RE: Login Problem
Yeah. Here it is:
Code:
<?php
// File ID: functions.php
// Purpose: Provides basic sitewide functions
//Connect to the database first
connect();
//This function simply connects us to the database
function connect(){
include("config.php");
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to MySQL');
mysql_select_db($dbname);
}
//This function performs security checks on all incoming form data
function secure($data){
if(is_array($data)){
die("Hacking Attempt!");
}
//MySQL Real Escape String
$data = mysql_real_escape_string($data);
//Strip HTML tags
$data = strip_tags($data, '');
return $data;
}
function getsitecontent($page){
include("config.php");
$query = "SELECT * FROM ".$prefix."content WHERE page = '$page'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$title=@mysql_result($result,$i,"title");
$content=@mysql_result($result,$i,"content");
$title = stripslashes($title);
$content = stripslashes($content);
$i++;
}
$value[content] = $content;
$value[title] = $title;
return $value;
}
//This function replaces template values
function replace($old,$new,$template)
{
$template = str_replace($old, $new, $template);
return $template;
}
function logincheck(){
include("config.php");
//Function to determine if user is logged in.
//Set up our login info...
$username = "";
$password = "";
//Check for cookie
if (isset($_COOKIE['auser']) and isset($_COOKIE['apass'])){
$username = $_COOKIE['auser'];
$password = $_COOKIE['apass'];
$username = preg_replace("/[^a-zA-Z0-9\\040.]/", "", $username);
$username = secure($username);
$password = secure($password);
//Run login operation
$query = "SELECT * FROM ".$prefix."users WHERE username = '$username'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$luser=@mysql_result($result,$i,"username");
$lpass=@mysql_result($result,$i,"password");
$i++;
}
if($username == $luser and $password == $lpass){
$isloggedin = "yes";
}
else{
if (isset($_COOKIE['auser'])){
$past = time() - 10;
setcookie("auser",$username,$past);
}
if (isset($_COOKIE['apass'])){
$past = time() - 10;
setcookie("apass",$password,$past);
}
$isloggedin = "no";
}
}
else
{
//User is not logged in
$isloggedin = "no";
}
//Return our user data
$userdata[loginstatus] = $isloggedin;
$userdata[username] = $username;
return $userdata;
}
function grabanysetting($where){
include("config.php");
$query = "SELECT * FROM ".$prefix."settings WHERE name = '".$where."'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$value=@mysql_result($result,$i,"value");
$value = stripslashes($value);
$i++;
}
return $value;
}
function getlinks(){
include("config.php");
//This function gets the links for the top bar from the database
/*
$links = "<li><a href='index.php'>Home</a></li>
<li><a href='adopt.php'>Adopt</a></li>
<li><a href='myadopts.php'>My Adopts</a></li>
<li><a href='account.php'>My Account</a></li>
<li><a href='messages.php'>Message Center</a></li>
<li><a href='trade.php'>Trade Adopts</a></li>
<li><a href='featured.php'>Popular</a></li>";
*/
// We will be getting our links from the database...
$links = "";
$query = "SELECT * FROM ".$prefix."links ORDER BY id ASC";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < $num) {
$linktext=@mysql_result($result,$i,"linktext");
$linkurl=@mysql_result($result,$i,"linkurl");
$linktext = stripslashes($linktext);
$links = $links." <li><a href='".$linkurl."'>".$linktext."</a></li> ";
$i++;
}
return $links;
}
function getsidebar(){
include("config.php");
//This function determines what shows in the side bar of the template
//This will most likely be either a login prompt, quick account access, or something else
//First we see if we are logged in or not
$loginstatus = logincheck();
$isloggedin = $loginstatus[loginstatus];
$loggedinname = $loginstatus[username];
if($isloggedin == "yes"){
$msgctr = "<a href='messages.php'>Visit Message Center</a><br>";
$query = "SELECT * FROM ".$prefix."messages WHERE touser='".$loggedinname."' and status='unread'";
$result = mysql_query($query);
$num = mysql_numrows($result);
if($num > 0){
$msgctr = "<a href='messages.php'>Visit Message Center <b>(".$num.")</b></a>";
}
$sidebar = "<li><a href='profile.php?user=".$loggedinname."'>Profile</a></li>
<li><a href='account.php?act=changesettings'>Settings</a></li>
<li><a href='account.php'>My Account</a></li>
<li><a href='messages.php'>Private Messages <b>(".$num.")</b></a></li>
<li><a href='profile.php'>Members</a></li>
<li><a href='admin.php'>Admin CP</a></li>
<li><a href='logout.php'>Log Out</a></li>";
}
else{
$sidebar = "<li align='right'><a href='login.php'>Login</a></li><li align='right'><a href='register.php'>Register</a></li><li align='right'><a href='forgotpass.php'>Forgot Password?</a></li>";
}
return $sidebar;
}
function gettopbar(){
include("config.php");
//This function determines what shows in the top bar of the template
//This will most likely be either a login prompt, quick account access, or something else
//First we see if we are logged in or not
$loginstatus = logincheck();
$isloggedin = $loginstatus[loginstatus];
$loggedinname = $loginstatus[username];
if($isloggedin == "yes"){
$msgctr = "<a href='messages.php'>Visit Message Center</a><br>";
$query = "SELECT * FROM ".$prefix."messages WHERE touser='".$loggedinname."' and status='unread'";
$result = mysql_query($query);
$num = mysql_numrows($result);
if($num > 0){
$msgctr = "<a href='messages.php'>Visit Message Center <b>(".$num.")</b></a>";
}
$topbar = "<table cellpadding='0px' cellspacing='0px' width='100%' border='0px' background='http://omploader.org/vMXBvaA'>
<tr>
<td background='http://omploader.org/vMXBvaA'>
Welcome Back <a href='profile.php?user=$loggedinname'>$loggedinname</a>!
</td>
<td>
<center><b>News:</b>Look for more updates!</center>
</td>
<td><div align='right'>
<a href='profile.php?user=$loggedinname'><img src='http://i39.tinypic.com/10d9pah.jpg' border='0px solid #777777'></a>
<a href='myadopts.php'><img src='http://nsider.com/forums/style_images/rank_prefixes/Pokeball.png' border='0'></a>
<a href='account.php?act=changesettings'><img src='http://i43.tinypic.com/34t1tah.png' border='0'></a>
<a href='messages.php'><img src='http://i39.tinypic.com/293yjwy.png' border='0'></a>
<a href='adopt.php'><img src='http://i40.tinypic.com/2501bi9.png' border='0'></a>
<a href='promo.php'><img src='http://i40.tinypic.com/6em70g.png' border='0' alt='Enter Promo Code'></a>
<a href='profile.php'><img src='http://i43.tinypic.com/2h2l9fk.jpg' border='0'></a>
<a href='logout.php'><img src='http://i43.tinypic.com/25ujqzs.png' border='0'></a></div>
</td>
<td width='7%'>
<div id='itronclock' align='right'></div>
</td>
</tr>
</table>";
}
else{
$topbar = "<table cellpadding='0px' cellspacing='0px' width='100%' border='0px' background='http://omploader.org/vMXBvaA'>
<tr>
<td background='http://omploader.org/vMXBvaA'>
Welcome guest! <a href='login.php'>login</a> <a href='register.php'>register</a> <a href='forgotpass.php'>forgot your password?</a>
</td>
<td><div align='right'>
<a href='login.php'><img src='http://i43.tinypic.com/voa1br.png' border='0'></a>
<a href='register.php'><img src='http://i43.tinypic.com/91fcs3.png' border='0'></a>
<a href='forgotpass.php'><img src='http://i44.tinypic.com/2igyo2x.png' border='0'></a></div>
</td>
</tr>
</table>";
}
return $topbar;
}
function dologin($username, $password){
//This function logs a user in...
include("config.php");
$query = "SELECT * FROM ".$prefix."users WHERE username = '$username'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$luser=@mysql_result($result,$i,"username");
$lpass=@mysql_result($result,$i,"password");
$i++;
}
if($username == $luser and $password == $lpass){
$status = "success";
//If the cookie already exists for some reason, delete it
if (isset($_COOKIE['auser']) and isset($_COOKIE['apass'])){
$past = time() - 10;
setcookie("auser",$username,$past);
setcookie("apass",$password,$past);
}
// Set the cookie
$Month = 2592000 + time();
setcookie("auser",$username,$Month);
setcookie("apass",$password,$Month);
}
else{
$status = "error";
}
return $status;
}
function getgroup(){
//This function gets the numerical usergroup ID of a user, or returns 0 if is a guest
include("config.php");
$loginstatus = logincheck();
$isloggedin = $loginstatus[loginstatus];
$loggedinname = $loginstatus[username];
if($isloggedin == "yes"){
$query = "SELECT * FROM ".$prefix."users WHERE username = '$loggedinname'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$group=@mysql_result($result,$i,"usergroup");
$i++;
}
return $group;
}
else{
return 0;
}
}
function cancp($usergroup){
include("config.php");
//This function determines if a usergroup is allowed to access the Admin CP
$query = "SELECT * FROM ".$prefix."groups WHERE gid = '$usergroup'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$cancp=@mysql_result($result,$i,"cancp");
$i++;
}
if($cancp == "" or $usergroup == 0){
$cancp = "no";
}
return $cancp;
}
function getadmlinks(){
include("config.php");
//This function shows special links to the site admin
$links = "<li><a href='index.php'>Home</a></li>
<li><a href='admin.php?set=adopts'>Change Adoptables</a></li>
<li><a href='admin.php?set=content'>Change Content</a></li>
<li><a href='admin.php?set=users'>Change Users</a></li>
<li><a href='admin.php?set=settings'>Site Settings</a></li>
<li><a href='admin.php?set=ads'>Manage Ads</a></li>";
return $links;
}
function cando($usergroup, $do){
include("config.php");
//This function determines if a usergroup is allowed to do a specific task
$query = "SELECT * FROM ".$prefix."groups WHERE gid = '$usergroup'";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$cando=@mysql_result($result,$i,$do);
$i++;
}
if($cando == "" or $usergroup == 0){
$cando = "no";
}
return $cando;
}
function canadopt($aid, $cond, $promocode){
include("config.php");
// This function determines if a user can adopt a specific adoptable...
$canadopt = "yes"; // The default status is that we CAN adopt, unless proven false...
// The first thing we check is that we are logged in
$loginstatus = logincheck();
$isloggedin = $loginstatus[loginstatus];
$loggedinname = $loginstatus[username];
if($isloggedin != "yes" and $cond != "showing"){
$canadopt = "no";
}
// Now we check if our usergroup has permission to adopt the adoptable...
$group = getgroup();
$dbcanadpt = cando($group, "canadopt");
if($dbcanadpt != "yes" and $cond != "showing"){
$canadopt = "no";
}
// We need to pull a lot of junk from the database for these next few checks
$query = "SELECT * FROM ".$prefix."adoptables WHERE id='$aid'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$whenisavail=@mysql_result($result,$i,"whenisavail");
$correctpromocode=@mysql_result($result,$i,"promocode");
$freqcond=@mysql_result($result,$i,"freqcond");
$number=@mysql_result($result,$i,"number");
$date=@mysql_result($result,$i,"date");
$datecond=@mysql_result($result,$i,"datecond");
$adoptscond=@mysql_result($result,$i,"adoptscond");
$morethannumberen=@mysql_result($result,$i,"moreless");
$morethannumber=@mysql_result($result,$i,"morelessnum");
$usergroupsen=@mysql_result($result,$i,"levelgrle");
$usergroupid=@mysql_result($result,$i,"grlelevel");
$type=@mysql_result($result,$i,"type");
$i++;
}
// Now we check if the adoptable requires a promo code and if the promo code submitted is correct...
if($whenisavail == "promo" and $promocode != $correctpromocode){
// A promo code is required but the submitted promo code is not the correct code
$canadopt = "no";
}
// Now we check those three conditions we have in the Admin CP
// If ANY of them fails, this check fails!
if($whenisavail == "conditions"){
// If we have a restriction on the number of times this can be adopted...
if($freqcond == "enabled"){
// We have a frequency based condition
// Select from the database and determine how many times this adoptable type has been adopted
$num = 0;
$query = "SELECT * FROM ".$prefix."owned_adoptables WHERE type='$type'";
$result = mysql_query($query);
$num = mysql_numrows($result);
if($num > $number){
// Not Available
$canadopt = "no";
}
} // End the frequency condition IF statement
// Begin the date restriction check
$today = date('Y-m-d');
if($datecond == "enabled" and $date != $today){
$canadopt = "no";
}
// We are checking to see how many of this adoptable a user owns
// If they own more than the specifed number, they cannot adopt...
if($morethannumberen == "enabled"){
$num = 0;
$query = "SELECT * FROM ".$prefix."owned_adoptables WHERE owner='$loggedinname' and type='$type'";
$result = mysql_query($query);
$num = mysql_numrows($result);
if($num > $morethannumber){
$canadopt = "no";
}
} // End morethannumberen check
// Check if the user is of a specified usergroup...
if($usergroupsen == "enabled"){
$ourgid = getgroup();
// If the two numbers do not match, do not allow the adoption...
if($ourgid != $usergroupid){
$canadopt = "no";
}
}
} // End the is there conditions if statement
return $canadopt;
}
function getaltstatus($parentid, $childid, $childlevel){
include("config.php");
// This function determines if we will use alternate images...
// All this does is give us a yes or no
// This does NOT actually assign the alternate images in the DB.....
$altstatus = "no";
$run = "no";
// First we need to see if this adoptable type has alternate images enabled...
$query = "SELECT * FROM ".$prefix."adoptables WHERE id='$parentid'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$alternates=@mysql_result($result,$i,"alternates");
$altoutlevel=@mysql_result($result,$i,"altoutlevel");
$altchance=@mysql_result($result,$i,"altchance");
$i++;
}
// If alternate images are enabled, we must run some checks to see if we use them...
if($alternates == "enabled"){
// Let's see if the level we are on is the level that requires alternates
// If we're not on a level that requires to check alternates, why bother?
if($childlevel == $altoutlevel){
$run = "yes";
}
}
if($run == "yes"){
// This is where we actually determine if we use alternate images...
$randnum = rand(1, $altchance);
if($randnum == 1){
$altstatus = "yes"; // If we pull a 1 as the random number, we use the alternate images :)
}
}
return $altstatus;
}
function getcurrentimage($id){
// This function determines which image we should use for a given adoptable...
include("config.php"); // This is so we can use the table prefix
$image = "";
// First we select the adoptable from the database and get some basic information...
$query = "SELECT * FROM ".$prefix."owned_adoptables WHERE aid='$id'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$type=@mysql_result($result,$i,"type");
$currentlevel=@mysql_result($result,$i,"currentlevel");
$imageurl=@mysql_result($result,$i,"imageurl");
$usealternates=@mysql_result($result,$i,"usealternates");
$i++;
}
if($imageurl != ""){
// If we are using a custom image for this adoptable, use that
$image = $imageurl;
}
else{
// We have to dig this up ourselves...
// Check if we are using an egg image or a level image...
if($currentlevel == 0 or $currentlevel == "0"){
// Let's see what the egg image is...
$query = "SELECT * FROM ".$prefix."adoptables WHERE type='$type'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$eggimage=@mysql_result($result,$i,"eggimage");
$i++;
}
$image = $eggimage; // Set the image URL equal to the egg image...
}
else{
// We have to find out what level we are using...
// Then we can choose the appropriate image for what we are using...
$query = "SELECT * FROM ".$prefix."levels WHERE adoptiename='$type' and thisislevel='$currentlevel'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$primaryimage=@mysql_result($result,$i,"primaryimage");
$alternateimage=@mysql_result($result,$i,"alternateimage");
$i++;
}
// If alternate images are enabled and an alternate image exists, use it
if($usealternates == "yes" and $alternateimage != ""){
$image = $alternateimage; // Use the alternate image
}
else{
$image = $primaryimage; // Set the image equal to the primary image for the level
}
}
}
if($type == "" or $image == ""){
// We did not settle on an image, so we show an error image...
$image = "http://www.".$domain."".$scriptpath."/templates/icons/delete.gif";
}
return $image;
}
function getcurrentlevel($id){
// This function gets the current level of an adoptable...
include("config.php");
$query = "SELECT * FROM ".$prefix."owned_adoptables WHERE aid='$id'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$currentlevel=@mysql_result($result,$i,"currentlevel");
$i++;
}
if($currentlevel == ""){
$currentlevel = "error"; // If the adoptable does not have a current level or does not exist, we return an error...
}
// Return the level
return $currentlevel;
}
function getnextlevelexists($type, $currentlevel){
include("config.php");
// This function determines if a higher level exists for an adopt, or if it is at max level.
$query = "SELECT * FROM ".$prefix."levels WHERE adoptiename='$type' and thisislevel > '$currentlevel'";
$result = mysql_query($query);
$num = mysql_numrows($result);
$exists = "false";
if($num > 0){
$exists = "true"; // A higher level exists
}
return $exists;
}
function convertidtotype($id){
// This function takes in an adoptable's ID and returns the type of adoptable it is...
include("config.php");
$query = "SELECT * FROM ".$prefix."owned_adoptables WHERE aid='$id'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$type=@mysql_result($result,$i,"type");
$i++;
}
if($type == ""){
$type = "error";
}
return $type;
}
function converttypetoparentid($type){
// This function takes in an adoptable type and returns the ID of the parent
include("config.php");
$query = "SELECT * FROM ".$prefix."adoptables WHERE type='$type'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$id=@mysql_result($result,$i,"id");
$i++;
}
if($id == ""){
$id = "error";
}
return $id;
}
function reward($id, $type, $currentlevel, $owner){
include("config.php");
// This function determines if we are giving the user a reward or not...
$query = "SELECT * FROM ".$prefix."levels WHERE adoptiename='$type' and thisislevel='$currentlevel'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$rewarduser=@mysql_result($result,$i,"rewarduser");
$promocode=@mysql_result($result,$i,"promocode");
$i++;
}
if($rewarduser == "yes" and $promocode != ""){
// We are sending out a reward...
$mtitle = "You have received a reward!";
$mtext = "Congratulations! You have received a reward because one of your adoptables leveled up and the site admin has chosen to reward you for this.<br><br>
<b><u>Your reward is the following promo code:</u></b> ".$promocode."<br><br>
You may use this promo code on the <a href='promo.php?promocode=".$promocode."'>Promo Code Page</a> to receive a special exclusive or limited edition adoptable!<br><br>
Congratulations on your reward!";
$mtext = mysql_real_escape_string($mtext);
$date = date('Y-m-d');
$query = "INSERT INTO ".$prefix."messages VALUES ('', 'SYSTEM', '$owner','unread','$date','$mtitle', '$mtext')";
mysql_query($query);
// Now we check if we are sending out an email to the user alerting them of the message...
$query = "SELECT * FROM ".$prefix."users WHERE username='".$owner."'";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < 1) {
$newmessagenotify=@mysql_result($result,$i,"newmessagenotify");
$email=@mysql_result($result,$i,"email");
$i++;
}
if($newmessagenotify == 1){
// We are sending this user an email about the new message...
$systememail = grabanysetting("systememail");
$headers = "From: ".$systememail."";
$site_name = grabanysetting("sitename");
$message = "Hello ".$owner.";\n\nYou have received a new Private Message from SYSTEM at ".$site_name." with the title ".$mtitle.".\n
You can read this message at: http://www.".$domain."".$scriptpath."/messages.php\n
Thank You. The ".$site_name." team.";
mail($email, $site_name." - You Have Received a Reward", $message, $headers);
}
}
return $rewardstatus;
}
function getadmimages(){
include("config.php");
$formcontent = "";
$query = "SELECT * FROM ".$prefix."filesmap";
$result = mysql_query($query);
$num = mysql_numrows($result);
//Loop out code
$i=0;
while ($i < $num) {
$wwwpath=@mysql_result($result,$i,"wwwpath");
$friendlyname=@mysql_result($result,$i,"friendlyname");
$formcontent = $formcontent."<option value='".$wwwpath."'>".$friendlyname."</option>";
$i++;
}
return $formcontent;
}
function deleteuser($user){
include("config.php");
//This function deletes a user from the system...
$user = secure($user);
$query = "DELETE FROM ".$prefix."users WHERE username = '".$user."'";
$result = mysql_query($query);
$query = "DELETE FROM ".$prefix."owned_adoptables WHERE owner = '".$user."'";
$result = mysql_query($query);
}
function getads($page){
// Function to display site advertisements
include("config.php");
if($page == "any"){
$page = "";
}
$query = "SELECT * FROM ".$prefix."ads WHERE page = '".$page."' and status = 'active' ORDER BY RAND() LIMIT 1";
$result = @mysql_query($query);
$num = @mysql_numrows($result);
if($num > 0){
//Loop out code
$i=0;
while ($i < 1) {
$value=@mysql_result($result,$i,"text");
$value = stripslashes($value);
$aid=@mysql_result($result,$i,"id");
$actualimpressions=@mysql_result($result,$i,"actualimpressions");
$impressions=@mysql_result($result,$i,"impressions");
$i++;
}
if($impressions == ""){
$impressions = 0;
}
$actualimpressions = $actualimpressions + 1;
//Update the impressions count
$query = "UPDATE ".$prefix."ads SET actualimpressions='".$actualimpressions."' WHERE id='".$aid."'";
mysql_query($query);
//Check that ad is not over max impressions...
if ($actualimpressions >= $impressions and $impressions != 0){
$query = "UPDATE ".$prefix."ads SET status='inactive' WHERE id='".$aid."'";
mysql_query($query);
}
}
else{
$value = "";
}
return $value;
}
?>
|
