+
+}
+
+function validateAccount($uname, $email) {
+
+ ### Verify username and e-mail address:
+ if ((!$email) || ($email=="") || (strrpos($uname,' ') > 0) || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $email))) $rval = "the specified e-mail address is not valid. ";
+ if ((!$uname) || ($uname=="") || (ereg("[^a-zA-Z0-9_-]",$uname))) $rval = "the specified username '$uname' is not valid. ";
+ if ((strlen($uname) > 15) || (strrpos($uname,' ') > 0)) $rval = "the specified username is too long: it must be less than 15 characters.";
+ if (eregi("^((root)|(httpd)|(operator)|(admin)|(administrator)|(news)|(deamon)|(nobody)|(ftp))$", $uname)) $rval = "the specified username is reserved.";
+
+ ### Verify whether username and e-mail address are uniqua:
+ dbconnect();
+ if (mysql_num_rows(mysql_query("select uname from users where uname='$uname'")) > 0) $rval = "the specified username is already taken.";
+ if (mysql_num_rows(mysql_query("select email from users where email='$email'")) > 0) $rval = "the specified e-mail address is already registered.";
+ return($rval);
+}
+
+function generatePassword($dictionary = "password.dict", $min_length = 6, $max_length = 9) {
+ mt_srand((double)microtime()*1000000);
+ $fp=fopen($dictionary, "r");
+ $size=filesize($dictionary);
+
+ while(strlen($password) < $min_length) {
+ ### Move to a random spot in the file:
+ fseek($fp,mt_rand(0,$size-8));
+ ### Finish off the current word:
+ fgets($fp,4096);
+ $word=trim(fgets($fp,4096));
+ if((strlen($word) + strlen($password)) <= $max_length) $password.=$word;
+ }
+ fclose($fp);
+ return $password;
+}
+
+function confirmNewUser($uname, $email) {
+ include "functions.inc";
+ include "theme.inc";
+ $theme->header();
+
+ if ($error = validateAccount($uname, $email)) {
+ print "Error: $error";
+ }
+ else {
+ ### Display account information:
+ print "Account information:
username: $uname
e-mail address: $email
";
+ ?>
+
+
+ }
+ $theme->footer();
+}
+
+function finishNewUser($uname, $email) {
+ include "functions.inc";
+ include "theme.inc";
+ $theme->header();
+
+ dbconnect();
+
+ $pass = generatePassword();
+ $result = mysql_query("insert into users values (NULL,'','$uname','$email','','','$pass',10,'',0,0,0,'',0,'','','$commentlimit')");
+
+ if (!$result) {
+ echo mysql_errno(). ": ".mysql_error(). " ";
+ }
+ else {
+ if ($system == 1) {
+ echo "Your password is: $pass ";
+ echo "Login to change your personal settings.";
+ } else {
+ $message = "Your $sitename member account has been created succesfully. To be able to use it you must login using the information below. Please save this mail for further reference.\n\n username: $uname\n e-mail: $email\n password: $pass\n\nThis password is generated by a randomizer. It is recommended that you change this password immediately.\n\n$contact_signature";
+ $subject="Account details for $sitename";
+ mail($email, $subject, $message, "From: $contact_email\nX-Mailer: PHP/" . phpversion());
+ echo "Your member account has been created and the details necessary to login have been sent to your e-mail account $email. Once you received the account confirmation, hit this link to login.";
+ }
+ }
+ $theme->footer();
+}
+
+
+function userinfo($uname) {
+ global $user, $cookie;
+
+ $result = mysql_query("SELECT femail, url, bio, signature FROM users WHERE uname = '$uname'");
+ $userinfo = mysql_fetch_array($result);
+
+
+ cookiedecode($user);
+
+ include "theme.inc";
+ $theme->header();
+
+ if ($uname == $cookie[1]) {
+ print "
Welcome $uname! This is your user info page. There are many more, but this one is yours. You are probably most interested in editing something, but if you need to kill some time, this place is as good as any other place.
\n";
+ ### Signature:
+ if ($userinfo[bio]) print "
Signature:
". nl2br($userinfo[signature]) ."
\n";
+ else print "
Signature:
not available
\n";
+ print "
";
+ } else {
+ echo "
No information available for $uname.
";
+ }
+ $theme->footer();
+}
+
+function main($user) {
+ global $fail;
+ if(!isset($user)) {
+ include "config.inc";
+ include "functions.inc";
+ include "theme.inc";
+ $theme->header();
+ ?>
+
+ if ($fail) print "
";
+ ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Logging in will allow you to post comments as yourself. If you don't login, you will only be able to post as .
+
+
+
+ footer();
+ }
+ elseif(isset($user)) {
+ global $cookie;
+ include "functions.inc";
+ cookiedecode($user);
+ dbconnect();
+ userinfo($cookie[1]);
+ }
+}
+
+function logout() {
+ setcookie("user");
+ include "functions.inc";
+ include "theme.inc";
+ $theme->header();
+ ?>
+
+
You are now logged out!
+
You have been logged out of the system. Since authentication details are stored by using cookies, logging out is only necessary to prevent those who have access to your computer from abusing your account.
+
+ $theme->footer();
+}
+
+function mailPassword($uname) {
+ include "functions.inc";
+ dbconnect();
+ $result = mysql_query("select pass, email from users where uname = '$uname'");
+ if(!$account = mysql_fetch_object($result)) {
+ echo "Sorry, no corresponding account information was found.";
+ } else {
+ $message = "$uname,\n\n\na visitor from ".getenv("REMOTE_ADDR")." (most probably you) has just requested the password associated with the e-mail address '$account->email', to be sent. The password is '$account->pass' (without the quotes).\n\nIf you didn't ask for this, don't get your panties all in a knot. You are seeing this message, not 'them'. So if you can't be trusted with your own password, we might have an issue, otherwise, you can just disregard this message.\n\n\n$contact_signature";
+ $subject="[$sitename] password for $account->uname";
+ mail($account->email, $subject, $message, "From: $contact_email\nX-Mailer: PHP/" . phpversion());
+ $titlebar = "You password has been sent.";
+ include "theme.inc";
+ $theme->header();
+ print "The requested password has been sent to the e-mail account associated with the username '$uname'.";
+ $theme->footer();
+ }
+}
+
+function docookie($setuid, $setuname, $setpass, $setstorynum, $setumode, $setuorder, $setthold, $setnoscore, $setublockon, $settheme) {
+ $info = base64_encode("$setuid:$setuname:$setpass:$setstorynum:$setumode:$setuorder:$setthold:$setnoscore:$setublockon:$settheme");
+ setcookie("user","$info", time() + 15552000); // 6 month = 15552000
+}
+
+function login($uname, $pass) {
+ global $setinfo;
+ include "functions.inc";
+ dbconnect();
+ $result = mysql_query("select uid, storynum, umode, uorder, thold, noscore, ublockon, theme, signature FROM users WHERE uname = '$uname' AND pass = '$pass'");
+ if (mysql_num_rows($result) == 1) {
+ $setinfo = mysql_fetch_array($result);
+ docookie($setinfo[uid], $uname, $pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore], $setinfo[ublockon], $setinfo[theme]);
+ Header("Location: account.php?op=userinfo&uname=$uname");
+ } else {
+ Header("Location: account.php?fail=1");
+ }
+}
+
+function user_edit_info() {
+ include "functions.inc";
+ global $user, $userinfo;
+ getusrinfo($user);
+
+ include "theme.inc";
+ $theme->header();
+ ?>
+
+
+
+ footer();
+}
+
+function user_save_info($uid, $name, $uname, $email, $femail, $url, $pass, $vpass, $bio) {
+ global $user, $cookie, $userinfo;
+ include "functions.inc";
+ if ((isset($pass)) && ("$pass" != "$vpass")) {
+ echo "The verification password is not the same as the first password.";
+ }
+ elseif (($pass != "") && (strlen($pass) < $minpass)) {
+ echo "Sorry, your password must be at least $minpass charachters long.";
+ }
+ else {
+ if ($bio) {
+ $bio = FixQuotes($bio);
+ }
+ if ($pass != "") {
+ dbconnect();
+ cookiedecode($user);
+ mysql_query("UPDATE users SET name = '$name', email = '$email', femail = '$femail', url = '$url', pass = '$pass', bio = '$bio' WHERE uid = $uid");
+ $result = mysql_query("SELECT uid, uname, pass, storynum, umode, uorder, thold, noscore, ublockon, theme from users where uname='$uname' and pass='$pass'");
+ $userinfo = mysql_fetch_array($result);
+ docookie($userinfo[uid],$userinfo[uname],$userinfo[pass],$userinfo[storynum],$userinfo[umode],$userinfo[uorder],$userinfo[thold],$userinfo[noscore],$userinfo[ublockon],$userinfo[theme]);
+ }
+ else {
+ dbconnect();
+ mysql_query("UPDATE users SET name = '$name', email = '$email', femail = '$femail', url = '$url', bio = '$bio' WHERE uid=$uid");
+ }
+ }
+}
+
+function user_edit_home() {
+ include "functions.inc";
+ global $user, $userinfo;
+ getusrinfo($user);
+ include "theme.inc";
+ $theme->header();
+
+ ?>
+
+ footer();
+}
+
+function user_save_home($uid, $uname, $storynum, $theme, $ublockon, $ublock) {
+ global $user, $userinfo;
+ include "functions.inc";
+ dbconnect();
+ if(isset($ublockon)) $ublockon=1; else $ublockon=0;
+ $ublock = FixQuotes($ublock);
+ mysql_query("LOCK TABLES users WRITE");
+ mysql_query("update users set storynum='$storynum', ublockon='$ublockon', ublock='$ublock', theme='$theme' where uid=$uid");
+ getusrinfo($user);
+ mysql_query("UNLOCK TABLES");
+ docookie($userinfo[uid],$userinfo[uname],$userinfo[pass],$userinfo[storynum],$userinfo[umode],$userinfo[uorder],$userinfo[thold],$userinfo[noscore],$userinfo[ublockon],$userinfo[theme]);
+ Header("Location: account.php?theme=$theme");
+}
+
+function user_edit_comm() {
+ include "functions.inc";
+ global $user, $userinfo;
+ getusrinfo($user);
+
+ include "theme.inc";
+ $theme->header();
+ ?>
+
+
+ footer();
+}
+
+function user_save_comm($uid, $uname, $umode, $uorder, $thold, $noscore, $signature) {
+ global $user, $userinfo;
+ include "functions.inc";
+ dbconnect();
+ if(isset($noscore)) $noscore = 1; else $noscore = 0;
+ mysql_query("LOCK TABLES users WRITE");
+// print "UPDATE users SET umode = '$umode', uorder = '$uorder', thold = '$thold', noscore = '$noscore', signature = '$signature' WHERE uid = $uid ";
+ mysql_query("UPDATE users SET umode = '$umode', uorder = '$uorder', thold = '$thold', noscore = '$noscore', signature = '$signature' WHERE uid = $uid");
+ getusrinfo($user);
+ mysql_query("UNLOCK TABLES");
+ docookie($userinfo[uid],$userinfo[uname],$userinfo[pass],$userinfo[storynum],$userinfo[umode],$userinfo[uorder],$userinfo[thold],$userinfo[noscore],$userinfo[ublockon],$userinfo[theme]);
+ Header("Location: account.php");
+}
+
+switch($op) {
+ case "logout":
+ logout();
+ break;
+ case "lost_pass":
+ lost_pass();
+ break;
+ case "Sign up":
+ confirmNewUser($uname, $email);
+ break;
+ case "Create account":
+ finishNewUser($uname, $email);
+ break;
+ case "Mail password":
+ mailPassword($uname);
+ break;
+ case "userinfo":
+ include "functions.inc";
+ dbconnect();
+ userinfo($uname);
+ break;
+ case "Login":
+ login($uname, $pass);
+ break;
+ case "dummy":
+ // this is needed to give the cookie a chance to digest
+ include "config.inc";
+ header("Location: account.php");
+ break;
+ case "edituser":
+ user_edit_info();
+ break;
+ case "Save user information":
+ user_save_info($uid, $name, $uname, $email, $femail, $url, $pass, $vpass, $bio);
+ userinfo($uname);
+ break;
+ case "edithome":
+ user_edit_home();
+ break;
+ case "Save homepage settings":
+ user_save_home($uid, $uname, $storynum, $theme, $ublockon, $ublock);
+ userinfo($uname);
+ break;
+ case "editcomm":
+ user_edit_comm();
+ break;
+ case "Save comments settings":
+ user_save_comm($uid, $uname, $umode, $uorder, $thold, $noscore, $signature);
+ userinfo($uname);
+ break;
+ default:
+ main($user);
+ break;
+}
+?>
\ No newline at end of file
diff --git a/admin.php b/admin.php
new file mode 100644
index 0000000000000000000000000000000000000000..1993c14aa4c93a9e69254b7b83c286361888623e
--- /dev/null
+++ b/admin.php
@@ -0,0 +1,798 @@
+header();
+ $theme->box("Login", "");
+ $theme->footer();
+}
+
+function logout() {
+ setcookie("admin");
+
+ include "theme.inc";
+ $theme->header();
+ ?>
+
+
You are now logged out!
+
You have been logged out of the system. Since authentication details are stored by using cookies, logging out is only necessary to prevent those who have access to your computer from abusing your account.