Skip to content

Commit

Permalink
Initial commit (Starting this git repository at 1.12)
Browse files Browse the repository at this point in the history
  • Loading branch information
QdbS User committed Sep 27, 2017
0 parents commit e0a58b3
Show file tree
Hide file tree
Showing 41 changed files with 2,674 additions and 0 deletions.
53 changes: 53 additions & 0 deletions Changelog.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
QdbS Changelog:

[ 1.12 ] - 09/27/2017 (mm/dd/yyyy)
Changed mysql_*() to mysqli_*()

[ 1.11 ] - 06/05/2012 (mm/dd/yyyy)
Updated the version number in doc/index.html
Added "randomquote" page to display a single random quote
Changed class names in classes.php
Fixed warnings caused by unquoted array indexes
Fixed warnings caused by non-existant array indexes

[ 1.10 ] - 08/29/2008 (mm/dd/yyyy)
Fixed install ussue where MySQL username with upper case letters would prevent initial login
Fixed bug where on some installations " and ' were getting escaped

[ 1.09 ] - 03/28/2008 (mm/dd/yyyy)
Added proper support for case sensitive passwords
Fixed case inconsistancy in MD5 hash comparison (Thanks to Se7enLC)

[ 1.08 ] - 01/27/2008 (mm/dd/yyyy)
No longer requires PHP's short tags to be enabled (<? instead of <?php)
Templates changed to reflect above change

[ 1.07 ] - 01/18/2008 (mm/dd/yyyy)
Fixed \'s being removed from quotes.

[ 1.06 ] - 12/21/2007 (mm/dd/yyyy)
Added support for table prefixes (Thanks to Thomas Ward)
Replaced config variables with a better naming scheme (Idea by Thomas Ward)

[ 1.05 ] - 11/24/2007 (mm/dd/yyyy)
Removed pagination from search (missed in previous release)
Added support for query based search. Eg: /?do=search&q={searchterms}

[ 1.04 ] - 10/13/2007 (mm/dd/yyyy)
Added some additional protection to prevent SQL injection.
Set pageination to only list pages on browse page.
Fixed issue preventing removal of admins.
Fixed installer where it would not create the database even if the MySQL user has permission to

[ 1.03 ] - 10/05/2007 (mm/dd/yyyy)
Released code under GNU General Public License for further development from others.

[ 1.02 ] - 01/05/2004 (mm/dd/yyyy)
Misc. bugs fixed including adding quotes and template issues.
The database system has been reworked, added row and query counts.

[ 1.01 ] - 10/12/2003 (mm/dd/yyyy)
Misc. bugs fixed, minor updates.

[ 1.00 ] - 09/26/2003 (mm/dd/yyyy)
Initial release
674 changes: 674 additions & 0 deletions GNU.txt

Large diffs are not rendered by default.

18 changes: 18 additions & 0 deletions README.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
________________
/////////////////|
//kflorence.com// |
///////////////// |
|���������������| |
___| kflorence.com | /____________________________________
| |/
���������������
-> Thank you for downloading QdbS from http://www.qdbs.org!

-> Documentation can be found in /doc

-> License information can be found in GNU.txt




http://kflorence.com - Kyle Florence, 2003-2008.
286 changes: 286 additions & 0 deletions admin/index.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,286 @@
<?php
/**************************************************************************
This file is part of the Quotes Database System (QdbS)
Copyright (C) 2003-2012 QdbS.org
Written by Kyle Florence (kyle.florence@gmail.com)
Maintained by Matthew Beeching (jobe@qdbs.org)
Table Prefix patch by Thomas Ward (jouva@moufette.com)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
$Id: index.php 28 2012-05-05 23:05:09Z jobe1986 $
***************************************************************************/

include("../classes.php");

if (!defined("INSTALLED")) {
header("Location: ./install/");
exit;
}

$sql = "SELECT COUNT(id) FROM ".$_qdbs['tpfx']."quotes";
$start = $pgr->findStart($pgr->limit);
$count = $db->fetch_row($db->_sql($sql))[0];
$pages = $pgr->findPages($count, $pgr->limit);
$page = (!isset($_GET['page']) ? '1' : $_GET['page']);
$tpl->set('page_list', $pgr->pageList($page, $pages));

if (!empty($_GET['do']) || !empty($_POST['do'])) {
if (!empty($_SESSION['loggedin'])) {
switch ($_GET['do']) {
case 'add':
if (empty($_GET['q'])) {
header ("Location: ".$ref);
break;
}
$sql = "SELECT * FROM ".$_qdbs['tpfx']."queue WHERE id='".$db->escape($_GET['q'])."'";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if (ini_get("magic_quotes_runtime") or ini_get("magic_quotes_gpc")) {
$sql = "INSERT INTO ".$_qdbs['tpfx']."quotes (id,quote,rating) VALUES ('NULL', '".$db->escape(stripslashes($row['quote']))."', '0')";
} else {
$sql = "INSERT INTO ".$_qdbs['tpfx']."quotes (id,quote,rating) VALUES ('NULL', '".$db->escape($row['quote'])."', '0')";
}
$r = $db->_sql($sql);
$sql = "DELETE FROM ".$_qdbs['tpfx']."queue WHERE id='".$db->escape($_GET['q'])."'";
$r = $db->_sql($sql);

header ("Location: ".$ref);
break;
case 'del':
if (empty($_GET['q'])) {
header ("Location: ".$ref);
break;
}
$sql = "DELETE FROM ".$_qdbs['tpfx']."queue WHERE id='".$db->escape($_GET['q'])."'";
$r = $db->_sql($sql);

header ("Location: ".$ref);
break;
case 'remove':
if (empty($_GET['id'])) {
header ("Location: ".$ref);
break;
}
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] == '2') {
$sql = "DELETE FROM ".$_qdbs['tpfx']."admins WHERE id='".$db->escape($_GET['id'])."'";
$r = $db->_sql($sql);
}

header ("Location: ".$ref);
break;
case 'raise':
if (empty($_GET['id'])) {
header ("Location: ".$ref);
break;
}
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] == '2') {
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE id='".$db->escape($_GET['id'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] < '2') {
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET level=level+1 WHERE id='".$db->escape($_GET['id'])."' LIMIT 1";
$r = $db->_sql($sql);
}
}

header ("Location: ".$ref);
break;
case 'lower':
if (empty($_GET['id'])) {
header ("Location: ".$ref);
break;
}
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] == '2') {
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE id='".$db->escape($_GET['id'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] > '1') {
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET level=level-1 WHERE id='".$db->escape($_GET['id'])."' LIMIT 1";
$r = $db->_sql($sql);
}
}

header ("Location: ".$ref);
break;
case 'logout':
setcookie ('qdb_username', '', time()-3600, '/');
setcookie ('qdb_password', '', time()-3600, '/');
session_start();
session_unset();
session_destroy();
header ("Location: ".$ref);
break;
}
switch ($_POST['do']) {
case 'add':
if (empty($_POST['username'])) {
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl'));
$tpl->set('error', 'Missing username');
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_error.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
break;
}
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] == '2') {
$username = strtolower($_POST['username']);
$password = strtolower(md5((isset($_POST['u_password']) ? $_POST['u_password'] : "")));
$sql = "INSERT INTO ".$_qdbs['tpfx']."admins (username,password,ip,id) VALUES ('".$db->escape($username)."', '".$db->escape($password)."', 'NULL', 'NULL')";
$r = $db->_sql($sql);
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_success.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
}
break;
case 'change':
$c_password = strtolower(md5(isset($_POST['c_password']) ? $_POST['c_password'] : ""));
$c_password1 = strtolower(md5(isset($_POST['c_password1']) ? $_POST['c_password1'] : ""));
$c_password2 = strtolower(md5(isset($_POST['c_password2']) ? $_POST['c_password2'] : ""));
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if (($c_password == $row['password']) && ($c_password1 == $c_password2)) {
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET password='".$db->escape($c_password1)."' WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_success.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
} else {
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl'));
$tpl->set('error', 'Password mismatch');
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_error.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
}
break;
case 'update':
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] == '2') {
$sql = "UPDATE ".$_qdbs['tpfx']."settings SET template='".$db->escape($_POST['template_dir'])."', qlimit='".$db->escape($_POST['q_limit'])."', title='".$db->escape($_POST['p_title'])."', heading='".$db->escape($_POST['p_heading'])."', style='".$db->escape($_POST['css_style'])."'";
$r = $db->_sql($sql);
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_success.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
}
break;
}
}
if (!empty($_POST['do'])) {
switch ($_POST['do']) {
case 'login':
if (empty($_POST['username'])) {
$tpl->set('logged', '&nbsp;');
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_failed.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
}
$username = strtolower($_POST['username']);
$password = strtolower(md5(isset($_POST['password']) ? $_POST['password'] : ""));
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($username)."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if (strtolower($row['password']) == $password) {
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET ip='".$db->escape($ip)."' WHERE username='".$db->escape($username)."' LIMIT 1";
$r = $db->_sql($sql);
setcookie ('qdb_username', $username, time()+(3600*24*365), '/');
setcookie ('qdb_password', $password, time()+(3600*24*365), '/');
header ("Location: ".$ref);
} else {
$tpl->set('logged', '&nbsp;');
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_failed.tpl'));
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
}
break;
}
}
} else {
// Header
if (!empty($_SESSION['loggedin'])) {
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl'));
} else {
$tpl->set('logged', '&nbsp;');
}
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl'));
if ($_SESSION['loggedin']) {
if (!empty($_GET['p']) && ($_GET['p'] == 'settings')) {
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
if ($row['level'] == '2') {
$sql = "SELECT * FROM ".$_qdbs['tpfx']."settings";
$r = $db->_sql($sql);
$row = $db->fetch_row($r);
$tpl->set('s_title', $row['title']);
$tpl->set('s_heading', $row['heading']);
$tpl->set('s_style', $row['style']);
$tpl->set('s_tdir', $row['template']);
$tpl->set('s_limit', $row['qlimit']);
print($tpl->fetch('.'.$tpl->tdir.'admin_settings_header.tpl'));
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins ORDER BY id ASC";
$r = $db->_sql($sql);
while($row = $db->fetch_row($r)) {
$tpl->set('admin', $row['username']);
$tpl->set('level', $row['level']);
$tpl->set('a_id', $row['id']);
print($tpl->fetch('.'.$tpl->tdir.'admin_settings.tpl'));
}
print($tpl->fetch('.'.$tpl->tdir.'admin_settings_footer.tpl'));
} else {
print($tpl->fetch('.'.$tpl->tdir.'admin_settings_1.tpl'));
}
} else {
$sql = "SELECT * FROM ".$_qdbs['tpfx']."queue ORDER BY id DESC LIMIT ".intval($start).", ".intval($pgr->limit);
$r = $db->_sql($sql);
if(mysqli_num_rows($r) > 0) {
while ($row = $db->fetch_row($r)) {
$tpl->set('q_id', $row['id']);
$tpl->set('quote', $row['quote']);
print($tpl->fetch('.'.$tpl->tdir.'admin_block.tpl'));
}

} else {
print($tpl->fetch('.'.$tpl->tdir.'admin_noquotes.tpl'));
}
}
} else {
print($tpl->fetch('.'.$tpl->tdir.'admin_login.tpl'));
}

// Footer
$tpl->set('q_count', $db->q_count);
$tpl->set('r_count', $db->r_count);
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl'));
}

?>
Loading

0 comments on commit e0a58b3

Please sign in to comment.