Password Reset:

Your new password has been sent to your email address at ".$half_email."

\n\n"; } // ********************************************* NEW CODE MARCH 2006 ************************************************** // ********************************************* NEW CODE MARCH 2006 ************************************************** else if ($cmd=="enc") { /* openLink(); $sql="select password, id from userInfo"; $res=MYSQL_QUERY($sql); while($data=MYSQL_FETCH_ASSOC($res)) { $newPass=crypt($data['password'], $data['password']); $sql2="update userInfo set encPassword='".$newPass."' where id=".$data['id']; $res2=MYSQL_QUERY($sql2); print $sql2; } */} // ********************************************* NEW CODE MARCH 2006 ************************************************** else if($cmd=="logout") { // Only do this is the user really is logged in, after all. if($_COOKIE['session']) { logout(); } $_COOKIE['usr_name']=""; $_COOKIE['session']=""; $_COOKIE['usr_level']=""; $_COOKIE['usr_id']=""; } else if($cmd=="reg") { openLink(); $sql="select password, id from userInfo where usr_name='".addslashes($_REQUEST['usr_name'])."'"; $res=MYSQL_query($sql); if(mysql_num_rows($res)==0) // If that failed, then there is not a user by that name, so it is ok to go ahead and make one. { // choose new validation code if(!$wordList=fopen("./dictionary.txt","r")) debug("Error opening file!"); fseek($wordList, rand(0,301272)); fgets($wordList, 100); $word=ereg_replace("[^a-z]","",fgets($wordList, 100)); if(!fclose($wordList)) debug("Error closing file!"); $valCode=rand(0,666)."_".rand(0,666)."_".$word."_".rand(0,666); // The username is not in the database. Add the user info, set the cookies & session, and log the user in. $ip_address=$_SERVER['REMOTE_ADDR']; if($_REQUEST['remember']=="yes") $sess=2147483647; else $sess=0; if ($_REQUEST['mailing_list']=="yes") $mailing_list=1; else $mailing_list=0; // ********************************************* NEW CODE MARCH 2006 ************************************************** $encPass=crypt($_REQUEST['usr_pass1'],$_REQUEST['usr_pass1']); $sql="insert into userInfo (usr_name, usr_real_name, password, encPassword, usr_email, usr_home, usr_current,usr_url, usr_info, mailing_list, date_created, ip_address, session_length, validation) values ('".addslashes($_REQUEST['usr_name'])."','".addslashes($_REQUEST['name_first'])." ".addslashes($_REQUEST['name_last'])."','".addslashes($_REQUEST['usr_pass1'])."','".$encPass."', '".addslashes($_REQUEST['usr_email'])."','".addslashes($_REQUEST['usr_home'])."','".addslashes($_REQUEST['usr_current'])."','".addslashes($_REQUEST['usr_url'])."','".addslashes($_REQUEST['usr_info'])."', ".$mailing_list.", ".mktime().", '".$ip_address."', ".$sess.", '".$valCode."')"; $TEMP_PRI=$sql; // ********************************************* NEW CODE MARCH 2006 ************************************************** $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $usr_id=mysql_insert_id(); storeUserFavorites($_REQUEST['band1'], "userBands", $usr_id); storeUserFavorites($_REQUEST['band2'], "userBands",$usr_id); storeUserFavorites($_REQUEST['band3'], "userBands",$usr_id); storeUserFavorites($_REQUEST['band4'], "userBands",$usr_id); storeUserFavorites($_REQUEST['band5'], "userBands",$usr_id); storeUserFavorites($_REQUEST['artist1'], "userArtists",$usr_id); storeUserFavorites($_REQUEST['artist2'], "userArtists",$usr_id); storeUserFavorites($_REQUEST['artist3'], "userArtists",$usr_id); // email code to user $msg="Here is your registration code from indieaddict.com. Welcome to the Addiction!\n--------------------\n\nTo confirm your new account, please either log in to www.indieaddict.com and utilize this string:\n".$valCode."\n\n...or simply visit the following url:\nhttp://www.indieaddict.com/register.php?cmd=val2&code=".$valCode."&usr_name=".$_REQUEST['usr_name']; mail($_REQUEST['usr_email'], "[[IndieAddict]] New Account Created!",$msg, "From: messagebot@indieaddict.com"); $GLOBALS['error'].="

[X]

New Account Created!

An email containing your account validation code has been sent to the address you provided. Please check your email and then follow the instructions we've sent to confirm your new account. Thanks!

\n"; } else { $data=MYSQL_FETCH_ROW($res); if($data[0]!=addslashes($_REQUEST['usr_pass1'])) { // Duplicate user name. Could this have been caught in register.php? printError(5); } } } else if($cmd=="validate") { // User must enter correct validation string (Received in email) $session=rand(1000,1000000000); //Million to one odds against guessing the session ID and hijacking the session. $sql="insert into sessions set usr_id=".$usr_id.", session=".$session.", date=NOW()"; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $sessionLength=time()+$sess; setcookie("session", $session, $sessionLength, '/', 'indieaddict.com'); setcookie("usr_name", $_REQUEST['usr_name'], $sessionLength, '/', 'indieaddict.com'); setcookie("usr_id", $usr_id, $sessionLength, '/', 'indieaddict.com'); $_COOKIE['usr_name']=$_REQUEST['usr_name']; $_COOKIE['usr_id']=$usr_id; $_COOKIE['session']=$session; } else if($cmd=="postThread") { $is_user_logged_in=verifyUser(); // Is this person logged in, and does she have permission to post? if($is_user_logged_in) { // In the future, there could be a table called "restrictedUsers", with a list // of users who were no allowed to post new threads. Alternatively, there could be a table // called "moderators" or something, who _were_ allowed to post new threads. This is where you // would check to see if the current user is (or is not) in those tables. openLink(); // First, make sure that this isn't a double-post. $sql="select title from thread where usr_id=".$_COOKIE['usr_id']." and title='".sanitize($_REQUEST['post_title'])."' and time>".(time()-(60*60*24)); $res=MYSQL_QUERY($sql); if(MYSQL_NUM_ROWS($res)==0) { $sql="insert into thread values('', '".sanitize($_REQUEST['post_title'])."', ".$_COOKIE['usr_id'].", ".time().", ".time().", '','')"; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $threadId=mysql_insert_id(); $sql="insert into post values('', ".$threadId.", '".addslashes($_REQUEST['post_body'])."', ".$_COOKIE['usr_id'].", NOW(), ".time().", '')"; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); } else { printError(2); // Duplicate Post } } else { printError(6); // You must be logged in in order to post a new thread. } } else if($_REQUEST['cmd']=="message") { $is_user_logged_in=verifyUser(); // Check for double-posting, v. important for this! if(stripslashes($_COOKIE['message'])==$_REQUEST['message_body'] && $_COOKIE['to_user']==$_REQUEST['member_id']) { printError(9);//"Message already sent."; } else { setcookie("message", $_REQUEST['message_body']); setcookie("to_user", $_REQUEST['member_id']); $sql="select usr_email, id from userInfo where id=".$_REQUEST['member_id']; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $to=MYSQL_FETCH_ASSOC($res); $sql="select usr_email, usr_name from userInfo where id=".$_REQUEST['from_id']; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $from=MYSQL_FETCH_ASSOC($res); $subj="A Message from IndieAddict user ".$from['usr_name']; $msg="The following message was posted to your account by user ".$from['usr_name'].". Please do not respond to this email, it is an automatically generated notification.\nhttp://www.indieaddict.com\n--------------------\n\n".wordwrap((stripslashes($_REQUEST['message_body'])),70); mail($to['usr_email'], "[[IndieAddict]] New message from ".$from['usr_name'],$msg, "From: messagebot@indieaddict.com"); //mail("benjamin@sixbynine.com", $sub, wordwrap($_REQUEST['message'],70)); $messageToUser="Message sent."; $sql="insert into userMessages values ('', '".$from['usr_name']."', ".$to['id'].", '".sanitize($_REQUEST['message_body'])."', ".time().")"; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); } } else if($cmd=="edit") // The user has just edited her profile. { if(verifyUser()) { // No need to check for a double post this time, however it does seem like a good idea just to check whether // the cuurent user (specified by cookie) is the same as the user whose data we are about to input (specified by REQUEST) if($_COOKIE['usr_id']==$_REQUEST['usr_id']) { if ($_REQUEST['mailing_list']) { $mailing_list=1; } else { $mailing_list=0; } $sql="update userInfo set usr_current='".sanitize($_REQUEST['usr_current'])."', usr_home='".sanitize($_REQUEST['usr_home'])."', usr_url='".sanitize($_REQUEST['usr_url'])."', usr_email='".sanitize($_REQUEST['usr_email'])."', mailing_list=".$mailing_list.", usr_info='".sanitize($_REQUEST['usr_info'])."' where id=".$_REQUEST['usr_id']; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $sql="delete from userBands where usr_id=".$_REQUEST['usr_id']; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $sql="delete from userArtists where usr_id=".$_REQUEST['usr_id']; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); storeUserFavorites($_REQUEST['band1'], "userBands", $usr_id); storeUserFavorites($_REQUEST['band2'], "userBands",$usr_id); storeUserFavorites($_REQUEST['band3'], "userBands",$usr_id); storeUserFavorites($_REQUEST['band4'], "userBands",$usr_id); storeUserFavorites($_REQUEST['band5'], "userBands",$usr_id); storeUserFavorites($_REQUEST['artist1'], "userArtists",$usr_id); storeUserFavorites($_REQUEST['artist2'], "userArtists",$usr_id); storeUserFavorites($_REQUEST['artist3'], "userArtists",$usr_id); } else { printError(7);//Error: User name does not match profile. } } else { printError(8);//You must be logged in in order to edit your profile."; } } if (!$is_user_logged_in) $is_user_logged_in = verifyUser(); ?> IndieAddict Dot Com :: The Site for Indie Rock Fans! _

Page Sponsor

\n"; // Print 120 x 90 pixel banner $phpAds_raw = view_raw ('zone:3', 0, '', '', '0', $phpAds_context); echo $phpAds_raw['html']; echo " \n"; // Print 120 x 240 pixel banner $phpAds_raw = view_raw ('zone:2', 0, '', '', '0', $phpAds_context); echo $phpAds_raw['html']; } ?>

Community Forum

Thread.Title

Creator

Posts

Last.Post

\n"; ?>

25) { if($_REQUEST['threadPage']>0) print "\n"; else print "\n"; print "\n"; if($_REQUEST['threadPage']<(($totalThreads/25)-1)) print "\n"; else print "\n"; } ?>

25) print "Page ".($_REQUEST['threadPage']+1)." of ".(floor($totalThreads/25)+1); ?>
<- Previous	<- Previous	"; for($i=1;$i<=(($totalThreads/25)+1);$i++) { print "[$i] "; } print "	Next ->	Next ->

\n"; print ''; if($tag) print "<$tag>"; print ''.sanitize($data['title']).''; if($tag) print ""; print "\n"; print ''.$posterName[0].''."\n"; print ''.$numPosts.''."\n"; print ''.$lastPost.''."\n"; print "\n"; if($bg=="A") $bg="B"; else $bg="A"; $i++; } return $i; } } function passwordError() { $sql="select message, color from errors where id=4"; $res=MYSQL_QUERY($sql) or debug("Error in $sql:".mysql_error($sql)); $data=MYSQL_FETCH_ASSOC($res); $GLOBALS['error'].="

[X]

Login Error:

".$data['message']."

\n"; $GLOBALS['error'].="[Can't remember your password? Have it reset.]

\n"; }