-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial commit (Starting this git repository at 1.12)
- Loading branch information
QdbS User
committed
Sep 27, 2017
0 parents
commit e0a58b3
Showing
41 changed files
with
2,674 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
QdbS Changelog: | ||
|
||
[ 1.12 ] - 09/27/2017 (mm/dd/yyyy) | ||
Changed mysql_*() to mysqli_*() | ||
|
||
[ 1.11 ] - 06/05/2012 (mm/dd/yyyy) | ||
Updated the version number in doc/index.html | ||
Added "randomquote" page to display a single random quote | ||
Changed class names in classes.php | ||
Fixed warnings caused by unquoted array indexes | ||
Fixed warnings caused by non-existant array indexes | ||
|
||
[ 1.10 ] - 08/29/2008 (mm/dd/yyyy) | ||
Fixed install ussue where MySQL username with upper case letters would prevent initial login | ||
Fixed bug where on some installations " and ' were getting escaped | ||
|
||
[ 1.09 ] - 03/28/2008 (mm/dd/yyyy) | ||
Added proper support for case sensitive passwords | ||
Fixed case inconsistancy in MD5 hash comparison (Thanks to Se7enLC) | ||
|
||
[ 1.08 ] - 01/27/2008 (mm/dd/yyyy) | ||
No longer requires PHP's short tags to be enabled (<? instead of <?php) | ||
Templates changed to reflect above change | ||
|
||
[ 1.07 ] - 01/18/2008 (mm/dd/yyyy) | ||
Fixed \'s being removed from quotes. | ||
|
||
[ 1.06 ] - 12/21/2007 (mm/dd/yyyy) | ||
Added support for table prefixes (Thanks to Thomas Ward) | ||
Replaced config variables with a better naming scheme (Idea by Thomas Ward) | ||
|
||
[ 1.05 ] - 11/24/2007 (mm/dd/yyyy) | ||
Removed pagination from search (missed in previous release) | ||
Added support for query based search. Eg: /?do=search&q={searchterms} | ||
|
||
[ 1.04 ] - 10/13/2007 (mm/dd/yyyy) | ||
Added some additional protection to prevent SQL injection. | ||
Set pageination to only list pages on browse page. | ||
Fixed issue preventing removal of admins. | ||
Fixed installer where it would not create the database even if the MySQL user has permission to | ||
|
||
[ 1.03 ] - 10/05/2007 (mm/dd/yyyy) | ||
Released code under GNU General Public License for further development from others. | ||
|
||
[ 1.02 ] - 01/05/2004 (mm/dd/yyyy) | ||
Misc. bugs fixed including adding quotes and template issues. | ||
The database system has been reworked, added row and query counts. | ||
|
||
[ 1.01 ] - 10/12/2003 (mm/dd/yyyy) | ||
Misc. bugs fixed, minor updates. | ||
|
||
[ 1.00 ] - 09/26/2003 (mm/dd/yyyy) | ||
Initial release |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
________________ | ||
/////////////////| | ||
//kflorence.com// | | ||
///////////////// | | ||
|���������������| | | ||
___| kflorence.com | /____________________________________ | ||
| |/ | ||
��������������� | ||
-> Thank you for downloading QdbS from http://www.qdbs.org! | ||
|
||
-> Documentation can be found in /doc | ||
|
||
-> License information can be found in GNU.txt | ||
|
||
|
||
|
||
|
||
http://kflorence.com - Kyle Florence, 2003-2008. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,286 @@ | ||
<?php | ||
/************************************************************************** | ||
This file is part of the Quotes Database System (QdbS) | ||
Copyright (C) 2003-2012 QdbS.org | ||
Written by Kyle Florence (kyle.florence@gmail.com) | ||
Maintained by Matthew Beeching (jobe@qdbs.org) | ||
Table Prefix patch by Thomas Ward (jouva@moufette.com) | ||
This program is free software: you can redistribute it and/or modify | ||
it under the terms of the GNU General Public License as published by | ||
the Free Software Foundation, either version 3 of the License, or | ||
(at your option) any later version. | ||
This program is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
GNU General Public License for more details. | ||
You should have received a copy of the GNU General Public License | ||
along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
$Id: index.php 28 2012-05-05 23:05:09Z jobe1986 $ | ||
***************************************************************************/ | ||
|
||
include("../classes.php"); | ||
|
||
if (!defined("INSTALLED")) { | ||
header("Location: ./install/"); | ||
exit; | ||
} | ||
|
||
$sql = "SELECT COUNT(id) FROM ".$_qdbs['tpfx']."quotes"; | ||
$start = $pgr->findStart($pgr->limit); | ||
$count = $db->fetch_row($db->_sql($sql))[0]; | ||
$pages = $pgr->findPages($count, $pgr->limit); | ||
$page = (!isset($_GET['page']) ? '1' : $_GET['page']); | ||
$tpl->set('page_list', $pgr->pageList($page, $pages)); | ||
|
||
if (!empty($_GET['do']) || !empty($_POST['do'])) { | ||
if (!empty($_SESSION['loggedin'])) { | ||
switch ($_GET['do']) { | ||
case 'add': | ||
if (empty($_GET['q'])) { | ||
header ("Location: ".$ref); | ||
break; | ||
} | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."queue WHERE id='".$db->escape($_GET['q'])."'"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if (ini_get("magic_quotes_runtime") or ini_get("magic_quotes_gpc")) { | ||
$sql = "INSERT INTO ".$_qdbs['tpfx']."quotes (id,quote,rating) VALUES ('NULL', '".$db->escape(stripslashes($row['quote']))."', '0')"; | ||
} else { | ||
$sql = "INSERT INTO ".$_qdbs['tpfx']."quotes (id,quote,rating) VALUES ('NULL', '".$db->escape($row['quote'])."', '0')"; | ||
} | ||
$r = $db->_sql($sql); | ||
$sql = "DELETE FROM ".$_qdbs['tpfx']."queue WHERE id='".$db->escape($_GET['q'])."'"; | ||
$r = $db->_sql($sql); | ||
|
||
header ("Location: ".$ref); | ||
break; | ||
case 'del': | ||
if (empty($_GET['q'])) { | ||
header ("Location: ".$ref); | ||
break; | ||
} | ||
$sql = "DELETE FROM ".$_qdbs['tpfx']."queue WHERE id='".$db->escape($_GET['q'])."'"; | ||
$r = $db->_sql($sql); | ||
|
||
header ("Location: ".$ref); | ||
break; | ||
case 'remove': | ||
if (empty($_GET['id'])) { | ||
header ("Location: ".$ref); | ||
break; | ||
} | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] == '2') { | ||
$sql = "DELETE FROM ".$_qdbs['tpfx']."admins WHERE id='".$db->escape($_GET['id'])."'"; | ||
$r = $db->_sql($sql); | ||
} | ||
|
||
header ("Location: ".$ref); | ||
break; | ||
case 'raise': | ||
if (empty($_GET['id'])) { | ||
header ("Location: ".$ref); | ||
break; | ||
} | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] == '2') { | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE id='".$db->escape($_GET['id'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] < '2') { | ||
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET level=level+1 WHERE id='".$db->escape($_GET['id'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
} | ||
} | ||
|
||
header ("Location: ".$ref); | ||
break; | ||
case 'lower': | ||
if (empty($_GET['id'])) { | ||
header ("Location: ".$ref); | ||
break; | ||
} | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] == '2') { | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE id='".$db->escape($_GET['id'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] > '1') { | ||
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET level=level-1 WHERE id='".$db->escape($_GET['id'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
} | ||
} | ||
|
||
header ("Location: ".$ref); | ||
break; | ||
case 'logout': | ||
setcookie ('qdb_username', '', time()-3600, '/'); | ||
setcookie ('qdb_password', '', time()-3600, '/'); | ||
session_start(); | ||
session_unset(); | ||
session_destroy(); | ||
header ("Location: ".$ref); | ||
break; | ||
} | ||
switch ($_POST['do']) { | ||
case 'add': | ||
if (empty($_POST['username'])) { | ||
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl')); | ||
$tpl->set('error', 'Missing username'); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_error.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
break; | ||
} | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] == '2') { | ||
$username = strtolower($_POST['username']); | ||
$password = strtolower(md5((isset($_POST['u_password']) ? $_POST['u_password'] : ""))); | ||
$sql = "INSERT INTO ".$_qdbs['tpfx']."admins (username,password,ip,id) VALUES ('".$db->escape($username)."', '".$db->escape($password)."', 'NULL', 'NULL')"; | ||
$r = $db->_sql($sql); | ||
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_success.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
} | ||
break; | ||
case 'change': | ||
$c_password = strtolower(md5(isset($_POST['c_password']) ? $_POST['c_password'] : "")); | ||
$c_password1 = strtolower(md5(isset($_POST['c_password1']) ? $_POST['c_password1'] : "")); | ||
$c_password2 = strtolower(md5(isset($_POST['c_password2']) ? $_POST['c_password2'] : "")); | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if (($c_password == $row['password']) && ($c_password1 == $c_password2)) { | ||
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET password='".$db->escape($c_password1)."' WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_success.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
} else { | ||
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl')); | ||
$tpl->set('error', 'Password mismatch'); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_error.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
} | ||
break; | ||
case 'update': | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] == '2') { | ||
$sql = "UPDATE ".$_qdbs['tpfx']."settings SET template='".$db->escape($_POST['template_dir'])."', qlimit='".$db->escape($_POST['q_limit'])."', title='".$db->escape($_POST['p_title'])."', heading='".$db->escape($_POST['p_heading'])."', style='".$db->escape($_POST['css_style'])."'"; | ||
$r = $db->_sql($sql); | ||
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_success.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
} | ||
break; | ||
} | ||
} | ||
if (!empty($_POST['do'])) { | ||
switch ($_POST['do']) { | ||
case 'login': | ||
if (empty($_POST['username'])) { | ||
$tpl->set('logged', ' '); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_failed.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
} | ||
$username = strtolower($_POST['username']); | ||
$password = strtolower(md5(isset($_POST['password']) ? $_POST['password'] : "")); | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($username)."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if (strtolower($row['password']) == $password) { | ||
$sql = "UPDATE ".$_qdbs['tpfx']."admins SET ip='".$db->escape($ip)."' WHERE username='".$db->escape($username)."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
setcookie ('qdb_username', $username, time()+(3600*24*365), '/'); | ||
setcookie ('qdb_password', $password, time()+(3600*24*365), '/'); | ||
header ("Location: ".$ref); | ||
} else { | ||
$tpl->set('logged', ' '); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_failed.tpl')); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
} | ||
break; | ||
} | ||
} | ||
} else { | ||
// Header | ||
if (!empty($_SESSION['loggedin'])) { | ||
$tpl->set('logged', $tpl->fetch('.'.$tpl->tdir.'admin_links.tpl')); | ||
} else { | ||
$tpl->set('logged', ' '); | ||
} | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_header.tpl')); | ||
if ($_SESSION['loggedin']) { | ||
if (!empty($_GET['p']) && ($_GET['p'] == 'settings')) { | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins WHERE username='".$db->escape($_COOKIE['qdb_username'])."' LIMIT 1"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
if ($row['level'] == '2') { | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."settings"; | ||
$r = $db->_sql($sql); | ||
$row = $db->fetch_row($r); | ||
$tpl->set('s_title', $row['title']); | ||
$tpl->set('s_heading', $row['heading']); | ||
$tpl->set('s_style', $row['style']); | ||
$tpl->set('s_tdir', $row['template']); | ||
$tpl->set('s_limit', $row['qlimit']); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_settings_header.tpl')); | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."admins ORDER BY id ASC"; | ||
$r = $db->_sql($sql); | ||
while($row = $db->fetch_row($r)) { | ||
$tpl->set('admin', $row['username']); | ||
$tpl->set('level', $row['level']); | ||
$tpl->set('a_id', $row['id']); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_settings.tpl')); | ||
} | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_settings_footer.tpl')); | ||
} else { | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_settings_1.tpl')); | ||
} | ||
} else { | ||
$sql = "SELECT * FROM ".$_qdbs['tpfx']."queue ORDER BY id DESC LIMIT ".intval($start).", ".intval($pgr->limit); | ||
$r = $db->_sql($sql); | ||
if(mysqli_num_rows($r) > 0) { | ||
while ($row = $db->fetch_row($r)) { | ||
$tpl->set('q_id', $row['id']); | ||
$tpl->set('quote', $row['quote']); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_block.tpl')); | ||
} | ||
|
||
} else { | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_noquotes.tpl')); | ||
} | ||
} | ||
} else { | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_login.tpl')); | ||
} | ||
|
||
// Footer | ||
$tpl->set('q_count', $db->q_count); | ||
$tpl->set('r_count', $db->r_count); | ||
print($tpl->fetch('.'.$tpl->tdir.'admin_footer.tpl')); | ||
} | ||
|
||
?> |
Oops, something went wrong.