/inc.php
PHP | 461 lines | 339 code | 89 blank | 33 comment | 52 complexity | e9fb0e6213d6274270afe9ed86f60e22 MD5 | raw file
- <?php
- /***************************************************************************
- *
- * Author : Russell Barnard
- * Version : 1.0.0
- * Copyright: (C) 2011 Russell Barnard
- * Email : russell.j.barnard@gmail.com
- *
- ***************************************************************************/
- function mail_register($too, $Subject, $mess, $fromn, $from){
- $to = $too;
- $subject = $Subject;
- $message = $mess;
- $headers = 'MIME-Version: 1.0' . "\r\n";
- $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
- $headers .= 'To: '.$too.' <'.$too.'>' . "\r\n";
- $headers .= 'From: '.$fromn.' <'.$from.'>' . "\r\n";
- if (empty($too) || empty($Subject) || empty($from) || empty($mess)){
- echo 'Please check you completed all fields!';
- }else{
- $didsend = mail($to, $subject, $message, $headers);
-
- if($didsend){
- echo'Email Sent';
- }else{
- echo 'Email Error';
- }
- }
- }
- /***************************************************************************/
- class dbConnect
- {
- /*SET THESE AND BEGIN*/
- var $server = "localhost";
- var $conn_username = "username";
- var $conn_password = "password";
- var $database_name = "db_name";
- var $connection;
- var $select;
- /***************************************************************************/
- function connect()
- {
- $this->connection = mysql_connect($this->server,$this->conn_username,$this->conn_password);
- $select = mysql_select_db($this->database_name,$this->connection);
- }
- /***************************************************************************/
- function register($username, $email, $password, $redirect)
- {
- $imiquery = mysql_query("SELECT * FROM `members` WHERE `username` = '".mysql_real_escape_string($username)."'");
- $takenyet=mysql_num_rows($imiquery);
-
- if($takenyet != "0"){ $tk = "1";}
- $errormessage;
- if (empty($username) || empty($email) || empty($password) || $tk == "1" ) {
-
- $error = true;
-
- if(empty($username)){ $errormessage .= '<li>Please Enter a Username.</li>';}
- if(empty($email)){ $errormessage .= '<li>Please Enter an Email Address.</li>';}
- if(empty($password)){ $errormessage .= '<li>Please Enter a Password.</li>';}
- if($tk == "1"){$errormessage .= '<li>That Username Has Been Taken.</li>';}
-
- echo '<div class="error">We seem to have a problem!
- <ul>';
-
- echo $errormessage;
-
- echo '</ul></div>';
-
- }else{
- if(!$error){
-
- $salt = sha1(md5($password));
- $passwordi = md5($salt . $password . $salt);
- $sql = "INSERT INTO
- `members`
- (`username`, `email`, `password`)
- VALUES
- ('".mysql_real_escape_string($username)."', '".mysql_real_escape_string($email)."', '".$passwordi."')";
- }
- $result = mysql_query($sql);
- $mess = "<h1>Hello, ".$username."</h1>
- <p>Your username and password are displayed below for you safe storage.</p>
- <p><strong>Username:</strong> <em>".$email."</em><br />
- <strong>Password:</strong> <em>".$password."</em></p>
- Regards";
- if($result){
- mail_register($email, "Registration - ".$username, $mess, "Registration", "Email Here");
- }
- if(!$result){
- echo '<div class="error">Something went wrong while registering. Please try again later.'; echo '<p>'.mysql_error().'</p></div>';
- }else{
- echo '<script type="text/javascript">
- window.location = "'.$redirect.'"
- </script>';
- }
-
- }
- }
- /***************************************************************************/
- function login($username, $password, $redirect)
- {
- $salt = sha1(md5($password));
- $password = md5($salt . $password . $salt);
- $sql = "SELECT
- `id`, `username`, `email`
- FROM
- `members`
- WHERE
- `username` = '".mysql_real_escape_string($username)."'
- AND
- `password` = '".$password."'";
-
- $result = mysql_query($sql);
- if(!$result){
- echo '<div class="error">Something went wrong while signing in. Please try again later.</h3>';
- }else{
-
- if(mysql_num_rows($result) == 0){
- echo '<div class="error">You have supplied a wrong user/password combination. Please try again.</div>';
- }else{
-
- $_SESSION['signed_in'] = true;
-
- while($row = mysql_fetch_assoc($result)){
-
- $_SESSION['id'] = $row['id'];
- $_SESSION['username'] = $row['username'];
- $_SESSION['email'] = $row['email'];
- $_SESSION['logged_time'] = time();
- }
-
- echo '<script type="text/javascript">
- window.location = "'.$redirect.'"
- </script>';
- }
- }
- }
- /***************************************************************************/
- function logout($redirect){
- $_SESSION['signed_in'] = NULL;
- $_SESSION['id'] = NULL;
- $_SESSION['username'] = NULL;
- $_SESSION['email'] = NULL;
- session_unset();
- session_destroy();
-
- echo '<script type="text/javascript">
- window.location = "'.$redirect.'"
- </script>';
- }
- /***************************************************************************/
- function totals(){
- $sql = "SELECT * FROM `uploads`";
- $result = mysql_query($sql);
- $totalUp = mysql_num_rows($result);
-
- $sqlu = "SELECT * FROM `members`";
- $resultu = mysql_query($sqlu);
- $totalUs = mysql_num_rows($resultu);
-
- echo '<h2>Total Users: '.$totalUs.' Total Uploads: '.$totalUp.'</h2>';
- }
- /***************************************************************************/
- function profile(){
- $sql = "SELECT
- *FROM `members` WHERE `id` = '".$_SESSION['id']."'";
- $result = mysql_query($sql);
- while($row = mysql_fetch_assoc($result)){
-
- echo '<p>
- <ul>
- <li>Full Name: '.$row['name'].'</li>
- <li>Username: '.$row['username'].'</li>
- <li>Email: '.$row['email'].'</li>
- </ul></p>';
-
- }
- }
- /***************************************************************************/
- function messages(){
- $sql = "SELECT DISTINCT `from` FROM `messages` WHERE `to` = '".$_SESSION['id']."' OR `from` = '".$_SESSION['id']."'";
- $result = mysql_query($sql);
-
- echo '<p>Messages</p>';
-
- while($row = mysql_fetch_assoc($result)){
-
- $s = "SELECT * FROM `members` WHERE `id` = '".$row['from']."'";
- $res = mysql_query($s);
- while($r = mysql_fetch_assoc($res)){
-
- echo '<p>
- <a href="?page=message&from='.$row['from'].'">'.$r['username'].'</a>
- </p>';
- }
-
- }
- }
- /***************************************************************************/
- function message($from){
- $sent = "SELECT * FROM `messages` WHERE `from` = '".$_SESSION['id']."' AND `to` = '".$from."' ORDER BY `date` DESC";
- $recived = "SELECT * FROM `messages` WHERE `to` = '".$_SESSION['id']."' AND `from` = '".$from."' ORDER BY `date` DESC";
- $r_sent = mysql_query($sent);
- $r_recived = mysql_query($recived);
- echo '<p>Messages</p>';
-
- $sentLine;
- while($row = mysql_fetch_assoc($r_sent)){
-
- $s = "SELECT * FROM `members` WHERE `id` = '".$row['from']."'";
- $res = mysql_query($s);
- while($r = mysql_fetch_assoc($res)){
-
- $sentLine .= '<p>
- Sent: '.date('d/m/y : H:i:s', strtotime($row['date'])).' - From: '.$r['username'].'
- <br />
- '.$row['message'].'
- </p>';
- }
- }
- $recLine;
- while($row = mysql_fetch_assoc($r_recived)){
-
- $s = "SELECT * FROM `members` WHERE `id` = '".$row['from']."'";
- $res = mysql_query($s);
- while($r = mysql_fetch_assoc($res)){
-
- $recLine .= '<p>
- Sent: '.date('d/m/y : H:i:s', strtotime($row['date'])).' - From: '.$r['username'].'
- <br />
- '.$row['message'].'
- </p>';
- }
- }
-
- echo '<div style="display:inline; float:left; border:1px dotted; margin:3px; padding:3px;">Recived: '.$recLine.'</div>';
- echo '<div style="display:inline; float:left; border:1px dotted; margin:3px; padding:3px;">Sent: '.$sentLine.'</div>';
-
- echo '<p style="clear:both">Reply:
- <br />
- <form method="post" action="?page=newmessage">
- <input type="hidden" name="to" value="'.$from.'" />
- <textarea name="message"></textarea>
- <br />
- <input type="submit" value="Send" />
- </p>';
- }
- /***************************************************************************/
- function newmessage(){
- if($_SERVER['REQUEST_METHOD'] == "POST") {
- $sql = "INSERT INTO `messages`(`to`, `from`, `message`) VALUES ('".$_POST['to']."', '".$_SESSION['id']."', '".$_POST['message']."')";
- $result = mysql_query($sql);
-
-
- if($result){
- echo '<p>Message Sent</p>';
- }else{
- echo $result;
- echo '<p>Error Sending Message</p>';
- }
-
- echo '<p>View <a href="?page=message&from='.$_POST['to'].'">Message</a></p>';
- }
-
- echo '<p>
- Send Message
- <br />
- <form method="post" action="?page=newmessage">
- <select name="to">';
-
- $s = "SELECT * FROM `members`";
- $res = mysql_query($s);
- while($r = mysql_fetch_assoc($res)){
- echo '<option value="'.$r['id'].'">'.$r['username'].'</option>';
- }
- echo '</select>
- <br />
- <textarea name="message"></textarea>
- <br />
- <input type="submit" value="Send" />
- </p>';
- }
- /***************************************************************************/
- function profileform(){
- $sql = "SELECT
- * FROM `members` WHERE `id` = '".$_SESSION['id']."'";
- $result = mysql_query($sql);
- while($row = mysql_fetch_assoc($result)){
-
- echo '<p>
- <form method="post" action="">
- <p>Full Name</p>
- <input type="text" name="name" value="'.$row['name'].'" />
- <p>Username</p>
- <input type="text" name="username" value="'.$row['username'].'" />
- <p>Email</p>
- <input type="text" name="email" value="'.$row['email'].'" />
- <p><input type="submit" value="Update" /></p>
- </p>';
-
- }
- }
- /***************************************************************************/
- function editprofile($name, $username, $email, $redirect){
-
- $sql = "UPDATE
- `members`
- SET
- `name` = '".mysql_real_escape_string($name)."', `username` = '".mysql_real_escape_string($username)."', `email` = '".mysql_real_escape_string($email)."'
- WHERE
- `id` = '".$_SESSION['id']."'";
-
- if(mysql_query($sql)){
-
- echo '<script type="text/javascript">
- window.location = "'.$redirect.'"
- </script>';
-
- }
- }
- /***************************************************************************/
- function uploads(){
- $sql = "SELECT * FROM `uploads` WHERE `uploader` = '".$_SESSION['id']."'
- ORDER BY `date` DESC";
- $result = mysql_query($sql);
- $total = mysql_num_rows($result);
-
- $x = ($total == 1) ? "": "s";
-
- echo '<p>
- <h1>You Have Made '.$total.' Upload'.$x.'</h1>
- </p>';
-
- while($row = mysql_fetch_assoc($result)){
-
- $showN = str_replace('uploads/', '', $row['path']);
-
- if(!empty($row['description'])){
- $desc = '<strong>Description:</strong>'.$row['description'].'<br />';
- }else{
- $desc = '';
- }
-
- echo '<p>View >> <a href="'.$row['path'].'">'.$showN.'</a>
- <br />
- '.$desc.'
- Uploaded: '.$row['date'].'</p>';
-
- }
- }
- /***************************************************************************/
- function upload(){
- define ("MAX_SIZE","5000");
- function getExtension($str) {
- $i = strrpos($str,".");
- if (!$i) { return ""; }
- $l = strlen($str) - $i;
- $ext = substr($str,$i+1,$l);
- return $ext;
- }
- $errors=0;
- if(isset($_POST['submit']))
- {
- $image=$_FILES['image']['name'];
- //if it is not empty
- if ($image)
- {
- //get the original name of the file from the clients machine
- $filename = stripslashes($_FILES['image']['name']);
- //get the extension of the file in a lower case format
- $extension = getExtension($filename);
- $extension = strtolower($extension);
- //if it is not a known extension, we will suppose it is an error and will not upload the file,
- //otherwise we will do more tests
- if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif") && ($extension != "css") && ($extension != "js") && ($extension != "mp3"))
- {
- //print error message
- echo '<h1>Unknown extension!</h1>';
- $errors=1;
- }else{
- $size=filesize($_FILES['image']['tmp_name']);
- if ($size > MAX_SIZE*1024){
- echo '<h1>You have exceeded the size limit!</h1>';
- $errors=1;
- }
- //we will give an unique name, for example the time in unix time format
- $image_name=time().'.'.$extension;
- //the new name will be containing the full path where will be stored (images folder)
- $newname="uploads/".$image_name;
- //we verify if the image has been uploaded, and print error instead
- $copied = copy($_FILES['image']['tmp_name'], $newname);
- if (!$copied)
- {
- echo '<h1>Copy unsuccessfull!</h1>';
- $errors=1;
- }
- }
- }
- }
- if(isset($_POST['submit']) && !$errors)
- {
- if(!empty($image_name)){
- $query = "INSERT INTO `uploads` (`uploader`, `path`, `date`, `description`) VALUES ('".$_SESSION['id']."', 'uploads/".$image_name."', CURRENT_TIMESTAMP, '".$_POST['desc']."');";
- }
- mysql_query($query) or die('Error, query failed');
- echo '<h2>File Uploaded Successfully! <a href="index.php">Continue</a></h2>';
- }
- echo '<form name="newad" method="post" enctype="multipart/form-data" action="">
- <p>Select File
- <br />
- jpg, jpeg, png, gif, css, js, mp3
- </p>
- <input type="file" name="image" />
- <p>Description</p>
- <p>
- <textarea name="desc"></textarea>
- </p>
- <input name="submit" type="submit" value="Upload"/>
- </form>';
- }
- /***************************************************************************/
- }