());
- mysql_select_db($dbname, $this->id) or die ("<br />Failed onSelect('{$dbname}'); printing report..<br />" . mysql_error());
- return $this->id;
- } // end connect()
- function query($query_inp, $results = false, $result_name = false)
- {
- global $DB;
- if ( $this->qcount == 0 || $this->qcount == false ){
- $this->qcount = 1;
- } else {
- ++$this->qcount;
- }
- $result = @mysql_query($query_inp, $this->id);
- if ( $result !== false && $result !== NULL ){
- $this->error = NULL;
- $this->last_query = $query_inp;
- if ( !isset($result_name) || $result_name == false ){
- $this->result = $result; }
- else{ $this->$result_name = $result; }
- if ( $results == true || $results == "1" ){ $result_count = 0;
- $this->count_query = preg_replace('/LIMIT(\s*)(\d*\s*,)?(\s*)(\d*)/', '', $query_inp);
- $count_result = @mysql_query($this->count_query, $this->id);
- while ( $row = mysql_fetch_row($count_result) )
- { $result_count++; }
- $this->results = $result_count;
- return @mysql_query($query_inp, $this->id);
- } else {
- return true;
- }
- } else {
- $this->error = mysql_error();
- $this->last_query = $query_inp;
- return $this->result = false;
- }
- } // end query
- } // end DB
- $DB = new database();
- $DB->connect();
- class user {
- }
- $user = new user();
- class prescripts{
- function logout(){
- setcookie("id", '', time()+1, "/uploads", "rypesrealm.com");
- setcookie("username", '', time()+1, "/uploads", "rypesrealm.com");
- setcookie("password", '', time()+1, "/uploads", "rypesrealm.com");
- setcookie("time", '', time()+1, "/uploads", "rypesrealm.com");
- unset($_SESSION);
- }
- function login(){
- global $DB, $user;
- if ( $_POST['username'] && $_POST['password'] ){
- $username = $_POST['username'];
- $password = md5($_POST['password']);
- $DB->query("SELECT * FROM `phuct_users` WHERE `username` = '{$username}' AND `password` = '{$password}'");
- $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
- $row_id = $user_row['id'];
- $row_username = $user_row['username'];
- $row_password = $user_row['password'];
- if ( $DB->error == NULL && $user_row !== false && $password == $row_password ){
- if ( $_POST['setcookie'] == "true" ){
- setcookie("id", $row_id, time()+3600, "/uploads", "rypesrealm.com");
- setcookie("username", $row_username, time()+3600, "/uploads", "rypesrealm.com");
- setcookie("password", $row_password, time()+3600, "/uploads", "rypesrealm.com");
- setcookie("time", time(), time()+3600, "/uploads", "rypesrealm.com");
- }
- // $GLOBALS['user']['id'] = $id;
- // $GLOBALS['user']['name'] = $username;
- // $GLOBALS['user']['password'] = $password;
- // $GLOBALS['user']['logged_in'] = true;
- $user->id = $id;
- $user->username = $username;
- $user->password = $password;
- $user->logged_in = true;
- $_SESSION['id'] = $id;
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- return true;
- } else {
- unset($_SESSION);
- $user->logged_in = false;
- return false;
- }
- }
- }
- function verify_user($id = false, $password = false){
- global $user, $DB;
- if ( $this->setcookie >= 1 ) return false;
- $setcookie = false; //FIX THIS addslashes($_POST);
- /* if ( isset($id) && isset($password) && $id !== false && $password !== false ){
- $column = "id";
- $id = $id;
- $password = md5($password);
- } else {
- */
- if ( isset($_COOKIE['id']) && isset($_COOKIE['password']) ){
- $column = "id";
- $id = $_COOKIE['id'];
- $password = $_COOKIE['password'];
- } elseif ( isset($_POST['username']) && isset($_POST['password']) ) {
- $setcookie = true;
- $column = "username";
- $id = $_POST['username'];
- $password = md5($_POST['password']);
- } else {
- return false;
- }
- // }
- $DB->query("SELECT * FROM `phuct_users` WHERE `{$column}` = '{$id}' AND `password` = '{$password}'");
- $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
- $id = $user_row['id'];
- $username = $user_row['username'];
- $password = $user_row['password'];
- if ( $DB->error == NULL && $user_row !== false && $password == $_COOKIE['password'] ){
- $user->id = $id;
- $user->username = $username;
- $user->password = $password;
- $user->logged_in = true;
- $_SESSION['id'] = $id;
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- return true;
- } else {
- unset($_SESSION);
- $user->logged_in = false;
- return false;
- }
- }
- function verify($parameters = false){
- global $root, $DB, $modules;
- if ( !isset($_COOKIE['id']) || !isset($_COOKIE['password']) ){
- $modules->user_forms();
- }
- }
- function send_login(){
- global $DB, $user;
- if ( $_POST['username'] && $_POST['password'] ) {
- $password = md5($_POST['password']);
- addslashes($_POST);
- $username = $_POST['username'];
- $page = $_POST['page'];
- if ( $_POST['previous_page'] ){ $pagelink = $_POST['previous_page']; } else { $pagelink = $page; }
- $query = "SELECT * FROM `phuct_users` WHERE `username` = '{$username}' AND `password` = '{$password}'";
- $DB->query($query);
- $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
- $id = $user_row['id'];
- // if ( $pre_header == false || !isset($pre_header) ) return;
- if ( $DB->error == NULL && $user_row !== false ){
- setcookie("id", $id);
- setcookie("username", $username);
- setcookie("password", $password);
- $this->id = $id;
- $this->username = $username;
- $this->password = $password;
- $_SESSION['id'] = $id;
- $_SESSION['username'] = $username;
- $_SESSION['password'] = $password;
- return;
- }
- }
- }
- function download_file($file_id = false){
- global $user, $DB, $root;
- if ( isset($_GET['file_id']) && is_numeric($_GET['file_id']) ) { $file_id = $_GET['file_id']; }
- else{ $file_id = $file_id; }
- $DB->query("SELECT * FROM `phuct_uploads` WHERE `id` = {$file_id} LIMIT 1");
- $error = $DB->error;
- $file = mysql_fetch_array($DB->result);
- $file_dls = $file['downloads'] + 1;
- $DB->query("UPDATE `phuct_uploads` SET `downloads` = '{$file_dls}' WHERE `id` = '{$file['id']}' AND `username` = '{$file['username']}' LIMIT 1");
- $filename = $file['filename'];
- $file_url = "http://www.rypesrealm.com/uploads/uploads/" . $filename;
- $file_path = $root . "uploads/" . $filename;
- if ( !isset($error) && $filename ){
- $this->file_url = $file_url;
- dl_file($file_path);
- }
- }
- } // end prescripts()
- $prescripts = new prescripts();
- class secure_modules{
- function login(){
- global $user, $DB, $modules, $secure_modules;
- if ( $user->logged_in !== true )
- { return $modules->user_forms(); }
- else{ return $this->my_account(); }
- }
- function remove_file(){
- global $DB, $user, $modules, $root;
- $id = $_GET['id'];
- if ( is_numeric($id) ){
- $DB->query("SELECT * FROM `phuct_uploads` WHERE `id` = '{$id}' AND `uid` = '{$user->id}' AND `username` = '{$user->username}'", '1');
- if ( !isset($DB->error) && isset($DB->results) && $DB->results >= 1 ){
- $row = mysql_fetch_array($DB->result, MYSQL_ASSOC);
- $DB->query("DELETE FROM `phuct_uploads` WHERE `id` = '{$id}' AND `uid` = '{$user->id}' AND `username` = '{$user->username}' LIMIT 1");
- $filepath = $root . "uploads/" . $row['filename'];
- // print_r($row);
- // $query = "DELETE FROM `phuct_uploads` WHERE `id` = '{$id}' AND `uid` = '{$user->id}' AND `username` = '{$user->username}' LIMIT 1";
- if ( !isset($DB->error) && file_exists($filepath) )
- { unlink($filepath);
- echo "<h2>success!</h2>" . $row['filename'] . " removal complete."; }
- else{ echo "<h2>error!</h2>failed to delete " . $row['filename'] . "!<br />" . $DB->error; }
- } else {
- echo "<h2>error!</h2>" . $row['filename'] . " (id = $id) is either not owned by you, or doesn't exist.";
- }
- }
- }
- function upload(){
- global $user, $DB, $modules, $root;
- if ( $user->logged_in !== true ) return $modules->user_forms();
- //$file = $root . "frontend/upload_form.php";
- // return str_replace('replaceme', $user->username, read_file($file));
- include($root . 'frontend/upload_form.php');
- }
- function upload_handler(){
- global $DB, $user, $functions, $root;
- if ( $user->logged_in !== true ) return $this->user_forms();
- echo "<div align=\"center\" style=\"width: {$GLOBALS['content_width']}\"><br /><br />";
- foreach ( $_POST as $key => $val ){
- $_POST[$key] = addslashes($val);
- }
- if ( isset($_POST['title']) && $_POST['title'] !== "file title" )
- { $title = $_POST['title']; }
- else{ $title = pathinfo($_FILES['uploaded_file']['name']);
- $title = $title['filename']; }
- $username = $_POST['username'];
- $fileinfo = pathinfo($_FILES['uploaded_file']['name']);
- $extension = $fileinfo['extension'];
- $filename = preg_replace('~..~', '', $fileinfo['filename']);
- $filename = preg_replace('~./~', '', $fileinfo['filename']);
- $filename = $filename . "." . $fileinfo['extension'];
- $temp_file = $_FILES['uploaded_file']['tmp_name'];
- $file_home = $root . "uploads/" . basename($filename);
- $uploads_folder = $root . "uploads/";
- $thumbnail_folder = $root . "uploads/thumbnails/";
- $exists = file_exists($file_home);
- if ( isset($_FILES['uploaded_file']['name']) && $exists == false ){
- $query = "INSERT INTO `phuct_uploads` (`uid`, `username`, `title`, `filename`, `extension`) VALUES ('" . $user->id . "', '{$username}', '{$title}', '{$filename}', '{$extension}')";
- $DB->query($query);
- if ( !isset($DB->error) && move_uploaded_file($temp_file, $file_home) ){
- if ( file_exists($thumbnail_folder . $filename) !== true && $extension == "jpeg" || $extension == "jpg" || $extension == "gif" || $extension == "png" || $extension == "bmp" ) {
- $functions->image->load($uploads_folder . $filename);
- $functions->image->resizeToWidth(220);
- $functions->image->save($thumbnail_folder . $filename);
- }
- echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action complete</span></h4><h2>upload successful</h2>{$filename} has been uploaded to <a href=\"uploads/" . rawurlencode($filename) . "\">uploads/{$filename}</a>";
- } else {
- echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action failed</span></h4><h2 class=\"error\">error!</h2>there was an error executing the SQL query: " . $DB->error;
- }
- }
- elseif ( $_FILES['uploaded_file']['name'] == NULL ){ echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action failed</span></h4><h2 class=\"error\">error!</h2>you haven't selected a file!"; }
- else { echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action failed</span></h4><h2 class=\"error\">error!</h2>upload failed: {$filename} -> {$file_home} already exists on the server!"; }
- echo "</div>";
- return;
- } // end upload_handler()
- function my_account($parameters = false){
- global $root, $DB, $user;
- if ( $user->logged_in !== true )
- { return $this->login(); }
- $DB->query("SELECT SUM(`downloads`) FROM `phuct_uploads` WHERE `uid` = {$user->id}");
- $total_downloads = mysql_fetch_array($DB->result);
- $total_downloads = $total_downloads["SUM(`downloads`)"];
- echo "
- <div align=\"center\" style=\"text-align: left; width: ".$GLOBALS['content_width']."\">
- <br />
- <h4 class=\"folder_box\" style=\"padding-bottom: 0px; text-align: left\"><span class=\"folder_name\">my account</span></h4>
- <h2 style=\"border-top: 1px solid #004477; border-left: 0px solid #004477; padding-left: 0px; margin-bottom: 4px; padding-bottom: 0px\"><a href=\"?act=browse&subact=search&subinput={$user->username}\" class=\"light_bloo\">{$user->username}</a> -- logged in as</h2>
- <a href=\"?act=logout\" class=\"orange\">Logout</a>
- <h4 class=\"folder_box\" style=\"padding-bottom: 0px; text-align: left\"><span class=\"folder_name\" style=\"margin-left: 64px\">my stats</span></h4>
- <div align=\"center\" class=\"folder\" style=\"text-align: left; border-top: 1px solid #004477; border-left: 0px solid #004477\" width=\"1%\">
- <b>total downloads: {$total_downloads} <br />
- uploads: 24 <br />
- average rating: n/a
- </div>
- ";
- $DB->query("SELECT * FROM `phuct_uploads` WHERE `uid` = '{$user->id}' AND `username` = '{$user->username}'");
- if ( !isset($DB->error) ){
- echo '
- <br />
- <h4 class=\"folder_box\" style="padding-bottom: 0px; text-align: left"><span class="folder_name" style="margin-left: 96px">my uploads</span></h4>
- <div align="center" style="text-align: left; margin-left: 0px; padding-left: 0px; padding-top: 8px; border-top: 1px solid #004477; border-left: 0px solid #004477" width="1%">
- <table cellspacing="1" cellpadding="4" width="100%" style="background-color: transparent; text-align: left" align="center">
- <tr>
- <td class="bloo_bar" width="1%">ID</td>
- <td class="bloo_bar">Title</td>
- <td class="bloo_bar">Filename</td>
- <td class="bloo_bar" width="1%">DLs</td>
- <td class="bloo_bar" width="1%">Delete</td>
- </tr>
- ';
- while ( $row = mysql_fetch_array($DB->result, MYSQL_ASSOC) ){
- echo "<tr>
- <td class=\"row3\" style=\"padding: 8px\">{$row['id']}</td>
- <td class=\"row2\" style=\"padding: 8px\"><a href=\"uploads/{$row['filename']}\" class=\"light_bloo\" style=\"font-weight: normal\">{$row['title']}</a></td>
- <td class=\"rowHover2\" style=\"padding: 8px\"><a href=\"uploads/{$row['filename']}\" class=\"light\" style=\"font-weight: normal\">{$row['filename']}</a></td>
- <td class=\"row3\" style=\"padding: 8px\">{$row['downloads']}</td>
- <td class=\"row3\" style=\"padding: 8px\">[ <a onClick=\"confirm_delete('{$row['filename']}', 'index.php?secure_act=remove_file&id={$row['id']}', 'void')\" href=\"javascript:void(0)\" class=\"orange\">X</a> ]</td>
- </tr>
- ";
- }
- echo "
- </table>
- <br /><br />
- </div>
- </div>
- ";
- }
- }
- }
- $secure_modules = new secure_modules();
- class modules {
- function login(){
- global $user;
- if ( $user->logged_in == true ){
- echo "<div align=\"center\" style=\"width: ".$GLOBALS['content_width']."\">
- <h4 class=\"folder_box\"><span class=\"folder_name\">action complete</span></h4>
- <h2>login successful</h2>
- you are logged in as {$user->username}!
- <br />
- you can now access <a href=\"?secure_act=my_account\">your account</a>.
- </div>
- ";
- } else {
- echo "<div align=\"center\" style=\"width: ".$GLOBALS['content_width']."\">
- <h4 class=\"folder_box\"><span class=\"folder_name\">action error</span></h4>
- <h2>login failed</h2>
- your username or password is incorrect.
- </div>
- ";
- }
- }
- function logout(){
- echo
- '
- <div align="center" style="width: '.$GLOBALS['content_width'].'">
- <br /><br />
- <h4 class="folder_box"><span class="folder_name">action successful</span></h4>
- <h2>logged out</h2>
- you\'ve been successfully logged out.
- </div>
- ';
- return;
- }
- function register(){
- global $DB, $user;
- echo "<div align=\"center\" style=\"width: ".$GLOBALS['content_width']."\">";
- if ( isset($_POST['username']) && isset($_POST['password']) && $_POST['password'] == $_POST['password_check'] ) {
- $password = md5($_POST['password']);
- addslashes($_POST);
- $username = $_POST['username'];
- $time = time();
- $query = "INSERT INTO `phuct_users` (`username`, `password`, `date_joined`) VALUES ('{$username}', '{$password}', '{$time}')";
- $DB->query($query);
- if ( $DB->error == NULL ){
- echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action successful</span></h4><h2>registration complete</h2>your username: {$username} <br><br> you can now <a href=\"?secure_act=my_account\">login</a>.</a></div>";
- return;
- } else {
- echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action error</span></h4><h2>registration error</h2>" . $DB->error . "</div>";
- return;
- }
- } else {
- echo "<h4 class=\"folder_box\"><span class=\"folder_name\">action error</span></h4><h2>registration unsuccessful</h2>there was a problem with your registration.</div>";
- return;
- }
- } // end register();
- function memberlist($parameters = false){
- global $DB, $user;
- echo
- '
- <div align="center" style="text-align: left; width: '.$GLOBALS["content_width"].'">
- <br />
- ';
- $margins[0] = "32px";
- $margins[1] = "64px";
- $margins[2] = "96px";
- $margins[3] = "128px";
- $i = 0;
- $DB->query('SELECT * FROM `phuct_users`');
- $new_result = $DB->result;
- while ( $row = mysql_fetch_array($new_result, MYSQL_ASSOC) ){
- $date = date('m.d.y', $row['date_joined']);
- $DB->query("SELECT COUNT(*) FROM `phuct_uploads` WHERE `uid` = '".$row['id']."'");
- $uploads = mysql_fetch_row($DB->result);
- $uploads = $uploads[0];
- $DB->query("SELECT SUM(`downloads`) FROM `phuct_uploads` WHERE `uid` = {$row['id']}");
- $total_downloads = mysql_fetch_array($DB->result);
- $total_downloads = $total_downloads["SUM(`downloads`)"];
- echo "<h4 class=\"folder_box\" style=\"padding-bottom: 0px; text-align: left\"><span class=\"folder_name\" style=\"margin-left: {$margins[$i]}\">member [#{$row['id']}]</span></h4>";
- // echo '<h4>joined on '.$date.'</h4>';
- echo '<h2 style="margin-bottom: 4px">'.$row['username'].'</h2>';
- echo 'uploads: ' . $uploads . '<br />';
- echo 'downloads: ' . $total_downloads . '<br />';
- echo 'joined: ' . $date. '<br />';
- echo '<br /><br />';
- if ( ++$i >= 3 ) $i = 0;
- }
- echo '</div>';
- }
- function list_files(){
- global $root;
- $files = scan_dir($root);
- print_r($files);
- if ( $files == false ) echo $root . "uploads/ could not be scanned!";
- foreach ( $files as $key => $val ){
- echo "$key => $val<br />";
- }
- }
- function browse($parameters = false){
- global $root, $DB;
- require($root . "backend/modules/browse.php");
- return;
- }
- function browser($parameters = false){
- global $root, $DB;
- require($root . "backend/modules/browser.php");
- return;
- }
- function user_forms($parameters = false){
- global $root, $DB;
- // echo read_file($root . "frontend/user_forms.php");
- require($root . "frontend/user_forms.php");
- }
- function send_login($pre_header = false){
- global $DB, $user;
- if ( $_POST['username'] && $_POST['password'] ) {
- $password = md5($_POST['password']);
- addslashes($_POST);
- $username = $_POST['username'];
- $page = $_POST['page'];
- if ( $_POST['previous_page'] ){ $pagelink = $_POST['previous_page']; } else { $pagelink = $page; }
- $query = "SELECT * FROM `phuct_users` WHERE `username` = '{$username}' AND `password` = '{$password}'";
- $DB->query($query);
- $user_row = @mysql_fetch_array($DB->result, MYSQL_ASSOC);
- $id = $user_row['id'];
- // if ( $pre_header == false || !isset($pre_header) ) return;
- if ( $DB->error == NULL && $user_row !== false ){
- if ( $pre_header == true || $pre_header == "1" ){
- setcookie("id", $id);
- setcookie("username", $username);
- setcookie("password", $password);
- return;
- }
- echo "<h2>success!</h2><div align=\"center\">Successfully logged in as {$username}! <br><br> Click <a href=\"?page={$pagelink}\">here</a> to return to ".str_replace("_", " ", $pagelink).".</a></div>";
- } else {
- echo "<h2 class=\"error\">error!</h2><div align=\"center\">Login failed. Please try again.</div>";
- echo $this->user_forms();
- }
- } else {
- echo "<h2 class=\"error\">error!</h2><div align=\"center\">Login failed. Please try again.</div>";
- echo $this->user_forms();
- }
- return;
- } // end send_login();
- }
- $modules = new modules();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement